Allovir respects the privacy of the patients, HCPs, colleagues and other third parties with whom we interact. Protecting the Personal Data that we receive from individuals and entities is a responsibility we take very seriously. We comply with all applicable privacy laws and regulations in the collection, protection, and use of this information.
This policy applies to all personal data processed by all employees, contractors and partners doing business on behalf of Allovir, as well as all legal entities/all subsidiaries of Allovir. This policy excludes joint ventures where there is less than a 50% share by Allovir.
Allovir will adhere to privacy laws in all jurisdictions where it operates. Any mandatory registration provisions that may exist according to legal requirements must be observed. In case of uncertainty, leaders of legal entities/subsidiaries of Allovir and stakeholders must consult the PO and/or general counsel.
GDPR, ISO270001, 22CFR 120,15CFR 730-774, Data Protection Act 2018, etc
Allovir’s web servers automatically record the Internet Protocol (IP) addresses of visitors. Note, however, that if you have a broadband connection, depending on your individual circumstance, the IP address that we collect may contain data that could be deemed identifiable. This is because, with some broadband connections, your IP address doesn’t change (it is “static”) and could be associated with your personal computer or device.
As well as recording the IP addresses of users, Allovir may also keep track of sites that users visited immediately prior to visiting Allovir’s website and the search terms they used to find it. The web server keeps track of the pages visited on Allovir’s website, the amount of time spent on those pages, the types of searches done on them, and products looked at. Your searches remain confidential and anonymous. Allovir uses this information only for statistical purposes, to find out which pages users find most useful and to improve the website.
Allovir servers also capture and store information that your browser transmits. This includes:
This data will be used to generate statistics that help us to further optimize our websites to meet your individual needs. We will not deduce personal information from this data. Depending on the selection of privacy settings upon visiting Allovir’s website, additional personal data processing may take place following your preferences.
Cookies are small text files that are placed on your computer by websites to track your individual movements on that website over time.
At Allovir, we use the following categories of cookies:
Cookies used by Allovir may be session-based or persistent. Session-based cookies last only for the duration of a user’s session, while a persistent cookie remains on the user’s hard drive. A persistent cookie can help us recognize you when you return to our website and recall your settings or preferences.
If you do not want a cookie placed on your computer as a result of using a Allovir website, you can disable cookies altogether by modifying the preferences section of your web browser. Note that if you do so, some aspects of Allovir websites may be unavailable to you. If you choose to accept cookies on your hard drive, but wish to be informed of their appearance, you may turn on a warning prompt by modifying the cookie-warning section also located in the preferences section of your web browser. For additional privacy protection, you may also use your web browser’s “do not track” (DNT) settings, which Allovir will adhere to.
Depending on your cookie consent selection of settings upon first visiting the Allovir website, tracking cookies, third-party cookies and other technologies such as web beacons may be used to process additional information, enable noncore functionalities on the Allovir website and enable referenced third-party functions (such as a social media “share” link).
Allovir’s websites may use a technology known as “web beacons” — sometimes called “single-pixel GIFs,” or “pixels” — that allow the sites to collect website log information. These are designed to track pages viewed or messages opened. Website log information is gathered during your visit. We may also include web beacons in promotional email messages to determine whether the messages have been opened.
Our web servers honor the DNT setting in all web browsers that currently support it. This means that you can opt out of our and third-party tracking services, including behavior advertising. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com
Some of Allovir’s websites link to other sites created and maintained by other public- and/or private-sector organizations. Allovir provides these links solely for your information and convenience. When you transfer to an outside website, you are leaving the Allovir domain, and Allovir’s information management policies no longer apply. Allovir encourages you to read the privacy statement of each external website that you visit before you provide any personal data.
Allovir implements commercially reasonable technical and organizational security controls to protect your personal data against theft, loss or misuse. Your data will be stored in a secure operating environment that is not accessible without authorization. Allovir applies mitigation measures following periodic risk assessments to ensure an adequate level of protection of your personal data.
Please note for business continuity and disaster recovery purposes, Allovir may store data in a location outside the jurisdiction(s) in which we normally operate. In such scenarios, we will implement all commercially reasonable measures to protect your personal data against theft, loss or misuse.
Allovir has put in place appropriate physical, technical and administrative procedures to safeguard and secure the information from loss, misuse, unauthorized access, disclosure, alteration or destruction. Allovir cannot guarantee the security of information on or transmitted via the internet.
Allovir does not knowingly collect data from or about children under 13. If we learn that we have collected personal data from a child under 13, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at privacy@Allovir.com.
If you use our services and reside outside the United States of America, your information will be transferred to the United States of America and will be processed and stored there under United States of America privacy standards. By using our services and providing information to us, you consent to such transfer to the United States of America and processing there.
Allovir has appointed and mandated a privacy officer who represents the regulatory authorities inside the Allovir organization, and in return represents the Allovir organization to regulatory authorities.
Allovir’s privacy officer will ensure proper communication with the relevant regulatory authority for privacy. The privacy officer will lead investigative action, complaint handling and data breach notification. The privacy officer will also monitor regulatory changes and consult the regulatory authority where implementation of a regulatory or technological change lead to doubt.
The types of personal data that Allovir collects and shares depends on the nature of the relationship you have with us and the requirements of applicable laws. We may collect:
Health and medical data (such as medical insurance details, information about physical and mental health conditions and diagnoses, treatments for medical conditions, genetic information, family medical history, and medications an individual may take, including the dosage, timing, and frequency) that we collect in connection with managing clinical trials, conducting research, formulating and administering gene therapies and immunotherapies, providing patient support programs, managing compassionate use and expanded access programs, and tracking adverse event reports
We may combine other publicly available data, such as information related to the organization for which you work, with the personal data that you provide through the Services.
Personal Data Allovir uses the data collected to provide a safe, efficient and customized experience. Here are some of the details on how we do that:
We use your personal data as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
We use your personal data as we believe necessary or appropriate to comply with regulatory monitoring and reporting obligations, such as those related to adverse events, product complaints, patient safety, and financial disclosures.
Allovir shall not use Personal Data for any purpose except:
In some cases, we may ask for your consent to collect, use or share your personal data, such as when required by law or our agreements with third parties.
We may create anonymous data from your personal data and other individuals whose personal data we collect. We make personal data into anonymous data by excluding information that makes the data personally identifiable to you and use that anonymous data for our lawful business purposes.
We use your personal data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our websites, mobile apps, products and services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) in which case we may use this data indefinitely without further notice to you.
Allovir may share the data collected with third parties to provide a safe, efficient and customized experience. Here are some of the details on how we do that:
We never sell your personal data to third parties, such as marketers, without your consent. We do not provide any personal data to “people finder,” “public directory” or “white pages” sites.
To keep your Personal Data accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update or correct Personal Data in our possession that you have previously submitted via this website.
You may contact us as follows: privacy@Allovir.com
In addition to the information that is available on Allovir’s website, you have the right to access the personal data that Allovir holds about you, all subject to the exemptions as contained in applicable laws and regulations. If you request the data, then Allovir will assist you. Your identity will need to be confirmed before you are provided with access to personal data.
Generally, Allovir does not charge for providing information, but if the request requires significant staff time, Allovir reserves the right to charge a fee for such requests.
All formal access requests will be directed to the privacy officer, who will then review each request to determine whether Allovir will disclose the requested data. The privacy officer will also receive and address all privacy complaints that Allovir receives. You may submit these requests by email to privacy@Allovir.com or our postal address provided on our “Contacts Us” page
You will be notified if access to the records you have requested is granted or denied, and which exemptions apply.
If you believe there is a mistake in your personal data, you have a right to ask for the data to be corrected. Send correction/amendment request to privacy@Allovir.com
If we export your personal data from the European Economic Area (“EEA”) to a country outside of it and are required to apply additional safeguards to that personal data under European data protection legislation, we will do so. Such safeguards may include applying the European Commission model contracts for the transfer of personal data to third countries described here. Please contact us at privacy@Allovir.com for further information about any such transfers or the specific safeguards applied.
We encourage anyone interested to raise any concerns using the contact information provided in our “Contact Us” page. We will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of personal data.