A wholly owned subsidiary of Guardian Therapeutics, LLC
We are Band Therapeutics LLC (hereinafter “Band”) a wholly owned subsidiary of Guardian Therapeutics, LLC (“Guardian,” and, together, the “Company”) and our main activity is to provide scientific discovery research and development of health through clinical trials.
We take the protection of your personal data seriously. We are committed to fulfilment of our data protection obligations set by the General Data Protection Regulation, as well as other relevant laws and regulations.
Identity of the personal data controller
Band Therapeutics LLC
101 Hartwell Avenue Suite 2
Lexington, MA 02421
privacy@bandtherapeutics.com
Identity of the personal data controller
Guardian Therapeutics LLC
101 Hartwell Avenue Suite 2
Lexington, MA 02421
privacy@guardian-rx.com
We receive personal data directly from you. Personal data collected either in the course of the conduct of clinical trial activities, seeking employment at our organization or visiting our website.
In the table below you can find what personal data is being processed for what purpose and which purposes and what are the legal bases for such processing. We have split the explanation of processing activities and respective purposes according to your relationship with the Company
If you are our employee or intend to become one:
Listed below are the main purposes as well as legal basis for the processing of your personal data by the Company in case you are the Company’s employee or intend to become one. Note that the Company is not the sole controller in this case and processing purposes as well as legal bases and data categories are defined by our co-employer.
| Processing purpose | Legal basis | Data categories |
|---|---|---|
| Recruitment | Consent | Name, contact details, resume, application, employment history and any other information needed to recruit new employees |
| Management of employment (including payroll, insurance, paying taxes, tracking worktime and attendance) | Contract Legal obligation (as required by tax laws and other acts) | Any information needed to successfully manage employment at Band Therapeutics: (e.g., employee file, payroll related data, tax and benefits, worktime records, professional history and development) |
| Providing hardware and software as well as ensuring security at work | Contract Legitimate interest | Name, contact details, device information, account details, system logs and activity, communications data |
If you are a contractor:
Listed below are the main purposes as well as legal basis for the processing of your personal data by the Company in case you are the contractor.
| Processing purpose | Legal basis | Data categories |
|---|---|---|
| Management of contractor relationship | Contract | Name, contact details, personal identification number, bank account number, signature, salary |
If you are participant in clinical trial:
Listed below are the main purposes as well as legal basis for the processing of your personal data by the Company in case you are a participant of clinical trial. Keep in mind that the Company is not a solo controller in this situation, and it only processed the aggregated and de-identified data of clinical trial participants. For more information, please contact your Health Treatment Center.
| Processing purpose | Legal basis | Data categories |
|---|---|---|
| Participation in clinical trials | Explicit informed consent | Pseudonymized health information needed for successful conducting of clinical trials (as defined by the Health Institutions) |
If you are website visitor:
The Company does not use any cookies or other tracking technology on the website, except strictly necessary cookies, which enable normal functioning of the webpage.
| Processing purpose | Legal basis | Data categories |
|---|---|---|
| Enabling normal website functioning | Legitimate Interest | Data collected by strictly necessary cookies |
We acknowledge that our customers may include vulnerable groups of individuals. We hope and encourage that guardians / legitimate caretakers will discuss the processing of personal data with dependent individuals. In case you have any questions concerning the way personal data is processed, we are happy to provide additional information and answer any questions.
We have determined retention periods based on the purpose of the processing and the applicable legislation. For example, the accounting-related laws require us to store your personal data for a certain period. We review the personal data we collect regularly to ensure that the personal data we have is up to date and is not retained longer than needed or required by the relevant laws.
When not limited by applicable legislation, the retention periods are defined as follows:
| Processing purpose | Retention time |
|---|---|
| Please see processing purposes listed above | Band only processes this personal data as long as necessary for the defined purposes |
If you wish to have more detailed information about our retention times, please contact us by sending a request to our data protection email privacy@bandtherapeutics.com.
We do not commercialize any personal data that we receive.
We may have to disclose certain information to regulatory bodies, Ethics Committees, public or law enforcement authorities when this is required. We only do so on the basis of an adequate legal warrant or subpoena issued by the relevant court.
In case of mergers or acquisitions, the acquiring entity may obtain access to relevant customer data assets.
Band makes every attempt to localize its data stores. In the event data must be transferred, to support the proper data security, all appropriate safeguards are put in place. EU/EEA data received by Band Therapeutics is done so under the proper transfer mechanism. The ongoing transfer of any EU/EEA data is guaranteed equivalent protection through appropriate transfer mechanisms.
We have appropriate security policy and procedures in place to protect your personal data from loss, misuse or unauthorized access.
We guarantee that your data is kept confidential and secure. All the employees authorized to process your data are committed themselves to confidentiality. We have a role-based access control, meaning that each employee is given access to resources and personal data based on the employee’s role and job description. All networks and services used by our employees are protected with appropriate security measures.
We have a procedure to manage data breaches which allows us to assess the possible risks, notify the relevant authorities and alert you in case your personal data may have been affected. We regularly educate all employees to ensure the protection of your personal data.
You have certain rights concerning your personal data, such as right to access, update, delete and have a copy of your personal data. We seek to ensure that you can exercise your rights efficiently. You can exercise your rights by sending a request to our privacy@bandtherapeutics.com or privacy@guardian-rx.com. A list of your rights and their explanations are listed below.
| The Right to be Informed | You have the right to be informed about our organization and the details of personal data processing activities we carry out with your personal data. In addition, you have a right to receive information about the recipients to whom your personal data might be disclosed. |
|---|---|
| The Right to Access | You have the right to know that we are processing your personal data and have access to this data. If you are involved in a clinical trial, your data will be pseudonymized (a de-identification procedure by which personally identifiable fields within a data record are replaced by one or more artificial identifiers). |
| The Right to Rectification | You have the right to request from us to correct inaccurate personal data concerning you. For personal data collected as part of a clinical trial, you would make the request to correct your personal data to the clinical site. |
| The Right to Erasure (“Right to be Forgotten”) | You have the right to request deletion of your personal data. In certain cases, for example, clinical trial participation, this right might be limited by the legal obligation or legal basis to retain such information in accordance with compulsory statutory limitations, about which we will inform you. |
| The Right to Restrict Processing | You have the right to restrict the processing of your personal data. Restricting the processing means that we will limit the processing of certain data to only storing it. This right is limited if you are involved in a clinical trial. |
| The Right to Data Portability | You have a right to request from us your personal data in a structured, commonly used and machine-readable format that allows transmitting such data to another controller. This right is limited if you are involved in a clinical trial. |
| The Right to Object to Processing | In certain cases, you have a right to object to processing of personal data concerning you. In this case we will analyze whether legal bases for data processing are sufficient to continue processing or we shall stop processing your personal data. This right is limited if you are involved in a clinical trial. |
| Rights Related to Automated Decision Making | We don’t make decisions based on solely automated processing of personal data which would have legal or other similar significant effects. |
| Rights to withdraw consent | In case the processing of personal data is based on your consent you have the right to withdraw consent unconditionally at any time. This right is limited if you are involved in a clinical trial. This, however, does not affect the lawfulness of the processing based on consent before its withdrawal. We use consent as a legal basis for processing. Please see details above. |
| Right to lodge a complaint with supervisory authority | If you consider that the processing of personal data relating to you infringes the GDPR, you have the right to lodge a complaint with your local data protection authority. |
If you need more information or help with the exercise of your rights, or if you have any other questions related to the processing of your data or this privacy statement, please contact us by sending email privacy@bandtherapeutics.com or privacy@guardian-rx.com.
The Company has appointed a DPO to assist with matters of data pricy and protection. Should you have any questions concerning the handling of your personal data, please contact our DPO at: privacy@bandtherapeutics.com or privacy@guardian-rx.com.
We reserve the right to update this data protection statement in case our activities change. Any updates will be appropriately communicated to you.
This Data Protection Statement for the Company has been last updated August 2023.
© 2023 Guardian Therapeutics. All rights reserved.
Welcome to the Guardian Therapeutics and Band Therapeutics website. We do not use any cookies or other technologies on this website, except those that are strictly necessary to enable normal functioning of this web page. View our data protection statement.
Headquarters
Guardian Therapeutics
101 Hartwell Avenue
Suite 2
Lexington, MA 02421
+1 (781) 918-6580
General Inquiries:
info@guardian-rx.com
Business Development Inquiries: businessdevelopment@guardian-rx.com