This Privacy Notice explains how Summit Therapeutics Inc. and its affiliates headquartered at 2882 Sand Hill Road, Suite 106, Menlo Part CA 94025 (“Summit”, “we” and “us”) may process Personal Data about you through your online and off-line interactions with us through Summit services, products, communications, and digital properties (including websites and mobile applications) that refer to this Privacy Notice and where Summit may obtain and control your Personal Data from a third party (collectively, “Summit Associations”).
Why you should read this Privacy Notice
Summit takes the privacy of our customers and visitors to our websites and mobile applications (you) very seriously. Please read this Privacy Notice carefully as it contains important information about how your personal data will be used. If you are an employee or contractor of Summit Therapeutics, Inc., please refer to your contract for further information on how we collect, process and store your personal information. For the purposes of the General Data Protection Regulation and all other relevant legislation, Summit Therapeutics, Inc. (‘we’ or ‘us’) is the ‘data controller’ (i.e., the company who is responsible for, and controls the processing of, your personal data).
Personal Data we collect from you or from other sources
Summit may collect Personal Data from you directly, for example as part of a registration or in response to a questionnaire. Summit may also obtain Personal Data indirectly, such as from publicly available sources (e.g., websites or publicly accessible databases), third-party data vendors, health care providers and health insurance companies, and third-party partners and collaborators. We may combine Personal Data from multiple online and off-line sources. The categories of Personal Data that Summit may collect about you include:
- Direct identifiers and contact information, including your name, address, phone number, or email address
- Registration information, such as your username and related account details
- Relationship data, including information about products, treatments and health conditions that are of interest to you
- Transaction data, such as inquiries
How we may use Personal Data
We may use your Personal Data for the business and commercial purposes relating to your Summit interactions, communications with you, improving Summit Associations and our products and services, and for other internal business purposes.
Administering programs, services, and other interactions with you
We may use your Personal Data to provide you with the programs or services you requested, or to administer Summit services. This means we may use your Personal Data to respond to your questions, provide you with your requested services, offer you an optimal customer experience, perform our contractual obligations to you, or perform actions based on your consent.
We provide marketing communications that promote the use of or offer participation in Summit products, services, programs, research events or provide other information that may be of interest to you, such as information on certain health conditions. We will use your Personal Data to send you marketing communications and to determine the types of marketing communications to send.
You can opt-out of marketing communications at any time. Marketing communication opt-out instructions are included in each marketing communication you receive, or you can email us at firstname.lastname@example.org
Business and product administration and improvement
To discover new facts that could help Summit better understand customer needs and help improve, develop, and evaluate product services, materials, programs, and treatments, Summit may analyse Personal Data for its legitimate interests in business and product improvement.
Compliance with laws and regulations
We may process your Personal Data to enforce our legal rights. We may use Personal Data to monitor compliance with our policies and procedures, for fraud prevention, and to investigate and prosecute users who violate laws or who engage in behavior that is illegal or harmful to others or to others’ property.
How we may disclose Personal Data
We may share Personal Data with third parties for the business and commercial purposes described below. We do not sell Personal Data to third parties.
Affiliates, vendors and other third parties
We have Associations with various vendors, including our affiliated companies, that help us operate our business and for whom it may be required to have access to your Personal Data while providing services to Summit. We require them to handle your Personal Data collected through the Summit Associations in accordance with appropriate contractual privacy and security provisions.
Business and research partners
We may partner with other companies and public and private organizations to provide you with products, content, or services on a joint or “co-branded” basis. You should be aware that, in such cases, in addition to this Privacy Notice, the relevant partner’s privacy notice may also apply, and, in limited cases, there may be a shared privacy notice.
For co-branded forms and sites, you will see displayed both the Summit logo and the logo of the co-branding partner. To access co-branded services, you may have to complete a registration form, and this registration information may be shared with Summit ’s co-branding partners, and you should read the individual privacy policies of our co-branding partners, as they may differ in some respects from ours.
In addition, we may disclose Personal Data to our external auditors, attorneys, accountants, and similar professionals based on our legitimate interest in the operation of our business and our obligations to comply with applicable laws and regulations.
Disclosures for legal obligations, to authorities and for product safety
If you contact Summit regarding your experience using our products, we may use the information you provide in reports to the US, UK, EU and other similar health and medicine government agencies across the world, and as otherwise required by law. We also may use the information to contact your prescribing physician/doctor to follow up regarding an unexpected event involving the use of our product.
In certain limited circumstances, we may need to disclose your Personal Data to comply with a legal obligation, process, or demand and for reasons of public interest, such as to comply with reporting obligations to governing regulatory authorities regarding the safety of our products, in response to a subpoena, or to meet national security or law enforcement requirements.
Disclosure to subsequent owner or operator
We may transfer your Personal Data to a successor entity upon a merger, consolidation, or other corporate reorganization, to a purchaser of all or a portion of our assets, or pursuant to a financing arrangement or co-promotional agreement. The Personal Data we have about you may be transferred to parties to the transaction based on our legitimate interest in preparing for and completing the transaction. Any successor entity shall be bound by terms and conditions reasonably similar to this Privacy Notice.
Additional information for online interactions and cookies privacy statement
As described in this section, we may collect additional categories of Personal Data relating to your online interactions with us. Additionally, we may use, share, and disclose your Personal Data for online interactions for the additional purposes. described in this section. The categories of Personal Data collected and the purposes of use and disclosure described in this section are in addition any other collection, use and disclosure of Personal Data practices described separately in this Privacy Notice.
Personal Data that may be collected automatically through our websites and mobile applications
We may collect the following additional categories of Personal Data through your usage of our websites and mobile applications.
We may record the Internet Protocol (“IP”) address of your computer or other electronic device when you visit our website. An IP address identifies the electronic device you use to access websites, which allows us to maintain communication with your device and to customize content.
Cookies and other data-collection technologies
- recognise you whenever you visit the Website;
- obtain information about your preferences when visiting our Website;
- carry out research and statistical analysis to help improve the Website content and services and to help us better understand our visitor and customer requirements and interests; and
- make your online experience more efficient and enjoyable
We may obtain information about your device such as your IP address, your browser and/or other internet log information. In certain circumstances we may collect personal information about you—but only where you voluntarily provide it (e.g. by completing an online form).
A “Web beacon” (also known as a pixel tag) is a transparent graphic image placed on a website, email, or advertisement that enables the monitoring of things such as user activity and site traffic, including the collection of data about the website and mobile application you were visiting before and after you came to our website or mobile application.
|_ga||.smmttx.com||Analytics||The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site’s analytics report.||2 years|
|_gid||.smmttx.com||Analytics||Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website’s performance.||1 day|
|_gat||Analytics||Set by Google to distinguish users.||Until end of session|
|XSRF-TOKEN||display.popt.in||Necessary||This cookie is set by the hosting provider and is used for security purposes.||10 minutes|
|laravel_session||display.popt.in||Necessary||laravel uses laravel_session to identify a session instance for a user, this can be changed.||10 minutes|
|poptin_old_user||www.smmttx.com||Performance||Poptin sets this cookie to identify old users.||2 days|
|poptin_user_id||www.smmttx.com||Performance||Poptin sets this cookie to provide a unique visitor ID.||1 year|
|poptin_session||www.smmttx.com||Performance||Poptin sets this cookie to save the Poptin session for its display settings.||30 minutes|
|__cf_bm||.vimeo.com||Performance||This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.||30 minutes|
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of the Website. For further information about cookies and how to disable them please go to: www.aboutcookies.org.
If you want to use your browser to opt-out of the Google Analytics you can install the Google Analytics opt-out browser add-on.
How we may use Personal Data through online interactions
In addition to the uses described separately in this Privacy Notice, we may use your Personal Data collected online for the additional purposes as described in this section.
Customized user experiences
We may use your IP address and the Personal Data that we obtain automatically using cookies or similar tracking technologies to make our websites and mobile applications easier for you to use and navigate, and to assist in your registrations and login. When we send email communications, we may place a web beacon or similar tracking technology in the email to know whether your device can receive HTML emails, or to collect data on whether the email or an attachment or link in the email has been opened. We use this data to help us determine and document if a particular part of our communication was more relevant to you.
In some cases, we collect this Personal Data with your consent. In other cases, we collect this information for our legitimate business interest to optimize and customize your user experience.
Digital analytics and improvement
We may use the Personal Data that you provide to us and the online information we collect automatically through cookies and similar tracking technologies to monitor user traffic patterns and preferences. We may also track email communications through web beacons or similar tracking technology in emails to create aggregated statistics and reports to analyse the effectiveness of and improve our marketing campaigns.
We may offer “tell-a-friend” functionality on our sites. If you choose to use this function, we will collect your friend’s contact information. We will automatically send your friend a one-time email with the information you specified or inviting your friend to visit the site. We use this Personal Data you provide us as part of the “tell-a-friend” functionality for the sole purposes of sending this one-time email.
How your Personal Data may be shared through online interactions
In addition to the types of disclosures of Personal Data described separately in this Privacy Notice, we may share Personal Data online for the additional purposes as described in this section.
Third-party advertising and online behavioral advertising
We may provide you with online advertisements for Summit products and services on third-party websites and mobile services that are tailored to you, which may be based on the Personal Data that you provide to us or to a third-party website that you are visiting, or on your browsing activity, purchases, or interests. We may share some of your device information with our advertising service providers that we have obtained from cookies and other data-collection and tracking technologies based on your Summit interactions.
This Privacy Notice only applies to Summit Associations linked to this Privacy Notice and does not apply to third-party websites to which Summit Associations may link, including links to outside websites or advertisements from third parties. We encourage you to review the privacy statements provided by all third parties prior to providing them with Personal Data.
Additional information for job applicants
If you have applied for employment with Summit, the Personal Data submitted with your job application may include your resume/CV; previous professional, education and other background information; driver’s license information; social security/national insurance number or equivalent national identification (as required or permitted by local law); cover letter; licenses; permits and certifications held; reference information; and any other information that you choose to provide (e.g., employment preferences, willingness to relocate, awards or professional memberships). This information may come from you, a recruiter, your references, prior employers, or your educational institutions.
Consistent with applicable law, we may ask questions about race/ethnic origin, gender, veteran status, and disability status of our applicants, for the monitoring of equal employment opportunity compliance. Except as specifically requested or legally required, we ask that you avoid submitting information in your application that may qualify as sensitive information under applicable law. Sensitive information includes data about race, color, religion, ethnicity, nationality or national origin, age, gender identity or expression, sexual orientation, marital status, medical or health information (including physical or mental disabilities or pregnancy status), genetic or biometric information, political or philosophical beliefs, political party or trade union membership, veteran status, photographs, background check information, judicial data such as criminal records or information on other judicial or administrative proceedings, or any other legally protected status.
Personal Data will be processed based on our legitimate interest in processing your job application and evaluating your candidacy and qualifications and to conduct reference checks. We may also inquire about criminal records and perform a background check following a conditional offer of employment, where permitted by applicable law. We may also process Personal Data from your job application for regulatory, compliance and legal purposes, consistent with this Privacy Notice. Personal Data may also be used for additional administrative purposes, including aggregate management reporting, internal training, and as generally required to operate our business.
We may share the data on your applications with recruiters, consultants, attorneys/lawyers, preemployment background check services, and our affiliates.
Privacy of children
If you are under age 16, you must not disclose personal information to us. To ensure the privacy and safety of children, Summit Therapeutics will not knowingly collect personal data on children without the consent of the parent or guardian.
Our contact information
You may contact us at any time, using the contact information below, if you have questions about this Privacy Notice or have any other privacy request or inquiry. You can also opt-out or unsubscribe from any of our programs or services.
Contact email address: email@example.com
In all communications to us, please include the email address used for registration (if applicable), the website address, mobile application, or the specific program to which you provided Personal Data and a detailed explanation of your request. If you would like to delete, amend, or correct your Personal Data and are contacting us by email, please put “Deletion Request” or “Amendment/Correction Request” in the subject line of the email. We will respond to all reasonable requests in a timely manner, and we may need to further confirm your identity in order to process certain requests.
Your privacy rights and choices
Under applicable data protection law, you may have the right to request access to and/or rectify, or delete Personal Data relating to you, transmit Personal Data to another controller, withdraw your consent at any time (this will not affect the lawfulness of previous data-processing activities), or object to any use of your Personal Data. If we are not able to provide the requested information or make the change you requested, you will be provided with the reasons for such decisions. Under local law, you may be entitled to lodge a complaint with your local data-protection authority.
You may have the right to object to the processing activities described in this Privacy Notice that are based on our legitimate interests.
Contact email address: firstname.lastname@example.org
Data security and retention
Summit maintains appropriate technical, administrative, and physical controls to reasonably safeguard any Personal Data collected through Summit Associations. However, there is always some risk that an unauthorized third party could intercept an Internet transmission, or that someone will find a way to thwart our security systems. We urge you to exercise caution when transmitting Personal Data over the Internet, especially your health-related information. We cannot guarantee that unauthorized third parties will not gain access to Personal Data about you; therefore, when submitting Personal Data to us, you must weigh both the benefits and the risks.
We will only keep Personal Data as long as necessary for the fulfilment of the purposes outlined in this Privacy Notice, except if otherwise required by applicable laws or legal orders. The criteria used to determine our retention periods include (i) the length of time we have an ongoing Summit Relationship with you; (ii) whether there is a legal or best practice retention obligation to which we are subject; and (iii) whether retention is needed in light of litigation or regulatory investigations.
International Personal Data transfers
We may transfer Personal Data internationally as described in this section.
Personal Data may be transferred and processed by and among Summit Therapeutics in the US and its affiliates in other countries. Our company maintains several inter-company data transfer agreements, which are based on UK or EU model contracts and covers Personal Data transfers worldwide to ensure the adequate protection of Personal Data.
Transfers to vendors, suppliers, and business partners
Personal Data may also be transferred and processed by our vendors, suppliers, and business partners in other countries. Any international transfer of Personal Data to third parties, including outside the UK and EEA, will be conducted in compliance with the international data-transfer restrictions and requirements that apply under data-protection laws, including, where appropriate, using UK or EU approved contractual documentation for Personal Data transfers to data processors or data controllers.
Accessing our sites globally
This site is owned and operated by Summit in the United States. When visiting this site, your communication with us may result in the transfer of Personal Data across international borders. We will only process your Personal Data with your consent, to perform a contract between you and us, to comply with legal obligations, or where we have a legitimate interest. These legitimate interests include administrative activities and complying with your requests.
Changes to this Privacy Notice
We will use Personal Data only in the manner described in the Privacy Notice in effect when the Personal Data was collected. However, and subject to any applicable consent requirements, we may change this Privacy Notice from time to time. You should check this Privacy Notice frequently to ensure you are aware of the most recent version that will apply each time you use the Website.