U.S./UK/Europe Privacy Notice
Last Revised: May 25, 2023
Effective Date: May 26, 2023
We, Rezolute Inc. (“Rezolute”), are committed to protecting the privacy and security of personal information and to transparency about how we use personal information (also known as personal data). This Privacy Notice sets forth our policies and practices for collecting and using personal information in regard to our various websites (“Service” or “Services”). This notice does not address our use of personal information outside the context of these Services. Individuals, such as our employees and contractors, that interact with us outside the context of the Services receive separate privacy notices that address our use of personal information in the context of those relationships with us and are welcome to contact us to receive a new copy of or link to the applicable privacy notice.
Within the context of our Services, this notice explains how we use and disclose personal information. It also discusses how you can control certain uses and disclosures of personal information. We will update this notice from time-to-time, or as our privacy practices change, to ensure it accurately describes how we use your information. When we do so, we will update the dates above. We recommend that you review this notice from time-to-time for the latest information. If we change our practices in a material way, we will update this Privacy Notice to reflect the changes.
If you have any questions regarding this notice or our use of your information, please contact us using one of the methods detailed below.
1. How we use and share personal information
We use and share personal information as described in the following table and the text that follows it.
Please note that our Services do not presently take any action in response to the “do not track” signal or other universal opt-out mechanisms.
2. Additional personal information disclosure and sharing
In addition to the sharing with the third parties described in the table above, we may also share your information with:
- Service providers. We share your personal information with third parties that provide services to us. (These third parties are often referred to in privacy laws as processors.) We engage these kinds of third parties with contracts that require them to use your personal information only for the purpose of delivering the services for which we have engaged the third-party and as required by law. These kinds of third parties provide business, professional, administrative, or technical support functions for us, such as payment processing, billing, data storage, legal counsel, quality assurance, and marketing.
- Legal compliance recipients. We disclose personal information to the courts, the government, law enforcement agencies, litigants, and similar recipients when required by law, when needed to protect us from legal claims, or when relevant to our own legal claims.
- Successors. We may disclose personal information associated with a part of our business to a buyer, potential buyer, or other successor to our business.
We also may disclose personal information with third parties with your consent or at your direction.
3. Personal information security and retention
We use reasonable administrative, technical, and physical safeguards to protect personal information in our possession. While we make every effort to help ensure the integrity and security of our network and systems, you should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be completely secure, accurate, complete, or current. We cannot fully eliminate the risk of technical failure, security breaches, unauthorized access, unauthorized disclosure, theft, misuse or loss of information.
We retain personal information only for as long as there is a legitimate business or legal need to retain the information for the purposes set forth in the table in section 1, above. What we consider necessary varies with the context and purpose of processing. We generally consider the following factors when we determine how long to retain data (without limitation):
- Retention periods established under applicable law
- Industry best practices
- Whether the purpose of processing is reasonably likely to justify further processing
- Risks to individual privacy in continued processing
- Applicable data protection impact assessments
- IT systems design considerations/limitations
- The costs associated with continued processing, retention, and deletion
4. Children’s privacy
We are very concerned about the safety of children using the Internet. Our services are not directed to children, and we do not knowingly collect any personal information from those under the age of 16.
If we discover (or are informed) that we have collected personal information from a visitor under the age of 16, we will promptly delete such information.
5. Processing in the United States
If you use our Services, we will process your personal information in the United States. Where required by law, we ensure your data remains protected in connection with any international transfers.
6. Your California Privacy Rights
California’s “Shine the Light” law, Cal. Civ. Code § 1798.83, entitles California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not engage any such disclosures. Any inquiries regarding personal information sharing with third parties may be directed to us at the contact information set forth below.
7. Your Privacy Rights
You may have certain rights regarding your personal information under the law. To exercise your rights, please submit a request by contacting us through any of the means outlined below.
Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. Depending on the nature of your request, we may need to request information to verify your identity for your protection. We will verify that any requests from persons other than you have your legal authorization. You may also make a request on behalf of your child.
Your request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Depending on the jurisdiction in which you live, you may have the right to appeal any decision we make in response to your request to exercise any of your other rights. You may make such an appeal by contacting us using any of the methods set forth below. In your contact, please tell us why you believe we erred in responding to your request. We will respond to your appeal in accord with the timelines set forth in applicable law.
8. Additional Information Regarding the Data Protection Laws of the European Union/European Economic Area, United Kingdom, and Switzerland
Under applicable data protection laws, you may have right to make certain requests with regard to your personal information. Applicable law may provide exceptions and limitations to all rights. To exercise any of these rights, please contact us using the information in section 9, below.
- Access/Data Export. You may have a right to access the personal information we process and to request it in a common portable format of our choice.
- Rectification. You may request that we correct any personal information that you believe is inaccurate.
- Deletion. You may request that we delete your personal information. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you.
- Restriction of Further Processing. You may request that we restrict the processing of personal information under certain circumstances. For example, you may make this request if you withdraw consent you gave us previously and we have no other legal basis for us to retain your personal information it, or where you object to our use of your personal information for particular legitimate business interests.
- Objection. You may have the right under applicable law to object to any processing of personal information based on our legitimate interests. We may not cease or limit processing based solely on that objection, and we may continue processing where our interests in processing are appropriately balanced against individuals’ privacy interests. In addition to the general objection right, you may have the right to object to processing:
- for profiling purposes;
- for direct marketing purposes (we will cease processing upon your objection); and
- involving automated decision making with legal or similarly significant effects (if any).
You have the right to file a complaint with regulators about our processing of personal information. To do so, please contact your local data protection or consumer protection authority.
You may refer to the table in section 1, above, for more information about the lawful bases for our processing of personal information.
9. Contacting Us
With respect to the personal information described in the table in section 1, above, we are considered the controller for purposes of data protection laws because we determine the purposes and means of processing. To contact us to exercise your rights or for other inquiries, you can reach us using any of the following methods:
- Visit https://www.rezolutebio.com/contact-us/
- E-mail us at firstname.lastname@example.org, or
- Contact us via postal mail at Rezolute, Inc., Attn: Privacy, 275 Shoreline Drive, Suite 500, Redwood City CA, 94065.