Privacy Policy

• Last updated: October 15, 2024

This Privacy Policy (the “Privacy Policy”) describes how Leap Therapeutics, Inc. (“Leap”, or “we,” “us,” or “our”) uses and discloses the personal information collected through its website (the “Site”) or the services provided by Leap (“Services”), and the rights you may have about how Leap uses your personal information. This Privacy Policy applies to the Site and Services, and any other personal information obtained when you call, email, or otherwise communicate with Leap.

By accessing or contacting Leap on the Site or through our Services on any computer, mobile phone, tablet, or other device, you agree to the terms of this Privacy Policy. If you do not agree to the policy, please do not use the Site.

We may modify/update this Privacy Policy at any time and will post the current version on the Site. We encourage you to periodically review our Privacy Policy to stay informed about how we are using the information we collect.

Applicable Laws

For US residents:  We adopt this Privacy Policy to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other applicable California and state privacy laws.  Any terms defined in the CCPA have the same meaning when used in this Privacy Policy.  For the US, we also comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic & Clinical Health of 2009 (“HITECH”), as amended and including all implementing rules and regulations. 

For European Union (“EU”) residents:  See the International Users section below for more information regarding our compliance with the EU’s General Data Protection Regulation of 2018 (“GDPR”).  This section also provides information regarding our compliance with EU-US Data Privacy Framework.

Leap is committed to data protection and security and updates this Privacy Policy and our processes as needed when applicable laws change or are implemented.

Information That You Give Us

We collect personal information from you when you submit it to us through the Site or Services. This information may include, for example, your name, email address, mailing address, and telephone number. If you are a research collaborator, you may also provide Leap with your work qualifications or CV (resume). We may combine the information we have from you with information we receive about you from other sources, such as address update services. For any information you give us or that we collect, Leap is considered to be the “controller” of that personal information because we determine the means and purposes of processing your personal information.

If you provide consent for use of your personal information, we will limit our use of your personal information to the purposes stated in the consent, and we will limit the amount of personal information we collect to what is adequate, relevant and necessary for the consented purposes.

Information We Collect Automatically

When you visit the Site or use our Services, we and our service providers may collect certain information from you, including your Internet Protocol (IP) address, MAC address, browser type, operating system, device-identifying information, the specific web pages visited during your connection, and the domain name from which you accessed the Site. In addition, we may collect information about your browsing behavior, such as the date and time you visit the Site, the areas or pages of the Site that you visit, the amount of time you spend viewing the Site, the number of times you return to the Site and other clickstream data. We may also use non-identifiable  or aggregated information for statistical analysis, research, and other purposes.

Like many commercial websites, we may analyze how visitors use our Site through what is known as “cookie” technology, including other tracking technologies such as web beacons. For more information regarding Cookies, please see our Cookie Policy.

Use of Information

We may use the information we collect from and about you for any of the following purposes: (1) to fulfill your requests for information about our products and services; (2) to respond to your inquiries; (3) to review Site usage and operations; (5) to address problems with the Site, our business or our Services; (6) to protect the security or integrity of the Site and our business and Services; (7) to monitor the Site for compliance with our Terms of Use and the law; (8) to assess your candidacy for the job vacancy, for which you submit your CV (resume);(9) to contact you with Site updates, newsletters and other informational and promotional materials from us and third party marketing offers from our trusted partners, as well as from other companies, and, 10) to conduct business with you, including for example contacting clinical trial site personnel in the EU who are involved in Leap’s research studies.

Disclosure of Information

We will not sell or make unauthorized disclosures of your personal information. Leap also does not use profiling to try to obtain your personal information. However, we may use your information: (1) as necessary if we believe that there has been a violation of the Site Terms of Use or of our rights or the rights of any third party; (2) to respond to legal process (such as a search warrant, subpoena or court order) and provide information to law enforcement agencies or in connection with an investigation on matters related to public safety, as permitted by law, or otherwise as required by law; and (3) in the event that our company or substantially all of its assets are acquired, your personal information may be one of the transferred assets. We may also disclose your personal information with your express consent. We may share aggregate, non-personally identifiable information about Site users and Services with third parties who provide contracted services to Leap and for whom that information is necessary for the performance of the contracted services.

Please note that if you voluntarily submit any personal information for posting on the Site or in connection with our Services, such as a comment or a blog post, the information becomes publicly available and can be collected and used by others, so you should use care before posting information about yourself online.

Your Privacy Rights

We respect your privacy rights (under various US state laws, including California, Virginia, Florida, Texas, Indiana, Montana, Tennessee, Washington and others where privacy laws are pending) to access and correct, rectify or erase your personal information, restrict the way your information is processed, object to the processing, or withdraw your consent at any time, if we are processing your personal information on the basis of consent.

California and other state categories of personal data we may obtain include personal identifiers (name, address), characteristics of protected classifications (race, gender), professional or employment-related information (resume, CV) and internet activity on our Site or through our Services.

California law permits certain website viewers who are California residents to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. Again, you may request this information using the information below in “Contact Us.” 

Retention of Personal Information

Personal information that we collect, access or process will be retained only as long as necessary for the fulfillment of the purposes for which it was collected, unless otherwise provided in agreements between you and Leap or as required or authorized by law. Personal information that is no longer required to fulfill the identified purposes will be destroyed, erased or made de-identified or anonymized.

Security

We maintain industry-standard reasonable and appropriate measures designed to maintain information we collect in a secure manner. We have taken certain physical, technical, and administrative steps to safeguard and secure the information we collect from visitors to the Site and through our Services. Even though we follow reasonable procedures to try to protect the information in our possession, no security system is perfect, and we cannot promise, and you should not expect, that your information will be secure in all circumstances.

Children

The Site is not directed to children, nor do we knowingly collect any personal information from children under the age of thirteen without verifiable parental consent. If you believe that a child has provided personal information to us, please contact us promptly as described below, and we will endeavor to investigate and delete such information from our systems.

 Third Party Websites

The Site may contain links to third-party websites, such as social media sites like LinkedIn and Twitter, which may have privacy policies that differ from our own. We are not responsible for the activities and practices that take place on these websites. Accordingly, we recommend that you review the privacy policy posted on any external site before disclosing any personal information. Please contact those websites directly if you have any questions about their privacy policies.

International Users

The Site is hosted in the United States. If you are visiting the Site from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries in accordance with this Privacy Policy. The data protection and other applicable laws of the United States or other countries may not be as comprehensive as those laws or regulations in your country or may otherwise differ from the data protection or consumer protection laws in your country. Your information may be available to government authorities under lawful orders and laws applicable in such jurisdictions. By using the Site and/or providing personal information to us, you consent to transfer your information to our facilities as described in this Privacy Policy.

We comply with applicable laws on the transfer of personal information between countries and we implement safeguards and legally recognized measures that adequately protect your personal information.

Leap has the following legal bases for the transfer of personal information: 1) consent; 2) to fulfill contractual obligations; and  3) legitimate interests. We also employ standard contractual clauses approved by the European Commission as needed.

Leap complies with the EU-US Data Privacy Framework (EU-US DPF) and the UK Extension to the EU-US DPF as set forth and overseen by the US Department of Commerce and implemented by the International Trade Administration. Leap has certified to the US Department of Commerce that it adheres to the EU-US DPF Principles with regard to the processing of personal information received from the EU in reliance on the EU-US DPF and from the UK in reliance on the UK Extension to the EU-US DPF. These Principles include notice, access, choice, accountability for onward transfer, data integrity and purpose limitation, recourse, enforcement and liability, and security.

If there is any conflict between the terms in this Privacy Policy and the EU-US DPF Principles and UK Extension, the Principles will govern. To learn more about the EU-US DPF program, and to view our certification, please visit: https://dataprivacyframework.gov/.

Under the EU-US DPF, the US Federal Trade Commission has the power to enforce rules on Leap. In certain situations, Leap might have to share personal information if asked by government authorities, especially for reasons related to national security or law enforcement.

Pursuant to the DPF Program, EU and UK individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the DPF, should direct their query to privacy@leaptx.com. If requested to remove data, we will respond within a reasonable timeframe. 

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@leaptx.com. 

Leap is responsible for the processing of personal information it receives or subsequently transfers to a third party acting as an agent on behalf of Leap, unless Leap proves that it is not responsible for the event giving rise to the damage. Leap complies with the onward transfer liability provisions in the DPF Principles.

In compliance with the DPF Principles, Leap commits to resolve DPF Principles-related complaints about your privacy and our collection or use of your personal information. European Union and United Kingdom individuals with inquiries or complaints regarding our handling of personal data in reliance on the DPF should first contact Leap at privacy@leaptx.com.

Leap solved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by us, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you. 

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See  https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction for more information on this process. 

Right to Lodge Complaints

We are transparent about the ways in which we collect and use personal information and welcome your questions and concerns. If you have any concerns or complaints about the way we handle your personal information, you should first contact us at privacy@leaptx.com or at the address listed below..

To the extent you believe we have not addressed your concerns or otherwise choose to do so, you have the right to lodge a complaint with the following:

For HIPAA in the US:  Office of Civil Rights at the Department of Health and Human Services website:  www.hhs.gov/hipaa

You may also contact the Supervisory Authority in the country in which you reside. For a list of EU data protection Supervisory Authorities, please visit: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

For a list of UK Supervisory Authorities, please visit:  https://ico.org.uk

Alternatively, you can contact Leap’s EU Data Representative at: datarequest@datarep.com (put <Leap Therapeutics Inc> in the subject line) Or you may write to DataRep, 3^rd & 4^th Floor, Altmarkt 10 B/D, Dresden, 01067, Germany.

Contact Us

If you have questions or concerns about this Privacy Policy or how we collect and use the information of our website viewers, or want to contact our Data Protection Officer, you can contact us by emailing us at:

Leap Therapeutics
47 Thorndike St, Suite B1-1
Cambridge, MA, 02141
phone: 617-714-0360
email: privacy@leaptx.com

If we need, or are required, to contact you concerning any event that involves your information, we may do so by email, telephone, or mail