Akoya Biosciences, Inc. Privacy Policy

Effective Date: October 18, 2019

Last Updated: June 14, 2024

Your privacy is important to us. This Privacy Policy applies to and governs data collection and usage with respect to our website (https://www.akoyabio.com/) and associated sites or pages and/or other service (collectively, “Service”) provided by Akoya Biosciences, Inc. (“us”, “we”, or “our”) and is binding on all those who access, visit and/or use the Service, whether acting as an individual or on behalf of an entity (collectively, “you” or “your”).

This Privacy Policy informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from (https://www.akoyabio.com/).

California residents can view our California Consumer Privacy Act notice by clicking here.

Data Controller
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.

For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.

Data Processors (or Service Providers)
Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.

We may use the services of various Service Providers in order to process your data more effectively.

Data Subject (or User)
Data Subject is any living individual who is using our Service and is the subject of Personal Data.

1. Information Collection and Use
We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data
We may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”) while you are using our Service. Personal Data may include, but is not limited to:

• First name and last name;
• Email address;
• Phone number;
• Address, City, State, Province, ZIP/Postal code; and
• Cookies and Usage Data.

Usage Data
We may also collect information on how you access and use the Service (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. Usage Data is collected automatically and is either generated by your use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Cookies Data
The Service will at times place and/or store code or other types of information and/or devices (e.g., “cookies”) on your computer, mobile or other device. Cookies are files with a small amount of data which may include a unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies may also be used such as beacons, pixel tags or scripts to collect, store and track information used to improve our Service.

You can instruct your browser to accept all cookies, accept only the necessary cookies for the website to function or refuse all cookies. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

• Necessary Cookies. We use Necessary Cookies to deliver basic functions like website access and securing areas of our Service. Our Service cannot function properly without these cookies.
• Preferences Cookies. We use Preference Cookies to remember information that changes the way our Service behaves or displays, like your preferred language or your geographic region settings.
• Statistics Cookies. Statistic cookies help us to understand how visitors interact with our Service by collecting and reporting performance metrics – all anonymously.
• Marketing Cookies. Marketing cookies are used to track visitors across our Service and to serve relevant marketing, event and product offerings to visitors. The intention is to display offerings that are relevant and engaging for individual users and thereby more valuable.

2. How We Use Your Information
We use the data we collect from you for the following various purposes:

• To provide and maintain our Service;
• To notify you about changes to our Service;
• To allow you to participate in interactive features of our Service when you choose to do so;
• To provide customer support;
• To gather analysis or performance information so that we can improve our Service;
• To monitor the usage of our Service;
• To detect, prevent and address technical issues; and
• To assess and implement mergers, acquisitions, reorganizations and other business transactions.

In addition, we may use your Personal Data to contact you or otherwise provide you with news, special offers or promotional materials and other general information about goods, services and events we offer that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or the instructions provided in any email we send you.

As noted above, we also use cookies and similar tracking technologies to track the activity on our Service and we hold certain information.

3. Retention of Data
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.

4. Transfer of Data
Your information, including Personal Data, may be transferred to, and maintained on computers located outside of your state, province, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there.

We will take commercially reasonably steps designed to ensure that your data is treated securely and in accordance with this Privacy Policy.

5. Disclosure of Data

Disclosure for Law Enforcement
Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements
We may disclose your Personal Data in the good faith belief that such action is necessary to:

• To comply with a legal obligation;
• To protect and defend our rights or property;
• To prevent or investigate possible wrongdoing in connection with the Service;
• To protect the personal safety of users of the Service or the public; and
• To protect against legal liability.

6. Security of Data
The security of your data is important to us and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure.

However, because no data transmission is completely secure, and no system of physical or electronic security is impenetrable, we cannot guarantee the security of the information you send to us or the security of our servers, networks or databases, and by using the Service you agree to assume all risk in connection with the information sent to us or collected by us when you access, visit and/or use the Service, including without limitation your Personal Data, and we are not responsible for any loss of such information or the consequences thereof. In the unlikely event that we believe that the security of your information in our possession or control may have been compromised, we may seek to notify you. If notification is appropriate, we may notify you via your computer, mobile or other device. Information may be transferred to, and maintained on, servers and databases located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as your jurisdiction. Please be advised that we may transfer your information to and from any state, province, country or other governmental jurisdiction, and process it in the United States or elsewhere. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to any such transfer.

7. Our Policy on “Do Not Track” Signals under the California Online Protection Act (CalOPPA)
California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California residents asking about the business’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. Alternately, such businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

8. Children
The Service is not intended for use by children, especially those under age 13. We do not knowingly collect personal data from children under the age of 13.

9. Service Providers
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide the Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Performance Metrics
We may use third-party Service Providers to monitor performance and analyze the use of our Service.

Third Party Analytics
We may use third party analytics, such as Google Analytics, which use cookies and similar technologies to collect and analyze information about use of our website and report on activities and trends. These services may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

10. Payments
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g., payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

• authorize.net
• CyberSource Corporation

Their Privacy Policies can be viewed at:
https://www.authorize.net/company/privacy/
https://www.cybersource.com/privacy.html

11. Links to Other Sites
Our Service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

12. European Privacy Notice

If you are a data subject located within the EEA or the UK, this European Privacy Notice applies to you in addition to any other information we provide regarding data privacy.

European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR”) and the Data Protection Act 2018 in the United Kingdom of Great Britain (UK) requires us as the data controller to provide additional and different information about our data processing practices to data subjects located in the European Economic Area (“EEA”) and the UK.

How We Use Your Personal Data

We (Akoya Biosciences, Inc.) will only use your personal data when applicable law allows us to do so.  Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract that we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.
• Necessary for scientific research purposes.
• Where we need to protect your interests (or someone else’s interests).
• Where it is needed in the public interest or for official purposes.

International Transfers of Personal Data

Our primary location is based outside the European Economic Area and the United Kingdom, so the processing of your personal data may involve a transfer of data outside the EEA or UK.

Whenever we transfer your personal data out of the EEA or UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or UK Government or where we have an appropriate lawful basis.
• Regarding transfers to the US, we require compliance with applicable data privacy laws and/or incorporate Standard Contractual Clauses in agreements for transfer from the EEA provided by the European Commission or from the UK by the International Data Transfer Agreement provided by the Information Commissioner’s Office in the UK in order to provide similar protection to personal data shared within Europe or the UK.

How Long We Retain Your Personal Data

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your Data Protection Rights

Under certain circumstances, if you are a person located within the EEA or UK, you have the following data protection rights:

• right of access to your personal data;
• right to correction of your personal data;
• right to erasure of your personal data;
• right to object to processing of your personal data;
• right to restrict processing of your personal data;
• right to transfer your personal data; and
• right to withdraw consent to any consent that you have previously given.

If you wish to exercise any of the rights set out above, please contact us at privacypolicy@akoyabio.com You can also contact the Supervisory Authority in the country of your residence within the EU or UK for advice or to make a complaint.  Please be aware that your rights are not absolute and in certain circumstance may be limited.

Types of Personal Data Collected: “Personal data” as used in this section 12 is any information that can be used to identify an individual that is received from the EU and is recorded in any form. Personal data includes sensitive data. “Sensitive data” is personal data that specifies medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying the sex life of the individual.

Personal data may include full name, address, telephone or mobile number, business and home contact details including e-mail addresses, health information and demographic information, as well as other personal data that you voluntarily provide to us, such as when you contact us with inquiries.

This section of the Privacy Policy provides additional information for California residents and describes our information practices pursuant to the California Consumer Privacy Act 2018, as amended by the California Privacy Rights Act 2020, and its implementing regulations (the “CCPA”). Depending on how you interact or engage with us, we may provide you with other privacy notices.

This section applies to “personal information” as defined in the CCPA, whether collected online or offline. This section does not address or apply to our handling of personal information that is exempt under the CCPA, such as publicly available information, information governed by the Health Insurance Portability and Accountability Act, information governed by the California Confidentiality of Medical Information Act, or deidentified or aggregated information.

Personal Information We Collect. Depending on how you use the Services, we may collect (and have collected in the prior 12 months) the following categories of personal information:

• Identifiers. Such as name, mailing address, email, phone number, online identifier, IP address, or other similar identifiers.
• Internet or Other Electronic Network Activity Information. Such as information regarding interactions with our Service, advertisements, or emails.
• Audio, Electronic, Visual, or Similar Information. Such as information collected via call or video recordings if you participate in our webinars.
• Inferences. Such as inferences drawn from any of the information described in this section about a consumer including inferences reflecting the consumer’s preferences, characteristics, behaviors, attitudes, abilities, and aptitudes.

Sources of Personal Information. We generally collect personal information from the following categories of sources:

• Directly or indirectly from you;
• Our affiliates and subsidiaries;
• Our business partners;
• Customers and clients; and
• Our vendors and service providers.

Purposes for Collecting and Disclosing Personal Information. As described in the “How We Use Your Information” section above, in general, we process personal information for the following business or commercial purposes:

• To provide and maintain our Service;
• To notify you about changes to our Service;
• To allow you to participate in interactive features of our Service when you choose to do so;
• To provide customer support;
• To gather analysis or performance information so that we can improve our Service;
• To monitor the usage of our Service;
• To detect, prevent and address technical issues;
• To assess and implement mergers, acquisitions, reorganizations and other business transactions; and
• For marketing and promotions.

Sensitive Personal Information. Notwithstanding the purposes described above, we do not collect, use, or disclose “sensitive personal information” beyond the purposes authorized by the CCPA.

Retention of Personal Information. We retain your personal information for as long as needed or permitted, based on the reason we obtained it (consistent with applicable law). When deciding how long to keep your personal information, we consider whether we are subject to any legal obligations (e.g., any laws that require us to keep records for a certain period before we can delete them) or whether we have taken any legal positions (e.g., issued any legal holds or otherwise need to preserve the information). Rather than delete your data, we may also deidentify it by removing identifying details. Where we have committed to maintaining and using personal information in a deidentified form, we agree not to reidentify deidentified data except as permitted by applicable law.

Disclosure of Personal Information to Third Parties and Other Recipients. The categories of personal information we have disclosed for a business purpose in the preceding 12 months include: identifiers; Internet or other electronic network activity information; audio, video, and other electronic data; and inferences. The categories of third parties and other recipients to whom we may disclose personal information for a business purpose may include: affiliates, subsidiaries, and business partners, vendors and service providers, acquirers of business assets, advertising networks, internet service providers, data analytics providers, and government entities.

Sales and Sharing of Personal Information. The CCPA defines “sale” as disclosing or making available personal information to a third-party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third-party for purposes of cross-contextual behavioral advertising . While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” or “share” the following categories of personal information: identifiers, and Internet or other electronic network activity information. We disclose these categories to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising. We do not sell or share personal information about individuals we know are under age 16.

Your CCPA Rights. The CCPA provides California residents with certain rights regarding their personal information. In general, California residents, including our business clients’ employees who reside in California, have the following rights with respect to their personal information, subject to certain exceptions:

• Right to Know/Access. With respect to the personal information we have collected about you, you have the right to request:
  • The categories or personal information we collected about you;
  • The categories of sources from which the personal information is collected;
  • Our business or commercial purposes for collecting, selling, or sharing personal information;
  • The categories of third parties to whom we have disclosed personal information; and
  • A copy of the specific pieces of personal information we have collected about you.

• Right to Correct. You have the right to request that we correct inaccurate personal information.

• Right to Delete. You have the right to request we delete your personal information.

• Right to Opt-Out of Sales and Sharing. You have the right to opt-out of “sales” and “sharing” of your personal information, as those terms are defined under the CCPA. While we do not “sell” personal information in the traditional sense (i.e., for money), our use of third-party analytics and advertising cookies may be considered “selling” and “sharing” under the CCPA. To exercise your right to opt-out of the “sale” or “sharing” of your personal information, click the Do Not Sell or Share My Personal Information link at the bottom of our website.

  You also have the right to opt-out of “sales” and “sharing” of your personal information through the use of an opt-out preference signal. If our Site detects that your browser or device is transmitting an opt-out preference signal, such as the “global privacy control”—or GPC— signal, we will opt that browser or device out of cookies on our Site that result in a “sale” or “sharing” of your personal information. If you come to our Site from a different device or from a different browser on the same device, you will need to opt-out, or use an opt-out preference signal, for that browser and/or device as well.

• Right to Limit Use. We do not engage in uses or disclosures of “sensitive personal information” that would trigger the right to limit use of sensitive personal information under the CCPA.

• Right to Non-Discrimination. We will not discriminate against you for exercising any of the rights described in this section.

Exercising Your CCPA Rights. If you are a California resident and would like to exercise your CCPA rights, you may do so via the method described below:

• Email us at privacypolicy@akoyabio.com.

Verification. Before responding to your request, we must first verify your identity using the personal information you recently provided to us. You must provide us with your full name and email address. We will take steps to verify your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial.

Authorized Agents. You may designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

14. Changes to This Privacy Policy
This Privacy Policy is effective as of the date set forth above. We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

15. Contact Us
If you have any questions about this Privacy Policy, or to remove or change your contact information in our database, or to not receive future mailings or other communications, as well as other enquiries please contact us by email: privacypolicy@akoyabio.com.