Last Updated September 27, 2023
This Privacy Policy (the “Policy”) is provided by OrbiMed Advisors LLC (collectively with its affiliates and the funds and accounts sponsored or managed by them, “OrbiMed,” “we,” “us,” or “our”). It is intended to describe the Personal Information (as defined below) we collect when you visit our websites or otherwise interact with us, how we use and share it, and rights you may have regarding this information. This Policy does not cover the information we collect from our employees, independent contractors, or job applicants.
As used in this Policy, the term “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It does not include de-identified or aggregate information, or public information lawfully available from governmental records.
To the extent that data protection laws in other jurisdictions are applicable, including but not limited to the EU General Data Protection Regulation 2016/679, including as retained as law in the UK by the European Union (Withdrawal) Act 2018 (the “GDPR”), and China’s Personal Information Protection Law (the “PIPL”), the term “Personal Information” shall have the meaning as defined under the applicable laws and shall be deemed to include any equivalent terms under applicable laws.
For purposes of the GDPR, to the extent applicable, OrbiMed Advisors LLC acts as controller (under the GDPR) and handler (under the PIPL) for the Personal Information that is processed when you access our websites or related services. This Policy applies to individuals only and may be changed at any time.
By accessing our websites and our services, you agree to our Terms of Use.
1. Notice at Collection – Types of Personal Information We Collect
We collect the following categories of Personal Information:
- Personal identifiers – signature, postal address, email address, phone number, fax number, account name, Social Security number, tax identification number, photographs, IP address, device ID, and copies of identification documents (e.g., passport, driver’s license)
- Demographic and association-related information – age and date of birth, place of birth, residency information, family member information, authorized signatories, and information on parties associated with an account
- Commercial and financial information – records of property, products, or services purchased, obtained, or considered; other investing or consuming histories or tendencies; information on investments, assets, expenses, accounts, net worth, tax information, holdings, account balances, transaction history, utility bills, bank statements, credit history, and trust and estate planning documents
- Internet or other electronic activity information – information regarding an individual’s interaction with a website or application, browsing history, and calls and emails sent and received
- Audio and visual information – photographs, video footage from CCTV, and voicemail
- Professional background information – name of employer and current title, references, resumes, information on positions held, and military service history
- Sensitive Personal Information – Social Security number, tax identification number, copies of identification documents (e.g., passport, driver’s license); location of birth; financial account information and credit history (defined as Sensitive Personal Information under the PIPL)
We may also receive other Personal Information that you or others voluntarily provide to us when communicating or otherwise interacting with us, providing a reference, or attending an event with us.
We have collected the same categories of Personal Information in the 12 months prior to the date of this Privacy Policy.
To the extent the PIPL is applicable, please contact us via PrivacyPolicy@OrbiMed.com and we will separately disclose relevant information as required under the PIPL about the necessity and impact of us processing your sensitive Personal Information, and we will also perform other obligations under the PIPL to protect the security of your Personal Information.
2. Notice at Collection – Purposes for Collection of Personal Information
With respect to each of the categories of Personal Information above, we may collect the information for the following purposes and where the GDPR applies, the related legal basis:
| Purpose of Processing | Categories of Personal Information | Legal Basis for Processing (where you or we are located in the EEA/UK) |
|---|---|---|
| Administering the relationship between and serving investors and clients | All categories of personal information set out above | Where necessary for the performance of a contract entered into with an investor or client |
| Business operations, including but not limited to: securing credit or financing; managing administrative and operational matters; administering our service provider, contractor, and vendor relationships and services; auditing; conducting research and analysis; designing and improving operations, products, and services; operating our customer service and respond to inquiries; operating our website; and managing risk | All categories of personal information set out above | We have a legitimate interest in providing the website and process Personal Data to see if and how our Websites can be improved, so that we can offer you a better user experience in the future |
| Marketing our products and services | Personal identifiers | With your consent, where required by applicable law |
| Complying with applicable legal or regulatory requirements and OrbiMed policies and contracts, responding to valid legal requests, assessing and investigating compliance, and other legitimate business and commercial purposes | All categories of personal information set out above | We have a legal obligation to do so We have a legitimate interest to manage our business and to ensure that all investigations and proceedings etc. are managed efficiently and effectively |
| Monitoring, managing, and securing resources, property, and personnel | Personal identifiers; Internet or other electronic activity information; Audio and visual information | We have a legitimate interest in ensuring our systems / websites are secure and that individuals are using our systems / websites correctly and in compliance with our Terms of Use |
| Enforcing or defending our rights | All categories of personal information set out above | We have a legal obligation to do so We have a legitimate interest to manage our business and to ensure that all investigations and proceedings etc. are managed efficiently and effectively |
| Sharing with third parties in connection with a potential acquisition of all or part of our assets or interests in our business, or with third parties that may succeed us in carrying on our business or to which our business is transferred | Personal identifiers; Demographic and association-related information; Commercial and financial information; Professional background information | We have a legitimate interest to manage our business We have a legal obligation to do so |
For purposes of China’s PIPL where it is applicable, the legal bases that we may rely upon include your consent, and in case your consent is not required under applicable law, where necessary for performance of a contract entered into with you; where necessary to perform a statutory responsibility or statutory obligation; where necessary for responding to a public health emergency or for protecting life, health or property safety of a natural person in the case of an emergency; for processing Personal Information within a reasonable scope to carry out news reporting or supervision by public opinions for public interest purposes; and processing publicly available Personal Information within a reasonable scope.
If you or we are in the European Economic Area (the “EEA”) or the United Kingdom (the “UK”) or China, you may have a right to object to the processing of your Personal Information where that processing is carried out for our legitimate interests or in other applicable circumstances. However, we may not be able to fulfil this request in all instances. Please contact us using the contact information below to receive more information, including with respect to the balancing test we have performed in this regard.
3. Notice at Collection – No Sale or Sharing for Behavioral Advertising
We do not sell Personal Information or share it with third parties for purposes of cross-context behavioral advertising.
4. Notice at Collection – Retention of Personal Information
We will generally keep Personal Information about you for as long as necessary in relation to the purpose for which it was collected, or for such longer period if required under applicable law or necessary for the purposes of our other legitimate interests.
The applicable retention period will depend on various factors, such as any legal obligation to which we or our service providers are subject, as well as on whether you decide to exercise your right to request the deletion of your Information from our systems (to the extent such right exists in the jurisdiction in which you reside). At a minimum, Personal Information about you will generally be retained for the entire duration of any business relationship we may have with you, and generally for a minimum period of five years after the end of the year in which any such relationship is terminated.
We will, from time to time, review the purpose for which we have collected Personal Information about you and decide whether to retain it, update it, or securely delete it, if the Personal Information is no longer required.
5. Sources of Personal Information
In the ordinary course, we collect or otherwise receive the categories of Personal Information above from a variety of sources, including from you directly or from someone who knows you or through automatic collection on our websites. In particular, we may obtain Personal Information: from an individual or a relation of the individual, such as from personal or business contacts of clients and investors (e.g., financial institutions, advisors, consultants, and other intermediaries or representatives); other business contacts of OrbiMed personnel (e.g., financial institutions, service providers, consultants or advisors); research and subscription services; publicly-available sources; governmental agencies, supervisory authorities, and tax authorities; background check companies, credit agencies, or fraud prevention and detection agencies; automated collection on our websites (including through cookies), applications, devices, systems, and networks; or from business and other records legally available to us.
6. Use or Disclosure of Sensitive Personal Information for Inferring Characteristics
We do not use or disclose Sensitive Personal Information to create profiles about or infer characteristics about individuals, or for any purposes other than providing our services.
7. Disclosing Personal Information
We have disclosed for a business purpose in the last 12 months, and may continue to disclose for a business purpose, the following categories of Personal Information to the following categories of third parties:
| Categories of Consumers’ Personal Information | Categories of Third Parties With Which We Shared Personal Information for a Business Purpose |
|---|---|
| Personal identifiers such as name, signature, postal address, email address, phone number, fax number, account name, Social Security number, tax identification number, photographs, copies of identification documents (e.g., passport, driver’s license), and other similar identifiers | Service providers and trading counterparties to us and our clients, including placement agents or distributors, brokers, banks, trading venues, clearing houses, custodians, corporate services providers, administrators of our funds, providers of customer or client relationship management tools, telecommunications and information technology (“IT”) providers, advisors (including but not limited to tax and legal and compliance advisors), accountants and consultants To any natural or legal person as directed by you |
| Demographic and association-related information: age and date of birth, place of birth, residency information, family member information, authorized signatories, and information on parties associated with an account | Service providers and trading counterparties to us and our clients, including placement agents or distributors, brokers, banks, trading venues, clearing houses, custodians, corporate services providers, administrators of our funds, providers of customer or client relationship management tools, IT providers, advisors (including but not limited to tax and legal and compliance advisors), accountants and consultants To any natural or legal person as directed by you |
| Commercial and financial information: records of property, products, or services purchased, obtained, or considered; other investing or consuming histories or tendencies; information on investments, assets, expenses, accounts, net worth, tax information, holdings, account balances, transaction history, utility bills, bank statements, credit history, and trust and estate planning documents | Service providers and trading counterparties to us and our clients, including placement agents or distributors, brokers, banks, trading venues, clearing houses, custodians, corporate services providers, administrators of our funds, providers of customer or client relationship management tools, IT providers, advisors (including but not limited to tax and legal and compliance advisors), accountants and consultants To any natural or legal person as directed by you |
| Professional information: name of employer and current title, references, resumes, information on positions held, and military service history | Service providers and trading counterparties to us and our clients, including placement agents or distributors, brokers, banks, trading venues, clearing houses, custodians, corporate services providers, administrators of our funds, providers of customer or client relationship management tools, IT providers, advisors (including but not limited to tax and legal and compliance advisors), accountants and consultants To any natural or legal person as directed by you |
| Commercial and financial information: records of property, products, or services purchased, obtained, or considered; other investing or consuming histories or tendencies; information on investments, assets, expenses, accounts, net worth, tax information, holdings, account balances, transaction history, utility bills, bank statements, credit history, and trust and estate planning documents | Service providers and trading counterparties to us and our clients, including placement agents or distributors, brokers, banks, trading venues, clearing houses, custodians, corporate services providers, administrators of our funds, providers of customer or client relationship management tools, IT providers, advisors (including but not limited to tax and legal and compliance advisors), accountants and consultants To any natural or legal person as directed by you |
| Professional information: name of employer and current title, references, resumes, information on positions held, and military service history | Service providers and trading counterparties to us and our clients, including placement agents or distributors, brokers, banks, trading venues, clearing houses, custodians, corporate services providers, administrators of our funds, providers of customer or client relationship management tools, IT providers, advisors (including but not limited to tax and legal and compliance advisors), accountants and consultants To any natural or legal person as directed by you |
| Internet or other electronic network activity information: information regarding an individual’s interaction with a website or application, browsing history, and calls and emails sent and received | Service providers that provide data security services and cloud-based data storage; host our websites and assist with other IT-related functions; provide website hosting, webcast and teleconference services; advertise and market our products; and provide analytics information |
| Audio and visual information: photographs, video footage from CCTV | Service providers that provide security services; maintain our voicemail platform |
| Sensitive Personal Information: Social Security number, tax identification number, copies of identification documents (e.g., passport, driver’s license); location of birth; for PIPL purposes, financial account information and credit history | Service providers and trading counterparties to us and our clients, including placement agents or distributors, brokers, banks, trading venues, clearing houses, custodians, corporate services providers, administrators of our funds, providers of customer or client relationship management tools, telecommunications and IT providers, advisors (including but not limited to tax and legal and compliance advisors), accountants and consultants To any natural or legal person as directed by you |
Business Purposes for Such Disclosures
We disclosed the aforementioned categories of Personal Information to the categories of entities identified above for the following purposes: to operate and manage our funds and provide our services; to manage customer accounts and relationships; to operate our business, including through telecommunications providers and email providers; to secure and protect the information we collect and maintain; to provide analytics information; to advertise and market our funds and services; and to comply with our legal and accounting obligations.
Additional Information About How We May Share Personal Information
We may also share Personal Information with the following types of third parties:
- Third parties (including regulators and courts) to comply with legal or regulatory obligations or in response to valid legal requests, including to the extent required by law, regulation, subpoena or court order or otherwise in connection with a judicial, administrative or governmental proceeding or as requested by any governmental agency or regulatory authority; to detect and protect against fraud or any technical or security vulnerabilities; or to respond to an emergency or otherwise to protect the rights, property, safety, or security of our business, third parties, or the public
- Any natural or legal person, as directed by you
- Any natural or legal person to whom we may in the future transfer any of our rights or obligations under any agreement, or in connection with a sale, merger or consolidation of our business or other transfer of our assets, whether voluntarily or by operation of law, or who is otherwise deemed to be our successor or transferee
To the extent the PIPL is applicable, please contact us via PrivacyPolicy@OrbiMed.com and we will separately disclose relevant information as required under the PIPL about third-party personal information handlers to whom we share your Personal Information, and we will also perform other obligations under the PIPL to protect the security of your Personal Information.
8. Cookies
We use cookies or similar technologies to capture information about the use of our websites, including to improve your user experience. Accordingly, we may store and retrieve information on your device through the use of cookies and similar technologies. You may be able to set your browser to notify you when you receive a cookie. Many web browsers also allow you to block cookies. If you block strictly necessary cookies you may not be able to access certain parts of our websites. You can find information about clearing or blocking cookies at https://www.allaboutcookies.org We do not allow third parties to collect personal information about your online activities over time and across different websites when you visit our website.
9. International Data Transfers
Because of the international nature of our business, we may process your Personal Information in the United States, the EEA / UK, and other countries outside the jurisdiction where it was originally collected. We will only process and transfer your Personal Information (or procure that it be processed and transferred) in accordance with the requirements of applicable law, which may include having appropriate contractual undertakings in legal agreements with third parties with whom we share Personal Information, as well as other suitable safeguards. Where the GDPR applies, further information in relation to the transfer of Personal Information (including, to countries outside of the EEA / UK) and copies of the relevant safeguards is available on request using the contact details set out below.
To the extent the PIPL is applicable, please contact us via PrivacyPolicy@OrbiMed.com and we will separately disclose relevant information as required under the PIPL about the international data transfers, and we will also perform other obligations under the PIPL to protect the security of your Personal Information.
10. Consequences of Failing To Provide Personal Information
As a regulated financial services firm, we are subject to legal and regulatory obligations that may require us to collect and store your Personal Information, such as the requirements to comply with the applicable law on the prevention of financial crime, tax and regulatory reporting, or the rules on recording and monitoring of communications (as described above). We may also need to collect and use your Personal Information for the purposes of entering into or performance of a contractual arrangement.
There may be various consequences to refusing to provide us with your Personal Information, depending on the purpose for which the information is required. For instance, we may not be able to communicate with you or we may need to terminate any service or other contractual arrangement between us if, for example, we do not have requisite information to satisfy our regulatory reporting requirements. You are not required to share data, including your Personal Information, with OrbiMed. When you do, you are responsible for ensuring that all data, including Personal Information, shared with OrbiMed (including through our website) is accurate and up-to-date, and that when you share Personal Information pertaining to other individuals you have obtained appropriate authorizations to do so, if required. Please also refer to our Terms of Use which explain your responsibilities with regard to your use of our website.
11. Minors
Our websites are not directed to persons under age 18 and we do not sell the Personal Information of such individuals.
12. Security Measures
We aim to protect Personal Information by implementing and maintaining reasonable security, such as by using reasonable organizational, technological, and physical safeguards appropriate to the sensitivity of the Personal Information we hold. We take measures, which are at least as strict as the law requires, to safeguard your Personal Information, but we cannot guarantee its absolute security. Please use caution any time you provide information over the internet.
13. Do Not Track Signals
At this time, our websites do not respond to browsers’ “Do Not Track” signals.
14. Rights Regarding Personal Information
A. Data Rights in Certain Jurisdictions
Where we or you are located in certain jurisdictions (e.g., the EEA / UK, China) you may have rights under data protection laws that may apply to the Personal Information we hold about you and which you may exercise subject to the limitations under applicable law such as the GDPR and the PIPL. These may include:
- To request access to your Personal Information
- To request rectification of inaccurate or incomplete Personal Information
- To request erasure of your Personal Information (a “right to be forgotten”)
- To restrict the processing of your Personal Information in certain circumstances
- To object to our use of your Personal Information, such as where we have considered such use to be necessary for our legitimate interests and/or in the case of direct marketing activities
- Where relevant, to request the portability of your Personal Information to a third party
- Where you have given consent to the processing of your Personal Information, to withdraw your consent (please note this right does not affect the lawfulness of processing based on consent prior to its withdrawal)
- To lodge a complaint with the competent supervisory authority
B. California Residents’ Rights
If you are a California resident whose information is covered by the California Consumer Privacy Act (the “CCPA”), you may have the rights described in this Section 14.B of our Privacy Policy, including the right to request access to and deletion or correction of your Personal Information.
Please note that these rights under the CCPA do not apply to information about OrbiMed investors that is covered by the U.S. Gramm-Leach-Bliley Act and implementing regulations, and the California Financial Information Privacy Act, laws which generally apply to nonpublic personal information about individuals who obtain financial products or services from us primarily for personal, family, or household purposes. The CCPA also includes exemptions from certain of its provisions for information about our personnel (including employees, directors, officers, and contractors) and job applicants.
For purposes of this section of our Policy, “Personal Information” is limited to information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household. It does not include de-identified or aggregate information, or public information lawfully available from governmental records.
Right to request disclosure of your Personal Information we collect and disclose
If you are a California resident whose Personal Information is covered by the CCPA, you may submit a request to us for any or all the following information:
- The categories of personal information we have collected about you
- The categories of sources from which we collected the Personal Information
- The business or commercial purposes for which we collected or sold the Personal Information
- The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose
- The categories of Personal Information we sold or disclosed for a business purpose
- The specific pieces of Personal Information we collected
Our responses to such requests will apply to Personal Information we have collected about you since January 1, 2022.
Right to request the deletion of Personal Information we have collected from you
You may also submit a request that we delete Personal Information about you, subject to exceptions under the law including, without limitation, when the information is necessary for us to provide you with a service that you have requested.
Your right to request we correct Personal Information we hold about you
You have the right to request that we correct Personal Information we hold that you believe is not accurate. We will take steps to determine the accuracy of the Personal Information that is the subject of your request to correct, and in doing so will consider the totality of the circumstances relating to the Personal Information you have identified as being incorrect. We may ask that you provide documentation regarding your request to correct to assist us in evaluating the request.
How to exercise your California rights
To exercise your right to request the disclosure of your Personal Information that we collect or share, or to ask us to delete your information, either click here or contact us at (866) 210-8234. Depending on the nature of your request, we may ask you for information to verify your request and identity and a declaration attesting to your identity, signed under penalty of perjury.
For requests for access or deletion, we will first acknowledge receipt of your request within 10 business days of receipt of your request. We will provide a substantive response as soon as practicable and, in any event, generally not more than within 45 days after receipt of your request. We may extend this period to 90 days in some cases and will advise you when that is necessary and why.
Verification of requests
We will ask you for identifying information and attempt to match it to information that we maintain about you. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to your request. We will notify you to explain the basis of the denial.
Authorized agents
You may designate an agent to submit requests on your behalf. The agent must be a natural person or a business entity that is registered with the California Secretary of State.
If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process. You will be required to verify your identity by providing us with certain Personal Information as described above. Additionally, we will require that you provide us with written confirmation that you have authorized the agent to act on your behalf. The agent will be required to provide us with proof of the agent’s identity and proof that you gave the agent signed permission to submit a request on your behalf.
Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.
Non-discrimination
We are committed to complying with the law. If you exercise any of the rights explained in this Policy, we will continue to treat you fairly.
Shine the Light law
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for direct marketing purposes in the preceding calendar year. We have not made any such disclosures in the calendar year preceding the date of this Policy.
15. Third-Party Links and Social Media Buttons
Our websites may contain links to websites operated by third parties and social media buttons which link to social media platforms also operated by third parties. We have no control over these third parties or their privacy or data security practices. Should you click on a link to a third-party website or on a social media button, the privacy policy of that website or platform will apply instead of our Privacy Policy. We are not responsible for the content or security of third-party websites.
16. Changes to this Privacy Policy
We reserve the right to amend, alter, or otherwise change this Privacy Policy at our sole and absolute discretion. If we make material changes to the Privacy Policy, we will post notice in this Policy. Use of our websites following any such notification constitutes your agreement to follow and to be bound by the amended Privacy Policy to the extent permitted by the applicable law and unless we are required to take additional steps under laws in your country.
17. How To Contact Us
If you have any questions or comments about this Privacy Policy, please feel free to contact us at (212) 739-6400 or by e-mail to PrivacyPolicy@OrbiMed.com to the attention of our Compliance Department. If you would like to assert your privacy rights, you may also call us toll free at (866) 210-8234 or submit a request by clicking here.
