Privacy Policy

Harpoon Therapeutics Website Privacy Notice 

10/26/23
 

SCOPE

This Privacy Notice describes how Harpoon Therapeutics (“Harpoon”, “we,” “our,” or “us”), as a Data Controller, processes personal data that we collect through our digital or online properties or services that link to this Notice (including as applicable, our website, social media pages, marketing activities, live events and other activities described in this Notice (collectively, the “Services”).

Harpoon may provide additional or supplemental privacy policies that apply to specific services, such as privacy notices that govern our data processing activities related to your role as a clinical trial or study participant. To the extent those policies or notices apply and conflict with this Notice, those policies govern our interactions with you.

NOTICE TO EUROPEAN USERS: Please see the European Notice section for additional information for individuals located in the European Economic Area or United Kingdom (which we refer to as “Europe”, and “European” should be understood accordingly) below.

General warning and use of social media.

Access to the website implies the user’s full and unreserved acceptance of this Notice as well as its general terms of use and the cookies notice included below. The user acknowledges having read the information below.

This Notice is valid for all pages related to the Services. It is not valid for the pages hosted by third parties to which We may refer and whose privacy notices may differ. We cannot therefore be held responsible for any Personal Data Processed on these websites or by them. This Notice also applies to any other website we may operate, including our LinkedIn and X (Twitter) company pages.
 

Personal Data We Collect.

Information you provide to us. We collect the personal data you voluntarily provide to us when you access or use the Services. The categories of personal data that we collect directly from you may include the following:

  • Contact information, including first name, last name, email address, phone number, professional title, and company name.
  • Demographic information, including city, state, country of residence, zip code, and age.
  • Professional or employment information, including employer, job title, academic or research expertise or interests, academic position or title, affiliated academic institution or entity, and any other information you choose to provide.
  • Educational information, including information about education history or background.
  • Communications information, based on our exchanges with you, including when you contact us through the Services, social media, or otherwise.
  • Marketing information, such as your preferences for receiving our marketing communications and details about your engagement with them.
  • Other information not specifically listed here, which we will use as described in this Notice or as otherwise disclosed at the time of collection.

Information we receive from third parties. We may combine the information we collect from you with information that we receive about you from other sources, which may include the following:

  • Public and private databases;
  • Business partners and service providers.

Information we collect automatically. When you access and use the Services, we and our business partners or third-party service providers may collect information, such as usage and technical data, automatically from your device, which may include the following:

  • Device data, such as device identifiers (including IP address), your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state, or geographic area.
  • Internet or other electronic network activity information, such as pages or screens you viewed, the date and time you accessed our Services, and how you interacted with our Services; and
  • Geolocation information, including precise, real-time information about the location of the devices you use to access the Services.

Sensitive Categories of personal data. We do not intentionally collect sensitive categories of personal data, such as information about your race, political views, religious views, or health conditions or other protected classifications.


How We Use Your Personal Data

We may use your personal data or other information we collect about you for the following purposes:

  • Identification and authentication: We use personal data to verify your identity when you access and use our Services.
  • Operating the Services: We process your personal data to provide the Services that you have requested, including to deliver confirmations, account information, notifications, and similar operational communications.
  • Communicating with you: We may use your personal data when we communicate with you, in accordance with your preferences, for example to send you information about our Services and other topics that are likely to be of interest to you, including newsletters, updates, or other communications, to respond to your questions or requests concerning the Services offered by Harpoon or our business partners.
  • Informing you of research, clinical trial, and treatment opportunities: If you are healthcare provider or patient, we may use your personal data to identify research studies, clinical trials, treatments, and similar opportunities that may be of interest to you and, as appropriate, we may communicate with you regarding any such opportunities. Where necessary, we will obtain your consent before sending such communications. If you choose to participate in any opportunities, as patient or provider, the personal data collected from you as participant may be subject to additional and different privacy notices.
  • Complying with our obligations: We may process your personal data to (i) fulfill the terms of any agreement you have with us and enforce the terms and conditions governing the Services, (ii) carry out fraud prevention checks, (iii) comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities, (iv) audit our internal processes for compliance with legal and contractual requirements or our internal policies, (v) defend our, your or others’ rights, privacy, safety or property (including by making and defending legal claims), and (vi) prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
  • In the context of a transaction involving our business: We may process information about you to facilitate the financing, securitization, insuring, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets.
  • Customizing your experience: When you use the Services, we may use your personal data to improve your experience of the Services, such as by providing interactive or personalized elements on the Services and providing you with content based on your interests.
  • Creating de-identified, aggregated, or anonymized information: We may create and use de-identified, aggregated, or anonymized information to help us analyze the use of the Services. We may use and disclose such information with other third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.


How We Disclose Your Personal Data

We may disclose your personal data with third parties under the following circumstances which may include:

  • Our affiliates: We may disclose personal data with our affiliated entities for their own research and analytics purposes or for internal reporting purposes.
  • Service providers and business partners: We may disclose your personal data with our service providers and business partners that perform services for us including third-party providers for website hosting, maintenance, business operations, and identity verification.
  • Professional advisors: We may disclose personal data with professional advisors such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
  • Parties to a corporate transaction: We may disclose personal data to facilitate the financing, securitization, insuring, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets, including disclosing your information to an acquiring entity.
  • Law enforcement agencies, courts, or other government authorities or third parties where required by law: We may share your personal data with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.


Your Choices

In this section, we describe the rights and choices available to all users. Users who are located Europe can find additional information about their rights below.

  • Opt-out of communications: You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails. 
  • Do Not Track: Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.


International Data Transfer

Any information you provide to us or that we automatically collect will be processed in the United States and may be transferred to other jurisdictions. By using our Services or submitting information, you explicitly authorize its processing in the United States and subsequent transfers outside the United States.

For more information about how we transfer the personal data of individuals based in Europe, please see the ‘European Notice’ below.  


Children’s Information

The Services are not intended for or directed to individuals under the age of sixteen (16). If a parent or guardian becomes aware that his or her child has directly provided us with personal data, please contact us by using the contact information below. If we learn that we have collected personal data through the Services from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.


Security

Harpoon uses commercially reasonable and appropriate physical, electronic, and procedural safeguards to protect personal data against loss or unauthorized access, use, modification, or deletion. However, we cannot guarantee the absolute security of personal data or other information.


Changes to the Privacy Notice

We may modify or update this privacy notice from time to time. If we make any revisions that materially change the ways in which we process your personal data, we will notify you of these changes before applying them to that personal data. We may notify you by email or other reasonable means, including through notifications on the Services.


How to Contact Us


European Notice

The information provided in this European Notice applies only to individuals in the United Kingdom and the European Economic Area.

Harpoon is the controller in respect of the processing of your personal information covered by this Notice for purposes of the “GDPR” (i.e., the General Data Protection Regulation 2016/679 (“EU GDPR”) and the EU GDPR as it forms part of UK law (“UK GDPR”)). See the ‘How To Contact Us’ section for our contact details.

Our Representative in the EU and the UK, in the context of clinical research, is MyDataTrust (MDT).


Legal Bases for Processing

In Europe, we need to have a legal basis to process your personal data. There are different legal bases that we rely on to use personal data, namely:

  • Performance of a Contract: The use of personal data may be necessary to perform the contract that you have with us or to take steps at your request prior to entering into a contract with you. For example, if you are a consumer or a user of our Services, we will use your personal data to carry out our obligations under the contract that we have with you.
  • Consent: We will rely on consent, which, in some cases where local laws allow, may be implied, to use: (i) technical information, such as cookie data, as described in this Notice; (ii) personal data for certain marketing purposes in accordance with your preferences; and (iii) personal data for certain research purposes. You may withdraw your consent at any time by contacting us at the addresses at the end of this Notice. For example, we may obtain certain personal data and sensitive personal data about you from healthcare professionals (including hospitals, clinics, or similar healthcare providers or one of their representatives) that use our products and Services or enter into other business arrangements with us, in which case they are responsible for obtaining and handling any required consents or for having another legitimate basis for processing such information.
  • Public Interest: In limited circumstances, including, in some cases, complaint handling, we may process your information, including sensitive personal data, for reasons of public interest in the area of public health. In particular, Harpoon may process your information in connection with efforts to ensure high standards of quality and safety.
  • Legal Obligations: We may use personal data to comply with legal obligations to which we are subject. For example, we may disclose personal data for regulatory reporting requirements or to law enforcement in accordance with legal process.

 Note that the provision of your Personal Data is not a statutory requirement. The provision of your Personal Data is required in order for us to provide you with our Services. Should you not provide us with the abovementioned Personal Data, we will be unable to provide you, our services.


Data Subject Rights

You may have certain rights regarding your personal data, subject to local data protection laws. These may include the following rights:

  • Access your personal data;
  • Rectify the information we hold about you;
  • Erase your personal data;
  • Restrict our use of your personal data;
  • Object to our use of your personal data;
  • Receive your personal data in a usable electronic format and transmit it to a third party (right to data portability); and
  • Lodge a complaint with your local data protection authority.

If you would like to discuss or exercise these rights, please contact us using the details in the ‘How To Contact Us’ section. We encourage you to contact us to update or correct your information if it changes or if the personal data we hold about you is inaccurate. We may contact you if we need additional information from you in order to honor your requests.

Please note that we may require additional information from you in order to honor your request, and there may be circumstances where we will not be able to honor your request. For example, if you request deletion, we may need to retain certain personal data to comply with our legal obligations or other permitted purposes. We will only use personal data provided in a verifiable consumer request to verify your identity or authority to make the request. If you are submitting a request through an authorized agent, the authorized agent must provide us with your signed written permission stating that the agent is authorized to make the request on your behalf. We may also request that any authorized agents verify their identity and may reach out to you directly to confirm that you have provided the agent with your permission to submit the request on your behalf.

In addition to your rights outlined above, if you are not satisfied with our response to a request you make, or how we process your personal data, you can make a complaint to the data protection regulator in your habitual place of residence.

  • For users in the European Economic Area – the contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en
  • For users in the UK – the contact information for the UK data protection regulator is below:
    The Information Commissioner’s Office
    Water Lane, Wycliffe House
    Wilmslow - Cheshire SK9 5AF
    Tel. +44 303 123 1113


International Data Transfer

We may share your personal information with third parties who may be based outside of Europe. In such circumstances, those parties’ processing of your personal information will involve a transfer of your personal information outside of Europe where privacy laws may not be as protective as those in your state, province, or country.

Sharing your personal data as explained above may involve a transfer of personal data to a country outside the European Economic Area (EEA). We are therefore committed to complying with the transfer rules under applicable data protection laws and therefore ensure to:

  • Transfer your Personal Data to countries where the data recipient is located that has been recognized as adequate by the European Commission; or
  • Where a country has not received an adequacy decision from the European Commission, to implement appropriate safeguards, such as the EU Standard Contractual Clauses("SCCs").

You can obtain further information or a copy of or access safeguards under which your personal information is transferred outside of Europe by contacting us using the details in the ‘How To Contact Us’ section.


Cookies

By placing a small file known as a “cookie” on your device, our and our third party providers’ servers passively gather information about all visitors’ use of the Website for the following purposes: statistics collection and analysis, Website optimization, analytics (as described above), market research, and maintenance of user login information. The information that we and our third party providers track with cookies includes, but is not limited to, the type of browser (such as Google Chrome or Internet Explorer) and Internet-connected devices being used to access the Website, your Internet protocol (“IP”) address, your home domain or Internet service provider, your referrer URL (which is the URL for the website that you were viewing prior to visiting the Website), how you were directed to the Website, which specific pages you access on the Website, how long you view each page, the time and date you access our Website and the total number of visitors to the Website and any portions thereof. We, and/or our third party providers, may use the information collected from cookies or similar files on your computer for security purposes (such as authentication), to facilitate site navigation and to personalize your experience while visiting the Website. This data helps us and our third party providers improve our respective product and services. Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Website. For more information, please refer to http://www.allaboutcookies.org/manage-cookies/.