Privacy Policy

Privacy Policy

Last revised September 12, 2019

  1. Introduction

This Privacy Policy describes how Company collects and uses Personal Data about you through the use of our Website, and through other electronic communications between you and Company.

Yumanity Therapeutics, Inc. (the “Company” or “We”) respect your privacy and are committed to protecting it through our compliance with this policy.

This Privacy Policy (our “Privacy Policy”) describes the types of information we may collect from you or that you may provide when you visit the website www.yumanity.com (our “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

  • on our Website;
  • in other electronic messages between you and our Website.

It does not apply to information collected by:

  • us offline or through any other means, including on any other website operated by the Company or any third-party; or
  • any third party, including through any content (including advertising) that may link to or be accessible from the Website.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

  1. Data Controller, Data Protection Officer, and Representative

Company is not required to appoint a Data Protection Officer or a representative in the EU and has elected not to do so. If Company later becomes required to appoint a Data Protection Officer or a representative in the EU, it will do so, and will update this Privacy Policy when it does.

  1. Children Under the Age of 18

Our Website is not intended for children under 18 years of age. No one under age 18 may provide any personal information to or on the Website. We do not knowingly collect Personal Data from children under 18. If you are under 18, do not use or provide any information on our Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or username you may use. If we learn we have collected or received Personal Data from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from a child under 18, please contact us at info@yumanity.com.

  1. Information We Collect About You and How We Collect It

We do not collect any information about you via our Website, including information that may directly identify you, information that is about you but individually does not personally identify you, and information that we combine with our other users. The only way we can collect information about you is if you interact directly with us, for example if you email us at info@yumanity.com we will have your email address.

  1. Lawful Basis for Processing Your Personal Data

We have a lawful basis for our processing of your Personal Data, including processing for our legitimate interests (when balanced against your rights and freedoms), to fulfill our obligations to you under a contract with you, and required by law, and with your consent.

If you are in the European Union, the processing of your Personal Data is lawful only if it is permitted under the applicable data protection laws. We have a lawful basis for each of our processing activities (except when an exception applies as described below):

  • Consent. By using our Website, you consent to our collection, use, and sharing of your Personal Data as described in this Privacy Policy. If you do not consent to this Privacy Policy, please do not use the Website;
  • Legitimate Interests. We will process your Personal Data as necessary for our legitimate interests. Our legitimate interests are balanced against your rights and freedoms and we do not process your Personal Data if your rights and freedoms outweigh our legitimate interests. Our legitimate interests may include safeguarding our IT infrastructure and intellectual property.
  • As Required by Law. We may also process your Personal Data when we are required or permitted to by law; to comply with government inspections, audits, and other valid requests from government or other public authorities; to respond to legal process such as subpoenas; or as necessary for us to protect our interests or otherwise pursue our legal rights and remedies (for instance, when necessary to prevent or detect fraud, attacks against our network, or other criminal and tortious activities), defend litigation, and manage complaints or claims.
  1. Special Categories of Information

We do not request you to provide, and we do not process, any special categories of Personal Data.

  1. Automated Decision Making

We do not use your Personal Data with any automated decision-making process, including profiling, which may produce a legal effect concerning you or similarly significantly affect you.

  1. How We Use Your Information

We use information that we collect about you or that you provide to us, including any Personal Data:

  • to provide you with information you request from us; and
  • in any other way we may describe when you provide the information; and
  • for any other purpose with your consent.
  1. Disclosure of Your Information

We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy. However, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose Personal Data that we collect or you provide as described in this Privacy Policy:

  • to comply with our legal obligations;
  • to contractors, service providers, and other third parties we use to support our business;
  • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Company about our Website’s users is among the assets transferred;
  • for any other purpose disclosed by us when you provide the information; and
  • with your consent

We may also disclose your Personal Data:

  • to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  • to enforce or apply our Terms of Use and other agreements, including for billing and collection purposes; and
  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Company, our customers, or others.
  1. Choices About How We Use and Disclose Your Information

We offer you choices on how you can opt out.

We do not control the collection and use of your information collected by third parties described above in Disclosure of Your Information. When possible, these organizations are under contractual obligations to use this data only for providing the services to us and to maintain this information strictly confidential. These third parties may, however, aggregate the information they collect with information from their other customers for their own purposes.

In addition, we strive to provide you with choices regarding the Personal Data you provide to us.

While we do not use cookies, you can manage these in the following ways. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

  1. Your Rights Regarding Your Information and Accessing and Correcting Your Information

As set forth in this Privacy Policy, we collect very little Personal Data about you. However, applicable data protection laws may nonetheless provide you with certain rights with regards to our processing of your Personal Data.

  • Restrictions. You have the right to restrict our processing of your Personal Data under certain circumstances. In particular, you can request we restrict our use of it if you contest its accuracy, if the processing of your Personal Data is determined to be unlawful, or if we no longer need your Personal Data for processing but we have retained it as permitted by law.
  • Portability. To the extent the Personal Data you provide Company is processed based on your consent, you have the right to request that we provide you a copy of, or access to, all or part of such Personal Data in structured, commonly used and machine-readable format. You also have the right to request that we transmit this Personal Data to another controller, when technically feasible.
  • Withdrawal of Consent. To the extent that our processing of your Personal Data is based on your consent, you may withdraw your consent at any time. Withdrawing your consent will not, however, affect the lawfulness of the processing based on your consent before its withdrawal, and will not affect the lawfulness of our continued processing that is based on any other lawful basis for processing your Personal Data.
  • Right to be Forgotten. You have the right to request that we delete all of your Personal Data. We will only delete your Personal Data when we no longer have a lawful basis for processing your Personal Data or after a final determination that your Personal Data was unlawfully processed. We may not accommodate a request to erase information if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect. In all other cases, we will retain your Personal Data as set forth in this policy. In addition, we cannot completely delete your Personal Data as some data may rest in previous backups. These will be retained for the periods set forth in our disaster recovery policies.
  • Complaints. You have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.
  • How You May Exercise Your Rights. You may exercise any of the above rights by contacting us through any of the methods listed under Contact Information below. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your Personal Data, you may be charged a fee subject to a maximum set by applicable law.
  1. Do Not Track Signals

We do not track you over time and across third-party websites or other online services for any purpose. As a result, we do not honor “do not track” signals.

  1. Data Security

We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Website. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

  1. Consent to Processing of Personal Data in the United States/In Other Countries Outside the European Economic Area

We may process your Personal Data outside of your home country, including to the United States. We only do this when we are legally permitted to do so and when we have appropriate safeguards in place to protect your Personal Data.

If you are a resident of the European Economic Area (“EEA”), in order to provide our Website, products, and services to you, we may send and store your Personal Data outside of the EEA, including to the United States. Accordingly, your Personal Data may be transferred outside the country where you reside or are located, including to countries that may not or do not provide an equivalent level of protection for your Personal Data.

Your Personal Data is transferred by Company to another country only if it is required or permitted under applicable data protection law and provided that there are appropriate safeguards in place to protect your Personal Data. By using our Website, you represent that you have read and understood the above and hereby consent to the storage and processing of Personal Data that you provide directly to us on our Website. To ensure your Personal Data (other than Personal Data you provide directly to us on our Website) is treated in accordance with this Privacy Policy, Company uses Data Protection Agreements between Company and all other recipients of your data that include, where applicable, the Standard Contractual Clauses adopted by the European Commission (the “Standard Contractual Clauses”). The European Commission has determined that the transfer of Personal Data pursuant to the Standard Contractual Clauses provides for an adequate level of protection of your Personal Data. Under these Standard Contractual Clauses, you have the same rights as if your data was not transferred to such third party. You may request a copy of the Data Protection Agreement by contacting us through the Contact Information below.

  1. Data Retention Periods

We may retain your Personal Data:

  • for as long as necessary to comply with any legal requirement;
  • on our backup and disaster recovery systems in accordance with our backup and disaster recovery policies and procedures;
  • for as long as necessary to protect our legal interests or otherwise pursue our legal rights and remedies; and
  • for data that has been aggregated or otherwise rendered anonymous in such a manner that you are no longer identifiable, indefinitely.
  1. Changes to Our Privacy Policy

We will post any changes to our Privacy Policy on our Website. If we make material changes to our Privacy Policy, we may notify you of such changes and invite you to review (and accept, if necessary) the changes.

We may change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy on this page. If we make material changes to how we treat our users’ Personal Data, we will notify you through a notice on the Website’s home page. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Privacy Policy to check for any changes.

  1. Contact Information

If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy, have any requests related to your Personal Data pursuant to applicable laws, or otherwise need to contact us, you must contact us at the contact information below or through the Contact page on our Website.

To Contact Yumanity Therapeutics, Inc.

Yumanity Therapeutics
790 Memorial Drive
Suite 2C
Cambridge, MA 02139
United States
617-409-5300
info@yumanity.com