Privacy Notice
SIGA Technologies (“SIGA”, “we”, “us”, “our”) is committed to protecting your privacy.
This Privacy Notice explains the practices that SIGA follows in connection with the Personal Data that we collect through this website, when you contact us directly and when we collect or receive Personal Data for the purpose of clinical research.
When we make updates to our Privacy Notice we will update the effective date to reflect the date of the changes.
What is Personal Data?
In the context of the work that SIGA performs, Personal Data refers to any information that relates to an identified or identifiable individual such as a name, email, mailing address or phone number, health information or professional credentials.
How we collect and process Personal Data
If you choose to provide your name, and e-mail address to us, either through our Contact Form or through social media messages, you will be identifying yourself. We will use your contact information to respond to your request.
If you would like to receive news and information about SIGA you may sign up for our newsletter or email updates. You may opt-out of these communications by clicking on the unsubscribe link at the bottom of the email that you receive from us.
If you apply for a job at SIGA, we collect your contact information and your professional qualifications.
In the context of clinical research, we receive pseudonymized (coded) or anonymized Personal Data from participants of studies and we perform analysis of this data to gain insights into the effectiveness and safety of our products.
Legal basis for processing Personal Data
SIGA will not process (i.e. which includes to disclose, share, or otherwise disseminate) your Personal Data unless we have a legal justification to do so. SIGA will only process your Personal Data:
-
If you have provided such information, thereby giving consent for the purpose of communicating with you;
-
If we need your Personal Data to perform a contractual obligation to which you are a party or where you have requested us to complete a contractual request;
-
If we need to process your Personal Data to fulfill our legal and regulatory obligations;
-
If we have a legitimate interest that will not put your fundamental rights and freedoms at risk. Such legitimate interests include monitoring activity on our website to improve the functionality of the website, identification and investigation of fraud or other impermissible use activity on our website, and participation in judicial proceedings to defend or pursue a legal claim or to prosecute illegal acts;
-
If you have a legitimate interest to pursue a career with SIGA and wish to apply to one of our open positions.
How we share Personal Data
Our policy is not to make your Personal Data available to anyone other than our staff and agents, which includes third-party data management vendors that process Personal Data on our behalf and under our instructions.
When we are required to do so under applicable laws and regulations, we disclose your Personal Data to law enforcement, regulatory bodies or courts.
Even though we do not share your Personal Data with social media organizations, if you contact us through social media, these organizations will be aware of your association with SIGA. Your activity through social media sites is governed by the social media sites privacy practices and notices.
Cookies
Cookies are small text files that are placed on your device by our website. They are used to make our website work or work more efficiently.
Our website uses both strictly necessary cookies and performance cookies. Strictly necessary cookies enable you to move from page to page within the website and to use its features. These cookies are deleted when you close your browser. Performance cookies allow us to collect information, including the number of visitors to the website, where they have arrived to our website from, the pages within the website that they visit, and the length of time they spend on our website. We use Google Analytics, which uses cookies to collect such information. We use this information to compile statistics that may help us to improve our website.
IP Addresses and Log File Data
The IP address is the location of your computer or network on the Internet. We log your IP address for systems administration and troubleshooting purposes.
Personal Data Protection
SIGA is committed to protecting the Personal Data we collect, process and disclose about you. We maintain appropriate safeguards and take reasonable steps to protect your Personal Data, ensure that we limit its use and that we disclose it only to the parties that have a legitimate reason to have access to it.
We ensure that all the parties that we disclose your Personal Data to, internal and external to SIGA, have contractual obligations in place to protect the security and the confidentiality of your Personal Data.
Our website has a number of security measures in place to protect against the loss, misuse or alteration of the information under our control. Computer systems have restricted access limited only to those persons and organizations necessary to its proper functioning. This access applies to all electronic and physical security measures.
Links To Other Websites
Our website may provide links to a limited number of other websites whose privacy policies we do not control. SIGA, which pays for and authorizes this website, is not responsible for the content or privacy policies of other websites. When you access another website through the links on this website, the use of any information you provide is governed by the privacy policy of the operator of the site you are visiting, so please be sure to read the privacy statements for each website you visit.
Personal Data Transfers
Your Personal Data will be transferred to systems that reside primarily in the US but also in other countries around the world.
We have implemented legal data transfer mechanisms such as Standard Contractual Clauses with the parties that reside in the EU or the UK and that will transfer Personal Data to SIGA outside of their jurisdiction.
Personal Data Retention
SIGA will not retain your contact information after your request has been fulfilled. Such information will be removed within a reasonable period of time.
For the purpose of communicating with you through our newsletter and update emails, we will retain your Personal Data for the period of time that you wish to receive news and information about SIGA and 2 years after you unsubscribe. Once you unsubscribe other than a limited use archival copy for a limited amount of time, we will not process your Personal Data.
For the purpose of clinical research, we will retain your Personal Data for at least the minimum number of years required to comply with legal and regulatory obligations.
Rights You May Exercise About Your Data
Subject to any exceptions provided by law, you have the right to request access to, update or deletion of your Personal Data.
You also have the right to request restriction of or object to the processing of your Personal Data. And you have the right to request to have your data transferred to another organization in a commonly used format.
On each particular case we will inform you of the consequences of your request and if there are any exceptions to honoring your requests based on legal or contractual requirements.
To submit any request to exercise your rights concerning your Personal Data you may contact us at: privacy@siga.com.
EU/UK Individuals – Right To Lodge A Complaint With A Supervisory Authority
If you reside in the EU or UK and want to lodge a complaint with a Supervisory Authority (Data Protection Authority) you may do so in the Member State where you reside, where you work or where you may have experienced an issue with the processing of your Personal Data.
EU Representative
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), SIGA has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
-
by using the EDPO online request form: https://edpo.com/gdpr-data-request/
-
by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium
-
UK Representative
-
Pursuant to Article 27 of the UK GDPR, SIGA has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
-
by using the EDPO online request form: https://edpo.com/uk-gdpr-data-request/
-
by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.
Children’s Privacy Statement
To help ensure the safety and privacy of children, we comply with the Children’s Online Privacy Protection Act of 1998. We do not knowingly allow children under the age of 13 to provide personally identifiable contact information through our website. The website is not intended to solicit information of any kind from children under 13, and we have designed it to block our knowing acceptance of information from children under 13 whenever age-related information is requested.
If we become aware that we have inadvertently received Personal Data from a user under the age of 13, we will delete such information from our records.
Personal Data Breach Notification
We have put procedures in place to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Should we learn of a security breach that affects your Personal Data, we will notify you in order to explain how this breach may affect you and to provide you with advice on how to protect yourself. We will contact you through the email address we have on file or by posting a notice on our website.
California Privacy Notice
If you are a California resident, you have additional privacy rights. Refer to our California Privacy Notice for more information.
Questions
If you have any questions about our Privacy Notice, the Personal Data that we collect and process, the practices of this website or your interactions with SIGA, please contact us at privacy@siga.com.
California Privacy Notice
This notice provides information on the privacy rights of California residents as per the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”).
Categories of Collected Personal Data
SIGA collects the following categories of Personal Data:
Category / Examples
Identifiers / Name, email address
Health / Medical information
Professional or work-related experience / Current and past job history
SIGA collects these categories from the following sources:
-
Directly from the individuals the information is about.
-
Indirectly from the clinical studies where we obtain clinical data for research purposes.
California Privacy Rights
SIGA provides California residents with the following privacy rights over their personal information, according to the requirements of CCPA:
-
Right to access. You may request that we provide you a list of the categories of Personal Data we have collected about you over the last 12 months, the categories of sources from which it was collected, the business or commercial purpose for collecting or selling the information, and the categories of third parties to whom we disclosed that information.
-
Right to rectify. You may request that we rectify any Personal Data that we hold about you if you believe it is not accurate. We will ensure that all references to such Personal Data within our systems is updated according to your request.
-
Right to delete. You may request that we delete any Personal Data that we have collected from you, apart from information that the law allows us to keep. When we respond to your request to delete, we will explain what (if any) information we have kept and why. The foregoing does not apply to Personal Data exempted under the CCPA.
-
Right to portability. You may also request that we provide you a copy of the specific pieces of Personal Data we have collected about you in the past 12 months in an electronic format. You may make a request to know up to two times in a 12-month period, subject to limitations described in the law. For a list of general categories of information that we have collected and shared in the past 12 months, see the table above. The foregoing does not apply to Personal Data exempted under the CCPA.
-
Right to limit disclosure of sensitive information. You have the right to request that we limit the disclosure of your sensitive Personal Data unless the disclosure is required for the provision of our services to you or for any other regulatory or legal requirements.
-
Right to opt-out of sale of your Personal Data at any time.
-
Non-discrimination. You have the right to be free from discrimination for exercising your rights to know or delete.
We aim to respond to your requests within 45 days from receipt. If we require more time to respond, we will let you know within this period. We will deliver our response by mail or electronically, depending on your preference.
Authorized Agent
You may designate an authorized agent to make requests on your behalf. We will require verification that you did, in fact, authorize the agent. Unless the law requires otherwise, your authorized agent must provide contact details for you. We will contact you to confirm that you authorized the agent. Once you confirm, we will promptly respond to the rights request.
How to Exercise Your Privacy Rights
To exercise your privacy rights you may contact us at privacy@siga.com. In order to fulfill your request, we may require additional personal information for purposes of verifying your identity. If you make a request through an authorized agent, we may require additional information to verify your authorization of the agent.
Automated Decision-Making
SIGA does not perform any automated decision-making with the Personal Data that we collect about you and does not plan to do so without further notice.
Sale of Personal Information
SIGA does not sell Personal Data under any circumstances and does not share Personal Data with third-parties for business gain.