Privacy Statement

Effective Date: February 19, 2018

This Privacy Statement (or “Statement”) is meant to help you understand what information Aurinia Pharmaceuticals, Inc. collects, what we do with the information and your choices regarding your personal information when you use our websites. This Privacy Statement applies only to the websites controlled by Aurinia Pharmaceuticals Inc. (including any of its wholly owned subsidiaries) (the “Sites” or “Websites”). This Statement does not cover information that is collected offline. Please read this Statement carefully because by accessing and using the Sites, users (“users,” “you,” and “your”) agree to be bound by these terms and conditions in this Statement. If you do not agree to the terms and conditions of this Statement, please do not use our Sites. We encourage you to periodically review this Statement to keep up to date on how we are handling your personal information.

Types of Personal Information We Collect

Generally we do not collect your personal information unless you give it to us. Personal information refers to information that directly identifies or can be used to determine the identity of a person. We collect personal information from you when you contact us, sign up for email alerts, request information from us, apply for a job with us, register at lupus nephritis awareness site, request investor or media information, or if you otherwise provide it based on features and services on our Website. This information includes your name, e-mail address, employment-related information, and other information that you provide to us.

How We Use Personal Information

We use personal information to provide the services you select on our Sites such as responding to your inquiries, providing you with educational information and resources regarding lupus nephritis, clinical trial developments, reviewing and responding to your job application, or requesting us to contact you; for website improvements, research, product development and continuous improvement.

Processing and Sharing of Personal Information

We process your information to respond to your requests, providing you with educational information and resources regarding lupus nephritis, clinical trial developments, reviewing and responding to your job application, and to perform any contracts that we may have with you.

We may share or disclose your personal information to the following categories of entities and for the following reasons:

  • With third parties, to assist us in operating our Sites, conducting our business, providing our services to you, providing you with educational information and resources regarding lupus nephritis, clinical trial developments, and for our marketing and advertising purposes;
  • Our controlled subsidiaries (including Aurinia Pharma Corp., Aurinia Pharma U.S., Inc. and Aurinia Pharma Limited (UK incorporated)).
  • With third parties, for any corporate reorganization process including, but not limited to, mergers, acquisitions, and sales of all, substantially all of our assets or part of our assets;
  • With law enforcement, government agencies, and other third parties, for complying with the law, enforcing our website policies, or protecting our or others’ rights, property, or safety.

To lawfully process your personal information, Aurinia generally does this based on your consent in many instances; but may also process your personal information to perform contracts with you, or for its other legitimate purposes.

We may transfer personal information outside of your home country to a country that may have different privacy protections than your home country. This may include the transfer of personal information to our controlled subsidiary in the United States, our parent company located in Canada and our controlled subsidiary located in the United Kingdom. We will obtain your consent, where required, for the transfer of your personal and/or sensitive information or we may rely on another legal basis for the transfer with applicable safeguards. For our European Union visitors, these may include EU adequacy protection decisions (i.e. Canada), standard contractual clauses, contractual necessity, agreed upon frameworks, or other applicable legal grounds.

The personal information you provide to us will be stored in the United States and Canada.

Your Access and Choices

If you would like to request to update, modify, or delete your personal information that we have collected, you may contact us at privacy@auriniapharma.com. You may opt-out of commercial communications by contacting us at privacy@auriniapharma.com. Please be advised that if you opt out of receiving commercial marketing messages, you may still receive transactional messages from Aurinia.

For residents of the European Union, an individual has the right to request from Aurinia the following: access, rectification or erasure of their personal information; to restrict Aurinia’ s processing of that information; to withdraw their consent to processing; to object to processing; or to lodge a complaint with their supervisory authority. EU residents also have the right to request data portability. The above rights are subject to applicable limitations and restrictions. In certain cases, your request may be denied based on a legitimate exception such as where we are prevented from disclosing such information based on legal requirements. For more information or to make a request, please contact privacy@auriniapharma.com. To contact Aurinia’ s local representative in an EU Member State, please contact privacy@auriniapharma.com for the contact information.

Children’s Personal Information

The Sites are not intended for children under the age of 18 (or the applicable age in your country) and none of our Sites are designed to attract such children. We do not knowingly collect personal information from children under the age of 18 (or applicable age in your country). In the event that we learn that a person under the age of 18 (or the applicable age in your country) has provided personal information to us, we will delete such personal information.

Cookies & Similar Technologies; Interest Based Advertising

Aurinia may use cookies—which are small text files placed on your device—and similar technologies to understand and save your preferences for future visits to our Sites and to improve your experience with our Sites. If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies via your browser settings. Some of the cookies we use may be more persistent in nature. These persistent cookies may not be deleted when your cookies are deleted. Please check your browser and browser settings to determine where these persistent types of cookies are stored and whether and how they may be deleted. Like most websites, if you turn cookies off, some of our services may not function properly. We may contract with third-party service providers to assist us in better understanding visitors to our Sites.

If you are accessing our websites from the European Union and certain other countries, you will be presented with an additional opportunity to accept or block the use of cookies. You may block the use of certain cookies via your browser; however, this may limit your use of our services and products.

Third Party Websites

The Sites may contain links to other sites. We are not responsible for the privacy practices or content of such other sites.

Your California Privacy Rights & How We Respond to Do-Not-Track Disclosures

California Civil Code Section 1798.83 permits our visitors who are California residents to request certain information regarding Aurinia’ s disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at the address provided at the bottom of this Statement.

We do not support “Do Not Track” browser settings and do not currently participate in any Do Not Track frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your personal information.

Securing Your Personal Information

We implement reasonable security measures to protect against the loss, misuse, or alteration of the information you provide us. We may use third party products and services to secure or store your information.

We retain your personal information for as long as necessary to provide the services and fulfill the transactions you have requested, or for other legitimate business purposes, such as complying with our legal obligations, research, product development and improvement, resolving disputes, and enforcing our agreements.

Changes to this Privacy Statement

We may amend this Privacy Statement at any time. When we post changes to this statement, we will revise the “Effective Date” or “Last Updated Date” at the top of this Statement. If we make any material changes to this Statement, we will notify you by prominently posting a notice of such changes before they take effect or by directly sending you a notification.

How to Contact Us About this Privacy Statement

Should you have any questions regarding this Privacy Statement or our personal information practices, in general, please contact us by e-mail at privacy@auriniapharma.com, or write to us at:

Aurinia Pharmaceuticals Inc.

Attn: Compliance/Privacy Officer

#1203-4464 Markham Street

Victoria, B.C., Canada V8Z 7X8