HIPAA Information

This Privacy Policy describes how TrilliumBiO (“We” or “Us”) collects, uses, shares, and protects information when you interact with our affiliated sites where this Privacy Policy is posted (“the Site”).

What Information We Collect

Information you give us: We receive and store some information that you enter on our Sites or that you provide to us through the Sites.

The information we collect or that you provide on or through our Sites or by using our services includes:

  • Data that may personally identify you, including your name, postal address, billing address, shipping address, e-mail address, home, work and mobile telephone numbers, age, date of birth, that may personally identify you, sex at birth, IP address, medical conditions, you may have, information related to medical conditions (collectively, “Personal Data”);
  • Information that you provide by filling in forms on our Sites, such as appointment request forms or product ordering forms. It also includes information you provide when you register to use our Sites, purchase products, or use services available through the Sites or facilities. We may also ask you for information when you report a problem with our Sites. Some forms collect sensitive information, such as health information, necessary for us to provide our services to you;
  • Records and copies of your correspondence (including email addresses), if you contact us;
  • Your responses to surveys that we might ask you to complete for research, development, and marketing purposes; and
  • Details of transactions you carry out through our Sites.

You also may provide information to be published or displayed (hereinafter, “Posted”) on public areas of the Sites or transmitted to other users of the Sites or third parties (collectively, “User Contributions”). Your User Contributions are Posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Sites with whom you may choose to share your User Contributions. Given those limitations, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Information we collect automatically: We collect some information about you automatically as you navigate through or use our Sites. Information collected automatically may include usage details, IP addresses, session replay and recording technology (recording your movements, clicks, etc. on our Sites), and information collected through cookies, web beacons, pixels tags, and other tracking technologies. As you navigate through and interact with our Sites, we may use automatically collect certain information about your equipment, browsing actions, and patterns, specifically:

  • Usage Details. Details of your visits to our Sites, such as traffic data, location, logs, referring/exit pages, date and time of your visit to or use of our Sites, error information, clickstream data, and other communication data and the resources that you access and use on or in the Sites.
  • Device Information. Information about your computer, mobile device, and Internet connection, specifically your IP address, operating system, browser type, and application version information.
  • Location Data. Information about your location collected through Geolocation technology. Our applications and services that run on mobile devices do not generally use geolocation. If geolocation information will be collected, we will update this Privacy Policy.

The information we collect automatically may include Personal Data or we may maintain or associate information we collect with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Sites and to deliver a better and more personalized service by enabling us to:

  • estimate our audience size and usage patterns;
  • improve our product and services offering;
  • store information about your preferences, allowing us to customize our Sites according to your individual interests; and
  • recognize and/or authenticate you when you return to our Sites.

We use different forms of technology to enable our automatic collection of data. The technologies that we use for automatic collection of data may include:

  • Cookies (or browser cookies). We and our service providers may use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Sites, whether through your computer or mobile device. A cookie is a small file or piece of data sent from a website and stored on the hard drive of your computer or mobile device. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. Please note that if you select this setting you may be unable to access or use certain parts of our Sites. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you use our Website.
  • Pixels and Web Beacons. We may use small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) on our Site or in communications that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related Sites statistics (for example, recording the popularity of certain Sites content and verifying system and server integrity). We use this information to assist us in improving our user experience.
  • Do Not Track Signals. Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals. However, we do not track your online activities on or across third party websites or other online services for any purpose, including advertising, unless you specifically opt-in to a program or campaign that authorizes such tracking.

Email communications, Subscriptions, and Related Services

Our Sites may provide you with an opportunity to request and receive communications from us or third parties. For example, you may be sign up for a free email newsletter. You can unsubscribe from this newsletter at any time by following the instructions in each communication or other mechanisms that we have available.

Email communications that you send to us by using an available email link on our Site may be shared with an individual that is most able to address your inquiry. We make every effort to respond in a reasonable amount of time once a communication is received. Note, that email communications that you send using the email link on our Site are not automatically encrypted, and it is possible that unencrypted email communications with us may be accessed or viewed by another internet user while in transit to us.

Surveys

We occasionally send or make available surveys to visitors of our site. The information from these surveys is used in aggregated, de-identified form to help us understand the needs of our visitors so that we can improve our Site. The information may be shared with third parties that we have a business relationship. We generally do not ask for information in surveys that would personally identify you; if we do request contact information for follow-up, you may decline to provide it. If survey respondents provide personal information (such as an email address) in a survey, it is only shared with those people who need to see it to respond to the question or request, or with third parties who perform data management services for our Site. We required those third parties to keep all data from surveys confidential.

How We Use the Information that We Collect

In addition to the uses that have already been described, we may also use the information that we collect for other purposes including:

  • Optimizing the performance and user experience of our Sites;
  • Operating, evaluating, and improving our business;
  • Providing healthcare services;
  • Delivering or installing products;
  • Marketing and advertising products and services, including by inferring your interests from your interactions with our websites and newsletters and tailoring advertisements, newsletters, and offers to you (both on our websites and on other websites) based on your interactions with us in our stores and online interests;
  • Sending you email newsletters;
  • Conducting research and analysis;
  • Communicating with you about your account, special events, and surveys; and
  • Establishing and managing your accounts with us.

We may combine this information with any other information we have about you from other sources. We will use that combined data in accordance with this Privacy Policy and other agreements we might have with you.

Patient Data

We may receive information about individuals in connection with the delivery of healthcare services. Information received in the capacity of delivering a healthcare service will be directed to the United States and considered protected health information (“PHI”) as that term is defined by the Health Insurance

Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”). We will interact with PHI of a patient as set forth in our Notice of Privacy

Practices and as otherwise required by HIPAA. All PHI will be handled and stored in the United States and subject to HIPAA and any other applicable law.

Data Retention

We will retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements. You may request that we delete your data by contacting us as provided below. However, we may not be able to honor that request in all instances given the laws and regulations that apply to us or the nature of the information that you provide to us. For example, we may also have a legal basis or obligation to maintain medical and other information about you to provide care and treatment or to comply with our professional, legal, and other obligations.

Disclosure of Your Information

We may share the information we collect about you with third parties who we have engaged to help us provide the Site, as well as the products and services available through our Site. Your Personal Data may be disclosed to affiliates, contractors, service providers, and other third parties we use to support our business; and any authorization you have provided. The services provided by these organizations include providing IT and infrastructure support services, advertising, marketing, and payment processing services. Advertising and marketing partners may receive and use your Personal Data to assist us with our advertising and marketing efforts. In each case, we will ensure that these third parties have agreed to safeguard your data.

We may provide third parties with aggregate statistics about our visitors, traffic patterns, and related site information. These data reflect site-usage patterns gathered during visits to our website each month, but they do not contain information that personally identifies you unless you have given us permission to share that information.

We may also disclose your Personal Data:

  • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us about our Sites users are among the assets transferred;
  • to fulfill the purpose for which you provide it;
  • for any other purpose disclosed by us when you provide the information;
  • with your consent;
  • to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  • to affiliates to market their products or services to you if you have purchased one of our products and if you have not opted out of these disclosures. For more information, see Choices About How We Use and Disclose Your Information;
  • to enforce or apply our Terms of Use and other agreements, including for billing and collection purposes; and
  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our Users or customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Choices About How We Use and Disclose Your Information

Our sponsors and advertisers have agreed that they will not collect any personally identifiable information from our Site visitors while using our Sites; however, we do not control the use of cookies provided by other third parties, nor do we manage the information collected by other third parties. These third parties may aggregate the information they collect with information from their other customers for their own purposes and in accordance with their own respective privacy policies.

In addition, we strive to provide you with choices regarding the Personal Data you provide to us. We have created or you have available mechanisms to provide you with control over your Personal Data:

  • Cookie Settings and Advertising. You can set your browser or operating system to refuse all or some cookies or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of our Sites may then be inaccessible or not function properly.
  • Targeted Advertising. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance and the Network Advertising Initiative (NAI) websites (https://youradchoices.com/ and https://thenai.org/). Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your online activity. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.

Your Rights Regarding Your Information and Accessing and Correcting Your Information

You can Contact Us through the Contact Information below to access and/or find out what information we have about you and to correct that information. You can also review and change your Personal Data by logging into our site and visiting either the Settings or Account Preferences sections, if available. You may also notify us through the Contact Information below of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible or to delete your account. We cannot completely delete your personal information except by also deleting your account with us. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or if we have a legal basis or obligation to maintain it, or if it would cause the information to be incorrect.

Security

We use reasonable security measures to protect the confidentiality of personal information under our control, and we appropriately limit access to it. We use a variety of information security measures to protect your online transactions with us. The Site uses encryption technology, such as Secure Sockets Layer (SSL), to protect your personal information during data transport. SSL protects information you submit via our website, such as ordering information including your name, address, and credit card number. Even with those protections, we cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. We have taken reasonable steps to ensure the integrity and confidentiality of personally identifiable information that you may provide. You should understand, however, that electronic transmissions via the internet are not necessarily secure from interception, and so we cannot absolutely guarantee the security or confidentiality of such transmissions.

Users in the European Economic Area (EEA) or the United Kingdom

If you are a resident of the EEA or the United Kingdom, the following information applies with respect to personal data collected through your use of our Site.
Purposes of Processing and Legal Basis for Processing: As already explained in this Privacy Policy, we process personal data in various ways depending upon your use of the services. We process personal data on the following legal bases: (1) with your consent; (2) as necessary to provide the services; (3) to comply with our legal obligations; and (4) as necessary for our legitimate interests in providing the services where those interests do not override your fundamental rights and freedoms related to data privacy.

Transfers: Personal data we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or processors maintain facilities. We will ensure that transfers of personal data to a country or an international organization outside the EEA or the United

Kingdom are subject to appropriate safeguards.

Individual Rights: You are entitled to the rights under Chapter III of the EU General Data Protection Regulation or the United Kingdom General Data Protection Regulations and Data Protection Act 2018 with respect to the processing of your personal data, which include the right to access and rectify and to request erasure of personal data. In order to verify your identity, we may require you to provide us with personal information prior to accessing any records containing information about you. To exercise these rights, please contact our Data Protection Officer at info@trilliumbio.com.

Complaints or Concerns: You are welcome to raise any complaints or concerns to us by contacting our Data Protection Officer at info@trilliumbio.com. You also have the right to lodge a complaint with a supervisory authority.

Protecting Children’s Privacy

Our Sites are not intended for users under 18 years of age. No one under age 18 may provide any information to or through the Sites. We do not knowingly collect Personal Data from users under 18. If you are under 18, do not use or provide any information on or in our Sites or on or through any of their features, including your name, address, telephone number, email address, or any screen name or username you may use. If we learn we have collected or received Personal Data from a user under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from a user under 18, please contact us at the contact information below.

Links to Third Party Websites

Our Sites may link to other websites that have their own privacy policies. Be sure to review the privacy policy on the site you are visiting because we do not control any third party website.

Privacy Policy Updates
We may update our Privacy Policy as our operations and business evolve. If we make significant changes to this Privacy Policy, we will use reasonable efforts to provide you with advance notice, which may be done by posting a message on our Site.

Contact Information

If you have a question or concern regarding your privacy or this Privacy Policy, please contact us at info@trilliumbio.com.

Effective Date of Notice: October 1, 2024

Revised: January 13, 2025