Website Privacy Notice
EveryONE Medicines
GLOBAL WEBSITE PRIVACY NOTICE
Updated: 30 August 2024
This website is owned and operated by Everyone Medicines Inc. and its subsidiaries (“EveryONE Medicines”, “Company,” “we,” “us” or “our”).
We act as the controller of (or the business for) the personal data collected and processed regarding visitors to this website. This simply means we are responsible for your personal data. For any questions in respect of this Privacy Notice, you can contact us as described in the “HOW TO CONTACT US” section below.
For a high-level overview of our privacy practices, please see our Privacy Snapshot.
For individuals in the U.S., please refer to our Consumer Health Data Privacy Policy for additional information about the processing of your consumer health data, and your rights under applicable U.S. state data privacy laws with respect to such data.
PURPOSE
This Privacy Notice explains how we will collect, use, disclose, store and transfer personal data from website users.
We process all personal data in compliance with relevant data protection laws, including the EU and UK General Data Protection Regulation (“GDPR”) and any applicable privacy laws within the jurisdictions in which we operate, which means that your personal data will be:
- used lawfully, fairly and in a transparent way;
- collected only for valid purposes that we have clearly explained to you;
- accurate and kept up-to-date;
- retained only for as long as necessary for the purposes we have told you about or when we have a legal obligation to retain for a specific period of time; and
- kept securely.
INFORMATION WE COLLECT AND USE
Personal data is information which identifies you personally or by which your identity can be ascertained. This may include your name, address, e-mail address, and other contact details.
If you submit an inquiry on our website, for us to assess whether an individual meets the criteria for development of individualized therapy, we ask you to provide your e-mail address, your location (country), and details relating to the individual’s gene mutation.
WEBSITE & TECHNICAL DATA
When you visit our website, we and our service providers collect standard internet log information and details of visitor behavior patterns which allow us to better understand how users interact with the website and enable us to improve it, where necessary, such as:
- Device data such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, device type (e.g., phone, tablet), Internet Protocol (IP) address, unique identifiers, language settings and general location information such as city, state, or geographic area.
- Activity data such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access, and whether you have opened or otherwise engage with our communications.
We use cookies and similar technologies to collect this information. Please refer to our Cookie Policy for more information.
IDENTIFIABLE DATA
When you submit your personal details via the Contact Page or through info@everyonemedicines.com, we will use that information to respond to your message, which will be relayed to the relevant department, which will respond directly to you.
The information captured via the Contact Page or through info@everyonemedicines.com may be used to manage future communications with you, which may include information about our products and services.
HOW WE USE YOUR PERSONAL DATA
We process your personal data for the following purposes:
- undertaking business development, growth, and other operational activities, which are within our legitimate interests;
- to respond to queries and requests submitted via the website “Contact Us” form or via email or telephone, provide user support, and communicate with users about our services, including by sending announcements, updates, security alerts and support and administrative messages, as needed to perform our contractual obligations, or when it is in our legitimate business interests;
- to assess whether an individual meets the criteria for development of an individualized therapy. We use this personal data, excluding genetic information, to comply with a legal obligation or for our legitimate interests. We also use genetic information for reasons of a public interest in the area of public health or for scientific research purposes;
- to improve, monitor, personalize and keep our website secure, which is within our legitimate interests;
- to send you direct marketing communications as permitted by law, including by email. Except where consent is required, we undertake such direct marketing on the basis of our legitimate business interests. However, if you do not wish to hear from us, you may unsubscribe at any time by either using the unsubscribe option within the message/email or by contacting us directly at privacy@everyonemedicines.com;
- to negotiate, enter into, manage, monitor, and conclude new and existing contracts;
- to comply with health and safety requirements; and
- to comply with our legal and regulatory obligations and to defend us against legal claims or disputes.
Under data protection legislation, including the GDPR, the use of personal data must be justified. Such justification is called a “legal basis,” and we apply the following legal bases when processing personal data for the purposes described above:
- to fulfil the performance of a contract;
- where we have a legal obligation;
- to achieve our legitimate interests, provided this does not affect your rights as a data subject;
- to defend, prosecute or make a legal claim; and
- where you have been asked to provide your consent.
You can see more details of our processing activities and the legal bases on which your data is processed in Appendix 1 at the end of this Privacy Notice.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you first and we will explain the lawful basis which allows us to do so.
DISCLOSURES OF YOUR PERSONAL DATA
We may disclose your personal data to our third-party service providers, agents, subcontractors and other associated organizations, affiliates and other third parties (as described below) in order to complete tasks, conduct our business and comply with applicable laws.
We may pass your personal data to the following entities:
- our subsidiary, including Everyone Medicines Ltd.;
- companies and organizations that assist us in providing the website;
- any third party as a result of any restructure, merger, sale or acquisition of our group or any affiliates, or dissolution or similar events (or negotiations for such transactions), provided that we will require any recipient to use your information for purposes consistent with this Privacy Notice;
- professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to us;
- regulatory and law enforcement authorities, where the law allows or requires us to do so;
- where you give us permission to disclose your data to a relevant third party in the course of your relationship with us from time to time.
INTERNATIONAL TRANSFERS
Some of our external third parties (described in paragraph 4 above) and certain members of EveryONE Medicines are based outside the United Kingdom (UK) and the European Economic Area (EEA), specifically, in the United States. This means that your personal data may be processed in countries with data protection laws less stringent than or otherwise different from the laws in effect in your country.
Where there are cross border transfers of your personal data, unless we can rely on a derogation provided under data protection law, we will take steps to ensure that your data is subject to appropriate safeguards to afford adequate protection for your personal data, and we will comply with applicable data protection law. For example, in relation to European personal data, we rely on a European Union (EU) Commission or UK government adequacy decision or on contractual protections for the transfer of personal data. For more information about how we transfer personal data internationally, please contact us as set out in the “How to Contact Us” section below.
HOW WE PROTECT YOUR PERSONAL DATA
We have put in place security measures designed to protect your personal data from being accidentally lost, or used, damaged, accessed or disclosed in an unauthorized or unlawful way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a legitimate business need to know.
DATA RETENTION
Where required under applicable laws, we retain personal data only for as long as is necessary to fulfil the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws and regulatory obligations or until you withdraw your consent (where applicable). To determine the appropriate retention period for personal data, we will consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
If you would like more details about retention periods, please contact us at privacy@everyonemedicines.com.
If we determine that we no longer need your personal data to fulfil the purposes we collected it for, we will either erase (delete) it or anonymize it. Here are some typical factors which we usually consider when determining how long we need to retain your personal data:
- in the event of a complaint;
- if we reasonably believe there is a prospect of litigation in respect to our relationship with you or if we consider that we need to keep information to defend possible future legal claims;
- to comply with any applicable legal and/or regulatory requirements with respect to certain types of personal data (e.g., information needed for audit purposes, etc.); or
- in accordance with relevant industry standards or guidelines.
Please bear in mind that the right to deletion/erasure of your personal data is not absolute which means that in some circumstances, while you can ask us to delete your data, we may have lawful grounds to retain it. See YOUR RIGHTS paragraph below for further information.
YOUR RIGHTS
Under certain circumstances, you have rights under the data protection laws in relation to your personal data:
- Right to be informed. This enables you to be informed at all times about who we are and the purposes for processing your personal data. Our Privacy Notice is designed to provide this information.
- Request access to your personal data (commonly known as a ’data subject access request’). This enables you to receive a copy of the personal data we hold about you.
- Request correction of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason or lawful purpose for us continuing to process it.
- Object to the processing of your personal data. This applies where we are relying on a legitimate interest (or those of a third party) to process your personal data (as described in this Privacy Notice). In some cases, we may demonstrate that we have compelling legitimate grounds to continue processing your information which override your rights and freedoms.
- Right to stop direct marketing. Where we are processing your personal data for direct marketing purposes (such as to send you newsletters or promotional emails), you have the right to notify us in writing requesting that we cease or do not begin processing your personal data for direct marketing purposes.
- Rights in relation to automated decision making, including profiling. This applies if the decision is made solely by automated means (without human involvement). Please be advised that we do not undertake any automated decision-making, including profiling, in relation to data processed via our websites.
- Request restriction/stop of processing your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (1) If you want us to establish the data’s accuracy; (2) Where our use of the data is unlawful but you do not want us to erase it; (3) Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; (4) You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
- Request transfer of your personal data. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format (if feasible). Note that this right only applies to automated information which you initially provided consent for us to use or where you provided the information to us to perform a contract with you.
- Right to opt out of the sale of your personal data or sharing of your personal data for interest-based advertising. We do not engage in the sale of your personal data, or the sharing of your personal data for such purposes and we have not engaged in such activities in the 12 months preceding the date this Privacy Notice was last updated. Without limiting the foregoing, we do not knowingly “sell” or “share” the personal data of consumers under 16 years of age.
- Right to withdraw consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. You may withdraw consent at any time where we are relying on consent to process your personal data by contacting us through privacy@everyonemedicines.com. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
- Right to appeal our denial of your personal data request by contacting us as set out in the “How to Contact Us” section below.
If you wish to exercise any of the rights set out above or if you have any queries regarding how we process your personal data, please contact us at privacy@everyonemedicines.com. We may ask for specific information from you to help us confirm your identity. You are entitled to exercise the rights described above free from discrimination.
In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights.
If you are not satisfied with the way that your personal data have been processed, or how we have responded to your queries or requests, you have the right to contact the UK Information Commissioners Office via www.ico.org.uk or any EU member state Supervisory Authority (click here to find your local authority.
OTHER SITES, MOBILE APPLICATIONS AND SERVICES
Our website may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and disclosure of your personal data. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.
CHILDREN
Our website is not intended for use by children under 18 years of age. If we learn that we have collected personal data through the website from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.
CHANGES TO THIS PRIVACY NOTICE
We reserve the right to modify this Privacy Notice at any time. If we make material changes to this Privacy Notice, we will notify you by updating the date of this Privacy Notice and posting it on the website.
HOW TO CONTACT US
If you have any questions about this Privacy Notice or our privacy practices, or to submit a personal data request, please contact us by email at privacy@everyonemedicines.com.
APPENDIX 1 – TABLE OF PROCESSING ACTIVITIES
We have set out below, in a table format, a description of the ways we plan to use your personal data, and which of the legal bases we rely on to do so.
We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data on more than one legal basis depending on the specific purpose for which we are using your data.
Where we apply the legal basis of legitimate interests, we undertake appropriate risk assessments to ensure that our need and benefit to process your personal data does not outweigh your rights and freedoms or present any possible risks to you.
| PURPOSE/ACTIVITY | LEGAL BASIS FOR PROCESSING |
|---|---|
To manage our relationship with you which can include:
|
|
| To administer and protect our business, our website and applications including troubleshooting data analysis, testing, system maintenance, support, reporting and hosting of data |
|
| To deliver relevant website content and, where applicable, advertisements or promotions. We may measure or understand the effectiveness of the advertising and promotions we serve |
|
| To use data analytics to improve our website, marketing, customer relationships and experiences |
|
| To assess whether an individual meets the criteria for development of an individualized therapy |
|
Please contact us privacy@everyonemedicines.com if you require details about the specific legal basis we are relying on to process your personal data where more than one base has been set out in the table above.
PRIVACY SNAPSHOT
Below is a high-level snapshot of how we collect, use, and disclose your personal data when you use the website, but please read the entire Website Privacy Notice for complete information.
| Data Categories Collected | How We Collect | Primary Purposes of Processing | Key Recipients/Disclosures | Can You Limit Sharing? |
|---|---|---|---|---|
| Identifiers, such as real name, alias, unique personal identifier, online identifier, Internet Protocol address, email address, and other identifying information you may provide when using the website | When you visit or use our website | To manage our relationship with you; to improve, monitor and personalize our website; to communicate with you; to send you direct marketing communications as permitted by law | Service providers | No |
| Internet or other electronic network activity information, including but not limited to browsing history and search history | When you visit or use our website | To understand how users interact with the website and enable us to improve it | Service providers | No |
| Sensitive personal information (as defined in CA Civil Code 1798.140 (ae)) | When you submit an inquiry on our website | To assess whether an individual meets the criteria for development of an individualized therapy | Service providers | No |
| Personal information categories listed in the California Customer Records Statute (e.g., name, contact details) | When you visit or use our website | To manage our relationship with you; to improve, monitor and personalize our website; to communicate with you; to send you direct marketing communications as permitted by law | Service providers | No |
| Professional or employment-related information | When you visit or use our website | To manage our relationship with you; to communicate with you; to send you direct marketing communications as permitted by law | Service providers | No |
As described further in our notice, we may disclose all categories of personal data to our service providers, affiliates, and professional advisors for the purposes described in the notice. We also may disclose personal data to authorities and others for legal and compliance purposes, and to business transferees in the context of an acquisition or the sale of our business or another corporate transaction.