close

Location

345 Park Avenue South, 6th Floor
New York, NY 10010
(212) 547-9879

Privacy notice

Effective Date:

Privacy & Consumer Health Data Notice

This Privacy Notice is intended to describe how Lexeo Therapeutics, Inc., (“Lexeo”) collects, uses, and shares Personal Data that you submit to us and that we collect through our websites, mobile applications and digital services  (the “Sites”) and other interactions with Lexeo that link to this Notice.

This notice serves as our Notice at Collection under the California Privacy Rights Act.  This Notice also provides required disclosures regarding Personal Data and/or health data under applicable law, including but not limited to the GDPR and the privacy laws of the states of Washington, Nevada, and New York.

INFORMATION WE COLLECT

For purposes of this Privacy Notice, “Personal Data” means any information relating to an identified or identifiable natural person.

We may collect Personal Data as follows:

  • When you communicate with us, sign up for materials, and interact with the Sites. We may collect Personal Data, such as your name, address, phone number, email address, fax number, medical information and business contact information, when you communicate with us or submit information to us.  We may also collect Personal Data when you interact with our Site our utilize Site features, and when you sign up to receive newsletters, updates, or other information.  If you apply for a job via our “Careers” page, or via email, we may collect CV/resume information that you provide. Job applicant information may include your contact information and CV/resume.
  • When we collect data from third parties or publicly-available sources.  We may obtain certain data about you from third-party sources to help us provide and improve the services.  We may combine your Personal Data with data we obtain from our services, other users, or third parties to enhance your experience and improve the services.
  • When we leverage and/or collect cookies, device IDs, location, data from the environment, and other tracking technologies.  We may collect certain Personal Data using cookies and other technologies, such as web beacons, device IDs, geolocation, HTML5 local storage, Flash cookies, and IP addresses. We specifically use browser cookies for different purposes, including cookies that are strictly necessary for functionality and cookies that are used for personalization and performance/analytics. When you visit the Sites, we may also automatically collect certain data about your device, including information about your web browser, IP address, and time zone. Additionally, as you browse the Sites, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Sites, and information about how you interact with the Sites.  Our “Use of Cookies and Similar Technologies” section contains more information and options to control or opt-out of certain data collection or uses.

You are not required to provide all Personal Data identified in this Privacy Notice in order to use the Sites or interact with us; however, if you do not provide the Personal Data requested, we may be unable to provide some or all of the Sites to you or fulfill your request.

USE OF COOKIES AND SIMILAR TECHNOLOGIES

The Sites uses cookies and similar technologies to improve user experience, for performance and analytics, and to improve our content, products, and services.  We also use cookies and similar technologies for purposes of marketing and advertising.

Cookies, as well as other tracking technologies, such as HTML5 local storage, and Local Shared Objects (such as “Flash” cookies), and similar mechanisms, may record information such as a unique identifier, information you enter in a form, IP address, and other categories of data.

We may also use web beacons or “pixels,” and in certain circumstances may collect IP address, screen resolution and browser software and operating system types, clickstream patterns, dates and times that our site is accessed, and other categories of data.

If you want to block the use and saving of cookies from the Sites on to the computers’ hard drive, you should take the necessary steps within your web browser’s settings to block all cookies from the Sites and its external serving vendors.  Please note that if you choose to erase or block your cookies, certain parts of our Site may not function correctly. For information on how to disable cookies, refer to your browser’s documentation. To learn more about your choices for receiving interest-based advertising or other ways to opt-out, please review the information below:

  • DAA: To opt-out of such collection and use for interest-based advertising by the Digital Advertising Alliance (DAA) participating companies, please visit the DAA’s website.
  • EDAA: To opt-out from the use of information about your online activities for interest-based advertising by European Interactive Digital Advertising Alliance (EDAA) member companies, please visit the EDAA’s website.
  • NAI: To opt-out from the use of information about your online activities for interest-based advertising by Network Advertising Initiative (NAI) member companies, please visit the NAI’s website.

HOW WE USE THE INFORMATION WE COLLECT

We may use Personal Data for a variety of different purposes as set out in further detail below.  Subject to applicable law, the purposes for which we use and process Personal Data, and the legal basis for such processing, are set forth below.

  • For our legitimate business Interests. To operate our business and provide the Sites, other than in performing our contractual obligations to you, for our legitimate business interests for the purposes of applicable law, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Legitimate interests may include:
    • To maintain the Sites, our products and services, including for technical support;
    • To communicate with you regarding the Sites, our products and services, including to provide you important notices regarding changes to our Terms of Use;
    • To address and respond to your requests, inquiries, and complaints;
    • To develop, provide, and improve the Sites, our products and services, including to better tailor features, performance, security and support, and for statistical and analytics purposes;
    • For our direct marketing and advertising purposes;
    • For fraud, loss, and other crime prevention purposes;
    • To assist in the investigation of suspected illegal or wrongful activity, and to protect and defend our rights and property, or the rights or safety of third parties;
    • If you apply for a job via our “Careers” page to consider you for employment;
    • To enforce our Terms of Use or agreements with third parties;
    • To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process; or
    • Subject to applicable contractual or legal restrictions, in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction.
  • To comply with legal obligations.  To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process.
  • To protect data subjects’ vital interests.  To protect the vital interests of you or of another person.

In some cases where we are not already authorized to process the Personal Data under applicable law, we may ask for your consent to process your Personal Data:

  • Special Categories of Personal Data.  We generally do not collect or require special categories of Personal Data (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health information, biometric data, or sexual orientation) in order to access our Site.  In the event we may need to collect such information to provide a specific service to you, we will obtain your consent as required by law. If you choose not to provide consent, you may not be able to access all of the features and content of our Site. In certain circumstances, subject to applicable law, we may process or otherwise disclose special categories of Personal Data without consent, such as to protect the vital interests of you or of another person.

HOW WE MAY DISCLOSE INFORMATION

We may disclose Personal Data as described in this Privacy Notice, including:

  • Affiliates.  We may disclose some or all of your Personal Data to our subsidiaries, joint ventures, and other companies under our common control (collectively, “Affiliates”), for the purposes described in this Privacy Notice.  Where we share Personal Data with our Affiliates, we will require our Affiliates to honor this Privacy Notice.
  • Service Providers.  We may disclose Personal Data to business partners, distributors, service providers, marketing partners, and vendors in order to maintain, provide and improve the Sites, our products and services.  We may also share Personal Data for other technical and processing functions, such as sending e-mails on our behalf, technical support, or otherwise operating the Sites/products/services, for analytics, and for marketing purposes. Such third parties may have access to Personal Data only as needed to perform their functions for us, and they may not use Personal Data for other purposes.
  • Digital Advertising Partners. We partner with third parties to manage our advertising on other sites to deliver ads that are more relevant to you. From time to time, we may confidentially share email addresses with our partners for ad targeting. Our third-party partners may use cookies or similar technologies to provide you with advertising based upon your browsing activities and interests. If you do not want us to share your data for digital advertising, please email us at privacy@lexeotx.com
  • Pursuant to Legal Process and Protection of Rights. We may also disclose Personal Data to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful request for information we receive, or as otherwise pursuant to legal process. We may also use and disclose Personal Data to establish or exercise our legal rights, to enforce our Terms of Use, this Privacy Notice, or agreements with third parties, to assert and defend against legal claims, or if we believe such disclosure is necessary to investigate, prevent, or take other action regarding actual or suspected illegal or fraudulent activities or potential threats to the physical safety or well-being of any person.
  • Corporate Transactions.  Subject to applicable law, we reserve the right to sell or transfer Personal Data in the event that we are acquired by or merged with another company or in connection with the potential sale or transfer of some or all of the business assets of the Sites or Lexeo, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction.  If the sale occurs, the purchaser will be entitled to use and disclose the Personal Data collected by us, and the purchaser will assume the rights and obligations regarding Personal Data as described in this Privacy Notice.

De-Identified or Anonymous Data

We may create de-identified or anonymous data from Personal Data by removing data components (such as your name, email address, or linkable tracking ID) that make the data personally identifiable to you or through obfuscation or through other means.

“Sale” of Information

We are not in the business of selling the information we collect about you to others and we do not provide information about you to others in exchange for monetary compensation.  However, certain U.S. state laws define “sale” as disclosing or making available personal information to a third party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third party for purposes of cross-contextual behavioral advertising.

While we do not disclose personal information to third parties in exchange for monetary compensation, our use of third-party analytics and advertising cookies may be considered “selling” and “sharing” in certain jurisdictions. Based on these definitions, we may “sell” or “share” the following categories of personal information: identifiers; commercial information; location information; Internet and network activity information, and sensitive personal information (e.g., your Internet and network activity information when you visit some of our health-related pages on our Sites).

We may disclose these categories to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising and to improve and measure our ad campaigns. We may also share limited information, such as a unique personal identifier with data brokers for purposes of marketing and advertising and to improve and measure our ad campaigns. You may opt out of this sharing of your personal information by emailing us at privacy@lexeotx.com.

DO-NOT-TRACK

Do-Not-Track is a public-private initiative that has developed a “flag” or signal that an Internet user may activate in the user’s browser software to notify websites that the user does not wish to be “tracked” by third-parties as defined by the initiative. The online community has not agreed on what actions, if any, should be taken by the websites that receive the “do not track” signal, and therefore Do-Not-Track is not yet standardized. Please note that the Sites does not alter its behavior or use practices when we receive a Do Not Track signal from your browser.

Information from Children Under 13 Years of Age

We do not knowingly collect information from minors under the age of 13 years without parental consent.  If you become aware that an individual under 13 years of age has provided us with Personal Data without parental consent, please contact us at privacy@lexeotx.com.  If we become aware that an individual under 13 years has provided us with Personal Data without parental consent, we will take steps to remove the data as permitted by law.

LINKS TO OTHER SITES

Our Site may contain links or otherwise provide access to another website, mobile application, or Internet location (collectively “Third-Party Sites”).  We provide these links merely for your convenience.  We have no control over, do not review, and are not responsible for Third-Party Sites, their content, or any goods or services available through the Third-Party Sites. Our Privacy Notice does not apply to Third-Party Sites.  We encourage you to read the privacy policies of any Third-Party Site with which you choose to interact.

CALIFORNIA RESIDENTS

If you are a resident of California, the following information and rights are provided to you as required by the California Consumer Privacy Act of 2018 (“CCPA”).

Exercising your Rights under CCPA

If you wish to exercise your rights under California law, please see the “Contact Us” section below for information on how to contact us to exercise your rights.

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

California Shine the Light Law:

California Civil Code Section 1798.83, known as the “Shine the Light” law, permits individuals who are California residents to request and obtain from us a list of what PII (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. We will never disclose your PII to third parties for direct marketing purposes without your authorization.  However, if you would like to make a request for information under the Shine The Light law, please contact us at the “Contact Us” section below.

Requests may be made only once a year and are free of charge.

YOUR PRIVACY RIGHTS AND CHOICES

We have policies and processes in place to honor your choices with respect to how we process your personal data. These policies and processes adhere to the requirements under applicable laws for data subject rights, including but not limited to the GDPR, CCPA, the Washington My Health My Data Act and the Nevada and the Nevada Consumer Health Data Law.  These rights may include:

  • Request access to, modification or rectification, or deletion. You may have the right to request access to, modification of, correction of, or deletion of your Personal Data we maintain.
  • Request restriction of processing. You may have the right to request that we restrict processing of your Personal Data in certain circumstances, such as where you believe that the Personal Data we hold about you is inaccurate or our processing is unlawful.
  • Object to processing. In certain circumstances, you may have the right to request that we stop processing your Personal Data, such as a request to stop sending you direct marketing communications. To opt-out of direct marketing communications, please see the instructions in the “Withdrawing Your Consent” section of this Privacy Notice.
  • Data portability. In certain circumstances, you may have the right to receive the Personal Data concerning you that you provided to us or to request that we transmit your Personal Data to another data controller.
  • Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority.

To exercise your rights, you may contact us as at privacy@lexeotx.com.  We will respond to your request promptly in accordance with legal requirements. As permitted by law, certain data elements may not be subject to access, modification, portability, restriction, and/or deletion.  To protect your privacy and security, we may take steps to verify your identity in order to respond to your request. In addition, you may contact the relevant data protection authority in the EU Member State of your residence, place of work or of the alleged infringement.

If you would like to stop receiving newsletters or other marketing or promotional messages, notifications, or updates, you may do so by following the unsubscribe instructions that appear in these e-mail communications.  Alternatively, you may contact us at privacy@lexeotx.com to opt-out of direct marketing.  Please be advised that you may not be able to opt-out of receiving certain service or transactional messages from us, including legal notices and certain communications related to the provision of the Sites.

Please note that if you do not provide consent, if you withdraw your consent or object to processing, or if you choose not to provide certain Personal Data, we may be unable to provide you some or all of the Sites.

TRANSFER OF DATA

Please note that if you are visiting the Sites from outside of the United States, your information may be transferred to, stored, and/or processed in the US.  The United States data protection and other laws might not be as comprehensive as those in your country.  If you are located outside of the United States, the transfer of Personal Data is necessary to provide you with the requested information and Site and/or to perform any requested transaction. By using any portion of the Sites, you acknowledge and consent to the transfer of your information to our facilities in the United States. For individuals in other jurisdictions where additional safeguards are required, we take appropriate supplementary measures to protect your data, in line with applicable legal requirements and regulatory guidance.

If you would like more information about the safeguards we use for international data transfers, please contact us.

DATA RETENTION

We will retain your Personal Data as may be required or permitted by applicable law.  We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

SECURITY

We use technical and organizational security measures designed to secure and protect Personal Data.  Please note, however, we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.

UPDATES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time.  The most recent version of the Privacy Notice is reflected by the version date located at the top of this Privacy Notice. We encourage you to review this Privacy Notice often to stay informed of how we may process your information.

CONTACT US

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at privacy@lexeotx.com or by mail at the following address:

Lexeo Therapeutics, Inc.

345 Park Avenue South, 6th Floor
New York, NY 10010