Privacy Policy

Privacy Policy
What is Personal Information
Why We Collect and Use Personal Information
Sharing of Personal Information
Protection of Personal Information
Correcting/Updating Personal Information
Opt-Out
California Supplemental Privacy Notice

Isto Biologics (“Isto,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy (“Policy”) describes the processing of Personal Information (defined below) that is provided, collected, or disclosed while providing our products or services to you (“Services”) and on the websites, applications, and online platforms that link to this Policy (collectively, “Site”), including when you apply for a job with us. It also describes rights you may have under applicable laws. Please read this Policy carefully to understand our policies and practices regarding your Personal Information and how we will treat it.

We may provide you with a different privacy notice or notice in certain specific situations, in which case that privacy notice or policy will apply to the Personal Information collected or processed in that specific situation, rather than this one.

If you provide us with Personal Information related to anyone other than yourself, please note that you are responsible for complying with all privacy and data protection laws prior to providing that information to Isto (including obtaining consent, if required).

We collect several categories of Personal Information from and about users of our Site and Services. “Personal Information” means information that uniquely identifies, relates to, describes, or is reasonably capable of being associated with or linked to you. The categories of Personal Information we collect may include:

Contact Information – If you submit an inquiry or provide information on or through our Site or Services, we may collect your contact information including your name, mailing address, email address, and phone number.
Commercial Information – If you submit an inquiry, or provide information on our Site, we may collect commercial information including information about your purchases and Services you have shown interest in.
Usage Information – When you use our Site, we may automatically record information, including your Internet Protocol address (IP Address), geolocation of your device, browser type, referring URLs (e.g., the website you visited before coming to our Site), domain names associated with your internet service provider, and any other information regarding your interaction with our Site.
Employment Information – If you apply for employment with us, we will collect Personal Information related to your potential employment, including your education and employment history, address and contact information, demographic information, and any other information included in your resume or application.
Communication Information – We may collect Personal Information contained within your communications with us via email, telephone, or otherwise, and in certain cases we may use third-party service providers to do so. Where permitted by applicable law, we may collect and maintain records of calls and chats with our agents, representatives, or employees via message, chat, post, or similar functionality.
Financial Information – If you use our Services, we may collect financial information such as credit card details via our third-party payment processor to facilitate online payments.

Directly From You – We collect Personal Information that you provide to us directly, for example, if you choose to contact us, request information from us, sign up to receive updates, or otherwise utilize our Site or Services.
From Third Parties – We may collect Personal Information from third parties, including but not limited to business partners, advertising networks, social networks, data analytics providers, mobile device providers, Internet or mobile service providers, recruiters and job application portals, and background check providers.
Through Online Tracking Technologies – We use cookies and similar technologies to collect Personal Information automatically as you navigate our Site. For additional information regarding our use of these technologies, see the Cookies and Tracking Technologies section below.

To the extent permitted by applicable law, we use Personal Information:

To provide and personalize our Site and Services, such as processing or fulfilling orders and transactions, providing and personalizing our Services, processing payments, providing customer service, maintaining or servicing accounts, verifying customer information, creating and maintaining business records, verifying eligibility, and undertaking or providing similar services.
To optimize, improve, and maintain our Services, including understanding how users interact with our Services, gauging user interest in certain Services or Site functionality, and troubleshooting problems.
For internal research and development, such as testing, verifying, and improving the quality of our Services or developing new ones.
For marketing and advertising, including using your information to send you messages, notices, newsletters, surveys, promotions, or event invitations about our own or third parties’ goods and services that may be of interest to you.
For communicating with you, such as responding to your questions and comments or notifying you of changes to our Site or Services.
For legal, security, or safety reasons, such as protecting our and our users’ safety, property, or rights; complying with legal requirements; enforcing our terms, conditions, and policies; detecting, preventing, and responding to security incidents; and protecting against malicious, deceptive, fraudulent, or illegal activity.
As part of a corporate transaction, such as in connection with the sale of part or all of our assets or business, the acquisition of part or all of another business or another business’ assets, or another corporate transaction, including bankruptcy.
To fulfill any other purpose for which you provide it, including purposes described when you provide the information or give your consent.

If you are applying for employment with us, we also use Personal Information to process your job application, to verify the information you have provided in your application, conduct interviews, perform background and reference checks, to communicate with you and answer your questions, to confirm your eligibility for employment, and improve our recruiting processes. We may also save your Personal Information for future employment opportunities with us.

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose your Personal Information with your consent or in the following circumstances:

Employees and Other Personnel – We may share Personal Information with our employees and personnel (such as contractors) who have a need to know the information for our business purposes.
Affiliates and Subsidiaries – We may share Personal Information within our family of companies for their and our business and marketing purposes, including providing you with information about the Services we think may be of interest to you.
Service Providers – We disclose your Personal Information with the service providers that we use to support our business, including but not limited to, data analytics providers, website hosting providers, and other technology providers. If you are applying for a job with us, this may include service providers such as background check providers and human resource providers.
Business Partners – We may disclose Personal Information with trusted business partners. For example, we may disclose your Personal Information with a company whose products or services we think may be of interest to you or who we co-sponsor a promotion or service with.
Legal Obligation or Safety Reasons – We may disclose Personal Information to a third party when we have a good faith belief that such disclosure of Personal Information is reasonably necessary to (a) satisfy or comply with any requirement of law, regulation, legal process, or enforceable governmental request, (b) enforce or investigate a potential violation of any agreement you have with us, (c) detect, prevent, or otherwise respond to fraud, security or technical concerns, (d) support auditing and compliance functions, or (e) protect the rights, property, or safety of Isto, its employees and clients, or the public against harm.
Merger or Change of Control – We may disclose Personal Information to third parties as necessary if we are involved in a merger, acquisition, or any other transaction involving a change of control in our business, including but not limited to, a bankruptcy or similar proceeding. Where legally required, we will give you notice prior to such disclosure.
Other – We may disclose Personal Information to third parties when explicitly requested by or consented to by you, or for the purposes for which you disclosed the Personal Information to us as indicated at the time and point of the disclosure (or as was obvious at the time and point of disclosure).

We and our service providers may use cookies and similar technologies to collect usage and browser information about how you use our Site. The technologies we use for this automatic data collection may include cookies and web beacons that permit us to verify system and server integrity and generate statistics around the popularity of certain content. We process the information collected through such technologies, which may include or be combined with Personal Information, to help operate certain features of our Site, to enhance your experience through personalization, and to help us better understand the features of our Site that you and other users are most interested in.

Website Delivery and Appearance – We may use third-party providers to enable certain customer interaction opportunities, content delivery (like audio or video), or other service capabilities.

Website Analytics and Session Replay – We perform analytics that use cookies and other technologies that collect your Personal Information, to assist us with analyzing our Site traffic and site usage to optimize, maintain, and secure our Site and inform subsequent business decisions (including, e.g., advertising).

We do not control these third parties' collection or use of your information for these purposes, or the opt-out options they may individually offer you via their terms, conditions, and privacy policies. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

It is in this context that we may provide data analytics providers, social networks, and video sharing platforms with Personal Information such as your IP address, device information, Internet and other electronic network activity information, and geolocation information in the last twelve months.

Selling Personal Information – While we do not sell Personal Information in exchange for monetary consideration, we do disclose Personal Information for other benefits that could be deemed a “sale” under various data protection laws because it is sometimes broadly defined to include activities such as the delivery of interest-based advertising on websites or allowing third parties to receive certain information, such as cookies, IP address, and/or browsing behavior.

Cookie Choices – To manage your preferences with respect to these technologies, you can customize your browser settings to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable certain cookies, please note that some parts of our Site may not function properly. These settings may be lost and require reconfiguration if you delete your cookies.

We retain your information for as long as needed: (i) to conduct business with you; (ii) fulfill the purposes outlined in this Policy; and (iii) to comply with our legal obligations, resolve disputes, and enforce any agreements. Criteria we will use to determine how long to retain your Personal Information include the nature and length of our business relationship with you; our legal rights, obligations, and retention requirements; and if we have an ongoing business purpose for retaining your Personal Information, such as communicating with you about ongoing or prospective Services you requested.

We are not responsible for the practices employed by any websites or services linked to or from our Site, including the information or content contained within them. We encourage you to investigate and ask questions before disclosing Personal Information to third parties, since any Personal Information disclosed will be handled in accordance with the applicable third party’s privacy policy.

In some cases, we offer links to social media platforms (like LinkedIn and YouTube) that enable you to easily connect with us or share information on social media. Any content you post via these social media pages is subject to the Terms of Use and Privacy Policies for those platforms.

Depending on where you live, you may have the following rights with respect to your Personal Information under applicable data protection laws:

Access – The right to request access to and obtain a copy of any Personal Information we may have about you.
Deletion – The right to delete your Personal Information that we have collected or obtained, subject to certain exceptions.
Correction – The right to request that we correct any inaccuracies in your Personal Information, subject to certain exceptions.
Opt Out of Certain Processing – The right to: (a) opt out of the processing of your Personal Information for purposes of targeted or cross-context behavioral advertising, (b) opt out of the sale of your Personal Information; (c) limit the use of your sensitive Personal Information (if applicable), and (d) opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. We do not collect or process sensitive Personal Information outside of purposes permitted by law (such as section 7027(m) under the California Consumer Privacy Act Regulations), so we do not offer the option to limit its use. We also do not profile you or other individuals in a manner that would result in legal or similarly significant effects, so we do not offer an opt out.
Withdraw Consent – The right to withdraw your consent where we are relying on your consent to process your Personal Information.
Lodge a Complaint – The right to lodge a complaint with a supervisory authority or other regulatory agency if you believe we have violated any of the rights afforded to you under applicable data protection laws. We encourage you to first reach out to us so we have an opportunity to address your concerns directly before you do so.

To exercise any of the privacy rights afforded to you under applicable data protection laws, please contact us at marketing@istobiologics.com or 1-888-705-ISTO (4786). Certain web browsers and other programs may transmit “opt-out” signals, also called Do-Not-Track signals (“DNT Signals”), to websites with which the browser communicates. Please note that we do not have the ability to recognize or honor browser DNT Signals at this time. However, we do not engage in targeted advertising or the sale of Personal Information.

You will not be discriminated against in any way by virtue of your exercise of the rights listed in this Policy. However, should you withdraw your consent or object to processing of your Personal Information, or if you choose not to provide certain Personal Information, we may be unable to provide some, or all, of our Services to you.

Only you, or an authorized agent that you authorize to act on your behalf, may make a request related to your Personal Information. We must verify your identity before fulfilling your requests, and if we cannot verify your identity, we may request additional information from you. If you are an authorized agent making a request on behalf of another person, we will also need to verify your identity, which may require proof of your written authorization or evidence of power of attorney. We endeavor to respond to requests within the time period required by applicable law. If we require more time, we will inform you of the reason and extension period in writing.

We do not charge a fee to process or respond to your requests unless they are excessive or repetitive. If we determine that a request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We may deny certain requests, or only fulfill some in part, as permitted or required by law. If you are not satisfied with the resolution of your request and you are afforded a right to appeal such decision, you will be notified of our appeal process in our response to your request.

We do not knowingly collect or solicit any Personal Information from children, as defined under applicable law, without verified written parental consent, and we have no actual knowledge of selling such Personal Information of minors under 16 years of age. If we learn that we have collected Personal Information from a child, we will promptly take steps to delete that information. If you believe we might have any information from or about a child, please contact us at legal@istobiologics.com.

This section provides additional information regarding Isto’s practices pursuant to the California Consumer Privacy Act of 2018 and its implementing regulations, as amended by the California Privacy Rights Act (“CCPA”), where “Personal Information” has the definition set forth in the CCPA.

Please see the below chart for detailed information about the categories of Personal Information we have collected from California residents during the twelve months preceding the date on which this Policy was last updated and the categories of third parties to whom we Sell or Share Personal Information (as those terms are defined in the CCPA). For each category of Personal Information set forth in the chart below, the categories of third parties to whom we disclose it for a business or commercial purpose are set forth in the How We Disclose Personal Information section above.

Personal Information Category set forth in Cal. Civ. Code § 1798.140	Categories of Third Parties to Whom We Sell or Share Personal Information
Personal identifiers, including real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, or other similar identifiers.	We do not Sell or Share this category of Personal Information.
California Customer Records Personal Information (Cal. Civ. Code § 1798.80(e)), including name, signature, physical characteristics or description, address, telephone number, education, employment, employment history, etc.	We do not Sell or Share this category of Personal Information.
Characteristics of protected classifications under California or federal law. This may include age, veteran status, accommodations information, gender identity and expression, sexual orientation, and religion.	We do not Sell or Share this category of Personal Information.
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	We do not Sell or Share this category of Personal Information.
Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information about individual interactions with an Internet website, application, or advertisement.	We do not Sell or Share this category of Personal Information.
Geolocation data, such as your IP address.	We do not Sell or Share this category of Personal Information.
Sensory data including audio, electronic, visual, thermal, olfactory, or similar information.	We do not Sell or Share this category of Personal Information.
Professional or employment-related information.	We do not Sell or Share this category of Personal Information.
Inferences drawn from any of the information categories to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	We do not Sell or Share this category of Personal Information.
Sensitive Personal Information as set forth in Cal. Civ. Code § 1798.140, including social security number, driver’s license number, state identification card, or passport number; citizenship or immigration Information; racial or ethnic origin; account access credentials.	We do not Sell or Share this category of Personal Information.

Solutions

Privacy Policy

Privacy Policy

Personal Information

How We Collect and Personal Information

How We Use Personal Information

How We Disclose Personal Information

Cookies and Other Tracking Technologies

How Long We Keep Your Personal Information

Links to Third Party Websites

International Use

How We Protect Personal Information

Exercising Your Privacy Rights

Children's Privacy

California Residents

Changes to this Policy

Contact Us

Get in Touch