U.S./UK/Europe Privacy Notice

Last Revised: May 27, 2023

Effective Date: May 30, 2025

We, Rezolute Inc. (“Rezolute”),  are committed to protecting the privacy and security of personal information and to transparency about how we use personal information (also known as personal data). This Privacy Notice sets forth our policies and practices for collecting and using personal information in regard to our various websites (“Service” or “Services”) and internal system for Customer Relationship Management (“CRM”).

 This notice does not address our use of personal information outside the context of these Services. Individuals, such as our employees and contractors, that interact with us outside the context of the Services and CRM receive separate privacy notices that address our use of personal information in the context of those relationships with us and are welcome to contact us to receive a new copy of or link to the applicable privacy notice.

Recruitment for clinical trials

We partner with a third party, CiteLine, that runs recruitment campaigns for clinical trials. If you express interest in participating in any of our clinical trials, we will provide you a link to CiteLine’s services so that CiteLine can determine whether you would be a candidate for a trial, and, if so, help connect you directly to a clinician or healthcare practice involved in the trial. CiteLine does not share nor does Rezolute has access to any personal information they collect from you. If you access CiteLine’s services, we encourage you to review their privacy policy, which is available at https://pharmaintelligence.informa.com/privacy-policy-new or via a link through CiteLine’s services.

Customer Relationship Management System (CRM)

Rezolute maintains a Customer Relationship Management (“CRM”) database to manage interactions with healthcare professionals. We partner with a third party, Veeva Systems Inc., who provides a database from which Rezolute could select potential contacts/matches/insight regarding data subjects (eg. Heath Care Professionals (HCPs)).

The database includes only publicly available professional information such as name, field of expertise, address, telephone, email address, job title, scientific achievements, job description, educational background, publicly available photos, hyperlinks to professional networking sites (e.g. LinkedIn), event contribution, participation in clinical trials, authorship of publications, active membership in associations related to  professional activity, publicly disclosed collaborations between the data subject and life sciences companies, public professional content in social media (including tweets, YouTube or other public audio/video content) public news content, if existing and related to the data subject’s professional focus.

Within the context of the CRM, Rezolute is responsible for the compliant processing of personal data only for the HCPs selected profiles consulted and not the entire database. If you wish to know more about the processing carried out by the owner of the database, please consult Veeva Privacy Notice: https://www.veeva.com/privacy

Within the context of our Services, this notice explains how we (Rezolute) process including how we collect, use and disclose personal information (‘use’). It also discusses how you can control certain uses of personal information. We will update this notice from time-to-time, or as our privacy practices change, to ensure it accurately describes how we use your information. When we do so, we will update the dates above. We recommend that you review this notice from time-to-time for the latest information.

If you have any questions regarding this notice or our use of your information, please contact us using one of the methods detailed below.

1.       How we use and share personal information

We use and share personal information as described in the following table and the text that follows it. 

Please note that our Services do not presently take any action in response to the “do not track” signal or other universal opt-out mechanisms.

2.       Additional personal information disclosure and sharing

In addition to the sharing with the third parties described in the table above, for certain uses we may also share your information with:  

  • Service providers. We share your personal information with third parties that provide services to us. (These third parties are often referred to in privacy laws as processors.) We engage these kinds of third parties with contracts that require them to use your personal information only for the purpose of delivering the services for which we have engaged the third-party and as required by law. These kinds of third parties provide business, professional, administrative, or technical support functions for us, such as payment processing, billing, data storage, legal counsel, quality assurance, and marketing.
  • Legal compliance recipients. We disclose personal information to the courts, the government, law enforcement agencies, litigants, and similar recipients when required by law, when needed to protect us from legal claims, or when relevant to our own legal claims.
  • Successors. We may disclose personal information associated with a part of our business to a buyer, potential buyer, or other successor to our business.

These parties are all subject to a duty of confidentiality under contract or their privacy policies. We also may disclose personal information with third parties with your consent or at your direction.

3.       International Data Transfers

The data that Rezolute collects from you may be transferred to, operated or stored at, a destination outside of your place of residence. Whenever we transfer your personal data out of your place of residence, we ensure that appropriate safeguards in accordance with the law are implemented notably through contracts (being the main reference the EU Commission standard contractual clauses “SCCs”) and other safeguards to ensure the security of such transfer, unless the recipient is subject to regulations that already ensure and adequate level of data protection in accordance with the competent authority’s decision. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of your place of residence.

Personal information security and retention

We use reasonable administrative, technical, and physical safeguards to protect personal information in our possession.. We are committed to ensuring a high level of data protection. We have put in place appropriate technical and organizational measures in order to prevent unauthorized access and to ensure a sufficiently high level of security in relation to the inherent risk involved in data processing, to meet regulatory demands and to protect your rights and your data from the moment it is collected.

We retain personal information only for as long as there is a legitimate business or legal need to retain the information for the purposes set forth in the table in section 1, above. What we consider necessary varies with the context and purpose of processing. We generally consider the following factors when we determine how long to retain data (without limitation):

  • IT systems design considerations/limitations
  • Retention periods established under applicable law
  • Industry best practices
  • Potential legitimate interest in further processing the information when allowed by the law.

4.       Children’s privacy

We are very concerned about the safety of children using the Internet. Our services are not directed to children, and we do not knowingly collect any personal information from those under the age of 16.

If we discover (or are informed) that we have collected personal information from a visitor under the age of 16, we will promptly delete such information.

5.       Processing in the United States

If you use our Services, we will process your personal information in the United States. Where required by law, we ensure your data remains protected in connection with any international transfers.

6.       Your California Privacy Rights

California’s “Shine the Light” law, Cal. Civ. Code § 1798.83, entitles California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not engage any such disclosures. Any inquiries regarding personal information sharing with third parties may be directed to us at the contact information set forth below.

7.       Your Privacy Rights

You may have certain rights regarding your personal information under the law. To exercise your rights, please submit a request by contacting us through any of the means outlined below.

Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. Depending on the nature of your request, we may need to request information to verify your identity for your protection. We will verify that any requests from persons other than you have your legal authorization. You may also make a request on behalf of your child.

To enable us to deal with your request in the best possible way, we would ask you to provide at least the following information:

  • Sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Depending on the jurisdiction in which you live, you may have the right to appeal any decision we make in response to your request to exercise any of your other rights. You may make such an appeal by contacting us using any of the methods set forth below. In your contact, please tell us why you believe we erred in responding to your request. We will respond to your appeal in accord with the timelines set forth in applicable law.

In regard to the Customer Relationship Management System (CRM), HCPs or HCO’s employees can exercise their data protection rights including, to access, rectify, restrict,  erase, object and portability of their data in Rezolute’s CRM. Additionally, you can also object to the initial communication by replying with your request to the e-mail sent by Rezolute. There are no automated decisions related to the use of this platform.

8.       Additional Information Regarding the Data Protection Laws of the European Union/European Economic Area, United Kingdom, and Switzerland

Under applicable data protection laws, you may have right to make certain requests with regard to your personal information. Applicable law may provide exceptions and limitations to all rights. To exercise any of these rights, please contact us using the information in section 9, below.

  • Access. You can request the confirmation about the processing of your information by us and inquire details of the extent of it.
  • Rectification. You may request that we correct any personal information that you believe is inaccurate.
  • Deletion. You may request that we delete your personal information. We may delete your data entirely, or we may anonymize your information such that it no longer reasonably identifies you.
  • Restriction. You may request that we restrict the processing of personal information under certain circumstances. For example, you may make this request if you withdraw consent you gave us previously and we need to keep the data for defense on legal claims, or where you object to our use of your personal information for particular legitimate business interests.
  • Objection. You may have the right under applicable law to object to any processing of personal information based on our legitimate interests. We will assess if our interests in processing are appropriately balanced against your individuals’ privacy interests. In addition to the general objection right, you may have the right to object to processing:
    • for profiling purposes;
    • for direct marketing purposes (we will cease processing upon your objection); and
    • involving automated decision making with legal or similarly significant effects (if any).
  • Portability/Data Export. You may have a right to access the personal information we process and to request it in a common portable format of our choice.

Please, note that these rights are not absolute, and conditions, exceptions or restrictions apply. For that reason, you also have the right to request more information about them and enforce them at any time by contacting us

Finally, you have the right to file a complaint with regulators about our processing of personal information. To do so, please contact your local data protection or consumer protection authority. We would, however, appreciate the chance to deal with your concerns before you approach a data protection authority so please contact us in the first instance.

You may refer to the table in section 1, above, for more information about the lawful bases for our processing of personal information.

9.       Contacting Us

With respect to the personal information described in the table in section 1, above, we are considered the controller for purposes of data protection laws because we determine the purposes and means of processing. To contact us to exercise your rights or for other inquiries, you can reach us using any of the following methods:

  • Visit https://rezolutebio.com/contact-us/
  • E-mail us at info@rezolutebio.com, or
  • Contact us via postal mail at Rezolute, Inc., Attn: Privacy, 275 Shoreline Drive, Suite 500, Redwood City CA, 94065.
    DPO: Rezolute is engaged in business activities, aside from its website, that fall under the scope of GDPR/UK GDPR/ FADP, etc. The organization has appointed a Data Protection Officer/ Privacy Officer (DPO), who can be contacted at: Rezolute.dpo@mydata-trust.info

Stay Connected

Email Alerts Contacts RSS News Feed
MENU