This policy applies to all information relating to any identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Data”).
Relay Therapeutics, Inc. (“Relay Therapeutics”) and its contract research organization (“CRO”) Medpace, Inc. (“Medpace”) respect the privacy of individuals of all nationalities in the processing of their Personal Data, recognizing the fundamental rights to lawfulness, fairness, and transparency. We adhere to the principles of data privacy by design and by default, including data minimization to the extent possible. We adhere to laws relating to data protection in all jurisdictions in which we conduct business, including but not limited to the Health Insurance Portability and Accountability Act (“HIPAA”), the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Protection Act (“CCPA”), and the United Kingdom Data Protection Act of 2018 and United Kingdom GDPR.
This website is not intended for, or designed to attract, children under the age of 16. No Personal Data should be submitted to us through the website by visitors who are less than 16 years old.
2.1.1 We collect information that alone or in combination with other information in our possession could be used to identify you (“Personal Data”), as further described below.
2.1.2 Personal Data You Provide: We collect Personal Data from you when you elect to interact with us through the Website. The Personal Data we collect varies depending on what you choose to share, but it may include your name, email, company name, and telephone number. The purpose of collecting this Personal Data is our legitimate interest.
2.1.3 If you choose to contact us and provide us with your Personal Data, we will collect and use your Personal Data to respond to you, to provide you with information that you have requested (which may relate to our products or services), or to communicate with you for other purposes which are requested by you in your inquiry. Such other purposes may include, from time to time, monitoring our regulatory compliance, and compiling profiles and personal information about you in order to identify suitable education/awareness programs or suitable opportunities to collaborate with you.
2.1.4 We will disclose your Personal Data within our company, and to our corporate affiliates who agree to treat it in accordance with this Privacy Policy. Personal Data also may be transferred to third parties who act for and on our behalf, for further processing in accordance with the purpose(s) for which the data were originally collected. These third parties have contracted with us to only use Personal Data for the agreed upon purposes and not to sell or disclose your Personal Data to third parties except as required by law, or as stated in this Privacy Policy.
2.1.5 Internet Activity Data: When you visit, use, and interact with the Service, we may receive certain information about your visit, use, or interactions. For example, we may monitor the number of people that visit the Service, peak hours of visits, which page(s) are visited, the domains our visitors come from, and which browsers people use to access the Service, broad geographical information, and navigation pattern. In particular, the following information is created and automatically logged in our systems:
2.1.5.1 Log Data: Information that your browser automatically sends whenever you visit the Website. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interacted with the Website.
2.1.5.2 Cookies Data: Please see the “Cookies” section below to learn more about how we use cookies.
2.1.5.3 Device Data: Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings.
2.1.5.4 Usage Data: We collect information about how you use our Service, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities.
2.1.5.5 Location Data: We derive a rough estimate of your location from your IP address.
2.1.5.6 Email Open/Click Data: We may use pixels in our emails that allow us to collect your email and IP address as well as the date and time you open an email or click on any links in the email
Cookies are small text files that are stored on browsers or devices by websites, apps, online media, and advertisements. We use cookies and similar technologies for purposes such as:
Your web browser may be programmed to notify you when you are receiving a cookie, giving you the choice to accept it or not. You can also refuse all cookies by turning them off in your browser.
3.1.1 To enhance the user experience of our website, including internal operations necessary to provide our services, such as troubleshooting software bugs and operational problems; conducting website traffic data analysis, testing, and research; and to monitor and analyze usage and activity trends.
3.1.2 To respond to inquiries regarding our business or service
3.1.3 We may use your Personal Data to investigate or address claims or disputes relating to our business, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries. Medpace may share your Personal Data if we believe it is required by applicable law, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns. This includes sharing Personal Data with law enforcement officials, public health officials, other government authorities, or other third parties as necessary to enforce our Code of Conduct or other policies; to protect our rights or property; or the rights, safety, or property of others; or in the event of a claim or dispute relating to our business operations.
4.1 We use physical, electronic and organizational procedures to safeguard and secure your Personal Data. This includes encryption, firewalls, access controls, and other procedures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
4.2 Personal Data is restricted to authorized individuals, who only can access it on a "need to know" basis.
4.3 We may store some business records or clinical trial documents in hard copy (paper or disk) format, as required by law or regulation, or pursuant to the fulfilment of a legitimate business purpose. In this case, documents are retained for the minimum time necessary, and then securely destroyed. Long-term storage of hard copy documents may be carried out by a qualified third-party vendor.
Your Personal Data may be shared with third parties to fulfill the purposes for which it was originally collected. Personal Data is transferred to third parties pursuant to contractual obligations consistent with Article 28(4) of GDPR when applicable, and with this Privacy Policy.
Your Personal Data may be transferred to a third country outside of the EU or European Economic Area, or to a country where data protections are not as strong as in your country. Please be aware that any personal data you provide to us will be transferred to, processed, and stored in the United States. You consent to the transfer of your information, including personal information, to the United States as set forth in this Privacy Policy by visiting our site or submitting an inquiry to us. Transfers to these countries are made using appropriate safeguards as outlined in Article 46 of the GDPR.
6.1 We are committed to cooperating to the full extent of applicable law in the exercise of the rights of data subjects. If you would like to exercise your rights under applicable data privacy law, or to inquire about the processing of your Personal Data by Relay Therapeutics or Medpace, contact us pursuant to the “How to Medpace” section of this Privacy Policy.
6.2 If you are a clinical trial participant, you should first contact the study site at which you participated, or the Principal Investigator of the study, to enquire about your choices and the means available for limiting the use and disclosure of your Personal Data under applicable data privacy laws. The rights available to you as a clinical trial participant may be limited pursuant to an exception to the applicable data privacy law to preserve the integrity or scientific value of the clinical trial data that was collected.
7.1 If you are an EU resident, you have a right to lodge a complaint with the appropriate EU supervisory authority, and also a right to an effective judicial remedy against data controllers and processors.
7.2 Residents of California may have a private right of action in the event of a data breach. Pursuant to California law, affected individuals must first notify us of the alleged violation and provide us 30 days to cure the violation.
8.1 For more information about our commitment to protecting data privacy, or to exercise any rights you may have under applicable data privacy laws, please contact Medpace at privacy@medpace.com, by telephone at +1 (513) 579-9911 (Cincinnati local), +1 (800) 730-5779 (USA toll free) or by mail at 5375 Medpace Way, Cincinnati, Ohio 45227 United States of America, Attn: Data Protection Officer.
8.2 We may occasionally update this notice. If we make significant changes, we will notify users of the changes on our website, or through other means, such as email. We encourage users to periodically review this notice for the latest information on our privacy practices. After such notice, use of our services by users in countries outside the European Union will be understood as consent to the updates to the extent permitted by law.