Last Updated:  02/10/2021

Welcome to the Privacy Policy of BridgeBio Pharma, Inc., and its affiliates and subsidiaries that link to this Privacy Policy (collectively, referred to as “we,” “our,” or “us”).  BridgeBio is a team of experienced drug discoverers, developers, and innovators working to create life-altering medicines that target well-characterized genetic diseases at their source.  BridgeBio’s pipeline includes over 15 product development programs ranging from early discovery to late-stage development.  We collect information from and about you in the course of research activities including investigation and development of medications and clinical trials (“Research”) and through the various websites that link to this Privacy Policy that allow you to easily access and use content, including features, resources, and other information intended to help you learn more about our Research, products, and information for investors (the “Sites”).

We process the information we collect from and about you in accordance with applicable data protection principles, including U.S. and applicable EU member state law. We understand the importance of your privacy and are committed to providing appropriate privacy protections to everyone we collect data from. This includes:

  • research participants and their caregivers;
  • healthcare professionals and researchers;
  • users of our products and services, including website users;
  • contractors, vendors and business partners, and the representatives thereof; and
  • representatives of the scientific community.

This Privacy Policy explains our general practices for all data processing, including what information we collect from users when you visit our Sites or apply to and/or participate in a clinical trial, how we use and share that data, and your choices concerning our data practices. Research participants should read this Privacy Policy in conjunction with any informed consent forms, privacy notices, or trial documents that have been provided to you in relation to the collection, use, and transfer of your information. Research participant privacy notices describe in more detail how research participant information will be processed in relation to the study, including the types of information collected, the purposes and legal bases of processing, processing methods, your rights with respect to your information, how long we may retain your information and biological samples (if any), potential international data transfers, if information will be shared with third parties and specific security measures to protect information.

By engaging with the Sites or participating in Research, you agree to the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not access or use the Sites or participate in Research.

INFORMATION WE COLLECT AND HOW WE USE IT                                                      

I. RESEARCH PARTICIPANTS

Information We Collect.  When you participate in Research, we collect certain information that, alone or in combination with other information, could be used to identify you, as described below.

Information You Provide Us. When you choose to enroll in Research, entities that conduct Research-related activities on our behalf, including providers of clinical trial operations services such as trial site personnel, investigators who provide you with investigational drugs, clinical research organizations such as laboratories that test your blood (“CROs”), and others (collectively, referred to as “Research Partners”) collect information including your name, email address, address, and other contact information. Our Research Partners also collect demographic information, such as racial or ethnic origin, gender, age, religious or philosophical beliefs, or information specifying the participant’s sex life, and may also collect information concerning your medical or health conditions. Before this information is provided to us, it is de-identified to mask the identity of any individual Research participant.

Our Research Partners’ use of your information is governed by our contracts with them, as well as the Research Partner’s own privacy policies. Each Research Partner will have its own privacy policy and its privacy practices may differ from the practices described in this Privacy Statement.  Please read the privacy policies of our Research Partners when you choose to participate in Research. 

How We Use Information Collected From Research Participants.

To conduct the Research,including performing drug development research and Research-related activities such as reporting to industry regulators. For Research purposes, we either rely on reasons of public interest in the area of public health to process your information, or on the basis of consent.

  • However, please note that in order to safeguard the validity of the Research and comply with regulatory obligations related to clinical trials, your research data cannot be deleted even if you decided to stop participating in the Research;

As necessary for certain legitimate business interests, which include the following:

  • To send administrative information to you, for example, information regarding the Research trial, changes to, or termination of the Research;

As necessary to comply with legal obligations or regulatory obligations and legal process, including to: (a) comply with legal obligations and legal process; (b) respond to requests from public and government authorities (including public and government authorities outside your country of residence, as necessary in our legitimate business interests); (c) enforce our Terms of Use, contracts and other agreements; (d) protect our operations or those of any of our affiliates; (e) protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (f) pursue available remedies or limit the damages that we may sustain, as required or permitted by the law; and (g) to monitor safety, manage adverse events, carry out prevention and investigatory activities, and carry out administrative requirements;

To carry out our business operations, including marketing and sales; responding to your requests; and tracking our interactions and meetings, such as when you contact us for information and support; providing you access to online services, applications, and platforms, and allowing you to manage your online accounts, where applicable; allow assessment of website traffic such as page-views; and establish and ensure ongoing qualification of select clinical trial vendor personnel providing services to us.

De-identified informationIn accordance with applicable legal requirements, we may de-identify information collected from and about you so that it can no longer be linked to you or your device.  Information that has been de-identified in such a way is no longer subject to this Privacy Policy and can be used and shared by us in our discretion.

II. SITE USERS

Information We Collect. When you access and use our Sites, we collect the following types of information from and about you.

Information You Provide Us. We collect information that visitors to the Sites send to us electronically, for example when completing any “free text” boxes in our forms (such as on our “Information Request” or “Contact Us” page), or requesting information or subscribing to emailing lists. While the type of information we collect through these methods depends on the nature of your inquiry, it typically includes name and email address. If you have the opportunity to register on our Sites, we will also collect information such as a username and password. 

Automatically Collected Data. When you use or interact with the Sites, the following information is automatically collected through cookies and similar tools and logged in our systems

  • Log Data: This is information that your browser automatically sends whenever you visit the Sites. Log data includes your IP address (which, among other things, allows us to understand which country you are connecting from when you visit the Sites), browser type and settings, the date and time of your request, and how you interacted with and used the Sites.
  • Device Information: Includes type of device you are using, operating system, settings, unique device identifiers, network information and other device-specific information. Information collected may depend on the type of device you use and its settings.
  • Usage Information: Information about how you use our Sites, such as the types of content that you view or engage with, the features you use, the actions you take, the other users you interact with and the time, frequency and duration of your activities.

For more information about how we use cookies, please see the “Cookies, Online Analytics and Advertising” section below.

How We Use Information Collected from Visitors to our Sites.

As necessary for certain legitimate business interests, which include the following:

  • To authenticate users and provide access to the Sites;
  • To respond to your inquiries and fulfill your requests for products, services, and information;
  • To provide, maintain and improve the content and functionality of the Sites. For example, we regularly fix bugs or user experience issues that may be tied to particular user accounts. We use cookies to analyze how users interact with our Sites, and that analysis can help us build better Sites and improve features offered;
  • To send you administrative messages and marketing communications (in accordance with applicable local legal requirements) about products, services, and initiatives that we think may be of interest to you;
  • To prevent fraud or criminal activity, misuse of our products or services, and ensure the security of our IT systems, architecture and networks; and
  • To (a) comply with legal obligations and legal process; (b) respond to requests from public and government authorities including public and government authorities outside your country of residence; (c) enforce our Terms of Use; (d) protect our operations or those of any of our affiliates; (e) protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (f) allow us to pursue available remedies or limit the damages that we may sustain, as required or permitted by the law.

De-identified information.  In accordance with applicable legal requirements, we may de-identify information collected from and about you so that it can no longer be linked to you or your device.  Information that has been de-identified in such a way is no longer subject to this Privacy Policy and can be used and shared by us in our discretion.

SHARING AND DISCLOSURE OF INFORMATION

We may share or disclose your information at your direction, such as when you authorize a third-party service to access your account. There are certain circumstances in which we may share your information with certain third parties without further notice to or authorization from you, unless required by the law, as set forth below:

  • Vendors, Service Providers, and Research Partners:  To assist us in conducting Research and to perform certain Research services and functions, we disclose your information to Research Partners; we also disclose your information to other entities providing services on our behalf, including providers of administrative services such as email communication (including appointment reminders, investment information you request through the Sites), support services, and other business operations such as analytics providers (please see the “Cookies, Online Analytics, and Advertising” section below for more information on our analytics providers).  Pursuant to our instructions, these parties will access, process or store information in the course of performing their duties to us.
  • Business Transfers or Acquisitions: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, your information may be transferred to a successor or affiliate as part of that transaction along with other assets.
  • Legal Requirements: If required to do so by law, including U.S. and applicable EU member state law, or in the good faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect and defend our rights or property, (c) act in urgent circumstances to protect the personal safety of users of the Sites, or the public, or (d) protect against legal liability.

DATA RETENTION

We will keep your information for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a legitimate business need to do so, or as required by law (e.g. for regulatory reporting including to government entities who may oversee the safety and efficacy of Research, legal, tax, accounting or other purposes), whichever is longer. For information collected as part of Research, unless otherwise required in order for us to comply with industry regulations or law, we will only retain your information for at least two years after our drug candidate has been approved by regulators, or at least two years after an application for approval has been withdrawn.

To determine the appropriate retention period for your information, we will consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your information, the purposes for which we use your information, and whether we can achieve those purposes through other means, and the applicable legal requirements.

YOUR RIGHTS

Your local laws may permit you to request that we:

  • provide access to and/or a copy of certain information we hold about you
  • prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling)
  • update or rectify information which is out of date or incorrect
  • delete certain information which we are holding about you
  • oppose, cancel, or restrict the way that we process and disclose certain information
  • transfer your information to a third-party provider of services
  • revoke your consent for the processing of your information

We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests, to comply with a legal obligation, or where the information provided in connection with Research is necessary in the public interest. We may request you provide us with information necessary to confirm your identity before responding to your request as required or permitted by applicable law.  If you would like further information in relation to your legal rights under applicable law, or would like to exercise those rights, please contact our Data Protection Officer using the information in the “Contact Information” section below at any time.

EUROPEAN UNION (EU) USERS

Scope. This section of the Privacy Policy applies if you are an EU User (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway, as well as the United Kingdom and Switzerland).

Data Controller. BridgeBio and the BridgeBio subsidiary or affiliate that offers the website you are using or that administers the Research in which you are participating are the data controllers for processing your information. To find out our contact details, please see the “Contact Us” section below.

If you are an individual in the EU, and would like to contact our Data Protection Officer on matters related to the processing of information, or otherwise exercise your rights in respect of your personal data (described below), please contact dataprivacy@bridgebio.com.  If you participate in Research conducted by QED Therapeutics or use the website at qedtx.com, you can also contact QED at privacy@QEDTx.com

Legal basis for Processing. We will generally process your information based on the following legal bases:

  • Your express consent: where you have clearly consented to our processing of your information. In practice, this will generally mean that we will ask you to sign a document, or to fill-in an online “opt-in” form or take other steps where you either clearly accept or refuse the data processing we describe.
  • To perform a contract between you and us or our representative, for example to provide our Sites to you and allow you to participate in Research.
  • To comply with legal obligations applicable to our activities; for instance, we are required to implement procedures to monitor adverse effects of marketed products or products being tested in clinical trials, which generally involves the collection and retention of information from and about you.
  • In our “legitimate interests.” When we have legitimate interests to process your information, we consider your fundamental data protection rights and interests in determining whether the processing is legitimate and lawful. We will not use your information for activities where the impact on you overrides our interests, unless we have your consent or those activities are otherwise required or permitted to by law.
  • Reasons of public interest in the area of public health, such as ensuring high standards in conducting Research, the quality and safety of health care and medical products or devices

We may, on a case-by-case basis, rely on other legal grounds, such as the protection of your vital interests, in accordance with applicable data protection law, as set forth in elsewhere in this Privacy Policy or other applicable privacy notice.

CALIFORNIA PRIVACY DISCLOSURE

Do Not Track Signals. The Sites currently does not respond to “Do Not Track” (“DNT”) signals and operates as described in this Privacy Policy whether or not a DNT signal is received. If we do respond to DNT signals in the future, we will update this Privacy Policy to describe how we do so.

CCPA. Please note that we do not currently meet the threshold applicability requirements of the California Consumer Privacy Act (“CCPA”).  If we meet CCPA thresholds in the future, we will update this Privacy Policy to include applicable disclosures related thereto.

COLLECTION OF INFORMATION FROM CHILDREN

The Sites are intended for general audiences and not for children under the age of 13. If we become aware that we have collected “personal information” (as defined by the United States Children’s Online Privacy Protection Act) from children under the age of 13 without legally-valid parental consent, we will take reasonable steps to delete it as soon as possible. We do not knowingly process data of EU residents under the age of 16 without parental consent. If we become aware that we have collected data from an EU resident under the age of 16 without parental consent, we will take reasonable steps to delete it as soon as possible. We also comply with other age restrictions and requirements in accordance with applicable local laws.

LINKS TO OTHER WEBSITES

This Privacy Policy only applies to the Sites and our Research. The Sites may contain links to other websites not operated or controlled by us (“Third Party Sites”), including social media services such as Twitter, YouTube, Vimeo, or LinkedIn (“Social Media Services”). The information that you share with Third Party sites will be governed by the specific privacy policies and terms of service of the Third-Party sites and not by this Privacy Policy. We do not own, control or operate such linked sites, and we are not responsible for the privacy policies or practices of such linked sites. By providing these links, we do not imply that we endorse or have reviewed these sites. Privacy policies and practices for such linked sites may differ from this Privacy Policy and our practices. We encourage you to read the privacy policies of such linked sites before disclosing personal information on Third Party sites.

COOKIES, ONLINE ANALYTICS, AND ADVERTISING

Cookies.  Our Sites use cookies to operate and administer our Sites and make it easier for you to use the Sites during future visits and gather usage data on our Sites.  A “cookie” is a small text file sent to your browser by a website you visit. By choosing to use our Sites after having been notified of our use of cookies in the ways described in this Privacy Policy, and, in applicable jurisdictions, through notice and unambiguous acknowledgement of your consent, you agree to such use.

Some cookies expire after a certain amount of time, or upon logging out (session cookies); others remain on your computer or terminal device for a longer period (persistent cookies). Our Sites use first party cookies (cookies set directly by us) as well as third party cookies (provided by our analytics and advertising providers).

On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:

  • Internet Explorer
  • Mozilla Firefox
  • Google Chrome
  • Apple Safari

Please note that if you limit the ability of websites to set cookies, you may be unable to access certain parts of the Sites and you may not be able to benefit from the full functionality of the Sites.

If you access the Sites on your mobile device, you may not be able to control tracking technologies through the settings.

Online Analytics.  We may use third-party web and mobile application analytics services (such as those of Google Analytics) on our Sites to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on.

Online AdvertisingWhen you visit our Sites, we may allow select third-party advertising partners to use cookies on our behalf to recognize you when you visit other sites so that we can display advertisements or other content related to our products and services on those other sites. The ads may be based on various factors such as the content of the page you are visiting, as well the content you viewed on our Sites and may be tailored to your interests.  If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link, the Digital Advertising Alliance’s Consumer Opt-Out link, or Your Online Choices to opt-out of receiving tailored advertising from companies that participate in those programs.  To opt out of Google display advertising or customize Google display network ads, visit the Google Ads Settings page. Please note that if you exercise the opt out choices above, you will still see advertising when you use the Services, but it will not be tailored to you based on your online behavior over time.

CHANGES TO THE PRIVACY POLICY

The Sites, our Research, and our business may change from time to time. As a result, we may change this Privacy Policy at any time and when we do, we will post an updated version on this page and change the Last Updated date above, unless another type of notice is required by the applicable law. You should consult this Privacy Policy regularly for any changes.  By continuing to use the Sites or participate in Research, or providing us with information after we have posted an updated Privacy Policy, or notified you if applicable, you consent to the revised Privacy Policy and practices described in it.

INTERNATIONAL USERS AND DATA TRANSFERS

We are based in the United States. If you are accessing our Sites, or participating in Research, from or in the European Union or other regions with laws governing data collection and use, please note that your information will be transmitted to our servers in the United States as necessary to for your participation in Research, provide you with the information that you requested, administer our contract with you or to respond to your requests as described in this Privacy Policy, and the information may be transmitted to our service providers supporting our business operations (described above). The United States may have data protection laws less stringent than or otherwise different from the laws in effect in the country in which you are located. Where we transfer your information out of the EU we will take steps to ensure that your information receives an adequate level of protection where it is processed and your rights continue to be protected.

DATA SECURITY

We have implemented a variety of technological and organizational procedures and measures to protect your information from unauthorized access, use and disclosure.  However, please note that no method of Internet transmission can be completely secure.

CONTACT US

Please feel free to contact us if you have any questions about our Privacy Policy or the information practices of the Services.

You may contact us as follows: You may send an email to dataprivacy@bridgebio.com or send mail to:

Attn: Privacy Officer

c/o BridgeBio Pharma, Inc.

42 Kipling Street

Palo Alto, CA 94301

privacy policy