Privacy Policy

Effective Date: December 21, 2020

Kriya Therapeutics, Inc. (“Kriya,” “we,” “us” or “our”) respects the privacy of visitors to our websites and online services and values the confidence of our customers, partners, research volunteers, and employees. This Privacy Policy and Notice of Information Practices (“Privacy Policy”) sets forth Kriya’s practices regarding the collection, use and disclosure of information that you may provide through the website(s) that we operate, their subdomains, and all portals, applications, products, services, events and any interactive features, applications or other services that link to this Privacy Policy (“Website” or “Sites”), as well as personal information provided to Kriya by any means.  Additional privacy disclosures may be made at the time of collection of the information. Please read the entire Privacy Policy before using our Website or our services. By using the Website, you agree to abide by the terms of this Privacy Policy. This Privacy Policy is also part of our Terms of Use, which govern your use of the Website.

Collection of Information

We may ask you for some or all of the following types of information when you access various content or features of the Website or submit content, or directly contact us:

  • Contact information, such as name, email address, postal address, and telephone number;
  • Job applications, including resumes, cover letters and references;
  • Search queries; and
  • Correspondence and other information that you send to us.

We also may collect certain information automatically when you visit the Website, including:

  • Your Internet Protocol (IP) address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area;
  • Other unique identifiers, including mobile device identification numbers (e.g., IDFA, Android/Google Advertising ID, IMEI);
  • Your browser type and operating system;
  • Your device characteristics;
  • Sites you visited before and after visiting the Sites;
  • Pages you view and links you click on within the Sites, including remembering you and your preferences;
  • Your device location and/or other geolocation information, including the zip code, state, or country from which you accessed the Sites;
  • Information collected through cookies, web beacons and other technologies;
  • Information about your interactions with email messages, such as the links clicked on and whether the messages were received, opened, or forwarded; and
  • Standard Server Log Information.

Cookies and Similar Technologies

We may use cookies, pixel tags and similar technologies to automatically collect this information. Cookies are small data files that are stored by your computer’s web browser. Pixel tags are very small images or small pieces of data embedded in images, also known as “web beacons” or “clear GIFs,” that can recognize cookies, the time and date a page is viewed, a description of the page where the pixel tag is placed, and similar information from your computer or device. By using the Website, you consent to our use of cookies and similar technologies. You can decide if and how your computer will accept a cookie by configuring your preferences or options in your browser. However, if you choose to reject cookies, you may not be able to use certain online products, services or features on the Website.

Cookies we use

We use two broad categories of cookies: (1) first-party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Sites; and (2) third-party cookies, which are served by service providers on our Sites, and can be used by such service providers to recognize your computer or mobile device when visiting other websites.

Our Sites use the following types of cookies for the purposes set out below:

Type of Cookie

Purpose

Essential Cookies

These cookies are essential to provide you with services available through our Sites and to enable you to use some of their features. Without these cookies, the services that you request may not be possible to provide. We only use these cookies to provide you with those services

Functionality Cookies

These cookies allow our Sites to remember choices you make when you use our Sites. The purpose of these cookies is to provide you with a more personalized experience and to avoid you from having to re-select your preferences every time you visit our Sites

Analytics and Performance Cookies

These cookies are used to collect information about traffic to our Sites and how users use our Sites. The information gathered may include the number of visitors to our Sites, the websites that referred them to our Sites, the pages they visited on our Sites, what time of day they visited our Sites, whether they have visited our Sites before, and other similar information. We use this information to help operate our Sites more efficiently, to gather demographic information and to monitor the level of activity on our Sites.

We use Google Analytics for this purpose. Google Analytics uses its own cookies. You can find out more information about Google Analytics, cookies, and about how Google protects your data on the Google website at www.google.com/policies/privacy/‌partners/. You can prevent the use of Google Analytics relating to your use of our Sites by downloading and installing a Google browser plugin available at https://tools.google.com/dlpage/gaoptout

Disabling cookies

You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided in your browser (usually located within the “settings,” “help,” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.

If you do not accept our cookies, you may experience some inconvenience in your use of our Sites. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Sites.

Flash technology

We may use Flash cookies (which are also known as Flash Local Shared Object (“LSOs”)) on our Sites to collect and store information about your use of our Sites. Unlike other cookies, Flash cookies cannot be removed or rejected via your browser settings. If you do not want Flash cookies stored on your computer or mobile device, you can adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel on the Adobe Flash Player website. You can also control Flash LSOs by going to the Global Storage settings Panel at the Adobe Flash Player website and following the instructions. Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our Sites.

Pixel tags

We may also use pixel tags (which are also known as web beacons and clear GIFs) on our Sites to track the actions of users on our Sites. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of the Sites, so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users’ personal data.

Uses and disclosure of cookies and similar technologies

We may use and disclose data from cookies and other similar technologies for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat such data as personal data under applicable law, then we may use and disclose it for the purposes for which we use and disclose personal data as detailed in this Privacy Policy. In some instances, we may combine cookies and similar technology data with personal data.  If we do, we will treat the combined information as personal data as long as it is combined.

Response to “Do Not Track” Signals

Do Not Track (“DNT”) is a web browser setting that requests that a web application disable its tracking of an individual user. When you choose to turn on the DNT setting in your browser, your browser sends a special signal to websites, analytics companies, ad networks, plug in providers, and other web services you encounter while browsing to stop tracking your activity. However, because there currently is no industry standard concerning what, if anything, websites should do when they receive such signals, we currently do not take action in response to these signals.  You can learn more about Do Not Track here.

Use of Information

We may use information that we collect through the Website or in person for a variety of purposes, including to:

  • Operate and improve our Website, products, information, and services;
  • Understand you and your preferences to enhance your experience and enjoyment using our Website, products, and services;
  • Process employment applications;
  • Respond to your comments and questions and provide customer service;
  • Provide and deliver products, information, and services you request;
  • Conduct clinical trials and other analytics and/or research regarding information obtained during clinical trials;
  • Process and analyze information, including medical information, test results, clinical evaluations and notes, and other personal information collected from you during your visits to a clinical trial site;
  • Meet our audit, compliance, and regulatory obligations;
  • Send you information, including confirmations, invoices, technical notices, updates, security alerts and support and administrative messages;
  • Communicate with you about upcoming events and news about products, information and services offered by Kriya and our selected partners;
  • Link or combine with other personal information we get from third parties, to help understand your needs and provide you with better service;
  • Assist when it is necessary for emergency medical purposes or to protect your or another person’s vital interests;
  • Comply with a law, court order, or other judicial or administrative process;
  • Protect, investigate, and deter against fraudulent, unauthorized, or illegal activity; and
  • As otherwise described to you at the point of collection or pursuant to your consent.

Sharing of Information

We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.

  • Corporate Affiliates. As applicable, we may share your information with affiliated entities for a variety of purposes, including business, operational and marketing purposes.
  • Service Providers. We may share your information with service providers that perform certain functions or services on our behalf (such as to host the Website, manage databases, process data, perform analyses or send communications for us).
  • Other Parties When Required by Law or as Necessary to Protect the Website. We may disclose your information to third parties in order to: protect the legal rights, safety and security of Kriya, affiliates and the users of our Website; enforce our Terms of Use; prevent fraud (or for risk management purposes); and comply with or respond to law enforcement or legal process or a request for cooperation by a government entity, whether or not legally required.
  • In Connection with a Transfer of Assets. If we sell all or part of our business, or make a sale or transfer of assets, or are otherwise involved in a merger or business transfer, or in the event of bankruptcy, we may transfer your information to one or more third parties as part of that transaction.
  • Other Parties with Your Express or Implied Consent. We may share information about you with third parties when you consent to such sharing.
  • Aggregate Information. We may disclose to third parties information that does not describe or identify individual users, such as aggregate website usage data or demographic reports.
  • In addition, we may allow third parties to place and read their own cookies, web beacons and similar technologies to collect information through the Website. For example, our third-party service providers may use these technologies to collect information that helps us with traffic measurement, research, and analytics. Please note that you may need to take additional steps beyond changing your browser settings to refuse or disable some of these technologies. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Website may no longer be available to you. You understand that when you use the Website, these analytics providers may collect information related to your use of the Website.

Security

We maintain a variety of security procedures to help protect against loss, misuse, unauthorized access, disclosure, alteration, or destruction of the information you provide through the Website. However, no data transmission over the Internet or stored on a server can be guaranteed to be 100% secure. As a result, while we strive to protect your information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online and cannot be responsible for the theft, destruction or inadvertent disclosure of your information.  Please see our Terms of Use for additional information.

Children’s Privacy

Kriya respects the privacy of children, and we are committed to complying with the Children’s Online Privacy Protection Act (COPPA). For that reason, no part of our Site is targeted to attract anyone under the age of 13.  Kriya does not knowingly collect, use, or disclose personal information from children under the age of 13 without prior parental consent, except as permitted by COPPA. Users from ages 13 to 15 must represent and warrant that they are visiting the Site under the supervision of a parent or guardian, and we may ask your parent or guardian to provide prior written consent for you to use the Site.  By providing your consent, you agree that we may collect, use, and disclose your child’s personal information consistent with this Privacy Policy.  If you believe we have information regarding a child under the age of 16 that you have not authorized, you may contact us at [email protected].

Your Choices Regarding Your Personal Data

If you receive emails or other communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the email you receive or by contacting us directly at our contact information below. If you opt out, we may still send you non-promotional emails, such as emails about our ongoing business relations. You may also request changes or updates to your personal information by sending a request at our contact information below.

Your Data Protection Rights Under the General Data Protection Regulation (GDPR)

  • If you are a resident of or located within the European Economic Area (EEA), you have certain additional data protection rights. These rights include:
  • The right to access, update or delete the information we have about you. Whenever made possible, you can access, update or request deletion of your Personal Information by contacting us at the contact information below.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your Personal Information.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information.
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where Kriya relied on your consent to process your personal information.

Legal Basis for Processing Personal Information Under GDPR

In most instances, Kriya is a controller of Personal Information, however, in some instances Kriya may be a processor of Personal Information. Kriya’s legal basis for collecting and using the Personal Information described in this Privacy Policy depends on the Personal Information we collect and the specific context in which we collect it.

Kriya may collect or process your Personal Information because:

  • We need to perform a transaction or contract with you or provide a service;
  • You have given us permission to do so;
  • The processing is in our legitimate interests and it is not overridden by your rights; or
  • To comply with the law.

Retention of Information

Kriya will retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Information to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

Kriya will also retain Personal Information and usage data for internal analysis purposes. Usage Data is data collected automatically either generated by the use of the Site or from the Site infrastructure itself (for example, the duration of a page visit). Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Site or we are legally obligated to retain this data for longer periods.

Transfer of Information

If you are visiting the Site from a location outside of the United States, your connection will be through and to servers located in the United States. All information you receive from the Site will be created on servers located in the United States, and all information you provide will be maintained on web servers and systems located within the United States.  Your information, including your Personal Information, may be transferred to – and maintained on – computers located in the United States. The data protection laws in the United States may differ from those of the country in which you are located, and your information may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States. Your consent to this Privacy Policy, followed by your submission of your information represents your agreement to the collection, storage, processing and transfer of your information in and to the United States, or other countries and territories, pursuant to the laws of the United States.

Kriya will take all the steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure of Personal Information

Disclosure for Law Enforcement – Under certain circumstances, Kriya may be required to disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

Kriya may disclose your Personal Information in the good faith belief that such action is necessary to:

  • To comply with a legal obligation;
  • To protect and defend the rights or property of Kriya;
  • To prevent or investigate possible wrongdoing in connection with the Service;
  • To protect the personal safety of users of the Service or the public; and/or
  • To protect against legal liability.

Security of Information

The security of your Personal Information is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority;  however, we hope that we can assist with any queries or concerns you may have about our use of your Personal Information first by contacting us at [email protected].

For more information about GDPR, please contact your local data protection authority in the EEA.

Your California Privacy Rights

As described above, Kriya collects certain types of personal information about you during your relationship with Kriya. Under California law, if you are a resident of California, you have the right to request certain information that we collect about you, including:

  • The categories of Personal Information we have collected from you;
  • The categories of sources from which we collected the Personal Information;
  • The business purpose we have for collecting or selling that Personal Information;
  • The categories of third parties with whom we share such Personal Information; and
  • The specific pieces of Personal Information we have collected about you.
    In addition, if we sold or disclosed your personal information for a business purpose, you may request that we provide you with:
  • The categories of Personal Information that we sold about you, and the categories of third parties to whom the personal information was sold, by category or categories of Personal Information for each category of third parties to whom the information was sold; or if we have not sold consumers’ Personal Information; and
  • The categories of Personal Information that we have disclosed about you for a business purpose, and the categories of third parties to whom the personal information was disclosed, by category or categories of Personal Information for each category of third parties to whom the information was disclosed; or if we have not disclosed consumers’ Personal Information for a business purpose.

As a California resident, you also have the right, at any time, to tell us not to sell Personal Information – this is called the “right to opt-out” of the sale of Personal Information.  You also have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • Debug products to identify and repair errors that impair existing intended functionality;
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
  • Comply with a legal obligation; or
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Please note that if we collected information about you for a single one-time transaction and do not keep that information in the ordinary course of business, that information will not be retained for purposes of a request under this section. In addition, if we have de-identified or anonymized data about you, we are not required to re-identify or otherwise link your identity to that data if it is not otherwise maintained that way in our records.

To exercise the access, data portability, Do Not Sell, and deletion rights described in this section, please submit a verifiable consumer request to us by mailing or emailing us with your request at the contact information below.  Only you may make a verifiable consumer request related to your personal information.  You may also make a verifiable consumer request on behalf of your minor child.  You must include your full name, email address, and attest to the fact that you are a California resident by including a California postal address in your request. We may require you to confirm your identity and/or legal standing for the request as well as your residency in California in order to obtain the information, and you are only entitled to make this request twice a year. We will respond to your request within 45 days or let you know if we need additional time.

Mailing Address:
Kriya Therapeutics, Inc.
Attn: Corporate Legal & Compliance Dept
1100 Island Drive, Suite 203
Redwood City, CA 94065

Email Address: [email protected]

We may be unable to respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.  Making a verifiable consumer request does not require you to create an account with us.  We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Links to Third-Party Content

As a convenience to our visitors, the Website may link to a number of sites, services and other content that are operated and maintained by third parties. These third parties operate independently from us, and we do not control their privacy practices. You are encouraged to use common sense when sharing your Personal Information, and you should be aware when you leave our Site to visit another Site. None of the links on this Site should be deemed to imply that Kriya endorses the content or has any affiliation with the persons or entities associated therewith. This Privacy Policy does not apply to third-party content. We encourage you to review the privacy policies of any third party to whom you provide information.

Social Networking Services

Kriya may work with certain third-party social media providers to offer you their social networking services through our Website. For example, you can use third-party social networking services, including but not limited to Facebook, LinkedIn, Twitter, and others to share information about your experience on our Website with your friends and followers on those social networking services. These social networking services may be able to collect information about you, including your activity on our Website. These third-party social networking services also may notify your friends, both on our Website and on the social networking services themselves, that you are a user of our Website or about your use of our Website, in accordance with applicable law and their own privacy policies. If you choose to access or make use of third-party social networking services, we may receive information about you that you have made available to those social networking services, including information about your contacts on those social networking services.

Policy Updates

This Privacy Policy may be revised from time to time as we add new features and services, as laws change, and as industry privacy and security best practices evolve. We display an effective date on the policy in the upper left corner of this Privacy Policy so that it will be easier for you to know when there has been a change. If we make any material change to this Privacy Policy regarding use or disclosure of personal information, we will provide advance notice through the Website. Small changes or changes that do not significantly affect individual privacy interests may be made at any time and without prior notice.  If you are concerned about how your personal information is used, please visit our Site often for this and other important announcements and updates.

Contact Information
If you have any questions about this Privacy Policy, please contact us at:

Kriya Therapeutics, Inc.
Attn: Corporate Legal & Compliance Dept.
1100 Island Drive, Suite 203
Redwood City, CA 94065