This Privacy Notice is intended to describe how Lexeo Therapeutics, Inc., (“Lexeo”) collects, uses, and shares Personal Data that you submit to us and that we collect through our website https://www.lexeotx.com (the “Site”). The Site provides a venue to obtain information about Lexeo, our activities, and products we may offer.
INFORMATION WE COLLECT
For purposes of this Privacy Notice, “Personal Data” means any information relating to an identified or identifiable natural person. As described in detail below, we may collect certain Personal Data from or about you in connection with your use of, or your submissions to, the Site.
We may collect Personal Data as follows:
- When you communicate with us, sign up for materials, and interact with the Site. We may collect Personal Data, such as your name, address, phone number, email address, fax number, medical information and business contact information, when you communicate with us or submit information to us. We may also collect Personal Data when you interact with our Site our utilize Site features, and when you sign up to receive newsletters, updates, or other information. If you apply for a job via our “Careers” page, or via email, we may collect CV/resume information that you provide. Job applicant information may include your contact information and CV/resume.
- When we collect data from third parties or publicly-available sources. We may obtain certain data about you from third-party sources to help us provide and improve the services. We may combine your Personal Data with data we obtain from our services, other users, or third parties to enhance your experience and improve the services.
You are not required to provide all Personal Data identified in this Privacy Notice in order to use the Site; however, if you do not provide the Personal Data requested, we may be unable to provide some or all of the Site to you.
A “cookie” is a small text file that a web server stores in browser software. A browser sends cookies to a server when the browser makes a connection to the server (for example, when requesting a web page from the same domain that created the cookie). The purpose of cookies is to remember the browser over time and distinguish one browser instance (or user) from all others. Some cookies and other technologies may serve to track Personal Data previously entered by a web user on our site. Most browsers allow you to control cookies, including whether or not to accept them, and how to remove them. Cookies can remember login information, preferences, and similar information.
Cookies, as well as other tracking technologies, such as HTML5 local storage, and Local Shared Objects (such as “Flash” cookies), and similar mechanisms, may record information such as a unique identifier, information you enter in a form, IP address, and other categories of data.
We may also use web beacons or “pixels,” and in certain circumstances may collect IP address, screen resolution and browser software and operating system types, clickstream patterns, dates and times that our site is accessed, and other categories of data.
If you want to block the use and saving of cookies from the Site on to the computers’ hard drive, you should take the necessary steps within your web browser’s settings to block all cookies from the Site and its external serving vendors, or use the cookie control system, if available upon first visit. Please note that if you choose to erase or block your cookies, certain parts of our Site may not function correctly. For information on how to disable cookies, refer to your browser’s documentation.
Our Site may use the following technologies to implement cookies and pixels:
- Google AdWords. As an AdWords customer, the Site moreover uses Google conversion tracking by Google on some pages. This means that Google AdWords places a cookie on your computer (“conversion cookie”) if you have accessed our webpage via a Google ad. These cookies become invalid after 30 days. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognize that someone has clicked on an ad and been directed to our page as a result thereof. Each AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected with the help of the conversion cookie allows us to prepare conversion statistics to optimize our services. AdWords customers know, for instance, the total number of customers who have clicked on their ad and been redirected to a page with a conversion tracking tag. But they do not receive any information by which users can be personally identified. If you do not want to participate in the tracking, you can prevent the placement of the necessary cookie – for instance through a browser setting that deactivates the automatic placement of cookies in general. “You can also deactivate conversion tracking cookies by setting your browser to block cookies from the domain com”.
- Facebook Pixel. The Site uses the “Facebook pixel” provided by the social network Facebook (“Facebook”). As a result, so-called tracking pixels are integrated into our web pages . When you visit our web pages, the tracking pixel will create a direct link between your browser and the Facebook server. Thus, Facebook will receive the information from your browser that our web page was accessed from your device. If you are a Facebook user, Facebook can therefore associate your visit to our pages with your user account. Please note that we as the provider of these web pages are not notified of the content of the data transmitted or of the use thereof by Facebook. We can merely specify the segments of Facebook users (based on criteria such as age, interests) on whose pages we would like our ads to be displayed. Moreover, when this pixel is called up later on from your browser, Facebook can then determine whether an ad on Facebook was successful, for instance whether it has led to an online purchase. We receive from Facebook merely statistical data on this, without any references to a specific individual. This allows us to collect information about the effectiveness of the Facebook ads for statistical and market research purposes.
HOW WE USE THE INFORMATION WE COLLECT
We may use Personal Data for a variety of different purposes as set out in further detail below. Subject to applicable law, the purposes for which we use and process Personal Data, and the legal basis for such processing, are set forth below.
- For our legitimate business Interests. To operate our business and provide the Site, other than in performing our contractual obligations to you, for our legitimate business interests for the purposes of applicable law, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Legitimate interests may include:
- To maintain the Site, including for technical support;
- To address and respond to your requests, inquiries, and complaints;
- To develop, provide, and improve the Site, including to better tailor the features, performance, security and support of the Site, and for statistical and analytics purposes;
- For our direct marketing purposes;
- For fraud, loss, and other crime prevention purposes;
- To assist in the investigation of suspected illegal or wrongful activity, and to protect and defend our rights and property, or the rights or safety of third parties;
- If you apply for a job via our “Careers” page to consider you for employment
- To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process; or
- Subject to applicable contractual or legal restrictions, in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction.
- To comply with legal obligations. To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process.
- To protect data subjects’ vital interests. To protect the vital interests of you or of another person.
In some cases where we are not already authorized to process the Personal Data under applicable law, we may ask for your consent to process your Personal Data:
- Special Categories of Personal Data. We generally do not collect or require special categories of Personal Data (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health information, biometric data, or sexual orientation) in order to access our Site. In the event we may need to collect such information to provide a specific service to you, we will obtain your consent as required by law. If you choose not to provide consent, you may not be able to access all of the features and content of our Site. In certain circumstances, subject to applicable law, we may process or otherwise disclose special categories of Personal Data without consent, such as to protect the vital interests of you or of another person.
HOW WE MAY DISCLOSE INFORMATION
We may disclose Personal Data as described in this Privacy Notice, including:
- Affiliates. We may disclose some or all of your Personal Data to our subsidiaries, joint ventures, and other companies under our common control (collectively, “Affiliates”), for the purposes described in this Privacy Notice. Where we share Personal Data with our Affiliates, we will require our Affiliates to honor this Privacy Notice.
- Service Providers. We may disclose Personal Data to business partners, distributors, service providers, marketing partners, and vendors in order to maintain, provide and improve the Site. We may also share Personal Data for other technical and processing functions, such as sending e-mails on our behalf, technical support, or otherwise operating the Site, for analytics, and for marketing purposes. Such third parties may have access to Personal Data only as needed to perform their functions for us, and they may not use Personal Data for other purposes.
- Corporate Transactions. Subject to applicable law, we reserve the right to sell or transfer Personal Data in the event that we are acquired by or merged with another company or in connection with the potential sale or transfer of some or all of the business assets of the Site or Lexeo, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction. If the sale occurs, the purchaser will be entitled to use and disclose the Personal Data collected by us, and the purchaser will assume the rights and obligations regarding Personal Data as described in this Privacy Notice.
De-Identified or Anonymous Data
We may create de-identified or anonymous data from Personal Data by removing data components (such as your name, email address, or linkable tracking ID) that make the data personally identifiable to you or through obfuscation or through other means. Our use of anonymized data is not subject to this Privacy Notice.
Do-Not-Track is a public-private initiative that has developed a “flag” or signal that an Internet user may activate in the user’s browser software to notify websites that the user does not wish to be “tracked” by third-parties as defined by the initiative. The online community has not agreed on what actions, if any, should be taken by the websites that receive the “do not track” signal, and therefore Do-Not-Track is not yet standardized. Please note that the Site does not alter its behavior or use practices when we receive a Do Not Track signal from your browser.
Information from Children Under 13 Years of Age
We do not knowingly collect information from minors under the age of 13 years without parental consent. If you become aware that an individual under 13 years of age has provided us with Personal Data without parental consent, please contact us at email@example.com. If we become aware that an individual under 13 years has provided us with Personal Data without parental consent, we will take steps to remove the data as permitted by law.
LINKS TO OTHER SITES
Our Site may contain links or otherwise provide access to another website, mobile application, or Internet location (collectively “Third-Party Sites”). We provide these links merely for your convenience. We have no control over, do not review, and are not responsible for Third-Party Sites, their content, or any goods or services available through the Third-Party Sites. Our Privacy Notice does not apply to Third-Party Sites. We encourage you to read the privacy policies of any Third-Party Site with which you choose to interact.
If you are a resident of California, the following information and rights are provided to you as required by the California Consumer Privacy Act of 2018 (“CCPA”).
Exercising your Rights under CCPA
If you wish to exercise your rights under California law, please see the “Contact Us” section below for information on how to contact us to exercise your rights.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
California Shine the Light Law:
California Civil Code Section 1798.83, known as the “Shine the Light” law, permits individuals who are California residents to request and obtain from us a list of what PII (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. We will never disclose your PII to third parties for direct marketing purposes without your authorization. However, if you would like to make a request for information under the Shine The Light law, please contact us at the “Contact Us” section below.
Requests may be made only once a year and are free of charge.
RIGHT TO ACCESS AND CONTROL YOUR PERSONAL INFORMATION UNDER THE EUROPEAN UNION DATA PROTECTION REGULATION (GDPR) AND CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
Individuals in California, the EU and certain other jurisdictions who are accessing this site and whose data we may be collecting and processing may have certain rights under applicable data protection law, including the right to request confirmation from us as to whether or not we are processing your Personal Data. Where we are processing your Personal Data, subject to applicable law, you also have the right to:
- Request access to, modification or rectification, or deletion. You may have the right to request access to, modification of, correction of, or deletion of your Personal Data we maintain.
- Request restriction of processing. You may have the right to request that we restrict processing of your Personal Data in certain circumstances, such as where you believe that the Personal Data we hold about you is inaccurate or our processing is unlawful.
- Object to processing. In certain circumstances, you may have the right to request that we stop processing your Personal Data, such as a request to stop sending you direct marketing communications. To opt-out of direct marketing communications, please see the instructions in the “Withdrawing Your Consent” section of this Privacy Notice.
- Data portability. In certain circumstances, you may have the right to receive the Personal Data concerning you that you provided to us or to request that we transmit your Personal Data to another data controller.
- Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority.
To exercise your rights, you may contact us as at firstname.lastname@example.org. As permitted by law, certain data elements may not be subject to access, modification, portability, restriction, and/or deletion. Furthermore, where permissible, we may charge for this service. We will respond to reasonable requests as soon as practicable and as required by law. To protect your privacy and security, we may take steps to verify your identity in order to respond to your request. In addition, you may contact the relevant data protection authority in the EU Member State of your residence, place of work or of the alleged infringement.
WITHDRAWING YOUR CONSENT
In most cases, we need to process certain components of your Personal Data in order to fulfill our contractual obligations to you and for our legitimate interests. Please note that, subject to applicable law, we may continue to process your Personal Data even where you object if there are compelling legitimate grounds for processing that override your interests and rights, or where processing is necessary to establish, exercise, or defend legal claims.
Since your consent is the basis of processing, you may at any time withdraw the consent you provided for the processing of your Personal Data for the purposes set forth in this Privacy Notice by contacting us at email@example.com, provided that we are not required by applicable law or professional standards to retain such information.
If you would like to stop receiving newsletters or other marketing or promotional messages, notifications, or updates, you may do so by following the unsubscribe instructions that appear in these e-mail communications. Alternatively, you may contact us at firstname.lastname@example.org to opt-out of direct marketing. Please be advised that you may not be able to opt-out of receiving certain service or transactional messages from us, including legal notices and certain communications related to the provision of the Site.
Please note that if you do not provide consent, if you withdraw your consent or object to processing, or if you choose not to provide certain Personal Data, we may be unable to provide you some or all of the Site.
TRANSFER OF DATA
Please note that if you are visiting the Site from outside of the United States, your information may be transferred to, stored, and/or processed in the US. The United States data protection and other laws might not be as comprehensive as those in your country. If you are located outside of the United States, the transfer of Personal Data is necessary to provide you with the requested information and Site and/or to perform any requested transaction. By using any portion of the Site, you acknowledge and consent to the transfer of your information to our facilities in the United States.
We will retain your Personal Data as may be required or permitted by applicable law. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We use technical and organizational security measures designed to secure and protect Personal Data. Please note, however, we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.
UPDATES TO THIS PRIVACY NOTICE
We may update this Privacy Notice from time to time. The most recent version of the Privacy Notice is reflected by the version date located at the top of this Privacy Notice. We encourage you to review this Privacy Notice often to stay informed of how we may process your information.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at email@example.com or by mail at the following address:
Lexeo Therapeutics, Inc.
430 East 29th Street, 14th Floor
New York, NY 10016