The responsible controller for the processing on the Service(s) is:
Aurinia Pharmaceuticals Inc.
#140, 14315 – 118 Avenue
Edmonton, AB T5L 4S6
+1 (888) 500 2905
Data Protection Officer
If you have a questions about how your Personal Information is being used, you may reach our data protection officer using the contact details presented under section Contact Us/Exercise Rights.
Aurinia Pharmaceuticals Inc. and its subsidiaries and affiliates (collectively, "Aurinia", "we", "us", or "our") recognizes the importance of protecting the privacy of personal information and other information that we may receive about visitors to https://www.auriniapharma.com and any other website or application owned or operated by Aurinia or via other online or offline services that links or refers to this Statement (collectively, the "Service" or "Services").
This Privacy Statement ("Statement") describes:
- what information we collect or that you provide when using our Services
- how we use, disclose, store, and/or otherwise process your information
- with whom we may disclose your information
- how we protect your information; and
- your rights related to the information that identifies you or can be used to identify you (referred to as "personal information" or "information" below)
Please utilize menu to the left to navigate to the section of your interest. California residents click here for more information about how we process your personal information.
Aurinia may provide additional privacy statements at the time we collect information. For example, we provide a specific privacy statement to clinical trial participants that describes our privacy practices in connection with conducting clinical trials. This type of "in-time" notice will govern how we may process the information that you provide at that time.
YOU HEREBY ACKNOWLEGDE AND AGREE THAT BY PROVIDING PERSONAL INFORMATION TO AURINIA AS PRESENTED HEREIN, YOU ACCEPT AND AGREE TO OUR COLLECTION, USE, DISCLOSURE, STORAGE, AND OTHER PROCESSING OF THAT PERSONAL INFROMATION FOR THE PURPOSE(S) SPECIFICED HEREIN AND THE TERMS OF THIS STATEMENT.
Collection of Information
How we Collect Information
When you use our Services or other services, Aurinia may collect personal information. You may voluntarily submit personal information or in some cases, explicitly consent to its collection. You may choose to provide such information when engaging in certain activities on our Services, e.g. through registrations, signing up to ambassador programs, applications, surveys, and in connection with your inquiries. For example, you may choose to provide your name, government identification numbers, contact information, and health insurance or other health information in connection with a promotion, a patient assistance, or support program. We also collect personal information you provide us through our offline interactions with you (e.g., by telephone or in person) or that you authorize others, such as your health care provider, to provide.
In addition, we may gather certain technical information about you automatically through your use of the Service, e.g. your IP address and how you navigate our Service. Please go the section Cookies and Other Technologies for more information in this regard.
We may also obtain information about you (which may include personal information) through other sources, such as public websites or records or other third parties (e.g., health care professionals, patient groups, government agencies).
Your Responsibilities & Consequences of not providing information
Please do not provide us any personal information if you do not want it to be collected. However, without providing certain requested information, you may not be able to participate in or access certain features available on our websites or other services that require such information.
For this Service, you are only obligated to provide us with your personal information if you would like us to fulfill a service, such as participating in a survey, contacting customer service, providing feedback, or signing up for email updates or other promotional materials. If you do not provide us your personal information that is needed for these services, we may not be able to provide such services to you.
Information we Collect
Aurinia may collect and process the following personal information in connection with your use of our Services:
- Personal and business contact information and preferences (e.g., full name, job title and employer name, email address, mailing address and phone number);
- Professional credentials, education history, employment history and other information of the type included in a resume or curriculum vitae;
- Date of birth, SSN;
- Profile images and message to your kidneys should you elect to voluntarily share such information;
- Race, gender, and ethnicity should you elect to voluntarily share such information;
- Financial Information provided by you;
- Health and medical information (such as medical insurance details, proof of income / assets if required for reimbursements, information about physical and mental health conditions and diagnoses, treatments for medical conditions, healthcare provider, caregiver, family medical history, and medications an individual may take, including the dosage, timing, and frequency) we collect in connection with managing clinical trials, conducting research, providing patient support programs, distributing and marketing our products, and tracking adverse event reports; and
- Username and password that you may select in connection with establishing an account on our websites.
The Services are not intended for children under the age of 18 and none of our Services are designed to attract such children. We do not knowingly collect personal information from children under the age of 18 (or applicable age in your country). If you are a parent or guardian and you learn that your child has provided us with personal information, please contact us using the contact details outlined in Contact Us/Exercise Rights. If we discover that a child has provided us with personal information, we will take reasonable steps to delete such information from our servers.
Cookies and Other Technologies
Some of our Services or pages use “cookies", or small data files that the Service places on your device for identification purposes. Your web browser may be programmed not to accept “cookies” or it may allow you to be notified when you are receiving a “cookie”, thus giving you the option of accepting it or rejecting it. You are free to decline our cookies if your browser permits but doing so may interfere with your use of the Service.
We and our third-party service providers may also use technologies like cookies to track your interaction with the Service. Some of these technologies may include web beacons, pixels, tags, web server logs, geo-location technologies, and Flash objects. As with cookies, you are free to decline such technologies if your browser permits. You should refer to your browser’s instructions to remove cached history and images from your device. Deleting or disabling cookies will not remove Flash objects. Please refer to Adobe’s website (http://www.adobe.com) for more information on how to disable these objects.
The Service may use Google Analytics to analyze traffic. You can find out more information about Google Analytics cookies here: Google Analytics Cookie Usage on Websites. To opt-out of Google Analytics relating to your use of the Service, you can download and install the Browser Plugin available via this link: Google Analytics Opt-out Browser Add-on.
How We Respond to Do-Not-Track Disclosures
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com
Use of Information
Aurinia may use the information that it gathers for the following purposes:
- to operate our business;
- to provide customer service and respond to requests or inquiries;
- to process, complete, and fulfill your requested transactions;
- to contact you or your company with information about promotions, offerings, and other marketing materials;
- to process grants and sponsorship applications and facilitate Ambassador Programs;
- to provide support for, promote, and improve Aurinia offerings and tailor Aurinia’s marketing;
- to operate, evaluate, secure, and improve our Services;
- to compare information for accuracy and verify our records;
- to detect, investigate, and prevent activities that may violate our policies or rules or that may be otherwise illegal.
- to comply with legal and regulatory requirements and/or judicial processes. This includes but is not limited to regulatory monitoring and reporting obligations, such as those related to adverse events, product complaints, spend transparency, and patient safety;
- Track and respond to safety and product quality concerns, such as product recalls;
We may also use the information to communicate with you, in scenarios where:
- we make changes to our policies;
- to respond to your inquiries, requests, and comments; or
- to contact you about your account;
We may aggregate and/or de-identify data about visitors to our Service and use it for any purpose, including product and service development and improvement activities. To the extent we deidentify any data originally based on personal information, we will maintain and use such data only in deidentified form and will not attempt to reidentify the data.
There are two primary types of cookies that are used: session cookies and persistent cookies. Session cookies are deleted automatically when you close your browser, and persistent cookies remain on your device after the browser is closed (for example to remember your user preferences when you return to the website). Each cookie typically falls into one of several categories:
- Essential Cookies – We make use of certain essential cookies in order to enable you to move around the websites and use their features. Without these cookies, services you have asked for (such as navigating between pages) cannot be provided.
- Analytics and Customization Cookies – We make use of analytics cookies to analyze how our visitors use the websites and to monitor the websites’ performance. This allows us to provide a high quality experience by customizing our offering and quickly identifying and fixing any issues that arise. For example, we might use these cookies to keep track of which pages are most popular and which method of linking between pages is most effective, and to determine why some pages are receiving error messages. We might also use these cookies to highlight articles or website services that we think will be of interest to you based on your usage of the website.
- Website Performance and Functionality Cookies – We make use of these cookies to provide you with certain functionality. For example, we might use website functionality cookies to remember choices you make (such as your language or the region you are in), or to recognize the platform from which you access the websites, and to provide enhanced and more personal features. These cookies are not used to track your browsing on other third party sites.
Disclosures of Information
We may disclose your personal information with our employees, agents, affiliates, representatives, service providers, scientific advisors, contractors, government entities, internet service providers, data analytics providers, operating systems and platforms, acting on our behalf. This may include disclosing personal information with service providers who are authorized to use your personal information only as necessary to support our business operations, such as those who provide data storage, technology support and services, customer service, risk solution provision, analytics, fraud prevention, legal services, and marketing services. We may also disclose some of your Personal Information as otherwise permitted or required by law or as authorized by you.
We may disclose your personal information with third parties to protect our rights and interests, such as when needed for corporate audits, to investigate or respond to a complaint or threat, or to exercise our legal rights.
Aurinia may need to disclose or provide access to personal information if Aurinia has a good faith belief that such action is necessary to comply with the law, such as in connection with a judicial proceeding, court order, or other legal process.
We may disclose your personal information with business transferees, such as acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Aurinia (including, in connection with a bankruptcy or similar proceedings).
Location and Transfer of Information
International Data Transfer
If you choose to provide us with personal information, we may transfer that personal information to our affiliates and subsidiaries or to other third parties, in accordance with local law. We may also transfer your personal information across borders, from your country or jurisdiction to other countries or jurisdictions in accordance with legal requirements.
Aurinia primarily uses European Commission Standard Contractual Clauses (incl. UK Addendum) for data transfers from the European Union, the EEA, the UK and Switzerland to countries outside the EEA (including the UK). For transfers between other jurisdictions, Aurinia may rely on other legal mechanisms for international transfer, as appropriate under the relevant law.
Where is your information stored and processed?
Personal data we collect or receive may be stored and processed in Canada, the United States, or any other country where we or our service providers have facilities. The servers and databases storing personal information may be located outside the country from which you accessed this website and in a country that does not have the same privacy laws as your country of residence.
Retention of Information
We retain and store your personal information only for as long as we have a legitimate business purpose and in accordance with our data retention policies. The retention period may also be based on:
- the length of time we have a relationship with you, or
- the need to fulfill legal obligations to which we are subject (retention periods will vary depending on the specific legal requirements or jurisdiction).
When retention is no longer necessary or required, we will delete, anonymize, de-identify, or aggregate the personal information so that it is no longer associated with you.
Security of Information
Aurinia uses reasonable technical, administrative and physical efforts and safeguards to help protect the personal information we collect from loss, misuse, and unauthorized access or disclosure.
Please note that we cannot guarantee the security of our databases or Service (s) nor can we guarantee that information will not be intercepted while being transmitted over the Internet. Any personal information you send to Aurinia via email or other Internet transmission is not completely secure (such as from illegal tampering or “hacking”) or error free. Due to the nature of the Internet, there is a possibility that unsecured (unencrypted) email could be intercepted and read by third parties. Aurinia assumes no responsibility for interception of confidential and/or personal information that you send in an unsecured (unencrypted) email message or other Internet transmission to and from the Service(s). Therefore, you should take special care in deciding what information you send to us via e-mail or other Internet transmission.
If you wish to exercise your rights we recommend doing so via our portal to ensure a more secure transfer of information: Make a Data Subjects' Rights Request.
We recommend that you also take additional measures to protect your personal information. For example, install up-to-date anti-virus software, close browsers after use, keep confidential your login credentials and passwords, and regularly update software and apps to ensure you have the latest security features.
Links to Other Websites
How We Communicate with You
Aurinia may use your contact information to promote Aurinia’s products or services or replying to your inquiries. This may include you receiving promotional e-mails if you signed up for such. In some instances, we may request your consent before sending you promotional emails. By declining to provide consent, you will not receive certain emails from us.
Even if you choose not to receive promotional emails, you may still receive emails that facilitate, complete, or confirm a commercial transaction that you have already agreed to enter with us. These include communications about completion of your registration, correction of user data, transaction confirmations, shipping notices, and other communications essential to your transactions or inquiry with us.
If you no longer want us to use your contact information to promote Aurinia’s products or services, options for opting out of email communications are typically available on our Service(s) or in the email or text we send you. You may always contact us via Contact Us/Exercise Rights if you have any difficulty finding these tools or otherwise updating your data or preferences.
We may also offer text/SMS messaging to you. We require you to opt-in to receive text messages from us. At any time, you may opt-out of receiving particular text messages from us (other than text appointment reminders) by texting STOP in response to any text message.
Message, data rates, and other charges may apply. You are liable for any mobile phone charges incurred (usage, subscription, etc.) as a result of using any of our products or services. Please consult your mobile service carrier’s pricing plan to determine the charges for sending and receiving text messages.
You may update the personal information you provide to us through the Services or other services, and your associated communications preferences, at any time by following the instructions on the relevant page of the Service or by contacting us via Make a Data Subjects' Rights Request.
If you have provided personal information to us through a third-party website, you should contact that website to update that Personal Information or communication preference.
For information about the choices you have with respect to Cookies, please see Cookies and Other Technologies.
Depending on the circumstances, you may be entitled to exercise some or all of the rights described below. This evaluation can be based on your residency or how the processing of the information is carried out. We will evaluate these circumstances if you Make a Data Subjects' Rights Request and respond accordingly.
If you reside in Europe, Switzerland, and the United Kingdom, then please go to Users in the European Economic Union, Switzerland and the UK to get an overview of the rights that may be available to you.
If you reside in the U.S., then please go to Users in Select U.S. States to get an overview of the rights that may be available to you.
Description of Common Rights
Right of Access
You may have the right to get confirmation about whether or not your Personal Data is being processed. If so, you have the right to access your Personal Data and other information related to it, such as the purposes, the categories of Personal Data, the recipients (or categories of recipients) to whom the Personal Data have been or will be disclosed, for particular recipients in third countries or international organizations, where possible, the predicted period that the Personal Data will be stored, or, if not possible, the criteria used to determine that period, your rights, etc.
Where feasible and permitted by law, we will provide a copy of the Personal Data we are processing. For any further copies, we may charge a reasonable fee based on administrative costs. If you make the request by electronic means, and unless otherwise requested, the information shall be provided in electronic form.
Right to Rectification
You may have the right to request that Aurinia correct any information you believe is inaccurate and to complete information you believe is incomplete.
Right to Erasure (‘Right to be Forgotten’)
You may have the right to the erasure of your Personal Data in certain circumstances.
Right to restriction of processing
You may have the right to restrict the processing for the below reasons.
- You contest the accuracy of your Personal Data, for a period enabling us to verify the accuracy of the Personal Data
- The processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of their use
- We no longer need the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims
- You exercised your right to object to processing pending the verification whether our legitimate grounds override yours
Right to Data Portability
You may have the right to receive the Personal Data that you have given us, in a structured, commonly used and machine-readable format. You have the right to send that Personal Data to another controller if the processing is based on consent pursuant or on a contract and is carried out by automated means.
Right to object
You may have the right to object, on grounds relating to your particular situation, to processing of your Personal Data which is based on our legitimate purposes. We will stop processing the Personal Data unless we have compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. If Personal Data is processed for direct marketing purposes, including profiling, you may object at any time.
Automated Individual Decision-making, including profiling
You may have the right not to be subject to a decision based solely on automated processing, including profiling, except under certain exceptions under local law.
Right to withdraw Consent
Where the processing of Personal Data is based on your consent, you may have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
Right to Anonymity
You may also have a right to request anonymity. This means that your Personal Data would not be collected or processed. If you choose to exercise this right, we may not be able to provide you with your requested goods or services.
Right to lodge a complaint with a supervisory authority
You may have the right to lodge a complaint with a supervisory authority.
European Economic Union, United Kingdom, & Switzerland Residents
This section supplements the information in this Statement regrading the collection, use, and disclosure of personal information that is covered by the regulations in European Economic Area ("EEA"), Switzerland or the United Kingdom ("UK"). If you reside in these location personal information about you may be protected by the data protection laws in the EEA, Switzerland or UK. Aurinia will comply with these data protection laws whenever applicable to your personal information.
About Us and How to Contact Us
Aurinia as identified under the section Company Information makes decisions on how your information is used and disclosed and shall be responsible as a ‘controller’. Where required by law, Aurinia has appointed representatives to fulfill its obligations under the GDPR. For information on our representatives, or to exercise your rights or make requests concerning the processing of your Personal Information, please contact us at utilizing the information presented under Contact Us/Exercise Your Rights
Legal Basis for Lawfully Using Your Personal Information
Aurinia lawfully processes your Personal Information and relies on one or more of the following legal bases:
- Your consent
- To negotiate, execute, or perform a contract with you
- To comply with a legal obligation that applies to Aurinia
- To carry out tasks for the public interest, which may include clinical research
- To protect the vital interests of the patient
- For our legitimate business interests only where it does not override the rights or freedoms of individuals whose Personal Information we are using.
Our Legitimate Interests
Aurinia may lawfully process your personal information by relying on performing our legitimate interests. This includes our ensuring patient safety, business operations, such as data storage, technology support and services, customer service, risk solution provision, analytics, fraud prevention, legal services, and marketing services. We will only use your personal information under this basis as long as your rights or freedoms are not overridden by our legitimate interest.
Cross Border Transfers
Aurinia is an international company which is headquartered in Canada and as a result, personal information about you may be processed in Canada. Aurinia may contract with service providers to process personal information on Aurinia's behalf. These service providers may be located outside of the EEA, Switzerland and UK. Data protection laws in Canada are deemed adequate but the data protections laws in the U.S. or other countries may not offer you the same protections as the laws of the country in which you are residing.
Rights Over Your Personal Information
Under the laws of the EEA, Switzerland and the UK, you have certain rights regarding your Personal Information. These rights are the:
- Right of Access,
- Right to rectification,
- Right to withdraw consent (withdrawal of consent will not affect the lawfulness of processing before your withdrawal),
- Right to object, Right to erasure (‘right to be forgotten’),
- Right to restriction of processing,
- Right to not be subject to Automated individual decision-making, including profiling,
- Right to data portability (where appropriate).
Please see the description of the individual rights under Your Rights. Should you wish to exercise your rights, then please do so in accordance with the instructions provided to Contact Us/Exercise Rights
Filing a Complaint with a Supervisory Authority
You also have the right to complain about how we handle your personal information to a supervisory authority that is responsible for enforcing data protection law. A list of European Union supervisory authorities is available here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
Disclosures of Personal Information in the Last 12 Months
|Personal Information Collected||3rd parties who may receive the Personal Information||Categories of 3rd parties with whom Personal Information may be sold or shared|
Personal and online identifiers such as a real name, Internet Protocol address, and email address
Information contained in customer records
Protected classification characteristics
Internet activity information, including, but not limited to, information regarding a consumer’s interaction with an internet website application, or advertisement
Professional or employment information
We process and disclose the personal information we collect for the following purposes:
- our commercial purposes, including enabling commercial transactions, providing our products and services to you, marketing, and advertising;
- conducting research and generally improving our products and services;
- performing internal business operations, such as account servicing, processing orders and payments, and analytics;
- as required by law, such as to comply with a subpoena or other legal process, or to comply with government reporting obligations;
- to affiliates, service providers, advisors, and other third parties to the extent reasonably necessary to proceed with the negotiation or completion of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets.
We disclose the categories of personal information listed in the table above to third parties in exchange for valuable consideration, such as receiving insights or services. Such disclosures may be considered “sales” under state privacy laws. We also disclose the categories of personal information listed in the table above to facilitate cross-contextual behavioral advertising, which may be considered “sharing” or “targeted advertising” under state privacy laws. We do not knowingly sell or share information related to individuals under 16 years of age. To opt out of such disclosures, click .
We use sensitive personal information for the following purposes: conducting research, providing patient support programs, and distributing and marketing our products
We retain personal information for so long as necessary to provide the requested goods or services, ensure the security and integrity of our Services, comply with our legal obligations, and otherwise fulfill the purposes for which the information was collected. For more information on how long we retain personal information, please refer to Retention of Information section above.
Depending on where you reside, you may be entitled to the following rights:
- Right to know. You have the right to know and request information about the categories and specific pieces of personal information we have collected about you, as well as the categories of sources from which such information is collected, the purpose for collecting and selling such information, and the categories of third parties to whom we disclose such information. You also have the right to know if we have sold or disclosed your personal information.
- Right to delete. You have the right to request the deletion of your personal information, subject to certain exceptions.
- Right to correction. You have the right to request correction of inaccurate personal information we maintain about you.
- Right to opt-out. You have the right to opt out of certain disclosures of your personal information for valuable consideration or for use for cross-contextual behavioral advertising. You can exercise this right through the "Do Not Sell or Share My Personal Information" link. To opt out of processing for targeted advertising via cookies, please update your cookie settings via our cookie banner. While applicable local law may also provide a right to opt out of our use of personal information for profiling in furtherance of decisions with legal or similarly significant effects, we do not currently use your personal information for this purpose.
- Right to limit. You have the right to limit use and disclosure of your sensitive personal information to certain specific business purposes. You can exercise this right through the "Limit the Use of My Sensitive Personal Information” link.
- Right to non-discrimination. You have the right to not be discriminated against for exercising any of the above-listed rights. We may, however, provide a different level of service or charge a different rate reasonably relating to the value of your personal information.
- Right to appeal. Should we deny your request, you have the right to appeal by contacting us at the information provided below.
Exercising Your Rights
Depending on your residence, the rights available to you may differ in some respects. Aurinia will respond to any rights request in accordance with local legal regulations. If you wish to make a request related to any of these rights, please use the Data Subjects’ Rights portal.
or contact us via:
Toll Free Phone: +1 (888) 500 2905
Aurinia Pharmaceuticals Inc.
#140, 14315 – 118 Avenue
Edmonton, AB T5L 4S6
Attention: Legal and Compliance - Privacy
You may exercise your opt-out rights by enabling the following opt-out preference signals:
- [Name of Opt-Out Preference Signal]: this signal applies to [the device, browser, consumer account, and / or offline sales] in the following circumstances: [describe circumstances when the signal applies]. You can enable this signal by [describe how consumer can enable signal].
Please be aware that Aurinia's ability to comply with your requests may be limited by applicable law. Aurinia will require appropriate evidence of your identity or to be provided with additional relevant information based on your relationship with us before we are able to act on your request when the information we have is insufficient to accommodate your request. In any event, we will respond to you as soon as reasonably possible to advise you of the outcome of your request.
Because we take the privacy and security of your personal information seriously, we will always verify your identity by asking you to provide certain information about yourself. If you contact us via e-mail we might send you a link to our Data Subject Right portal (like above) to ensure verification is completed. Once your identity is verified, we will work to provide you with your requested information in a timely manner via our portal. Please be aware that in some cases this verification is a legal requirement under local law.
If you choose to empower an “authorized agent” to submit requests on your behalf, we will require the authorized agent to have a written authorization confirming that authority.
Please note: If you are a clinical trial participant, please contact the study doctor or site where your trial is being carried out. The site will then work with us to answer any questions you may have regarding your Personal Information. We only hold key coded or pseudonymized Personal Information that cannot be used to directly identify you, and we must work with the study site to fulfill your request over your Personal Information.
Updates to this Statement
Aurinia is continually improving and adding new functionality and features to our Services. Because of these ongoing changes, as well as changes in the law and the changing nature of technology, Aurinia’s privacy practices will change from time to time.
Therefore, we reserve the right to update or modify this Statement at any time without prior notice. If and when we make changes to our privacy practices that are deemed material under applicable legal standards, Aurinia will post the changes on this page of our Services to notify you of the changes. We may also choose to notify you of changes to this Statement in other ways, such as through email if you have provided such contact information to us.
This privacy statement was last updated on June 30, 2023