Corcept Therapeutics (“we”, “our”, “us”) are committed to protecting and respecting your privacy. We are a public company established in the United States of America (USA) with a registered office at 149 Commonwealth Drive, Menlo Park, CA 94025, and, for the purpose of the General Data Protection Regulation (the “GDPR”), we are the data controller.
What types of information do we collect and how we use it?
Information you give us. You may provide the following information by contacting us via our Website or email, telephone, or otherwise through the use of our Website:
- Company affiliation;
- Email address;
- Telephone number;
- Physical address; and
- Other information that may be required for you to use the Website.
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our products and organization, we will use your information to:
- Communicate with you;
- Identify our users;
- Administer and provide services for you;
- Enforce our Website terms and conditions;
- If you have opted in to marketing, communicate with you about products, services, promotions, events and other news and information we think will be of interest to you; or
- Provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information).
Additionally, if you are an employment applicant, you may provide us with the following information:
- Information regarding your prior employment;
- Your education;
- Your gender; and
- Your ethnicity.
This includes information provided in resumes, emails, and cover letters we receive electronically.
Technical usage information. When you visit the Website, we collect the information sent to us by your computer, mobile phone, or other access device. This information includes:
- Your IP address;
- Device information including, but not limited to, identifier, name, and type of operating system;
- Internet service provider and mobile network information;
- Date and time of your visit;
- Time spent on our site;
- Standard web information, such as your browser type and the pages you access on our Website; and
- Websites visited just before and just after our Sites (including any third-party websites that link to our Website, if you followed a link to our Website.
We collect this information in order to:
- Personalize our Website to ensure content from the Website is presented in the most effective manner for you and your device;
- Monitor and analyze trends, usage activity in connection with our Website and services to improve the Website;
- Administer the Website and for internal operations, to conduct troubleshooting, data analysis, testing, research, statistical and survey analysis;
- Keep the Website safe and secure; and
- Measure and understand the effectiveness of the content we serve to you and others.
Response to “Do Not Track” signals
Some internet browsers include the ability to transmit “Do Not Track” signals. Since uniform standards for “Do Not Track” signals have not yet been adopted, we do not process or respond to “Do Not Track” signals.
How and where do we store and share your personal data?
The information that we collect from you will be stored/processed in the USA. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy.
We do not sell, rent or lease your personal information to others. We share your information with selected recipients. These categories of recipients include:
- Cloud storage providers located in the USA, and which store your personal data in the USA, to store the personal data you provide and for disaster recovery services, as well as for the performance of any contract we enter with you;
- IT Service providers that provide us with SaaS services, including Salesforce, Microsoft, and Emagine [located in the USA] who we use to store our customer relationship management, emails and website information;
- Provided you have consented, advertisers and advertising networks located in the USA and which store your personal data in the USA that require the data to select and serve relevant adverts to you and others;
- Background reference agencies located in the USA, and which store your personal data in the USA, for the purpose of performing background checks, with your prior consent, as part of our hiring process.
We will share your information with law enforcement agencies, public authorities or other organizations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
- Comply with a legal obligation, process or request;
- Enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
- Detect, prevent or otherwise address security, fraud or technical issues; or
- Protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchange information, with other companies and organizations for the purposes of fraud protection and credit risk reduction).
We will also disclose your information to third parties:
- If we sell any business or assets that requires the transfer of your information; or
- If we, or substantially all our assets, are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.
In the event any of the above situations apply, the buyer of our business or assets will be subject to the terms and conditions of this policy.
The security of your personal data
Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Website or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organizational measures to safeguard your personal data against loss, theft and unauthorized use, access or modification.
We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.
In certain circumstances you have rights in relation to the personal data we hold about you. We set out below an outline of those rights and how to exercise those rights. Please note that we will require you to verify your identify before responding to any requests to exercise your rights. To exercise your rights, please email email@example.com. Please note that for each of the rights below we may have valid legal reasons to refuse your request, in such instances we will let you know if that is the case.
- Access: You have the right to know whether we process personal data about you, and if we do, to access certain data we hold about you and certain information about how we use it and who we share it with.
- Correction: You have the right to require us to correct any personal data held about you that is inaccurate and have incomplete data completed.
- Erasure: You may request that we erase the personal data we hold about you in the following circumstances: where you believe it is no longer necessary for us to hold the personal data, we are processing it on the basis of your consent and you wish to withdraw your consent, we are processing your data on the basis of our legitimate interest and you object to such processing, you no longer wish us to use your data to send you marketing or you believe we are unlawfully processing your data. Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure.
- Objection: You have the right to object to our processing of data about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assesses whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.
Withdrawal of Consent
Where you have provided your consent to us processing your personal data, you can withdraw your consent at any time by sending us an email to firstname.lastname@example.org or through our contact us link.
We do not knowingly collect or solicit personal data from anyone under the age of 18. In the event that we learn that we have collected personal data from a child under age 18, we will delete that information. If you believe that we might have any such information from or about a child under 18, please contact us at email@example.com or through our “contact us” link.
California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal data to third parties for direct marketing purposes. To make such a request, you may contact us by email at firstname.lastname@example.org or through our “contact us” link.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at email@example.com and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to lodge a complaint with the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to:
Corcept Compliance at firstname.lastname@example.org
Make sure to provide the name of the Website applicable to your request, and your name and contact information. If you do not provide us with this information, we may not be able to respond.
You can mail your request to the following postal address:
Last revised on June 12, 2018