I. Introduction

Hemab ApS, and its wholly owned subsidiaries (together referred to as “Hemab”) are committed to developing therapeutic options for underserved bleeding disorders. We collect and use personal information to support our patients, conduct research, and run our business.

"Personal Data" means any information that can identify you directly or indirectly. We collect Personal Data when you visit our website, contact us, participate in research, work with us, or otherwise interact with our business.

This Privacy Policy explains how we handle your Personal Data across all our activities. We may update it from time to time; the current version on our website always applies.

‍

II. Who We Are

The data controller, the party legally responsible, for processing under this Privacy Policy is:

Hemab ApS
Nordre Fasanvej 215
2000 Frederiksberg
Denmark
Email: privacy@hemab.com

When you interact with Hemab Therapeutics or our research partners, those entities may also be responsible for your data under specific arrangements. We will inform you when this applies.

‍

III. Information We Collect

We collect various types of information depending on how you interact with us:

- Contact and identification information: name, address, phone number, email, nationality, employer, professional credentials, government IDs, and login details

- Health and medical information: health status, medical history, treatment records, genetic information, clinical assessments, and patient-reported outcomes for research participants

- Communication records: emails, meeting notes, phone calls, survey responses, and event interactions

- Professional information: qualifications, publications, research interests, clinical practice details, and areas ofexpertise

- Technical data: IP addresses, device information, browser settings, website usage patterns, and security logs

- Business information: payment details, contract information, and any other data relevant to our business relationship

‍

IV. Website Contact Forms and Patient Advocacy

Our website contact form helps patients, caregivers, and healthcare professionals get information and support. When you contact us:

Patient Advocacy Review: Our patient advocacy team reviews your inquiry to provide appropriate information, support, or referrals based on your specific question.

Information and Support: We may provide information about treatments, natural history studies, research updates, or clinical trial opportunities relevant to your inquiry.

Research Referrals: If you express specific interest in clinical trials, we may review eligibility with you, and connect you with research sites. This only happens with your separate explicit consent.

Most inquiries are general questions that we answer directly through our patient advocacy team. Research site sharing only occurs for those specifically interested in clinical trial participation who provide additional consent.

‍

V. How We Use Your Information

We use your information to support our mission of developing treatments for bleeding disorders:

Patient and Healthcare Professional Support:

- Responding to inquiries and providing information about treatments and research

- Supporting compassionate use programs and patient access initiatives

- Engaging with patient advocacy groups and healthcare communities

- Providing medical and scientific education and communications

Research and Development:

- Conducting clinical trials and research across all development phases

- Developing, manufacturing, and commercializing therapeutic products

- Supporting regulatory submissions

- Collaborating with research institutions and healthcare providers

Business Operations:

- Managing contractual relationships and business partnerships

- Ensuring regulatory compliance and quality assurance

- Protecting our legal rights and preventing fraud

- Supporting internal operations and strategic planning

‍

VI. Information Sharing

We share your information with trusted partners to support our mission, always with appropriate protections:

Research and Healthcare Partners: Clinical research organizations, academic institutions, healthcare providers, regulatory authorities, and other research collaborators. For website contacts, external sharing only occurs after obtaining your explicit consent through separate communication.

 Service Providers: Technology vendors, consulting firms, legal services, and other companies that support our operations under strict confidentiality agreements.

Regulatory and Legal Entities: Health authorities, ethics committees, legal counsel, auditors, and other parties involved in regulatory compliance or legal proceedings.

Business Associates: Potential investors, joint venture partners, and other entities involved in strategic business transactions.

We may also disclose information as required by law, to protect health and safety, prevent fraud, or fulfill regulatory obligations.

‍

VII. How Long We Keep Your Information

We keep different types of information for different periods based on legal requirements and business needs:

Website Contact Information: Up to 7 years to support ongoing patient advocacy services and research communications. Research site sharing requires separate consent.

Clinical Research Data: 25 years or longer as required to support regulatory submissions, long-term safety monitoring, and post-marketing obligations.

Business Communications: 3-7 years to maintain relationship continuity and fulfill business purposes.

Business Records: 7-10 years or as required by law for contractual, financial, and operational records.

Technical and Security Data: 6 months to 3 years unless required longer for legal or security purposes.

Regulatory Data: As required by applicable laws and regulations, which may require extended or indefinite retention.

Specific retention periods may vary based on legal requirements and individual circumstances. We regularly review our records and delete information when it's no longer needed.

‍

VIII. International Data Transfers

We operate globally and may transfer your information to various countries including the United States, European Union members, and other regions where we conduct business or research. We use appropriate safeguards such as Standard Contractual Clauses and adequacy decisions toprotect your information during international transfers.

‍

IX. Legal Basis for Processing

We process your information based on several legal grounds:

- Consent: Where you have given specific consent, such as for clinical trial participation or research communications

- Legitimate Interests: To pursue our research mission, business operations, and patient advocacy activities while respecting your rights

- Legal Obligations: To comply with laws, regulations, and regulatory requirements

- Contractual Necessity: To fulfill agreements or take steps before entering into contracts

- Vital Interests: To protect health and safety in emergency situations

- Public Interest: To support public health objectives and advance medical research

‍

X. Data Security

We protect your information using comprehensive security measures including:

- Technical safeguards: encryption, access controls, system monitoring, and security software

- Organizational measures: staff training, access management, incident response procedures, and regular security reviews

- Physical security: facility controls, equipment protection, and secure storage

- Research protections: pseudonymization, data minimization, and specialized research data management systems

‍

XI. Your Rights

Subject to applicable laws and certain limitations, you have rights regarding your personal information:

- Access: Get information about how we process your data and obtain copies

- Correction: Request correction of inaccurate or incomplete information

- Deletion: Request deletion in certain circumstances

- Restriction: Request limitations on how we use your information

- Portability: Receive your data in a structured, machine-readable format

- Objection: Object to certain processing, particularly for legitimate interests

- Withdraw Consent: Revoke consent where we rely on your consent (affects future processing only)

- Complaints: Contact data protection authorities about our data practices

These rights may be limited where processing is required for legal compliance, regulatory obligations, or legitimate research purposes. We respond to requests within applicable timeframes and may need to verify your identity.

‍

XII. Special Situations

Clinical Research Participants: Additional protections and procedures apply as described in study-specific informed consent documents and protocols.

Healthcare Professionals: Professional interactions may involve additional processing for medical affairs activities and regulatory compliance.

Cookies and Website Technologies: We use cookies and similar technologies to improve user experience and analyze website usage. OurCookie Policy below provides details about these technologies and your choices.

‍

XIII. Contact Us

For questions about this policy or your personal information:

Data Protection Office: privacy@hemab.com

Clinical Trial Inquiries: clinicaltrials@hemab.com

Mailing Address: Nordre Fasanvej 215, 2000Frederiksberg, Denmark

We respond within reasonable timeframes and may require identity verification for certain requests.

‍

XIV. Policy Updates

We may update this Privacy Policy to reflect changes in our operations, legal requirements, or best practices. Current versions are always available on our website, and we will notify you of material changes through appropriate channels.

‍

‍

XV. Cookies

When you visit our website, it may store or retrieve information on your browser, mostly in the form of cookies. You can find out more about cookies and how to control them in the information below.

Essential Cookies‍

Some cookies are essential for you to experience the full functionality of our site. They allow us to maintain user sessions and prevent security threats. They do not collect or store any personal information. For example, these cookies allow you to navigate our website securely and access information about our clinical trials.

More specifically, this includes user interface libraries such as GSAP, Weblocks, and Swiper, which power site navigation, animations, and form pop-ups, as well as cookies that store your consent preferences.

‍

Analytics Cookies

These cookies store information like the number of visitors to the website, the number of unique visitors, which pages have been visited, and the source of the visit.

We use Webflow Analytics and Hotjar to help us understand and analyze how well the website performs and where it needs improvement.

‍

Marketing / Advertising Cookies

Marketing cookies may be used in the future to deliver relevant advertising or measure campaign performance.

‍Hemab does not currently use marketing or advertising cookies on this website. This section remains in place for transparency should we enable them in the future.

‍

How we store your consents anonymously

We use Cloudflare to securely store your cookie category selections so that your preferences are honored on future visits.

Your consent preferences are stored for 335 days (11 months) and will automatically reset after this period or if you clear your browser cookies.

‍

Managing Your Consent

You can change or withdraw your consent at any time.

When you visit our website, you can select:

• Accept – Enable all cookies for the best website experience
• Reject – Decline all non-essential cookies
• Cookie Settings – Choose which types of cookies to allow

A “Cookie Settings” link is also available at the bottom of our homepage at all times.

‍

How Long Do Cookies Last?

• For cookies we can manually configure, expiration is set to 11 months.
• Other expiration periods are determined by the tool or your browser.
• Expiration periods reset each time you visit our website.
  
  

For specific details, please see the cookie inventory table below: