Last Updated on May 24, 2022
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), please consult the EEA/UK GDPR supplemental notice below.
Personal Data We Collect
Information you provide to us: Personal data you may provide to us through the Site or otherwise includes:
- Contact data, such as your first and last name, salutation, email address, professional title and company name, and phone number.
- Demographic information, such as your city, state, country of residence, postal code, and age.
- Communications that we exchange with you, including when you contact us through the Site, social media, or otherwise.
- Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
Automatic data collection:
How We Use Your Personal Data
We may use your personal data for the following purposes or as otherwise described at the time we collect it:
- Service delivery. We may use your personal data:
- to communicate with you about the Site, including by responding to your requests and/or queries about our company and our business activities, and sending announcements, updates, security alerts, and support and administrative messages;
- to provide you with information and content you have requested, including to provide you access to webcasts, event recordings, newsletters, etc.;
- to communicate with you about events in which you participate;
- to ensure access to and maintenance of our Site and to ensure its proper functioning; and
- to provide, operate, and improve our Site and our business, and to customize your browsing experience.
- Research and development. We may use your personal data for research and development purposes, including to analyze and improve the service and our business.
- Marketing. We and our service providers may collect and use your personal data for marketing purposes. We may send you direct marketing communications. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
- Compliance and protection. We may use your personal data to:
- comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
- protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
- audit our internal processes for compliance with legal and contractual requirements or our internal policies;
- enforce the terms and conditions that govern the service; and
- prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft
- With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal data, such as when required by law.
- To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal data and other individuals whose personal data we collect. We make personal data into anonymous, aggregated or de-identified data by removing information that makes the data identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the service and promote our business.
How We Share Your Personal Data
- Affiliates: We may share your personal data with our subsidiaries and affiliates.
- Business partners and services providers: We may transfer your personal data to our business partners and service providers as necessary for them to provide services to us in connection with our fulfilment of the purpose set out above. For example, we may rely on service providers to host and maintain our Site, perform backup and storage services, and transmit communications.
- Authorities and others: Where permitted or required by applicable law, we may also need to transfer your personal data to government agencies, regulators (e.g., tax authorities, courts, and government authorities), and private parties as we believe in good faith to be necessary to comply with our legal obligations.
- Professional Advisors: Where permitted or required by applicable law, we may also need to transfer your personal data to external professional advisors as necessary to defend our legal interests.
- Organizations Involved in Business Transfers: In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, will be transferred to the surviving entity in a merger or the acquiring entity.
In this section, we describe the rights and choices available to all users. If you are located in the UK or the EEA, you can find additional information about your rights in the EEA/UK supplemental notice below.
Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.
Cookies. For information about cookies employed by the Site and how to control them, see our Cookie Notice.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Declining to provide information. We need to collect personal data to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.
Cross-Border Data Transfer
We are headquartered in Canada and may use service providers that operate in other countries. The level of legal protection for personal data is not the same in all countries and may differ from the one in which you reside.
If you are located in the UK or the EEA, you should read the information provided in the EEA/UK supplemental notice below about the transfer of personal data outside of the EEA and UK, as applicable.
Retaining Personal Data
Repare will retain personal data only as long as necessary to fulfill the purpose for which such data was collected or as necessary for compliance with a legal obligation to which Repare is subject, or in order to protect your vital interests or the vital interests of another natural person.
If you are located in the EEA or the UK, you can find additional information about our retention policy below.
Securing Personal Data
While we employ a number of technical, organizational and physical safeguards designed to protect the personal data we collect, security risks are inherent in all internet and information technologies, and the transmission of personal data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted through the Site, and we do not guarantee that your personal data will be secure from accidental loss, unauthorized access, improper use or disclosure.
We are committed to protecting the privacy of children. We do not knowingly collect personal data from children under age 13 through our Site. If we learn that an individual under the age of 13 has volunteered personal or health-related personal data on the Site, or if you become aware that your child has provided us with personal data without your consent, please contact us at the contact data listed below in How to Contact Us and such personal data will be deleted.
How to Contact Us
Repare Therapeutics Inc.
7210 Frederic-Banting, Suite 100
Saint-Laurent, Quebec, H4S 2A1
Repare Therapeutics USA Inc.
1 Broadway, 15th Floor
Cambridge, MA 02142
Email: [email protected]
Changes to This Policy
Other Sites and Services
EEA/UK GDPR Supplemental Notice
If you are located in the EEU or UK and access our Site, this EEA/UK GDPR supplemental notice applies to you.
Controller. Repare Therapeutics Inc., 7210 Frederic-Banting, Suite 100, Saint-Laurent, Quebec, H4S 2A1, is the controller of your personal data.
EU representative. MyData-TRUST SA
Boulevard Initialis 7/3, 7000 Mons (Belgium)
Phone number: +32 (0) 65 55 41 20
Email: [email protected]
UK representative. MyData-TRUST SA
Boulevard Initialis 7/3, 7000 Mons (Belgium)
Phone number: +32 (0) 65 55 41 20
Email: [email protected]
|Purposes of processing||Legal basis|
|Service delivery: We may use your personal data to manage our relationship with you, including responding to your request and/or inquiries; providing you access to content or information you requested.||
|Research and development: We may use your personal information for research and development purposes, including to analyze and improve the service and our business.||
|Marketing and advertising: We and our third party advertising partners may collect and use your personal data for marketing and advertising purposes.||
Compliance and protection. We may use your personal data to:
|Actions we take with your consent, such as to understand what may be of interest to you, deliver relevant Site content to you, to measure or understand the effectiveness of the content we serve to you, and to use data analytics to improve our Site||
|Create anonymous, aggregated or de-identified data: We may create anonymous, aggregated or de-identified data from your personal data and other individuals whose personal data we collect. We make personal data into anonymous, aggregated or de-identified data by removing information that makes the data identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the service and promote our business||
Retention. We apply a general rule of keeping personal data only for so long as is required to fulfil the purpose for which it was collected. However, in some circumstances, we will retain your personal data for longer periods of time. We will retain personal data for the following purposes: (i) as long as it is necessary and relevant for our operations and to provide our services on our Site, e.g. so that we have an accurate record of your dealings with us in the event of any complaints or challenge; and (ii) to comply with applicable laws, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, and take other actions as permitted by law. When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
Your rights. You have the following rights in relation to the personal data we hold about you:
- Right of access: You can ask us to provide you with information about our processing of your personal data and give You access to your personal data;
- Right to rectification: If the personal data we hold about you is inaccurate or incomplete, You are entitled to request to have it rectified;
- Right to erasure: You can ask us to delete or remove personal data where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons that will be notified to you, if applicable, at the time of your request;
- Right to restrict processing: You can ask us to suspend the processing of your personal data if, (i) you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Right to object: Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
- Right to data portability: You have the right, in certain circumstances, to ask us to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Right to withdraw consent at any time: where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal data or where certain exemptions apply.
To exercise any of these rights, please contact us using the contact details provided above.
Although we urge you to contact us first to find a solution for every concern you may have, you always have the right to lodge a complaint with your competent data protection authority.
Cross-Border Data Transfer. We may transfer your personal data outside of the EEA and/or UK. Some of these recipients are located in countries in respect of which either the European Commission and/or UK Government (as and where applicable) has issued adequacy decisions, in which case, the recipient’s country is recognized as providing an adequate level of data protection under UK and/or European data protection laws (as applicable) and the transfer is therefore permitted under Article 45 of the GDPR.
Some recipients of your personal data may be located in countries outside the EEA and/or the UK for which the European Commission or UK Government (as and where applicable) has not issued adequacy decisions in respect of the level of data protection in such countries (“Restricted Countries”). For example, the United States is a Restricted Country. Where we transfer your personal data to a recipient in a Restricted Country, we will either:
- enter into appropriate data transfer agreements based on so-called Standard Contractual Clauses approved from time-to-time under GDPR Art. 46 by the European Commission, the UK Information Commissioner’s Office or UK Government (as and where applicable); or
- rely on other appropriate means permitted by the EU/UK GDPR, which establish that such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal data when this is transferred as mentioned above.