Privacy Policy

Thank you for visiting www.kuraoncology.com, which is owned and provided by Kura Oncology, Inc. (“Kura,” “we,” or “us”), and viewing this privacy policy (“Privacy Policy”).  We value and respect your privacy, and this Privacy Policy is designed to assist you in understanding how we collect, use, and protect personal information you may provide when access and/or use our website or any of our social media offerings.  By accessing and/or using our website or social media offerings, you consent to our Privacy Policy.

As used in this Privacy Policy, the term “our website” means Kura’s corporate website found at www.kuraoncology.com, such other websites as we may make available from time to time, and Kura’s social media offerings.  As used in this Privacy Policy, the term “social media offerings” means Kura’s social media presence viewable from Facebook, Twitter, YouTube, Google+, LinkedIn, or any other available external third-party social media platforms.  As used in this Privacy Policy, the term “personal information” means information that can be used to identify you or that can be easily linked to you.  Personal information would include information such as your name, address, telephone number, email address, social security number, and date of birth.  Personal information would not include a domain name or an internet protocol address.

Privacy Shield Statement

We comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States (collectively, the “Privacy Shield”).   We have certified to the U.S. Department of Commerce that we adhere to a set of privacy standards with respect to such information that are approved by the United States, the European Union, the United Kingdom, and Switzerland.  If there is any conflict between the terms of our Privacy Shield Policy and this Privacy Policy, our Privacy Shield Policy shall govern with respect to personal information received by us in the United States from the European Union, the United Kingdom, or Switzerland.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.  Our Privacy Shield Policy is set forth below.

 What Information Do We Collect?

 We collect information from you when you register on our website or social media offerings or contact us.  When registering or contacting us on our website or social media offerings, as appropriate, you may be asked to enter your name, email address, mailing address, or phone number.  If you include your email address or a phone number in your registration information, we may use it to communicate with you via email and/or phone.  If you choose to send us an email or text or fill out an online form, you are voluntarily providing personal information to us.  By voluntarily providing personal information to us, you are giving us your consent to collect, use, and disclose that information for the purpose it is requested and for other reasonable internal business purposes.  If you do not want us to collect this type of personal information, do not provide it.  Although failure to provide such information may limit your ability to take full advantage of our website, it will not affect your ability to access certain information available on our website to the general public.

Some of our social media offerings may allow users to post or upload messages, comments, screen names, files, and other materials.  If you choose to make your personal information public through these means, we will consider that information to be in the public domain and will not limit its disclosure in the manner described by this Privacy Policy.

Like most websites, we use cookies and/or web beacons to enhance your experience, gather general visitor information, and track visits to our website or social media offerings.  Please refer to the section below titled “Do We Use Cookies?” for information about cookies and how we use them.

How Do We Use Your Information?

Any of the personal information we collect from you may be used in one of the following ways:

  • To send periodic emails: If you decide to opt-in to our mailing list, you will receive emails that may include company news, updates, event information, etc.
  • To personalize your experience: Your personal information helps us to better respond to your individual needs.
  • To improve our website or social media offerings: We continually strive to improve our website and social media offerings based on the information and feedback we receive from you.

Do We Use Cookies?

Yes.  Cookies are small files that a website or its service provider transfers to your computer or mobile device through your Internet browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information.  We use cookies to understand and save your preferences for future visits and compile aggregate data about website traffic and website interaction so that we can offer better website experiences and tools in the future.  The information we collect through cookies is not personal information and does not individually identify you.  This information includes things like the domain name and IP address from which you accessed our website, the type of browser and operating system you use, the date and time of your visit, the length of your visit, the specific page visited, graphics viewed, documents downloaded, the specific links to other online resources you accessed from our website, and the specific links from other online resources you used to access our website.

Mobile devices are the one possible exception to the rule that our passive, automatic collection activities exclude personal information.  If you access our website from a phone or other mobile device, the mobile device service provider may transmit to us uniquely identifiable mobile device information.  Some mobile device service providers also operate systems that pinpoint the physical location of devices, and we may receive this information as well.

Exercising Your Choice to Opt-Out

If we are using personal information you provided to us in order to enable to send you materials or information via text or email and you decide you do not want to receive such materials or information, you may opt out by following the opt-out instructions in the email or other communication or the opt-out details provided to you through the applicable program.  Also, you may opt out by contacting our Privacy Officer using the information provided below.  When we receive your request, we will take reasonable steps to remove your name from our distribution lists.  Please understand that it may take a period of time to remove your name from our distribution lists after your request, and, due to such delay, you may still receive materials or information for a period of time after you opt out.  In addition to opting out, you may have the ability to access, amend, and delete your personal information under our Privacy Shield Policy set forth below.

Do We Disclose Any Personal Information to Outside Parties?

We do not sell, trade, or otherwise transfer voluntarily submitted personal information to third parties.  This does not include trusted third parties who assist us in operating our website and/or social media offerings, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.  We may also release your personal information when we believe release is appropriate to comply with the law, enforce our website and/or social medial offerings policies, or protect our or others’ rights, property, or safety.  However, non-personal information and mobile device information may be provided to other parties for marketing, advertising, or other uses.  For example, the “Investors and Media” portion of our website (other than the “Contact Us” page) is provided by third parties that may collect, use, and disclose information regarding your interaction with those pages.  We do not control the collection, use, or disclosure of that information.

Disclaimer on Third-Party Links

Although our website or social media offerings may contain links to other websites or online resources controlled by third parties, you should be aware that we are not responsible for the content or privacy practices of those websites and online resources.  If you have questions about how those websites or online resources collect and use data, you should carefully read the privacy policies of those websites or online resources.  Technical problems with outside links, other than a link that has been moved or changed, should be reported to the entity that maintains the applicable site or resource, not to Kura.  Kura disclaims responsibility for the content of any third-party website or online resource, and any link to a third-party website or online resource does not constitute our endorsement of the contents of any third-party website or online resource.  Kura is not responsible for the content, privacy practices, accuracy, or reliability of any website or online resource accessed by a link from our website or social media offerings.

International Visitors

Our website is hosted in the United States and is intended solely for visitors located within the United States and Canada.  If you nonetheless choose to use this website from the European Union or other regions of the world with laws governing data collection and use that may differ from United States law, then please note that by sending an email or text containing personal information or by providing personal information through our website, you are voluntarily transferring your personal information outside of those regions to the United States and you consent to such transfer.

 Children’s Privacy

 If you are under the age of 13, please do not use or access our website or social medial offerings in any way.  We will not knowingly collect or use any personal information from any children under the age of 13.  If we become aware that we have collected any personal information from children under the age of 13, we will promptly delete such information from our databases.

Protecting Your Privacy

We will take all reasonable security precautions to protect your personal information provided to us through our website or social media offerings.  Due to the inherently open and somewhat risk nature of the Internet, however, we cannot guarantee that your personal information, whether during transmission or while stored on our systems or otherwise in our care, will be free from unauthorized access or that loss, misuse, destruction, or alteration of your personal information will not occur.  We disclaim any liability for any theft or loss of, unauthorized access or damage to, or interception of any data or communications.  You should also note that third-party companies we engage to provide us with services either to help us in our business or to perform functions we would otherwise perform ourselves will have incidental access to your information, including your personal information, as part of the work they perform.  We require that they enter into confidentiality and other agreements but cannot guarantee their compliance.  We may also release your personal information when we believe release is appropriate to comply with the law, enforce our website and/or social media offerings policies, or protect our or others’ rights, property, or safety.

Online Privacy Policy Only

This Privacy Policy applies only to information collected through our website and social media offerings and not to information collected offline.

Research Privacy Policy

Kura engages in research studies and clinical trials, which are subject to a variety of overlapping privacy regimes even within the same jurisdiction.  All of our research studies and clinical trials are voluntary.  In accordance with industry standards and applicable law, we disclose to participants as much information as is feasible (after accounting for blinding, randomizing, and other lawful research interests) about the nature of each study in which they are involved, including the extent of any risks of which we are reasonably aware.  We provide all participants with notice of the types of information we intend to collect as part of each study and the means through which we collect it, and we further obtain each individual’s express written consent to participate in such research studies and clinical trials.

Like most pharmaceutical companies, we conduct a substantial portion of our research through third-party clinical research organizations.  Our research and clinical trial activities also necessarily involve a variety of additional third parties.  These additional third parties may include physicians and other medical professionals directly involved in carrying out the scientific work of the study, ethics committees or Institutional Review Boards, health authority inspectors (such as the U.S. Food and Drug Administration and the European Medicines Agency), the sponsors of our research, and those organizations who monitor and audit research activities like ours for safety and compliance.

We do our best to disclose all of these third parties to research participants to the extent we may make disclosure of such participants’ personal information.  In all cases, we ensure that such third parties are bound to confidentiality and security obligations consistent with the laws of the country in which they operate and collect data.  We also require these third parties to commit to compliance with local data privacy laws with respect to all personal data they may transfer on our behalf.

In almost all cases, soon after personal information is initially obtained during a research study, we, or the doctor, researcher, or other third-party agent acting on our behalf, will replace with a special code one or more key portions of each research participants’ personal information.  Through use of these codes, we afford a heightened level of privacy to those individuals who volunteer for our research studies because data so coded or “de-identified” may no longer be considered personal information under applicable law.

Changes to Our Privacy Policy

We may change our Privacy Policy from time to time.  All information collected through our website and social media offerings is subject to the Privacy Policy in place at that time.  If we decide to change our Privacy Policy, we will post those changes on this page and/or update the Privacy Policy modification date.  This Privacy Policy was last modified on April 3, 2020.

Contacting Us

If you have questions about our Privacy Policy or privacy practices, please contact our Privacy Officer:

Kura Oncology, Inc.

Attn: Privacy Officer

3033 Science Park Road, Suite 220

San Diego, CA 92121

858-500-8800

privacy@kuraoncology.com

PRIVACY SHIELD POLICY

This Privacy Shield policy (“Privacy Shield Policy”) sets forth the privacy principles Kura Oncology, Inc. (“Kura,” “we,” “us,” or “our”) follows in connection with the transfer and protection of personal information from the European Union, the United Kingdom, and Switzerland to the United States.  As used in this Privacy Shield Policy, “personal information” has the meaning given to it under the applicable local law of the country from which it was originally collected.  Generally, it means information that identifies or can directly or indirectly lead to the identification of an individual, including such things as an individual’s name, address, telephone number, email address, social security number, and date of birth.

Kura complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States (collectively, the “Privacy Shield”).  We have certified to the U.S. Department of Commerce that we adhere to the Privacy Shield Principles with respect to such information as set out more fully here.  If there is any conflict between the terms in this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

The United States Federal Trade Commission (“FTC”) has jurisdiction over our compliance with the Privacy Shield, and we are subject to the FTC’s investigatory and enforcement powers.

Privacy Shield Principles

The Privacy Shield is based on seven core principles known as the “Privacy Shield Principles”:

  • Notice;
  • Choice;
  • Accountability for Onward Transfer;
  • Security;
  • Data Integrity and Purpose Limitation;
  • Access; and
  • Recourse, Enforcement, and Liability.

We adhere to and have implemented policies and procedures regarding these core Privacy Shield Principles in the following ways:

Notice

When we collect personal information from individuals in the European Union, the United Kingdom, and Switzerland, we tell them about the types of personal information being collected, the purposes of our collection, and the nature of our intended uses.  We also advise them of the types of third parties, such as clinical research organizations, to whom we further disclose such information, the purposes for which we disclose such information to such third parties, and the choices and means, if any, we offer for limiting use and disclosure as well as how to contact us with inquiries or complaints.  We use a variety of different, context-specific means to provide such notice.  For example, in our research activities, we use industry standard informed consent forms, as described in more detail under the section titled “Research Privacy Policy” in our Privacy Policy above.

Choice

Individuals whose personal information we have collected may “opt out” of having their personal information disclosed to third parties and/or used for purposes other than for the purposes for which their personal information was originally collected or subsequently authorized.  For the types of personal information that the laws of European Union countries, the United Kingdom, and Switzerland deem “sensitive,” we give affected individuals an opportunity to “opt in” and specifically consent to have their information disclosed to third parties or used for purposes other than those for which it was originally collected or subsequently authorized.  We use a variety of different, context-specific means to provide the choices described here or otherwise required by the Privacy Shield.

Accountability for Onward Transfer

Our accountability under the Privacy Shield for the personal information we receive and subsequently transfer to third parties is described in the Privacy Shield Principles as set forth here.  In summary, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process your personal information on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we can prove that we are not responsible for the event giving rise to any harm you may incur.

Security

We take reasonable steps to protect the personal information in our possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction.  These reasonable steps include technical, administrative, and physical safeguards such as the use of firewalls, encryption, and confidentiality provisions in agreements we enter into with third parties.

Data Integrity and Purpose Limitation

We take reasonable steps to ensure that the personal information is reliable for its intended use, accurate, complete, and current.

We will only retain personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, regulatory, or reporting requirements.  To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of the personal information, the purposes for which we process the personal information, and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.  In some circumstances, we may anonymize personal information (so that it can no longer be associated with an individual) in which case we may use this information indefinitely without further notice to the individual.

We only use the personal information we collect as permitted by law, and process the personal information in accordance with legal bases as described in the table below.  We may also use personal information for reasons not described in the Privacy Shield Policy where permitted by law and the reason is compatible with the purpose for which we collected it.  If we need to use personal information for an unrelated purpose, we will notify the affected individual(s) and explain the applicable legal basis.  For questions about the legal basis of how we process personal information, please contact us as described below in this Privacy Shield Policy.

Processing Purpose Legal Basis
To perform and administer research studies and clinical trials Where we have a contract governing this processing purpose, this processing is necessary to perform that contract or necessary to take steps requested by an individual prior to entering into the contract.

Where we process sensitive personal information in connection with this processing purpose, the processing is necessary for scientific or historical research purposes or statistical purposes.

In all other cases, these processing activities constitute our legitimate interests.  We consider and balance any potential impact on the individual (both positive and negative) and the individual’s rights before we process personal information for our legitimate interests.  We do not use personal information for activities where our interests are overridden by the impact on the individual (unless we have the individual’s consent or are otherwise required or permitted to by law).

For our operations, including to communicate with you, to create anonymous, aggregated, or de-identified data for analytics, and for compliance and fraud prevention. These processing activities constitute our legitimate interests.  We consider and balance any potential impact on the individual (both positive and negative) and the individual’s rights before we process personal information for our legitimate interests.  We do not use personal information for activities where our interests are overridden by the impact on the individual (unless we have the individual’s consent or are otherwise required or permitted to by law).
To comply with applicable laws and regulatory monitoring and reporting obligations. Processing is necessary to comply with our legal obligations.
To fulfill contractual obligations. Processing is necessary to perform a contract or necessary to take steps requested prior to entering into the contract.
With consent of the individual. Processing is based on consent of the individual.  Where we rely on such consent, the individual has the right to withdraw it at any time in the manner indicated when we requested the consent or by contacting us.

Access

If an individual from whom we have collected personal information contacts us and asks to have access to their personal information, we will take all reasonable steps to ensure such access is granted so long as the relevant information is in our possession or under our reasonable control.  Once such access is granted, affected individuals have the right under the Privacy Shield to have us correct, amend, or delete their information where it is determined to be factually inaccurate.  There are, however, certain limitations to an individual’s right to such access.  These limitations include situations where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy or where the rights of persons other than the individual would be violated.  In addition, the access principle under the Privacy Shield varies slightly for pharmaceutical research activities like ours.  More information about these variations can be found here.  We typically disclose such variations to research participants in the process of obtaining their informed consent at the outset of a trial or other research activity.

Recourse, Enforcement, and Liability

We implement processes and procedures to verify our compliance with this Privacy Shield Policy.  If individuals believe that we are not compliant, or if they have other complaints related to this Privacy Shield Policy or our conduct under it, we encourage those individuals to contact DPR Group, our Data Protection Representative for the purposes of GDPR or us using the contact information listed at the end of this Privacy Shield Policy.  We will respond within 45 days of receiving all such valid complaints.  We may request specific information from you to help us confirm your identity and process your request.  Applicable law may require or permit us to decline your request.

Dispute Resolution

 In compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, Kura commits to resolve complaints about our collection or use of personal information received under the Privacy Shield.  Pursuant to Article 27 of the EU General Data Protection Regulation (“GDPR”), we have appointed DPR Group as our Data Protection Representative for the purposes of GDPR.  European Union, United Kingdom, or Swiss individuals with inquiries or complaints regarding Kura’s Privacy Shield Policy or Kura’s processing of personal information should first contact DPR Group as described below:

By mail:      mailing an inquiry to DPR Group at the most convenient of the addresses in the attachment to this Privacy Shield Policy

By email:     datainquiry@dpr.eu.com quoting in the subject line

Online:        www.dpr.eu.com/datarequest

Such individuals may also contact Kura’s Privacy Officer using the contact information provided at the end of this Privacy Shield Policy.

Where a complaint relates to personal information transferred or received under the Privacy Shield, Kura will respond within 45 days of receiving any such complaint.  Kura has further committed to cooperate with a panel established by European Union data protection authorities (“DPA”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with respect to unresolved Privacy Shield complaints concerning personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States.  If you do not receive timely acknowledgment of your Privacy Shield complaint, or if your Privacy Shield complaint is not satisfactorily addressed, please contact your DPA or the FDPIC, as applicable.  Under certain circumstances, an individual may choose to invoke binding arbitration to resolve any Privacy Shield disputes that have not been resolved by other means.

Limitation of Privacy Shield Principles

 Adherence to this Privacy Shield Policy may be limited to the extent required to satisfy legal obligations (including, but not limited to, subpoenas and court orders) and/or meet national security, law enforcement, or public interest requirements.  We may be required, under certain circumstances, to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  The law also provides certain express exceptions and variations to our obligations under this Privacy Shield Policy.  For example, some of the access and consent principles within the Privacy Shield Principles are modified for pharmaceutical companies like us who use personal information to engage in pharmaceutical research activities.  More information about these variations can be found here.

Online Privacy Policy

We use a separate Privacy Policy to inform you about how we collect and use information from individuals who access and/or use our website or social media offerings.  This Privacy Policy is set forth above.  If there is any conflict between the terms in this Privacy Shield Policy and our Privacy Policy, this Privacy Shield Policy shall govern with respect to personal information received by us in the United States from the European Union, the United Kingdom, or Switzerland.

Changes to Our Privacy Policy

We may change our Privacy Shield Policy from time to time.  All personal information collected, used, and retained by us and transferred from the European Union, the United Kingdom, and Switzerland to the United States is subject to the Privacy Shield Policy in place at that time.  If we decide to change our Privacy Shield Policy, we will post those changes on this page and/or update the Privacy Shield Policy modification date.  This Privacy Shield Policy was last modified on April 3, 2020.

Contacting Us or Our Data Protection Representative

If you have questions about our Privacy Shield Policy, our privacy practices, or if you would like to submit a complaint, please contact DPR Group, our Data Protection Representative for the purposes of GDPR:

By mail:      mailing an inquiry to DPR Group at the most convenient of the addresses in the attachment to this Privacy Shield Policy

By email:     datainquiry@dpr.eu.com quoting in the subject line

Online:        www.dpr.eu.com/datarequest

You may also contact our Privacy Officer:

Kura Oncology, Inc.

Attn: Privacy Officer

3033 Science Park Road, Suite 220

San Diego, CA 92121

858-500-8800

privacy@kuraoncology.com

Addresses for DPR Group (Kura’s EU Representative for the GDPR)

Please ensure post is addressed to “DPR Group” and not Kura Oncology, Inc.

Country Address
Austria DPR Group, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
Belgium DPR Group, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium
Bulgaria DPR Group, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
Croatia DPR Group, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
Cyprus DPR Group, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
Czech Republic DPR Group, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic
Denmark DPR Group, Lautruphøj 1-3, Ballerup, 2750, Denmark
Estonia DPR Group, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
Finland DPR Group, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
France DPR Group, 72 rue de Lessard, Rouen, 76100, France
Germany DPR Group, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
Greece DPR Group, 24 Lagoumitzi str, Athens, 17671, Greece
Hungary DPR Group, Kálmán Imre utca 1, Budapest, 1054, Hungary
Ireland DPR Group, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland
Italy DPR Group, BPM 335368, Via Roma 12, 10073 , Turin, Italy
Latvia DPR Group, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
Lithuania DPR Group, 44A Gedimino Avenue, 01110 Vilnius, Lithuania
Luxembourg DPR Group, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
Malta DPR Group, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
Netherlands DPR Group, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
Poland DPR Group, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
Portugal DPR Group, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
Romania DPR Group, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania
Slovakia DPR Group, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
Slovenia DPR Group, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
Spain DPR Group, Puerta de las Naciones, Ribera del Loira 46, Madrid, 28042, Spain
Sweden DPR Group, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden
United Kingdom DPR Group, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom