This Privacy Policy applies to personal information processed by Krystal Biotech, Inc. (“Krystal,” “we,” “us,” and “our”) in the course of our business, as collected on our website (the “Site”) and via other related online or offline offerings (collectively, the “Services”).
This Privacy Policy covers our use of “personal information.” When we say “personal information,” we mean information that relates to you and can identify you as an individual. Personal information does not include data that has been de-identified or aggregated such that you can no longer be identified.
When you use our Services, we may collect the following kinds of information:
Information You Provide to Us.
• Email Alerts. When you register for email alerts on the Site, we will ask you to provide personal information.
• Communications with Us. We may collect personal information from you such as email address, phone number, or mailing address when you request information about our Services or otherwise communicate with us.
• Interactive Features. Krystal may offer interactive features such as commenting functionalities, blogs, review forums, and social media pages. Krystal and other individuals who use our Services may collect the information you submit or make available through these interactive features. Any information shared on the public sections of these channels will be considered “public” and may not be subject to the privacy protections referenced herein.
• Surveys. We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include personal information.
• Job Applications. We may post job openings and opportunities on the Services. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and process the information contained therein to assess your suitability, aptitude, skills, and qualifications for employment with Krystal.
• Conferences and Trade Shows. We may attend conferences and trade shows where we collect personal information from individuals who interact with or express an interest in Krystal and/or the Services. If you provide us with any information at one of these events, we will use it for the purposes for which it was collected.
Information We Collect Through Your Use of the Services.
We may collect certain information automatically when you use the Services. This information may include your Internet protocol (IP) address, user settings, IMEI, MAC address, Technologies including cookie identifiers, mobile advertising and other unique identifiers, mobile carrier, details about your browser, operating system or device, location information (including inferred location based off your IP address), Internet service provider, pages that you visit while using the Services, analytics information, and other information about how you use the Services.
Cookies, Web Beacons, and Personalized Advertising. We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services. Technologies are essentially small data files placed on your computer, tablet, mobile phone, or other devices that allow us and our partners to record certain pieces of information whenever you visit or interact with the Services.
• Cookies. Cookies are small text files placed in visitors’ device browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
• Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded on the Services that collects information about users’ engagement. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
Analytics. We may use outside service providers to collect information regarding user behavior and user demographics on the Services.
We may obtain information about you from other sources, including through third-party services and organizations to supplement information provided by you.
We process personal information for a variety of business purposes, including:
To Provide the Services or Information Requested.
• Provide you with materials you have requested;
• Respond to inquiries, questions, comments, and other requests;
• Provide access to certain areas, functionalities, and features of our Services; and
• Allow you to register for events.
Administrative Purposes.
• Measure interest and engagement in the Services;
• Improve our products and Services;
• Develop new products and services; and
• Prevent potentially prohibited or illegal activities.
Marketing Our Products and Services. We may use personal information to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law.
Some of the ways we market to you include email campaigns and “interest-based” or “personalized advertising.”
If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us at any time as set forth below.
De-identified and Aggregated Information Use. We may use personal information and other information about you to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified location information, de-identified or aggregated trends, reports, or statistics, de-identified or aggregated information about the computer or device from which you access our Services, or other analyses we create. De-identified and aggregated information is not personal information, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.
Technologies. Our uses of such Technologies fall into the following general categories:
• Operationally Necessary. This includes Technologies that allow you access to our Services that are required to identify irregular behavior, prevent fraudulent activity and improve security or that allow you to make use of our functions;
• Performance Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services;
• Functionality Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services and keeping track of your specified preferences or past pages viewed;
• Advertising or Targeting Related. We may use first-party or third-party Technologies to develop and deliver content, including ads relevant to your interests, on our Services or on third-party sites.
Other Uses. Krystal may use personal information to pursue legitimate interests, such as direct marketing, research (including marketing research), network and information security, and fraud prevention. In addition, Krystal may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
We Use Service Providers. We may share any personal information we collect about you with our third-party service providers. The types of service providers to whom we entrust personal information include service providers for: (i) the provision of the Services; (ii) the provision of information, products, and other services you have requested; (iii) marketing and advertising; (iv) payment processing; (v) customer service activities; and (vi) the provision IT and related services.
APIs and Software Development Kits. We may use third party APIs and software development kits (“SDKs”) as part of the functionality of our Services. APIs and SDKs may allow third parties including advertising partners to collect your personal information to provide content that is more relevant to you. For more information about our use of APIs and SDKs, please contact us as set forth below.
Affiliates. We may share personal information with our affiliated companies.
Business Partners. We may provide personal information to business partners to provide you with a product or service you have requested. We may also provide personal information to business partners with whom we jointly offer products or services.
Interest-Based or Personalized Advertising. Through our Services, Krystal may allow third-party advertising partners to set Technologies and other tracking tools to collect information regarding your activities and your device (e.g., your IP address, device identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit third party services within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.” If you prefer not to share your personal information with third party advertising partners, you may follow the instructions below.
Disclosures to Protect Us or Others. We may access, preserve, and disclose your personal information if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our or others’ rights, property, or safety; (iii) to collect amounts owed to us; (iv) when we believe disclosure is necessary or appropriate to prevent financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (v) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.
The Site is controlled and operated from the United States and is not intended to subject Krystal to the laws or jurisdiction of any country or region other than that of the United States. The Site and the Services are intended for use only by U.S. residents and you have indicated that you are a U.S. resident and/or willing to be subject to U.S. laws by entering the Site or by providing information to Krystal either through the Site or any other method.
If you are visiting from the European Union or other countries or regions with laws governing data collection and use that may differ from U.S. law, any information you provide to Krystal through use of the Site or otherwise may be stored, processed, transferred and accessed from the United States and other countries which may not guarantee the same level of protection of personal data as the one in which you reside. By providing your personally identifiable information to Krystal, whether through the Site or otherwise, you consent to: (a) the use of your personally identifiable information in accordance with this Privacy Policy; and (b) the transfer, access, processing and storage of your personally identifiable information in the United States as indicated above.
General. You may have the right to object to or opt out of certain uses of your personal information. Where you have consented to the processing of your personal information, you may withdraw that consent at any time by contacting us as described below.
Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to this Privacy Policy).
Technologies and Personalized Advertising. If you would like to opt-out of the Technologies we employ on the Services, you may do so by blocking, disabling, or deleting them as your browser or device permits. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android and iOS.
The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from advertisers that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, http://www.youronlinechoices.eu/ and www.aboutads.info/choices/.
Please note you must separately opt out in each browser and on each device.
“Do Not Track”. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
In accordance with applicable law, you may have the right to: (i) request confirmation of whether we are processing your personal information; (ii) obtain access to or a copy of your personal information; (iii) receive an electronic copy of personal information that you have provided to us, or ask us to send that information to another company (the “right of data portability”); (iv) restrict our uses of your personal information; (v) seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed personal information; and (vi) request erasure of personal information held about you by Krystal, subject to certain exceptions prescribed by law. If you would like to exercise any of these rights, please contact us as set forth below.
We will process such requests in accordance with applicable laws. To protect your privacy, Krystal will take steps to verify your identity before fulfilling your request.
We retain the personal information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.
By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by sending a notice through the Services or by sending an e-mail to you.
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we learn that we have collected any child’s personal information in violation of applicable law, we will promptly take steps to delete such information.
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. Except as otherwise provided in this Privacy Policy, Krystal does not share personal information with third parties for their own marketing purposes.
If you are located in the European Economic Area, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.
We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.
If you have any questions about our privacy practices or this Privacy Policy, please contact us at:
Krystal Biotech, Inc. | 2100 Wharton Street, Suite 701 | Pittsburgh, Pennsylvania 15203
[email protected]
Not all blisters are the same. Could yours be DEB? Ask your doctor about a genetic test for DEB