image

Privacy

Last Updated: April 22, 2022

Nurix Therapeutics, Inc.

Privacy Policy

Nurix Therapeutics, Inc. (“Nurix”, “we,” “us,” “our”) is committed to protecting and respecting your privacy and personal information.

This Privacy Policy applies to personal information processed by us in our business, including on our websites, and other online or offline offerings (collectively, the “Services”) and explains our processing practices including the personal information we may collect, our use of such personal information, and your privacy rights, including the rights of California residents pursuant to the California Consumer Privacy Act.

This Privacy Policy does not apply to personal information collected by us:

  • should you enroll in or otherwise participate in a Nurix-sponsored clinical study or
  • when you apply for a job with Nurix
  • in the course of your employment with Nurix, whether as an employee or independent contractor

By accessing the Services, you agree to our collection and use of personal information as described in this Privacy Policy and our Terms of Use. However, this does not equate to consent for the processing of your personal information for purposes of European data protection laws.

I. PERSONAL INFORMATION WE COLLECT – SOURCES AND CATEGORIES

In the 12 months  preceding the date of this Policy, we may have collected your personal information when you visited our website and through other interactions with us, when you requested information about our Services, provided us with your information at a conference or other event or by registering for or participating in a webinar or online presentation, or when you voluntarily provided information to us through our website, or by emailing or telephoning us.  We also collected personal information from our LinkedIn page and Twitter feed and our other social media pages. We will continue to collect Personal Information from the same sources. The categories of Personal Information we may have collected from these sources during the 12 months preceding the date of this Policy, and will continue to collect, include the following:

  • Personal identifiers: Name, address, email address, social media handle, telephone numbers, and IP address.
  • Internet or other electronic activity information: Device and browser type and information regarding your interaction with our website, details about your browser, operating system or device. 
  • Professional information: Name of current employers and position(s) you hold.

Cookies and Other Technologies

We collect the above information through our use of cookies. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy.

We use Google Analytics to evaluate the use of our website. Google Analytics uses cookies and other identifiers to collect information, such as how often users visit a website, what pages they visit when they do so, and what other websites they visited prior to visiting a website. To learn more about how Google Analytics collects personal information, review Google’s Privacy Policy.

II. HOW WE USE YOUR INFORMATION.

We have set out below, a description of the ways we use your personal information (referred to as “processing purposes” below), and for individuals located in the EEA or the UK we explain which of the legal bases we rely on to do. .

Categories of Personal InformationProcessing PurposesLegal Basis (where you are located in the EEA or the UK)
Personal Identifiers; Internet or other electronic activity information; and Professional InformationTo provide our Services to you: (i) provide access to certain areas, functionalities, and features of our Services; (ii) communicating with you about your account, activities on our Services and policy changes; and (iii) allowing you to register for events.To enter into / perform a contract with you (i.e., our Terms of Use) (Article 6(1)(b), GDPR).   To pursue our legitimate interests in providing the requested information and/or information about our processing of your personal information in an effective and efficient manner (Article 6(1)(f), GDPR).  
Personal Identifiers; Internet or other electronic activity information; and Professional InformationSecurity: To ensure network and information security, including monitoring authorized users’ access to our Services for the purpose of preventing cyber-attacks, unauthorized use of our systems and website / app, prevention or detection of crime and protection of your personal information.To pursue our legitimate interests to ensure our website and app are safe and secure and to ensure they are used in accordance with our Terms of Use (Art. 6(1)(f) GDPR).
Personal Identifiers; Internet or other electronic activity information; and Professional InformationTransactions: To enable any due diligence and other appraisals or evaluations for any actual or proposed merger, acquisition, financing transaction or joint venture contemplated by Nurix.  To pursue our legitimate interests to operate and improve our business (Art. 6(1)(f) GDPR)
Personal Identifiers; Internet or other electronic activity information; and Professional InformationLegal Claims: To defend and enforce our rights including, against legal claims that involve us, and to manage regulatory matters, investigations,  data breaches, and/or data subject requests  To comply with a legal obligation, e.g. to respond to an official request or data subject request (Art. 6(1)(c) GDPR)   To pursue our legitimate interests to defend and enforce our rights (Art. 6(1)(f) GDPR)  

If you are located in the European Economic Area and the United Kingdom: You have a right to object to the processing of your personal information where that processing is carried out for our legitimate interests. Please note however that we may not be able to fulfill such requests in all instances. You are able to request a copy of the legitimate interest assessment carried out by us. Where we need to collect the above mentioned categories of personal information by virtue of a legal obligation or in light of a contract entered or to be entered into with you, and you do not provide this personal information when requested, we may not be able to comply with our legal obligations, provide you with the Services or perform the contract we have or are trying to enter into with you. In such case, we may have to terminate our relationship with you..

III. DISCLOSING YOUR INFORMATION FOR BUSINESS PURPOSES

The following chart describes the categories of Personal Information that we disclosed to third parties for a business purpose in the 12 months prior to the date of this Policy : 

Categories of Consumers’ Personal InformationCategories of Third Parties With Which We Shared Personal Information for a Business Purpose
Personal identifiers: Name, address, email address, social media handle, telephone numbers, and IP address.  Service providers that assist us in operating, analyzing, and displaying content on our website; provide analytics information; provide website hosting, webcast and conference services.
Internet or other electronic network activity information:  Device and browser type and information regarding your interaction with our website, details about your browser, operating system or device.Service providers that provide data security services and cloud-based data storage; host our Sites and assist with other IT-related functions; provide website hosting, webcast and teleconference services; and provide analytics information.
Professional information: Name of current employers and position(s) you hold. Service providers that assist us in providing webcast and conference services.

Additional Information About How We May Share Personal Information

We may also share personal information as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also share your personal information with third parties to help detect and protect against fraud or data security vulnerabilities.  And we may transfer your personal information to a third party in the event of an actual or contemplated sale, merger, reorganization of our entity or other restructuring.

No Sale of Personal Information

We do not sell personal information. 

IV. INTERNATIONAL DATA TRANSFERS

Our Services are hosted in the US. Therefore, when you disclose personal information to us, this personal information will be transferred to the US.

If you are located in the EEA/UK, Nurix may, for the purposes listed in Section II, transfer your personal information to other recipients as referred to above, that are also located in countries outside the EEA/UK, including the U.S., and which are not currently considered by the European Commission and/or UK Government to provide an adequate level of data protection. In these circumstances, Nurix will take steps to ensure that the personal information is protected including by entering into Standard Contractual Clauses or similar (“SCCs”) with the recipient, seeking assurances from the recipient that they have Binding Corporate Rules in place or otherwise relying on a derogation for the transfer (e.g., where the transfer is necessary for the defense of legal claims).

You can request further information on the data transfer solutions relied upon including, a copy of the SCCs by using the contact details in Section X below.

V. YOUR PRIVACY RIGHTS   

In accordance with applicable law, you may have certain privacy rights depending upon the jurisdiction in which you reside. However, please note that the below rights are not absolute and may be subject to limitations.

California Privacy Rights

California Consumer Privacy Act

The California Consumer Privacy Act (CCPA) gives California residents rights described below with respect to their Personal Information.

Your Right To Request Disclosure of Information We Collect and Share About You

We are committed to ensuring that you know what Personal Information we collect. To that end, you can ask us for any or all of following types of information regarding the Personal Information we have collected about you in the 12 months prior to our receipt of your request:

Your Right To Request Deletion of Personal Information We Have Collected About You 

Upon your request, we will delete the Personal Information we have collected about you, except for situations where the CCPA authorizes us to retain specific information, including when it is necessary for us to provide you with a good or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; or comply with or exercise rights provided by the law.  The law also permits us to retain specific information for our exclusively internal use, but only in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with your expectations based on your relationship with us.  We will act on your deletion request within the timeframes set forth below.

Exercising Your Rights and How We Will Respond

To exercise any of the rights above contact us at legal@nurixtx.com.

For requests for access or deletion, we will first acknowledge receipt of your request within 10 business days of receipt of your request.  We will provide a substantive response to your request as soon as we can, generally within 45 days from when we receive your request, although we may be allowed to take longer to process your request under certain circumstances. 

For requests to stop the sale of your Personal Information, we will comply no later than 15 business days after receipt of your request. 

If we expect your request is going to take us longer than normal to fulfill, we will let you know.

We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information in certain situations.  In some cases, the law may allow us to refuse to act on certain requests.  When this is the case, we will endeavor to provide you with an explanation as to why. 

Our Commitment to Allowing You to Exercise Your Rights – Non-Discrimination

If you exercise any of the rights explained in this Policy, we will continue to treat you fairly.  If you exercise your rights under this Policy , you will not be denied or charged different prices or rates for goods or services, or provided a different level or quality of goods or services than others.

Verification of Identity – Access or Deletion Requests

We will ask you for identifying information and attempt to match it to information that we maintain about you. 

If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to your request.  We will notify you to explain the basis of the denial. 

Authorized Agent

You may designate an agent to submit requests on your behalf.  The agent must be a natural person or a business entity that is registered with the California Secretary of State.  

If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our verification process.  Specifically, if the agent submits requests to access, know or delete your Personal Information, the agent will need to provide us with your signed permission indicating the agent has been authorized to submit the opt-out request on your behalf.  We will also require that you verify your identity directly with us or confirm with us that you provided the agent with permission to submit the request.

Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney.  Any such requests will be processed in accordance with California law pertaining to powers of attorney.  

California Shine the Light

California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents that have an established business relationship with a business to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for those parties’ direct marketing purposes in the preceding calendar year.  We do not share personal information with third parties for their marketing purposes. 

California Do Not Track 

Some browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked.  At this time, we do not respond to browsers’ do not track signals.

EEA / UK Privacy Rights

Residents in the EEA and UK have the following privacy rights, subject to applicable limitations:

Right of Access: you have the right to confirm what data is being processed, obtain information about the processing activities and to receive a copy of your personal information;

Right to Rectification: you have the right to request rectification / correction of your personal information where it is inaccurate or incomplete

Right to Erasure: you have the right to request deletion of your personal information.

Right to Restriction: you have a right to ask that we restrict or suppress the processing of your personal information which means that whilst we are permitted to store the personal information we cannot otherwise process it.

Right to Data Portability: you have right to request the transfer of certain personal information to a third party, in machine readable format.

Right to Object: you have the right to object to the processing of your personal information including for any direct marketing purposes.

Right to Withdraw Consent: you have the right to withdraw your consent, at any time, without hindrance or cost, to prevent further processing. Please note that withdrawing your consent does not affect the lawfulness of our processing of your personal information based on such consent before the withdrawal.

If you would like to exercise any of these rights, please contact us as set forth below. We will process such requests in accordance with applicable laws.  To protect your privacy, we take steps to verify your identity before fulfilling your request.

VI. DATA RETENTION

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period, the amount, nature and sensitivity of the personal information are considered, together with the necessity and purposes for the processing (including, whether such purposes can be achieved through other means) and the potential risk of harm from unauthorized use or disclosure of the personal information. In exceptional cases (e.g., in pending litigation matters or where the law requires us to) your personal information may need to be kept for longer periods of time.

VII. SECURITY OF YOUR INFORMATION

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy.  Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us.

VIII. CHILDREN’S INFORMATION

The Services are not directed to children under 16 (or other age as required by local law), and we do not knowingly collect personal information from children.  We do not sell personal information, including the  personal information of minors under 16 years of age.  If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below.  If we learn that we have collected any personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account. 

IX. OTHER PROVISIONS

Supervisory Authority

If you are located in the European Economic Area or the UK, you have the right to lodge a complaint with a supervisory authority.

Changes to Our Privacy Policy

We reserve the right to modify this Privacy Policy at any time, so please review it frequently. If we make changes that materially affect our uses of personal information or your privacy rights, we will announce the changes by providing a notice through our website  and/or, if deemed appropriate, by email.

Third Party Websites

Our Services may contain links to websites and services that are owned or operated by third parties (each, a “Third-Party Service”) which may include features that collect your IP address, which page you are visiting on our Services, and may set up a cookie to enable the links to function properly. Any information that you provide on such sites is provided directly to the Third-Party Service and we are not responsible for their respective content, privacy or security practices and policies. To protect your information, we recommend that you carefully review the privacy policies of all Third-Party Services that you access. Our Services may include access to publicly accessible blogs, forums, or social media pages. Personal information you voluntarily transmit or publish online in such publicly accessible blog, forum, or social media page may be viewed and used by others without any restrictions. Your interactions with these platforms are governed by the privacy policy of the company providing them.t

X. CONTACT US

If you have any questions about our privacy practices or this Privacy Policy, or if you wish to submit a request to exercise your rights as detailed in this Privacy Policy, please contact us at:

Nurix Therapeutics, Inc.
1700 Owens Street, Suite 205
San Francisco, CA 94158
415-660-5320
info@nurixtx.com