Privacy Shield Statement
What Information Do We Collect?
We collect information from you when you register on our website or social media offerings or contact us. When registering or contacting us on our website or social media offerings, as appropriate, you may be asked to enter your name, email address, mailing address, or phone number. If you include your email address or a phone number in your registration information, we may use it to communicate with you via email and/or phone. If you choose to send us an email or text or fill out an online form, you are voluntarily providing personal information to us. By voluntarily providing personal information to us, you are giving us your consent to collect, use, and disclose that information for the purpose it is requested and for other reasonable internal business purposes. If you do not want us to collect this type of personal information, do not provide it. Although failure to provide such information may limit your ability to take full advantage of our website, it will not affect your ability to access certain information available on our website to the general public.
How Do We Use Your Information?
Any of the personal information we collect from you may be used in one of the following ways:
• To send periodic emails: If you decide to opt-in to our mailing list, you will receive emails that may include company news, updates, event information, etc.
• To personalize your experience: Your personal information helps us to better respond to your individual needs.
• To improve our website or social media offerings: We continually strive to improve our website and social media offerings based on the information and feedback we receive from you.
Mobile devices are the one possible exception to the rule that our passive, automatic collection activities exclude personal information. If you access our website from a phone or other mobile device, the mobile device service provider may transmit to us uniquely identifiable mobile device information. Some mobile device service providers also operate systems that pinpoint the physical location of devices, and we may receive this information as well.
Exercising Your Choice to Opt-Out
If we are using personal information you provided to us in order to enable to send you materials or information via text or email and you decide you do not want to receive such materials or information, you may opt out by following the opt-out instructions in the email or other communication or the opt-out details provided to you through the applicable program. Also, you may opt out by contacting our Privacy Officer using the information provided below. When we receive your request, we will take reasonable steps to remove your name from our distribution lists. Please understand that it may take a period of time to remove your name from our distribution lists after your request, and, due to such delay, you may still receive materials or information for a period of time after you opt out. In addition to opting out, you may have the ability to access, amend, and delete your personal information under our Privacy Shield Policy set forth below.
Do We Disclose Any Personal Information to Outside Parties?
We do not sell, trade, or otherwise transfer voluntarily submitted personal information to third parties. This does not include trusted third parties who assist us in operating our website and/or social media offerings, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your personal information when we believe release is appropriate to comply with the law, enforce our website and/or social medial offerings policies, or protect our or others’ rights, property, or safety. However, non-personal information and mobile device information may be provided to other parties for marketing, advertising, or other uses. For example, the “Investors and Media” portion of our website (other than the “Contact Us” page) is provided by third parties that may collect, use, and disclose information regarding your interaction with those pages. We do not control the collection, use, or disclosure of that information.
Disclaimer on Third-Party Links
Although our website or social media offerings may contain links to other websites or online resources controlled by third parties, you should be aware that we are not responsible for the content or privacy practices of those websites and online resources. If you have questions about how those websites or online resources collect and use data, you should carefully read the privacy policies of those websites or online resources. Technical problems with outside links, other than a link that has been moved or changed, should be reported to the entity that maintains the applicable site or resource, not to Kura. Kura disclaims responsibility for the content of any third-party website or online resource, and any link to a third-party website or online resource does not constitute our endorsement of the contents of any third-party website or online resource. Kura is not responsible for the content, privacy practices, accuracy, or reliability of any website or online resource accessed by a link from our website or social media offerings.
Our website is hosted in the United States and is intended solely for visitors located within the United States and Canada. If you nonetheless choose to use this website from the European Union or other regions of the world with laws governing data collection and use that may differ from United States law, then please note that by sending an email or text containing personal information or by providing personal information through our website, you are voluntarily transferring your personal information outside of those regions to the United States and you consent to such transfer.
If you are under the age of 13, please do not use or access our website or social medial offerings in any way. We will not knowingly collect or use any personal information from any children under the age of 13. If we become aware that we have collected any personal information from children under the age of 13, we will promptly delete such information from our databases.
Protecting Your Privacy
We will take all reasonable security precautions to protect your personal information provided to us through our website or social media offerings. Due to the inherently open and somewhat risk nature of the Internet, however, we cannot guarantee that your personal information, whether during transmission or while stored on our systems or otherwise in our care, will be free from unauthorized access or that loss, misuse, destruction, or alteration of your personal information will not occur. We disclaim any liability for any theft or loss of, unauthorized access or damage to, or interception of any data or communications. You should also note that third-party companies we engage to provide us with services either to help us in our business or to perform functions we would otherwise perform ourselves will have incidental access to your information, including your personal information, as part of the work they perform. We require that they enter into confidentiality and other agreements but cannot guarantee their compliance. We may also release your personal information when we believe release is appropriate to comply with the law, enforce our website and/or social media offerings policies, or protect our or others’ rights, property, or safety.
Kura engages in research studies and clinical trials, which are subject to a variety of overlapping privacy regimes even within the same jurisdiction. All of our research studies and clinical trials are voluntary. In accordance with industry standards and applicable law, we disclose to participants as much information as is feasible (after accounting for blinding, randomizing, and other lawful research interests) about the nature of each study in which they are involved, including the extent of any risks of which we are reasonably aware. We provide all participants with notice of the types of information we intend to collect as part of each study and the means through which we collect it, and we further obtain each individual’s express written consent.
Like most pharmaceutical companies, we conduct a substantial portion of our research through third-party clinical research organizations. Our research and clinical trial activities also necessarily involve a variety of additional third parties. These additional third parties may include physicians and other medical professionals directly involved in carrying out the scientific work of the study, ethics committees or Institutional Review Boards, health authority inspectors (such as the U.S. Food and Drug Administration and the European Medicines Agency), the sponsors of our research, and those organizations who monitor and audit research activities like ours for safety and compliance.
We do our best to disclose all of these third parties to research participants to the extent we may make disclosure of such participants’ personal information. In all cases, we ensure that such third parties are bound to confidentiality and security obligations consistent with the laws of the country in which they operate and collect data. We also require these third parties to commit to compliance with local data privacy laws with respect to all personal data they may transfer on our behalf.
In almost all cases, soon after personal information is initially obtained during a research study, we, or the doctor, researcher, or other third-party agent acting on our behalf, will replace with a special code one or more key portions of each research participants’ personal information. Through use of these codes, we afford a heightened level of privacy to those individuals who volunteer for our research studies because data so coded or “de-identified” may no longer be considered personal information under applicable law.
Kura Oncology, Inc.
Attn: Privacy Officer
3033 Science Park Road, Suite 220
San Diego, CA 92121
PRIVACY SHIELD POLICY
This Privacy Shield policy (“Privacy Shield Policy”) sets forth the privacy principles Kura Oncology, Inc. (“Kura,” “we,” “us,” or “our”) follows in connection with the transfer and protection of personal information from the European Union and Switzerland to the United States. As used in this Privacy Shield Policy, “personal information” has the meaning given to it under the applicable local law of the country from which it was originally collected. Generally, it means information that identifies or can directly or indirectly lead to the identification of an individual, including such things as an individual’s name, address, telephone number, email address, social security number, and date of birth.
Kura complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States (collectively, the “Privacy Shield”). We have certified to the U.S. Department of Commerce that we adhere to the Privacy Shield Principles as set out more fully here. If there is any conflict between the terms in this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
The United States Federal Trade Commission (“FTC”) has jurisdiction over our compliance with the Privacy Shield, and we are subject to the FTC’s investigatory and enforcement powers.
Privacy Shield Principles
The Privacy Shield is based on seven core principles known as the “Privacy Shield Principles”:
• Accountability for Onward Transfer;
• Data Integrity and Purpose Limitation;
• Access; and
• Recourse, Enforcement, and Liability.
We adhere to and have implemented policies and procedures regarding these core Privacy Shield Principles in the following ways:
Individuals whose personal information we have collected may “opt out” of having their personal information disclosed to third parties and/or used for purposes other than for the purposes for which their personal information was originally collected or subsequently authorized. For the types of personal information that the laws of European Union countries and Switzerland deem “sensitive,” we give affected individuals an opportunity to “opt in” and specifically consent to have their information disclosed to third parties or used for purposes other than those for which it was originally collected or subsequently authorized. We use a variety of different, context-specific means to provide the choices described here or otherwise required by the Privacy Shield.
Accountability for Onward Transfer
Our accountability under the Privacy Shield for the personal information we receive and subsequently transfer to third parties is described in the Privacy Shield Principles as set forth here. In summary, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process your personal information on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we can prove that we are not responsible for the event giving rise to any harm you may incur.
We take reasonable steps to protect the personal information in our possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction. These reasonable steps include technical, administrative, and physical safeguards such as the use of firewalls, encryption, and confidentiality provisions in agreements we enter into with third parties.
Data Integrity and Purpose Limitation
We only use the personal information we collect in ways that are consistent with the purposes for which it was originally collected or for which we subsequently obtained information from the affected individuals. We take reasonable steps to ensure that the personal information is reliable for its intended use, accurate, complete, and current. To accomplish this, we necessarily rely on individual data subjects to exercise their Access rights to keep us apprised of any changes in their personal information.
If an individual from whom we have collected personal information contacts us and asks to have access to their personal information, we will take all reasonable steps to ensure such access is granted so long as the relevant information is in our possession or under our reasonable control. Once such access is granted, affected individuals have the right under the Privacy Shield to have us correct, amend, or delete their information where it is determined to be factually inaccurate. There are, however, certain limitations to an individual’s right to such access. These limitations include situations where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy or where the rights of persons other than the individual would be violated. In addition, the access principle under the Privacy Shield varies slightly for pharmaceutical research activities like ours. More information about these variations can be found here. We typically disclose such variations to research participants in the process of obtaining their informed consent at the outset of a trial or other research activity.
Recourse, Enforcement, and Liability
We implement processes and procedures to verify our compliance with this Privacy Shield Policy. If individuals believe that we are not compliant, or if they have other complaints related to this Privacy Shield Policy or our conduct under it, we encourage those individuals to contact us using the contact information listed at the end of this Privacy Shield Policy. We will respond within 45 days of receiving all such valid complaints.
In compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, Kura commits to resolve complaints about our collection or use of personal information received under the Privacy Shield. European Union or Swiss individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact Kura at:
Kura Oncology, Inc.
Attn: Privacy Officer
3033 Science Park Road, Suite 220
San Diego, CA 92121
Where a complaint relates to personal information transferred or received under the Privacy Shield, Kura will respond within 45 days of receiving any such complaint. Kura has further committed to cooperate with a panel established by a European Union data protection authorities (“DPA”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with respect to unresolved Privacy Shield complaints concerning personal information transferred from the European Union and Switzerland to the United States. If you do not receive timely acknowledgment of your Privacy Shield complaint, or if your Privacy Shield complaint is not satisfactorily addressed, please contact your DPA or the FDPIC, as applicable. Under certain circumstances, an individual may choose to invoke binding arbitration to resolve any Privacy Shield disputes that have not been resolved by other means.
Limitation of Privacy Shield Principles
Adherence to this Privacy Shield Policy may be limited to the extent required to satisfy legal obligations (including, but not limited to, subpoenas and court orders) and/or meet national security, law enforcement, or public interest requirements. We may be required, under certain circumstances, to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. The law also provides certain express exceptions and variations to our obligations under this Privacy Shield Policy. For example, some of the access and consent principles within the Privacy Shield Principles are modified for pharmaceutical companies like us who use personal information to engage in pharmaceutical research activities. More information about these variations can be found here.
We may change our Privacy Shield Policy from time to time. All personal information collected, used, and retained by us and transferred from the European Union and Switzerland to the United States is subject to the Privacy Shield Policy in place at that time. If we decide to change our Privacy Shield Policy, we will post those changes on this page and/or update the Privacy Shield Policy modification date. This Privacy Shield Policy was last modified on May 24, 2018.
If you have questions about our Privacy Shield Policy, our privacy practices, or if you would like to submit a complaint, please contact our Privacy Officer:
Kura Oncology, Inc.
Attn: Privacy Officer
3033 Science Park Road, Suite 220
San Diego, CA 92121