Privacy Policy

This Privacy Policy (“Policy”) governs the manner in which CRISPR Therapeutics AG and its respective subsidiaries and affiliates, CRISPR Therapeutics, Inc. and Casebia Therapeutics LLC (“CRISPR”, “we”, “us”, or “our”) collects, uses, maintains and discloses information in connection with your use of our website (“Website”). This Policy does not apply to our collection, use, or disclosure of data collected through other means.

When you use the Website, you agree to our Terms of Use and collection, use, and disclosure of information about you as described in this Policy. Before you use or submit any information through this Website, please carefully review this Privacy Policy and our Terms of Use. IF YOU DO NOT AGREE TO THIS POLICY OR OUR TERMS, PLEASE DO NOT USE THIS WEBSITE.

We may change this Privacy Policy at any time and when we do we will post an updated version on the Website, unless another type of notice is required by the applicable law. By continuing to use the Website or providing us with information after we have posted an updated Privacy Policy or notified you (if applicable), you consent to the revised Privacy Policy and practices described in it.

Information We Collect

We collect and store information about you in multiple ways, including when you provide information directly to us and when we passively collect information from you, such as from your browser or device.

Information You Provide Directly to Us

We collect and store all information that you provide to us when using this Website. You might provide information to us in a variety of ways such as (but not limited to) when you submit any of the following on our Website: information requests, business proposals, employment inquiries, and responses to surveys.

The information you provide may include, but is not limited to: full name, home address, phone number, e-mail address and password, employment history, and your answers to background information questions.

Information Collected Automatically

When you visit any page on this Website, we may use one or more programs that monitor and evaluate this Website’s traffic. Any such program automatically records every visitor’s host, domain name, pages visited, length of user session, browser type and/or IP address. We may also collect information about your time zone or language.

When you visit and interact with this Website, CRISPR and third parties with whom CRISPR has contracted to provide services to CRISPR, may collect information via cookies, pixels, web beacons, or other tracking mechanisms (for example, a catalog of the site pages you visit, or your IP address), described in more detail, below.

Cookies and Other Tracking Mechanisms

We may also collect data about your use of the Website through the use of Internet server logs, cookies, tracking pixels, and/or other tracking technologies. A web server log is a file where website activity is stored. A cookie is a small text file that is placed on your computer when you visit a website that enables us to: (a) recognize your computer; (b) store your preferences and settings; (c) understand the web pages of the Website you have visited; (d) perform searches and analytics; and (e) assist with security administrative functions. Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads, and/or email, and that are designed to provide usage information like ad impressions or clicks, measure popularity of the Website and associated advertising, and to access user cookies. We also may include web beacons in email messages, newsletters, and other electronic communications to determine whether the message has been opened and for other analytics, personalization, and advertising. As we adopt additional technologies, we may also gather additional information through other methods.

Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Microsoft Edge; Google Chrome; Mozilla Firefox; or Apple Safari).

How We Use Your Information

We may use the information we collect from and about you for the following purposes:

  • complete any transactions you request online;
  • provide, improve, and troubleshoot the Website;
  • improve our products and services, and identify, develop, and offer new or expanded products and services;
  • notify you about updates, products and/or services from CRISPR, its affiliates, and selected third parties;
  • ask you to participate in brief surveys; and/or
  • generate aggregate statistical studies and conduct research related to our products and services and the use of the Website.

We may combine information that we collect from you and about you (including automatically collected information) with information we obtain about you from our affiliates and/or non-affiliated third parties, and use such combined information in accordance with this Policy.

We may aggregate and/or de-identify information collected through the Website. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and/or others.

Disclosure of Your Information

We may disclose your information to certain third parties with whom we have a direct or indirect business or contract relationship, under the following circumstances:

To our subsidiaries or affiliates: we may disclose your information to other companies within the CRISPR family of companies.

To our partners: we may disclose your information to our partners, including other companies and academic institutions, such as those listed or referenced on the Website.

To service providers: we disclose your information with third parties who perform services on our behalf, including without limitation market research, data storage, data analysis and processing, and legal services. When you request other services, we will provide your information to third parties with whom we arrange for those services to be provided.

To protect ourselves or others: we may also disclose information collected on this Website, in accordance with applicable law, to assert or defend our rights and property, to prevent harm to others, to collect a debt, or in response to legal processes such as subpoenas.

To comply with the law: we may also provide (or reserve the right to provide) information to regulators, law enforcement authorities, courts, and other governmental authorities, consistent with applicable laws.

Business transfers: if we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, your information and other information may be transferred to a successor or affiliate as part of that transaction.

Retention

We will keep your information for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a legitimate business need to do so in connection with your account, or as required by law (e.g. for tax, legal, accounting or other purposes), whichever is the longer.

Online Analytics

We may use third-party web analytics services (such as those of Google Analytics) on our Website to collect and analyze the information discussed above, and to engage in auditing, research or reporting. The information (including your IP address) collected by various analytics technologies described in the “Cookies” section above will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Services, including by noting the third-party website from which you arrive, analyzing usage trends, assisting with fraud prevention, and providing certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.

If you receive email from us, we may use certain analytics tools, such as clear GIFs, to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

Your Choices

You have the ability to opt out of receiving promotional communications from CRISPR by emailing us at info@crisprtx.com or clicking the unsubscribe link in the relevant email. Remember, however, that even if you opt out of promotional communications, CRISPR may still e-mail you in order to provide a product or service that you request.

You can also access your information, update or correct factual errors in your information by sending us an e-mail at info@crisprtx.com. To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.

Links to Third Party Sites

On the Website, we may link to third party websites, such as our partner companies, social media sites, academic institutions, government institutions or employment listings. For example, to view a job description or apply to an open position, you may be rerouted to a third-party website. Please note, CRISPR does not control the privacy policies or practices of these third-party sites. You should review those policies before providing any information.

Security

We take reasonable administrative and technical steps to protect prevent unauthorized access to or misuse of your information but cannot guarantee that your information will never be disclosed in a manner inconsistent with this Policy (for example, as a result of unauthorized acts by third parties that violate applicable law or relevant Web policies).

Children’s Privacy

This Website is not directed at children and we do not knowingly collect personal information (as defined by the Children’s Online Privacy Protection Act) from children under the age of 13. If we become aware that we have collected personal information from children under the age of 13, we will take reasonable steps to delete it as soon as practicable. If a child provides us with this type of information online, please contact us to have the account deactivated by sending us an e-mail at info@crisprtx.com.

Do Not Track

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Although our Website currently does not recognize or respond to the various web browser Do Not Track signals, we do offer you choices to manage your preferences as described in the “Your Choices” section, above. To learn more about browser tracking signals and Do Not Track please visit https://allaboutdnt.com.

European Union (EU) Users

When you interact with the Website, we may collect information that, alone or in combination with other information, could be used to identify you (“Personal Data”). This section provides information on your rights under EU law (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and also includes Switzerland).

Data Controller. CRISPR Therapeutics AG is the data controller for your Personal Data. To find out our contact details, please see the “Contact Us” section below.

Your Rights. Subject to EU law, you have the following rights in relation to your Personal Data:

  • Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
  • Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
  • Right to erasure: You may ask us to erase your Personal Data in some circumstances, such as where we no longer need it or you withdraw your consent (where applicable). If we shared your data with others, we will alert them to the need for erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data with so you can contact them directly.
  • Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
  • Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  • Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
  • If we are relying on a legitimate interest (described below) to process your Personal Data -- unless we demonstrate compelling legitimate grounds for the processing; or
  • If we are processing your Personal Data for direct marketing.
  • Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, unless this is necessary in relation to a contract between you and us or you provide your explicit consent to this use.
  • Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.
  • Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

Legitimate Interest. “Legitimate interests” means our interests in conducting our business. This Privacy Policy describes when we process your Personal Data for our legitimate interests, what these interests are and your rights. We will not use your Personal Data for activities where the impact on you overrides our interests, unless we have your consent or those activities are otherwise required or permitted by law.

EU-U.S. Data Privacy Framework and UK-U.S. Data Bridge and Swiss-U.S. DPF

The U.S. Department of Commerce’s International Trade Administration (ITA) requires us to inform you about CRISPR Therapeutics Inc.’s participation in the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the privacy statements reflecting the Principles (and Supplementary Principles).

Commitment. CRISPR complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. CRISPR has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S.DPF and the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. CRISPR has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. We will not rely on the Swiss-US Data Protection Framework until it comes into force, but we adhere to the commitments required in anticipation of its entry into force. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov.

Personal Information We Collect. Depending on the purpose for which we process your personal information, we need to process one or more pieces of personal information. Why, how and for how long we collect your personal information is described above.

Data Sharing. As explained above, we do not sell or trade your personal information to outside parties. Additionally, CRISPR has contracted with some services providers to manage the Website that may have access to your personal information, as explained above under section “Disclosure of Your Information”. CRISPR is responsible for transfers of personal information to third parties, and their processing of the personal information by these third parties according to the DPF Principles. CRISPR remains liable under the DPF Principles if a third party/service provider processes personal information covered by this Policy in a manner inconsistent with the DPF Principles, except where CRISPR can demonstrate that it is not responsible for the event giving rise to the damages. Under certain conditions, CRISPR may be required to disclose personal information in response to lawful requests by U.S. public authorities, including to meet national security or law enforcement requirements. You can find information about how to submit a complaint related to U.S. National Security access to data here.

Your Rights To Access, To Limit Use, And To Limit Disclosure Under The EU-U.S. DPF. You have the right to access personal information about you, to limit use of your personal information and disclosure to third parties. CRISPR’s DPF certification attests to its commitment to respect these rights. To access your personal information, this means that, without the need for justification, you have the right to obtain confirmation of whether CRISPR is processing personal information related to you; have the data communicated to you; and obtain information about the purpose of the processing, the categories of personal information being processed and the (categories of) recipients to whom the data is disclosed. You can exercise these rights by contacting info@crisprtx.com.

Where Can You Submit Your Inquiries or Complaints? In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, CRISPR commits to resolve DPF Principles-related complaints about our collection and use of your personal information. If you have any inquiries or complaints, please contact us at info@crisprtx.com. We will respond to you promptly. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, CRISPR commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

Dispute Resolution. In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, CRISPR commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit the JAMS website at https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

You can also submit a complaint directly to your local data protection authority (i.e., EU/EEA Member State data protection authority; UK Information Commissioner's Office (ICO) or Gibraltar Regulatory Authority (GRA) or the Swiss Federal Data Protection and Information Commissioner). Your data protection authority may refer your complaint directly to the U.S. Department of Commerce’s International Trade Administration (ITA) on your behalf. In that case, the DPF team will work alongside CRISPR to seek to resolve your concern.

If your complaint regarding a possible violation of DPF principles is not appropriately resolved after following the previously mentioned mechanisms, you may be entitled to seek binding arbitration through the Data Privacy Framework Panel (more information here). You can find additional information about this possibility here if you are a EU/EEA and UK (and Gibraltar) resident and here if you are a Swiss resident.

As CRISPR is under the enforcement authority of the Federal Trade Commission (FTC), you can also submit a complaint before the FTC using this link, but keep in mind that the FTC does not resolve individual complaints.

Changes

We will notify you of changes to the data processing activities described in this Privacy Policy by posting a prominent notice on the Website or the Apps or as otherwise required by law.

Contact Information

If you have any questions or concerns about this Privacy Policy or our privacy or security practices, you may contact us by e-mail at info@crisprtx.com or write to us in care of: CRISPR Therapeutics AG, Attn: Legal Department, Baarerstrasse 14, Zug, V8 CH-6300 Switzerland.

This Privacy Policy is effective as of: October 27, 2023.

You are now leaving the CRISPR Therapeutics website.

CRISPR Therapeutics is not responsible for the content or availability of third-party sites.

Continue