Privacy Policy

Effective as of April 26, 2022.

This Privacy Policy describes how Gamida Cell Inc. (“Gamida,” “we,” “us,” “our”) collects, uses, discloses, and otherwise processes personal information in connection with the GamidaCellAssist.com website (our “Service”) and explains the rights and choices available to individuals with respect to their information.

We provide important information for individuals located in the European Union, European Economic Area, and United Kingdom (collectively, “Europe” or “European”) below in the “Notice to European Users” section.

INDEX

Personal information we collect
How we use your personal information
How we share your personal information
Your choices
Other sites and services
Security
International data transfers
Children
Changes to this Privacy Policy
How to contact us
Notice to European Users

PERSONAL INFORMATION WE COLLECT

Information you provide to us. Personal information you may provide to us through the Service or otherwise may include:

  • Contact details, such as your first and last name, and email address.
  • Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise.
  • Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them.
  • Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

  • Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state, or geographic area.
  • Local storage technologies, like HTML5 and Flash, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.


Cookies and similar technologies. Like many online services, we use the following technologies:

  • Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, and helping us understand user activity and patterns.
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

You can learn more about our use of cookies and other similar tracking technologies by visiting our Cookie Policy.

HOW WE USE YOUR PERSONAL INFORMATION

We use your personal information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection:

Service delivery. We use your personal information to:

  • provide, operate, and improve the Service and our business;
  • provide information about our products and services;
  • communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
  • understand your needs and interests, and personalize your experience with the Service and our communications; and
  • provide support for the Service and respond to your requests, questions, and feedback.

Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this aggregated, de-identified or other anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Marketing. We, our service providers, and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:

  • Direct marketing. We may send you Gamida-related direct marketing communications as permitted by law, including by email. You may opt-out of our marketing communications as described in the “Opt-out of marketing communications” section below.

Comply with law. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal processes, such as to respond to subpoenas or requests from government authorities.

Consent. In some cases, we may specifically ask for your consent to collect, use, or share your personal information, such as when required by law.

Compliance and protection. We may use your personal information to:

  • protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements and internal policies;
  • enforce the terms and conditions that govern the Service; and
  • prevent, identify, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft.

HOW WE SHARE YOUR PERSONAL INFORMATION

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection:

Affiliates. Our subsidiaries and corporate affiliates, for purposes consistent with this Privacy Policy.

Service providers. Companies and individuals that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, payment processors, professional advisors, customer support, email delivery, and website analytics services).

Professional advisors. We may disclose your personal information to professional advisors such as lawyers, bankers, auditors, and insurers where necessary in the course of the professional services that they render to us.

Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, Gamida or our affiliates (including in connection with a bankruptcy or similar proceedings).

Please keep in mind that whenever you voluntarily make your personal information available for viewing by third parties or the public on or through our Service, that information can be seen, collected, and used by others. We are not responsible for any use of such information by others.

YOUR CHOICES

You have the following choices with respect to your personal information.

Cookies. For information about cookies employed by the Service and how to control them, see our Cookie Policy.

Opt-out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You may continue to receive service-related and other non-marketing emails.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit www.allaboutdnt.com.

OTHER SITES AND SERVICES

The Service may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

SECURITY

We employ a number of technical, organizational, and physical safeguards designed to protect the personal information we collect. However, no security measures are failsafe, and we cannot guarantee the security of your personal information.

INTERNATIONAL DATA TRANSFER

We are headquartered in Israel and may use service providers that operate in other countries. Your personal information may be transferred to Israel or other locations where privacy laws may not be as protective as those in your state, province, or country.

CHILDREN

The Service is not intended for use by children under 18 years of age. If we learn that we have collected personal information through the Service from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service. If required by law we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the Service. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

HOW TO CONTACT US

If you have any questions or concerns at all about our Privacy Policy, please contact us at:

Gamida Cell Inc.
Attention: Legal
Address: 116 Huntington Ave, 7th Floor, Boston, MA 02116
Telephone: +1 617-892-9080
Email: info@gamida-cell.com

NOTICE TO EUROPEAN USERS

The information provided in this “Notice to European Users” section applies only to individuals in Europe.

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection laws.

Controller. Gamida is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation.

Legal bases for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.

Processing purpose

Details regarding each processing purpose listed below are provided in the section above titled “How we use your personal information”		Legal basis
Service deliveryProcessing is necessary to perform the contract governing our provision of our Service or to take steps that you request prior to signing up for the Service. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the Service you access and request.
Research and development
Compliance and protection
Marketing and advertising		These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Compliance with lawProcessing is necessary to comply with our legal obligations.
ConsentProcessing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the services.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Service, or otherwise to us.

If you provide us with any sensitive personal information to us when you use the Service, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our Service.

Retention. We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information we have collected about you, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

Your rights. European data protection laws give you certain rights regarding your personal information. If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.


You may submit these requests by email to info@gamida-cell.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Cross-border data transfer.

If we transfer your personal information from Europe to another country such that we are required under to apply appropriate safeguards to your personal information under European data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.