Last updated December 15, 2022

Introduction

Revolution Medicines, Inc. (collectively “we”, “us” and “our”) takes the privacy and security of your personal information seriously. This Privacy and Cookies Policy (“Policy”) applies to our collection and use of personal information through our websites that link to this Policy, including www.revmed.com and ir.revmed.com (collectively, the “Site” or “Sites”). This Policy does not apply to personal information that we collect offline or to information we may collect through our clinical trials, which are governed by separate policies, term and/or agreements.

Information We May Collect About You

Personal Information

We may collect and process personal information you provide us, such as name, email, country of residence or postal code and professional credentials when you:

  • Register to use our Sites;

  • Complete an online form (e.g., to obtain email updates or ask us to send you information, apply for a job, submit a grant request, or participate in a survey);

  • Participate in discussion boards or other social media functions that may be connected with our Sites; or

  • Provide information to use offline regarding our business-related interactions with you (e.g., information you provide us at an industry event)

We may supplement or combine information we collect online with personal information about you from other resources, which could include commercially available sources, such as public databases and data aggregators to the extent permitted by applicable data protection laws.

Occasionally, we may obtain sensitive personal information about you, for example, if you voluntarily provide information about your health, ethnicity or race as part of a request for information. By providing us with your sensitive personal information, you consent to us processing that information for the purposes set out in this Policy or any collection notice provided to you.

Technical Information

We may collect information about your browser and/or device that you use to access our Sites. Device information may or may not be personally identifiable depending upon whether it is linked to the identity of the user.

We may also automatically log information, such as your IP address, domain name, browser type, date and time of access, and other log file data. This information may be used to analyze trends and help us with administration of our Sites. We may collect statistical or non-personally-identifiable information about you including, for example, which pages you visit, how long you remain on a particular page, the website from which you came to our Site, or similar information.

We also may collect aggregate information such as the total number of unique or return visitors to our Sites, or visiting a section of the Site within a given timeframe. We may also use this information to measure the use of our Sites to improve our content.

Cookies and Other Similar Automated Technologies

Cookies are small text files which are sent to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies act as a memory for website, allowing that website to remember your device on your return visits. Cookies can also remember your preferences, improve the user experience, as well as tailor the advertisements you see to those most relevant to you.

We may utilize “cookies” and other similar technologies on our Sites. We may use first and/or third party “browser” or “HTTP” cookies, which are unique text files that may be used for data analysis and enable our Site to tailer information for the visitor. We may use browser cookies for to personalize the user’s experience on our site, to remember a user when the user registers for products or services, for fraud prevention, or to track visits to our Sites. We also may use “web beacons” (also referred to as pixel tabs, clear gifs or other terms) or similar technologies to collect information such as how long a visitor remains on a particular page.

If you do not want us to deploy browser cookies to your device when you visit our Sites, you may set the browser to reject cookies, or notify the user when a web site tries to place cookies in the browser program (see below), or disable cookie placement in the cookie selection module in your Internet browser window. Rejecting cookies may affect your ability to use some features offered on our Sites.

Our service providers may also collect information about visitors to our Sites over time and/or across different websites when the visitor uses our Sites. This information often is aggregate data or individual information that is tied to a browser or device rather than specific identifiers such as the visitor’s name and address, but some of this information might be considered personally identifiable under some laws.

Some Internet browsers offer what often is referred to as “do not track” mechanisms for browser users to automatically signal privacy preferences to websites that they visit. Our site does not currently respond to do-not-track-signals. However, you may exercise other choices available to you, including limiting the placement of browser cookies on your device using your browser cookies control features and other choices described in this Notice.

 

How We Use the Personal Information You Provide to Us

Subject to applicable data protection laws, we may use your personal information for the following purposes:

  • To provide you with the services and information offered through our Sites;

  • To process your requests and respond to your inquiries;

  • Register you for any services you have signed up for;

  • For business administration, including statistical analysis and as may be required to perform our obligations under a contractual relationship with you;

  • To personalize your visit to our Sites and to assist you while you use our Sites;

  • To improve our Sites by helping us understand who uses our Sites;

  • To contact you about content, programs, products and services which we believe may interest you (if you decide you no longer wish to receive such messages you can either use the opt-out mechanism in the communication or contact us using the contact information below);

  • To provide you with medical and disease information we believe may interest you; and

  • For fraud prevention and detection and to comply with applicable laws, regulations or codes of practice, and in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

California Privacy Rights

California’s “Shine the Light” law permits California residents to annually request and obtain information free of charge about what personal information is disclosed to third parties for third-party direct marketing purposes in the preceding calendar year. We do not distribute your personal information to third parties for third-party direct marketing purposes, except as provided for in this Policy.

Disclosures of Personal Information

We may disclose information with your consent or as otherwise necessary or appropriate to process a transaction that you may request and carryout our relationship with you.

We may disclose information that we collect through our Sites with agents, affiliated businesses, and service providers providing services on our behalf.

In the event that our company or some of our assets are sold or transferred or used as security or to the extent we engage in business negotiations with our business partners, the information collected through our Sites may be transferred or shared with third parties as part of that transaction or negotiation.

We may also disclose Personal Information to comply with our legal or regulatory obligations, in response to a request for information made by a government agency, or as part of an investigation of unlawful activity.

Data Security 

The security of your personal information is important to us. We take reasonable steps, including technical, administrative and physical safeguards, designed to protect the personal information submitted to us from loss, misuse and unauthorized access, disclosure, alteration and destruction. We will ask any agents and service providers to whom we may transfer your information take comparable steps to protect that security. However, no method of security or method of transmission over the Internet is entirely secure. You should always use caution when transmitting personal information over the Internet.

Data Retention

We may retain and process your Personal Data for as long as you continue to access or use any Site and, in general, for the period necessary to achieve the purposes set out above. Where permitted by applicable laws, we will retain your Personal Data to comply with our legal obligations, resolve legal disputes and enforce our agreements.

Access and Correction

With your support, we will keep your personal information accurate and up to date. If we process your personal information, then you may have a right under data privacy laws to remove, amend, opt out of sharing, limit the use and disclosure of, or correct your personal information at any time, subject to certain exceptions permitted by law. You may also contact us to opt-out from any program or other service for which you may have registered via our Sites. If you would like to access, correct opt out of sharing, limit the use and disclosure of, or delete the personal information we hold about you, please contact us as described below.

External links

The Site may, from time to time, contain links to external sites operated by third parties. We are not responsible for these third-party sites or the content of such third-party sites. Once you have left the Site, we cannot be responsible for the protection and privacy of any information which you provide.

Minors

This Site is not directed towards children under 16 years of age nor do we knowingly collect information from children under 16. If you are under 16, please do not use the Site or submit any personal information to us. If you believe that we have unintentionally collected personal information about your child, you can contact us by mail or email as described below.

International Data Transfers

Your personal information may be transferred to countries located outside your country or region, including to countries that may not provide a similar or adequate level of protection to that provided by your country or region. For example, if you reside in the European Economic Area (“EEA”), we may transfer your personal information to the United States or other countries outside of the EEA. By using the Site or otherwise providing personal information to us, you hereby expressly consent to the transfer of your personal information outside your country or region.

Additional Information for Individuals in the European Economic Area (EEA) and the United Kingdom (UK)

In addition to the disclosures made elsewhere in this Policy with respect to our privacy practices, our legal basis for processing personal information we collect in the European Economic Area or the United Kingdom can vary depending on the manner in which you use our Site or otherwise engage with us. Our legal basis for processing information about you that we collect through our website is our legitimate interest as a data controller to administer our website.  In cases where you are asked to provide your consent, you can withdraw your consent at any time, although this will not affect the lawfulness of our processing prior to your withdrawal of consent.  In the case of processing involving passive data collection and other processing for the administration of our Sites, such processing is undertaken pursuant to our legitimate interests as a data controller, including the operation of our Sites. We may process personal information where necessary for our compliance with a legal obligation to which we are subject. We also reserve the right to process personal information in the event we believe doing so is necessary to protect the rights of the data subject or another person.

You have rights to data access, rectification, erasure, to restrict or object to processing, and data portability as required by law.  You also have the right to file a complaint with your data protection authority if you have concern about the manner in which we are processing your personal information.

If you are in the EEA or UK and have any questions about our privacy practices, please contact us using the contact information below or you may contact our respective Data Protection Representatives:

Revolution Medicines, Inc’s EU Data Protection Representative
Attn: Enno Behrendt
Address: Guidehouse Germany GmbH, Albrechtstrasse 10c, 10117 Berlin, Germany    
Email: eudpr@revmed.com

Revolution Medicines, Inc.’s UK Data Protection Representative
Attn: Thomas K. Hauser
Address: Guidehouse Europe Limited, 1 Angel Court, London EC2R 7HJ, United Kingdom
Email: ukdpr@revmed.com

Policy Changes

We may update this Policy from time to time without prior notice. Any changes to our Policy will become effective upon posting of the updated Policy on our Site. If we change this Policy, we will revise the “last updated’ date at the top thereof. We encourage you to bookmark our internet sites and to periodically review them to ensure familiarity with the most current version of our Policy.

Contact Us

If you have any questions, comments or suggestions about this Policy or our privacy practices, please contact us at privacy@revmed.com. Alternately, letters may be sent to the following address: Revolution Medicines, Inc., Attn: General Counsel, 700 Saginaw Drive, Redwood City, CA 94063.