Website privacy notice

Your privacy is important to SpringWorks Therapeutics, Inc. (the “Company,” “we,” “our,” or “us”).
This Privacy Notice explains the types of personally identifiable data (“Personal Data”) we collect, why we collect it, and how we use and share it in connection with this Website and for other purposes identified in this Privacy Notice.

1. Who is responsible for the data processing and how can you contact them?

The Company is the data controller or data owner responsible for determining the purposes for which Personal Data discussed in this Privacy Notice is collected, used, and shared.

If you have any questions about this Privacy Notice or our data collection practices, please contact us at the address, telephone number, or email address noted below, and specify your country of residence and the nature of your question.

SpringWorks Therapeutics
100 Washington Blvd
Stamford, CT 06902
info@springworkstx.com
Telephone: 203-883-9490

2. What types of personal data do we process?

The Personal Data we process includes your name and email address, along with other information that can be used to identify you, such as your telephone number, work and home address, professional experience, education, and other background information collected from you, from third parties, and from publicly available sources such as websites, directories, and industry networks.
We collect Personal Data from people who use our Website; from individuals who seek to enroll, or are enrolled in, our clinical trials; from personnel who run the clinical trials; and from service providers or vendors who provide services or products to us.

Contact and Other Information You Send to Us

If you choose to contact us through the Website or by email or other means, we’ll collect your contact information, such as your name, email address, phone number or other contact information that you provide to us so we can communicate with you. If you write a message to us, we will store the message so we can reference it when responding to you. If you inquire about a career opportunity, we will collect and store the information you share related to that opportunity.

Website Visitor Data and Cookies

We collect Website visitor information either directly or through third-party data analytics services. Such Website visitor information may include, your IP address and server log data (i.e., the address of the web page you visited before using the Website, your browser type and settings, the date and time of your use of the Website, and language preferences). We may gather information about the device you are using to access our Website, including what type of device it is, what operating system you are using, device settings, application IDs, location, unique device identifiers, and crash data. Other data is collected, including data generated by your use of the Website and links you interact with.
We gather this information by using cookies. A cookie is a small piece of data (text file) that a website asks your browser to store on your device in order to remember information about you. Cookies that we set or that are set by a third-party service provider on our behalf are called first-party cookies.
We use cookies and other tracking technologies for the following purposes:

  • The essential functions of the Website, including assisting you in navigation of the Website (i.e., strictly necessary or essential cookies); and
  • Analyzing your use of our Website (i.e., performance cookies).

Currently, we have defaulted your settings on our Website to allow us to run essential cookies only.

Personal Data of Clinical Trial Participants and Principal Investigators, Clinical Trial Staff and Other Individuals Involved in Implementing Our Clinical Trials

If you apply to or are enrolled in one of our clinical trials, we will process your Personal Data as described in a separate information notice that is provided at the time Personal Data is collected for the clinical trial.

If you are a principal investigator, clinical trial staff, or other individual involved in implementing one of our clinical trials, we will further process your Personal Data as described in a separate information notice provided to you in connection with the implementation of the clinical trial.

Personal Data of Representatives of Service Providers and Vendors

If you or your company is or becomes our service provider or vendor, we will process your Personal Data to fulfill the contract and maintain a business relationship with you. We process limited Personal Data for this purpose, such as contact name, address, email address, phone number and other contact details that you may provide to us to allow us to communicate with you.

3. How do we use and on what legal basis do we process personal data?

We process Personal Data in accordance with data privacy laws applicable to us in the context of processing your Personal Data.

Lawful Basis for Processing Personal Data of Website Users

We process the Personal Data of our Website users as described in this Privacy Notice based on our legitimate interests in performing the essential functions of our Website and to communicate with you in response to any inquiry or request you make of us. We process Personal Data collected through performance cookies based on your consent. You can change your cookie preferences at any time by clicking here [Link]. Please note that withdrawal of consent applies only to future actions. Processing that was carried out before the withdrawal of consent is not affected.

Lawful Basis for Processing Personal Data of Principal Investigators, Clinical Trial Staff and Other Individuals Involved in Implementing our Clinical Trials

We process the Personal Data of principal investigators, clinical trial staff, and other individuals involved in implementing our clinical trials based on our legitimate interests in (i) communicating with them in connection with the clinical trials and (ii) ensuring the clinical trials are conducted properly and in accordance with the clinical trial protocols and applicable regulatory requirements.

Lawful Basis for Processing Personal Data of Service Providers and Vendors

We process Personal Data of our vendors and service providers for the legitimate interests of addressing our contractual obligations with them. Our processing of Personal Data allows us to provide or receive goods and services pursuant to these contracts or to carry out pre-contractual measures that occur as part of a request by a customer or service providers.

Other Legitimate Interests

We also process Personal Data for the purposes of other legitimate interests pursued by us or a third party. Such legitimate interests include the following:

  • Asserting legal claims and defenses in legal disputes;
  • As required by law including, but not limited to, complying with a subpoena or other legal process, regulatory requirement, judicial proceeding, or court order served on us, or to comply with government reporting obligations;
  • When we believe in good faith that disclosure is necessary (a) to protect your or our rights or your safety or the safety of others; (b) to detect, prevent, or respond to fraud, intellectual property infringement, violations of confidentiality or other terms of an agreement, or violations of law; or (c) for corporate audits or to investigate or respond to a complaint or security threat;
  • In connection with disclosures to affiliates, service providers, advisors, and other third parties regarding the negotiation or completion of a merger, acquisition, other similar business transaction, or sale of all or a portion of our assets.

In each case where the legal basis for our processing is our legitimate interests, you have the right to object to the processing of your Personal Data by submitting your request to info@springworkstx.com, and we will consider and respond to the request in accordance with applicable law.

4. Who receives your personal data?

Within the Company, anyone who requires the Personal Data to facilitate our Website, clinical trials or other services, address related operational concerns, manage regulatory approvals, or fulfill our contractual and legal obligations will have access to it.

We may share your Personal Data with third parties if necessary in the context of the applicable lawful basis set forth in this Notice, or if legal requirements demand it. For example, we may share Personal Data with law enforcement or regulatory authorities and auditors. We may also share your Personal Data with service providers, business partners, or other third parties for purposes of conducting and managing the Website, addressing legal or other official obligations or as otherwise necessary to carry out our relationship with you or to satisfy other purposes described in this Notice. Some of these parties may be located outside of the country where your Personal Data was originally collected.

5. Will your personal data be transferred to a third country or an international organization?

We may collect or receive Personal Data outside of the U.S. in connection with the purposes described above. Personal Data collected or received by the Company is stored in both the European Union (EU) and in the U.S. The European Commission has determined that the U.S. does not have the same level of data protection as the EU. The party in the U.S. receiving the Personal Data may agree to standard data contractual clauses (“SCCs”) under which the receiving party promises to safeguard the Personal Data it receives. If Personal Data is transferred to the U.S. based on SCCs, the Company will take into account the circumstances surrounding the transfer and any supplementary measures that demonstrate that the U.S. law does not impinge on the promise of adequate data protection set forth in the SCCs. If legally permissible, we may rely on your express consent to transfer your Personal Data rather than the SCCs. In some cases, Personal Data may also be transferred to the U.S. in other ways permitted under EU law. If you would like to request the specific safeguards applied to the export of your Personal Data, if applicable, send your request to info@springworkstx.com.

6. How long will your personal data be stored?

We keep Personal Data as long as necessary to address the purpose for which it was collected or received, including to address legal requirements related to the purpose. For example, if you send us information through an email or other means, we will keep your Personal Data as long as necessary to address or respond to your inquiry. We store Personal Data collected through cookies for different time periods depending on the type of cookie used. We store data collected through strictly necessary cookies for up to 1 year. Personal Data collected through performance cookies is stored for up to 5 years. If you are a principal investigator, clinical trial staff, or other individual involved in implementing our clinical trials, we will process and store your Personal Data for no longer than 25 years. If you are a vendor or service provider, we will process and store your Personal Data for no longer than 7 years following the completion of our business relationship with you. If required by law or by a legal order, we may process and store your Personal Data for a longer period consistent with the law or legal order or our contractual rights. For example, we may need to keep your Personal Data longer if necessary to fulfill obligations to preserve records under tax law or for accounting purposes, or if we are obligated to hold Personal Data because of a legal prohibition against removing or deleting it.

7. How we protect your information

We take reasonable measures to protect your Personal Data to prevent against unauthorized use, access, disclosure, and destruction. Please be aware that, despite our best efforts, security measures are not impenetrable, and we can’t guarantee against misuse.

8. What data privacy rights do you have?

Subject to some exceptions and limitations under applicable law, you have several rights, including:

  • The right to access, which allows you to obtain a copy of your Personal Data, on request;
  • The right to rectification, which requires the Company to change incorrect or incomplete data about you;
  • The right to restrict and object to processing, which requires the Company to limit or stop processing your data under certain circumstances;
  • The right to erasure, which requires the Company to erase your data; and
  • If applicable, the right to data portability, which allows you to transfer your Personal Data from the Company to another individual or entity.

You may exercise any of these rights by sending an email indicating your request to info@springworkstx.com. Furthermore, if you believe your legal rights are being infringed, you have the right to lodge a complaint with us or with your local data protection authority in the country where you live, where you work, or where the alleged violation occurred, as applicable. For individuals residing in the EU, the list of Data Protection Authority by EU country can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en
When we process your Personal Data based on your consent as the lawful basis (as opposed to our legitimate interests, for example), you can withdraw consent at any time. Please note that withdrawal of consent applies only to future actions. Processing that was carried out before the withdrawal of consent is not affected.

9. Are you obligated to provide personal data?

In the context of responding to an inquiry you have made or to address another lawful purpose, you must provide all Personal Data that is required (as applicable) for that purpose. Without this Personal Data, we are not able to provide respond to your inquiry or address the purpose.

10. To what extent does the company engage in automated decision-making?

In the general course of establishing and carrying out our normal business processes, we do not engage in automated decision-making with respect to your Personal Data. If we do so, we will inform you of the automated decision-making in connection with the relevant transaction.

11. Will the company use my personal data for marketing?

We do not use Personal Data for marketing, unless you request information that may be considered marketing materials, in which case we send that information to you. We will otherwise ask for your consent before sending you marketing communications. Each marketing communication will also include a means for opting out of future marketing communications.

12. Social media

If you click on our social media links (such as Twitter, YouTube, and LinkedIn), you will be directed to a third-party platform, and any information you share on those websites will be covered by their privacy policies, not this Privacy Notice.

13. Links

This Website may contain links to other third-party websites. Please be aware that we are not responsible for the privacy practices of third parties and their other websites. This Privacy Notice applies only to the information we collect on this Website. We encourage you to read the privacy policies of other websites you link to from our Website or otherwise visit.

14. Minors

Our Website is not directed at nor intended for use by individuals under eighteen (18). If you learn that a child under eighteen (18) has provided us with Personal Data without consent, please contact us. If we become aware that a child under eighteen (18) has provided us with his or her Personal Data, we will promptly delete such data.

15. Business transitions

In the event we go through a business transition, including without limitation any merger, acquisition, partnership, business reorganization, debt finance, or sale of assets, or in the event of an insolvency, bankruptcy, or receivership (each a “Business Transition”), we may use and disclose information collected in accordance with this Privacy Notice as part of any that Business Transition, and your Personal Data may be part of any assets transferred.

16. Do-not-track

You may have implemented a “do-not-track” signal through your browser. As there currently is no fixed standard for do-not-track signals, we currently do not respond to do-not-track signals from your web browser.

17. Changes

We may revise this Privacy Notice from time to time. If we decide to change this Privacy Notice, we will post the revised Privacy Notice on our Website. If changes materially affect your rights under this Privacy Notice, we may provide a more prominent notification on our Website. In certain cases, we may also provide email notification of the revised Privacy Notice and either seek your consent or give you the right to opt out of our use of your Personal data in accordance with the revised Privacy Notice, if required. However, because we may make changes at any time, we suggest that you periodically consult this Privacy Notice. Please note that our data protection practices will be based on the Privacy Notice in effect at the time the Personal Data is processed.

18. Contact

We endeavor to review and reply promptly to communications sent to us. If you have any questions about this Privacy Notice, please feel free to reach out to us at:

SpringWorks Therapeutics, Inc.
100 Washington Blvd
Stamford, CT 06902
info@springworkstx.com

This Privacy Notice was last updated September 21, 2021.