Privacy Policy

Effective as of November 19, 2020

This “Privacy Policy” describes the privacy practices of Instil Bio, Inc. and our subsidiaries and affiliates, including but not limited to Instil Bio UK Limited (collectively, “Instil Bio”, “Company”, “we”, “us”, or “our”).  This Privacy Policy describes how we collect, use, disclose and otherwise process personal information, and explains the rights and choices available to individuals with respect to their information. 

Instil Bio may provide additional privacy notices to individuals at the time we collect their data.  For example, we provide a specific privacy notice to clinical trial participants that describe our privacy practices in connection with conducting clinical trials. This type of an “in-time” notice will govern how we may process the information you provide at that time.

Individuals located in the European Economic Area, United Kingdom or Switzerland (collectively, “Europe”) should read the important information provided here and individuals located in California should review the information provided here

Personal Information We Collect

Whose Personal Information We Collect

We collect personal information about the following types of individuals: clinical trial participants, patients, patient family members, caregivers or advocates, physicians and other health care professionals, clinical trial investigators, researchers, pharmacists, and other individuals who interact directly with Instil Bio or its service providers or business partners, including users of websites and mobile applications..

How We Collect Personal Information

We may collect personal information:

  • Directly from individuals;
  • Through our websites and mobile apps;
  • From healthcare professionals;
  • From hospitals and medical clinics;
  • From contract research organizations and clinical trial investigators;
  • From government agencies or public records;
  • From third party service providers, data brokers or business partners;
  • From industry and patient groups and associations; 
  • From social media or other public forums (including adverse event information or product quality complaints); and
  • as otherwise described in this Privacy Policy.

Types of Personal Information We Collect

The types of personal information we collect depends on the nature of the relationship you have with Instil Bio and the requirements of applicable laws. We may collect:

  • Health and medical information (such as medical insurance details, information about physical and mental health conditions and diagnoses, treatments for medical conditions, genetic information, family medical history, and medications an individual may take, including the dosage, timing, and frequency), in connection with managing clinical trials, conducting research, providing patient support programs, managing compassionate use and expanded access programs, and tracking adverse event reports;
  • Personal and business contact information (such as name, job title and employer name, email address, mailing address, phone number, and emergency contact information);
  • Biographical and demographic information (such as date of birth, age, gender, marital status, and information regarding any parents or legal guardians);
  • Professional credentials, educational and professional history, and institutional affiliations;
  • Payment-related information we need to pay for professional services, such as consulting, that individuals may provide to us (such as tax identification number and financial account information);
  • If you are a health care professional, we collect information about the programs and activities in which you have participated, your prescribing of our products and the agreements you have executed with us;
  • Your photograph, social media handle or digital or electronic signature;
  • Publicly available information (such as comments describing support for and experience with Instil Bio products);
  • Automatically collected information (such as log information about you and your computer or mobile device when you access our sites. For example, we may log your computer or mobile device operating system name and version, manufacturer and model, browser type, browser language, screen resolution, the website you visited before browsing to our sites, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our sites); 
  • Other information that we may collect that is not specifically listed here but that we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

We may combine other publicly available information, such as information related to the organization for which you work, with the personal information that you provide to us through our Services.

Changes to your personal information

It is important that the personal information we hold about you is accurate and current.  Please let us know if your personal information changes during your relationship with us by emailing [email protected].

Cookies and Similar Technologies

Disabling cookies

For information about disabling cookies, visit the Online Tracking Opt-Out Guide.

Flash Technology

We may use Flash cookies (which are also known as Flash Local Shared Object (“LSOs”)) on our site to collect and store information about your use of our site. Unlike other cookies, Flash cookies cannot be removed or rejected via your browser settings. If you do not want Flash cookies stored on your computer or mobile device, you may be able to adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the Website Storage Settings Panel. You should refer to the software publisher for instructions on how to complete the above task.  Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our site.

Pixel tags

We may also use pixel tags (which are also known as web beacons and clear GIFs) on our site to track the actions of users on our site. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of the site, so that we can manage our content more effectively.

Do Not Track Signals

Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We do not currently respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

How We Use Your Personal Information

To operate our websites and mobile apps

If you use our websites or mobile apps, we may use your personal information to:

  • Operate, maintain, administer, and improve the websites and mobile apps;
  • Better understand your needs and interests, and personalize your experience with the websites and mobile apps;
  • Provide support and maintenance for our websites and mobile apps;
  • Respond to your service-related requests, questions and feedback; and
  • Analyze and enhance our communications and strategies (including by identifying when emails sent to you have been received and read, as well as your interactions with us including on our websites and mobile applications).

To perform and administer clinical trials, research and product-improvement activities

We may use your personal information to facilitate our clinical trials, research, studies, and related activities that support patients or our product improvement, including to:

  • Staff and manage clinical trials, including by recruiting investigators and participants;
  • Track and respond to safety and product quality concerns (including product recalls);
  • Support public health initiatives, symposia, conferences, and scientific, educational and volunteer events;
  • Facilitate medication adherence programs;
  • Define and manage appropriate patient engagement activities, and patient support programs (including to provide co-pay and other financial assistance where available);
  • Identify and engage thought leaders and external experts;
  • Award scholarships and grants; 
  • Attribute authorship to academic and promotional materials; and
  • Pay for services that healthcare professionals, researchers and other individuals may provide to us.

To provide our products and services

We may use your personal information to provide Instil Bio products and services, including to:

  • Manage access to our products, including where access is limited by law to licensed physicians.

To communicate with you

We may send you Instil Bio-related marketing communications such as if you request information from us or participate in our surveys, promotions or events. You may opt out of such communications by emailing [email protected].

To comply with law

We may use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

To comply with regulatory monitoring and reporting obligations

We may use your personal information as we believe necessary or appropriate to comply with regulatory monitoring and reporting obligations, such as those related to adverse events, product complaints, patient safety, and financial disclosures.

To create anonymous, aggregated, or de-identified data for analytics

We may create anonymous, aggregated, or de-identified data from your personal information and other individuals whose personal information we collect.  We make personal information into anonymous, aggregated, or de-identified data by excluding information that makes the data personally identifiable to you, and use that anonymous data for our lawful business purposes. 

For compliance, fraud prevention and safety

We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our websites, mobile apps, products and services; (b) comply with our reporting and monitoring obligations (such as those related to adverse events, product complaints, patient safety and financial disclosures); (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

How We Share your Personal Information

Affiliates, Partners, and Subsidiaries

We may disclose your personal information to our subsidiaries, corporate affiliates, and/or business partners for purposes consistent with this Privacy Policy.

Service Providers 

We may employ third party companies and individuals to perform services on our behalf, including:

  • Contract research organizations that conduct clinical trials;
  • Data storage and analytics;
  • Customer service (including our medical information line) and patient support providers (including for product quality and adverse event reporting, patient co-pay assistance, medicine intake adherence programs, etc.);
  • Product recall administration;
  • Technology services and support (including email and web hosting providers, marketing and advertising technology providers, email and text communications providers, mobile app developers);
  • Event planning and travel organizations that help facilitate Instil Bio programs; and
  • Payment, shipping and fulfillment service providers.

These third parties may use your information only as directed by Instil Bio and in a manner consistent with this Privacy Policy and are prohibited from using or disclosing your information for any other purpose.

Business Partners and Other Professionals and Organizations

We may disclose your personal information to partners with whom we jointly develop products or services, in connection with the development and promotion of such products or services. We will ask for your consent before disclosing your information with our business partners where required by applicable law. We may also share your personal information with health care professionals, researchers, academics, public health organizations, and publishers for purposes consistent with this Privacy Policy.

Professional Advisors

We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

Compliance with Laws and Law Enforcement; Protection and Safety

We may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our websites, mobile apps, products and services; (d) protect our rights, privacy, safety or property, and/or that of you or others; and (e) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

Business Transfers

We may sell, transfer or otherwise share some or all of its business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy.

Additional Terms

In some situations, we may have a separate agreement or relationship with you with respect to a specific type of processing of your data, such as if you participate in a special program, activity, event, or clinical trial.  These situations will be governed by specific terms, privacy notices, or consent forms that provide additional information about how we will use your information.  We will honor these additional terms with respect to your information and thus, strongly recommend you review the additional terms prior to participating in any programs.

Your Choices

Access, Review, Update Your Information

If you become aware that the personal information we maintain about you is inaccurate, incomplete, misleading, irrelevant or out of date, or if you would like to access or review your information, you may contact us at [email protected].

Marketing communications

You may opt out of marketing-related emails by clicking the “Unsubscribe” link at the bottom of each such email, or by sending an email with the subject line “Unsubscribe” to [email protected]. You may continue to receive service-related and other non-marketing emails.

Testimonials

If you gave us consent to post a testimonial on our sites, but wish to update or delete it, please contact us at [email protected]. We may decline your request in accordance with applicable laws.

Choosing not to share your personal information

Where we are required by law to collect your personal information, or where we need your personal information in order to provide you with our products or services, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our products or services and may need to terminate our relationship with you.  We will tell you what information you must provide to us by designating it as required when we request the information or through other appropriate means.

Security

The security of your personal information is important to us.  We take a number of organizational, technical, and physical measures designed to protect the personal information we collect, both during transmission and once we receive it.  However, no security safeguards are 100% secure and we cannot guarantee the security of your information.

Children

We do not knowingly collect personal information from children under age 16 through our websites or mobile applications. If we learn that we have collected personal information directly from a child under the age of 16 through our websites or mobile applications, we will delete that information as soon as practicable.

Job Applicants

When you visit the careers portion of our website, we collect the information that you provide to us in connection with your job application. This includes business and personal contact information, professional credentials and skills, educational and work history, and other information of the type that may be included in a resume. This may also include diversity information that you voluntarily provide. We use this information to facilitate our recruitment activities and process employment applications, such as by evaluating a job candidate for an employment activity, and monitoring recruitment statistics. We may also use this information to operate our websites, to communicate with you, to comply with law, and as otherwise necessary for compliance, fraud prevention, and safety purposes.

International Data Transfers

Instil Bio is headquartered in the United States and may have affiliates and service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.

Individuals in the Europe should read the important information provided here about transfer of personal information outside of Europe.

Other Sites and Services

For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by us. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make material changes to this Privacy Policy you will be notified via email (if we have your email address), as required by applicable law, or another manner that we believe reasonably likely to reach you (which may include posting a new privacy policy on our websites, or a specific announcement on this page).

Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the changes (or as otherwise indicated at the time of posting). In all cases, your continued use of our websites, mobile apps, products and services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

Contact Us

If you have any questions or concerns about our Privacy Policy, please contact us at:

Attn:  Privacy Office
Instil Bio, Inc
5949 Sherry Lane, Suite 820
Dallas, TX 75225

[email protected]

Additional Information for Individuals Who are in Europe

Personal information

References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller and EU Data Representative

Instil Bio is the controller of your personal information for purposes of European data protection legislation.  See the Contact Us section above for contact details. Instil Bio’s EU representative is DPO Centre and can be reached at [email protected].

Legal basis for processing

Our legal basis for processing the personal information described in this Privacy Policy are described below.  If you have questions about the legal basis of how we process your personal information, contact us at [email protected].

Processing purpose Legal basis
– To provide our products and servicesWhere we have a contract governing this processing purpose, the processing is necessary to perform that contract, or necessary to take steps that you have requested prior to entering into the contract. In other cases, these processing activities are necessary to protect your, or another person’s, vital interests.
– To operate our websites and mobile apps
– To communicate with you
To create anonymous, aggregated, or de-identified data for analytics
For compliance, fraud prevention and safety
– To perform and administer clinical trials, research and product-improvement activities
These processing activities constitute our legitimate interests.  We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
– To comply with regulatory monitoring and reporting obligations
– To comply with law
Processing is necessary to comply with our legal obligations
With your consentProcessing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime in the manner indicated when we requested the consent or by contacting us at [email protected].

Use for new purposes

We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it.  If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Retention

We will retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

Your rights

European data protection laws may give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal information.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information.

You can submit these requests by email to [email protected] or our postal address provided above.  We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request.  If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction.  You can find your data protection regulator here.

Cross-Border Data Transfer

Whenever we transfer your personal information out of Europe to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with the data protection laws, such as the specific contracts approved by the European Commission as providing adequate protection of personal information. 

Please contact us at [email protected] for further information on the specific mechanism used by us when transferring your personal information out of Europe.

Notice to California Residents

We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide to California residents an explanation of how we collect, use and share their personal Information, and of the rights and choices we offer California residents regarding our handling of the personal information.

Our website is directed to healthcare providers (in their business capacity) who want to learn more about our research and technologies, individuals who are interested in (or who are already) participating in our clinical trials (including as investigators and study staff), current and potential investors in Instil Bio, and candidates who wish to apply for a job with Instil Bio.

The CCPA does not apply to the information we collect in connection with clinical trials, to any health or medical information we collect that is otherwise governed by California’s Confidentiality of Medical Information Act or the Health Insurance Portability and Accountability Act of 1996, or to information related to our business contacts (including healthcare providers).

We do not sell personal information.  As we explain in this Privacy Policy, we use cookies and other tracking technologies to analyze website traffic and facilitate advertising. If you would like to learn how you may opt out of our (and our third party advertising partners’) use of cookies and other tracking technologies, please review the instructions provided in the Online Tracking Opt-out Guide below.

California Residents’ Privacy Rights

The CCPA grants individuals whose information is governed by the CCPA the following rights.  We extend these rights only to individual investors who provide information on our website.

  • Information. You can request information about how we have collected, used and shared and used your Personal Information during the past 12 months. We have made this information available to California residents without having to request it by including it within this Privacy Policy.
  • Access. You can request a copy of the personal information that we maintain about you.
  • Deletion. You can ask us to delete the personal information that we collected or maintain about you.

Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request.  If we deny your request, we will communicate our decision to you.

You are entitled to exercise the rights described above free from discrimination.

How to Submit a Request

If you are an investor and you would like to exercise your privacy rights:

Identity verification. The CCPA requires us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request.

Authorized agents.  Investors who are California residents can empower an “authorized agent” to submit requests on their behalf.  We will require the authorized agent to have a written authorization confirming that authority.

California Shine the Law. Under California Civil Code section 1798.83, California residents are entitled to ask us for a notice identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to us via email to [email protected] or 5949 Sherry Lane, Suite 820 Dallas, TX 75225. You must put the statement “Your California Privacy Rights” in your request and include your name, street address, city, state, and ZIP code. We are not responsible for notices that are not labeled or sent properly, or do not have complete information.

Online Tracking Opt-Out Guide

Like many companies online, we use services provided by Google and other companies that use tracking technology. Your choices for opting out of these companies’ use of your personal information for interest-based advertising include:

  • Blocking cookies in your browser.  Most browsers let you remove or reject cookies, including cookies used for interest-based advertising.  To do this, follow the instructions in your browser settings.  Many browsers accept cookies by default until you change your settings.  For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
  • Blocking advertising ID use in your mobile settings.  Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
  • Using privacy plug-ins or browsers.  You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy BadgerGhostery or uBlock Origin, and configuring them to block third party cookies/trackers.
  • Platform opt-outs.  The following advertising partners offer opt-out features that let you opt-out of use of your information for interest-based advertising:
  • Advertising industry opt-out tools.  You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:

Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt-out on every browser and device that you use.