ILiAD Biotechnologies, Inc.
Privacy Notice
This notice explains what personal data ILiAD Bio collects, why we collect it, how we protect it, and the rights and choices you have — whether you're a website visitor, clinical trial participant, healthcare professional, employee, or business contact.
Last updated July 7, 2026Introduction
ILiAD Biotechnologies, Inc. (referred to as “ILiAD Bio”, “the Company”, “We”, “Our” or “Us”) are committed to protecting the privacy and security of your Personal Data.
This ILiAD Bio Privacy Notice applies to you if you are:
- A service user of this website (ILiAD Biotechnologies);
- An ILiAD Bio clinical trial participant;
- A healthcare professional conducting an ILiAD Bio clinical trial;
- An employee, contractor or other associated party associated with ILiAD Bio;
- An employee, contractor or other associated party contracted by ILiAD Bio's Service Providers; or,
- Any other individual with whom ILiAD Bio may conduct commercial operations.
We have developed this Privacy Notice to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your Personal Data. It is important that you read this notice so that you are aware of how and why we are using such information.
Definitions
For the purposes of this ILiAD Bio Privacy Notice:
- Company
- Referred to as either “ILiAD Bio”, “the Company”, “We”, “Us” or “Our” in this Agreement, refers to ILiAD Biotechnologies, Inc., 4581 Weston Road, Suite 260, Weston, Florida, 33331.
- Cookies
- Small files that are placed on Your computer, mobile device, or any other device by a website, containing the details of Your browsing history on that website among its many uses.
- Data Controller
- For the purposes of both UK and EU GDPR, refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data. The Company is the Data Controller.
- Data Processor
- For the purposes of both UK and EU GDPR, refers to the Company's Service Providers.
- Data Protection Legislation
- As defined in the Data Protection Legislation section below.
- Device
- Any device that can access the Service such as a computer, a mobile phone, or a digital tablet.
- Personal Data
- Any information that relates to an identified or identifiable individual. For the purposes of both UK and EU GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
- Service
- Refers to the Website, unless otherwise stated.
- Service Provider
- Any natural or legal person who processes data on behalf of the Company — third-party companies or individuals employed by the Company to facilitate the Service, provide the Service on behalf of the Company, perform services related to the Service, or assist the Company in analyzing how the Service is used. For the purpose of both UK and EU GDPR, Service Providers are considered Data Processors.
- Usage Data
- Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- Website
- Refers to ILiAD Bio's website, accessible from ILiAD Biotechnologies.
- You
- The individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under both UK and EU GDPR, You can be referred to as the Data Subject or as the User.
Data Protection Legislation
Throughout this document we refer to Data Protection Legislation.
Where data is processed by a controller or processor established in the European Union (EU) or comprises the data of people in the European Union, it is subject to the General Data Protection Regulation (Regulation (EU) 2016/679) (‘EU GDPR’), as well as any local data protection implementation laws. This includes any replacement legislation coming into effect from time to time.
In the United Kingdom (UK), Data Protection Legislation means the Data Protection Act 2018 (‘DPA 2018’), United Kingdom General Data Protection Regulation (‘UK GDPR’), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (‘PECR’) and any legislation implemented in connection with the aforementioned legislation.
ILiAD Bio is the Data Controller (‘controller’) for the Personal Data we process, unless otherwise stated.
We have appointed a Data Protection Officer (DPO) to help us monitor internal compliance, inform, and advise on data protection obligations, and act as a point of contact for data subjects and supervisory authorities. For further details on how you can contact our DPO, please see the Contact Us section below.
The information we collect
We only collect Personal Data that we know we will genuinely use and in accordance with the Data Protection Legislation and/or legislation related to clinical trials, such as the EU Clinical Trial Regulations (EU CTR). The type of Personal Data that we will collect on you will depend on whether you are a clinical trial participant, a healthcare professional, an employee, or a user of this website:
Clinical trial participant
- Your name*
- Your date of birth*
- Your age*
- Your gender*
- Your contact information (telephone number or email address)*
- Where applicable, the name of your legally authorized representative*
- Where applicable, the name and contact details of your partner*
- Your pseudonymized unique identification number(s)
- Your health data
- Your genetic data
- Your ethnicity
Healthcare professional (HCP)
- Your name
- Title
- Your contact details (e.g. telephone number, email address)
- Your employment details, where applicable
Employees, Board Members and Contractors of ILiAD Bio or ILiAD Bio's Service Providers
- Your name
- Your date of birth
- Your contact information (telephone number, email address, or mailing address)
- Your employment details
- Where relevant, your unique identification number(s) (e.g., payroll no.)
- Where relevant, your financial information (e.g., bank information, salary and tax information)
- Where relevant, your Right to Work information (e.g. nationality, visa, passport)
- Where relevant, your health data (e.g., sick leave information)
- Where relevant, your photograph
Website User†
- Your name
- Your contact information (e.g. email address)
- Your Contact Us form responses
- Your Usage Data (e.g., your IP address)
- Cookies and Tracking Technologies information
* This participant identifiable information is collected by ILiAD Bio's Research Sites, acting on their behalf as Data Processors. This data may be shared with clinicians, health authorities, ethics bodies and other personnel as authorized by ILiAD Bio, but only where ILiAD Bio is legally obligated to provide this data in accordance with Clinical Trial Regulations and other applicable laws. ILiAD Bio will not directly receive participant identifiable information and will not instruct their Data Processors to process or share this information other than where the law requires.
† You are under no statutory or contractual requirement or obligation to provide us with your Personal Data; however, we require at least the information above in order for us to deal with you as a Service User in an efficient and effective manner.
Cookies, Analytics and Tracking Technologies
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse Our Service.
You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service.
Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close your web browser. We use both session and persistent Cookies for the purposes set out below:
We and the third parties we work with use cookies and similar tracking technologies to collect information about your use of the Services, such as your IP address, browser type, browser version, pages viewed, time spent on pages, links clicked and conversion information. This information may be used by us and others to analyze and track data, determine the popularity of certain content, deliver targeted advertising and content, provide customer support, troubleshoot issues with and improve the operation of our Website and Services, and better understand your online activity.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt out of having your activity on the Service made available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visit activity. For more information on how Google collects and processes data, click here. To opt out of tracking by Google Analytics, click here.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page.
How we use your information
We will only process your Personal Data when the law allows us to do so. We will have provided you with our lawful basis for processing your Personal Data at the point the information was initially collected from you. We will not store, process, or transfer your data unless we have an appropriate lawful reason to do so.
Under Data Protection Legislation, the lawful bases we rely on for processing your information are:
- GDPR Article 6(1)(a) — your consent*
- GDPR Article 6(1)(b) — We have a contractual obligation
- GDPR Article 6(1)(c) — We have a legal obligation
- GDPR Article 6(1)(d) — In order to protect the vital interests of You or a third party
- GDPR Article 6(1)(e) — We have a public interest
- GDPR Article 6(1)(f) — We have a legitimate interest
* Where the lawful basis for processing is Consent, you are able to remove your consent at any time by contacting our DPO using the contact details in the Contact Us section below.
We may use your information for the following purposes:
| Processing activity | Lawful basis |
|---|---|
| Where you are a clinical trial participant in a jurisdiction where clinical trials occur on the lawful basis of Consent, to collect information from you and process your health information in order to conduct a clinical trial | Consent |
| Where you are a clinical trial participant in a jurisdiction where clinical trials occur on the lawful basis of Legitimate Interest, to collect and process your health information to conduct a clinical trial | Legitimate Interest |
| Where you are a clinical trial participant in a jurisdiction where clinical trials occur on the lawful basis of Legal Obligation, to collect and process your health information to conduct a clinical trial | Legal Obligation |
| Where you are a Health Care Professional (HCP) involved in the planning, delivery, or oversight of ILiAD Bio's clinical trials, to collect and process your employment information | Legitimate Interest / Contractual Obligation |
| Where you are an employee of ILiAD Bio, to collect information from you and make available our services to you | Contractual Obligation |
| Where you are an employee of ILiAD Bio's Service Providers, to collect information from you or your employer and make available our services to your employer | Legitimate Interest |
| Where you are an employee or Board member of ILiAD Bio, to collect your consent for the use of your photographs on the company website, for other purposes as consented to | Consent |
| Where you are a member of the Scientific Board for ILiAD Bio, to collect your consent for the use of your photograph, name, title and company on the ILiAD Bio website | Consent |
| Where you are an employee of ILiAD Bio's Service Providers, to collect information and take or make a payment, give or request a refund | Contractual Obligation |
| Where you are an employee of ILiAD Bio's Service Providers, to collect information from you or your employer and liaise about your contact details and/or the nature and performance of your work | Legitimate Interest |
| To collect information from you and monitor, provide and maintain our Service | Legitimate Interest |
| To contact you following your inquiry and reply to any questions, suggestions, issues, or complaints, including Data Subject Requests | Legitimate Interest |
| To collect your Usage Data in order to power our security measures so you can safely access our website and other Services | Legitimate Interest |
| To contact you about news and information relating to our Services through service messages | Legitimate Interest |
| B2B direct marketing where you are a corporate subscriber and/or the ‘soft opt-in’ applies under UK PECR | Legitimate Interest |
| B2B direct marketing where you are a sole trader, partnership, or otherwise classified as an individual subscriber and the ‘soft opt-in’ does not apply | Consent |
| To retain accounting information generated during our interaction for statutory accountancy retention periods | Legal Obligation |
| To respond to and defend against legal claims | Legal Obligation |
| To share your personal information with other professional advisors (insurers, accountants, auditors, lawyers) for professional/expert advice connected to our business objectives or a clinical trial | Legitimate Interest / Legal Obligation |
| To share your personal information with financial institutions, fraud prevention agencies, tax authorities, trade associations, credit reference agencies and debt recovery agents, to meet legal, regulatory and compliance obligations | Legal Obligation |
| To transfer your data to any prospective or new companies in the event of a restructure, acquisition, merger, divestiture, or dissolution — the new owners may only use it as set out in this notice | Legitimate Interest |
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Automated Technologies and AI Use
As part of our ongoing efforts to improve the efficiency and quality of our research and clinical trial activities, we may use artificial intelligence (AI) tools to support data analysis, communication, and system functionality. Some of these third-party software platforms may process your personal data, such as the Microsoft o365 suite of applications including Connected Experiences and Microsoft Copilot, an AI tool. Other systems, such as ChatGPT and Claude.AI (Anthropic), utilised by us also include AI features and functionalities that may process your personal data.
Throughout our professional relationship, your personal data may be processed within the Microsoft o365 suite of applications, including by Microsoft Copilot AI as part of Microsoft Connected Experiences, in accordance with Microsoft's privacy and security standards. For more information, see the Microsoft Privacy Statement. If you have questions or concerns about this processing, please contact our Data Protection Officer using the details in the Contact Us section.
Our use of AI tools for processing your personal data is carried out on the basis of our Legitimate Interests. We balance our interests against your data protection rights and apply appropriate safeguards to protect your personal data.
Who we might share your information with
We may share your personal data with other organizations in the following circumstances:
- From time to time, we may need to share your Personal Data with our strategic clinical trial partners;
- If the law or a public authority says we must share the Personal Data;
- If we need to share Personal Data in order to establish, exercise or defend our legal rights — this includes providing Personal Data to others for the purposes of detecting and preventing fraud; or
- From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of our services.
We use Service Providers (“Data Processors”) who are third parties who provide elements of services for us. Examples of these Data Processors include, but are not limited to:
- Our Contract Research Organizations (CRO) and UK representative;
- Our Clinical Trial Data Processors;
- Our IT Service Providers, such as Microsoft Corporation.
We have Data Processor Agreements in place with our data processors. This means that they cannot do anything with your Personal Data unless we have instructed them to do it. They will not share your Personal Data with any organization apart from us or further sub-processors who must comply with our Data Processor Agreement. They will hold your Personal Data securely and retain it for the period we instruct.
How long we keep your information for
We retain a record of your Personal Data in order to provide you with a high quality and consistent service. We will always retain your Personal Data in accordance with the Data Protection Legislation and never retain your information for longer than is necessary. ILiAD Bio follows a Retention Schedule which outlines how long ILiAD Bio will retain your Personal Data, beginning from the point ILiAD Bio last contacted you or otherwise reviewed your record, unless otherwise required by law.
| Purpose | Retention period |
|---|---|
| Processing data in relation to You as a clinical trial participant | 25 years following conclusion of the trial (EU-CTRs) |
| Processing data in relation to You as a Health Care Professional (HCP) involved in an ILiAD Bio clinical trial | 25 years following conclusion of the trial (EU-CTRs) |
| Processing data in relation to You as an employee, contractor or associated party contracted by ILiAD Bio | 6 years following termination of employment |
| Processing data in relation to You as an employee, contractor or associated party contracted by ILiAD Bio's Service Providers | 6 years following termination of employment |
| Processing data in relation to You as a service user of this website | 1 year |
| Processing data in relation to You as any other individual with whom ILiAD Bio may conduct commercial operations | 6 years |
How we keep you updated on our products and services
Where you are a clinical trial participant or a Health Care Professional involved in the planning, delivery, or oversight of an ILiAD Bio clinical trial, we will contact you through our Contracted Research Organization (CRO) where it is necessary to do so.
Where you are an employee of ILiAD Bio, we will contact you through existing ILiAD Bio communication channels, including email, where it is appropriate to do so.
Where you are an employee of ILiAD Bio's Service Providers, a user of this website who has provided us with your contact information, or any other business contact, we will send you relevant news about our services in a number of ways including by email, but only if we have a Legitimate Interest to do so. Where we do not have a Legitimate Interest, we will not send you marketing communications unless we have asked for, and gained, your consent.
We make every effort to ensure that we only send such communications to those acting in a business capacity and do not send such materials to consumers via personal email addresses if it is clear they are not acting in such a capacity or have not otherwise provided their consent.
All email communications will have an option to unsubscribe. To amend your marketing preferences, follow the link in the email, or contact our DPO using the details in the Contact Us section below.
Giving your reviews and sharing your thoughts
When using our website and other Services, you may be able to share information through social networks like Facebook and Twitter — for example, when you ‘like’, ‘share’ or review our Services. When doing this, your Personal Data may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so that you are comfortable with how your information is used and shared on them.
Third Party websites and links
Our Website may contain links to other sites operated by third parties. The Company does not control such other sites and is not responsible for their content, their privacy policies, or their use of personal information. The Company's inclusion of such links does not imply any endorsement of the content on such sites or of their owners or operators except as disclosed through the Services. Any information submitted by you directly to these third parties is subject to that third party's privacy policy.
We expressly disclaim any and all liability for the actions of third parties, including but not limited to actions relating to the use and/or disclosure of personal information by third parties.
Children's privacy
We do not seek or knowingly collect any personal information about children under 13 years of age. If we become aware that we have unknowingly collected personal information from a child under the age of 13, we will make commercially reasonable efforts to delete such information from our database.
If you are the parent or guardian of a minor child who has provided us with personal information, you may contact us using the information in Contact Us to request it be deleted.
Compliance with U.S. and Other Global Data Protection Laws
In addition to the EU and UK data protection legislation, we comply with applicable data protection and privacy laws in other jurisdictions where we operate:
United States
Several U.S. states, such as Connecticut, New Jersey, and Virginia, have enacted comprehensive consumer privacy laws granting rights such as access, deletion, and opt-out of data sales, and opt-in for sensitive data collection. To ensure robust protection of personal information, including Personally Identifiable Information (PII), we align our privacy practices for U.S. residents with EU and UK data protection legislation. This approach enables us to deliver a consistent and high standard of privacy protection that meets or exceeds applicable state and federal requirements.
California Resident Rights
We do not share personal information as defined by California Civil Code Section 1798.83 (“Shine The Light Law”) with third parties for their direct marketing purposes.
Other Global Jurisdictions
Many countries outside the EU/UK have adopted their own data protection frameworks, such as Brazil's LGPD, Canada's PIPEDA, and laws across Asia-Pacific, Latin America, and Africa. While requirements vary, these laws generally emphasize transparency, lawful processing, security safeguards, and respect for individual rights.
Where required, we implement appropriate measures to meet local legal obligations, including honoring data subject rights and ensuring secure international data transfers through mechanisms such as adequacy decisions, standard contractual clauses, or other recognized safeguards.
Your rights over your information
Right to be informed
You have the right to be informed about the collection and use of your personal data. We ensure this with our internal and external Privacy Notices (including this document), which are regularly reviewed and updated.
Right to access your personal data
You have the right to access the Personal Data that we hold about you in many circumstances, by making a request — sometimes termed a ‘Data Subject Access Request’. If we agree that we are obliged to provide Personal Data to you (or someone else on your behalf), we will provide it free of charge and aim to do so within 1 month from when your identity has been confirmed. We would ask for proof of identity and sufficient information about your interactions with us so that we can locate your Personal Data.
Right to rectify your personal data
If any of the Personal Data we hold about you is inaccurate, incomplete, or out of date, you may ask us to correct it.
Right to erasure
You have the right to have personal data erased — also known as the ‘right to be forgotten’. This right is not absolute and only applies in certain circumstances; for instance, it does not apply where we have a legal obligation to retain your Personal Data.
Right to restrict processing
You have the right to ask us to restrict the processing of your personal data, for example if you have issues with its accuracy or the way we have processed it. This right is not absolute and only applies in certain circumstances.
Right to portability
The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used, and machine-readable format, and to request that a controller transmits this data directly to another controller.
Right to object
You have the right to object to our processing of some or all of the personal data that we hold about you. This is an absolute right when we use your data for direct marketing, but may not apply in other circumstances where we have a compelling reason, e.g. a legal obligation.
Rights related to automated decision-making
You have the right to object to our processing where a decision is made about you solely based on automated processing and which has significant or legal effects. ILiAD Bio does not intend to conduct any automated decision-making for your Personal Data.
If you would like to exercise any of the above rights, please Contact Us as set out below.
Data protection complaints
You have the right to complain to us about how we use your personal data, known as a data protection complaint. You can do so by emailing us at DPO@iliadbiotech.com. We will acknowledge your complaint, investigate and respond in line with our legal obligations. If you are not satisfied with our response, you may also complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, at ico.org.uk.
For more information about your privacy rights
Depending on your jurisdiction, a different regulator or supervisory authority may govern the processing of Personal Data. Your government's website should point you in the right direction. You can find your country's regulatory body here. If you have questions about which supervisory authority applies in your jurisdiction, please Contact Us as set out below.
In the UK, the Information Commissioner's Office (ICO) regulates data protection and privacy matters, and makes information accessible to consumers on their website. You can make a complaint to the ICO, or any other supervisory authority, at any time about the way we use your information — though we hope you would consider raising any issue with us first.
Security
Data security is of great importance to ILiAD Bio. We have put in place appropriate technical and organizational measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed.
We take security measures to protect your information including:
- Limiting access to our buildings and resources to only those we have determined are entitled to be there (by use of passes, key card access and other related technologies);
- Managing a data security breach reporting and notification system which allows us to monitor and communicate information on data breaches with you or the applicable regulator when required by law;
- Implementing access controls to our information technology; and,
- Deploying appropriate procedures and technical security measures (including strict encryption, anonymization and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices, and stores.
International Transfers
Your Personal Data is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. This means that this information may be transferred to Devices located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in Your jurisdiction. In particular, when ILiAD Bio shares clinical trials data with Trusted Data Processors, your Personal Data — which will be pseudonymized in any case — would be stored and processed within third countries. Where this occurs, ILiAD Bio will ensure that:
- the security and confidentiality of your Personal Data is secure at all times;
- any Data Controller receiving your Personal Data has entered into an agreement with ILiAD Bio which contains standard data protection clauses as required by UK and/or EU GDPR, or there is an alternative appropriate safeguard in place governing the transfer; and,
- any Data Processor receiving your Personal Data has entered into an agreement with ILiAD Bio which contains the required Data Processor clauses as well as standard data protection clauses as required by UK and/or EU GDPR, or there is an alternative appropriate safeguard in place governing the transfer.
Where you are based in the UK or EU and we were required to transfer your Personal Data out of the UK or EU to countries not deemed by the ICO or European Commission (as relevant) to provide an adequate level of Personal Data protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with the Data Protection Legislation, such as specific contracts containing standard data protection clauses approved by the ICO or European Commission.
You can obtain a copy of this documentation by contacting the UK Representative or DPO identified in the Contact Us section below.
What happens if our business changes hands?
We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part, and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use that data only for the purposes for which it was originally collected by us.
Contact Us
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this Privacy Notice or the way your Personal Data is processed, please contact our Data Protection Officer (DPO) by one of the following means:
Weston, FL 33331
Changes to Our Privacy Notice
Thank you for taking the time to read our Privacy Notice.
We may change this Privacy Notice from time to time (for example, if the law changes). We recommend that you check this Privacy Notice regularly to keep up to date.
This Notice was last updated on July 7, 2026.