Last Updated: October 16, 2020
This Policy only applies to Personal Information collected (1) via the website on pages where this Policy is posted, (2) when you contact Headquarters, or (3) via our Reporting Portals or Contact Forms and Email Alerts (collectively, our “Services”). Personal Information processed in connection with other activities or interactions with Otonomy, including in connection with clinical trials or through promotions hosted on our website domain or operated by third parties, will be governed by separate privacy notices.
1. Personal Information We Collect
We collect Personal Information about you from the different sources listed below. In this Policy, “Personal Information” means any information related to an identified or identifiable individual.
- Correspondence and other communications. When you contact us or our representatives via our Contact Forms and Email Alerts, our Headquarters via telephone, email or fax or through our Reporting Portals, you will provide us with Personal Information that you choose to disclose, such as your name, email address, title, company affiliation, telephone number, fax number, and the contents and nature of your correspondence with us.
- Identifiers and usage. When you use the website or open emails you receive from us, we and third parties may automatically collect your IP address and other related information.
- Information relating to adverse events, product complaints, and other inquiries. When you, or a third party on your behalf (including a physician as an example), contact us through our Reporting Portals about adverse events, product complaints or other inquiries relating to Otonomy or its products, you or that third party, will, where relevant, disclose case reports to us including details of the relevant product and substance and details of the suspected adverse reaction or medical inquiry, as well as the name, title and contact information of the reporter. These reports are generally pseudonymized.
If you are a third party acting on behalf of an Otonomy user, please make sure you have permission from such individuals before sharing Personal Information relating to them with us.
We also collect, use and share aggregated data such as statistical or demographic data. Aggregated data may be derived from your Personal Information but is not Personal Information as this data will not directly or indirectly reveal your identity. For example, we may aggregate data about your use of our Services to calculate the percentage of users accessing a specific feature. However, if we combine or connect aggregated data with your Personal Information so that it can directly or indirectly identify you, we will treat the combined data as Personal Information which will be used in accordance with this Policy.
2. How We Use Personal Information
We will use your Personal Information for one or more of the following purposes:
- Providing you with support and to respond to your requests and queries. If you reach out to us, or a third party acting on our behalf, for support or with a question or query, we will use your Personal Information to respond and resolve your queries and facilitate support, as we deem reasonable. The Personal Information we process when doing so includes your correspondence, your name, contact details, and any other information you choose to disclose during communications. It is in our legitimate interests to use your contact details or any other information you provide to contact you for administrative or business purposes to resolve your inquiry as we deem appropriate.
- To handle general inquiries or reports made to the Reporting Portals, to Otonomy Headquarters, and/or regarding adverse events, product complaints and medical inquiries. If you or a third party acting on your behalf, reaches out to our Reporting Portals, you or that third party will be contacting an Otonomy third-party provider (“Otonomy Provider”) who manages and processes information received through our Reporting Portals. The Otonomy Providers will use the information provided to address the inquiry/report appropriately, including in accordance with our legal, regulatory and other compliance obligations. Otonomy Providers provide us with reports of the inquiries, actions and resolutions for further handling by Otonomy directly, or for our internal tracking and review process. If you reach out to us directly for such matters, we will typically share the information provided to Otonomy Providers for handling. If you are a healthcare professional reporting the adverse event, product complaint or making a medical inquiry, we will use your details to contact you with any follow up information, responses or queries relating to the same. We may also share the information with regulatory and similar agencies, to comply with our legal obligations or of otherwise in the public interest.
- To improve, monitor or analyze usage and usage trends of our Services. It is in our legitimate interest to improve our Services for our users, which includes conducting troubleshooting, testing and research and to keep the Services secure. When doing so we may use Personal Information that we automatically collect about you, such as identifiers and information on use, including information about your interactions with our website, such as the time of your visit and where you have clicked. It is also in our legitimate interests, either directly or via third parties, to analyze the use of our Services and our users’ preferences, in order to understand usage, develop new products, services and functionality. When doing so, we will process Personal Information that we automatically collect about you or that is generated about you when you use our Services.
- To enforce the Otonomy terms and conditions, to comply with legal obligations and to defend Otonomy against legal claims or disputes. It is in our legitimate interests to enforce our terms and policies, to ensure the integrity of our Services and to defend ourselves against legal claims or disputes. Where we do so, we will use the Personal Information relevant to such a case. Some processing may also be necessary to comply with a legal obligation placed on Otonomy, for example compliance with reporting obligations or to address legal claims or matters.
- Email Alerts. If you subscribe to Otonomy newsletters, press releases, or other email alerts, we will continue to process such alerts and rely on the information we obtained for this purpose unless and until you opt out. We may retain any information collected prior to you opting out, but will not subsequently collect further information. You can opt out of such communications by following the unsubscribe mechanism listed in the email alerts, or by otherwise emailing us at firstname.lastname@example.org. If you have contacted Otonomy via a “Contact Us” page or via email, we will retain and use the information you have provided in that contact form or in the email as well as any additional information you provide via any subsequent communications for purposes related to your inquiry. We may retain the information collected and use it for any of the legitimate business reasons listed above as well as investor relation-related interests, including for such legitimate business interests after your initial inquiry.
Cookies are small files of letters and numbers that we store on your browser or the hard drive of your computer. They contain information that is transferred to your computer’s hard drive.
We use the following cookies:
- Functional cookies: These are used to recognise you when you return to our Services.
You can block cookies by setting your internet browser to block any and all cookies and will still generally have access to our website.
4. Who we Share Your Information With
We disclose Personal Information about you to the following recipients and in the following circumstances:
- Vendors and service providers. We rely on vendors and service providers for the provision of our Services and for responding to communication with you, such as:
- Service providers who we rely on for data storage, disaster recovery and to perform our obligations to you;
- Analytics providers who help us to understand our user base and how our Services are used; and
- Otonomy Providers or other providers who assist us in managing Forms and Email Alerts, inquiries, adverse events, product complaints, medical information requests and reporting on our behalf.
- Legal. We will disclose your Personal Information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose your Personal Information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of our Services and any facilities or equipment used to make our Services available, or (v) protect our property or other legal rights, including to enforce our agreements, or the rights, property, or safety of others.
- Change of corporate ownership. If we are involved in a merger, acquisition, bankruptcy, reorganisation, partnership, asset sale or other transaction, we may disclose your Personal Information as part of that transaction.
5. Your Rights and Choices
If you are located in the European Union, in certain circumstances you have the following rights in relation to your Personal Information that we hold.
- Access. The right to access the Personal Information we hold about you, and to receive an explanation of how we use it and who we share it with.
- Correction. The right to correct any Personal Information we hold about you that is inaccurate or incomplete.
- Erasure. The right to request for your Personal Information to be erased or deleted.
- Object to processing. The right to object to our processing of your Personal Information where we are relying on a legitimate interest or if we are processing your Personal Information for direct marketing purposes.
- Restrict processing. The right in certain circumstances to stop us from further processing your Personal Information other than for storage purposes.
- Portability. The right to receive, in a structured, commonly used and machine-readable format, Personal Information that you have provided to us if we process it on the basis of our contract with you, or with your consent, or to request that we transfer such Personal Information to a third party.
Please note that, prior to any response to the exercise of such rights, we will require you to verify your identify. In addition, we may have valid legal reasons to refuse your request, and will inform you if that is the case. For more information on your rights, please email email@example.com.
6. Cross-Border Data Transfers
We will transfer your Personal Information outside of the European Union, including to the United States where we are based. When we do so, we shall ensure that relevant safeguards are in place to afford adequate protection for your Personal Information. Further details regarding the relevant safeguards can be obtained from us on request.
7. Children’s Privacy
Our Services are not directed to children, and we do not knowingly collect Personal Information from children under the age of 13 without parental consent. If you learn that a child has provided us with Personal Information in violation of this Policy, please contact us as indicated below.
8. Data Retention
Otonomy stores all Personal Information for as long as necessary to fulfil the purposes set out in this Policy, or for as long as we are required to do so by law or in order to comply with a regulatory obligation or internal processes. When deleting Personal Information, we will take measures to ensure such data is protected from access consistent with our general data protections standards.
9. Data Security
We use certain physical, managerial, and technical safeguards that are designed to improve the integrity and security of Personal Information that we collect and maintain. However, the transfer of Personal Information through the internet will carry its own inherent risks and we do not guarantee the security of your data transmitted through the internet. You make any such transfer at your own risk.
10. Changes to this Policy
If you wish to lodge a complaint about how we process your Personal Information, please contact us at firstname.lastname@example.org. We will endeavour to respond to your complaint as soon as possible. You may also lodge a claim with the Information Commissioner’s Office in the UK or the data protection supervisory authority in the EU country in which you live or work, where you believe we have infringed data protection laws.
12. Our Contact Information
Otonomy Inc. is the entity responsible for the processing of your Personal Information, and for the purpose of the European Union’s General Data Protection Regulation, is the data controller in respect of the processing of your Personal Information. If you have any questions or comments about this Policy, our privacy practices, or if you would like to exercise your rights with respect to your Personal Information, please contact us by email at email@example.com.
Please write to us at:
4796 Executive Drive
San Diego, CA 92121
Attn: Legal/Compliance Department