1. Introduction and Scope

AVEO Pharmaceuticals, Inc. (“AVEO”, “we”, “us”, “our”) recognizes that you care how information about you is used and shared, and we appreciate your trust that we will handle your information carefully and sensibly.

As a sponsor of ethically approved clinical trials (“Trial” or “Trials”), we take the protection of personally identifiable information (“Personal Data”) very seriously. When you visit our website or participate or work in one of the Trials that we sponsor, you trust us with your Personal Data. We are committed to keeping that trust.  That starts with helping you understand our privacy practices. This Privacy Policy (the “Policy”) describes how we collect and process Personal Data (i) collected via our various websites (including but not limited to www.aveooncology.com and www.fotivda.com) (the “Sites”), (ii) in relation to job applicants, (iii) in the context of the Trials we sponsor and (iv) in the context of our patient assistance programs. Please read this Policy to learn what we are doing with your Personal Data, how we protect it and how you can exercise your privacy rights.

This Privacy Policy (“Policy”) does not apply to Personal Data collected by any other means, or in other contexts, such as Personal Data of AVEO’s employees, contractors, officers, directors or other staff of AVEO.

If we maintain information in a manner that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, with a particular individual or household, such information is not considered Personal Data and this Policy will not apply to our processing of that information.

2. Controllership

Within the scope of this Policy, AVEO generally acts as a data controller for the Personal Data collected and processed while you navigate through our Sites, in relation to job applicants, in the context of the Trials we sponsor and in the context of our patient assistance programs. This means that we alone determine the purpose and means of the processing of your Personal Data.

In some jurisdictions, we are considered a “joint controller” with another organization, such as the study site where a Trial is being conducted. This means that we jointly, together with the other organization, determine the purposes and means of the processing of your Personal Data. If you would like to know more about any other data controllers who might be joint controllers together with AVEO, you may ask your study doctor or the study site for further details, specifically relating to the Trial that you are participating in.

3. Categories of Personal Data

3.1 Personal Data of Individual Trial Participants

Even though we are a data controller for the Personal Data processed in the context of our Trials, AVEO itself does not have access to identifiable Personal Data, meaning that we are unable to identify you personally from the information we have access to. Personal Data is collected by our contracted parties like a Trial site (the clinic or other healthcare facility where a Trial is being run) or other third parties, such as your doctors or our clinical research organizations. When any information relating to you is shared with us by our contracted parties, it will first be key-coded and replaced with pseudonyms or identifiers (also known as “pseudonymized data”) so that we cannot identify you by any direct personal identifier (such as your name, social security number, address, or telephone number).

The following types of Personal Data may be processed in the context of our Trials and shared with us:

  • demographics such as:
    • the month/year of birth (or age at the time of the initial diagnosis and age at the time of each recurrence of your medical condition);
    • the information on your sex (male/female), sexual orientation, race and/or ethnicity;
    • the information on your childbearing potential;
    • the information about your family demographics, including marital status, parents, legal guardians and family medical history;
    • the information regarding your medical insurance; and
    • the country where you receive treatment / participate in a Trial.
  • location information, such as the location of your testing site and Trial location (i.e., Trial site);
  • health care information, such as the identity and contact information of your doctors and health care providers;
  • health information, such as your medical history (i.e., tumor and other disease characteristics, surgical history, radiation history, treatment history, imaging data and radiography assessments);
  • current health status and reaction to the Trial drug or treatment; and/or
  • your genetic information.

The following types of Personal Data may be processed in the context of our Trials by a Trial site, but would NOT be shared with us:

  • basic identifying information, such as your first and last name; and/or
  • contact information, such as your phone number, physical address, and email address.

You can ask your study doctor if you are unsure whether any specific Personal Data that you are being asked to provide is required as part of your participation in a Trial.

3.2 Personal Data of Healthcare Providers
We may process the following types of Personal Data about healthcare providers in the context of our Trials:

  • basic identifying information, such as your first and last name;
  • contact information, such as your phone number, physical address and email address;
  • professional and employment related information, such as your qualifications, job titles and business affiliations;
  • financial interest or arrangements (including but not limited to financial interest or arrangements with the FDA, payments made for support activities, interest in tested products); and/or
  • location information, such as the location of your testing site and Trial locations (i.e., Trial site).

3.3 Personal Data for Insurance
We may process the following types of Personal Data about your health insurance in the context of our Trials:

  • personal information about you, such as your name, date of birth, gender, social security number or Medicare identification number;
  • medical treatment for injury to your participation in our research; and
  • personal treatment related information to report, as required, to the Centers for Medicare & Medicaid Services (CMS).

The above-mentioned types of Personal Data may be processed in the context of our Trials by a Trial site, but would NOT be shared directly with us.

3.4 Personal Data of Site Visitors
We may process the following types of Personal Data about Site visitors that contact us via our contact webform:

  • basic identifying information, such as your first and last name;
  • contact information, such as your phone number, physical address and email address;
  • professional and employment related information, such as the company you work for; your title and the type of investor you are;
  • location information, such as the country you are located in; and
  • whatever information you share with us in your message.

If you wish to receive information or news alerts from us, we request your name and email address to send the information alerts to you. If you no longer wish to receive our news alerts and informational materials, you may opt-out of receiving them by following the instructions included in each email notifying you of an alert.

We may collect Personal Data from cookies and tags, as described in Section 5 below.

In general, you can browse the Sites without telling us who you are or revealing any Personal Data about yourself. We may track certain information based upon your behavior on the Sites. We use this information to analyze how our Sites are used. Like many websites, from time to time, we automatically gather certain information about our Sites’ traffic and store it in log files.  This information does not usually identify a particular individual. It includes:

  • internet protocol (IP) addresses;
  • browser type;
  • internet service provider (ISP);
  • referring/exit web pages;
  • operating system;
  • date/time stamp; and
  • clickstream data. 

3.5 Personal Data of Job Applicants
We may process the following types of Personal Data about individuals that apply for a position at AVEO:

  • basic identifying information, such as your first and last name, date of birth or mother’s maiden name;
  • contact information, such as your phone number, physical address and email address;
  • professional and employment related information, such as your qualifications, employment history, job titles and affiliations; and
  • location information, such as the location you are resident in, and where you are willing to work.

4. How We Receive Personal Data

We may receive your Personal Data when:

  • you provide it directly to us (including when you provide your Personal Data to one of our contracted parties acting on our behalf);
  • a study doctor (also known as an “investigator”) or other healthcare personnel at a Trial site provides it to us, or your healthcare provider provides it to us;
  • we receive it from the clinical research organization that conducts a Trial on our behalf;
  • you visit one of our Trial-specific websites or online portals; and
  • you provide it to us, the clinical research organization or a study doctor when you complete a pre-screening questionnaire to confirm your eligibility to participate in a Trial.

5. Purpose of Processing

We may process your Personal Data for the purposes of:

  • considering your qualifications for a position at AVEO;
  • managing and facilitating our Trials;
  • enabling your participation in a Trial;
  • answering the research questions for Trials and aggregating data to generate statistics relating to a Trial and/or study drug or health treatment;
  • arranging for the delivery of drugs to you and collection of unused drugs from you in relation to a Trial;
  • arranging your transportation to or from a Trial site;
  • sending you reminders about your appointments at a Trial site, or to take your medication on time;
  • monitoring and reporting on any adverse events, such as negative side effects;
  • providing compensation for Trial related injuries;
  • developing new medicinal drugs or health treatments;
  • complying with legislation governing Trials;
  • disclosing your Personal Data to the appropriate regulatory authorities, auditors, and ethics committees, if required by law;
  • responding to your inquiries and requests;
  • communicating with you on the status of a Trial;
  • for the purposes described in Section 7 below in relation to cookies and tags; and
  • providing financial assistance through our patient assistance program for purchasing our drug(s).

We also process your Personal Data for the specific purposes described in the informed consent form provided to you by Trial personnel.

In relation to the information we collect about users of the Sites, this typically does not identify individual users. We use the information we collect to analyze trends, to administer the Sites, to track users’ movements around the Sites and to gather demographic information about our user base. We do not link this automatically collected data to personally identifiable information. However, in certain cases, we may process Personal Data collected via cookies or tags. Please refer to Section 7 below, and to our Cookie Policy, for further information on this.

6. Basis of Processing

We may process your Personal Data on the basis of:

  • Consent: We may ask for your consent to collect and process your Personal Data, including special categories of Personal Data, such as your health status and medical history.
  • Contract: We may process your Personal Data to fulfill a contract we have with you.
  • Legitimate Interests: We may process your Personal Data based on our legitimate interests in facilitating and managing our Trials.
  • Compliance with Legal Obligations: We may need to process your Personal Data for us to comply with applicable laws or regulations, such as the laws regulating the safety and reliability of our Trials.
  • Public Interest: We may process your Personal Data for reasons of public health interests to ensure adequate standards of quality and safety of the drugs or treatments we are developing.

Where we process your Personal Data based on your consent, you may withdraw your consent at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect processing performed on other lawful grounds. If you withdraw your consent, you will be ineligible to participate in the Trial.

Where we receive your Personal Data as part of a contract we may have with you, we require such Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to fulfill our contractual obligation towards you.

Where we process Personal Data based on our legitimate interests, we will always do so after a careful assessment which requires balancing your right to privacy and our legitimate interests. When we rely on legitimate interests as a lawful basis of processing, you have the right to ask us more about how we decided to choose this legal basis. To do so, please use the contact details provided in Section 15 below.

If you are a participant in a Trial, we process special categories of Personal Data, such as your health status and medical history. Certain data protection laws require that we must have an additional ground to process this type of information. AVEO may process your special categories of Personal Data based on your explicit consent, or where the processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

The specific grounds on which we process your Personal Data, including your health data, may vary somewhat from the above to comply with the requirements of local laws in jurisdictions where we sponsor Trials. If you are a participant in a Trial, please refer to the informed consent form you signed when you joined a Trial for more information about the legal grounds on which we process your Personal Data.

SUMMARY CHART ON HOW WE USE YOUR PERSONAL DATA: PURPOSES AND LEGAL BASES OF THE PROCESSING

How we use and process your Personal Data under the European Union General Data Protection Regulation (“GDPR”) for the purposes and legal bases set out below:

Use/PurposeLawful Basis
Communicating with you, providing you with information about our business, and operating and improving our websiteAVEO has a legitimate interest to operate its website and communicate with you upon your request (Article 6(1)(f), GDPR).
Contact you with respect to clinical trials offered by us which we believe may interest you (including direct marketing)AVEO has a legitimate interest to operate its website and communicate with you upon your request (Article 6(1)(f), GDPR).
Depending on your location, we may also ask for your consent prior to sending you direct marketing.
Marketing and advertising about AVEO, our clinical trials, and any future marketing of products and servicesDepending on your location, AVEO may also ask for your consent prior to marketing and advertising our clinical trials, products, and services online.
Conducting audits and investigations, and to investigate and resolve complaints, grievances or misconductAVEO has a legitimate interest to manage its business and to ensure that all investigations and proceedings are managed efficiently and effectively (Article 6(1)(f), GDPR). AVEO has a legal obligation to do so (Article 6(1)(c), GDPR).
Preparing for and acting in relation to inquiries, investigations or proceedings, by governmental, administrative, judicial or regulatory authorities, including civil litigationAVEO has a legitimate interest to manage its business and to ensure that all investigations and proceedings are managed efficiently and effectively (Article 6(1)(f), GDPR). AVEO has a legal obligation to do so (Article 6(1)(c), GDPR).

7. Cookies and Tags

Periodically, some pages on our Sites may use “cookies,” which are small files that the site places on your hard drive for identification purposes. These files are used for Site registration and customization the next time you visit our Site. We may also collect information about how you use the Sites using cookies (and other similar technologies), as part of improving the content and functionality of the Site. You should note that cookies cannot read data off your hard drive. Your web browser may allow you to be notified when you are receiving a cookie, giving you the choice to accept it or not. You can also refuse all cookies by turning them off in your browser. By not accepting cookies, some pages may not fully function and you may not be able to access certain information on the Site.

We may also use third party cookies.  Third-party cookies are created by domains that are not the Sites (or domain) that you are visiting. These cookies are used for our marketing efforts, as well as to understand your browsing of the Sites, for example, which page you visit or how long you stay on each page. These types of cookies are set by AVEO affiliates and/or vendors we are working with to enhance end user experience or may be used to identify visitors to our Sites.

We may also use Internet Tags such as “pixel tags,” which are small graphic files that allow us to monitor the use of our websites. A pixel tag can collect additional information such as IP address, URL, timestamp, browser type and the cookie identification number.

Please refer to our Cookie Notice for further information about the types of cookies and tags we make use of and how you can disable them in your web browser. Cookie Notice, https://www.aveooncology.com/cookie-notice/.

8. Data Retention

We will seek to ensure that your Personal Data is always safeguarded. We will retain your Personal Data until we fulfill the purposes listed above, or for as long as we are required to keep it to comply with applicable laws or regulations.

Once your information has been entered into Trial records, we cannot remove it without affecting the accuracy of the Trial and the test results. Some laws require us to keep Trial records for at least twenty-five (25) years after the conclusion of the Trial.

9. Sharing Personal Data with Third Parties

We may share Personal Data with our contracted parties who process Personal Data on our behalf, and who agree to use the Personal Data only to assist us in fulfilling the purposes of processing as described in Section 5 above, or as required by law. Our contracted parties include parties providing:

  • contract/clinical research organization services;
  • preparation and submission of reports/documents to regulatory authorities;
  • patient recruitment services;
  • quality assurance, safety and pharmacovigilance software and related services;
  • data storage and archiving software and related services;
  • data analytics and reporting software and services;
  • services related to the collection, storage, testing and transportation of biological material;
  • services related to the delivery, transportation or collection of study drug during a Trial;
  • software that randomly decides which treatment you will receive during a Trial;
  • logistics and transport contracted parties;
  • electronic data capture software and hardware; and
  • financial services related to the patient assistance program.        

For Site visitors, we may share aggregated demographic information about our user base with third parties that may or may not be affiliated with us, but this information does not identify individual users. We do not link aggregate user data with Personal Data. We share Personal Data with third parties which we rely upon to operate and administer our Sites. We disclose information as needed for these contracted parties to perform their functions, but do not authorize the contracted parties to use the information for other purposes.

We may also use independent advertising companies to provide ads on our behalf across the Internet (“advertising company”). These advertising companies also help us analyze our advertising campaigns and the general usage patterns of visitors to our websites. This is primarily accomplished using cookies and Internet tags. Such companies may place these tags on our Sites or on other websites. Please refer to our Cookie Policy for further information, https://www.aveooncology.com/cookie-notice/.

We may use this information to improve our Sites and our advertising. In order to deliver more relevant content or advertising, or to connect with you via other methods, from time to time we may link the information we receive to your personal information. If we do link such data, it is treated under AVEO’s Policy as Personal Data.

10. International Transfers of Personal Data

Certain data protection laws (such as the laws in the European Union (“EU”) and United Kingdom (“UK”)) only allow us to transfer Personal Data outside of a particular region if the country that the data is being transferred to offers an adequate level of protection for the Personal Data. AVEO and some of the third parties we share Personal Data with are in countries outside of the EU and the UK. In some cases, the relevant authorities may not have determined that those countries’ data protection laws provide an adequate level of protection for your Personal Data. When these data protection laws apply to the processing of your Personal Data, we will only transfer your Personal Data to third parties in countries which are recognized as providing an adequate level of protection for Personal Data, or who provide appropriate safeguards to protect your Personal Data. These safeguards may include the standard data protection clauses approved by the European Commission under Article 46(2) of the EU General Data Protection Regulation.

11. Other Disclosures of Your Personal Data

We may also disclose your Personal Data for other reasons. We reserve the right to transfer, disclose or assign your Personal Data in connection with the following events:

  • with regulators or competent authorities, to the extent necessary to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws);
  • to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials or private parties);
  • if, in the future, we sell or transfer, or consider selling or transferring, part or all of our company, business, shares or assets to a third party; or
  • in the event that we are acquired by, or merged with, a third-party entity, or in the event of bankruptcy or a comparable event.

If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.

12. Data Integrity and Security

We have implemented and will maintain technical, administrative and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing. This includes unauthorized access, disclosure, alteration or destruction.

13. Your Privacy Rights

You have specific rights regarding your Personal Data that we collect and process.

For individual patients, please first speak with your study doctor instead of contacting us directly to exercise the rights we explain below.

Right to Know What Happens to Your Personal Data. You have the right to obtain from us all information regarding our data processing activities that concern you (or your child), such as how we collect and use your Personal Data, how long we will keep it and who it will be shared with, among other things. We are informing you of how we process your Personal Data with this Policy.

Right to Know What Personal Data We Have About You. If we process your Personal Data, you will have the right to request access to (or to update or correct) that Personal Data. This means that you have the right to ask us to confirm whether or not we process your Personal Data, and, where that is the case, obtain a copy of or access to your Personal Data and other related information such as:

  • The categories of your Personal Data that we process;
  • The categories of sources for your Personal Data;
  • Our purposes for processing your Personal Data;
  • Where possible, the retention period for your Personal Data, or, if not possible, the criteria used to determine the retention period;
  • The categories of third parties with whom we share your Personal Data;
  • The specific pieces of Personal Data we process about you in an easily-sharable format;
  • The categories of parties that received your Personal Data from us;
  • If we rely on legitimate interests as a lawful basis to process your Personal Data, the specific legitimate interests; and
  • The appropriate safeguards used to transfer Personal Data from the European Economic Area (“EEA”) to a third country, if applicable.

Under some circumstances, we may deny your access request. In that event, we will respond to you with the reason for the denial.

Right to Change Your Personal Data. You can also ask us to correct, without undue delay, anything that you think is wrong with the Personal Data we have about you, and to complete any incomplete Personal Data.

Right to Delete Your Personal Data. You may ask for your Personal Data to be deleted. Sometimes we can delete your information, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can limit how we use it. We will also inform you of our reason for denying your deletion request.

Right to Ask Us to Limit How We Process Your Personal Data. You may also have the right to ask that we limit/restrict our processing of your Personal Data (e.g., if you ask us to only use or store your Personal Data for certain purposes). You have this right in certain circumstances, such as where you have reason to believe the data is inaccurate or the processing activity is unlawful.

Right to Ask Us to Stop Using Your Personal Data. You have the right to object to our processing of your Personal Data. We will always strive to fulfill your request. However, please note that there are occasions when doing so may not be possible, like when the law tells us we cannot do that, or where we need your Personal Data to complete the transaction for which we collected the Personal Data.

Right to Withdraw Your Consent. As discussed in Section 6 above, if we requested your consent to process your Personal Data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect processing performed on other lawful grounds. If you withdraw your consent, you may be ineligible to participate in a Trial.

Right to Port or Move Your Personal Data. You may also have the right to “data portability”, which means that you may have the right to ask us to provide you with a copy of your Personal Data. If you exercise this right, we will provide you with a copy of your Personal Data in a structured, commonly used, and machine-readable format.

To exercise any of your privacy rights or raise any other questions, please contact us by using the information in the Contact Us section below. You also have the right to lodge a complaint with a data protection regulator in one or more EEA member States and in the UK.

14. Privacy of Children

The website content and services are intended for users over the age of 18. Since it is impossible to determine the age of individuals who navigate to our websites, we encourage the legal guardians to contact us if they confirm unauthorized data provision by their children in order to delete their data. If we learn that a child under 18 has volunteered personally identifying and/or health-related personal information on the website, or that a provider has volunteered information about a patient who is identified as younger than 18, we will delete such information from our active databases in accordance with our deletion policy.

In case we need to collect Personal Data of minors (i.e., under the age of 18), we endeavor to collect such data from their legal guardian provided that a legal basis for collecting such data exists. 

15. Contact Us

If you have any questions about this Policy or our processing of your Personal Data as it relates to a clinical trial, please first speak with your study doctor. If you have any questions about this Policy or our processing of your Personal Data outside of a clinical trial or after you speak with your study doctor, please contact us or our Data Protection Officer directly using the contact details listed in Section 17 below. Upon receipt of your request, please allow up to one (1) month for us to reply.

16. Data Protection Representative

While you may contact us at any time, our data protection representative can be contacted about matters related to the processing of your Personal Data.

European Union Representative

We have appointed VeraSafe in Spain as our representative in the EU for data protection matters, pursuant to Article 27 of the General Data Protection Regulation. VeraSafe can be contacted on matters related to the processing of Personal Data. If you want to raise a question to us, or otherwise exercise your rights in respect of your Personal Data, you may do so by:

  • Sending an email to experts@verasafe.com, quoting AVEO Pharmaceuticals, Inc. in the Subject Line, or
  • Mailing your inquiry to VeraSafe, Plaza de la Solidaridad 12, Floor 5, 29006, Malaga, Spain.

VeraSafe’s privacy policy is accessible at https://verasafe.com/legal-notices/privacy-policy/.

United Kingdom Representative

We have appointed VeraSafe as our representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to AVEO, only on matters related to the processing of your personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at +44 (20) 4532 2003.

Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom

VeraSafe’s privacy policy is accessible at https://verasafe.com/legal-notices/privacy-policy/.

PLEASE NOTE: When mailing inquiries, it is ESSENTIAL that you address your letters for ‘Data Protection Representative – AVEO Pharmaceuticals, Inc.’ and not ‘AVEO Pharmaceuticals, Inc.’ or your inquiry may not reach the appropriate representative of AVEO.  Please refer clearly to AVEO Pharmaceuticals, Inc. in the body of your letter. On receiving your correspondence, We may request evidence of your identity, to ensure your Personal Data and information connected with it is not provided to anyone other than you. 

If you have concerns over how any of our data protection representatives will handle your Personal Data that they will require to undertake their representative services, please refer to the respective representative’s privacy policy identified above.

17. Data Protection Officer

We have appointed VeraSafe as our Data Protection Officer (DPO). While you may contact us directly at dataprotection@aveooncology.com, VeraSafe can also be contacted on matters related to the processing of Personal Data. VeraSafe’s contact details are:

VeraSafe
Zia Maharaj
100 M Street S.E., Suite 600
Washington, D.C. 20003
Email: experts@verasafe.com
Web: https://www.verasafe.com/about-verasafe/contact-us/
Tell: +1-617-398-7067

18. Data Privacy Framework (DPF) Program

In conjunction with the safeguards stated above, AVEO also complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  AVEO has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF,  from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF and with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  While the decision to self-certify and participate in the DPF program is voluntary, effective compliance upon self-certification is compulsory. Once an organization self-certifies to the U.S. Department of Commerce’s International Trade Administration (ITA) and publicly declares its commitment to adhere to the DPF Principles that commitment is enforceable under U.S. law. If there is any conflict between the terms in this Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (the “Principles”), the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, AVEO commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact AVEO at dataprotection@aveooncology.com.  If you still have specific privacy concerns that have not been resolved after attempting to address your privacy question or concern with AVEO directly, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse to you free of charge. To file a complaint with the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information at https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/.

In compliance with the DPF, AVEO would also like to inform you that we are obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to AVEO and has followed the procedures, subject to conditions, set forth in Annex I of Principles. So, if your concern is not resolved after following the recourse mechanisms described above, you may have the option to select binding arbitration for the resolution of your complaint with respect to PI originating in the EU, the UK, Gibraltar or Switzerland.  For more information on binding arbitration, please visit the U.S. Department of Commerce’s website on submitting complaints located here.

As explained above in this Policy, PI may be shared as appropriate with third parties that process information on behalf of, or with, AVEO. Under certain circumstances, AVEO may remain liable for the acts of certain third parties if those third parties process PI originating from the EU, the UK, Gibraltar and/or Switzerland that AVEO discloses to them in a manner that is inconsistent with the Principles.

AVEO is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission for purposes of enforcing compliance with the DPF. 

For more information about the DPF or to view AVEO’s U.S. certification on the DPF List, please visit the U.S. Department of Commerce Data Privacy Framework website.

19. Links To Other Sites

This Policy applies to information collected by our Sites. The Sites may contain links to other sites that are not owned or controlled by AVEO. Please be aware that we are not responsible for the privacy policies of such other sites.  We encourage you to be aware when you leave our Sites and to read the privacy policies of each and every website that collects Personal Data.

20. Changes to this Policy

If we change this Policy, we will publish the revised Policy on our website. We will also update the “Last Modified” date.

Effective on: December 23, 2022
Last Modified on: January 30, 2024