PRIVACY POLICY

Last updated: August 10, 2023

We at Tyra Biosciences, Inc. of 2656 State Street, USA, Carlsbad, CA 92008, United States of America (“Company”, “we” or “us”) respect your privacy. This Privacy Policy describes how we collect, use and disclose information about users of the Company’s websites, https://tyra.bio and https://tyrabio.gcs-web.com (the “Websites”), including the services, tools and features on the Websites (collectively, the “Services”). For the purposes of the General Data Protection Regulation (“GDPR”) and the GDPR as incorporated in the United Kingdom (“UK GDPR”), we are the controller of any personal data processed in relation to the Services and details of our local representative and our Data Protection Officer are set out below.

PLEASE READ THIS PRIVACY POLICY CAREFULLY SO THAT YOU UNDERSTAND YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION, AND HOW WE WILL COLLECT, USE AND PROCESS YOUR PERSONAL INFORMATION. IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, DO NOT ACCESS OR USE THE SERVICES OR OTHERWISE PROVIDE YOUR INFORMATION TO US.

THIS PRIVACY POLICY SUPPLEMENTS ANY OTHER PRIVACY RELATED NOTICES AND POLICIES WE MAY PROVIDE TO YOU FROM TIME TO TIME, AND IS NOT INTENDED TO OVERRIDE THEM, INCLUDING ANY INFORMED CONSENT FORM OR PATIENT INFORMATION LEAFLET PROVIDED TO YOU IN CONNECTION WITH YOUR PARTICIPATION IN ANY CLINICAL TRIAL SPONSORED BY US.

 

INFORMATION WE COLLECT

Some features of the Services may require you to enter certain personal information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features.

Information We Collect Directly From You

We collect certain information directly from you when you choose to communicate with us, for example, when you send a message to our e-mail address or when you sign up for our newsletters or alerts, such as our investor email alerts. We may collect your basic contact details, including name and e-mail address, from such communications and any other information provided by you when contacting us.

Information We Collect Automatically

When you visit our Websites and use our Services we may automatically collect information about your interaction with the Websites sent to us by your computer, mobile phone or other device. This information includes: (i) your IP address; (ii) device information including, but not limited to, name and type of operating system; (iii) mobile network information; (iv) standard web information such as your browser type, links clicked and the pages you access on our Websites; (v) security information including a list of certain installed software, device and internet connection information, and available space on the device.

Cookies

We use cookies and similar tracking technologies to track the activity on the Websites and hold certain information including your browsing activities over time and across different websites. Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze the Services. You can find more information about cookies and how to manage them in the Cookie Policy below.

Do Not Track

Your browser settings may also allow you to transmit a “Do Not Track” signal when you visit various websites. Like many websites, our Websites are not designed to respond to “Do Not Track” signals received from browsers. To learn more about “Do Not Track” signals, you can visit http://www.allaboutdnt.com.

 

HOW WE USE PERSONAL INFORMATION

The personal information we collect about you is used in order to perform our contract with you, such as:

  1. to provide you with the Services, other content and Website functionality.

In order to be responsive to you, to provide effective services to you, and to maintain our business relationship, we also process your personal information, as a matter of our legitimate interests, in the following ways:

  1. to respond to your message;
  2. to improve the Services;
  3. for internal business analysis or other business purposes consistent with our mission;
  4. administer the Websites and Services, and for internal operations, in order to conduct troubleshooting, data analysis, testing, research, statistical and survey analysis;
  5. maintain the safety and security of our users, the Websites, our Services, and business;
  6. send you announcements in relation to security, privacy or administrative related communications (these communications are not marketing orientated, and we do not rely on consent, so you may not opt out);
  7. personalize our Websites and our Services to ensure content is presented in the most effective manner for you and your device; and
  8. to carry out other purposes that are disclosed to you via the Services.

Where required by applicable law, we will obtain your consent to provide you with certain materials, such as updates related to our news / press releases.

In addition, we will use some or all of the above information to comply with any applicable legal obligations and cooperate with regulators and law enforcement bodies, to enforce any applicable terms and conditions and/ or terms of service, and to protect or defend our business, our rights, the rights of our users, or others.

 

WHEN AND HOW WE SHARE PERSONAL INFORMATION WITH OTHERS

In certain circumstances, we will share your personal information with third parties with your consent, as necessary, or as otherwise required or permitted by law. Specifically, we share your personal data:

  1. With services providers and vendors, in our legitimate interests. Such third parties include website hosting vendors. These service providers assist us with the processing of your personal information in accordance with the purpose(s) for which the data were originally collected or may otherwise be lawfully processed, such as providing data storage, disaster recorvery, technical support services and communicating with you.
  2. For legal and security reasons and to protect our services and business, in our legitimate interests or as required by law. We will share your personal data with regulators, law enforcement agencies, public authorities, or any other relevant organisations: (i) in response to a legal obligation; (ii) if we have determined that it is necessary to share your personal data to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries; (iii) to protect the interests of, and ensure the safety and security, of us, our users, a third party or the public; (iv) to exercise or defend legal claims; and (v) to enforce our terms and conditions, other applicable terms of service, or other agreements.
  3. With professional advisors, in our legitimate interests or as required by law. As necessary, we will share your personal data with professional advisors functioning as service providers such as auditors, law firms, or accounting firms.
  4. With our affiliates and subsidiaries, in our legitimate interests. We may share your personal data with companies within our corporate family.
  5. In connection with an asset sale or purchase, a share sale, purchase or merger, bankruptcy, or other business transaction or re-organisation, in our legitimate interests. We will share your personal information with a prospective buyer, seller, new owner, or other relevant third party as necessary while negotiating or in relation to a change of corporate control such as a restructuring, merger, or sale of our assets.

 

SOCIAL MEDIA LINKS

Social networks (LinkedIn) are only integrated on our Websites as a link to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the page of the respective provider. Only after the redirection, user information is transferred to the respective provider. For information on the handling of your personal information when using these websites, please refer to the respective data protection provisions of the providers you use.

 

CHILDREN’S PRIVACY

Our Websites are not intended for children, and we do not knowingly collect data relating to children. Children must not use our Websites or Services, except where their parent or guardian has provided consent, if this option is available in your location. If you use our Websites, you represent that you are at least the age of majority under the laws of the jurisdiction of your place of residence. If we learn that we have collected or have been sent personal information about or from a child, we reserve the right to delete that personal information as soon as reasonably practicable. If you believe that we might have collected or been sent information from a child, please contact [email protected] as soon as possible.

 

DATA SECURITY, INTEGRITY AND RETENTION

Please note that information you send to us electronically may not be secure when it is transmitted to us. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us. Please be aware that, despite our efforts to implement security controls, no security measures are perfect or impenetrable.

We retain personal data for the duration needed to support our ordinary business activities operating the Websites and interacting with you. Thereafter, we will still retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish and defend legal claims, enforce our agreements, or for legitimate businesses purposes.

After the expiry of the retention periods, we may store your information in an aggregated and anonymised format that does not permit your continued identification.

 

YOUR CALIFORNIA PRIVACY RIGHTS

We do not share personal information as defined by California Civil Code Section 1798.83 (“Shine The Light Law”) with third parties for their direct marketing purposes.

 

WHERE WE STORE YOUR INFORMATION

As we are an US-based business, if you are accessing the Services and/or Websites from the European Economic Area (EEA) or the United Kingdom (UK), your personal information will be stored at/processed in the United States or processed by our staff or third parties operating in another country or jurisdiction that does not have the same data protection laws as your jurisdiction. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Privacy Policy.

For any transfers of personal information (which is subject to the GDPR/UK GDPR) to third parties and/or affiliates outside the EEA or the UK, the data transfer will be under the European Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses) (the “Model Clauses”), or any equivalent contracts issued by the relevant competent authority of the UK, as relevant, unless the data transfer is to a country that has been determined by the European Commission or the relevant UK authorities, as applicable, to provide an adequate level of protection for individuals’ rights and freedoms for their personal data. Please contact  us at [email protected] should you wish to examine a copy of the Model Clauses.

 

YOUR EEA/UK RIGHTS

If you are located in the EEA or the UK, you have certain rights in relation to your information as follows:

  1. Access: You have the right to access information we hold about you, how we use it, and who we share it with.
  2. Correction: You have the right to correct any of your information we hold that is inaccurate.
  3. Erasure: In certain circumstance, you have the right to delete the information we hold about you.
  4. Restriction of processing: You have the right to require us to stop processing the information we hold about you, in certain circumstances.
  5. Portability: You have the right to receive a copy of the information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
  6. Right to revoke consent: To the extent we rely on your consent to process your personal information, you have the right to revoke such consent at any time. In the event of revocation, we will immediately stop processing your personal data, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation (Art. 7 (3) GDPR).

Right of Objection

To the extent we process your personal data on the basis of legitimate interests, you have the right to object to such processing in certain circumstances.  You also have the right, at any time, to object to marketing by using the unsubscribe/optout function in our communications to you. Please note that a number of these rights only apply in certain circumstances, and all of these rights may be limited by law, for example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests or where we are required by law to retain your information.

To exercise any of these rights, you can contact [email protected]

Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or of an alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here. If you are in the UK, please contact the ICO, click here.

 

EXTERNAL LINKS

Our Websites may contain links to other sites operated by third parties. Company does not control such other sites and is not responsible for their content, their privacy policies, or their use of personal information. Company’s inclusion of such links does not imply any endorsement of the content on such sites or of their owners or operators except as disclosed through the Services. Any information submitted by you directly to these third parties is subject to that third party’s privacy policy.

We expressly disclaim any and all liability for the actions of third parties, including but without limitation to actions relating to the use and/or disclosure of personal information by third parties.

 

GDPR-AUTOMATED DECISION MAKING

Automated decision-making or profiling in accordance with Art. 22 GDPR does not take place.

 

UPDATING THIS PRIVACY POLICY

We may modify this Privacy Policy from time to time in which case we will update the “Last Revised” date at the top of this Privacy Policy. It is your sole responsibility to check the Websites from time to time to view any such changes in the Privacy Policy. When we change the Privacy Policy in a material manner, we will notify you by posting an announcement on our Websites. Your continued use of the Websites after any change constitutes your acceptance of the new Privacy Policy.

IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, INCLUDING ANY CHANGES, THEN YOU MUST NOT ACCESS OR USE THE SERVICES.

 

CONTACTING US

You may contact us regarding the Services, this Privacy Policy or any other questions or concerns regarding our use and disclosure of your personal information at: Tyra Biosciences, Inc., 2656 State St., Carlsbad, CA 92008, United States of America, by phone at +1-(619) 728-4760 or by e-mail at [email protected].

If you are located in the EEA or the UK, you can also contact our DPO and local representative(s) as follows:

  • Contact details of the Data Protection Officer: DP Dock DPO Services GmbH; Grüffkamp 10, 24159 Kiel, Germany; Email: [email protected]
  • Contact details of our EU Data Protection Representative: Data Protection Representative Limited; The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland Email: [email protected] –  (referencing Tyra Biosciences, Inc. in the subject line).
  • Contact details of our UK Data Protection Representative: Data Protection Representative Limited; 107-111 Fleet Street, London, EC4A 2AB, United Kingdom; Email: [email protected] (referencing Tyra Biosciences, Inc. in the subject line)

 

COOKIES POLICY

Last updated: August 10, 2023

This Cookies Policy for Tyra Biosciences, Inc. (“Company”, “we” or “us”) describes how we and certain third parties use cookies (“Tracking Technologies”) to collect personal data and to store information or gain access to information stored on your device, when you use our website at https://tyra.bio and https://tyrabio.gcs-web.com (the “Websites”), including, tools and features on the Websites (collectively, the “Service”). This policy tells you more about Tracking Technologies and how we use them in our Service and supplements the information provided in our privacy policy above.

We and the third parties we work with use Tracking Technologies to collect information about your use of the Service, such as your IP address, browser type, browser version, pages viewed, time spent on pages, links clicked and conversion information. This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on the Service and other websites, provide customer support, troubleshoot issues with and improve the operation of our Websites and Service, and better understand your online activity. You can find more information about cookies and how to manage them here.

Some of the Tracking Technologies we use are essential and we cannot provide access to our Websites without them.

You can change your settings for Tracking Technologies we use in our Services at any time in our preference centre which is accessible by clicking on the cookie icon at the bottom right hand corner of the webpage.

You can choose to have your computer warn you each time a Tracking Technology is being sent, or you can choose to turn off all Tracking Technologies. You do this through your browser settings. For more information on how to manage your browser settings, please see below:

  1. Cookie settings in Internet Explorer
  2. Cookie settings in Edge
  3. Cookie settings in Firefox
  4. Cookie settings in Chrome
  5. Cookie settings in Safari

If you have disabled one or more Tracking Technologies, we will still use information collected from Tracking Technologies prior to your disabled preference being set; however, we will stop using the disabled Tracking Technologies to collect any further information.

If you turn Tracking Technologies off, it may affect your user experience.

How do we use Tracking Technologies?

We use first party and third party Tracking Technologies on our Websites. First party Tracking Technologies are set directly by us whereas third party Tracking Technologies are set by a third party (such as analytics providers, our advertisers and business partners). Please see the preference centres on our Websites for details on the specific cookies dropped on each of our Websites, which may include the following categories of Tracking Technologies:

  1. Essential Tracking Technologies, which are essential to the functioning of our Services, to provide a service requested by you or to comply with the law (e.g. the security requirements of data protection law). We do not need to obtain your consent in order to use these Tracking Technologies and these Tracking Technologies cannot be turned off as we cannot provide the Services without them.
  2. Functionality Tracking Technologies, which allow us to remember choices you make and provide enhanced and personalised features e.g. to show you when you are logged in.
  3. Performance Tracking Technologies, which enable us to collect information about your online activity (e.g. the duration of your use of the Services), including behavioural data and content engagement. They allow us to provide you with a better user experience and to maintain, operate and continually improve the Services.
  4. Advertising/Targeting Tracking Technologies, which we use to deliver a more personalised service, enable us to execute advertising campaigns and show you ads that are relevant to you as well as measuring the effectiveness of advertising campaigns. They are usually placed by our advertisers (for example advertising networks) and provide insights about the people who see and interact with their ads, visit their websites or use their app. A guide to behavioural advertising and online privacy has been produced by the internet advertising industry which can be found at: http://www.youronlinechoices.eu
  5. Social Media Tracking Technologies, we have a presence on social media platforms (namely, LinkedIn), those platforms will set Tracking Technologies on your device when you visit our pages on their platforms so that we can obtain statistical information about how you interact with our social media presence. The cookies policy of the social media platform should explain how you can manage the Tracking Technologies that they set or you may also be able to manage these Tracking Technologies through using your browser settings, as explained below.

UPDATING THIS COOKIES POLICY

We may modify this Cookies Policy from time to time in which case we will update the “Last Revised” date at the top of this Cookies Policy. If we make any material changes to the way we handle your personal data in relation to Tracking Technologies, we will let you know by posting an updated version of this policy on our Websites.

 

CONTACTING US

Any questions or concerns regarding this policy should be directed to Company at [email protected].