Privacy Policy

This Privacy Policy (“Privacy Policy” or “Policy”) explains how Ardelyx, Inc. and its parents, subsidiaries, and affiliates (collectively, “Ardelyx,” or “we,” or “us,” or “our”) collects, uses, and discloses personal information, including when you interact with us through our websites located at https://ardelyx.com/, https://ardelyxmedical.com, https://ibsrela.com, https://ibsrela-hcp.com, https://xphozah.com, https://xphozah-hcp.com, and any other websites we own and operate that link to this Privacy Policy (collectively, the “Site”), and our related services and offerings, events that we attend or sponsor, our social media pages, and our email, text, and other electronic communications (collectively, and together with the Site, the “Platform”). It also describes rights you may have with respect to your personal information.

This Policy does not cover the personal information we collect about employees and independent contractors, or job applicants in connection with employment- or contract-related matters. This Policy also does not apply to personal information that we collect from participants in our clinical trials.

For information about our processing of consumer health information, please see our Consumer Health Data Privacy Notice here:
https://ardelyx.com/health-data-policy.

COLLECTION OF PERSONAL INFORMATION

Personal Information We Collect

We collect different categories of personal information about you depending on how you interact with us and the purposes for which we collect it. For example, we may collect the following categories of personal information.

  • Personal identifiers such as name, physical address, email address, state and city of residence, telephone numbers, IP address, mobile advertising ID, and other online identifiers.
  • Demographic information, such as date of birth, income level, general location information, or gender.
  • Commercial and financial information such as records of the products or assistance services you have received from us, financial information (such as W2, tax return, or pay stub information if needed for participation in one of our patient assistance programs), information associated with your requests or inquiries, including for support or assistance, or any feedback you provide when you communicate with us, and account information, such as your account number, subscriptions, subscription history, information you store in your account, and other details about your use of the Platform.
  • Professional information such as employer, job title, NPI, sales data, and other professional details.
  • Internet or other electronic activity information such as your device and browser type, operating system, wireless carrier, device manufacturer and model, your browsing and search history on our website, and information regarding your interaction with our website and our advertisements.
  • Audio information such as recordings of calls made to our support lines, such as our patient support service line.
  • Inferences drawn from personal information we collect, such as your preferences for products or services you may be interested in.
  • Sensitive personal information such as health information (i.e., information about medical diagnoses, medications, clinical data, health care provider, health conditions, or adverse events associated with the use of certain medications), precise geolocation, or veteran status.

USE OF PERSONAL INFORMATION

Purposes for Processing Personal Information
To provide the Platform, our products, and our services and to operate our business. We collect, use, and disclose your personal information to deliver our offerings and operate our businesses, including for purposes such as: to provide our Platform, products, and services; to administer our patient services program; to verify your identity; to contact you from time to time; to provide you with information about our company; for customer support; to respond to your inquiries; to customize your experience; to operate our IT systems and secure our systems; and to obtain professional advice about legal and accounting matters.

Research and development. We also use personal information for research and development purposes, such as to monitor or improve our Platform, for internal business analysis, to understand and analyze the usage trends and preferences of our customers and contacts, to make our services and other offerings better, to diagnose technical issues, and to develop new features and functionality.

As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Platform and promote our business. In addition, to support these activities we may combine the personal information that we collect about you from various sources, including the data we receive from third parties. To the extent that we classify such information as “de-identified,” we commit to maintaining and using such information in a de-identified form and to not attempting to re-identify such information (except for purposes permitted by law).

Artificial intelligence. When operating our business, we may use services or applications that are supported by artificial intelligence (AI). For example, we may use AI-supported services to help us review and analyze the personal information that we have collected about our business contacts from various sources to better understand their needs or help us assess our relationship. Unless you receive a supplemental privacy policy relating to such services, your personal information will continue to be treated in the same ways that are described in this Policy.

Compliance, fraud prevention, and safety. In addition, we use personal information for compliance, protection, and safety purposes, such as to prevent fraud, activities that violate our Terms of Service or other contracts, or that are illegal; and to protect our rights and the rights and safety of our users or others.

Business engagement. For those who interact with us in a commercial capacity, we use your personal information to engage in business transactions with the entity you represent and market to or engage in diligence with the entities you represent.

Targeted advertising. We also use certain categories of personal information for targeted advertising purposes, which is also sometimes referred to as “cross-context behavioral advertising” under certain state privacy laws. To do this, we work with third-party advertising companies and social media companies to help us advertise our business and to display ads for our Platform and the products that we offer. These companies may use cookies and similar technologies to collect information about you (including certain online identifiers and the internet or other electronic activity information described above in the section called “Personal Information We Collect”) over time across our Platform and other websites and services or your interaction with our emails, and use that information to serve ads that they think will interest you. In addition, some of these companies may use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms.

For more information about the specific categories of personal information used or disclosed for these purposes, and how that information is disclosed, see the section below titled “Categories of Personal Information We ‘Sell’ or Share or Use for Targeted Advertising.” You can learn more about your choices for limiting interest-based advertising in the “Your Choices” section below.

No profiling to facilitate decisions with legal or other significant effects. We do not engage in the automated processing of personal information to create profiles about individuals that are used in furtherance of decisions with legal or other similarly significant effects, such as the provision or denial of financial or lending services, housing, insurance, or access to essential goods or services.

Storage and Retention

We store and process Personal Information on Ardelyx’s servers, and the servers of third parties we hire to provide our services and the Platform, worldwide. These servers may be located outside the country from which you interacted with Ardelyx.

We retain the categories of personal information we collect for the length of time necessary to satisfy the purposes described in this Privacy Policy, including to provide our services and the Platform, to comply with legal obligations, or to protect our legal rights. To determine the appropriate retention periods for personal information, we may consider the amount, nature, and sensitivity of the personal information, potential risks from unauthorized use or disclosure of personal information, the expectations of reasonable the purposes for which personal information is processed (and whether they can be achieved through other means), and applicable legal requirements.

DISCLOSURE OF PERSONAL INFORMATION

Disclosures of Personal Information for Business Purposes
We may disclose (and in the past 12 months have disclosed) all of the categories of personal information described in the section above titled “Personal Information We Collect” for any of the business purposes described in this Privacy Policy to:

  • Service providers, such as companies that help us manage customer information, assist in providing our patient services program, facilitate email communications, provide security services and cloud-based data storage, host our website and assist with other IT-related functions, promote our products and business, or provide analytics and business intelligence information and analysis.
  • Affiliated entities, such as our parent company(ies), affiliates, or subsidiaries.
  • Professional advisors, such as persons, companies, or professional firms providing us with advice and consulting in accounting, administrative, legal, tax, financial, debt collection, or other matters, to the extent such information is necessary in their provision of services to Ardelyx.
  • Law enforcement, government authorities, and other parties as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others. We may also disclose your personal information to third parties to help detect and protect against fraud or data security vulnerabilities.
  • Business transaction participants in connection with any business transaction (or potential transaction) such as a merger, acquisition, sale of shares or assets, financing, acquisition, consolidation, reorganization, divestiture, or dissolution of all or a portion of our business (including in connection with a bankruptcy or similar proceedings).

Categories of Personal Information We “Sell” or Share or Use for Targeted Advertising

We may disclose (and in the past 12 months may have disclosed) the following categories of personal information described above for purposes of targeted advertising: personal identifiers (including IP address, mobile advertising IDs, and other online identifiers) and internet or other electronic activity information.

These disclosures may be considered a “sale” or “share” under certain state privacy laws.

These categories of personal information are sold to or shared for targeted advertising purposes with advertising networks, data providers, and other companies that facilitate or engage in digital advertising. We engage in such sales and sharing to facilitate personalized advertising. We do so by allowing third parties to place cookies or other tracking technologies on our website that may collect information about your online activities over time and across different websites or applications.

OTHER INFORMATION

Personal Information of Minors
The Platform is not intended for use by anyone under the age of 18, and we do not knowingly collect personal information from children or minors.

Third Party Websites
The Platform may contain links to third-party websites. This Policy does not govern how those third parties collect or use personal information and we do not endorse or have control over their practices. The privacy policies and terms of use for those third parties’ websites/apps or social media platforms govern those companies’ privacy practices. We are not responsible for the content or privacy practices of any third-party websites or platforms.

Social Media Plugins
Our Platform may use social media plugins to enable you to easily share information with others. When you visit a website, the operator of the social plugin can place a cookie on your computer or device enabling that operator to recognize individuals who have previously visited that website. If you are logged into a social media account while browsing our Platform, the social plugins allow that social media company to receive information about your use of our Platform. Social plugins also allow the social media company to share information about your activities when using our Platform with other users of their social media website. For more information about plugins from other social media websites you should refer to those companies’ privacy policies.

Securing Your Personal Data
We implement and maintain reasonable security appropriate to the nature of the personal information that we collect, use, retain, transfer or otherwise process. However, there is no perfect security, and reasonable security is a process that involves risk management rather than risk elimination. While we are committed to maintaining a reasonable information security program, no such program can be perfect; in other words, all risk cannot reasonably be eliminated. Data security incidents and breaches can occur due to factors that cannot reasonably be prevented. Accordingly, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable security.

Changes to This Policy
We will review and update this Policy from time to time. If changes are made, we will update the Privacy Policy and reflect the date of such modification in the date above. In some cases, such as where required by law, we may notify you about any updates by sending you an email, posting a notice on the Platform about the update, or using other reasonable means. In all cases, your continued use of the Platform following posting of changes constitutes your acceptance of such changes. We encourage you to review this Privacy Policy periodically for any updates.

Accessibility
To make accessibility-related requests or report barriers, please contact us at privacy@ardelyx.com.

YOUR CHOICES

Marketing Communications
You may opt out of marketing-related emails you receive from us by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us as described below. You may continue to receive service-related and other non-marketing emails.

Text Messages
We may offer communications via SMS texts or similar technology sent by Ardelyx or our service providers, such as when we send you text messages for customer service or account-related purposes. You can opt-out of texts by following the instructions for the applicable texting program you enroll in or by emailing us your request and mobile telephone number to the email address provided at the bottom of this Privacy Policy.

Cookies
Most browsers let you remove or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, however, you may not be able to use all functionality of the Platform and our Site may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.

The Site uses Google Analytics to help us analyze how the Site is being accessed and used. You can learn more about Google Analytics cookies by clicking here and about how Google protects your data by clicking here. To opt-out of Google Analytics, you can download and install the Google Analytics Opt-out Browser Add-on, available here.

Device, Browser, and Industry Opt-Outs for Targeted Advertising
You can limit the use of your information for targeted advertising by blocking third-party cookies in your browser settings, using browser plug-ins/extensions, or using your mobile device settings to limit the use of the advertising ID associated with your mobile device. You can also opt out of interest-based ads from companies participating in the following industry opt-out programs by visiting the linked websites: the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp) and the Digital Advertising Alliance (https://optout.aboutads.info). Some of the companies we work with may also offer their own opt-out mechanisms. For example, you can learn more about how Google uses cookies for advertising purposes by clicking here and opt-out of ad personalization by Google by clicking here.

Many of the opt-out preferences described in this section must be set on each device and/or browser for which you want them to apply. Please note that some of the advertising companies we work with may not participate in the opt-out mechanisms described above, so even after opting-out, you may still receive interest-based advertisements from other companies. If you opt-out of interest-based advertisements, you will still see advertisements online but they may be less relevant to you.

U.S. State Data Privacy Rights
Applicable U.S. state privacy laws give state residents various rights with respect to personal information we collect about them, with some exceptions.

We list below the rights that may be applicable to our business under applicable state laws, noting that not all rights are available under each state’s law or for all individuals. Please note, these rights are not absolute, and in some cases we may not be able to respond to your request, such as when a legal exemption applies, a legal requirement does not exist, or if we are not able to verify your identity.

Right to Know:
The right to confirm whether we are processing personal information about you and to obtain certain details about the personal information we have collected about you, including, where applicable:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The business or commercial purpose for collecting, selling, or sharing that personal information;
  • The categories of third parties to whom we disclose that personal information; and
  • The specific pieces of personal information we have collected about you.

Right to Access / Request a Copy:
The right to access or request a copy of the personal information we have collected about you, subject to certain exceptions.

Right to Delete:
The right to request deletion of personal information, subject to certain exceptions.

Right to Correct:
The right to request that we correct inaccuracies in your personal information, taking into account the nature of personal data and purposes of processing such information.

Right to Limit the Use of Sensitive Personal Information:
We may use and disclose certain categories of sensitive personal information to infer personal characteristics about you for advertising purposes, where permitted by applicable law. California’s privacy law gives California residents the right to request that we not use or disclose their sensitive personal information for this purpose. If we engage in these activities, you can ask us to limit these uses.

Rights to Opt Out:

  • Sale of Personal Information: The right to request that we stop “selling” personal information, consistent with the definition of “sale” in each applicable law.
  • For California residents, any request to opt-out of “sales” that we receive will also be treated as a request to opt-out under California’s “Shine the Light” law to stop sharing your personal information covered by that law with third parties for their direct marketing purposes.
  • For Nevada residents, Nevada Revised Statutes Chapter 603A allows you to opt-out of the “sale” of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. If you are a Nevada resident who wishes to exercise your “sale” opt-out rights, you may submit a request to us using the instructions below.
  • Targeted Advertising: The right to request that we stop processing personal information for targeted advertising, subject to exceptions in some state laws.
  • Sharing for Cross-Context Behavioral Advertising: California’s law provides the right to request that we stop sharing personal information for cross-context behavioral advertising.

We have a separate Consumer Health Data Privacy Notice that relates to rights provided under consumer health data privacy laws in certain U.S. states. You can access our Consumer Health Data Privacy Notice here: https://ardelyx.com/health-data-policy.

Exercising Your Privacy Rights
We will respond to requests from residents of states with data privacy laws that apply to us and will do so with respect to the rights that are provided under the requestor’s state law as of the effective date of that law.

To exercise rights to know, access/copy, delete, or correct, submit a request by contacting us at privacy@ardelyx.com. We will provide a substantive response to these requests within 45 days of the date on which we receive your request. If we require additional information or time to process your requests, we will contact you.

To exercise the right to limit the use of sensitive personal information (if applicable) or the opt-out rights described above, click the link titled “Your Privacy Choices” at the bottom of the Site where you would like to exercise your limit or opt-out rights. If you visit any Site from a different browser or device, or clear all cookies from the browser from which you make your initial selection, you will need to select your preferences again when you next visit the Site.

Opt-out Preference Signals and Do Not Track
An opt-out preference signal is sent by a platform, technology, or mechanism on behalf of consumers and communicates a consumer’s choice to opt out of the sale and sharing of personal information for cross-context behavioral advertising with all businesses that recognize the signal, without having to make individualized requests. The signal can be set on certain browsers or through opt-out plug-in tools.

We recognize the Global Privacy Control signal and do so at the browser level. This means that if the signal is sent through a specific browser, we will recognize it for that browser only, and only with respect to the identifiers for that browser. If you would like more information about opt-out preference signals, including how to use them, the Global Privacy Control website has such information (https://globalprivacycontrol.org/).

We do not respond to the DNT or “Do Not Track” signal.

Exercising Your Rights Using Authorized Agents
You may also designate an authorized agent to make a request on your behalf. If you do so, we may require written proof that the agent is authorized to act on your behalf and other information permitted by law. In some cases, we may also require you to verify your identity directly with us, to directly confirm with us that you provided the authorized agent with permission to submit the request, or to take other steps required or permitted by applicable law.

Agents can submit requests on behalf of individuals by contacting us at privacy@ardelyx.com.

Verification of Requests
When you exercise rights other than opt-out rights and the right to limit collection of sensitive personal information, we will take steps to verify your identity. For example, we may ask you for at least two pieces of personal information, depending on the nature of the request, and attempt to match those to information that we maintain or collect about you.

If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial.

When We Do Not Act on a Request – Appeal Process
In some cases, we may not act on your requests (e.g., if we cannot do so under other laws that apply). When this is the case, we will explain our reasons for not providing you with the information or taking the action (e.g., correcting data) you requested.

Additionally, you have the right to appeal our decision by contacting us at privacy@ardelyx.com in accordance with the directions set forth in our response.

Non-Discrimination
If you exercise any of the rights explained in this Privacy Policy, we will continue to treat you fairly. If you exercise your rights under this Privacy Policy, you will not be denied or charged different prices or rates for goods or services or provided a different level or quality of goods or services than others.

CONTACT US

If there are any questions regarding this Privacy Policy or to request a copy of this Privacy Policy in another format you may contact us at: privacy@ardelyx.com.

You can also contact us at the following address:

Ardelyx, Inc. – Privacy Officer
400 Fifth Ave., Suite 200
Waltham, MA 02451 USA

You are about to leave Ardelyx Medical

By clicking Continue, you will be taken to a website that is independent from Ardelyx Medical. The site you are linking to is not controlled or endorsed by Ardelyx Medical and is not responsible for its content.