fortis-logo
Home chevron_right About Fortis chevron_right Privacy Policy

Fortis Life Sciences Privacy Policy

Last Modified: February 12, 2025

Company Information/Overview

Fortis Life Sciences is a privately-held company headquartered in Boston, Massachusetts, U.S. Fortis Life Sciences and its affiliates and subsidiaries, which include Bethyl Laboratories, Incorporated, Vector Biosystems, Inc., Empirical Bioscience, Inc., Arista Biologicals, Inc., nanoComposix, LLC, and IPOC Holdings ("we," "us," "our" or "Fortis") sell their products directly and through distributors around the world. This Privacy Policy (this "Policy") applies to all information collected by us, including through the websites and webpages owned and operated by Fortis that link to this Policy, including those with a homepage located and linked at www.fortislife.com, as well as www.nanocomposix.com and www.vectorbiolabs.com (collectively, the "Sites"). This Policy does not apply to any other websites, and we make no representations as to the privacy practices of any other websites.

The purpose of this Policy is to provide visitors to the Sites with information regarding the personal information that Fortis may collect through the Sites, how Fortis uses and protects that personal information, and with whom we may share it.

Fortis encourages our customers, suppliers, commercial visitors, business associates, investors and other interested parties to read this Policy. By accessing or using the Sites, or by using any products or services that we make available on the Sites, you acknowledge your understanding and agreement to the practices described in this Policy, including that Fortis may collect, process, transfer, use and disclose personal information as described. If you have specific questions or comments regarding the processing of personal information, you may contact Fortis as provided below in the section of this Policy titled Contact Us. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS POLICY, PLEASE DO NOT USE THE SITES.

As used herein: (a) "you" and "your" mean a user of the Sites and/or our products or services; (b) "GDPR" means the General Data Protection Regulation (EU) 2016/679; (c) "UK Data Protection Laws" means the UK GDPR and the UK's Data Protection Act 2018 ("UK DPA 2018"); (d) "UK GDPR" means the UK equivalent of the GDPR, as defined in section 3(10) (and as supplemented by section 205(4)) of the UK DPA 2018; (e) "European Data Protection Laws" means the GDPR and/or UK Data Protection Laws, in each case to the extent applicable; and (f) the terms "using" and "processing" information include using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within Fortis or among our affiliates within the United States or internationally.

For the purposes of this Policy, "personal information" refers to any information relating to an identified or identifiable natural person. Such personal information amounts to 'personal data' for the purposes of and as defined in the European Data Protection Laws (as defined above and to the extent applicable).

Data We Collect

Categories of Personal Information Sources from which Personal Information is Collected Business and Commercial Purposes for Collection and Use Categories Of Third Parties to Whom We May Disclose and to Whom We Have Disclosed in the Preceding 12 Months Personal Information for a Business Purpose and the Business or Commercial Purposes for Disclosing Personal Information
Identifiers (e.g., name, email address, postal address, phone number, online identifiers, and IP address)
  • Directly from you (e.g., what you choose to provide to us in connection with your (1) account registration, orders, purchases and subscriptions with us, (2) correspondence with us, and (3) other direct interactions with us);
  • automatically through the use of cookies and similar web analytics technologies (including third party cookies);
  • through public sources;
  • from third parties; and
  • from distributors.
 See the section of this Policy titled How We Use Your Information. To the categories of third parties set out in the section of this Policy titled Whom We Disclose Your Data To and for the business and commercial purposes as set out in column 3 of this table. In particular, in the past 12 months, we have disclosed these categories of personal information to the following categories of third parties for the business and commercial purposes as set out in column 3 of this table: Third-Party Service Providers and Partners, and our Corporate Affiliates, each as further described in the Section of this Policy titled Whom We Disclose Your Data To.
Professional or employment-related information (e.g., the name of your employer, your employment title, and your employment position)
  • Directly from you (e.g., what you choose to provide to us in connection with your (1) account registration, orders, purchases and subscriptions with us, (2) correspondence with us, and (3) other direct interactions with us);
  • from third parties; and
  • from distributors.
Commercial information (e.g., products purchased, obtained or considered, customer service feedback, or other purchasing or consuming histories or tendencies)
  • Directly from you (e.g., what you provide to us in connection with your (1) account registration, orders, purchases and subscriptions with us, (2) correspondence with us, and (3) other direct interactions with us);
  • automatically through the use of cookies and similar web analytics technologies (including third party cookies);
  • from third parties; and
  • from distributors.
Information described in Cal. Civ. Code § 1798.80(e), specifically, financial information (e.g., credit card information)
  • Directly from you (e.g., what you choose to provide to us in connection with your (1) account registration, orders, purchases and subscriptions with us, (2) correspondence with us, and (3) other direct interactions with us).
Internet or other electronic network activity information (e.g., email and privacy preferences; site search activity; product specific preferences; browsing history both within the Site and shortly prior to and after entering or leaving the Site; and other browsing information, such as browser version, type of device and internet provider used, and phone number associated with device used (if one exists)).
  • Automatically through the use of cookies and similar web analytics technologies (including third party cookies).
Geolocation data (not including your precise geolocation).
  • Directly from you (e.g., what you choose to provide to us in connection with your (1) account registration, orders, purchases and subscriptions with us, (2) correspondence with us, and (3) other direct interactions with us); and
  • automatically through the use of cookies and similar web analytics technologies (including third party cookies).
Audio, electronic, visual, thermal, olfactory, or similar information.
  • Directly from you (e.g., when you call our customer support services).
Inferences drawn from any of the information identified above (and not including the sensitive personal information identified below) to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes
  • From the relevant sources described above.
Sensitive personal information:
  • Your account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
  • Directly from you (e.g., what you choose to provide to us in connection with your (1) account registration, orders, purchases and subscriptions with us, (2) correspondence with us, and (3) other direct interactions with us).

For more information regarding how we collect information from third parties, see the section of this Policy titled Third-Party Data Collection for Fortis; Automatic Data Collection.

We may also combine information we obtain through the Sites with other information for the purposes described in the section of this Policy titled How We Use Your Information. We may aggregate or anonymize such information and use it for the purposes described above, and for other purposes to the extent permitted by applicable laws.

Third Party Data Collection for Fortis; Automatic Data Collection

We may collect information passively submitted or obtained from other sources as follows:

  • Information Provided by Other Users: Distributors and their websites may collect and provide to Fortis information associated with you in order to process and ship your purchases. Your work colleagues may provide information associated with you for payments and purchase orders. If you provide information to Fortis about another person, including as described in this section, you represent and warrant to Fortis that you have provided notice and obtained all consents and rights from such other person as required by applicable law to enable Fortis to process, and determine the purposes and means of processing of, such information, including as described in this Policy.
  • Cookies & Automatically Collected Information: When you visit our Sites, we use technologies such as cookies, web server logs and web beacons to collect certain information about you. Cookies are small files that websites and email servers place and access on your computer or other Internet-connected devices to uniquely identify your browser or device or to store information or settings in your device. Your browser may tell you how to be notified when you receive certain types of cookies and how to restrict, disable or delete certain cookies. Please note, however, that without certain cookies, you may not be able to use all of the features of our Sites.

    Our web servers log information such as your device and operating system type, browser type, domain, device ID, IP address and other system settings, as well as the language your system uses and the country and time zone where your device is located. The web server also logs information such as the address of the web page that referred you to our Sites and the IP address of the device you use to connect to the Internet.
  • Third-Party Web Analytics Services: We also receive certain information via third-party web analytics service providers (such as Google Analytics). These service providers use cookies and web beacons or other similar technology to help us analyze how users use the Sites. The information collected by such technology (including, where applicable, your IP address) will be disclosed to (or collected directly) by these service providers, who use the information to facilitate the evaluation of your use of the Sites on our behalf. Typically, the information collected is associated with your device and not you as a named individual. Google Analytics, for example, uses cookies to track your interactions with our Sites. Google collects this information and reports it to us, without identifying individual users. This information helps us improve our Sites so that we can better serve users. However, if you are logged into a registered account you have with us, this information may also be associated with such registered account. For more information on Google Analytics, please visit https://www.google.com/policies/privacy/partners/. You can also view Google Analytics' currently available opt-outs for the web at https://tools.google.com/dlpage/gaoptout.

Other Third-Party Data Collection Activities

Be aware that other third parties may collect your information when you use our Sites as noted below:

  • Embedded Content: Third parties also collect information about your online activities over time and across different sites when you use our Sites. For example, third-party providers of certain embedded content and tools on our Site (such as an embedded Twitter or Facebook feed and social plugins from Facebook, Twitter/X, and LinkedIn) collect information directly from you in connection with your interaction with such content and tools. You may review your privacy settings for your accounts with such third-party providers through their respective websites. The information collected will be associated with your account(s) with such third parties (e.g., your Facebook account, Twitter account, etc.) if you are logged into the account(s) in the same browser. If you do not wish to have such third parties collect data about you on our Site, then you must log out of such account(s) before using the same browser to visit our Site.
  • Cookies: For information on what cookies are used on our websites, please see the following page(s):

How We Use Your Information

Pursuant to the European Data Protection Laws, legal bases for our processing your personal information may include (without limitation):

  1. where you have given consent to the processing, which consent may be withdrawn at any time without affecting the lawfulness of processing based on consent prior to withdrawal;
  2. where it is necessary to perform the contract we have entered into or are about to enter into with you (whether in relation to the provision of the Sites or our products/services or otherwise);
  3. where it is necessary for us to comply with a legal obligation to which we are subject; and/or
  4. where it is necessary for the purposes of our legitimate interests (or those of a third party) in providing, improving, or marketing the Sites or our products/services and your interests or fundamental rights and freedoms do not override those legitimate interests.

In addition, we use your information and data to provide you with products and services and to make your experience with us enjoyable and successful, including for the following purposes:

  • maintaining or servicing your account(s);
  • providing customer service, such as communicating with you about our products and services, addressing your requests and questions, and offering technical support;
  • processing or fulfilling orders and transactions;
  • processing payments;
  • performing business analytics and business operations, such as monitoring, maintaining and improving the operations of the Site;
  • assisting in marketing and advertising, such as sending you communication regarding those of our products and services that may be of interest to you;
  • helping to ensure the security and integrity of the Site and our business (in which case our use of your personal data will be reasonably necessary and proportionate for these purposes);
  • for the commercial purpose of inducing you to purchase our products and services; and
  • complying with applicable laws.

To the extent we consider Deidentified Data outside the scope of applicable data protection laws because it is not identifiable, then, to the extent required by such data protection laws, Fortis hereby publicly commits to process Deidentified Data in its possession only in a de-identified fashion and not attempt to re-identify such Deidentified Data. “Deidentified Data” means data that cannot reasonably be used to infer information about, and that cannot reasonably be linked to, an identified individual or an identifiable individual, or to a device linked to such individual.

Whom We Disclose Your Data To

We generally disclose information we gather from or about you to the following types of third parties and as otherwise set forth in this Policy or as specifically authorized by you:

  • Third-Party Service Providers and Partners:
    • third-party service providers and select business partners, such as distributors, credit card companies and shipping companies, who act on our behalf and solely in accordance with our instructions pursuant to written contracts, to fulfill the business purposes set forth above. These service providers and business partners acting on our behalf are obliged to adhere to agreements including confidentiality requirements no less protective than those described in this Policy, and are required to process personal information only as necessary to perform their functions, and in a manner consistent with this Policy, other applicable privacy notices (e.g., our cookie policy), and applicable laws, rules and regulations;
    • third-party analytical service providers and embedded content providers as described in the section of this Policy titled Third-Party Data Collection for Fortis; Automatic Data Collection;
  • Corporate Transactions: a third party in the context of a merger, acquisition, bankruptcy, or other reorganization or transaction in which such third party assumes control of all or part of our business;
  • Corporate Affiliates: our affiliates, subsidiaries (i.e., any organization we own or control) or our holding company or ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries they own. These companies will only use your personal information in the same way as we can under this Policy;
  • Professional Advisors: such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us;
  • third parties to whom we believe disclosure is necessary (i) as required by applicable laws or regulations; (ii) to exercise, establish or defend our legal rights; (iii) when we believe that disclosure is necessary or appropriate to prevent physical, financial or other harm, injury or loss to you or another person; (iv) in response to requests by governmental authorities, such as to comply with a subpoena, a search warrant, a court or regulatory order, lawful requests by public authorities, including to meet national security or law enforcement requirements, or other valid legal process; (v) in connection with an investigation of suspected or actual unlawful activities; or (vi) in connection with lawful requests by public authorities, including to meet national security or law enforcement requirements; and
  • as otherwise disclosed in this Policy.

To the extent that we use RingCentral to send text/SMS messages to you:

  • We take steps designed to protect the personal information we receive from you and, except for sharing of your phone number with Corporate Affiliates, do not share with, trade, or sell your phone number and SMS consent to third parties;
  • Except for sharing of your phone number with Corporate Affiliates, SMS consent and phone numbers will not be shared with third parties. SMS consent is not shared with any third parties or affiliates for marketing purposes.

Data Security

We implement reasonable security procedures and practices that we, in our discretion, deem appropriate to the nature of the personal information we collect, to safeguard and protect the security of this information. Nevertheless, no computer system or transmission of information can ever be completely secure, and you should not expect that your information will remain secure and confidential under all circumstances. We cannot be held responsible for any loss, capture or alternation of the information we collect from you through the Sites.

Our Policy Towards Children

Our Sites are not directed to persons under the age of 16 and we do not knowingly collect or share personal information from children under the age of 16.

Controlling your Privacy Settings

As a user of the Sites, you have rights around access to and management of your personal information. We will also keep you informed about how we process your personal information by way of this Policy.

  • You can update any personal and contact information that you provided to us at any time on the Site using our contact details set out below.
  • You can opt-out of any or all marketing communications we send you at any time. You can use the unsubscribe functionality on the marketing emails you receive. When you opt-out of marketing email communications, we may still, to the extent permitted by applicable laws, email you with service emails, when you order with us. These emails are necessary to keep you informed of order status, and provide purchasing or delivery information for the products you have ordered from us.

Your Rights

We generally use your personal information as described in this Policy or as authorized by you or as otherwise disclosed at the time we request such personal information from you. You generally must "opt in" and give us permission to use your personal information for any other purpose. You may also change your preference and "opt out" of receiving certain marketing communications from us by following the directions provided in association with the communication or such other directions we may provide or by contacting privacy@fortislife.com.

Under certain circumstances and in compliance with the European Data Protection Laws, you may have the right to:

  • Request access to your personal information (commonly known as a 'subject access request'). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate personal information we hold about you corrected;
  • Request erasure of your personal information. This enables you to ask us to delete or remove your personal information where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove all of your personal information in certain circumstances;
  • Object to processing of your personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information, for example, if you want us to establish its accuracy or the reason for processing it;
  • Request the transfer of your personal information to another party; and
  • Lodge a complaint with the relevant supervisory authority (as defined in the European Data Protection Laws). If you have any complaints about the way we process your personal information, please do contact us. Alternatively, you may lodge a complaint with the supervisory authority which is established in your country.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer a copy of your personal information to another party, please submit a request using our Privacy Information Request Form or contact privacy@fortislife.com.

Such updates, corrections, changes, and deletions will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Policy prior to such update, correction, change or deletion. To protect your privacy and security, we may take reasonable steps (such as requesting a unique password) to verify your identity before granting you profile access or making corrections. You are responsible for maintaining the secrecy of your unique password and account information at all times.

You should be aware that it may not be technologically possible to remove each and every record of the personal information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your personal information may exist in a non-erasable form that will be difficult or impossible for us to locate. After receiving your request, we will use commercially reasonable efforts to update, correct, change, or delete, as appropriate, your personal information stored in databases we actively use and other readily searchable media as appropriate, as soon as and to the extent reasonably practicable.

International Transfers

Personal information collected by us, including through the Sites, may be transferred from time to time to our offices or personnel, or to third parties, located throughout the world, and the Sites may be viewed and hosted anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such information. To the extent required by applicable law: whenever we transfer your personal data to third parties (as described in this Policy) located in an Inadequate Jurisdiction, we ensure a similar degree of protection is afforded to it; we may use specific contracts approved by the European Commission (accessible at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj) or the UK Information Commissioner's Office (accessible at https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/), as applicable, which give personal information the same protection it has in the European Economic Area or the United Kingdom, as applicable, under the European Data Protection Laws; and if we rely on another basis to transfer your personal data to an Inadequate Jurisdiction, we will keep you updated or contact you if required. Please contact us if you want further information on the specific mechanisms used by us when transferring your personal information to an Inadequate Jurisdiction. If you are a user accessing the Sites from a jurisdiction with laws or regulations that differ from those of the United States, please be advised that all aspects of the Sites are governed by the internal laws of the United States and the Commonwealth of Massachusetts, USA, regardless of your location.

Data Retention

For each category of information collected, Fortis will not hold this information for any longer than is necessary to effectuate our purposes for collecting the information as disclosed in this Policy. We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements), and in accordance with our company data retention policies.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. Data without any personal identifiable information may be stored permanently.

Additional Provisions Applicable to Information Received from Residents of California

In addition to any other applicable provisions of this Policy, if you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, with any regulations promulgated thereunder, the "CCPA") requires us to provide the following additional privacy-related information to you. As used in this section, the terms "business", "business purpose", "contractor", "personal information", "sensitive personal information", "service provider", and all grammatically inflected forms of "sell" and "share" have the meanings given in the CCPA. This section shall apply only to the extent that we are regulated as a business under the CCPA. This section shall apply to you only if you are a California resident. This section describes our practices with respect to personal information collected by us about you, including through your use of the Sites.

Description of your rights:

Pursuant to the CCPA, you have the right to know:

  • the categories of personal information that we have collected about you;
  • the categories of sources from which the personal information is collected;
  • our business or commercial purpose for collecting or sharing personal information;
  • the categories of third parties with whom we disclose personal information (if any);
  • the specific pieces of personal information that we have collected about you (also called a data portability request); and
  • If we shared or disclosed your personal information for a business or commercial purpose, two separate lists disclosing (i) sharing, identifying the categories of personal information that each category of third party received; and (ii) disclosures for a business or commercial purpose, identifying the categories of recipients to whom such personal information was disclosed and the personal information categories that each category of recipient obtained.

In connection with any personal information we may share or disclose for a business purpose, you also have the right to know:

  • the categories of personal information about you that we shared and the categories of third parties with whom the personal information was shared; and
  • the categories of personal information that we disclosed about you for a business purpose.

You have the right to deletion of your personal information from our records and our service providers' records unless an exception applies under the CCPA.

Once we receive and confirm a verifiable request from you or your authorized agent (in each case if you are a California resident) in the manner described below (“verifiable request”), we will delete (and notify our service providers and/or contractors to delete and notify all third parties to whom we have shared the personal information to delete, unless this proves impossible or involves disproportionate effort) your personal information from our records, unless an exception applies or retention of your personal information is otherwise permitted by the CCPA. We may deny your deletion request if retaining the information is reasonably necessary for us or our service provider(s) and/or contractor(s) to:

  • Complete the transaction for which we collected the personal information, provide a product or service that you requested, take actions reasonably anticipated by you within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
  • Help to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for those purposes.
  • Debug to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise that consumer's free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the ability to complete the research, if you have provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us and compatible with the context in which you provided the information.
  • Comply with a legal obligation.

With respect to any personal information about you maintained by us that is inaccurate, you have the right to request that we correct the inaccuracy (taking into account the nature of the personal information and the purposes of the processing of the personal information). If we receive a verifiable request from you to correct inaccurate personal information, we will use commercially reasonable efforts to correct such inaccurate personal information as directed by you, pursuant to Section 1798.130 of the CCPA and regulations adopted pursuant to the CCPA.

You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:

  • deny goods or services to you;
  • charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
  • provide a different level or quality of goods or services to you;
  • suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services; or
  • retaliate against an employee, applicant for employment, or independent contractor.

Exercising Your Rights under the CCPA:

To request access to, correction of, or deletion of your personal information collected by us, please contact us by submitting the Personal Information Request Form, by calling 1-800-338-9579, or by emailing privacy@fortislife.com. Please note that you may only make a CCPA related disclosure or deletion request twice within each 12-month period. If you request deletion of your personal information, we can remove your account once we have completed processing of any outstanding orders or requests. However, there will be underlying data that we are required to keep, which will be obfuscated and will not be tied to you as an individual. For instructions on exercising sharing opt-out rights, see the section of this Policy titled Sharing of Personal Information; Your Right to Opt-Out below.

We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. If your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request and notify you of the reason for refusing the request.

Verification of Your Identity:

When you exercise your rights under the CCPA and submit a request to us, we will verify your identity by asking you to authenticate your identity via standard authentication procedures. The information you provide must match the information we know about you. Additionally, if you request specific pieces of your personal information or the deletion of certain personal information, you may be required to provide a signed declaration under penalty of perjury or otherwise authenticate your identity. We are not obligated to process a request if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person's behalf. Any personal information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.

Categories of Information We Collect; Categories of Sources:

The section of this Policy titled Data We Collect describes the categories of personal information we have collected with respect to California consumers in the past 12 months and the categories of sources from which such information was collected. The section of this Policy titled How We Use Your Information describes the business and commercial purposes for which we collect your personal information.

Categories of Third Parties to Whom We Disclose Personal Information:

The section of this Policy titled Whom We Disclose Your Data To describes the categories of third parties to whom we have disclosed the personal information of California residents.

Categories of Personal Information Disclosed for a Business Purpose:

In the past 12 months, we have disclosed the categories of personal information about California consumers for business purposes as set out in the section of this Policy titled Data We Collect.

How Your Personal Information is Collected:

The section of this Policy titled Data We Collect describes how we collect your personal information.

Sale of Personal Information:

We are not in the business of selling personal information, and do not believe that our business practices constitute a sale of your personal information. However, as described under the section titled Whom We Disclose Your Data To, we may provide your information to our authorized distributors and business partners if, in your communication to us, you expressed an interest in or inquired about any of the products or services provided via such authorized distributors.

Sharing of Personal Information; Your Right to Opt-Out:

We have shared the below categories of your information with the below category of third parties in the past 12 months to target advertising to you based on your activities across different sites. We do so for marketing and advertising purposes, and to invite you to consider purchasing our products and services.

Categories of Personal Information Shared Categories of Third Parties with Whom the Personal Information was Shared and the Business or Commercial Purpose for Sharing Such Personal Information
Identifiers (e.g., name, email address, postal address, phone number, online identifiers, and IP address) Third-party providers of web analytics services and embedded content, and for our marketing and advertising purposes.
Commercial information (e.g., products purchased, obtained or considered, customer service feedback, or other purchasing or consuming histories or tendencies)
Internet or other electronic network activity information (e.g., email and privacy preferences; research history; product-specific preferences; browsing history both within the Site and shortly prior to and after entering or leaving the Site; and other browsing information, such as browser version, type of device and internet provider used, and phone number associated with device used (if one exists))
Geolocation data (not including your precise geolocation)

If you are 16 years of age or older, you have the right to direct us to not share your personal information at any time (the "right to opt-out"). We do not share the personal information of California residents we actually know are less than 16 years of age. California residents who opt-in to personal information sharing may opt-out of future sharing at any time.

To exercise the right to opt-out, you (or your authorized agent) may submit a request to us through the Personal Information Request Form.

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sharing. However, you may change your mind and opt back in to personal information sales at any time by submitting a request to use through the Presonal Information Request Form.

You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.

Someone legally authorized to act on your behalf (such as an authorized agent) may make a request on your behalf, provided that you have duly authorized that person or entity to make such request on your behalf and provided that that person or entity can provide verification of their authority to make such a request on your behalf where required.

Please note that you may opt-out of sharing (targeted advertising) by using a universal opt-out mechanism or opt-out preference signal (on the browsers and/or browser extensions that support such a signal), such as Global Privacy Control ("GPC"). You can learn more about Global Privacy Control by visiting www.globalprivacycontrol.org. Such universal opt-out mechanism or opt-out preference signal will apply solely to information we collect via your browser.

Your Sensitive Personal Information:

We use or disclose your sensitive personal information, provided that we only use or disclose your sensitive personal information for the purposes specified in Section 7027(m) of the CCPA regulations. We do not sell or share your sensitive personal information, and do not collect, process or use your sensitive personal information to infer characteristics about you.

Requests by Authorized Agents:

You are permitted to designate an authorized agent to make a CCPA request on your behalf. Your authorized agent can use the methods described above to submit the request and will be required to provide proof of authorization.

Individuals with Disabilities:

Individuals with a disability may access an alternative format of this notice using the contact information in the section below titled Contact Us.

California "Do Not Track" Disclosure

We do not currently respond to browser "Do Not Track" signals.

California Consumer Notice

Under California Civil Code, Section 1789.3, California residents are entitled to the following consumer rights notice: If you have a question or complaint regarding the Sites, or any products offered through the Sites, California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834 or by phone at 916-445-1254 or 800-952-5210.

Changes to this Policy

We may update this Policy from time to time. You should review our Sites periodically to determine if we have made such updates. We will update the "last modified" date at the top of this Policy each time we make changes to this Policy. Changes to this Policy are effective when they are posted or linked to the Sites. Your continued use of the Site after the updated Policy has become effective indicates that you have read, understood and agreed to the then-current version of the Policy.

Contact Us

If you have questions or comments about this Policy or about how your personal information is processed, please contact us using the details below.

Fortis Life Sciences
7 Whittier Pl
Ste 108 PMB 173
Boston, MA 02114
1.800.338.9579
936.597.6111
privacy@fortislife.com

We have appointed Secure Privacy ApS as our representative in the European Union for purposes of Article 27 of the GDPR. Please see Secure Privacy ApS' contact details below:

Secure Privacy ApS
Fruebjergvej 3
2100 Copenhagen
Denmark
Petar Todorovski (petar@secureprivacy.ai)

We have appointed DataRep as our Data Protection Representative for the purposes of UK GDPR, as part of The Data Protection Act 2018 (as amended) in the UK. If you want to raise a question to Fortis Life Sciences, LLC, or otherwise exercise your rights in respectof your personal data, you may do so by:

  • sending an email to DataRep at datarequest@datarep.com indicating "Fortis Life Sciences, LLC" in the subject line,
  • contacting DataRep via online form at www.datarep.com/data-request, or
  • mailing your inquiry to: DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom. (Please ensure request is addressed to "DataRep" and not Fortis Life Sciences, LLC)