This Kythera Labs External Privacy Policy (the “Policy”) sets forth our policies and procedures for protecting the privacy of Personal Data, as defined below.
“Affiliate(s)” means any legal entity directly or indirectly controlling, controlled by or under common control of Kythera Labs, where control means the ownership of a majority share of the stock, equity or voting interests of such entity.
“Customer Data” means any data, information or material originated by Customer that Customer submits to Kythera Labs, collects through its use of the Subscription Services or provides to Kythera Labs in the course of using the Subscription Services.
“Data Controllers” are those entities that determine how and whether Personal Information is processed. Kythera Labs and our Affiliates are Data Controllers for purposes of these procedures.
“Data Processors” are those entities that process Personal Information on behalf of a Data Controller.
“Data Subjects” are the people to whom the Personal Data relates.
“Personal Data” means any Customer Data relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Properly anonymized and de-identified or aggregate data is not Personal Data.
“Process” is used very broadly to indicate performing any action on Personal Data, such as collecting, recording, organizing, storing, transferring, modifying, using, retaining, or deleting.
Privacy protection is integral to Kythera Labs’ operation. We take many steps to ensure we do not collect and process Personal Data. Much of the data we work with is fully anonymized prior to entering Kythera Labs’ controlled systems. However, in the course of doing business, we collect Personal Data in a few ways, including from the following:
Kythera Labs’ policy is to minimize the unnecessary collection or use of Personal Data and use anonymized and de-identified or aggregate data wherever possible.
We may collect and process certain information about you based on your interactions with our services, products, and platforms. By using our services, you acknowledge and agree that we may collect, use, and store your data in accordance with this Privacy Policy. This includes, but is not limited to, the following scenarios:
Browsing and Usage Information
When you access or navigate our website, application, or services, we may automatically collect information such as your IP address, browser type, device information, and browsing patterns. This data helps us improve our services and enhance your user experience.
Contact and Communication
When you voluntarily provide information through forms, emails, or other communication channels, you are giving implied consent for us to use this information to respond to your inquiries, provide requested services, or enhance our offerings.
Cookies and Similar Technologies
By using our website, you consent to the use of cookies and similar technologies to collect information about your preferences and activities. You can manage your cookie preferences through your browser settings, but disabling cookies may impact your experience.
Third-Party Services
If you access our services through third-party platforms (e.g., social media or integrated apps), you consent to the data-sharing practices outlined in those platforms' privacy policies, which may include sharing information with us.
Your Rights and Choices
While implied consent allows us to collect and use certain data, we are committed to providing transparency and control over your personal information. You may:Opt out of certain data collection practices, such as email marketing or cookies, or request access, correction, or deletion of your personal data by contacting marketing@kytheralabs.com.
Consent to the collection and use of Personal Data may be withdrawn, subject to contractual and legal restrictions and reasonable notice.
Withdrawal of consent may have consequences, such as no longer being able to provide certain services or communicate in certain ways. In certain circumstances, consent may not be withdrawn with respect to certain necessary uses and disclosures of Personal Data, such as with respect to certain legal and contractual obligations.
Our Personal Data systems are designed to allow for the effective withdrawal of consent. Communications are made subject to opt-out lists maintained by Kythera Labs. To globally opt out of all marketing lists, send an email to marketing@kytheralabs.com with the subject “Unsubscribe Globally”.
When Personal Data is used, Kythera Labs uses the Personal Data in a way that is compatible with the purposes for which it was collected, or for a reasonably related purpose. Only Kythera Labs personnel or third parties working on behalf of Kythera Labs with a legitimate business purpose may access or use Personal Data, and even those individuals may access such Personal Data only for legitimate purposes required by their positions.
Kythera Labs has posted a Privacy Policy so that Data Subjects can contact the appropriate person with inquiries or complaints regarding the use of their Personal Data. Kythera Labs makes reasonable efforts to grant Data Subjects’ requests to access their Personal Data. In accordance with these procedures, Data Subjects may ask Kythera Labs whether it maintains Personal Data about them, and the contents, if any, of that data. If Kythera Labs denies access, Kythera Labs will provide the Data Subject the reasons for such denial and allow the Data Subject to challenge the denial.
Kythera Labs uses its best efforts to process accurate Personal Data. To this end, Data Subjects may make reasonable requests for the correction of any incorrect or misleading Personal Data about them. To the extent reasonably feasible, Kythera Labs will, as appropriate, correct or destroy Personal Data that is inaccurate, misleading, or out-of-date. If Kythera Labs does not make a requested correction, the request should be noted in the Data Subject’s file to the extent feasible and explained to the Data Subject.
Kythera Labs does not keep Personal Data longer than necessary for the purpose for which it was collected. Kythera Labs securely destroys Personal Data from its systems when it is no longer required to accomplish the purpose for which it was collected. Kythera Labs may, however, retain some Personal Data to comply with applicable laws, regulations, rules, and court orders.
If the Data Subject is a customer, upon termination or expiration of their agreement, Kythera Labs shall, in accordance with the terms of the Agreement, delete or make available to customer for retrieval all relevant Personal Data (including copies) in Kythera Labs' possession, save to the extent that Kythera Labs is required by any applicable law to retain some or all of the Personal Data. In such an event, Kythera Labs shall extend the protections of the agreement to such Personal Data and limit any further Processing of such Personal Data to only those limited purposes that require the retention, for so long as Kythera Labs maintains the Personal Data.
Kythera Labs takes reasonable administrative, technical, and physical measures to safeguard against unauthorized processing or use of Personal Data, and against the accidental loss of, or damage to, Personal Data. These measures include:
Kythera Labs employees and third-party contractors may not disclose information made available on Kythera Labs systems and networks, including to other Kythera Labs personnel, except as expressly authorized by the appropriate manager. The duty of nondisclosure and confidentiality extends to interactions with third parties, including other employees, customers, business partners, and vendors.
The suspected theft, loss, or unauthorized processing of data, including Personal Data, must be immediately addressed. Kythera Labs will take immediate steps to investigate the cause of the security breach and make every effort to contain the breach. Kythera Labs must follow the steps set forth in the Data Security Incident Response Plan when responding to security incidents.
Kythera Labs has designated an individual to handle complaints and disputes regarding the use of Personal Data. This person may be contacted by Data Subjects for complaints or disputes about how their Personal Data is handled. These complaints and disputes shall be addressed by Kythera Labs management. The Compliance Officer is the person authorized to handle complaints and disputes.
Kythera Labs employees who violate this Policy may be subject to disciplinary actions, up to and including termination of employment.
As is appropriate, Kythera Labs may modify its procedures for the handling of Personal Data, but material changes to the handling of Personal Data cannot be applied retroactively without the express consent of the Data Subject or customer unless consent was not necessary to collect and use the Personal Data.
To facilitate compliance with this Policy and to protect its workers, systems, information, and assets; Kythera Labs may review, audit, monitor, intercept, access, and disclose information processed or stored on Kythera Labs equipment and technology, or on personally owned devices accessing Kythera Labs networks.
If you have any questions about this guidance, or for additional information or training, please contact us at compliance@KytheraLabs.com.
Kythera Labs’ management may monitor, assess, and promote compliance with this Policy by
All Kythera Labs employees shall receive annual training on our privacy and security programs and procedures.
For questions related to the implementation of this policy, contact Compliance@KytheraLabs.com.
Contact:
George Coleman
Legal Counsel
George@KytheraLabs.com
Melissa Pelletier
Compliance Officer
Melissa@kytheralabs.com
Version 2.0 - February 2025
