Privacy Statement

Morphic Therapeutic is a biotechnology company developing a new generation of oral integrin therapies.  Morphic Therapeutic (or “we”) is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to the Morphic Therapeutic website available at morphictx.com (the “Site”) and informs users of the Site (“users” or “you”) about and governs data collection and usage by us in connection with the Site.

This Privacy Statement forms part of our Terms of Service. By accessing or using the Morphic Therapeutic Site, you acknowledge that you have read, understood and consent to the data practices described in this Privacy Statement and our Terms of Service. If you do not agree to these terms, do not access or use the Site.

Collection of your Personal Information

Morphic Therapeutic collects personally identifiable information, such as your e-mail address, name, home or work address and telephone number.  We collect this information when you contact us or apply for current open job opportunities through the Site.

There is also information about your computer hardware and software that is automatically collected by Morphic Therapeutic. This information can include: your IP address, browser type, domain names, access times and referring Web site addresses. This information is used by Morphic Therapeutic for the operation of the Site, to maintain quality of the Site, and to provide general statistics regarding use of the Site.

Morphic Therapeutic encourages you to review the privacy statements of Web sites you choose to link to from Morphic Therapeutic so that you can understand how those Web sites collect, use and share your information. Morphic Therapeutic is not responsible for the privacy statements or other content on Web sites outside of the Site.

Use and Disclosure of your Personal Information

Morphic Therapeutic collects and uses your personal information to operate the Morphic Therapeutic Site, deliver the services you have requested, and analyze and enhance operation of the Site. Morphic Therapeutic also uses your personally identifiable information to inform you of other products or services available from Morphic Therapeutic and its affiliates. Morphic Therapeutic may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.

Morphic Therapeutic does not sell, rent or lease its user lists to third parties. Morphic Therapeutic may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party. In addition, Morphic Therapeutic may share data, including personal information, with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to Morphic Therapeutic, and they are required to maintain the confidentiality of your information.

Morphic Therapeutic keeps track of the pages our users visit within Morphic Therapeutic, in order to determine what Morphic Therapeutic services are the most popular. This data is used to deliver customized content within Morphic Therapeutic to users whose behavior indicates that they are interested in a particular subject area, to determine which features users like best to help us improve the Site, and to measure overall effectiveness.

If you provide your email address, we will send you administrative emails. If you wish to opt out of emails, you may do so by contacting Morphic Therapeutic at privacy@morphictx.com.

Morphic Therapeutic may disclose your personal information with your consent.

Morphic Therapeutic may disclose any information we collect in connection with the Site, including personal information, to any successor to our business as a result of any merger, acquisition, asset sale or similar transaction.

Morphic Therapeutic will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Morphic Therapeutic or the Site; (b) protect and defend the rights or property of Morphic Therapeutic; and, (c) act under exigent circumstances to protect the personal safety of users of Morphic Therapeutic, or the public.

Use of Cookies

The Morphic Therapeutic Web site use “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize Morphic Therapeutic pages, or register with the Site, a cookie helps Morphic Therapeutic to recall your specific information on subsequent visits. This simplifies the process of recording your personal information. When you return to the Site, the information you previously provided can be retrieved, so you can easily use the Morphic Therapeutic features that you customized.

You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Site.

Security of your Personal Information

Morphic Therapeutic secures your personal information from unauthorized access, use or disclosure. Morphic Therapeutic secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information is transmitted through the Site, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.

WE TAKE THESE PRECAUTIONS IN AN EFFORT TO PROTECT YOUR INFORMATION AGAINST SECURITY BREACHES. HOWEVER, THIS IS NOT A GUARANTEE THAT SUCH INFORMATION MAY NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF SUCH FIREWALLS AND SECURE SERVER SOFTWARE. BY USING OUR SITE, YOU ACKNOWLEDGE THAT YOU UNDERSTAND AND AGREE TO ASSUME THESE RISKS.

Privacy Settings/Opt Out

If you would like your name and email address permanently removed from our database, please contact us at privacy@morphictx.com. We will promptly delete your name and email address and you will no longer receive email from Morphic Therapeutic. Your removal from the mailing list or database will not remove data you have submitted to us or records of past use of the Site, nor delete information stored in our data backups and archives. Such data will be maintained and/or deleted in the ordinary course of Morphic Therapeutic’s business.

California Online Privacy Protection Act Notice

On September 27, 2013, California enacted A.B. 370, amending the California Online Privacy Protection Act to require website operators like us to disclose how we respond to “Do Not Track Signals”; and whether third parties collect personally identifiable information about users when they visit us.

(1) We do not track users who do not interact with our sharing functionality across the web, and therefore do not use “do not track” signals.

(2) We do not authorize the collection of personally identifiable information from our users for third party use through advertising technologies without separate member consent.

California Civil Code Section 1798.83 also permits our users who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes.  To make such a request, please send an email to privacy@morphictx.com.  Please note that we are only required to respond to one request per user each year.

General

Amendments: Morphic Therapeutic may modify or amend this Privacy Statement from time to time. If we make any material changes, as determined by Morphic Therapeutic, in the way in which personal information is collected, used or transferred, we will notify you of these changes by email or by posting a modified version of this Privacy Statement on our Site. Notwithstanding any modifications we may make, any personal information collected by Morphic Therapeutic from you will be treated in accordance with the Privacy Statement in effect at the time information was collected, unless we obtain your consent otherwise.

Children: Morphic Therapeutic does not knowingly collect or maintain personally identifiable information from persons under 13 years of age, and no part of the Site is directed at persons under 18. If you are under 18 years of age, then please do not use the Site. If Morphic Therapeutic learns that personal information of persons less than 13 years of age has been collected without verifiable parental consent, then Morphic Therapeutic will take the appropriate steps to delete this information. To make such a request, please contact us at privacy@morphictx.com.

Service Visitors from outside the United States: Morphic Therapeutic and its servers are located in the United States and are subject to the applicable state and federal laws of the United States. If you choose to access or use the Site, you consent to the use and disclosure of information in accordance with this privacy statement and subject to such laws.

Contact Information

Morphic Therapeutic welcomes your comments regarding this Privacy Statement. If you believe that Morphic Therapeutic has not adhered to this Statement, please contact Morphic Therapeutic at privacy@morphictx.com. We will use commercially reasonable efforts to promptly investigate and remedy the problem.

Effective Date of this Privacy Statement: September 21, 2018

Last Updated: September 21, 2018

SUPPLEMENTAL EUROPEAN PRIVACY NOTICE

European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data (“EU GDPR”) requires us as the data controller to provide additional and different information about its data processing practices to data subjects located in the European Economic Area (“EEA”).  If you are a data subject within the EEA, this Supplemental European Privacy Notice applies to you in addition to the provisions above.

1.                   HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when applicable law allows us to do so.  Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract that we are about to enter or have entered with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.
  • Necessary for scientific research purposes.

We may also use your personal data in the following situations, which are likely to be rare:

  • Where we need to protect your interests (or someone else’s interests).
  • Where it is needed in the public interest or for official purposes.

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us. 

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need additional details about the specific legal ground that we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/ActivityCategory of personal dataLawful basis for processing including basis of legitimate interest
To register you as a new client, contractor or employee.(a) Identity
(b) Contact
Performance of a contract with you
To process and deliver your service or order including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests
• to recover debts due to us.
To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to leave a review or take a survey
(c) As an employee
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Financial
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests
• to keep our records updated,
• to study how customers and clients use our products/services;  and,
• to administer our employee relationships
To enable you to complete a survey(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests
• to study how customers use our products/services; and
• to develop them and grow our business.
To administer and protect our business and our intranet and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Profile
(d) Technical
(e) Usage
(a) Necessary for our legitimate interests
• for running our business and employee relationship,
• provision of administration and IT services, network security,
• to prevent fraud and
• in the context of a business reorganisation or group restructuring exercise.
(b) Necessary to comply with a legal obligation
To administer and protect our business and our intranet and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) 
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical
Necessary for our legitimate interests
• to study how customers use our products/services,
• to develop them,
• to grow our business and
• to inform our marketing strategy.
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences(a) Technical
(b) Usage
Necessary for our legitimate interests
• to define types of customers for our products and services;
• to keep our website updated and relevant;
• to develop our business; and,
• to inform our marketing strategy.
To make suggestions and recommendations to you about goods or services that may be of interest to you(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
Necessary for our legitimate interests
• to develop our products/services; and,
• to grow our business)
To conduct a research program(a) Identity
(b) Contact
(c) Financial
(d) Special Categories (Health Data)
Necessary for our legitimate interests
• to improve healthcare; and
• to conduct and analyse the research study.
Necessary for scientific research purposes

2.                   CLINICAL TRIAL DATA

We undertake clinical studies within the EU and we will use information from subjects’ medical records and other health data in order to improve healthcare.  As a pharmaceutical organisation, we have a legitimate interest in using information relating to your health for research studies, when you agree to take part in a research study. Our exception to the general provision at Article 9(1) GDPR not to process special categories of data is that processing is necessary for scientific research purposes in accordance with Article 89(1) GDPR. This means that we will use your data when we act as the data controller for such studies, collected in the course of a research study, in the ways needed to conduct and analyse the research study. Your rights to access, change or move your information are limited, as we need to manage your information in specific ways in order for the research to be reliable and accurate. If you withdraw from the study, we will keep the information about you that we have already obtained. To safeguard your rights, we will use the minimum personally-identifiable information possible.

3.                   CHANGE OF PURPOSE

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

4.                   INTERNATIONAL TRANSFERS OF PERSONAL DATA

We are based outside the European Economic Area, so the processing of your personal data may involve a transfer of data outside the EEA.  Information on how to contact the DPO can be found in Section A of this Notice (“How to Contact Us”).

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Regarding transfers to the US, we are required to incorporate the model clauses in agreements for transfer provided by the European Commission in order to provide similar protection to personal data shared within Europe.

5.                   HOW LONG WE RETAIN YOUR PERSONAL DATA

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

6.                YOUR DATA PROTECTION RIGHTS

Under certain circumstances, visitors from within the EEA have the following data protection rights:

  • access to your personal data.
  • correction of your personal data.
  • erasure of your personal data.
  • object to processing of your personal data.
  • restrict of processing your personal data.
  • transfer of your personal data.
  • withdraw consent to any consent that you have previously given.

If you wish to exercise any of the rights set out above, please contact our DPO at sar@thedpo.co.uk.  You can also contact the Supervisory Authority in the country of your residence within the EU for advice or to make a complaint.  Please be aware that your rights in relation to clinical research data may be limited.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights).  However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.  Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.  We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month.  Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests.  In this case, we will notify you and keep you updated.