Privacy Policy

Last Updated September 1, 2022

This Privacy Policy explains the privacy practices of Xeris Biopharma Holdings, Inc. (“Xeris,” “we,” “our” or “us”) for users of the Xeris website and any other site provided by us (collectively, this “Site”) and information therein (all the foregoing collectively the “Service”). As used herein, “you” or “your” refers to the individual accessing or using the Service.

Modifications to Privacy Policy

We reserve the right, at any time, to modify, alter, update or remove portions of this Privacy Policy. Please check them from time to time as your continued use of the Services signifies your acceptance of any changed items. If we change our Privacy Policy, we will post a notice to that effect on the Site’s home page for at least 30 days after the change. If you have provided us with your email address, we may (but are not required to) send you an email notifying you of changes to our Privacy Policy.

Xeris’ Commitment to Privacy

We respect the privacy of information that we obtain from visitors to this Site. It is our intention to balance our legitimate business interests in collecting and using information received from and about you with your reasonable expectations of privacy.

What Is Personal Information?

Personal Information is any information relating to a natural person who is, or can be, identified either directly or indirectly and includes information such as a user’s name, address, telephone number, e-mail address, credit card number, social security number, passport number, personal identification number, or information directly linked to that person. Personal Information also includes the personal medical information which you or your medical provider choose to provide to us to use the Services. You are not legally required to provide Personal Information, but if you refuse to provide such information, we may not be able to fully provide you the Services. By using the Services, you agree to our use (including transfer) of Personal Information as described in this Privacy Policy.

How We Collect, Use, and Disclose Personal Information

We collect certain Personal Information provided by you for the purpose of registering for Services or responding to your requests for information via the Site.

We may use your Personal Information or Usage Information that we collect about you:

  • to provide you with Services or process transactions that you have requested or agreed to receive including to send you electronic newsletters, or to provide you with special offers or promotional materials on behalf of us or third parties;
  • to process your registration with the Services, including verifying your information is active and valid;
  • to improve the Services, to customize your experience with the Services, or to serve you specific content that is most relevant to you;
  • to enable you to participate in a variety of the Service features such as online or mobile entry sweepstakes, contests or other promotions;
  • to contact you regarding your use of the Services and, in our discretion, changes to the Services or our policies;
  • for internal business purposes;
  • for inclusion in our data analytics; and
  • for purposes disclosed at the time you provide your information or as otherwise set forth in this Privacy Policy.

We do not disclose any Personal Information about you to any third parties except under the following circumstances:

  • We may need to disclose your Personally Information when required by law, regulation, or if we have a good-faith belief that such action is necessary to comply with a court order or subpoena, to cooperate with investigations by law enforcement or regulatory authorities or to participate or cooperate with a judicial proceeding.
  • In a merger, acquisition by another company, or a sale of all or a portion of our assets, your Personal Information will, in most instances, be transferred to the control of a third party. We will post a notice on our Site for 30 days after a change of ownership or control of our business or assets. If you have provided us with your email address, we may (but are not required to) send you an email notifying you of such transfer.
  • Personal Information which Xeris collects for a particular purpose will only be saved and used for that purpose, unless you agree to allow Xeris to use it for some other purpose. When you have provided Personal Information to Xeris for a particular purpose, Xeris may disclose such information to other companies that Xeris has engaged to assist it in fulfilling your request. This may include, but is not limited to, fulfillment houses, billing services, transaction managers, credit verification services, and other third-party service providers. Xeris may also disclose any your personal information to law enforcement or other appropriate third parties in connection with criminal investigations, investigation of fraud, infringement of intellectual property rights, or other suspected illegal activities, as may be required by applicable law, or, as Xeris may deem necessary in its sole discretion, in order to protect the legitimate legal and business interests of Xeris.

Aggregate Information

We sometimes aggregate demographic information, and the types of systems and browsers of users for internal purposes, so that we may better understand the user of our Services. Personal Information does not include “aggregate” information. Aggregate information is data we collect about a group of users, from which individual identities have been removed. In other words, information about how you use the Service, or the results of such use, may be collected and combined with similar information from others, but no Personal Information will be included in the resulting aggregate data. We can extract statistical data from your content in order to provide it to other users or partners without connecting it to any personal data such as name or e-mail address. Aggregate data helps us understand trends and user needs so that we can better consider new products and services, and tailor existing products and services to customer desires. You understand that we may commercialize aggregate information by any and all means, and that you will receive no payment or other consideration in respect of such use.

Children's Privacy

We do not intentionally collect information about children under the age of eighteen. If you are under eighteen, please do not give us any Personal Information. Xeris complies with the Children’s Online Privacy Protection Act and all other applicable laws and regulations concerning children and the Internet. If the parent or guardian of an individual who is a minor discovers that the individual has submitted his or her Personal Information without the parent or guardian’s permission or consent, Xeris will take reasonable steps to remove such Personal Information from the Site and Xeris’ servers at the parent or guardian’s request. To request removal of Personal Information of a minor, please send Xeris an e-mail to privacy@xerispharma.com and be sure to include in the message the registered user name (if applicable) and legal name of the minor.

As a resource to you, this Site may include links to third party web sites. Our Privacy Policy does not apply to such web sites, and you should contact them directly for information regarding their privacy policies.

IP Addresses and Log File Data

In addition to any Personal Information or other information that you choose to submit to us, we and our third-party service providers may use a variety of technologies that automatically (or passively) collect certain information whenever you visit or interact with the Site (“Usage Information”). This Usage Information may include the browser that you are using, the URL that referred you to our Site, all the areas within our Site that you visit, and the time of day, among other information. We may use Usage Information for a variety of purposes, including to enhance or otherwise improve the Site. In addition, we collect your IP address or other unique identifier (“Device Identifier”) for your computer, mobile or other device used to access the Services (any, a “Device”). A Device Identifier is a number that is automatically assigned to your Device used to access the Site, and our computers identify your Device by its Device Identifier. Usage Information may be non-identifying or may be associated with you.

Whenever we associate Usage Information or a Device Identifier with your Personal Information, we will treat it as Personal Information.

Cookies

A cookie is a data file placed on a Device when it is used to access the Services. A Flash cookie is a data file placed on a Device via the Adobe Flash plug-in that may be built-in to or downloaded by you to your Device. Cookies and Flash Cookies may be used for many purposes, including, without limitation, remembering you and your preferences and tracking your visits to our web pages. Cookies work by assigning a number to the user that has no meaning outside of the assigning website.

If you do not want information to be collected using cookies, your browser allows you to deny or accept the use of cookies. Cookies can be disabled or controlled by setting a preference within your web browser or on your Device. If you choose to disable cookies or Flash cookies on your Device, some features of the Services may not function properly or may not be able to customize the delivery of information to you.

You should be aware that Xeris cannot control the use of cookies (or the resulting information) by third-parties and use of third-party cookies is not covered by our Privacy Policy.

Web Beacons

Small graphic images or other web programming code called web beacons (also known as “1×1 GIFs” or “clear GIFs”) may be included in our web and mobile pages and messages. The web beacons are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. In contrast to cookies, which are stored in a user’s computer hard drive, web beacons are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. Web beacons or similar technologies help us better manage content on our Site by informing us what content is effective, counting users of the Site, monitoring how users navigate the Site, counting how many e-mails we send are opened or counting how many articles or links were viewed. We do not tie the information gathered by web beacons to your Personal Information.

Embedded Scripts

An embedded script is a programming code that is designed to collect information about your interactions with the Site, such as the links you click. The code is temporarily downloaded onto your Device from our web server or a third-party service provider, is active only while you are connected to the Site, and is deactivated or deleted thereafter.

YOUR CALIFORNIA PRIVACY RIGHTS AND NOTICE TO CANADIAN RESIDENTS

Xeris may collect various types of Personal Information about you online. Under California and Canadian law, users of the Services who are residents of California or Canada may request certain information about our disclosure of Personal Information during the prior calendar year to third parties for their direct marketing purposes and to request updates to such Personal Information or revocation of consent of use of such Personal Information. To make such a request, please send us an email to privacy@xerispharma.com with the words “Privacy Rights” in the subject line or call us toll-free at 1-877-937-4717. Further, if you are a California resident, the California Consumer Privacy Act (CCPA) may provide you with additional rights regarding our use of your Personal Information. To learn more about your CCPA rights, visit  CCPA PRIVACY NOTICE.

If you have any questions regarding this Privacy Policy, would like to obtain a copy of or make changes to the Personal Information collected from you, or would like to have your Personal Information removed from our database, please send us an email at privacy@xerispharma.com or call us toll-free at 1-877-937-4717.

Data Protection

We maintain reasonable technical, administrative and physical controls to secure any Personal Information collected through the Services. However, there is always some risk that an unauthorized third party could intercept an Internet transmission, or that someone will find a way to thwart our security systems. We urge you to exercise caution when transmitting Personal Information over the Internet, especially your health-related information. We cannot guarantee that unauthorized third parties will not gain access to your Personal Information; therefore, when submitting Personal Information to us, you must weigh both the benefits and the risks. If you believe there has been any breach your Personal Information or the security of our Site, please email us at privacy@xerispharma.com

Breach of Personal Information

If your Personal Information is altered, destroyed, acquired, accessed, used, or disclosed in a manner not outlined by the Terms of Use or Privacy Policy that compromises the privacy or security of the Personal Information, you agree to receive any required notifications of this breach from Xeris or its delegate via electronic mail in lieu of first-class mail. The notification may be provided in one or more electronic mailings as information becomes available. If you do not agree to receive breach information via electronic mail, you must contact Xeris by email at privacy@xerispharma.com and withdraw your consent. You also permit Xeris, to the extent your phone number is available and current, to call you and notify or update you about the breach of your Personal Information prior to and after sending electronic mail notification. To the extent required by applicable law, Xeris may report the breach of information to governmental authorities or other third parties.