Website Privacy Notice

Crinetics Pharmaceuticals Inc. and its subsidiaries (collectively “Crinetics”, “we”, “our” or “us”), has committed to respect and safeguard the privacy of the visitors to our websites: https://www.crinetics.com/, https://acromegalysupport.com/, https://theacrobatstudies.com/, hereafter referred as “Sites”.
Crinetics wants to make sure that you understand what personal information is collected about you, how your personal information is used, disclosed or otherwise processed and how it is kept safe when using Crinetics’ Sites. The purpose of this Privacy Notice is also to explain your rights and choices available with respect to your personal information.

As a worldwide organization, Crinetics has committed to comply with all applicable data protection laws and regulations such as the General Data Protection Regulation n°2016/679 (‘GDPR’) and California Consumer Privacy Act of 2018 (“CCPA”).

Please note that any terms defined in the GDPR, CCPA and any other laws have the same meaning when used in this Privacy Notice.

In this Privacy Notice, you will find:

  • A section “Your information” for General important considerations such as what categories of personal we may process; the sources; the purposes for which we may process your personal data
  • A section “Crinetics and GDPR” including additional important information for EU visitors located in the European Union.
  • A section “Crinetics and CCPA” including additional important information for Californian residents.
  • A section for “Cookies policy”

I. Your Information

We collect personal data about the website visitors. Visitors can be the following types of individuals: clinical trial participants, patients, patient family members, caregivers or advocates, physicians, and other health care professionals, clinical trial investigators, researchers, pharmacists, investors and any other individual using the website.

What personal data do we collect?
We may collect the following personal data:

  • Identifier and demographic data: First and Last Name, email address, phone number, home address, city, country, age range.
  • Online identifier: IP address, browser, and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Sites and other technical information.
  • Curriculum Vitae and cover letter
  • Health and medical information such as diagnoses, treatments for medical conditions.
  • GeolocationBusiness data: company name, investor type, job title, work phone, fax, email address.
  • Publicly available information such as social media profile information, marketing leads and search results, and links, including paid listings (such as sponsored links)
  • Any other information you provide to us voluntarily by using the contact form and/or the chat.

How do we collect your personal data?
Your personal data will be collected:

  • directly from you
  • directly and indirectly through the use of our website
  • indirectly from cookies and other sources such as public databases, joint marketing partners and other third parties.

Why do we use your personal data?
We use your personal data in order to:

  • communicate with you and process your message, requests or inquiries;
  • keep you informed about us and our trials, send you updates and information about other activities you may be interested in;
  • provide support and awareness for the Acromegaly disease.
  • improve and operate the website;
  • send you newsletters and other business communications such as product, service and new feature information;
    enforce our terms, conditions, and policies;
  • as necessary to respond to law enforcement requests, fulfil our legal obligations as required per applicable laws and to protect our rights or our and your safety.

We process your information for purposes based on legitimate business interests, the fulfilment of our contract with you, for compliance with our legal obligations, and/or your consent. Please refer to the additional sections below for more details.

How do we share your personal data?

We do not sell, trade, or rent your personal data to third parties.
We only transfer your personal data to our providers and subcontractors to the extent necessary in order to achieve the purposes of the processing of your data.

We may disclose your personal data to the following category:

  • Our affiliates
  • Services Providers such as MailChimp, Facebook, Google Analytics: Internet Service providers, Operating systems and platforms (email delivery, hosting services), data analysis
  • Business partners*
  • Third parties as required by law: court, public authorities
  • Other third parties for whom you have given your consent.

*In case of Business transfer, we may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

How do we protect your data?

Crinetics treats your personal data in a confidential manner and uses at least the same level of care in safeguarding your personal data that it uses with its own confidential information of similar nature.

Your personal data are contained behind secured networks and are only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.

How often do we update this Privacy Notice?

Crinetics reserves the right to update this Privacy Notice to reflect any changes impacting your personal data. You will be informed by email or provide notification through this website. We encourage you to periodically review this page for the latest information on our privacy practices.

II. Crinetics and GDPR

This section applies to all data subjects located in the European Union.

Crinetics Pharmaceuticals, Inc. is acting as Data Controller of your personal data as defined by the General Data Protection Regulation (EU) 2016/679 (“GDPR”). The company is located in 10222 Barnes Canyon Road, Building #2 in San Diego, CA 92121, USA.

For any questions related to this notice or about how we process your personal data, please contact our Data Protection Officer at crinetics.dpo@mydata-trust.info.
The Data Protection Representative is MyData-TRUST S.A., located in Belgium at Boulevard Initialis 7/3, 7000 Mons.

Legal bases for processing

Purposes Legal basis
To respond to your requests or inquiries We consider that it is our legitimate interest to retain your information in order to respond to your requests and inquiries.
To keep you informed about our trials and other activities you may be interested in The processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime by contacting us as mentioned above.
To improve and operate the website We consider that it is our legitimate interest: the proper administration of our website. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To send you updates, newsletters, and other business communications The processing is based on your consent. You can opt-out of our emails at any time using the unsubscribe feature at the bottom of the emails.
To enforce our terms, conditions, and policies We consider that it is our legitimate interest to ensure our business activities. It is also necessary to comply with our legal obligations.
As necessary to respond to law enforcement requests, fulfill our legal obligations as required per applicable laws and to protect our rights or our and your safety. The processing of your personal data is necessary to comply with our legal obligations

Your rights

According to the GDPR, you may exercise your following rights:

  • Access. You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, to receive specific information regarding the processing of your date. You also have the right to obtain a copy of your personal data being processed.
  • Rectification. You have the right to require rectification of inaccurate or incomplete data about you.
  • Erasure. You have the right to ask for the deletion of your data in certain circumstances.
  • Restrict processing. You have the right to restrict processing of your data under certain specified circumstances.
  • Data portability. You have the right to request for the receipt or the transfer to another organization, in a machine-readable form, of your personal data under certain specified circumstances.
  • Object to processing. You have the right to object, on grounds relating to your particular situation, at any time to the processing of your data.
  • Right to withdraw consent. When you have given your consent for the processing of your data, you can withdraw it at any time without justification. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

If you would like to exercise your rights, please let us know by contacting our Data Protection Officer. You shall receive a response to your request within one month of receipt of the request.

You also have the right to raise a complaint about how your personal data is handled to the National Data Protection Authority located in the Member State in which you have your main residence or located in the Member State the alleged violation took place. To obtain contact details of all Member States Data Protection Authorities, please refer to the following website: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Cross-border data transfer

Some of our providers and sub-contractors are located outside the European Economic Area (EEA), in United-States. In this case, your personal data may be transferred to a country that may not have the same level of personal data protection as the EEA raising the risk that you will not be able to enforce your rights. When your personal data are transferred outside of the EEA, Crinetics is responsible for protecting your data and taking steps to maintain the confidentiality of your personal data. Crinetics will ensure that your data are transferred to US companies that are compliant with Privacy-Shield (e.g. Facebook) or that the transfer is governed by appropriate safeguards such as the Standard Contractual Clauses provided by the European Commission or that you have provided your explicit consent.

Retention

We will keep your data as long as necessary in order to achieve the purposes for which we collected it. We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

III. Crinetics and CCPA

This section applies to all data subjects residing in the state of California and provide additional information according to “California Consumer privacy Act of 2018”.

More information about your personal data

Here is an exhaustive list of the personal data collected and disclosed over the past 12 months.

Category of personal data

Collection

Disclosure

Sell

Categories of Third Parties with whom your personal data is shared

Identifiers and Online Identifiers (e.g. name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address and account name) Yes Yes No
  • Internet Service providers
  • Operating systems and platforms
  • Third parties as required by law
  • Other third parties for whom you have given your consent.
Personal Information as defined in the California customer records law, Section 1798.80(e), (e.g. name, contact information, education, employment, employment history and financial information.) Yes Yes No
  • Internet Service providers
  • Operating systems and platforms
  • Third parties as required by law
  • Third parties in connection with a merger, sale, or asset transfer.
  • Other third parties for whom you have given your consent.
Characteristics of Protected Classifications under California or Federal Law (e.g. age, medical condition,…) Yes, but only voluntarily given Yes No
  • Internet Service providers
  • Operating systems and platforms
  • Third parties as required by law
  • Other third parties for whom you have given your consent.
Internet or Network Information such as browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems and advertisements. Yes Yes No
  • Internet Service providers
  • Operating systems and platforms
  • Third parties as required by law
  • Other third parties for whom you have given your consent.
Geolocation Data (e.g. physical location) Yes Yes No
  • Internet Service providers
  • Operating systems and platforms
  • Third parties as required by law
  • Other third parties for whom you have given your consent.
Professional or employment information (e.g. job title, work history and experience in connection with your practice) Yes Yes No
  • Internet Service providers
  • Operating systems and platforms
  • Third parties as required by law
  • Other third parties for whom you have given your consent.

 
We do not sell your personal information.

We do not intend to collect commercial information (e.g. transaction information, purchase history, financial details and payment information), biometric information (e.g.: fingerprints and voiceprints), sensory information (e.g. Audio, electronic, visual, thermal, olfactory, or similar information), education information (e.g. student records) and inferences (e.g. individual’s preferences and characteristics, profiling).

Your information is disclosed only for the fulfilment of business purposes as listed in the paragraph above « Why do we use your personal data? » which includes:

  • Auditing: analytics, legal and regulatory compliance
  • Security: fraud prevention and safety against malicious activity
  • Debugging
  • Short-term uses: communication with you
  • Performing services: provide products and services
  • Service Improvement

Your rights and how to exercise them

Access. You can request the following information about how we have collected and used your Personal Information during the past 12 months:

The categories of Personal Information that we have collected and the categories of sources from which we collected Personal Information.
The business or commercial purpose for collecting and/or selling Personal Information.
The categories of third parties with whom we share Personal Information.
Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of recipient.
Whether we’ve sold your Personal Information and if so, the categories of Personal Information received by each category of recipient.

Deletion. You can ask us to delete the Personal Information that we maintain about you. This right does not apply if Crinetics needs to retain your personal information to:

  • Provide good or services to the consumer
  • Detect or resolve issues security or functionality-related issues
  • Comply with the law
  • Conduct research in the public interest
  • Safeguard the right to free speech
  • Carry out any actions for internal purposes that the consumer might reasonably expect

Non-discrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as:

  • Denying you goods or services,
  • Increasing the price/rate of goods or services,
  • Decreasing the service quality, or
  • Suggesting that we may penalize you as described above for exercising your rights

You can request to exercise your rights by contacting our Privacy Officer at privacyofficer@crinetics.com.

IV. Cookies Policy

What Are Cookies

Our Sites use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. They are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or ‘break’ certain elements of the website functionality.

Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

For more general information on cookies, you can see the Wikipedia article on HTTP Cookies or visit the All About Cookies website (http://www.allaboutcookies.org).

How We Use Cookies and other tracking technologies

We may use trusted third-party services that track the below information on our behalf.

We use several types of cookies for different reasons:

  • Functional cookies” are used to enable certain functions of the website. Cookies can also be used to provide the functionality to set your preferences and remember them. From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features, these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimizations our users appreciate the most.

We also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.

  • Analytics cookies”: This site uses Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page. The cookies are used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We use cookies to compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.
  • Marketing cookies”: We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including Facebook, Twitter, Instagram, YouTube, and LinkedIn, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies (see links in the section More Information).

Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser. Please visit the help pages of your web browser. Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the Sites. Therefore, it is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

More Information

If you have any specific questions on how the cookies are managed, please contact us at privacyofficer@crinetics.com.