ALPFA respects your privacy as part of our commitment to ethical, compliant, and responsible practices. We collect and process personal data to conduct our business operations and operate this Site.
NOTICE TO EUROPEAN USERS: Please see the Notice to European Users section for additional information for individuals located in the European Economic Area (which we refer to as “Europe”, and “European” should be understood accordingly) below.
This Notice does not apply in respect of matters beyond the processing of your personal data as part of or in connection with this Site. For example, it does not apply in respect of our processing of personal data relating to conducting of clinical trials we sponsor, nor in respect of our processing of personal data relating to applications for a job or other engagement with us. In such cases, a specific privacy notice will be provided that describes our policies and practices relating to use of personal data in these specific contexts.
We collect different types of personal data depending on how you interact with the Site.
Personal data is defined as any information that can directly or indirectly identify a person or individual. ALPFA collects the following types of personal data:
The purposes for which we collect and use your personal data varies depending on your relationship or how you interact with the Site.
We use personal data we collect or receive in a variety of ways such as for Site functionality and for operating our business, including the following:
We may disclose your personal data to third parties in the following circumstances:
The Site may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through our Site. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through our Site. We encourage you to learn about third parties’ privacy and security policies before navigating to those sites and providing them with information.
You may decline to share certain personal data with us, in which case we may not be able to provide to you some of the features and functionality of the Site. If you wish to access, amend or delete any personal information we hold about you, you may contact us at privacy@alpfamed.com. Please note that while any changes you make will be reflected in active user databases within a reasonable period of time, we may retain all personal data you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal or regulatory obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email (e.g. by clicking the ‘Unsubscribe’ link in the footer of such an email). You may also opt out from receiving commercial email from us by sending your request to us by email at privacy@alpfamed.com.
Please be aware that if you opt out of receiving commercial email from us or otherwise modify the types of emails and alert communications you receive from us, it may take up to ten business days for us to process your request - and you may continue receiving promotional communications from us during that period – however, we will ordinarily process these types of opt-out requests more quickly.
When you use the Site, we may send one or more cookies – small text files containing a string of alphanumeric characters – to your device. For more information on cookies and other tracking devices and ways to exercise preferences regarding them, see our Cookies Notice (Cookies notice coming soon). Please note that if you delete, or choose not to accept, cookies from the Site, you may not be able to utilize the features of the Site to their fullest potential.
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
According to our retention policy, we only keep personal data in our records as long as they are necessary for the purposes they have been processed or as required by applicable laws or regulations. After the retention period expires, the personal data is deleted or anonymized – if this is not technically possible in the circumstances (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible (e.g. at the time at which that backup is replaced in line with our established schedule). If we anonymize your personal data (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you. The retention periods are established considering the purposes defined in this Notice, all relevant legal and regulatory requirements, and the context in which we process your personal data. We also consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and any applicable legal requirements to retain such data.
We use certain physical, managerial, and technical safeguards that are designed to improve the integrity and security of information that we collect and maintain. Please be aware that no security measures are perfect or impenetrable. We cannot and do not guarantee that information about you will not be accessed, viewed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
ALPFA stores personal data by using physical, technical, and administrative safeguards designed to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction, or modification.
In addition, our information security team has developed policies, standards, and procedures to support and enforce preventive and detective operational controls designed to protect the confidentiality, integrity, and availability of all data collected and managed by us.
ALPFA does not knowingly collect information directly from or about, and therefore does not sell information of persons under 18 years old via the Site. If you are under 18 years old, do not use or provide any information on or via the Site.
The information provided in this “Notice to European Users” section applies only to individuals in the European Economic Area (i.e. “Europe” as defined at the top of this Notice).
Controller. ALPFA is the controller of the processing of your personal data covered by this Notice for purposes of European data protection legislation, including the General Data Protection Regulation of the European Union (the “GDPR”).
Personal Data. For European users, references to your “personal data” in this Notice should be understood to include a reference to your “personal data” (as defined in the GDPR) – i.e. information about you as a user of the Site, from which you are either directly identified or can be identified. It does not include ‘anonymous data’ (i.e. information where your identity has been permanently removed).
Our Representative in Europe. Our EU representative appointed under the GDPR is FGK Representative Service Ireland Ltd. You can contact them:
Our Data Protection Officer. The GDPR requires us to appoint a “Data Protection Officer”, this is a person who is responsible for independently overseeing and advising us in relation to our compliance with the GDPR (including compliance with the practices described in this Notice). If you want to contact our Data Protection Officer directly, you can email: privacy@alpfamed.com.
In respect of each of the purposes for which we use your personal data, the GDPR requires us to ensure that we have a “legal basis” for that use. Our legal bases for processing your personal data described in this Notice are listed below:
We have set out below, our legal basis in respect of each relevant purposes for which we use your personal data as well as the particular types of your personal data used in that processing activity.
Dealing with inquiries and contacts
• User-provided Information
• Device and Usage Information
Legitimate Interests. It is in our and your interests that we are able to respond to and deal with your inquiries and contacts.
Business operation
• Any and all data types relevant in the circumstances
Legitimate Interests. It is in our and your interests that we are able to operate our business and carry out our internal business activities.
Site operation
• Device and Usage Information
Legitimate Interests. It is in our and your interests that we are able to provide and administer this Site in a functional and secure way (including associated processing of your personal data via use of strictly necessary Cookies). Consent, in respect of any optional cookies used for this purpose.
Marketing and promotion
• User-provided Information
• Marketing and Communication Information
• Information from Other Sources
Legitimate Interests. We have a legitimate interest in promoting our operations and goals as an organisation.
Consent, in circumstances or jurisdictions where consent is required under applicable data protection laws to the sending of any given marketing communications.
Analytics
• Device and Usage Information
Legitimate Interests. We have a legitimate interest in making sure our Site, emails and other services are the best they can be and analyzing how these elements are used and/or engaged with etc.
Consent, in respect of any optional cookies used for this purpose.
R&D
• User-provided Information
• Marketing and communication information
• Device and Usage Information
• Information from Other Sources
Legitimate interests. We have a legitimate interest in improving and developing the Site and its features and functionalities.
Legal Compliance (including associated data sharing)
• Any and all data types relevant in the circumstances
Compliance with Law.
Legitimate interest. Where Compliance with Law is not applicable, we and any relevant third parties have a legitimate interest in participating in, supporting and following legal process.
Protection and enforcement of rights (including associated data sharing)
• Any and all data types relevant in the circumstances
Compliance with Law.
Legitimate interest. We and any relevant third parties have a legitimate interest of ensuring the protection, maintenance and enforcement of our and their rights, property, and/or safety.
Cooperation with law enforcement (including associated data sharing)
• Any and all data types relevant in the circumstances
Compliance with Law.
Legitimate interest. Where Compliance with Law is not applicable, we and any relevant third parties have a legitimate interest in assisting and cooperating with law enforcement (e.g. in respect of voluntary disclosure of information germane to law enforcement proceedings).
Data sharing in the context of corporate events
• Any and all data types relevant in the circumstances
Legitimate interest. We and any relevant third parties have a legitimate interest in providing information to relevant third parties who are involved in an actual or prospective corporate event (including to enable them to investigate – and, where relevant, to continue to operate – all or relevant part(s) of our operations). However, we would take appropriate steps to seek to minimize the amount and sensitivity of any personal data shared in these context.
Further uses
• Any and all data types relevant in the circumstances
The original legal basis relied upon, if the relevant further use is compatible with the initial purpose for which the personal data was collected.
Consent, if the relevant further use is not compatible with the initial purpose for which the personal data was collected.
We are a U.S.-based company and many of our service providers, advisers, partners or other recipients of data are also based in the U.S. This means that, if you use the Site, your personal data will necessarily be accessed and processed in the U.S. It may also be provided to recipients in other countries outside Europe.
It is important to note that that the US is not the subject of an ‘adequacy decision’ under the GDPR – basically, this means that the U.S. legal regime is not considered by relevant European bodies to provide an adequate level of protection for personal data, which is equivalent to that provided by relevant European laws.
Where we share your personal data with third parties who are based outside Europe, we try to ensure a similar degree of protection is afforded to it by making sure one of the following mechanisms is implemented:
You may contact us if you want further information on the specific mechanism used by us when transferring your personal data out of Europe.
European data protection legislation gives you certain rights regarding your personal data in certain circumstances. If you are located within Europe, you may ask us to take the following actions in relation to your personal data that we hold:
Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how were are processing your personal data), if we reject any request you may make (whether in whole or in part) we will let you know our grounds for doing so at the time.
Requests to exercise your Data Privacy Rights requests should be submitted as follows:
Please revisit this page periodically to stay aware of any changes to this Notice, which we may update from time to time. If we modify this Notice, we will make it available through the Site, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. Your continued use of the Site after the revised Notice has become effective indicates that you have read and understood the current version of this Notice. You can check the "last updated" date posted to see when the Privacy Notice was last updated.
Please contact us with any questions or comments about this Notice, information we have collected or otherwise obtained about you, our use and disclosure practices, or your consent choices by email at privacy@alpfamed.com.
ALPFA Medical, Inc.
1880 Embarcadero Road
Palo Alto, CA 94303
(669)-257-3263