HERON THERAPEUTICS PRIVACY POLICY

LAST UPDATED: January 28, 2020

Heron Therapeutics, Inc., together with its affiliates, subsidiaries, and related companies (collectively, “Heron Therapeutics,” “we,” "us,” or “our”), provides this Privacy Policy. Your privacy is important to us. We want to give you the opportunity to know what information we collect, and how we use and disclose information collected from you on this website, in connection with our products and services, in our telephone or email communications with you, from our social media pages, or otherwise. The words “user,” “customer,” “physician,” “patient,” “you,” and “your” mean users of this website and/or users of our products and services, as described, depending on your relationship with us.

By accessing or using our websites, products, or services, you acknowledge that you have reviewed and agree to the provisions of this Privacy Policy. If you access our website, our website is also subject to the Terms of Use (terms), which are incorporated by reference herein.

Information We Collect

We collect information when you interact with us, for example, (1) when you visit and use our website, (2) when you email us, submit forms, or otherwise contact us, (3) when you use our products or services, (4) when you invest in us, (5) when you partner with us, or (6) when you engage any of our other products or services.

Certain of the information we collect may be personal information, by which we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a natural person or household, such as a real name, postal address, email address, telephone number, payment information, and account ID. When other information is directly associated with personal information, we also consider that information to be personal information. Information that is aggregated, de-identified, or anonymized will not be considered personal information. Publicly available information that is made available from federal, state, or local government records, also is not personal information.

The information we collect varies depending on how you interact with us:

Information You Provide to Us

You may provide the following types of information to us online, by phone, or otherwise when you use our services, and such information may be personal information within the terms of this policy (we also provide non-exhaustive examples of when this information may be collected):

  • Individual contact and identification information, including name, title, email address, postal address, and phone number (for example, when you sign up for updates or notifications from Heron Therapeutics, fill out one of our online forms, such as “Email a colleague,” “Email a Friend,” “Contact a representative,” or “Investor Resources – Material request,” provide your information at a special event, or submit a Practice Enrollment Form to our Heron Commitment Program™);
  • User I.D., password, and any other credentials used to access Heron Therapeutics’ services, if applicable;
  • Identification information for verification;
  • Adverse event or product complaint information (for example, if you contact us with an adverse event or product complaint, you may provide us with personal information);
  • Your friends’ or colleagues’ names and contact information (for example, if you use our “Email a colleague” or “Email a Friend” options);
  • Your specialty, and the name of your practice (for example, when you sign up for updates or notifications from Heron Therapeutics, when you contact a representative, or when you submit a Practice Enrollment Form to our Heron Commitment Program™);
  • Information submitted through the Heron Connect™ Insurance Verification and Program Enrollment Form (for example, prescribing physician information, patient identifiable information, including email, date of birth, social security number, gender, insurance information, patient treatment information);
  • Information submitted for enrolling in the Heron Commitment Program™ or Copay Assistance Program (for example, best time to call, check remittance address, site name, site address, office contact, office email);
  • Payment information, including credit card information, bank account information, billing address, or other financial information (for example, check remittance address, if needed);
  • Age range or date of birth;
  • Service or product use activity (for example, if you have used our products or services in the past);
  • Survey or feedback information (for example, if you fill out a survey, or provide feedback, we collect that information);
  • Social media identity, posted content, and other data relating to our official social media pages or other Heron Therapeutics forums on the internet (for example, if you post on, “Like”, “Follow”, or otherwise interact with our Facebook page, we may collect that information);
  • Resume, social security number, references, letters of references, interview information, pre-hire interactions, and other information relevant to job applications (for example, if you apply for a job at Heron Therapeutics, we will collect the necessary information to evaluate your candidacy); and
  • Other potentially personal information that you may provide to us so we can provide you with a Heron Therapeutics good or service.

Information From Third Parties

We may collect information from third parties, to the extent it is necessary to fulfill services requested.

For example, we may collect:
  • Individual contact and identification information, including name and email address (for example, if someone submits your information in our “Email a Colleague” or “Email a Friend” forms); and
  • Patient information submitted by a physician or provider (for example, patient’s name, gender, date of birth, contact information, insurance information, social security number, prescribing physician/provider information, and product interest, submitted in order to enroll for the Heron Connect Copay Assistance Program, or to verify insurance for Heron Connect™).

Information Collected Automatically When You Use Our Services

We may also collect information automatically depending on the service you use, including when you use our website, or when you call us. For example, we may collect information such as:

  • Cookies and web beacons when you visit our websites (see below for additional information on these technologies);
  • IP address, device identifier, browser information, device information, operating system, language information, URL accessed, information about your use of our website, and dates and times of activity, including as accessed from cookies and web beacons described above;
  • Telephone number, audio recordings, date and time information, and other information relating to your telephone call to us; and
  • Location information (country), including as derived from your IP address.

Cookies

Cookies, pixels, or other tracing and tracking technologies are small data files that a website or its service providers may place on your browser when you visit a website. Cookies store a unique numerical identifier that sends back a signal to the installer of the cookie to announce your browser’s presence and movement on the website that installed the cookie or on websites that you visit after the cookie is installed. There are many different types of cookies that perform different functions. Some of these cookies remain on your browser and allow the installer of the cookie to track you over time and across the internet. A cookie does not identify you personally, but identifies your browser. Depending on the settings you have chosen on your browser, we may use cookies on our website to keep track of services you have used, to record registration information regarding your login name and password, to record your user preferences, to keep you logged into the website, and to facilitate purchase procedures. We may also use cookies to track the webpages you visit during each website session, to help us improve user experience, and to help us understand how the website is being used. Many browsers maintain a default setting to allow cookies. You have the ability to modify this setting to decline cookies. The “Help” tab on your toolbar may guide you to the settings for your browser that will allow you to change your browser settings with regard to cookies. If you decline cookies, your use of our website may be impaired.

Web Beacons

A “web beacon” is an object that is embedded in a web page or email that is usually invisible to the user and allows website operators to check whether a user has viewed a particular web page or an email. We may use web beacons on the website and in emails to count users who have visited particular pages, viewed emails, and to deliver co-branded services. Some web beacons can be rendered ineffective by declining certain cookies or modifying your browser setting to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis.

How We Use the Information We Collect

We may use your information in accordance with this Privacy Policy to:

  • Provide the services you or others request, including verifying, enrolling, and serving patients in the Heron Connect Copay Assistance Program or Heron Connect Patient Assistance Program, or enrolling and serving practices in the Heron Commitment Program™;
  • Complete the transactions you have requested, including processing copay reimbursements;
  • Provide you with an account, and manage your account;
  • Provide user or technical support, and respond to communications from you;
  • Notify you about updates to our products, services, and websites, at your request;
  • Measure and improve our products, business, products, services, and performance, including our programs and website layout and content;
  • Perform analyses on the data we have collected, such as market analyses, trends, and other research for statistical purposes;
  • Process, provide, and administer surveys and special events;
  • Provide, administer, and utilize our social media pages and websites;
  • Send updates or notices about our company and the products we offer that we think may be of interest to you;
  • Send investor-related materials, either at your request, or in the ordinary course of business if you are an investor in our securities;
  • Compare information and identification for accuracy and verify it, including for identification purposes;
  • Anonymize or otherwise protect your data;
  • Recruit and hire employees;
  • Prevent potentially fraudulent, prohibited, or illegal activities, and enforce our Terms & Conditions; and
  • Comply with legal requirements, or assert or defend a legal claim.

Categories of Third Parties With Whom We Share Information

Heron Therapeutics will not sell your personal information to third parties. We may, at times, disclose personal information we collect to the following categories of third parties:

  • Our group of companies, affiliates, and subsidiaries in accordance with this Privacy Policy;
  • With third parties to provide, maintain, and improve our services, including insurance companies and third party service providers who access information about you to perform services on our behalf, or help us execute services you have requested (for example, verification of insurance coverage), as well as financial institutions and payment processors in the case of business transactions;
  • With third parties that assist with email campaigns, special offers, or other events or activities in connection with our products and services;
  • With other persons with whom you have requested that we share information, in order to fulfill services you request (for example, with insurance companies, with your physician, if you are a patient, or with your colleagues or friends);
  • If we believe that disclosure is reasonably necessary (a) to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce or comply with our Terms & Conditions or other applicable agreements or policies, (c) to protect our rights or property, or the security or integrity of our services, or (d) to protect us, users of our services or the public from harm or potentially prohibited or illegal activities.

Our service providers generally are bound by contract to keep your personal information confidential, and to retain, use, or disclose it only to perform on our behalf the purposes laid out in the contract.

Your Access and Control Over Information

You may request to access, update, or in certain cases delete your personal information that we have collected, used, or disclosed. You can do so by emailing info@herontx.com, using our online web form available here, or contacting us by telephone at 844-HERON11 (844-437-6611).

If you have signed up for Updates or Notifications, you may choose at any time to remove your name, telephone number, and postal and email addresses from the list we use to send notices or updates and elect not to receive correspondence from us by contacting us at info@herontx.com.

Rights for California Residents

The California Consumer Privacy Act of 2018, California Civil Code Sections 1798.100 et seq. (CCPA), may additionally afford rights to our users and customers who are California residents. For example, California residents may have a right, following a verifiable request, to:

  1. access—twice in a 12-month period, free of charge—for the 12-month period prior to the request, the categories and specific pieces of personal information Heron Therapeutics has collected about the user, the categories of sources from which the personal information is collected, the business purpose for collecting the personal information, and the categories of third parties with whom Heron Therapeutics shares personal information; and
  2. delete personal information under certain circumstances.

Such requests may be made as described in the above Your Access and Control Over Information section above, or in the Contact section below. Heron Therapeutics does not discriminate against our users and customers on the basis of their exercising any of the rights afforded by the CCPA, which is further in accordance with California residents’ rights under that title.

In order to protect your information security, following any request, we will verify your identity using at least two data points you have previously provided to us. You may also authorize an agent to submit a request on your behalf, so long as you provide the authorized agent written permission to request on your behalf, and your authorized agent is able to verify their identity with us.

Security

Heron Therapeutics takes reasonable steps to protect your personal information from loss, misuse and unauthorized access, disclosure, alteration, or destruction. All information transmitted is secure to the extent possible using existing technology. You should keep in mind, however, that no internet transmission is ever 100% secure or error free. In particular, email sent to or from this website may not be secure, and you should therefore take special care in deciding what information you send to us via email. Moreover, where you use passwords, I.D. numbers, or other special access features on this website, it is your responsibility to safeguard them. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personal information. We also encourage our users to generally be cognizant of safeguarding your personal information.

Links to Other Sites

This website may provide links to other websites as a service to our visitors. These are websites we believe may have helpful information. However, Heron Therapeutics does not endorse and is not responsible for the content of third-party websites. Nor does Heron Therapeutics have any control over information you may choose to provide to those websites.

The Privacy Policy described here does not apply to third-party websites, even if they are linked to Heron Therapeutics' websites. Other websites you visit may have their own privacy policies or no policy at all. Other websites might use personal information differently than our policy permits. We strongly encourage you to review the privacy policies of any website before providing any personal information.

Promotional Communications

You may opt out of receiving promotional messages from us by following the instructions in those messages, or contacting us at the contact information provided below. If you decide to opt out, we may still send you non-promotional communications, such as communications about your requested services, or your account.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to account for changes in our collection, use, or disclosure of personal information. If we make any changes to this Privacy Policy, we will provide notice of such changes, as appropriate. For example, we may send you an email notification to the address you have provided, or we may provide notice on our website. For certain changes, we may provide indication in our Privacy Policy by updating the “Last Updated” date at the top of this page.

Children

Heron Therapeutics does not knowingly collect any personally identifiable information from children under 13 years old through this website. However, if the parent or the guardian of a child under 13 believes that the child has provided us with personally identifiable information, the parent or guardian of that child should contact us at info@herontx.com if they want this information deleted from our files. Anyone under 18 years old should seek their parent's or guardian's permission prior to using or disclosing any personal information on this website.

Contact

If you have any questions regarding our Privacy Policy, need to access the policy in an alternative format due to a disability, or if you would like to access, update, or delete your personal information, please contact us at: info@herontx.com, our online web form available here, or by phone at 844-HERON11 (844-437-6611).