Privacy Policy

Last updated February 2, 2024

Thank you for choosing to be part of our community at aTyr Pharma, Inc. (aTyr may be referred to as “company”, “we”, “us”, or “our”). We are committed to protecting your Personal Information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your Personal Information, please contact us at privacy@atyrpharma.com.

When you visit our website at www.atyrpharma.com, and use our services, you trust us with your Personal Information. We take your privacy very seriously. In this privacy notice, we describe our Privacy Policy. We seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this Privacy Policy that you do not agree with, please discontinue use of our website and our services.

This Privacy Policy applies to all information collected through our website and/or any related services, sales, marketing or events (we refer to them collectively in this Privacy Policy as the “Site”).

Please read this Privacy Policy carefully as it will help you make informed decisions about sharing your Personal Information with us.

  1. What Information Do We Collect?
  2. How Do We Use Your Information?
  3. Will Your Information Be Shared with Anyone?
  4. Do We Use Cookies and Other Tracking Technologies?
  5. Is Your Information Transferred Internationally?
  6. How Long Do We Keep Your Information?
  7. How Do We Keep Your Information Safe?
  8. Do We Collect Information from Minors?
  9. What Are Your Privacy Rights For Persons Located In the EU/EEA and UK?
  10. Controls for Do-Not-Track Features
  11. Do California Residents Have Specific Privacy Rights?
  12. Data Privacy Frameworks
  13. How Can You Contact Us About This Notice?
  14. How Can You Review, Update or Delete The Data We Collect From You?

1. WHAT INFORMATION DO WE COLLECT?

“Personal Information” is defined as any information that relates to you directly or indirectly, by reference to an identifier, location, or factors specific to physical, physiological, genetic, economic, cultural or social identity.

We may collect and process the following Personal Information about you:

  • Contact information, such as your name, email address, phone number, address, company affiliation, or job title;
  • Access information, such as your log-in username and password details;
  • Online and technical identifiers, such as your IP (Internet Protocol) address and cookies;
  • Professional credentials, such as curriculum vitae/resume, work history, qualifications or any other type of information that may be included on a resume or curriculum vitae;
  • Demographic and health data information;
  • Communication and correspondence information, such as the content of communications you send us to report a problem or to submit a query, or your response to a survey;
  • Financial and government identifying numbers, such as U.S. social security numbers for payment processing purposes in the U.S.;
  • Identification information, including biographical and contact data;
  • Banking information collected for payment processing purposes;
  • Health data collected for the conduct of clinical studies;
  • Your unique patient identifier which is assigned to you in the event you participate in one of our clinical studies;
  • Genetic data;
  • Biometric data, which is data relating to physical or biological characteristics; and
  • Any other information that you or an authorized party provides to us that can be used to identify you.

We may collect Personal Information from numerous sources, including the following:

  • Directly from you, your references or other sources provided by you. For example, when you enquire about our therapeutic compounds, contact us via this Site, apply for employment, ask to be a clinical study participant or a principal investigator in one of our clinical studies, or in any way engage with us or our personnel;
  • Cookies and automated technologies, such as when you interact with our website;
  • Third party vendors, which may include those vendors, suppliers, contractors or business partners that provide services for us (e.g. market research vendors or adverse event reporting);
  • Government officials or entities; and
  • Publicly available sources.

2. HOW DO WE USE YOUR INFORMATION?

Use of your Personal Information Categories of Personal Information we Process Source of the Personal Information Legal Basis
Obtain your subscription preferences and send surveys, questionnaires, event related materials, or commercial communications Contact information and other information you provide, such as your topic preferences and areas of interest You Consent: To obtain your subscription preferences and send you commercial communications

Legitimate interests: To provide you with surveys, questionnaires, information you need and services you request

Respond to inquiries and fulfill requests Contact information and other information you provide, such as your requests You Legitimate interests: To provide you with information you need and other services you request and to efficiently communicate with you
Enter into or perform a contract Contact information and other information you provide You Contract: To conduct our normal course of business
Comply with applicable laws, regulations, codes, court order or other legal obligations (e.g., pharmacovigilance obligations, financial disclosure requirements) Contact information and other information you provide You Legal obligation: To comply with applicable legal obligations
Fraud and security monitoring IP address You and your network provider Legitimate interests: To protect your information
Register you for events and deliver event-related materials Contact information and other information you provide, such as your preferences for the event You Legitimate interests: To enable your attendance at our events and to deliver you event materials

Contract: As may be described in a written agreement or on the registration page for the event

Perform website analytics Technical information and other information we collect, such as demographics, behavior tracking, and event tracking First and third-party analytics cookies Consent: To understand more about our Site visitors (what pages you view, how long you visit, your devices, etc.) in order to improve our services
Reviewing requests to participate in clinical studies and screening eligibility for enrollment Contact information, clinical study participant qualification information, and other information relevant to your eligibility and qualifications to participate in clinical studies sponsored or conducted by us. You and your healthcare provider Legitimate interest: To ensure research subjects are eligible and appropriate for the studies we sponsor or conduct

Consent: For collection of health data to assess your eligibility to participate in clinical studies

Your participation in a clinical study Identification information, including biographical and contact data; health data; your unique patient identifier which is assigned to you for the clinical study; genetic data; and biometric data, which is data relating to physical or biological characteristics You, your healthcare provider or a third party we engage to assist in conducting the clinical study Consent: Informed consent form signed prior to any study related activities
Recruiting personnel for employment Contact information, recruitment information, and other information relevant to potential recruitment by aTyr You, your references, your former employers Pre-contractual Measures: To recruit and evaluate potential candidates to join aTyr

Legal obligations: To comply with applicable legal obligations, including for employment law purposes

Sharing for the provision of information about our therapeutics Contact information and other information you provide You Contract: To allow for the secure transfer and processing of personal data

We may also aggregate or de-identify your Personal Information so that it can no longer be used to identify you. This aggregated or de-identified information may be used for any purpose permitted by law and is no longer subject to this Privacy Policy.

3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

We only share and disclose your Personal Information in the following situations:

  • Compliance with Laws. We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
  • Vital Interests and Legal Rights. We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
  • Vendors, Consultants Third-Party Service Providers and Collaborators. We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: data analysis, email delivery, and hosting services. We may allow selected third parties to use tracking technology on the Site, which will enable them to collect data about how you interact with the Site over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. Unless described in this Policy, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.
  • Some of these third party collaborators may be located outside of the United States, European Union/European Economic Area or United Kingdom. In some cases, data protection authorities may not have determined that those countries’ data protection laws provide a level of protection equivalent to U.S., European Union or United Kingdom privacy laws. We will only transfer your Personal Information to third parties in these countries when there are appropriate safeguards in place. These may include the European Commission or UK Information Commission approved standard contractual data protection clauses. To access these standard contractual data protection clauses, please contact our Data Protection Officer.
  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Business Partners. We may share your information with our business partners to offer you certain products, services or promotions.
  • With your Consent. We may disclose your Personal Information for any other purpose with your consent.
  • When interacting with us, you may come across links or references to third party website and services that we do not operate or control. If you provide your Personal Information to that third party through its website or services, you will be subject to that third party’s privacy practices and policies and terms of use. This Privacy Policy does not apply to any Personal Information that you provide to a third-party website or service.We recommend that you read the Privacy Policy that applies to that third party website or service. A link or reference to a third-party website or service does not mean that we endorse that third party, or the quality or accuracy of the information presented on its website or service.

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

We also use cookies to compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may use trusted third-party services that track this information on our behalf.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.

If you turn cookies off, it may affect your end user experience.

We, along with third-party vendors such as Google, use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together compile data regarding traffic throughout the site so we can improve the website for the best user experience. Users can set preferences by using the Google Ad Settings page or opt out by using the Google Analytics Opt Out Browser add on.

This website, mobile application, or Facebook application uses Google Maps APIs. You may find the Google Maps APIs Terms of Service here. To better understand Google’s Privacy Policy, please refer to this link: https://policies.google.com/privacy?hl=en-US

5. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

Our servers are located in United States. If you are accessing our Site from outside United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your Personal Information (see “WILL YOUR INFORMATION BE SHARED WITH ANYONE?” above and “WHAT ARE YOUR PRIVACY RIGHTS FOR PERSONS LOCATED IN THE EU/EEA AND UK”), in United States, and other countries. In any case, we undertake to transfer your data taking into account existing adequacy decisions. If the country in which the recipient is located does not benefit from an adequacy decision, we undertake to put in place appropriate safeguards.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

We will keep your Personal Information for as long as necessary to fulfill the purposes for which we collected it, including any legal, professional, accounting or reporting requirements. We will not keep your data longer than what is authorized by the law. When we no longer need to process your Personal Information for the purpose under which it was collected, we will either delete or anonymize it, or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented appropriate technical and organizational security measures designed to protect your Personal Information from unauthorized access, use, disclosure, alteration or destruction in accordance with applicable laws and regulations. For example, we limit our collection and use of your Personal Information to the extent necessary to provide you with our services. If you would like to know more about how we protect your Personal Information, you can contact our Data Protection Officer using the information listed below.

8. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly solicit data from or market to children under 18 years of age. By using the Site, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Site. If we learn that Personal Information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 18, please contact us at privacy@atyrpharma.com.

9. WHAT ARE YOUR PRIVACY RIGHTS FOR PERSONS LOCATED IN THE EU/EEA AND UK?

If you are located in the EU/EEA or in the UK and we maintain your Personal Information, you have the following additional rights (for example, the GDPR or UK Data Protection Act) with regard to your Personal Information. Note that some of these rights may not be exercisable if you are a study subject or may only be exercisable for reasons related to your particular situation.

  • Right to be informed: You have the right to obtain from our Data Protection Officer confirmation as to whether or not personal data concerning you are being processed and, where that is the case, all necessary information to make the process transparent.
  • Right to access and receive: You may request a copy of or access to the Personal Information we hold about you.
  • Right to portability: You may request that we transfer your Personal Information to a third party in a machine-readable format.
  • Right to correct: You may ask us to update or correct inaccurate or incomplete Personal Information we hold about you.
  • Right to limit or restrict: You may have the right to request that we stop using all or some of your Personal Information or to limit our use of it.
  • Right to object. You may object to the processing of your personal data where we have legitimate interest as the legal basis.
  • Right to erase: You may have the right to request that we delete all or some of your Personal Information. This right may be limited if we have collected your Personal Information for research purposes.
  • Right to withdraw consent: You have the right to withdraw any consent you have previously given to us at any time. Your withdrawal of consent does not affect the lawfulness of our collecting, using, and sharing of your Personal Information prior to the withdrawal of your consent. Even if you withdraw your consent, we have the right to use your Personal Information if it has been fully anonymized and cannot be used to personally identify you.
  • Right to complain:You have the right to lodge a complaint with your Supervisory Authority or with the Supervisory Authority where the alleged violation took place.

Additionally, if you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are a resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

If at any time you would like to view your personal data we have collected, if any, please email privacy@atyrpharma.com.

10. CONTROLS FOR DO-NOT-TRACK FEATURES

Do Not Track is a privacy preference that can be configured in certain web browsers (the “DNT Feature”); the DNT Feature, when enabled on a web browser, signals the website you visit that you do not want certain information about your visit collected. As the Internet industry is in the process of defining how to interpret signals sent by the DNT Feature, aTyr Pharma does not currently respond or recognize DNT Feature signals.

We may leverage third-party analytics and market performance tools in the administration of our Site. As a result, we have employed best practices and policies to respect browsers using the DNT signal. We respect this tag through applied policies in software developed for us as well as our use of tools to help provide better services and messaging to clinical data subjects and healthcare professionals. We do not assume liability for policies of or failure to comply with the DNT signal by our partners or vendors, which are subject to their policies and procedures.

DNT for cookies and similar technologies. Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services on our Site. To opt-out of interest-based advertising by advertisers on our Site visit http://www.aboutads.info/choices/.

11. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

The California Privacy Rights Act (“CPRA”) grants certain rights to California consumers, including:

  • The right to opt out of sharing of personal information. “Sharing” is defined as “sharing…or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration,” which essentially refers to interest-based advertising.
  • The right to opt out of certain uses and disclosures of “sensitive personal information,” which refers to personal information that reveals: a consumer’s Social Security number, driver’s license, state ID card, or passport number; a consumer’s account log-in, financial account, debit card, or credit card number in combination with a security or access code, password or credentials; a consumer’s precise geolocation; a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of a consumer’s email and text messages, unless the business is the intended recipient of the communications; a consumer’s genetic data; a consumer’s biometric data, in certain circumstances; a consumer’s health data; and data concerning a consumer’s sex life or sexual orientation.
  • The right to correct inaccurate personal information.
  • The right to enhanced transparency about a business’s information practices, including information about data retention periods.
  • Rights with respect to the use of automated decision-making technology, including profiling.

Users can visit our Site anonymously. This Privacy Policy will be housed in a link on our home page or as a minimum, on the first significant page after entering our website. Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the page specified above.

Should the Privacy Policy change, and you have subscribed to our mailing list, you will be notified of any changes via email. All other changes can be seen by visiting our Privacy Policy Page.

12. DATA PRIVACY FRAMEWORKS

aTyr complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. aTyr has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and the UK Extension to the EU-U.S. DPF, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, aTyr is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the Data Privacy Frameworks and the UK Extension to the EU-U.S. DPF, EU and UK individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you, the purpose of the processing, the categories of personal information being processed and the (categories of) recipients to whom that data is disclosed. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access or who seeks to correct, amend or delete inaccurate data transferred to the United States under the Data Privacy Framework, should direct their query to privacy@atyrpharma.com. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice or opt-in for sensitive data, before we share your data with third parties other than our agents or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@atyrpharma.com.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

aTyr’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and the UK Extension to the EU-U.S. DPF and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, aTyr remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless aTyr proves that it is not responsible for the event giving rise to the damage.

In compliance with the Data Privacy Framework Principles, aTyr commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Data Privacy Frameworks. European and United Kingdom individuals with DPF inquiries or complaints should first contact aTyr by email at privacy@atyrpharma.com

aTyr has further committed to refer unresolved privacy complaints under the Data Privacy Framework and the UK Extension to the EU-U.S. DPF to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

You can also submit a complaint directly to your local data protection authority (i.e., EU/EEA Member State data protection authority; UK Information Commissioner’s Office (ICO)). Your data protection authority may refer your complaint directly to the U.S. Department of Commerce’s International Trade Administration (ITA) on your behalf. In that case, the DPF team will work alongside aTyr to seek to resolve your concerns.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms through the Data Privacy Framework Panel (more information here https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf).

As aTyr is under the enforcement authority of the Federal Trade Commission (FTC), you can also submit a complaint before the FTC using this link (https://www.ftc.gov/news-events/topics/protecting-consumer-privacy-security/privacy-security-enforcement), but keep in mind that the FTC does not resolve individual complaints.

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

13. HOW CAN YOU CONTACT US ABOUT THIS POLICY?

If you have any further questions or comments about us or our policies, email us at privacy@atyrpharma.com or by post to:

aTyr Pharma, Inc.
Attn: General Counsel
10240 Sorrento Valley Road, Suite 300
San Diego CA 92121
United States

aTyr’s EU/UK Data Protection Representative contact details:
aTyr.dpr.EU@mydata-trust.info
aTyr.dpr.uk@mydata-trust.info

aTyr’s Data Protection Officer contact details:
aTyr.dpo@mydata-trust.info

14. HOW CAN YOU REVIEW, UPDATE OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please submit a request form by emailing us at privacy@atyrpharma.com. We will respond to your request within 30 days.