Effective as of June 28, 2021.
This “Privacy Policy” describes the privacy practices of CymaBay Therapeutics, Inc. and our subsidiaries and affiliates (collectively, “CymaBay”, “we”, “us”, or “our”). This Privacy Policy describes how we collect, use, disclose and otherwise process certain personal information, and explains the rights and choices available to individuals with respect to their information.
CymaBay may provide additional privacy notices to individuals at the time we collect their data. For example, a specific privacy notice may be provided to clinical trial participants that describe our privacy practices in connection with conducting clinical trials. This type of an “in-time” notice will govern how we may process the information you provide at that time.
Individuals located in the European Union and United Kingdom should be sure to read the important information provided here.
We collect personal information about the following types of individuals: clinical trial participants, patients, patient family members, caregivers or advocates, physicians and other health care professionals, clinical trial investigators, researchers, pharmacists, and other individuals who interact directly with CymaBay or its service providers or business partners, including users of our websites.
We collect personal information:
The types of personal information we collect and share depend on the nature of the relationship you have with CymaBay and the requirements of applicable laws. We may collect:
We may combine other publicly available information, such as information related to the organization for which you work, with the personal information that you provide to us.
We may automatically log information about you and your computer or mobile device when you access our websites. For example, we may log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our websites, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our websites. We collect this information about you using cookies. Please refer to the Cookies and Similar Technologies section for more details.
It is important that the personal information we hold about you is accurate and current. Please let us know if your personal information changes during your relationship with us by emailing us at dataprotection@cymabay.com.
We may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our websites.
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our websites; and (2) third party cookies, which are served by service providers on our websites, and can be used by such service providers to recognise your computer or mobile device when it visits other websites.
Our websites use the following types of cookies for the purposes set out below:
Type of Cookie |
Purpose |
Essential Cookies | These cookies are essential to provide you with services available through our websites and to enable you to use some of its features. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services. |
Functionality Cookies | These cookies allow our websites to remember choices you make when you use our websites. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-select your preferences every time you visit our websites. |
Analytics and Performance Cookies | These cookies are used to collect information about traffic to our websites and how users use our websites. The information gathered may include the number of visitors to our websites, the websites that referred them to our websites, the pages they visited on our websites, what time of day they visited our websites, whether they have visited our websites before, and other similar information. We use this information to help operate our websites more efficiently, to gather broad demographic information, monitor the level of activity on our websites, and improve the websites. We use Google Analytics for this purpose. Google Analytics uses its own cookies. You can find out more information about Google Analytics cookies here and about how Google protects your data here. You can prevent the use of Google Analytics relating to your use of our websites by downloading and installing the browser plugin available here. |
Social Media Cookies | These cookies are used when you share information using a social media sharing button or “like” button on our websites or you link your account or engage with our content on or through a social networking website such as Facebook or Twitter. The social network will record that you have done this. |
Targeted and Advertising Cookies | These cookies track your browsing habits to enable us to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, third party advertisers can place cookies to enable them to show advertisements which we think will be relevant to your interests while you are on third party websites. You can disable certain cookies which remember your browsing habits and target advertising at you by visiting this site. If you choose to remove targeted or advertising cookies, you will still see advertisements, but they may not be relevant to you. Even if you do choose to remove cookies by the companies listed at the above link, not all companies that serve online behavioural advertising are included in this list, and so you may still receive some cookies and tailored adverts from companies that are not listed. |
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.
If you do not accept our cookies, you may experience some inconvenience in your use of our websites. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our websites.
We may use Flash cookies (which are also known as Flash Local Shared Object (“LSOs”)) on our websites to collect and store information about your use of our websites. Unlike other cookies, Flash cookies cannot be removed or rejected via your browser settings. If you do not want Flash cookies stored on your computer or mobile device, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel at this website. You can also control Flash LSOs by going to the Global Storage Settings Panel at this website and following the instructions. Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our websites.
We may also use pixel tags (which are also known as web beacons and clear GIFs) on our websites to track the actions of users on our websites. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of our websites, so that we can manage our content more effectively.
Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not currently respond to do not track signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.
If you use our websites, we use your personal information to:
We may use your personal information when necessary to facilitate our clinical trials, research, studies, and other related activities, such as to:
If you request information from us or participate in our programs or engage with us in another manner, we may send you CymaBay-related marketing communications as permitted by law. You will have the ability to opt out of such communications.
We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government or regulatory authorities.
We use your personal information as we believe necessary or appropriate to comply with regulatory monitoring and reporting obligations, such as those related to adverse events, product complaints, patient safety, and financial disclosures.
We will request your consent to use your personal data where required by law, such as where we use certain cookies or similar technologies or would like to send you certain marketing messages. If we request your consent to use your personal data, you have the right to withdraw your consent any time in the manner indicated when we requested the consent or by contacting us.
We may create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes.
We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our websites and our business; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
Affiliates
We may disclose your personal information to our subsidiaries and corporate affiliates for purposes consistent with this Privacy Policy.
Service Providers
We may employ third party companies and individuals to perform services on our behalf, including but not limited to:
Business Partners and Other Professionals and Organizations
We may disclose your personal information to partners, in connection with the development and promotion of our business. We will ask for your consent before disclosing your information with our business partners where required by applicable law. We may also share your personal information with health care professionals, researchers, academics, public health organizations, and publishers for purposes consistent with this Privacy Policy.
Internal Professional Advisors
We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
Compliance with Laws and Law Enforcement; Protection and Safety
We may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our websites ; (d) protect our rights, privacy, safety or property, and/or that of you or others; and (e) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
Business Transfers
We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy.
In some situations, we may have a separate agreement or relationship with you with respect to a specific type of processing of your data, such as if you participate in a special program, activity, event, or clinical trial. These situations will be governed by specific terms, privacy notices, or consent forms that provide additional information about how we or third parties we do business with will use your information. We will honor these additional terms with respect to your information and thus, strongly recommend you review the additional terms, notice or consent form (as applicable) prior to participating in any such programs.
If you become aware that the personal information we maintain about you is inaccurate, incomplete, misleading, irrelevant or out of date, or if you would like to access or review your information, you may contact us at dataprotection@cymabay.com.
You may opt out of marketing-related emails by clicking the “Unsubscribe” link at the bottom of each such email, or by sending an email with the subject line “Unsubscribe” as directed in each such email. You may continue to receive business-related and other non-marketing emails even if you Unsubscribe.
If you gave us consent to post a testimonial on our websites or social media channels, but wish to update or delete it, please contact us.
Where we are required by law to collect your personal information, or where we need your personal information in order to facilitate a business or clinical relationship with you or otherwise work with you, and if you do not provide this information when requested (or you later ask to delete it), we may not be able to continue and may need to terminate our relationship with you. We will tell you what information you must provide to us by designating it as required when we request the information or through other appropriate means.
The security of your personal information important to us. We take organizational, technical and physical measures designed to protect the personal information we collect, both during transmission and once we receive it. However, no security safeguards are 100% secure and we cannot guarantee the security of your information.
We do not knowingly collect personal information from children under age 13 in the United States through our websites. If we learn that we have collected personal information directly from a child under the age of 13 through our websites, we will delete that information.
CymaBay is headquartered in the United States and has affiliates and service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.
Individuals in the European Union should read the important information provided here about transfer of personal information outside of the European Economic Area.
For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by CymaBay. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.
We reserve the right to modify this Privacy Policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make material changes to this Privacy Policy you will be notified in a reasonable manner likely to reach you (such as posting a new privacy policy on our websites, or a specific announcement on this page).
Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the changes (or as otherwise indicated at the time of posting). In all cases, your continued use of our websites and continued business or clinical relationship after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.
If you have any questions or concerns at all about our Privacy Policy, please contact us at:
CymaBay Therapeutics, Inc.
7575 Gateway Blvd., Suite 110
Newark, CA 94560
Attention: Legal Department
You can contact our data protection officer at:
7575 Gateway Blvd., Suite 110
Newark, CA 94560
dataprotection@cymabay.com
Attention: Data Protection Officer
References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by the applicable European data protection legislation.
CymaBay is the controller of your personal information for purposes of European data protection legislation. See the Contact Us section above for contact details.
European Union Representative
VeraSafe Ireland Ltd. has been appointed as CymaBay's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to CymaBay, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031. Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
United Kingdom Representative
VeraSafe United Kingdom Ltd. has been appointed as CymaBay's representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to or instead of CymaBay, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at +44 (20) 45322003. Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom
We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal basis of how we process your personal information, contact us at dataprotection@cymabay.com.
Processing Purpose (click link for details) |
Legal Basis |
Where we have a contract governing this processing purpose, the processing is necessary is perform that contract, or necessary to take steps that you have requested prior to entering into the contract. In other cases, these processing activities are necessary to protect your, or another person’s, vital interests. |
|
To Perform and Administer Clinical Trials, Research and Development Activities |
Where we have a contract governing this processing purpose, the processing is necessary is perform that contract, or necessary to take steps that you have requested prior to entering into the contract. |
These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). |
|
To Comply with Regulatory Monitoring and Reporting Obligations |
Processing is necessary to comply with our legal obligations. |
With Your Consent | Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated when we requested the consent or by contacting us. |
We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold, but we may not be able to grant your request depending on the circumstances:
You can submit these requests to VeraSafe using the applicable form linked above or via telephone or postal address provided above. Alternatively, you can submit these requests to CymaBay by email to dataprotection@cymabay.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law or other considerations may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with the EEA’s data protection laws, such as the specific contracts approved by the European Commission as providing adequate protection of personal information, which are available here. For details, see the European Commission’s website for model contracts for the transfer of personal information to third countries.
Please contact us for further information on the specific mechanism used by us when transferring your personal information out of the EEA.