Last Updated: April 22, 2022
Nurix Therapeutics, Inc.
Nurix Therapeutics, Inc. (“Nurix”, “we,” “us,” “our”) is committed to protecting and respecting your privacy and personal information.
- should you enroll in or otherwise participate in a Nurix-sponsored clinical study or
- when you apply for a job with Nurix
- in the course of your employment with Nurix, whether as an employee or independent contractor
I. PERSONAL INFORMATION WE COLLECT – SOURCES AND CATEGORIES
In the 12 months preceding the date of this Policy, we may have collected your personal information when you visited our website and through other interactions with us, when you requested information about our Services, provided us with your information at a conference or other event or by registering for or participating in a webinar or online presentation, or when you voluntarily provided information to us through our website, or by emailing or telephoning us. We also collected personal information from our LinkedIn page and Twitter feed and our other social media pages. We will continue to collect Personal Information from the same sources. The categories of Personal Information we may have collected from these sources during the 12 months preceding the date of this Policy, and will continue to collect, include the following:
- Personal identifiers: Name, address, email address, social media handle, telephone numbers, and IP address.
- Internet or other electronic activity information: Device and browser type and information regarding your interaction with our website, details about your browser, operating system or device.
- Professional information: Name of current employers and position(s) you hold.
II. HOW WE USE YOUR INFORMATION.
We have set out below, a description of the ways we use your personal information (referred to as “processing purposes” below), and for individuals located in the EEA or the UK we explain which of the legal bases we rely on to do. .
|Categories of Personal Information||Processing Purposes||Legal Basis (where you are located in the EEA or the UK)|
|Personal Identifiers; Internet or other electronic activity information; and Professional Information||Transactions: To enable any due diligence and other appraisals or evaluations for any actual or proposed merger, acquisition, financing transaction or joint venture contemplated by Nurix.||To pursue our legitimate interests to operate and improve our business (Art. 6(1)(f) GDPR)|
|Legal Claims: To defend and enforce our rights including, against legal claims that involve us, and to manage regulatory matters, investigations, data breaches, and/or data subject requests||To comply with a legal obligation, e.g. to respond to an official request or data subject request (Art. 6(1)(c) GDPR) To pursue our legitimate interests to defend and enforce our rights (Art. 6(1)(f) GDPR)|
If you are located in the European Economic Area and the United Kingdom: You have a right to object to the processing of your personal information where that processing is carried out for our legitimate interests. Please note however that we may not be able to fulfill such requests in all instances. You are able to request a copy of the legitimate interest assessment carried out by us. Where we need to collect the above mentioned categories of personal information by virtue of a legal obligation or in light of a contract entered or to be entered into with you, and you do not provide this personal information when requested, we may not be able to comply with our legal obligations, provide you with the Services or perform the contract we have or are trying to enter into with you. In such case, we may have to terminate our relationship with you..
III. DISCLOSING YOUR INFORMATION FOR BUSINESS PURPOSES
The following chart describes the categories of Personal Information that we disclosed to third parties for a business purpose in the 12 months prior to the date of this Policy :
|Categories of Consumers’ Personal Information||Categories of Third Parties With Which We Shared Personal Information for a Business Purpose|
|Personal identifiers: Name, address, email address, social media handle, telephone numbers, and IP address.||Service providers that assist us in operating, analyzing, and displaying content on our website; provide analytics information; provide website hosting, webcast and conference services.|
|Internet or other electronic network activity information: Device and browser type and information regarding your interaction with our website, details about your browser, operating system or device.||Service providers that provide data security services and cloud-based data storage; host our Sites and assist with other IT-related functions; provide website hosting, webcast and teleconference services; and provide analytics information.|
|Professional information: Name of current employers and position(s) you hold.||Service providers that assist us in providing webcast and conference services.|
Additional Information About How We May Share Personal Information
We may also share personal information as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also share your personal information with third parties to help detect and protect against fraud or data security vulnerabilities. And we may transfer your personal information to a third party in the event of an actual or contemplated sale, merger, reorganization of our entity or other restructuring.
No Sale of Personal Information
We do not sell personal information.
IV. INTERNATIONAL DATA TRANSFERS
Our Services are hosted in the US. Therefore, when you disclose personal information to us, this personal information will be transferred to the US.
If you are located in the EEA/UK, Nurix may, for the purposes listed in Section II, transfer your personal information to other recipients as referred to above, that are also located in countries outside the EEA/UK, including the U.S., and which are not currently considered by the European Commission and/or UK Government to provide an adequate level of data protection. In these circumstances, Nurix will take steps to ensure that the personal information is protected including by entering into Standard Contractual Clauses or similar (“SCCs”) with the recipient, seeking assurances from the recipient that they have Binding Corporate Rules in place or otherwise relying on a derogation for the transfer (e.g., where the transfer is necessary for the defense of legal claims).
You can request further information on the data transfer solutions relied upon including, a copy of the SCCs by using the contact details in Section X below.
V. YOUR PRIVACY RIGHTS
In accordance with applicable law, you may have certain privacy rights depending upon the jurisdiction in which you reside. However, please note that the below rights are not absolute and may be subject to limitations.
California Privacy Rights
California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) gives California residents rights described below with respect to their Personal Information.
Your Right To Request Disclosure of Information We Collect and Share About You
We are committed to ensuring that you know what Personal Information we collect. To that end, you can ask us for any or all of following types of information regarding the Personal Information we have collected about you in the 12 months prior to our receipt of your request:
Your Right To Request Deletion of Personal Information We Have Collected About You
Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law. The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us. We will act on your deletion request within the timeframes set forth below.
Exercising Your Rights and How We Will Respond
To exercise any of the rights above contact us at firstname.lastname@example.org.
For requests for access or deletion, we will first acknowledge receipt of your request within 10 business days of receipt of your request. We will provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances.
For requests to stop the sale of your Personal Information, we will comply no later than 15 business days after receipt of your request.
If we expect your request is going to take us longer than normal to fulfill, we will let you know.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations. In some cases, the law may allow us to refuse to act on certain requests. When this is the case, we will endeavor to provide you with an explanation as to why.
Our Commitment to Allowing You to Exercise Your Rights – Non-Discrimination
If you exercise any of the rights explained in this Policy, we will continue to treat you fairly. If you exercise your rights under this Policy , you will not be denied or charged different prices or rates for goods or services, or provided a different level or quality of goods or services than others.
Verification of Identity – Access or Deletion Requests
We will ask you for identifying information and attempt to match it to information that we maintain about you.
If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to your request. We will notify you to explain the basis of the denial.
You may designate an agent to submit requests on your behalf. The agent must be a natural person or a business entity that is registered with the California Secretary of State.
If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our verification process. Specifically, if the agent submits requests to access, know or delete your Personal Information, the agent will need to provide us with your signed permission indicating the agent has been authorized to submit the opt-out request on your behalf. We will also require that you verify your identity directly with us or confirm with us that you provided the agent with permission to submit the request.
Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.
California Shine the Light
California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents that have an established business relationship with a business to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for those parties’ direct marketing purposes in the preceding calendar year. We do not share personal information with third parties for their marketing purposes.
California Do Not Track
Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browsers’ do not track signals.
EEA / UK Privacy Rights
Residents in the EEA and UK have the following privacy rights, subject to applicable limitations:
Right of Access: you have the right to confirm what data is being processed, obtain information about the processing activities and to receive a copy of your personal information;
Right to Rectification: you have the right to request rectification / correction of your personal information where it is inaccurate or incomplete
Right to Erasure: you have the right to request deletion of your personal information.
Right to Restriction: you have a right to ask that we restrict or suppress the processing of your personal information which means that whilst we are permitted to store the personal information we cannot otherwise process it.
Right to Data Portability: you have right to request the transfer of certain personal information to a third party, in machine readable format.
Right to Object: you have the right to object to the processing of your personal information including for any direct marketing purposes.
Right to Withdraw Consent: you have the right to withdraw your consent, at any time, without hindrance or cost, to prevent further processing. Please note that withdrawing your consent does not affect the lawfulness of our processing of your personal information based on such consent before the withdrawal.
If you would like to exercise any of these rights, please contact us as set forth below. We will process such requests in accordance with applicable laws. To protect your privacy, we take steps to verify your identity before fulfilling your request.
VI. DATA RETENTION
We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period, the amount, nature and sensitivity of the personal information are considered, together with the necessity and purposes for the processing (including, whether such purposes can be achieved through other means) and the potential risk of harm from unauthorized use or disclosure of the personal information. In exceptional cases (e.g., in pending litigation matters or where the law requires us to) your personal information may need to be kept for longer periods of time.
VII. SECURITY OF YOUR INFORMATION
VIII. CHILDREN’S INFORMATION
The Services are not directed to children under 16 (or other age as required by local law), and we do not knowingly collect personal information from children. We do not sell personal information, including the personal information of minors under 16 years of age. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we learn that we have collected any personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.
IX. OTHER PROVISIONS
If you are located in the European Economic Area or the UK, you have the right to lodge a complaint with a supervisory authority.
Third Party Websites
X. CONTACT US
Nurix Therapeutics, Inc.
1700 Owens Street, Suite 205
San Francisco, CA 94158