Last updated: July 31, 2020
Welcome to this website established by Aspa Therapeutics, Inc. (“Aspa”, “we”, “us” and/or “our”). Aspa is a company that specializes in developing and commercializing gene therapies targeting Canavan disease. Our website (“Site”) allows you to easily access and use content, including features, resources and other information intended to help you learn about recent developments in Canavan disease, our activities and products we may offer.
INFORMATION WE COLLECT AND HOW WE USE IT:
Information We Collect
When you engage with the Site, we collect information that, alone or in combination with other information, could be used to identify you (“Personal Data”). Aspa collects information about you and your use of the Site through various means, including when you provide information to us—such as when you provide us with your email address so you can receive updates from us—and when we automatically collect information about you when you access, use, or interact with the Site. We use this information for a variety of different reasons, including improving the Site.
The types of information Aspa may collect about you include:
|A. Personal Identifiers
||A real name, alias, postal address, country of residence, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
||Name, postal address, telephone number, medical and health information.
|C. Internet or other similar network activity.
||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. Please see the “Cookies” and “Information We Collect Automatically” sections below for more information.
Information You Provide Us
We collect Personal Data that visitors to the Site send to us electronically. For example, if you complete any “free text” boxes in our forms (such as on our “Information Request” or “Contact Us” page), requesting information or subscribing to emailing lists, we may keep your message, email address, and contact information to respond to your requests, and to provide notifications or other correspondence to you. If you do not want to receive email from us in the future, you may let us know by sending us an email or by writing to us at the address below.
If you call any of our call centers to express interest in participating in Aspa’s clinical trials, we may request additional information from you. This information is necessary to confirm whether your child is eligible for screening, which is a step to determine potential enrollment in our clinical trials, CANinform or CANaspire. The information you provide and any information obtained through the screening process would be used solely to determine your child’s eligibility to participate in Aspa’s clinical trials.
Information We Collect Automatically
When you use or interact with the Site, the following information is created and automatically logged in our systems:
- Log Data: Information (“log data”) that your browser automatically sends whenever you visit the Site. Log data can include your IP address (so we understand which country you are connecting from when you visit the Site), browser type and settings, the date and time of your request, the referring web page(s), your mobile carrier, device information (including device and application IDs), search terms, and how you interacted with the Site.
How We Use Site Personal Data:
As necessary for certain legitimate business interests, which include the following:
- To authenticate Users and provide access to the Site;
- To respond to your inquiries and fulfill your requests for products, services, and information;
- If you ask us to delete your data and we are required to fulfil your request, to keep basic data to identify you and prevent further unwanted processing;
- To prevent fraud or criminal activity, misuse of our products or services, and ensure the security of our IT systems, architecture and networks; and
For individuals in the European Union (“EU”), please see the “European Union (EU) Users” section below for additional information on what we mean by “legitimate interests” and your rights.
SHARING AND DISCLOSURE OF INFORMATION
We may share or disclose your information at your direction, such as when you voluntarily share information or content via the Site.
There are certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, unless required by the law, as set forth below:
- Vendors and Service Providers: Pursuant to our instructions, certain third-party providers of administrative services (such as email communication and Site support services) will access, process or store Personal Data in the course of performing their duties for us. Such duties may include (a) assisting us in operating the Site and in meeting business operations needs and, (b) assisting us in conducting analytics about the Site (for more details on the third parties that place cookies through the Site, please see the “Cookies” section below). For example, we use Google Analytics to understand how our Site is used, and Media Temple for hosting.
- Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your Personal Data and other information may be transferred to a successor or affiliate as part of that transaction along with other assets.
- Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect and defend our rights or property, (c) act in urgent circumstances to protect the personal safety of Users of the Site or the App, or the public, or (d) protect against legal liability.
UPDATE YOUR INFORMATION
If you need to change or correct your Personal Data or wish to have it deleted from our systems, you may contact us. We will address your request as required by applicable law. You may also request that we update your Personal Data by contacting us at webadmin@AspaTx.com
DO NOT TRACK SIGNALS
EUROPEAN UNION (EU) USERS
Data Controller. Aspa is the data controller for Personal Data provided to us through your interactions with the Site. To find out our contact details, please see the “Contact Us” section below, which also provides the contact details of our EU Representative pursuant to Article 27 of the General Data Protection Regulation
Exercising Your Rights under GDPR. If any EU residents (including residents of the European Economic Area countries of Iceland, Liechtenstein and Norway) wishes to exercise any Data Subject Right please see the “Contact Us” section below for information on how to contact us to exercise your rights.
If you are a resident of California, the following information and rights are provided to you as required by the California Consumer Privacy Act of 2018 (“CCPA”).
Exercising Your Rights under CCPA
If you wish to exercise your rights under California law, please see the “Contact Us” section below for information on how to contact us to exercise your rights.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
RIGHTS TO ACCESS AND CONTROL YOUR PERSONAL INFORMATION UNDER THE EUROPEAN UNION DATA PROTECTION REGULATION (GDPR) AND CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
You have the following rights (“Data Subject Right”) in relation to your Personal Data that we hold about you that is collected through your use of our Site:
- Right of Access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of all Personal Data you are lawfully entitled to receive along with certain other details. If you require additional copies, we may need to charge a reasonable fee. In addition, You may request the categories of third parties with whom we share that personal information, and if We disclosed Your personal information, the identify the personal information categories that each category of recipient obtained.
- Right to Rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to Erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent, where applicable. If we shared your data with others, we will tell them about the erasure where possible. We have no current plans to share your Personal Data. But, should we ever share your Personal Data, if you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
- Right to Restrict Processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to Data Portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by us by automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to Object: You may ask us at any time to stop processing your Personal Data, and we will do so:
- If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing; or
- If we are processing your Personal Data for direct marketing.
- Right to Withdraw Consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
- Rights in Relation to Automated Decision-making: EU residents have the right to be free from decisions based solely on automated processing of your Personal Data, (including profiling) unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use.
- Right to Lodge a Complaint with the Data Protection Authority: EU residents that have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
We may deny your Data Subject Right request if the information is necessary for us or our service providers to:
- Comply with a legal obligations.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it
Please see the “Contact Us” section below for information on how to contact us to exercise your rights.
Response Timing and Format
We will endeavor to respond to a verifiable Data Subject Right request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
We will not discriminate against you for exercising any of your Data Subject Rights. As a result of a Data Subject Right request, We will not:
- Deny You goods or services.
- Charge You different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide You a different level or quality of goods or services.
- Suggest that You may receive a different price or rate for goods or services or a different level or quality of goods or services.
INFORMATION FROM CHILDREN
The Site is not directed to children who are under the age of 13. Aspa does not knowingly collect Personal Data from children who are under 13. If you have reason to believe that a child under the age of 13 has provided Personal Data to Aspa through the Site please contact us and we will endeavor to delete that information from our databases.
LINKS TO OTHER WEBSITES
Some cookies expire after a certain amount of time, or upon logging out (session cookies); others remain on your computer or terminal device for a longer period (persistent cookies). Our Site uses first party cookies (cookies set directly by Aspa) as well as third party cookies, as described below. For more details on cookies please visit All About Cookies.
Type of Cookies Used. The Site uses the technologies described below.
||WHO SERVES THE TECHNOLOGY
We also use a cookie to record when a User has agreed to the cookie consent banner.
||Because these cookies are strictly necessary to deliver the Site, Users cannot refuse them.
|We use “analytics” cookies that allow us to recognize and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our Site works, for example by making sure Users are finding what they need easily. The collected data provides us only with anonymous traffic statistics (like number of page views, number of visitors, and time spent on each page). These cookies also may allow us to track how often posts on third party websites, such as social media sites, are clicked on.
||• Google Analytics
||Users may download and install an opt-out add-on for their web browsers.
Your Choices. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:
- Internet Explorer
- Mozilla Firefox
- Google Chrome
- Apple Safari
Please note that if you limit the ability of websites to set cookies, you may be unable to access certain parts of the Site and you may not be able to benefit from the full functionality of the Site.
If you access the Site on your mobile device, you may not be able to control tracking technologies through the settings.
California Shine the Light Law:
California Civil Code Section 1798.83, known as the “Shine the Light” law, permits individuals who are California residents to request and obtain from us a list of what PII (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. We will never disclose your PII to third parties for direct marketing purposes without your authorization. However, if you would like to make a request for information under the Shine The Light law, please contact us.
Requests may be made only once a year and are free of charge.
You may contact us as follows:
You may send an email to email@example.com or send mail to:
Aspa Therapeutics, Inc.
421 Kipling Street
Palo Alto, CA 94301
Attention: Privacy Officer / Head of Development Operations
If you are an individual in the EU, you can also raise a question to Aspa, or otherwise exercise your rights in respect of your personal data, by contacting firstname.lastname@example.org.