Privacy Policy

Corbus Pharmaceuticals, Inc. ("Corbus," "we," "us," or "our") provides this Privacy Policy to describe how your information is collected, used, shared and retained. This Privacy Policy applies to information collected when you visit our website at (the "Site"), contact us via the Site, purchase and/or use our marketed or investigational drugs (collectively, the "Products"), or participate in a clinical trial for our Products. 

By visiting our Site or using our Products you are agreeing to the terms of this Privacy Policy and the accompanying Terms of Use. Capitalized terms not defined in this Privacy Policy have the meaning ascribed to them in the Terms of Use. 

What Information We Collect: the Purpose of Collection and Use. We limit our collection of personal data to the minimum necessary to fulfill the stated purposes as set forth below. 

Contact Information: We may collect contact information on our Site from visitors who wish to obtain information, subscribe to our email alerts, and contact us with questions. Contact information is provided via browser forms and may include first name, last name, e-mail address, job title, name of the organization, and other information necessary for us to properly respond. This contact information is used by our public relations, investor relations, customer service and Product teams to contact our Site visitors, and to compile and deliver our responses. Our business development team uses the contact information provided by prospective business partners to contact them and provide requested information. 

Clinical Trials: Corbus sponsors clinical research studies under the jurisdiction of the U.S. Food and Drug Administration ("FDA") and other foreign regulatory authorities regarding the effectiveness and safety of our Products ("clinical trials"). All clinical trials require pre-approval from an appropriately constituted institutional review board or ethics committee. Your participation in a clinical trial is completely voluntary and requires that you consent in writing to the scope of the research to be conducted using the information gathered from and about you during the clinical trial by the clinical investigator, contract research organizations and other personnel engaged for this purpose ("clinical trial personnel"). Such information may include, as applicable, your name, demographic information (age, race, gender, and ethnicity), medical history, disease state, information regarding biological specimens and tissue samples, and adverse events. Corbus receives only a subset of this information in the form of Key-Coded Data (see below). 

Key-Coded Data: Clinical trial personnel remove information that identifies individual clinical trial participants from data collected at the clinical trial site to create data sets ("Key-Coded Data"), which are provided to Corbus. The Key-Coded Data applicable to each clinical trial participant is identified by a unique key code, which is retained by clinical trial personnel and not shared with Corbus. There are no circumstances where we receive the key code or identify the individual. Corbus will use and share your Key-Coded Data for the general research purposes for which it was originally collected and for research that is consistent with your original consent, or to which you have subsequently consented. When the key code is held only by the clinical trial personnel and not given to Corbus, then a transfer of Key-Coded Data from the European Economic Area to the United States does not constitute a transfer of personal data under the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) (although Key-Coded Data may be subject to other Union or Member State laws). 

Google Analytics: Like most organizations, we rely on automatic data collection technology (Google Analytics) when you visit our Site. Google Analytics may use tracking technologies such as, but not limited to, cookies to collect information on our behalf such as your IP address, Internet service provider, browser type, operating system and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Site you visit, number of links you click while on the Site, search terms, and other data. By accessing and using the Site, you consent to the processing of data about you by Google Analytics in the manner and for the purposes set out in this Privacy Policy. For more information on Google Analytics, including how to opt out from certain data collection, please visit Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Site. 

Cookies. Cookies are small packets of data that a website stores on your computer's hard drive so that your computer will "remember" information about your visits to our Site and other sites as described under "Google Analytics" above. If you do not want us, Google Analytics or the Site to place a cookie on your hard drive, you may be able to turn that feature off on your device. Please consult your Internet browser's documentation for information on how to do this, such as by using your browser in private mode to block cookies. However, if you decide not to accept cookies from our Site, the Site may not function properly. 

Aggregate Data. In an ongoing effort to better understand our users and the Site, we might analyze your information in aggregate form to operate, maintain, manage, and improve the Site. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics to describe our Products and the Site to current and prospective business partners and to other third parties for other lawful purposes. 

Additional Uses. We also use Contact Information and Site usage information collected pursuant to this Privacy Policy to respond to general inquiries, solicit feedback regarding our Site, provide relevant content on our Site, request your participation in brief, voluntary surveys, and to communicate with you via email regarding our current and future Products. 

Onward Transfer to Third Parties. Like many businesses, we hire other companies to perform certain business and research related services. We may disclose personal information to certain types of third-party companies but only to the extent needed to enable them to provide such services. The types of companies that now or in the future may receive personal information and their functions are research data management, safety and medical monitoring, statistical programming, analysis and processing, laboratory measurements, data storage, hosting services, disaster recovery services, and translation services. All such third-parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this privacy policy and implemented by Corbus. We may transfer your personal information to a third-party controller, but you may opt-out of such transfer at any time by sending us an email at We will not disclose your sensitive personal information to any third party without first obtaining your consent. You may have granted such consent when you agreed to participate in a clinical trial of our Product. If you have not yet granted such consent, you may do so by emailing us at In each instance, please allow us a reasonable time to process your response. 

Business Transfers. In the event of a merger, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set forth in this privacy policy. 

Disclosure to Public Authorities. We are required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas. 

Disclosure to Regulatory Authorities and Researchers. We may disclose Key-Coded Data to government regulators in the United States and foreign regulatory authorities for regulatory and supervision purposes. We may also disclose Key-Coded Data to public and/or private researchers, subject, as applicable, to the Data Privacy Framework Principles. 

Direct Marketing and Email Preferences. Corbus will not use or share your personal information for direct marketing purposes. However, you cannot opt out of receiving transactional e-mails related to your requests for information or materials. 

Access to Personal Information. Upon request to, we will provide you with confirmation as to whether we are processing your personal information, and have the data communicated to you within a reasonable time. You have the right to access, correct, amend or delete your personal information, restrict the processing of your personal information, receive a copy of your personal information, and/or transfer your personal information to a third party. Please allow us a reasonable time to respond to your inquiries and requests. 

If you are participating in a "blinded" clinical trial for one of our Products, your request to access your Key-Coded Data during the trial will be declined, provided that this restriction was explained to you when you entered the trial and the disclosure of such information would jeopardize the integrity of the research effort. Following the conclusion or other termination of the blinded clinical trial and analysis of the results, we will forward your request for access to your Key-Code Data to clinical trial personnel that have the Key Code. We recommend that you first request Key-Coded Data directly from your health care provider in the clinical trial (who can also provide access to other data collected at the clinical trial site) and secondarily from us. 

If you withdraw, or are asked to withdraw, from a clinical trial of our Products, your Key-Coded Data collected previously to your withdrawal may still be processed along with other data collected as part of the clinical trial, if this was made clear to you in the notice at the time you consented to participate in the clinical trial. 

Retention of Personal Information. We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. After such time periods have expired, we may either delete your personal information or retain it in a form such that it does not identify you personally. 

How We Protect Your Information. Corbus takes very seriously the security and privacy of the personal information that it collects pursuant to this Privacy Policy. Accordingly, we will implement reasonable and appropriate security measures to protect your personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations. 

Children. A written consent by lawful legal representative of a child is required prior to their inclusion in any of our clinical trials. We do not knowingly collect any personal information from children through the Site. If you are not of legal age, please do not give us any personal information via the Site. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce our privacy policy by instructing their children never to provide personal information to us without their permission. If you have reason to believe that a child has provided personal information to us, please contact us at, and we will endeavor to delete that information from our databases. 

Links to External Sites. The Site may contain links to third party websites ("External Sites"). Corbus has no control over the privacy practices of these External Sites. As such, we are not responsible for the privacy policies of those External Sites. You should check the applicable third-party privacy policy and terms of use when visiting any External Sites, and before providing any personal information to such External Sites. 

Important Notice to All Individuals Located Outside the US. Our servers may be located outside of the U.S. and the European Economic Area. If you are located outside of the U.S., please be aware that any information provided to us, including personal information, will be transferred from your country of origin. Except in the case of data transfers under the EU-U.S. DPF, the UK Extension to the EU-US DPF, and the Swiss-U.S. DPF, your decision to provide such data to us, or allow us to collect such data through our Site, constitutes your consent to this data transfer. 

Important Notice for Individuals Located in the European Economic Area, the United Kingdom, and Switzerland. Corbus complies with the EU-U.S. Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-US DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from the European Union member countries (including Iceland, Liechtenstein and Norway), the United Kingdom (“UK” including Gibraltar), and Switzerland to the United States, respectively, pursuant to the Data Privacy Framework Principles. Corbus has certified that it adheres to the DPF Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement and Liability (the "Data Privacy Framework Principles or DPF Principles"). With regard to the Principle of Accountability for Onward Transfer, for example, we remain liable if our agent processes such personal information in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage. If there is a conflict between this Privacy Policy and the Data Privacy Framework Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification page, please visit 

Corbus is subject to the investigatory and enforcement powers of the Federal Trade Commission. 

In compliance with the Data Privacy Framework Principles, Corbus commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, United Kingdom (including Gibraltar) or Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact Corbus at Corbus has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to an independent dispute resolution mechanism, DATA PRIVACY FRAMEWORK SERVICES, operated in the United States by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit more information and to file a complaint. This service is provided free of charge to you. If these processes do not result in a resolution, you may also contact your local data protection authority, the U.S. Department of Commerce, and/or the Federal Trade Commission for assistance. If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See  

Product Safety and Efficacy Monitoring. As a pharmaceutical company, Corbus does not have to apply the DPF Principles with respect to the Notice, Choice, Accountability for Onward Transfer, and Access Principles in its product safety and efficacy monitoring activities, including the reporting of adverse events and the tracking of patients/subjects using certain medicines or medical devices, to the extent that adherence to the DPF Principles interferes with compliance with regulatory requirements. This is true both with respect to reports by, for example, health care providers to pharmaceutical companies, and with respect to reports by pharmaceutical companies to government agencies like the FDA. 

California Privacy Rights. Corbus does not monitor, recognize, or honor any opt-out or do-not-track mechanisms, including general web browser "Do Not Track" settings and/or signals. 

Changes to this Privacy Policy. This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time and will post any changes on the Site as soon as they go into effect. By accessing the Site or using our Products after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please refer back to this Privacy Policy on a regular basis. 

How to Contact Us. If you have questions about this Privacy Policy, please contact us in one of the following ways: 

Phone: +1 617 963 0100