1. Introduction

This policy applies to all information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Data”).

CinCor Pharma, Inc. (“CinCor Pharma”) respects the privacy of individuals of all nationalities in the processing of their Personal Data, recognizing the fundamental rights to lawfulness, fairness, and transparency. CinCor Pharma adheres to the principles of data privacy by design and by default, including data minimization to the extent possible. CinCor Pharma adheres to laws relating to data protection in all jurisdictions in which it conducts business, including but not limited to HIPAA, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Protection Act, and the United Kingdom Data Protection Act of 2018 and United Kingdom GDPR.

CALIFORNIA RESIDENTS: CinCor Pharma adheres to the applicable provisions of the California Consumer Protection Act. CinCor Pharma does not sell personal data. Residents of California may contact CinCor Pharma pursuant to Section 8 below to enquire about the collection of their personal information, including any request to delete personal information.

This website is not intended for, or designed to attract, children under the age of 16. No Personal Data should be submitted to CinCor Pharma through the website by visitors who are less than 16 years old.

2. The Personal Data that We Collect2.1 Website Visitors

2.1.1. CinCor Pharma may collect information from users of our website such as IP address and location. We also may collect personal information if you submit an inquiry on our website.

2.1.2. The purpose of collecting this Personal Data is our legitimate interest.

2.1.3. If you choose to contact us and provide us with your Personal Data, we will collect and use your Personal Data to respond to you, to provide you with information that you have requested (which may relate to our products), or to communicate with you for other purposes which are requested by you in your inquiry. Such other purposes may include, from time to time, monitoring our regulatory compliance, and compiling profiles and personal information about you in order to identify suitable education/awareness programs or suitable opportunities to collaborate with you.

2.1.4. We will disclose your Personal Data within our company, and to our corporate affiliates who agree to treat it in accordance with this Privacy Policy. Personal Data also may be transferred to third parties who act for and on our behalf, for further processing in accordance with the purpose(s) for which the data were originally collected. These third parties have contracted with us to only use Personal Data for the agreed upon purposes and not to sell or disclose your Personal Data to third parties except as required by law, or as stated in this Privacy Policy.

2.2 Personal Data of Clinical Trial Subjects

2.2.1 CinCor Pharma processes pseudonymized medical and health information about the individuals who take part in clinical trials. This information is collected by investigators and their staff at the study sites. CinCor Pharma may transmit this data from the jurisdiction in which it was collected to CinCor Pharma headquarters in the United States. When consent is required for the processing of Personal Data, the physician investigators overseeing the trial are responsible for ensuring that the individuals understand and consent to the gathering of Sensitive Personal Data relating to their health, including the transfer of such pseudonymized information to third parties who may be providing services for the clinical trial.

2.2.2. The purposes of collecting the Personal Data of clinical trial participants is to promote the global development of safe and effective medical therapeutics. CinCor Pharma is committed to conducting clinical trials in a manner that strictly adheres to all national and international ethical requirements and clinical trial regulations. Effective adherence to clinical trial regulations requires the gathering, recording, processing, storing, and transmitting of personal data of clinical trial participants, clinical trial investigators, vendors, support staff, and employees.

2.2.3. Pursuant to Opinion 03/2019 of the European Data Protection Board, CinCor Pharma declares that the processing of Personal Data of EU citizens participating in a clinical trial is necessary for the performance of a task carried out in the public interest. Specifically, the processing of sensitive categories of data is carried out for reasons of public interest in the area of public health, and/or archiving for scientific purposes in accordance with Article 89(1) of the GDPR.

2.3 Personal Data of Investigators and Business Partners

2.3.1. CinCor Pharma collects Personal Data from business partners and vendors who are providing services to CinCor Pharma. This processing is necessary for the fulfillment of CinCor Pharma’s contracts with these individuals and their employers, and may be required for submission of clinical trial data to governmental and regulatory authorities, IRBs, and ethical committees. The basis for collection of physician investigator data is the fulfillment of a legal obligation related to ensuring that investigators are qualified to oversee a clinical trial. The basis for collecting site and investigator staff information is the fulfillment of a contract between CinCor Pharma and the site. When applicable, CinCor Pharma complies with all obligations to provide transparency notices about the processing or transfer of this Personal Data. When consent for the collection or processing of Personal Data is required, it is the obligation of the data controller (the study site or employer) to obtain consent or to provide notice to its employees and staff.

2.3.2. The purpose for collecting the Personal Data of Investigators and Business Partners is for the performance of a contract to which the Investigator or Business Partner is a party; for the compliance with our legal obligations (such as legal or regulatory obligations of the sponsor of a clinical trial); or for our legitimate interests.

2.4 Use of Cookies

Cookies are small text files that are stored on browsers or devices by websites, apps, online media, and advertisements. CinCor Pharma uses cookies and similar technologies for purposes such as:

  • Authenticating users
  • Remembering user preferences and settings
  • Determining the popularity of content
  • Analyzing site traffic and trends, and generally understanding the online behaviors and interests of people who interact with our services

Your web browser may be programmed to notify you when you are receiving a cookie, giving you the choice to accept it or not. You can also refuse all cookies by turning them off in your browser.

3. How We Use Your Personal Data

3.1. Website visitors: CinCor Pharma may use information gathered from our website for a variety of purposes related to our business. This may include:

3.1.1. To enhance the user experience of our website, including internal operations necessary to provide our services, such as troubleshooting software bugs and operational problems; conducting website traffic data analysis, testing, and research; and to monitor and analyze usage and activity trends.

3.1.2. To respond to inquiries regarding our business or service

3.1.3. We may use the Personal Data we collect to investigate or address claims or disputes relating to our business, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries. CinCor Pharma may share users’ Personal Data if we believe it is required by applicable law, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns. This includes sharing Personal Data with law enforcement officials, public health officials, other government authorities, or other third parties as necessary to enforce our Code of Conduct or other policies; to protect our rights or property; or the rights, safety, or property of others; or in the event of a claim or dispute relating to our business operations.

3.2. Clinical trial participants

3.2.1. Personal Data from clinical trial participants is used to test the safety and efficacy of experimental drugs and medical devices. If you are a participant in a clinical trial sponsored by CinCor Pharma, please review the informed consent form that you received from your study doctor for more information about how your Personal Data will be used and protected.

3.3. Business partners, clinical trial staff, and vendors

3.3.1. Personal Data from business partners, clinical trial staff, and vendors will be used as necessary to conduct a clinical trial sponsored by CinCor Pharma.

3.3.2. CinCor Pharma is required by clinical trial regulations to process personal data of the site personnel and other individuals involved conducting in a clinical trial. The personal information also may be processed by a contract research organization (CRO) working on behalf of CinCor Pharma. The data collected by CinCor Pharma and/or its CRO may include CVs, licenses, medical specialties, clinical study experience, and financial information of the site personnel assisting with the clinical study.

3.4. CinCor Pharma retains user data for as long as necessary for the purposes described above. We will retain different categories of data for different periods of time depending on the category of user to whom the data relates, the type of data, and the purposes for which we collected the data.

3.5. CinCor Pharma does not sell or share user personal data with third parties for their direct marketing.

3.6. CinCor Pharma does not engage in automated decision-making using Personal Data.

4. How We Protect Your Personal Data

4.1. CinCor Pharma has in place physical, electronic and organizational procedures to safeguard and secure Personal Data stored on its systems. CinCor Pharma deploys encryption, firewalls, access controls, and other procedures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Access to CinCor Pharma facilities is controlled via a combination of technical and physical controls.

4.2. Personal Data is restricted to authorized individuals, who only can access it on a “need to know” basis.

4.3. CinCor Pharma may store some business records or clinical trial documents in hard copy (paper or disk) format, as required by law or regulation, or pursuant to the fulfilment of a legitimate business purpose. In this case, documents are retained for the minimum time necessary, and then securely destroyed. Long-term storage of hard copy documents may be carried out by a qualified third-party vendor.

5. Where We May Transfer Your Personal Data

5.1. Transfer to Third Parties
Personal Data may be shared with third parties to fulfill the purposes for which it was originally collected. Personal Data is transferred to third parties pursuant to contractual obligations consistent with Article 28(4) of GDPR when applicable, and with this Privacy Policy. Recipients of Personal Data may be regulatory authorities, ethical committees, and third parties associated with the study, the Institution where the study takes place, or the CRO and its Affiliated companies.

5.2. Transfer to Third Countries
Your Personal Data may be transferred to a third country outside of the EU or European Economic Area, or to a country where data protections are not as strong as in your country. Transfers to these countries are made using appropriate safeguards as outlined in Article 46 of the GDPR. CinCor Pharma, Inc. and all CinCor Pharma US affiliates, comply with the requirements of the EU to provide adequate safeguards for Personal Data transferred to the United States.

6. Your Rights to Access and Choice

6.1. CinCor Pharma is committed to cooperating to the full extent of applicable law in the exercise of the rights of data subjects. Any data subject who wishes to exercise his or her rights under applicable data privacy law, or to inquire about the processing of his or her data by CinCor Pharma, should contact CinCor Pharma pursuant to Section 8 of this Privacy Policy.

6.2. EU and Swiss citizens whose data is processed by CinCor Pharma have a right to be informed of the choices and means available for limiting the use and disclosure of their Personal Data. EU and Swiss citizens may have the right to access, modify, or suppress their personal data, to elect not to have Personal Data transferred to a third party, or to object to their Personal Data being used for any purpose materially different from that disclosed to them, or stated within this Privacy Policy. Upon request, CinCor Pharma will honor the request to access, modify, suppress, prevent or stop transferring, or delete an individual’s Personal Data to the extent reasonably possible. CinCor Pharma may, pursuant to the law, disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Please note that pursuant to clinical trial regulations, some Personal Data may be retained even if you request that it be deleted.

6.3. Clinical trial participants should contact the study site at which they participated in the clinical trial, or the Principal Investigator of the study, to enquire about choices and means available for limiting the use and disclosure of their Personal Data under applicable data privacy laws. The rights available to a clinical trial participant may be limited pursuant to an exception to the applicable data privacy law to preserve the integrity or scientific value of the data collected.

7. Your Rights to Enforcement and Recourse

7.1. Data subjects have a right to lodge a complaint with the appropriate EU supervisory authority, and also a right to an effective judicial remedy against infringing controllers and processors.

7.2. Residents of California may have a private right of action in the event of a data breach. Pursuant to California law, affected individuals must first notify CinCor Pharma of the alleged violation and provide CinCor Pharma 30 days to cure the violation.

8. How to Contact CinCor Pharma

8.1. For more information about CinCor Pharma’s commitment to protecting data privacy, or to exercise any rights you may have under applicable data privacy laws, please contact CinCor Pharma at, by telephone at 513-800-2585 or by mail at 200 Clarendon Street, 6th Floor, Boston, MA 02116, United States of America, Attn: Data Protection Officer.

8.2. We may occasionally update this notice. If we make significant changes, we will notify users in advance of the changes on our website, or through other means, such as email. We encourage users to periodically review this notice for the latest information on our privacy practices. After such notice, use of our services by users in countries outside the European Union will be understood as consent to the updates to the extent permitted by law.