Last updated February 2, 2024
Thank you for choosing to be part of our community at aTyr Pharma, Inc. (aTyr may be referred to as “company”, “we”, “us”, or “our”). We are committed to protecting your Personal Information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your Personal Information, please contact us at email@example.com.
- What Information Do We Collect?
- How Do We Use Your Information?
- Will Your Information Be Shared with Anyone?
- Is Your Information Transferred Internationally?
- How Long Do We Keep Your Information?
- How Do We Keep Your Information Safe?
- Do We Collect Information from Minors?
- What Are Your Privacy Rights For Persons Located In the EU/EEA and UK?
- Controls for Do-Not-Track Features
- Do California Residents Have Specific Privacy Rights?
- Data Privacy Frameworks
- How Can You Contact Us About This Notice?
- How Can You Review, Update or Delete The Data We Collect From You?
1. WHAT INFORMATION DO WE COLLECT?
“Personal Information” is defined as any information that relates to you directly or indirectly, by reference to an identifier, location, or factors specific to physical, physiological, genetic, economic, cultural or social identity.
We may collect and process the following Personal Information about you:
- Contact information, such as your name, email address, phone number, address, company affiliation, or job title;
- Access information, such as your log-in username and password details;
- Online and technical identifiers, such as your IP (Internet Protocol) address and cookies;
- Professional credentials, such as curriculum vitae/resume, work history, qualifications or any other type of information that may be included on a resume or curriculum vitae;
- Demographic and health data information;
- Communication and correspondence information, such as the content of communications you send us to report a problem or to submit a query, or your response to a survey;
- Financial and government identifying numbers, such as U.S. social security numbers for payment processing purposes in the U.S.;
- Identification information, including biographical and contact data;
- Banking information collected for payment processing purposes;
- Health data collected for the conduct of clinical studies;
- Your unique patient identifier which is assigned to you in the event you participate in one of our clinical studies;
- Genetic data;
- Biometric data, which is data relating to physical or biological characteristics; and
- Any other information that you or an authorized party provides to us that can be used to identify you.
We may collect Personal Information from numerous sources, including the following:
- Directly from you, your references or other sources provided by you. For example, when you enquire about our therapeutic compounds, contact us via this Site, apply for employment, ask to be a clinical study participant or a principal investigator in one of our clinical studies, or in any way engage with us or our personnel;
- Cookies and automated technologies, such as when you interact with our website;
- Third party vendors, which may include those vendors, suppliers, contractors or business partners that provide services for us (e.g. market research vendors or adverse event reporting);
- Government officials or entities; and
- Publicly available sources.
2. HOW DO WE USE YOUR INFORMATION?
|Use of your Personal Information
|Categories of Personal Information we Process
|Source of the Personal Information
|Obtain your subscription preferences and send surveys, questionnaires, event related materials, or commercial communications
|Contact information and other information you provide, such as your topic preferences and areas of interest
|Consent: To obtain your subscription preferences and send you commercial communications
Legitimate interests: To provide you with surveys, questionnaires, information you need and services you request
|Respond to inquiries and fulfill requests
|Contact information and other information you provide, such as your requests
|Legitimate interests: To provide you with information you need and other services you request and to efficiently communicate with you
|Enter into or perform a contract
|Contact information and other information you provide
|Contract: To conduct our normal course of business
|Comply with applicable laws, regulations, codes, court order or other legal obligations (e.g., pharmacovigilance obligations, financial disclosure requirements)
|Contact information and other information you provide
|Legal obligation: To comply with applicable legal obligations
|Fraud and security monitoring
|You and your network provider
|Legitimate interests: To protect your information
|Register you for events and deliver event-related materials
|Contact information and other information you provide, such as your preferences for the event
|Legitimate interests: To enable your attendance at our events and to deliver you event materials
Contract: As may be described in a written agreement or on the registration page for the event
|Perform website analytics
|Technical information and other information we collect, such as demographics, behavior tracking, and event tracking
|First and third-party analytics cookies
|Consent: To understand more about our Site visitors (what pages you view, how long you visit, your devices, etc.) in order to improve our services
|Reviewing requests to participate in clinical studies and screening eligibility for enrollment
|Contact information, clinical study participant qualification information, and other information relevant to your eligibility and qualifications to participate in clinical studies sponsored or conducted by us.
|You and your healthcare provider
|Legitimate interest: To ensure research subjects are eligible and appropriate for the studies we sponsor or conduct
Consent: For collection of health data to assess your eligibility to participate in clinical studies
|Your participation in a clinical study
|Identification information, including biographical and contact data; health data; your unique patient identifier which is assigned to you for the clinical study; genetic data; and biometric data, which is data relating to physical or biological characteristics
|You, your healthcare provider or a third party we engage to assist in conducting the clinical study
|Consent: Informed consent form signed prior to any study related activities
|Recruiting personnel for employment
|Contact information, recruitment information, and other information relevant to potential recruitment by aTyr
|You, your references, your former employers
|Pre-contractual Measures: To recruit and evaluate potential candidates to join aTyr
Legal obligations: To comply with applicable legal obligations, including for employment law purposes
|Sharing for the provision of information about our therapeutics
|Contact information and other information you provide
|Contract: To allow for the secure transfer and processing of personal data
3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?
We only share and disclose your Personal Information in the following situations:
- Compliance with Laws. We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
- Vital Interests and Legal Rights. We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
- Vendors, Consultants Third-Party Service Providers and Collaborators. We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: data analysis, email delivery, and hosting services. We may allow selected third parties to use tracking technology on the Site, which will enable them to collect data about how you interact with the Site over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. Unless described in this Policy, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.
- Some of these third party collaborators may be located outside of the United States, European Union/European Economic Area or United Kingdom. In some cases, data protection authorities may not have determined that those countries’ data protection laws provide a level of protection equivalent to U.S., European Union or United Kingdom privacy laws. We will only transfer your Personal Information to third parties in these countries when there are appropriate safeguards in place. These may include the European Commission or UK Information Commission approved standard contractual data protection clauses. To access these standard contractual data protection clauses, please contact our Data Protection Officer.
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Business Partners. We may share your information with our business partners to offer you certain products, services or promotions.
- With your Consent. We may disclose your Personal Information for any other purpose with your consent.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.
If you turn cookies off, it may affect your end user experience.
We, along with third-party vendors such as Google, use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together compile data regarding traffic throughout the site so we can improve the website for the best user experience. Users can set preferences by using the Google Ad Settings page or opt out by using the Google Analytics Opt Out Browser add on.
5. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
Our servers are located in United States. If you are accessing our Site from outside United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your Personal Information (see “WILL YOUR INFORMATION BE SHARED WITH ANYONE?” above and “WHAT ARE YOUR PRIVACY RIGHTS FOR PERSONS LOCATED IN THE EU/EEA AND UK”), in United States, and other countries. In any case, we undertake to transfer your data taking into account existing adequacy decisions. If the country in which the recipient is located does not benefit from an adequacy decision, we undertake to put in place appropriate safeguards.
6. HOW LONG DO WE KEEP YOUR INFORMATION?
We will keep your Personal Information for as long as necessary to fulfill the purposes for which we collected it, including any legal, professional, accounting or reporting requirements. We will not keep your data longer than what is authorized by the law. When we no longer need to process your Personal Information for the purpose under which it was collected, we will either delete or anonymize it, or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
7. HOW DO WE KEEP YOUR INFORMATION SAFE?
We have implemented appropriate technical and organizational security measures designed to protect your Personal Information from unauthorized access, use, disclosure, alteration or destruction in accordance with applicable laws and regulations. For example, we limit our collection and use of your Personal Information to the extent necessary to provide you with our services. If you would like to know more about how we protect your Personal Information, you can contact our Data Protection Officer using the information listed below.
8. DO WE COLLECT INFORMATION FROM MINORS?
We do not knowingly solicit data from or market to children under 18 years of age. By using the Site, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Site. If we learn that Personal Information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 18, please contact us at firstname.lastname@example.org.
9. WHAT ARE YOUR PRIVACY RIGHTS FOR PERSONS LOCATED IN THE EU/EEA AND UK?
If you are located in the EU/EEA or in the UK and we maintain your Personal Information, you have the following additional rights (for example, the GDPR or UK Data Protection Act) with regard to your Personal Information. Note that some of these rights may not be exercisable if you are a study subject or may only be exercisable for reasons related to your particular situation.
- Right to be informed: You have the right to obtain from our Data Protection Officer confirmation as to whether or not personal data concerning you are being processed and, where that is the case, all necessary information to make the process transparent.
- Right to access and receive: You may request a copy of or access to the Personal Information we hold about you.
- Right to portability: You may request that we transfer your Personal Information to a third party in a machine-readable format.
- Right to correct: You may ask us to update or correct inaccurate or incomplete Personal Information we hold about you.
- Right to limit or restrict: You may have the right to request that we stop using all or some of your Personal Information or to limit our use of it.
- Right to object. You may object to the processing of your personal data where we have legitimate interest as the legal basis.
- Right to erase: You may have the right to request that we delete all or some of your Personal Information. This right may be limited if we have collected your Personal Information for research purposes.
- Right to withdraw consent: You have the right to withdraw any consent you have previously given to us at any time. Your withdrawal of consent does not affect the lawfulness of our collecting, using, and sharing of your Personal Information prior to the withdrawal of your consent. Even if you withdraw your consent, we have the right to use your Personal Information if it has been fully anonymized and cannot be used to personally identify you.
- Right to complain:You have the right to lodge a complaint with your Supervisory Authority or with the Supervisory Authority where the alleged violation took place.
Additionally, if you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
If you are a resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.
If at any time you would like to view your personal data we have collected, if any, please email email@example.com.
10. CONTROLS FOR DO-NOT-TRACK FEATURES
Do Not Track is a privacy preference that can be configured in certain web browsers (the “DNT Feature”); the DNT Feature, when enabled on a web browser, signals the website you visit that you do not want certain information about your visit collected. As the Internet industry is in the process of defining how to interpret signals sent by the DNT Feature, aTyr Pharma does not currently respond or recognize DNT Feature signals.
We may leverage third-party analytics and market performance tools in the administration of our Site. As a result, we have employed best practices and policies to respect browsers using the DNT signal. We respect this tag through applied policies in software developed for us as well as our use of tools to help provide better services and messaging to clinical data subjects and healthcare professionals. We do not assume liability for policies of or failure to comply with the DNT signal by our partners or vendors, which are subject to their policies and procedures.
DNT for cookies and similar technologies. Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services on our Site. To opt-out of interest-based advertising by advertisers on our Site visit http://www.aboutads.info/choices/.
11. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
The California Privacy Rights Act (“CPRA”) grants certain rights to California consumers, including:
- The right to opt out of sharing of personal information. “Sharing” is defined as “sharing…or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration,” which essentially refers to interest-based advertising.
- The right to opt out of certain uses and disclosures of “sensitive personal information,” which refers to personal information that reveals: a consumer’s Social Security number, driver’s license, state ID card, or passport number; a consumer’s account log-in, financial account, debit card, or credit card number in combination with a security or access code, password or credentials; a consumer’s precise geolocation; a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of a consumer’s email and text messages, unless the business is the intended recipient of the communications; a consumer’s genetic data; a consumer’s biometric data, in certain circumstances; a consumer’s health data; and data concerning a consumer’s sex life or sexual orientation.
- The right to correct inaccurate personal information.
- The right to enhanced transparency about a business’s information practices, including information about data retention periods.
- Rights with respect to the use of automated decision-making technology, including profiling.
12. DATA PRIVACY FRAMEWORKS
With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, aTyr is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Data Privacy Frameworks and the UK Extension to the EU-U.S. DPF, EU and UK individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you, the purpose of the processing, the categories of personal information being processed and the (categories of) recipients to whom that data is disclosed. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access or who seeks to correct, amend or delete inaccurate data transferred to the United States under the Data Privacy Framework, should direct their query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice or opt-in for sensitive data, before we share your data with third parties other than our agents or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to email@example.com.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
aTyr’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and the UK Extension to the EU-U.S. DPF and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, aTyr remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless aTyr proves that it is not responsible for the event giving rise to the damage.
In compliance with the Data Privacy Framework Principles, aTyr commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Data Privacy Frameworks. European and United Kingdom individuals with DPF inquiries or complaints should first contact aTyr by email at firstname.lastname@example.org
aTyr has further committed to refer unresolved privacy complaints under the Data Privacy Framework and the UK Extension to the EU-U.S. DPF to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
You can also submit a complaint directly to your local data protection authority (i.e., EU/EEA Member State data protection authority; UK Information Commissioner’s Office (ICO)). Your data protection authority may refer your complaint directly to the U.S. Department of Commerce’s International Trade Administration (ITA) on your behalf. In that case, the DPF team will work alongside aTyr to seek to resolve your concerns.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms through the Data Privacy Framework Panel (more information here https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf).
As aTyr is under the enforcement authority of the Federal Trade Commission (FTC), you can also submit a complaint before the FTC using this link (https://www.ftc.gov/news-events/topics/protecting-consumer-privacy-security/privacy-security-enforcement), but keep in mind that the FTC does not resolve individual complaints.
13. HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have any further questions or comments about us or our policies, email us at email@example.com or by post to:
aTyr Pharma, Inc.
Attn: General Counsel
10240 Sorrento Valley Road, Suite 300
San Diego CA 92121
aTyr’s Data Protection Officer contact details:
14. HOW CAN YOU REVIEW, UPDATE OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please submit a request form by emailing us at firstname.lastname@example.org. We will respond to your request within 30 days.