Privacy Statement

Dated: March 21, 2025

This Notice explains what personal information (including, potentially, data about your health) that Apellis Pharmaceuticals, Inc. and our subsidiaries (“Apellis” or “we” or “us”) collect about you and how we use, disclose, and safeguard that information. This Notice applies to all of our websites, mobile applications, data collection forms and services (“Services”) that link to or post this notice.  This notice does not apply to our employees or participants in our clinical trials who receive separate privacy notices from us.

This notice serves as our Notice at Collection under the California Privacy Rights Act.   This Notice also provides required disclosures regarding personal information and/or health data under applicable law, including but not limited to the GDPR and the privacy laws of the states of Washington, Nevada, and New York.

1. Information We May Collect 

In order to operate our business, to effectively communicate with you, and/or to provide products and services to you, we may collect personal information about you.  The kinds of information we may collect about you will vary depending on the type of interaction or relationship we have with you.  For example, the information we collect from job applicants will differ from the information we collect from participants in our patient support programs.  Below is a list of the kinds of information we may collect about you:

  • Basic Personal Information, such as: name; alias; date of birth; gender; family member names; family lifestyle & social circumstances; image/photograph/video; marital status; physical characteristics/descriptions; signature; voice/audio
  • Behavioral Information, such as: online behavior information; commercial purchasing history or tendencies; and inferences reflecting personal preferences
  • Employment and Background Information (for job applicants), such as: educational and training background and records; criminal/conviction history; previous work history; salary/wage expectation; start date; employment eligibility information, US diversity reporting information including self-reported race, ethnicity, sex, disability, and veteran status.
  • Government Identifiers, such as: driving license number; national identity card details; passport number; tax ID number; Social Security number; visa number
  • Health Information.  Depending on the specific service or product offering that you use or receive and your interaction with us, we may collect certain personal information about you that identifies your past, present, or future physical or mental health status. Examples of health data we might collect include:
    • Information about your health conditions, symptoms, status, diseases, diagnoses, testing, lab results, scans, images or treatments;
    • Measurements of bodily functions, vital signs, symptoms, or other health characteristics;
    • Data that could identify you as an individual seeking health care services; and
    • Any inferences of the above categories of health data that we may infer or derive from non-health related information.
  • General Location Data, such as based on IP address
  • Online/Electronic Resources Activity, such as: account name, account age/number/password; browsing time; cookie information; email read receipts; website history
  • Personal Contact Information, such as: online identifiers (e.g., personal IP address), email address; postal address; telephone number; unique personal identifier. This may also include information for your emergency contact(s)
  • Professional Details, such as: professional license number/status; professional memberships; reference/background checks
  • Protected Characteristics, such as: nationality/citizenship; privately held political/philosophical/religious beliefs and opinions; racial or ethnic origin; sex life information; sexual orientation; trade union membership
  • Social Media Information, such as: social media account/contact/history
  • Technical Data, such as: IP address; cookies; browsing behavior; and device information
  • Transactional Data, such as: interactions with our for products and services; speaking engagements; structured call notes; interactions with our systems; audit logs; meeting minutes

2. Sources of Data Collection

The sources of information from which we may collect information about you will also vary depending on the type of interaction or relationship we have with you.  Below is a list of the kinds of sources from which we may collect information about you:

  • Adverse event reporters and subjects;
  • Business partners;
  • Clinical/medical investigators and staff conducting clinical/medical research;
  • Consumers;
  • Customers;
  • Directly from you;
  • Employees, former employees, potential employees, and their family members;
  • Government sources and/or officials;
  • Healthcare professionals;
  • Investors and shareholders;
  • Joint marketing partners;
  • Our own systems, Services, and devices;
  • Patients;
  • Publicly available sources;
  • Social media platforms; and
  • Vendors, suppliers, contractors, and associations.

3. How We Use Your Information 

The ways we use information about you will also vary depending on the type of interaction or relationship we have with you.  Below is a list of the ways we might use your information:

  • Activities for public health and interest;
  • Activities as an employer to support and fulfill our obligations to our employees;
  • Business and market research
  • Contracting and business planning activities;
  • Communicating information about our products and services;
  • Compliance with legal or regulatory obligations (e.g., adverse event and product complaint reporting, exercising or defending legal claims, financial disclosure reporting, maintaining patient registries; complying with privacy obligations, etc.);
  • Data analytics, including, but not limited to: statistical analysis; developing, training, testing, or deploying algorithms, machine learning, artificial intelligence or other advanced analytics technologies; and deidentification or pseudonymization of your information so that it might be combined with other deidentified or pseudonymized information for research, statistical analysis, and business improvement, ensuring compliance with applicable privacy laws.
  • Engaging scientific experts and leaders;
  • Enhance website functionality and user experience;
  • Event management;
  • Finance or tax activities;
  • Marketing and sales of our products;
  • Merger and acquisition due diligence;
  • Patient testimonials (for sales and marketing, advertising, training and education, public relations, and research);
  • Processing transactions and fulfilling customer orders;
  • Providing, developing, and/or improving our products;
  • Providing patient assistance;
  • Registration for services;
  • Responding to requests for information;
  • Statistical analytics;
  • Study recruitment and management, including monitoring of study activities;
  • Validating your ability to access/use certain product, services, and information; and
  • Administration of other legal and business processes that are in our legitimate interest, inclusive of company record retention, safeguarding our physical and electronic workplace, maintaining our systems and records (e.g., testing, validation, fixing software errors), and website management.

4. How We Share Your Information

The other parties with whom we might share information about you will also vary depending on the type of interaction or relationship we have with you.  Below is a list of the categories of other parties with whom we might share your information:

  • Affiliates. We may share personal information within our corporate family (parent, subsidiaries, and/or affiliates) for purposes consistent with this Notice.
  • Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Notice.
  • Healthcare Professionals & Regulatory Authorities: As required by law or to support patient safety.
  • Service Providers: We may engage other companies and individuals to perform services on our behalf, including, for example: payment processing, IT support, marketing, data storage and analytics, product safety and quality, event and travel planning, and scientific research and development. When we share personal information with these service providers we do so under strict contractual obligations that require those service providers to protect the data and only use it for appropriate purposes.
  • Legal & Compliance Entities: When required by law, court order, or regulatory compliance.
  • Authorized Third Parties: With your consent or as permitted by applicable law.

We may share health information (as described in Section 1 above) for our necessary business purposes and/or to provide you with products and services that you request (as described in Section 2 above).  If we share your health data we will always do so in compliance with the requirements of applicable laws.

5. “Sale” of Information

We are not in the business of selling the information we collect about you to others and we do not provide information about you to others in exchange for monetary compensation.  However, certain U.S. state laws define “sale” as disclosing or making available personal information to a third party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third party for purposes of cross-contextual behavioral advertising.

While we do not disclose personal information to third parties in exchange for monetary compensation, our use of third-party analytics and advertising cookies may be considered “selling” and “sharing” in certain jurisdictions. Based on these definitions, we may “sell” or “share” the following categories of personal information: identifiers; commercial information; location information; Internet and network activity information, and sensitive personal information (e.g., your Internet and network activity information when you visit some of our health-related pages on our Sites).

We may disclose these categories to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising and to improve and measure our ad campaigns. We may also share limited information, such as a unique personal identifier with data brokers for purposes of marketing and advertising and to improve and measure our ad campaigns. You may opt out of this sharing of your personal information as further described in the “Your Rights & Choices” section below.

6. Cross-Border Data Transfers

We may transfer your personal data to countries outside of your jurisdiction, including the United States and other countries that may not have the same data protection laws as your home country.

When transferring data from the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission (or the UK Addendum for UK transfers) as a lawful mechanism to ensure that your personal data is adequately protected.

For individuals in other jurisdictions where additional safeguards are required, we take appropriate supplementary measures to protect your data, in line with applicable legal requirements and regulatory guidance.

If you would like more information about the safeguards we use for international data transfers, please contact (see Section 13 “Contact Us” below).

7. Data Security & Retention

We implement appropriate technical and organizational security measures to protect your information from unauthorized access, loss, or misuse.

We retain personal data only for as long as necessary to fulfill the stated purposes, comply with legal obligations, resolve disputes, and enforce our agreements. The retention period depends on the type of data collected and the purposes for which it is used.

8. Your Rights & Choices

We have policies and processes in place to honor your choices with respect to how we process your personal data. These policies and processes adhere to the requirements under applicable laws for data subject rights, including but not limited to the GDPR, CCPA, the Washington My Health My Data Act and the Nevada and the Nevada Consumer Health Data Law.

These rights may include:

  • Right to Confirm: Request information about whether we are collecting, selling or sharing your health information.
  • Right to Correction: Request corrections to inaccurate or incomplete data.
  • Right to Deletion: Request deletion of your personal data, subject to legal obligations.
  • Right to Opt-out or Restrict Processing: Request limitations on how we use your data, including opt out of “sale” or “sharing,” opt out of direct marketing; opt out of us of data for AI model training; opt out of certain uses of health data.
  • Right to Review and/or Portability: Request review the personal data we hold about you and/or to receive a copy of your personal data in a structured format.
  • Right to Withdraw Consent: Withdraw consent for collection and sharing of health information.

There may be certain exceptions that apply to your request.  You will not be discriminated against for exercising your privacy rights. We will respond to your request within 30 days. To learn more or to exercise your rights, please contact us at privacy@apellis.com or by any of the means listed in Section 13 (“Contact Us”) listed below.

9. Cookies & Tracking Technologies 

We use cookies and similar tracking technologies to enhance user experience, analyze trends, and administer our website. We may also work with third-party advertising partners to deliver targeted advertisements based on your browsing behavior, interactions with our website, and other online activities. These third parties may use cookies, web beacons, and other tracking technologies to collect information about your interactions with our website and other online services over time.

This information, which may be considered personal information in some jurisdictions, is used, for example, to analyze and understand how you access, use, and interact with our Services; to identify and resolve bugs and errors in our Services; to assess, secure, protect, optimize, and improve the performance of our Services; for marketing, advertising, measurement and analytics purposes; and to personalize content on our Services. Our exchange of information with third parties to perform these activities may be considered “selling” or “sharing” of information under certain state laws (for more details see above Section 3 “How We Share Your Information”).

When you visit our Services, we may provide you a choice about whether to “agree” or “disagree” to the use of cookies and other technologies to personalize content and ads on our Services. You should feel free to select “disagree” to limit the circumstances in which personal information collected through tracking technologies on the website may be used for targeted advertising. [insert cookie consent management tool link]

You can also manage cookie preferences through your browser settings or opt out where applicable.  You may also opt out of certain targeted advertising practices by adjusting your preferences through the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI).

10. Third-Party Links and External Services

Our website may contain links to third-party Services, applications, or services. Please be aware that we are not responsible for the privacy practices of such third parties. This Privacy Notice applies solely to our website and services. We encourage you to review the privacy policies of any third-party Services you visit to understand their data collection and processing practices.

11. Children’s Privacy

Our services are not intended for children  and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child without parental consent, we will take steps to delete such information as required by applicable laws.

12. Dispute Resolution

If you have any complaints regarding our privacy practices, we encourage you to contact us first so that we may resolve your concerns.

For individuals in the European Economic Area (EEA), the United Kingdom, and Switzerland, if we are unable to resolve your complaint, you have the right to lodge a complaint with your local Data Protection Authority (DPA). We will cooperate with the relevant DPAs in accordance with our obligations under applicable data protection laws and the Standard Contractual Clauses (SCCs) governing international data transfers.

Residents of certain states (including California, Washington, and Nevada) may also have the right to seek dispute resolution or arbitration as provided under their respective state laws. Please refer to the relevant state privacy authority or contact us for further details on dispute resolution options available to you.

13. Updates to This Privacy Notice

We may update this Privacy Notice periodically. Any changes will be posted on our website with the revised effective date. If significant changes are made, we will notify you in accordance with legal requirements.

14. Contact Us

For questions or concerns about this Privacy Notice or our data practices, please contact:

Apellis Pharmaceuticals, Inc.
Privacy Office
100 Fifth Ave. Waltham MA 02145, U.S.
Email: privacy@apellis.com

For purposes of European data protection laws, Apellis Pharmaceuticals, Inc. is the data controller: i.e., the company responsible for controlling the processing of personal information covered by this Privacy Statement. Apellis’ Data Protection Officer can be reached at privacy@apellis.com.