Privacy Policy
Introduction
MIRATI THERAPEUTICS, INC. (“we”, “us”, “our”, “Mirati”, and “organization”) is committed to and recognizes the importance of respecting and protecting your privacy. This Privacy Policy applies to our collection and use of personal information through our websites or mobile applications (together, the “Site”) and through our offline business-related interactions with you. We encourage you to carefully read this Privacy Policy and click on the available links below if you are interested in additional information on a particular topic. Mirati wants you understand how and why we process personal information. After review, if you do not agree with our use of your personal information as described in this Privacy Policy, please do not use the Site or otherwise provide personal information to us.
The protection of your personal information is a commitment we take seriously. We evaluate our privacy policies and procedures to implement enhancements and improvements on a consistent basis. In the event we do make significant alterations to this Privacy Policy, we will place a notice prominently on this Site before the changes become effective. This Privacy Policy is incorporated into and made a part of Mirati’s Terms of Use.
Below is a list of topics related to privacy and the collection of personal information. Please review each item and if interested, click on a topic.
Mirati collects Personal Information from numerous sources, including:
- Directly from you, your references or other sources provided by you. For example, when you enquire about our targeted oncology therapeutics, contact us via the Site, apply for employment, ask to be a clinical study participant or a principal investigator in one of our clinical studies, or in any way engage with us or our personnel;
- Cookies and automated technologies, such as when you interact with our website;
- Third party vendors, which may include those vendors, suppliers, contractors or business partners that provide services for us (e.g. market research vendors or adverse event reporting);
- Government officials or entities; and
- Publicly available sources.
“Personal Information” is defined as any information that relates to you directly or indirectly, by reference to an identifier, location, or factors specific to physical, physiological, genetic, economic, cultural or social identity. Mirati may collect and process the following Personal Information about you:
- Contact information, such as your name, email address, phone number, address, company affiliation, or job title;
- Access information, such as your log-in username and password details;
- Online and technical identifiers, such as your IP (Internet Protocol) address and cookies;
- Professional credentials, such as curriculum vitae/resume, work history, qualifications or any other type of information that may be included on a resume or curriculum vitae;
- Demographic and health data information;
- Communication and correspondence information, such as the content of communications you send us to report a problem or to submit a query, or your response to a survey;
- Financial and government identifying numbers, such as U.S. social security numbers for payment processing purposes in the U.S.;
- Identification information, including biographical and contact data;
- Banking information collected for payment processing purposes;
- Health data collected for the conduct of clinical studies;
- Your unique patient identifier which is assigned to you in the event you participate in one of our clinical studies;
- Genetic data;
- Biometric data, which is data relating to physical or biological characteristics; and
- Any other information that you or an authorized party provides to us that can be used to identify you.
Mirati will share your Personal Information within our organization, at your direction, as disclosed to you at the time of collection, or in the following circumstances:
- Services by Third Party Providers: We may provide your Personal Information to our service providers that help us run and manage our organization and process Personal Information solely on our behalf. The categories of service providers may include delivery services, financial institutions, clinical research organizations, central laboratories, clinical database companies, payroll and benefit companies, and specialty pharmacies, among others.
- Corporate Transaction: In the event Mirati is involved in a merger, reorganization, acquisition or sale of all or a portion of our assets, or other corporate transaction, we may disclose your Personal Information as part of that transaction.
- Third Party Collaborators: We may share your Personal Information with other companies with which we collaborate regarding your participation in a clinical study as follows:
- contract research organization services;
- safety and pharmacovigilance software and related services;
- data storage and archiving software and related services;
- data analytics and reporting software and services;
- services related to the collection, storage, testing, and transportation of biological material;
- software that randomly decides which treatment you will receive during the clinical study; and
- electronic data capture software and hardware.
Some of these third party collaborators may be located outside of the United States, European Union or the European Economic Area. In some cases, data protection authorities may not have determined that those countries’ data protection laws provide a level of protection equivalent to U.S. or European Union law. We will only transfer your Personal Information to third parties in these countries when there are appropriate safeguards in place. These may include the European Commission-approved standard contractual data protection clauses. To access these standard contractual data protection clauses, please contact our Data Protection Officer.
- As Required By Law: We may disclose your Personal Information if we determine that the disclosure is necessary: (i) to comply with any law applicable to us, a request from law enforcement, a regulatory agency, or other legal process; (ii) to protect the legitimate rights, privacy, property, interests or safety of Mirati, our business partners, personnel, or the general public; (iii) to pursue available remedies or limit damages; (iv) to enforce our Terms of Use ; or (v) to respond to an emergency.
We may collect and use your Personal Information with your consent for the specific purpose identified in the individual notice given at the point of collection or in order to manage or fulfill our contractual relationships. For example, in some circumstances, processing of your Personal Information is necessary to fulfil our or your (at your request) obligation in an employment or service contract. In addition, we may need to collect and process your Personal Information to comply with our legal obligations and/or fulfill our legitimate interests.
We are committed to collecting and processing your Personal Information in a lawful and transparent manner. For further details on the legal bases Mirati assigns for data collection and use, please reference the below table.
Use of your Personal Information | Categories of Personal Information we Process | Source of the Personal Information | Legal Basis |
---|---|---|---|
Obtain your subscription preferences and send surveys, questionnaires, event related materials, or commercial communications | Contact information and other information you provide, such as your topic preferences and areas of interest | You | Consent: To obtain your subscription preferences and send you commercial communications
Legitimate interests: To provide you with surveys, questionnaires, information you need and services you request |
Respond to inquiries and fulfill requests | Contact information and other information you provide, such as your requests | You | Legitimate interests: To provide you with information you need and other services you request and to efficiently communicate with you |
Enter into or perform a contract | Contact information and other information you provide | You | Contract: To conduct our normal course of business |
Comply with applicable laws, regulations, codes, court order or other legal obligations (e.g., pharmacovigilance obligations, financial disclosure requirements) | Contact information and other information you provide | You | Legal obligation: To comply with applicable legal obligations |
Fraud and security monitoring | IP address | You and your network provider | Legitimate interests: To protect your information |
Register you for events and deliver event-related materials | Contact information and other information you provide, such as your preferences for the event | You | Legitimate interests: To enable your attendance at our events and to deliver you event materials
Contract: As may be described in a written agreement or on the registration page for the event |
Perform website analytics | Technical information and other information we collect, such as demographics, behavior tracking, and event tracking | First and third-party analytics cookies | Consent: To understand more about our Site visitors (what pages you view, how long you visit, your devices, etc.) in order to improve our services |
Reviewing requests to participate in clinical studies and screening eligibility for enrollment | Contact information, clinical study participant qualification information, and other information relevant to your eligibility and qualifications to participate in clinical studies sponsored or conducted by us. | You and your healthcare provider | Legitimate interest: To ensure research subjects are eligible and appropriate for the studies we sponsor or conduct
Consent: For collection of health data to assess your eligibility to participate in clinical studies |
Your participation in a clinical study | Identification information, including biographical and contact data; health data; your unique patient identifier which is assigned to you for the clinical study; genetic data; and biometric data, which is data relating to physical or biological characteristics | You, your healthcare provider or a third party we engage to assist in conducting the clinical study | Consent: Informed consent form signed prior to any study related activities |
Recruiting personnel for employment | Contact information, recruitment information, and other information relevant to potential recruitment by Mirati | You, your references, your former employers | Pre-contractual Measures: To recruit and evaluate potential candidates to join Mirati
Legal obligations: To comply with applicable legal obligations, including for employment law purposes |
Sharing for the provision of information about our targeted oncology therapeutics | Contact information and other information you provide | You | Contract: To allow for the secure transfer and processing of personal data |
Management of the Expanded Access Program to investigational medicines prior to regulatory approval | Contact information and other information you provide | You | Legitimate Interests: to provide you with the information you need about applying for the Expanded Access Program |
We may also aggregate or de-identify your Personal Information so that it can no longer be used to identify you. This aggregated or de-identified information may be used for any purpose permitted by law and is no longer subject to this Privacy Policy.
Our Site automatically collects certain information when you use our Site, such as your IP address, browsing history (including without limitation search terms and clickstream data), device type, operating system information and other usage information about your use of the Site. We collect this information to analyze trends and statistics as well as for site administration purposes. We use cookies and other similar technologies to manage and customize your experience through our Site. If any of this information can be used to identify you because, for example, we link it to your Personal Information, we will treat such information as Personal Information. You may choose to decline cookies. You have the ability to delete cookie files from your hard drive at any time.
Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. Mirati leverages third-party analytics and market performance tools in the administration of its websites. As a result, we have employed best practices and policies to respect browsers using the DNT signal. Mirati respects this tag through applied policies in software developed for us as well as our use of tools to help provide better services and messaging to clinical data subjects and healthcare professionals. Mirati assumes no liability for policies of or failure to comply with the DNT signal by our partners or vendors.
Please read our Cookies Policy for more information about our collection of your data through cookies and other technical processes.
We will keep your Personal Information for as long as necessary to fulfill the purposes for which we collected it, including any legal, professional, accounting or reporting requirements. We will not keep your data longer than what is authorized by the law. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information, whether we can achieve those purposes through other means, and all applicable legal requirements. If you would like to know more about how long we keep your Personal Information, you can contact our Data Protection Officer using the information listed below.
You may request access and modifications to the Personal Information, other than information described under Legal Requirements below, we maintain about you by contacting us using the contact information below. We will respond to your inquiry within 30 days. If you wish to exercise any of your rights (including the rights of individuals in the European Economic Area (“EEA”) discussed below) or advise us of any changes to your Personal Information, please contact our Data Protection Officer using the contact information provided below. Under the European Union’s General Data Protection Regulation (“GDPR”), a response to a Data Subject Access Request will be provided free of charge, unless the request is deemed to be manifestly unfounded, excessive or repetitive in character. We may charge you a reasonable fee if you request additional copies of your Personal Information or make other requests that are manifestly unfounded or excessive. If we are unable to honor your request, or before we charge a fee, we will let you know why.
In order to comply with applicable law, you understand that we may not be permitted to comply with your request to amend or remove Personal Information that was provided to us by you or a healthcare provider regarding your participation in a clinical study, an adverse event or reaction involving our targeted cancer therapeutics, or required disclosures of your Personal Information as required by court order or other legal or regulatory process.
When interacting with us, you may come across links or references to third party websites and services that we do not operate or control. If you provide your Personal Information to that third party through its websites or services, you will be subject to that third party’s privacy practices and policies and terms of use. This Privacy Policy does not apply to any Personal Information that you provide to a third-party website or service. We recommend that you read the privacy policy that applies to that third party website or service. A link or reference to a third-party website or service does not mean that we endorse that third party, or the quality or accuracy of the information presented on its website or service.
California Civil Code Section 1798.83 permits individual California residents to request certain information regarding our disclosure of certain categories of Personal Information to third parties for those third parties’ direct marketing purposes. To make such a request, please contact us using the information in the “Contact Us” section below. This request may be made no more than once per calendar year, and we reserve our right not to respond to requests submitted other than to the email or mailing addresses specified below.
Mirati is committed to complying with this Privacy Policy and data protection laws, including those outside of the United States, that apply to our collection and use of your Personal Information. Your personal information could be transferred to countries located outside your country or region, including to countries that may not provide a similar or adequate level of protection to that provided by your country or region. For example, if you are located in the EEA, we may transfer your personal information to the United States or other countries outside of the EEA. By providing us with your Personal Information and using our Site, you acknowledge that your Personal Information may be transferred and processed outside your country or region. Mirati will take all the necessary measures to ensure that any transfers of your personal information comply with those data protection and privacy laws as well as with specific rules included in European data protection laws. If you would like to know more about how we protect your Personal Information, you can contact us using the information in the section “Contact Us” at the end of this Privacy Policy.
For the transfer of personal information from the EEA and Switzerland to any countries not recognized by the European Commission as providing an adequate level of data protection according to EEA standards, we have implemented adequate measures to protect the personal information, such as by ensuring the recipient is bound by standard contractual clauses (“SCCs”) adopted by the European Commission. If you are located in the EEA or Switzerland, you can request more information about these measures by contacting us at the address or email address in the “Contact Information” section below.
Standard Contractual Clauses Framework
Mirati has entered into contractual relationships that adhere to the SCCs as adopted by the European Commission regarding the processing of personal information transferred from organizations in the European Union and Switzerland to the U.S. To learn more about data transfers under the SCCs click here.
The SCCs cover both “personal information,” which means any information from which an individual can be directly or indirectly identified, as well as “sensitive personal information,” which means personal information revealing an individual’s racial or ethnic origin, political opinions or membership of political parties or similar movements, religious or philosophical beliefs, membership of a professional or trade organization or union, physical or mental health, including any opinion thereof, sex life, and, where permitted by applicable law, criminal offences and alleged offences, criminal records or proceedings with regard to criminal or unlawful behavior. Where the individual is based in Switzerland, the definition of sensitive personal information also includes personal information revealing an individual’s ideological views or activities, information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.
The SCCs apply to personal information both in electronic or paper form, including personal information and sensitive personal information from agents, consultants, contractors, vendors, service providers, business associates, healthcare professionals, patients, clinical study participants and others.
Mirati shall remain liable under the SCCs if an agent uses or discloses personal information received from Mirati in a manner inconsistent with the SCCs, unless Mirati proves that it is not responsible for the event giving rise to the damage.
With respect to personal information transferred or received pursuant to the SCCs, Mirati is subject to the investigatory and enforcement powers of various privacy protection authorities. In certain instances, Mirati may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you are located in the EEA and we maintain your Personal Information, you have the following additional rights (under the GDPR) with regard to your Personal Information. Note that some of these rights may not be exercisable if you are a patient or may only be exercisable for reasons related to your particular situation.
- Right to be informed: You have the right to obtain from our Data Protection Officer confirmation as to whether or not personal data concerning you are being processed and, where that is the case, all necessary information to make the process transparent.
- Right to access and receive: You may request a copy of or access to the Personal Information we hold about you.
- Right to portability: You may request that we transfer your Personal Information to a third party in a machine-readable format.
- Right to correct: You may ask us to update or correct inaccurate or incomplete Personal Information we hold about you.
- Right to limit or restrict: You may have the right to request that we stop using all or some of your Personal Information or to limit our use of it.
- Right to erase: You may have the right to request that we delete all or some of your Personal Information. This right may be limited if we have collected your Personal Information for research purposes.
- Right to withdraw consent: You have the right to withdraw any consent you have previously given to Mirati at any time. Your withdrawal of consent does not affect the lawfulness of our collecting, using, and sharing of your Personal Information prior to the withdrawal of your consent. Even if you withdraw your consent, we have the right to use your Personal Information if it has been fully anonymized and cannot be used to personally identify you.
- Right to complain: You have the right to lodge a complaint with your Supervisory Authority or with the Supervisory Authority where the alleged violation took place.
Mirati reserves the right to modify this Privacy Policy at any time. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on the Site.
We implement technical and organizational measures designed to ensure your Personal Information is protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. For example, we limit our collection and use of your Personal Information to the extent necessary to provide you with our services. If you would like to know more about how we protect your Personal Information, you can contact our Data Protection Officer using the information listed below.
MIRATI THERAPEUTICS, INC. is the data controller of the Personal Information collected under this Privacy Policy. We welcome your questions and comments about this Privacy Policy or how we process your Personal Information. Please contact us using the information below and we will respond to you within 30 days.
MIRATI THERAPEUTICS, INC.
9393 Towne Center Drive, Suite 200
San Diego, CA 92121 USA
Email: privacy@Mirati.com
If you are located in the EEA and have a question about your Personal Information, please contact:
Name: DPO_Consulting
Address: 18 Rue de Pasquier, 75008 Paris, France
Phone: +33 1 55 06 16 86
Email: Mirati@DPO-Consulting.com
If you are a patient in a clinical study and have a question about your Personal Information, please contact your healthcare provider.