Effective Date: May 3, 2021
We may ask you for some or all of the following types of information when you access various content or features of the Website or submit content, or directly contact us:
At our clinical trial sites, you may also be asked to provide:
Please note that any information taken from you in person may be subject to additional disclosures and/or confidentiality requirements set forth in materials given to you at the time of data collection.
We also may collect certain information automatically when you visit the Website, including:
Do Not Track (“DNT”) is a web browser setting that requests that a web application disable its tracking of an individual user. When you choose to turn on the DNT setting in your browser, your browser sends a special signal to websites, analytics companies, ad networks, plug in providers, and other web services you encounter while browsing to stop tracking your activity. However, because there currently is no industry standard concerning what, if anything, websites should do when they receive such signals, we currently do not take action in response to these signals. You can learn more about Do Not Track here.
We may use information that we collect through the Website or in person for a variety of purposes, including to:
We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.
Gritstone respects the privacy of children, and we are committed to complying with the Children’s Online Privacy Protection Act (COPPA). For that reason, no part of our Site is targeted to attract anyone under the age of 13. Gritstone does not knowingly collect, use, or disclose personal information from children under the age of 13 without prior parental consent, except as permitted by COPPA. Users from ages 13 to 15 must represent and warrant that they are visiting the Site under the supervision of a parent or guardian, and we may ask your parent or guardian to provide prior written consent for you to use the Site. By providing your consent, you agree that we may collect, use, and disclose your child’s Personal Information consistent with this Privacy Notice. If you believe we have information regarding a child under the age of 16 that you have not authorized, you may contact us at email@example.com or use the Webform below to request that we delete it.
Your Choices Regarding Your Personal Data
If you receive emails or other communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the email you receive or by contacting us directly at our contact information below. If you opt out, we may still send you non-promotional emails, such as emails about our ongoing business relations. You may also request changes or updates to your personal information by sending a request at our contact information below.
If you are a resident of or located within the European Economic Area (EEA), you have certain additional data protection rights. These rights include:
Gritstone may collect or process your Personal Information because:
Gritstone will also retain Personal Information and usage data for internal analysis purposes. Usage Data is data collected automatically either generated by the use of the Site or from the Site infrastructure itself (for example, the duration of a page visit). Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Site or we are legally obligated to retain this data for longer periods.
Disclosure for Law Enforcement - Under certain circumstances, Gritstone may be required to disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Gritstone may disclose your Personal Information in the good faith belief that such action is necessary to:
The security of your Personal Information is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
If applicable, you may exercise any of rights under GDPR by submitting a verifiable data subject request to us by using our webform or emailing us at firstname.lastname@example.org. You may make a request related to your personal information or on behalf of someone for which you have authorization. You must include your full name, email address, and attest to the fact that you are a citizen or resident of the EEA by including your country of citizenship or residence in your request. We may require you to confirm your identity and/or legal standing for the request as well as your residency in the EEA in order to obtain the information. We will respond to your request within 30 days or let you know if we need additional time.
Webform: Click Here.
Email Address: email@example.com
Please note that we will ask you to verify your identity before responding to such requests, and we may deny your request if we are unable to verify your identity or authority to make the request.
Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority; however, we hope that we can assist with any queries or concerns you may have about our use of your Personal Information first by contacting us at firstname.lastname@example.org.
For more information about GDPR, please contact your local data protection authority in the EEA.
As described above, Gritstone collects certain types of personal information about you during your relationship with Gritstone. Under California law, if you are a resident of California, you have the right to request certain information that we collect about you, including:
In addition, if we sold or disclosed your personal information for a business purpose, you may request that we provide you with:
As a California resident, you also have the right, at any time, to tell us not to sell Personal Information – this is called the “right to opt-out” of the sale of Personal Information. You also have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
Please note that if we collected information about you for a single one-time transaction and do not keep that information in the ordinary course of business, that information will not be retained for purposes of a request under this section. In addition, if we have de-identified or anonymized data about you, we are not required to re-identify or otherwise link your identity to that data if it is not otherwise maintained that way in our records.
To exercise the access, data portability, Do Not Sell, and deletion rights described in this section, please submit a verifiable consumer request to us by using our webform or calling us with your request at the contact information below. Only you may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You must include your full name, email address, and attest to the fact that you are a California resident by including a California postal address in your request. We may require you to confirm your identity and/or legal standing for the request as well as your residency in California in order to obtain the information, and you are only entitled to make this request twice a year. We will respond to your request within 45 days or let you know if we need additional time.
We may be unable to respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
As a convenience to our visitors, the Website may link to a number of sites, services and other content that are operated and maintained by third parties. These third parties operate independently from us, and we do not control their privacy practices. You are encouraged to use common sense when sharing your Personal Information, and you should be aware when you leave our Site to visit another Site. None of the links on this Site should be deemed to imply that Gritstone endorses the content or has any affiliation with the persons or entities associated therewith. This Privacy Notice does not apply to third-party content. We encourage you to review the privacy policies of any third party to whom you provide information.
Gritstone may work with certain third-party social media providers to offer you their social networking services through our Website. For example, you can use third-party social networking services, including but not limited to Facebook, Twitter, and others to share information about your experience on our Website with your friends and followers on those social networking services. These social networking services may be able to collect information about you, including your activity on our Website. These third-party social networking services also may notify your friends, both on our Website and on the social networking services themselves, that you are a user of our Website or about your use of our Website, in accordance with applicable law and their own privacy policies. If you choose to access or make use of third-party social networking services, we may receive information about you that you have made available to those social networking services, including information about your contacts on those social networking services.
If you have any questions about this Privacy Notice, please contact us at:
Gritstone bio, Inc.
Attn: Compliance Dept.
5959 Horton St., Ste. 300
Emeryville, CA 94608