Effective Date: September 25, 2024
Thank you for your interest in Calico Life Sciences LLC (“Calico”). Calico is sensitive to privacy issues, and it is important to us to protect Personal Information entrusted to us. As you visit our website and learn more about our company, please take a moment to review this Privacy Policy, which explains what Personal Information we collect, how we use Personal Information, and how you can exercise your privacy rights.
This Privacy Policy applies to the Personal Information processed by Calico through our business operations and our websites (collectively, the “Services”). As used in this Privacy Policy, “Personal Information” has the meaning given to it under the law where you live, but typically refers to information that can be used to identify you as an individual; meanwhile our activities taken with respect to your personal information are referred to as “processing.”
Note: Any Personal Information we process on behalf of, or in partnership with, our clinical research partners is subject to: (1) the terms of our agreements with our research partners, (2) the informed consent signed by the individuals to whom the information relates (such as sample donors and research participants), and (3) all regulatory and data protection requirements – not the terms of this Privacy Policy. Further, if you are a Calico worker or job applicant, you will find details about how we process your Personal Information in our Worker and Applicant Privacy Notice, which is separate from this Privacy Policy.
Information We Collect
The categories of Personal Information we may collect and our privacy practices depend on the nature of the relationship you have with Calico and the requirements of applicable law. We endeavor to collect information only relevant for our business needs.
- Information you submit. We collect information whenever you provide it to us directly, such as when you enroll in an event or program or seek to partner with us. Such information includes your full name, the company or institution where you work, your email address, and other information regarding your interest in us. We also collect information you submit directly via email or when you click on our website links such as “[email protected]”.
- Cookies and similar technologies. We, as well as third parties that provide content or other functionality, may use cookies, and other technologies to automatically collect information. Our uses of these technologies fall into the following general categories:
- Operationally Necessary. This includes Technologies that identify irregular site behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality;
- Performance Related. For example, example we may use Technologies to assess the performance of our websites or mobile applications, including analytic practices to help us understand how our visitors use websites and mobile applications;
- Functionality Related. For example, we may use Technologies that allow us to offer you enhanced functionality when accessing our websites or mobile applications. This may include identifying you when you sign in or keeping track of your specified preferences, interests, or past items viewed;
- We may use Google Analytics to collect information regarding visitor behavior on our Site to aid website content development. This analytics data is not tied to any Personal Information. For more information about Google Analytics, please visit this site. You can opt out of tracking and Google Analytics processing of data generated by your use of the Services by opting out here.
Calico may provide websites and online resources that are specifically designed to be compatible and used on mobile devices. Calico will collect information that your mobile device sends when you use such websites or online resources, like a device identifier, user settings, and the operating system of your device, to help customize the appearance of website information to your device.
When you view content provided by Calico on our website, we may automatically collect and store certain information in server logs. This may include: Internet Protocol (IP) address, device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL, and cookies that may uniquely identify your browser.
For more information regarding your choices with respect to these technologies, please see “Transparency and Choice” below.
How We Use Information We Collect
We primarily use the information to advance our research or to support our relationship with you. We may also use information to develop, maintain, protect, and improve our web site and to protect Calico and our users and partners. Specific reasons we may process and use the information include:
- Administrative purposes. Calico may use the information collected for its administrative purposes, including, without limitation, to: (a) measure interest in Calico’s research and our website content; (b) comply with regulatory requirements; (c) manage our agreements and your relationship with us; (d) verify or maintain data integrity or quality; (e) process payments and transactions; and (f) detect and prevent potentially prohibited or illegal activities, such as malicious, deceptive, fraudulent or illegal activity, and prosecute those responsible for that activity.
- Site analytics and improvement. Calico uses cookies to identify return visitors, record user preferences, and measure the effectiveness of our site.
- Other uses. Calico may also use the information we collect to: generally manage individual information and accounts; respond to questions, comments and requests; provide access to certain areas and features of the Calico sites; ensure internal quality control; verify individual identity; enable individuals to register for events or participate in seminars; communicate about individual account and activities; at Calico’s discretion, make changes to any Calico policy; process applications and transactions; comply with law or regulatory requirements; undertake activities to verify or maintain the quality or safety of a Service, and to improve, upgrade, or enhance the Service; undertake internal research for technological development and demonstration; detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity; debugging to identify and repair errors that impair existing intended functionality; and for purposes disclosed at the time that individuals provide information or otherwise with consent.
- De-identified and Aggregated Information. We may use personal information to create de-identified and/or aggregated information, such as information about the device from which you access our Services, or other analyses we create.
Transparency and Choice
Where you have consented to Calico’s use of your Personal Information or sensitive Personal Information, you may withdraw that consent at any time and opt out by following the directions provided in the consent you provided (for example, within the informed consent form associated with a clinical trial in which you participate) or, if no such directions were provided, by contacting Calico at [email protected]. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will endeavor to provide information regarding the new purpose and give you the opportunity to opt out as required by applicable law.
- “Do Not Track” / “Global Privacy Control.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Additionally, some browsers or plug-ins use a “Global Privacy Control” (“GPC”), which you can learn more about at https://globalprivacycontrol.org/. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers. However, if our site detects a GPC signal from your device, we will interpret it as either a Do Not Sell request or a request to limit the sale or sharing of personal information for targeted advertising depending on the law applicable to your jurisdiction. Note that we do not currently engage in any data sales or targeted advertising.
- Cookies and similar technologies. You may stop or restrict the placement of cookies and similar technologies on your device or remove them by using the controls we make available in our cookie banner or adjusting your preferences as your browser or device permits. However, note that if you adjust your preferences, our Services may not work properly. Please note you must separately opt out in each browser and on each device.
When Calico Discloses Information
We do not sell Personal Information or share it with companies, organizations, and individuals outside of Calico unless one of the following circumstances applies:
- With your consent. We will share Personal Information with companies, organizations, or individuals outside of Calico when we have your consent to do so. We require opt-in consent for the sharing of any Personal Information relating to sensitive Personal Information (i.e., confidential medical facts, racial or ethnic origins, political or religious beliefs, or sexuality).
- Service Providers. We may share your personal information with our third-party service providers who use that information to help us provide our Services. This includes service providers that provide us with IT support, hosting, payment processing, customer service, and related services.
- With our business partners. We may share Personal Information with our business partners to advance business initiatives or to jointly administer projects.
- Disclosures to Protect Us or Others. We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
- To our Agents/sub-processors for external processing. We provide Personal Information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures. With respect to onward transfers to Agents under the Data Privacy Framework, the Data Privacy Framework requires that Calico remain liable should its Agents process Personal Information in a manner inconsistent with the Data Privacy Framework Principles.
- Business transactions. We reserve the right to disclose or transfer any information we have about you in the event of a proposed or actual purchase, any reorganization, sale, lease, merger, joint venture, assignment, purchase or sale of assets, transition of service to a provider, amalgamation or any other type of acquisition, disposal or financing of all or any portion of our business or of any of the business assets or shares (including in connection with any bankruptcy or similar proceeding). Should such an event occur, Calico will endeavor to direct the transferee to use Personal Information in a manner that is permitted by law and/or contract and/or consistent with this Privacy Policy.
Rights of Access, Rectification, Erasure and Restriction
- General
You have certain choices about your Personal Information. Where you have consented to the processing of your Personal Information, you may withdraw that consent at any time and prevent further processing by contacting us as described below. Even if you opt out, we may still collect and use non-Personal Information regarding your activities on our Services and for other legal purposes as described above. - Your Privacy Rights
In accordance with applicable law, you may have the right to:- Access to/Portability of Personal Information about you consistent with legal requirements. In addition, you may have the right in some cases to receive or have your electronic Personal Information transferred to another party.
- Request Correction of your Personal Information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your Personal Information or we may refer you to the controller of your Personal Information who is able to make the correction.
- Request Deletion of your Personal Information, subject to certain exceptions prescribed by law.
- Request restriction of or object to processing of your Personal Information.
To make a privacy rights request, please use the contact information located at the end of this Privacy Policy. We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request, such as by asking you to answer questions regarding your use of the Services.
Children’s Information
Calico’s Services are not directed to children under 16 (or other age as required by local law), and we do not knowingly collect Personal Information from children. If you learn that your child has provided us with Personal Information without your consent, you may contact us as set forth below. If we learn that we have collected any Personal Information in violation of applicable law, we will promptly take steps to delete such information unless we are legally obligated to retain it to protect our rights, and terminate the child’s account.
Data Privacy Framework
Calico complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Calico has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Calico has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
If you are located in the European Economic Area, the United Kingdom, or Switzerland you may seek confirmation regarding whether Calico is processing Personal Information about you, request access to Personal Information, and ask that we correct, amend or delete your Personal Information where it is inaccurate or has been processed in violation of the Data Privacy Framework Principles. Where otherwise permitted by applicable law, you may use any of the methods set out in this Privacy Policy to request access to, receive (port), object to processing (including in some cases automated decision making and/or profiling), restrict processing, seek rectification, or request erasure of Personal Information held about you by Calico. Although Calico makes good faith efforts to provide Individuals with access to their Personal Information, there may be circumstances in which Calico is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question or where it is commercially proprietary. If Calico determines that access should be restricted in any instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. In situations where another method of making requests applies (such as in the context of research), we will provide you with information about how to make requests at the time you contact us that are consistent with the information you received when you provided your Personal Information. Such requests will be processed in line with local laws.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Calico commits to resolve DPF Principles-related complaints about our collection and use of your Personal Information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of Personal Information received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Calico’s Privacy Officer by email at [email protected] or by calling US +1 (855) 950-1034. We will respond to your inquiry promptly. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, in compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Calico commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms as described on the Data Privacy Framework Program’s site here.
As explained above in “When Calico Discloses Information” we sometimes provide personal information to third parties to perform services on our behalf. If we transfer personal information received under the Data Privacy Framework to a third party, the third party’s access, use, and disclosure of the personal information must also be in compliance with our Data Privacy Framework obligations, and we will remain liable under the Data Privacy Framework for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.
Calico is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We may be required to disclose Personal Information that we handle under the DPF in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Retention
Calico retains the Personal Information we receive as described in this Privacy Policy for as long as you use our sites or as necessary to fulfill the purpose(s) for which it was collected, resolve disputes, establish legal defenses, conduct audits, enforce our agreements, and to comply with applicable laws.
Information Security
The security of all Personal Information provided to Calico is important to us, and Calico takes reasonable steps designed to protect your Personal Information. Unfortunately, no data transmission over the Internet or storage of information can be guaranteed to be 100% secure. As a result, while Calico strives to protect your Personal Information, we cannot ensure or warrant the security of any information you transmit to Calico, and you do so at your own risk. If you have reason to believe that your Personal Information is no longer secure, please promptly notify Calico at [email protected]. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
By using our Services or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services, by mail or by sending an email to you.
Third-party Sites and Services
Our Privacy Policy does not apply to services offered by other companies or individuals, or other sites linked from our website. Our sites may contain links to other websites for your convenience and information. Calico does not control such third-party websites or their privacy practices, which may differ from those set out in this Privacy Policy. Calico does not endorse or make any representations about third-party websites. Any Personal Information you choose to give to unrelated third parties is not covered by this Privacy Policy. Calico encourages you to review the privacy policy of any company or website before submitting your Personal Information. Some third parties may choose to share their users’ Personal Information with Calico; that sharing is governed by that company’s privacy policy, not this Privacy Policy.
Other Important Information & Changes to this Privacy Policy
Calico may update this Privacy Policy from time to time as it deems necessary in its sole discretion. If there are any material changes to this Privacy Policy, Calico will notify you as required by applicable law. Calico encourages you to review this Privacy Policy periodically to be informed regarding how Calico is using and protecting your information and to be aware of any policy changes. Any changes to this Privacy Policy take effect after being posted or otherwise provided by Calico.
CALIFORNIA NOTICE AT COLLECTION AND SUPPLEMENTAL NOTICE FOR RESIDENTS OF CERTAIN U.S. STATES
This Notice at Collection and Supplemental Notice is for residents of states that have adopted comprehensive privacy legislation and others that may come into effect from time to time, including, but not limited to, California, Connecticut, Colorado, Utah and Virginia (collectively, “Applicable State Laws”).
Personal Information we collect and share
As more fully described in the section titled “Information We Collect”, the sources from which we collect personal information include directly from you when you interact with us, automatically from you when you use our sites and Services, for example through cookies and similar technologies.
Depending on how you use our Services, the information we may have collected about you, as well as the categories of third parties with whom we have shared this information, are described in the table below.
Category of Personal Information Collected by Calico | Category of Third Parties Personal Information is Disclosed to for a Business Purpose |
---|---|
Identifiers, such as your name, address, email, or other online identifier. | • Service providers • Business partners • Data analytics providers |
Personal information categories, which include your name, address, signature, or telephone number. | • Service providers • Business partners • Data analytics providers |
Internet or other electronic network activity, such as your interactions with our website. | • Service providers • Business partners • Data analytics providers |
Sensory data, such as audio, electronic, visual or similar information, including at events. | • Service providers • Business partners • Data analytics providers |
Use of Personal Information
We may use or disclose Personal Information for the purposes outlined in “How We Use Information We Collect” above. These purposes include:
- To provide the Services to you;
- For our administrative purposes (including security, fraud detection and protection, and improve our Services);
- To process your requests;
- With your consent; and,
- To comply with law and enforce our rights and the rights of others.
Where required under applicable law, we will not collect additional categories of personal information or use the Personal Information we have collected for materially different, unrelated, or incompatible purposes without first providing you notice.
Sales/Sharing of Personal Information
For purposes of certain state laws, Calico does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.
Retention of Personal Information
We store the personal information we collect as described in our Privacy Policy for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, enforce our agreements, and comply with applicable laws, or based upon other criteria, including, but not limited to, the sensitivity and volume of such data. Additionally, we endeavor to retain all such personal information in accordance with legal requirements.
Contact Us
If after reviewing this Privacy Policy, you would like to submit a request, exercise your rights, appeal our decision related to the exercise of your rights, or if you have any questions or privacy concerns, please contact:
Privacy Officer
Calico Life Sciences, LLC
1170 Veterans Blvd.
South San Francisco, CA 94080
Email: [email protected]
Privacy Request Phone Line: (855) 950-1034
Calico will respond to your inquiry and as required by applicable law.