Catalyst Biosciences Privacy Policy

This Privacy Policy was last modified on July 22, 2020.

Catalyst Bioscience, Inc. (“us”, “we”, or “our”) operates the online sites currently located at https://www.CatBio.com and https://www.catalystbiosciences.com (collectively, with all sub-domains and any successor site(s), the “Sites”). This Privacy Policy informs you of our policies regarding the collection, use and disclosure of Personal Information we receive through the Sites. “Personal Information” is information about you that is personally identifiable and may include, but is not limited to, your name, address, email address, or phone number.

By using the Sites, you agree to the collection and use of information in accordance with this Privacy Policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Use, accessible at https://www.catalystbiosciences.com/terms-of-use/.

Collection and Use of Personal Information

We collect Personal Information that you submit to us voluntarily through the Sites, which may include information such as your name, email address, and other contact information.

If you apply for a job opening through our Sites, you may also have the opportunity to submit additional information through our Sites related to your application, such as your resume and desired position at Catalyst.

We a may use Personal Information:

To respond to your inquiries and fulfill your requests, such as to send you information or process your application for employment.

To send administrative information to you, such as information regarding the Sites and changes to our terms, conditions, and policies.

To send you marketing communications that we believe may be of interest to you.

For our business purposes, such as data analysis, audits, enhancing and expanding our products and services, identifying usage trends, and operating and expanding our business activities.

As we believe to be necessary or appropriate: (a) under applicable law; (b) to enforce our terms and conditions; and (c) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

Disclosure of Personal Information

We may disclose Personal Information:

To our affiliates for the purposes described in this Privacy Policy.

To our third party service providers who provide services such as website hosting, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services.

To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

As we believe to be necessary or appropriate: (a) under applicable law; (b) to enforce our terms and conditions; and (c) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

Collection of Other Information

As you navigate the Sites, certain passive information will also be collected, including Internet Protocol addresses and navigational data.  We also may use cookies to collect information such as browser type, time spent on the Sites, pages visited, and other traffic data.  This type of information will be used for purposes such as gathering data to provide improved administration of the Sites, and to improve the quality of your experience when interacting with the Sites.  We may use or disclose this information, which does not personally identify you or any other individual, for any purpose except where we are required to do otherwise under applicable law.

Regarding Children

Our website is not designed for children under the age of 13 and we request that children do not provide Personal Information through the Services.

Links to Other Sites

Our provision of a link to any other website or location is for your convenience and does not signify our endorsement of such other website or location or its contents. We have no control over, do not review, and cannot be responsible for, these third-party websites or their content. Please be aware that the terms of our Privacy Policy do not apply to these third-party websites.

Security

We strive to use reasonable means to protect Personal Information that we maintain within our organization.  We also seek to use third-party service providers capable of protecting the information they maintain or process for us.  Unfortunately, however, no method of transmission over the Internet, or method of electronic storage, is 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contact Us” section below.

Updating Your Information

If you would like to update Personal Information that you have provided to us, you may contact us in accordance with the “Contact Us” section below.

Contact Us

If you have any questions about this Privacy Policy, please contact us.

Privacy Policy Updates

This Privacy Policy is subject to occasional revision, and any changes will be posted on this Sites. If you object to any such changes, you must cease using the Sites. Continued use of the Sites following notice of any such changes shall indicate your acknowledgement of such changes and agreement to be bound by the revised Privacy Policy. You are advised to review this Privacy Policy periodically for any changes.

Additional EEA, Switzerland and UK Privacy Disclosures

Scope of Disclosures

These Additional European Economic Area (“EEA”), Switzerland and United Kingdom (“UK”) Privacy Disclosures (“European Privacy Disclosures”) apply only to our processing of your Personal Data where you are located in the EEA, Switzerland or the UK.

Personal Data Disclosures

When we use the term “Personal Data” in these European Privacy Disclosures, we mean any information relating to an identified or identifiable natural person.

Legal Bases for Processing

We use the Personal Data we collect about you in the following ways and rely on the following legal grounds to process Personal Data about you, whether it is obtained from you or a third party:

CATEGORY OF PERSONAL DATA HOW WE USE THE PERSONAL DATA LEGAL BASIS FOR PROCESSING
Contact information, such as name, phone number and email address. We use this information to communicate with you, including sending Site-related communications. The processing is necessary for the performance of a contract between you and us, and/or to take steps at your request prior to entering into a contract.
We use this information to send you unsolicited marketing communications in accordance with your preferences. We will only use your Personal Data in this way to the extent you have given us consent to do so.
We use this information to address inquiries and complaints made by you relating to your use of our Sites. The processing is necessary for our legitimate interests, namely administering our Sites and for communicating with you effectively to respond to your queries or complaints.
Data collected through the use of our Sites, including information about how you use our Sites, your actions on our Sites, including feedback through the Sites. We may use information about how you use and connect to our Sites. The processing is necessary for our legitimate interests, namely, to tailor our Sites to the user.
We may use this information to monitor and improve our Sites and business, resolve issues and to inform the development of new products and Sites. The processing is necessary for our legitimate interests, namely, to monitor and resolve issues with our Sites and to improve our Sites generally.
Your preferences, such as preferences set for notifications, marketing communications, how our Sites are displayed and the active functionalities on our Sites. We use this information to provide our Sites to you in accordance with your choices. The processing is necessary for our legitimate interests, namely ensuring our Sites are displayed in accordance with the user’s preferences.
We use this information to ensure that we comply with our legal obligation to send only those marketing communications to which you have consented. The processing is necessary for compliance with a legal obligation to which we are subject.
Information contained in communications between you and Catalyst, including any information you provide when you contact us or interact with us directly, such as by participating in a contest or promotion, or submitting feedback or other information to us. We use this information to respond to comments, questions or requests. The processing is necessary for our legitimate interests, namely administering our Sites and addressing your queries and concerns.
We use this information to address any violations of our Terms of Service, or any other rules, regulations or policies relating to our Sites. The processing is necessary for the performance of a contract between you and us.
Information about how you access and use our Sites, including usage history, and your clicking and browsing patterns. We use this information to operate, maintain and provide to you the features and functionality of our Sites, to improve our products and Sites, for research and product development. The processing is necessary for our legitimate interests, namely, to tailor our Sites to you, to improve our Sites and to develop new features and functionalities on our Sites.
Internet and network information, including device information, logs and analytics data. We use this information to provide and monitor the effectiveness of our Sites; monitor usage of and activities on our Sites; diagnose errors and problems with our Sites; otherwise plan for and enhance our Sites. The processing is necessary for our legitimate interests, namely, to tailor our Sites to you, to improve our Sites and to develop new features and functionalities on our Sites.
All Personal Data set out above and in our Privacy Policy. We may use this information to comply with any professional or legal obligation to which we may be subject, such as disclosure of information to comply with a court order or at the request of a regulator. The processing is necessary for the compliance with a legal obligation to which we are subject.
We may use this information to facilitate our internal business operations that are put in place for compliance with our legal obligations. The processing is necessary for our legitimate interests, namely the detection and prevention of fraud and the fulfilment of professional obligations.

We use the Personal Data we automatically collect about you in the following ways and rely on the following legal grounds to process Personal Data about you, whether it is obtained from you or a third party:

CATEGORY OF PERSONAL DATA HOW WE USE THE PERSONAL DATA LEGAL BASIS FOR PROCESSING
Information about how you access our Sites. For example, the Sites from which you came and the Sites to which you are going when you leave our Sites, how frequently you access the Sites, whether you open emails or click the links contained in emails, and whether you access the Sites from multiple devices. We or the third-party partners we use, may use the data collected through tracking technologies to:

a) remember information so that you will not have to re-enter it during your visit or the next time you visit our Sites;

b) provide and monitor the effectiveness of our Sites;

c) perform analytics and detect usage patterns on our Sites;

d) diagnose or fix technology problems;

e) detect or prevent fraud or other harmful activities, and

f) otherwise plan for and enhance our Sites.

The processing is necessary for our legitimate interests, namely: to tailor our Sites to the user and to improve our Sites generally; to monitor and resolve issues; for marketing purposes; to communicate with users; to contact users; and for the detection and prevention of fraud.
Information about the computer, tablet, smartphone or other device you use, such as your IP address, browser type, Internet Sites provider, platform type, device type/model/manufacturer, operating system, date and time stamp, a unique ID that allows us to uniquely identify your browser, mobile device or your account, and other such information.
Analytics information. We may collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for our Sites and to understand more about the demographics and behaviors of our users.

You are not required to provide Personal Data to us, but we do rely on your Personal Data to provide certain of our Sites and products. For example, we need your Personal Data to facilitate and deliver an order that you request. If you choose not to provide us with your Personal Data, we may not be able to fulfil your request.

Data Retention

We retain Personal Data about you for as long as is necessary for the purposes set out in these European Privacy Disclosures, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights.

The criteria used to determine the period for which Personal Data about you will be retained varies depending on the legal basis under which we process the Personal Data:

Legitimate Interests Where we are processing Personal Data based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.
Consent Where we are processing Personal Data based on your consent, we generally will retain the information for the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain of your data erased (please see the “Your Privacy Rights” section below).
Contract Where we are processing Personal Data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
Legal Obligation Where we are processing Personal Data based on a legal obligation, we generally will retain the information for the period of time necessary to fulfil the legal obligation.
Legal Claim We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim.  In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the Personal Data, as well as the potential risk of harm from unauthorized use or disclosure of your Personal Data.

International Data Transfers

We may transfer Personal Data about you among us and to our subsidiaries or affiliates, as well as to the categories of third parties identified in the “Our Disclosure of Personal Information” section of the Privacy Policy Personal Data may be transferred to, stored and processed in a country other than the one in which it was collected, including, but not limited to, the United States. The country to which Personal Data is transferred may not provide the same level of protection for Personal Data as the country from which it was transferred.

We may transfer Personal Data about you outside the EEA, Switzerland and the UK, and when we do so, we rely on appropriate or suitable safeguards recognized under the European Union General Data Protection Regulation (the “GDPR”) including adequacy decisions and the standard contractual clauses.

Adequacy Decisions

We may transfer Personal Data about you to countries that the European Commission has deemed to adequately safeguard Personal Data.

Standard Contractual Clauses

The European Commission has adopted Standard Contractual Clauses, which provide safeguards for Personal Data transferred outside of the EEA, Switzerland and the UK. We may use these Standard Contractual Clauses or any other approved method of cross border data transfer when transferring Personal Data from a country in the EEA, Switzerland or the UK to a country outside the EEA, Switzerland or the UK that has not been deemed to adequately safeguard Personal Data. You can request a copy of our Standard Contractual Clauses by contacting us as set forth in the “Contact Us” section.

Your Privacy Rights

You have the following rights in relation to your Personal Data (subject to certain limitations at law):

Access The right to obtain:

(i) confirmation of whether, and where, we are processing your Personal Data;

(ii) information about the categories of Personal Data we are processing, the purposes for which we process your Personal Data and information as to how we determine applicable retention periods;

(iii) information about the categories of recipients with whom we may share your Personal Data; and

(iv) a copy of the Personal Data we hold about you.

Rectification The right to correct or update any Personal Data about you that is inaccurate or incomplete.
Restriction of Processing The right to require us to limit the purposes for which we process your Personal Data if the continued processing of the Personal Data in this way is not justified, such as where the accuracy of the Personal Data is contested by you.
Erasure The right to request the deletion or erasure of Personal Data about you without undue delay if the continued processing of that Personal Data is not justified.
Portability The right to obtain a copy of Personal Data about you in an easily accessible format and the right to transmit that Personal Data to another controller.
Objection to Processing You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your Personal Data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.

Please note that if the exercise of these rights limits our ability to process Personal Data, we may not be able to provide our products or Sites to you, or otherwise engage with you going forward.

Right to Withdraw Consent

Where we rely on your consent for processing of your Personal Data, as identified in the “Purposes and Legal Basis for Processing” section above, you also have the right to withdraw your consent to such processing. You may withdraw your consent at any time by contacting us using the contact details at the end of these European Privacy Disclosures.

Submitting Requests

To submit a request, please contact us as set forth in the “Contact Us” section. We may need to verify your identity before processing your request, which may require us to obtain additional Personal Data from you. In certain circumstances, we may decline a request to exercise the rights described above.

Right to Lodge a Complaint

If you have any complaints regarding our privacy practices, you have the right to lodge a complaint with your national data protection authority (i.e., supervisory authority). If you are based in the EEA, Switzerland or UK, information about how to contact your local data protection authority is available here. However, we encourage you to first reach out to us by using the contact details set out in the “Contact Us”section below so that you have an opportunity to address your concerns directly and so that we may find a solution together before you do lodge a complaint.

Contact Us

If you have any questions or requests in connection with these Disclosures or other privacy-related matters, please send an email to dpooffice@catbio.com. Our data protection officer is Heward-Mills, 15 Old Bailey London EC4M 7EF.

Alternatively, inquiries may be addressed to:

Catalyst Biosciences
611 Gateway Blvd, Suite 710
South San Francisco, Ca 94080

X