Privacy Notice
Last updated: September 6, 2024
Please Read Carefully Prior to Using This Website
Septerna, Inc., and its subsidiaries and affiliates (“Septerna”, “we”, “us” and/or “our”) are committed to respecting your privacy. Septerna is a biopharmaceutical company on a mission to make the promise of future G protein-coupled receptor medicines a reality for patients. We process personal data (“Personal Data”) in a variety of contexts, and we do so by fully respecting your privacy and your other rights and freedoms, as part of our unwavering commitment to ethical and responsible practices.
We process Personal Data collected through our websites; we gather Personal Data for scientific and educational purposes; we process Personal Data for conducting clinical trials and we process the Personal Data of our employees and other personnel. We recognize that innovation and new technology drive continual change in risk, expectations, and laws, and we are committed to following privacy accountability standards and aim to promptly adapt how we apply those standards in response to those changes.
This Privacy Notice (“Privacy Notice”) generally sets forth Septerna’s practices regarding the collection, use, protection and disclosure of Personal Data of individuals (“data subjects,” “you,” “your”) and what rights you may have under applicable data protection and privacy laws. By using Septerna’s website(s), and other methods, whenever you submit Personal Data to Septerna, you acknowledge and agree with the terms of this Privacy Notice. Please read this entire Privacy Notice before using Septerna’s websites and/or submitting Personal Data to Septerna. If you submit any Personal Data relating to another individual to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice.
Our data practices may change, and if our practices become materially different, we will provide an updated notice as applicable in connection with the collection, including references to other applicable privacy policies and notices.
What Is Not Covered by This Privacy Notice?
This Privacy Notice does not apply to workforce related Personal Data collected from California-based employees, job applicants, independent contractors, or similar individuals who interact with Septerna in an employment-related capacity. Please see Septerna CCPA Notice for Personnel for the relevant notice.
This Privacy Notice also does not apply to clinical trial related Personal Data we receive or process in connection with conducting Septerna’s clinical trials. Please see Septerna Privacy Notice for Clinical Trials for the relevant notice.
This Privacy Notice also does not apply to information not maintained in a manner that that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual or household. Such information is not considered Personal Data and this Privacy Notice will not apply it our Processing of such information.
Please also see our Terms of Use here.
Who We Are?
We are Septerna, Inc. and you can contact us via mail at 250 East Grand Avenue, South San Francisco, CA 94080, Attn: Data Protection Officer, via email at dpo@septerna.com , or you can call us at +1-650-338-3533. For data protection purposes, including the EEA, United Kingdom and Switzerland data protection laws, we are the controller of your Personal Data, and you can contact us with any inquiries you may have regarding the processing of your Personal Data.
Lawful Bases for Processing
We must have a valid reason to use your Personal Data. This is called the “lawful basis for processing”.
We may process your Personal Data on the basis of:
- your consent;
- our legitimate interests;
- the performance of a contract with you;
- the need to comply with the law; or
- any other ground, as required or permitted by law.
When we rely on legitimate interests as a lawful basis of processing, you have the right to ask us more about how we decided to choose this legal basis. To do so, please use the contact details provided in this Privacy Notice.
Where we process your Personal Data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect the validity of our processing of Personal Data performed on other lawful grounds.
What Personal Data We Process
The Personal Data we may collect and process will depend on the nature of our interactions with consumers, but can include the following categories of Personal Data which we may have collected, including within the preceding twelve (12) months:
Category | Examples |
Identifiers | Full name, postal address, online identifier, email address, previous residence address, phone numbers, date of birth, physical characteristics or description, unique personal identifiers (e.g., SSN), Internet Protocol (IP) address, or other similar identifiers. |
Protected Characteristics | Age, race or ethnicity, gender, disability, or specific conditions. |
Geolocation Data | IP address. |
Professional or Employment Information | Professional, educational or employment related information, including a job title and employer name. |
Sensitive Personal Information | Social security number, health information, medical condition, health data, or protected characteristics |
Internet or other electronic network activity information | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. This may also include login data, unique device identifiers, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, mobile device carrier and other technology on the devices you use to access the Septerna websites; as well as usage information, such as information about how you use the Septerna websites and our products and services, referring/exit web pages, date/time stamps, error logs, and the frequency of your use of the our websites. |
Audio, electronic, visual and similar information | Call and video recordings, email or text messages |
Inferences drawn from any of the Personal Data | Profile or summary about, for example, an individual’s preferences and characteristics |
We will not collect additional categories of Personal Data without informing you.
Sources from Which We Collect Personal Data
We may obtain the categories of Personal Data listed above from the following categories of sources:
- Directly from you. For example, from forms you complete or communications you send us.
- Indirectly from you. For example, from observing your actions on our websites using cookies.
- From health care providers. We may obtain some Personal Data if a healthcare provider makes a report to us about one of our products, in compliance with applicable laws.
- Other Sources. Including advertising networks; internet service providers; data analytic providers; government entities; operating systems and platforms; social networks; or data brokers.
For What Purposes Do We Use Your Personal Data?
We may use or disclose the Personal Data we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information (i.e., responding to inquiries, provide you with access to certain features);
- To provide, support, and develop our website, products, and services;
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses or to provide you with information on a clinical trial or our research;
- To personalize your website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our website, third-party sites, and via email or text message (with your consent, where required by law);
- To help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business;
- For testing, research, analysis, and product development, including to develop and improve our website, products, and services and enforcing our rights and protecting our rights and interests;
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
- To conduct relevant day to day business operations and adhere to applicable laws and regulations;
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, corporate financing, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us about our website users/consumers or our business operations is among the assets transferred or evaluated; and
- To comply with our contractual obligations.
If Septerna intends on using any Personal Data in any manner that is not consistent with this Privacy Notice, you will be informed of such anticipated use prior to or at the time at which the Personal Data is collected. We do not engage solely in automated decision making or profiling using your Personal Data.
Sharing Personal Data with Vendors & Third Parties
Septerna is not in the business of selling your Personal Data. We consider your Personal Data information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you. The categories of third parties with which we may share your Personal Data include:
- Authorized U.S., and other foreign third-party vendors and service providers. We may share your information with third-party vendors and service-providers that help us with specialized services, including email deployment, business analytics, web analytics providers, performance monitoring, hosting, data processing, mailing information and maintaining databases.
- Related companies. We may share your information with our corporate affiliates that are subject to this Privacy Notice for the purposes set out above.
- Business transactions. We may share your information in connection with a completed or proposed corporate financing or other corporate transaction, such as the sale of all or part of Septerna, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
- Legal purposes. We may disclose information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims, or government inquiries, or as otherwise may be required or permitted by applicable law, and to protect and defend the rights, interests, health, safety, and security of Septerna, our affiliates, users, or the public and protect Septerna against legal liability. If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.
- With your consent or at your direction. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction. Where you choose to post information in the form of public comments, this information shall be accessible by members of the public.
We may transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution, liquidation, or other corporate restructuring) or in connection with corporate financing.
Furthermore, Septerna may share aggregated, non-personally identifiable statistical and other information about users with third parties for legitimate business purposes, including commercial purposes, but in such cases will not identify you or any other specific individual. Such data does not include Personal Data.
We do not disclose Personal Data we hold to third parties for their direct marketing purposes.
We do not sell or share Personal Data for cross-context behavioral advertising (targeted advertising).
International Data Transfers
Septerna is a company based in the U.S., and your use of our website will involve the transfer, storage, and processing of your Personal Data in U.S. Septerna only transfers your Personal Data to a third party or overseas when it is satisfied that adequate levels of protection or adequate safeguards are in place to protect the integrity and security of any information being processed, in compliance with applicable privacy and data protection laws.
For individuals residents in the European Economic Area (“EEA”) and United Kingdom (“UK”) only: Some recipients of the Personal Data we collect are located outside of the EEA and UK, including in countries that may not provide the same level of data protection as in the country where you reside. If you reside in the EEA or UK and your Personal Data is subject to the European Union General Data Protection Regulation (“GDPR”) or its UK equivalent, Septerna shall take appropriate steps to ensure that such recipients are bound to duties of confidentiality and we implement measures such as Standard Contractual Clauses approved by the European Commission to ensure that any transferred Personal Data remains protected and secure.
Automatic Information Collection and Use
Our website also uses cookies and other tracking technologies to automatically collect information about how you use the website. For more information about how we and third parties use cookies on our website, please see our Cookie Policy.
We may combine the information we receive when you visit our website with other information we have collected, including other information we have received from you and information received from publicly and commercially available sources.
Do-Not-Track Signals and Similar Mechanisms
Some mobile and web browsers transmit “do-not-track” (DNT) signals to websites. Because of differences in how web browsers incorporate and activate this feature, it’s not always clear whether users intend for these signals to be transmitted, or whether they’re even aware of them. Septerna does not currently respond to DNT signals due to the lack of a standard approach.
What Privacy Rights Do You Have?
You have specific rights regarding your Personal Data that we collect and process. These vary depending on the applicable privacy or data protection laws, and may include:
- Right to Know What Happens to Your Personal Data:
This right means that you have the right to obtain from us all information regarding our data processing activities that concern you, such as how we collect and use your Personal Data, how long we will keep it, and who it will be shared with, among other things.
We are informing you of how we process your Personal Data with this Notice.
We will always try to inform you about how we process your Personal Data. However, if we do not collect the Personal Data directly from you, the GDPR exempts us from the obligation to inform you (i) when providing the information is either impossible or unreasonably expensive; (ii) the gathering and/or transmission is required by law, or if (iii) the Personal Data must remain confidential due to professional secrecy or other statutory secrecy obligations. - Right to Know What Personal Data Septerna Has About You:
This right allows you to ask for full details of the Personal Data we hold about you. You have the right to obtain confirmation from us regarding whether or not we process Personal Data concerning you, and, where that is the case, a copy of or access to the Personal Data and certain related information.
Once we receive and confirm that the request came from you or your authorized agent, we will disclose to you:
- The categories of your Personal Data that we process;
- The categories of sources for your Personal Data;
- Our purposes for processing your Personal Data;
- Where possible, the retention period for your Personal Data, or, if not possible, the criteria used to determine the retention period;
- The categories of third parties with whom we share your Personal Data;
- If we carry out automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you;
- The specific pieces of Personal Data we process about you in an easily sharable format;
- If we disclosed your Personal Data for a business purpose, the categories of Personal Data and categories of recipients of that Personal Data for any disclosure;
- If we rely on legitimate interests as a lawful basis to process your Personal Data, the specific legitimate interests; and
- The appropriate safeguards used to transfer Personal Data from the European Economic Area to a third country, if applicable.
Under some circumstances, we may deny your access request. In that event, we will respond to you with the reason for the denial.
Some U.S. state privacy laws do not allow us to disclose Social Security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, account passwords, or security questions and answers. We can inform you that we have this information generally, but we may not provide the specific numbers, passwords, etc. to you for security and legal reasons.
- Right to Correct your Personal Data:
This right gives you the right to ask us to correct without undue delay anything that you think is wrong with the Personal Data we have on file about you, and to complete any incomplete Personal Data.
- Right to Delete your Personal Data:
This right means you can ask for your Personal Data to be deleted. Sometimes we can delete your Personal Data, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can limit how we use it. We will also inform you of our reason for denying your deletion request.
- Right to Ask Us to Limit How We Process Your Personal Data:
This right means that you can ask us to only use or store your Personal Data for certain purposes. You have this right in certain instances, such as where you believe the data is inaccurate or the processing activity is unlawful.
- Right to Ask Us to Stop Using Your Personal Data:
This right means that you can ask us to stop using your Personal Data. You have this right where we rely on a legitimate interest of ours (or of a third party). You may also object at any time to the processing of your Personal Data for direct marketing purposes.
We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate
grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.
- Right to Port or Move Your Personal Data:
This right means that you can ask for and receive a portable copy of your Personal Data that you have given us or that you have generated by using our services, so that you can move it, copy it, keep it for yourself or transfer it to another organization. If we conclude that we have an obligation to do so, we will provide your Personal Data in a structured, commonly used, and machine-readable format.
- Right to Withdraw Your Consent:
Where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. If you withdraw your consent, our use of your Personal Data before you withdraw is still lawful. If you have given consent for your details to be shared with a third party and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.
- Right to Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights.
Right to Lodge a Complaint with a Supervisory Authority
If GDPR applies to our processing of your Personal Data, you have the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your Personal Data. Specifically, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or the alleged violation of the GDPR.
How Can You Exercise Your Privacy Rights?
If you are a clinical trial participant, please do not contact us directly regarding your privacy rights. You can exercise your privacy rights by contacting your study doctor or study site. Please read the Septerna Privacy Notice for Clinical Trials for more information about how we handle Personal Data as part of our clinical trials and how you can exercise your rights.
To exercise any of the rights described above, please submit a request by either:
- Calling us at 650-338-3533
- Contacting us by email at dpo@septerna.com
- Writing to us at:
Septerna, Inc.
Attn: Data Protection Officer
250 East Grand Avenue
South San Francisco, CA 94080
United States
Verification or Your Identity or Authority
Only you, or someone legally authorized to act on your behalf, may make a request to exercise a right related to your personal information. In order to correctly respond to your privacy rights request we need to confirm that YOU made the request. Consequently, we may require additional information to confirm that you are who you say you are. We will use the Personal Data you provide us in a request only to verify your identity or authority to make the request.
If you are submitting a request on behalf of somebody else, we will need to verify your authority to act on behalf of that individual. When contacting us, please provide us with proof that the individual gave you signed permission to submit this request, a valid power of attorney on behalf of the individual, or proof of parental responsibility or legal guardianship. Alternatively, you may ask the individual to directly contact us by using the contact details above to verify their identity with Septerna and confirm with us that they gave you permission to submit this request.
We will not be able to respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you.
Timing of Our Responses
Please allow us up to a month to reply to your requests from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason why and the extension period in writing.
If we cannot satisfy a request, we will explain why in our response.
We will not charge a fee for processing or responding to your requests. However, we may charge a fee if we determine that your request is excessive, repetitive, or manifestly unfounded. In those cases, we will tell you why we made that determination and provide you with a cost estimate before completing your request.
How Long We Keep Your Personal Data
We will retain your Personal Data for as long as is necessary to fulfil the purpose for which we collected your Personal Data and any other permitted linked purpose and in compliance with our data retention policies. For example, we will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Generally, we retain usage data for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our services, or we are legally obligated to retain this data for longer time periods. If your Personal Data is used for more than one purpose, we will retain it until the purpose with the longest retention period expires; but we will stop using it for the purpose with a shorter retention period once that period expires. Our retention periods are also based on our business needs and good practice.
Privacy of Children
Our website and services are not directed at, or intended for use by, children under the age of sixteen. We do not knowingly collect any Personal Data from minors, as defined by applicable law in your jurisdiction, without parental consent, unless permitted by law. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy notice by instructing their children never to provide Personal Data to us without their permission. If we learn that a minor has provided us with Personal Data, we will delete it in accordance with the applicable law. We do not knowingly sell or share for cross-context behavioral advertising the Personal Data of consumers under the age of sixteen.
Visitors below the age of majority in your jurisdiction must obtain permission from their parent or guardian before using our website, sending any Personal Data to us, participating in online discussions, or submitting content to our websites. Unless otherwise specified, you must be at least the age of majority in your jurisdiction to participate in any online promotion or contest. Septerna may restrict the ability of any visitor to submit content or to access any part of the website at Septerna’ sole discretion.
Data Integrity and Security
We are strongly committed to keeping your Personal Data safe. Septerna has implemented technical, administrative, and physical safeguards that are reasonably designed to protect the Personal Data it collects against loss, interference, misuse, unauthorized access or processing, disclosure, alteration, or destruction. Some of those measures include encryption and redaction and we also have dedicated team members to look after information security and privacy. Septerna also maintains reasonable procedures to help ensure that such Personal Data are reliable for its intended use and are accurate complete and current, and it seeks to ensure its service providers do the same. However, please be aware that there is always some risk involved when submitting data over the Internet. No Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via email.
Links to Third Party Websites
As a convenience to our visitors, our websites may contain links to a number of other (non-Septerna) websites. Such links do not constitute an endorsement by Septerna of those other websites, the content displayed therein, or the persons or entities associated therewith. This Privacy Notice does not apply to those websites. You should contact those websites directly for information on their privacy policies, confidentiality agreements, and data collection/distribution procedures.
Please note that linked non-Septerna websites may also use cookies. Septerna cannot control the use of cookies by these non-Septerna websites. We also want you to know that when you link from form our website to another website, that website may have the ability to recognize that you have come from a Septerna website. If you do not want any other websites to know that you have been on this website, we recommend that you do not use the links provided in our website. If you have any questions about how third-party websites use cookies, you should contact such third parties directly.
Contact Information
If you have any questions or comments about this Privacy Notice, the ways in which Septerna collects and uses your Personal Data described here, your choices and rights regarding such use, or wish to exercise your rights under the applicable laws, please do not hesitate to contact us at:
Phone: 650-338-3533
E-mail: dpo@Septerna.com
Postal Address:
Septerna, Inc.
Attn: Data Protection Officer
250 East Grand Avenue
South San Francisco, CA 94080
United States
Our data protection officer can also be contacted by email at dpo@Septerna.com and by post at the same address above, addressed for the attention of the Data Protection Officer.
If you need to access this Policy in an alternative format due to having a disability, please contact dpo@Septerna.com and 650-338-3533.
Modifications
Our business may change from time to time. As a result, at times it may be necessary for Septerna to make changes to this Privacy Notice. Septerna reserves the right to update or modify this Privacy notice at any time and from time to time without prior notice. Please review this Privacy Notice periodically, and especially before you provide any Personal Data. This Privacy Notice was last updated on the date indicated above. Your continued use of the Site after any changes or revisions to this
Privacy Notice shall indicate your agreement with the terms of such revised Privacy Notice.
Supplemental Notice to California Residents
This section supplements the description of our information collection and sharing practices elsewhere in this Privacy Notice to provide additional disclosures to California residents whose Personal Data Septerna processes pursuant to the California Consumer Privacy Act (“CCPA”). Please note that these disclosures do not apply to information that is not processed under the CCPA.
For information about the categories of Personal Data we may collect, including in the preceding 12 months, and the sources from which Personal Data is collected, please see the sections above titled “What Personal Data We Process” and “Sources from Which We Collect Personal Data.”
For information about the purposes for which we collect personal information, please see the section above titled “For What Purposes Do We Use Your Personal Data?” We may use all the categories of Personal Data we collect for these purposes, although this may vary based on the nature of the relationship you have with us. You may also learn about our retention practices in the section above titled “How Long We Keep Your Personal Data”.
For information about the third parties to which we have disclosed personal information, including in the preceding 12 months, please see the sections above titled “Sharing Personal Data with Vendors & Third Parties” section above. We may disclose all the categories of Personal Data we collect with these third parties, although this may vary based on the nature of the relationship you have with us.
For more information about the rights you have and how to exercise these rights, please see the section above titled “What Privacy Rights Do You Have?”.
Only you, or someone legally authorized to act on your behalf, may make a request to exercise a right related to your Personal Data. If you want to make a request as an authorized agent on behalf of a California resident, you may use the submission methods noted above. As part of our verification process, we may request that you provide us with proof that you have been authorized by the California resident on whose behalf you are making the request, which may include a signed permission provided by such California resident.