Madrigal Pharmaceuticals, Inc. Privacy Policy for California Residents

Effective Date: January 14, 2022

This Privacy Policy for California Residents supplements the information contained in the Madrigal Pharmaceuticals, Inc. (“Madrigal” or We” or “Us” or “Our”) Privacy Policy and applies solely to visitors, users, and others with respect to Our website at www.madrigalpharma.com (Our “Website”), who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this supplement.

This supplement describes the types of information We collect from you or that you may provide when you visit the Website and Our practices for using, maintaining, protecting, and disclosing that information in compliance with the CCPA. Please read this supplement carefully. By accessing the Website, you consent to your Personal Information (as defined in the CCPA) being used in the manner described herein.

Information We Collect

The Website collects information that falls within the scope of CCPA because it identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“Personal Information”). Personal Information as described in this statement does not include any information not included within the scope of CCPA.

The categories of Personal Information We have collected from consumers within the last twelve (12) months include: Identifiers including names, email addresses, employment information, online identifiers, I.P. addresses, postal addresses, or other similar identifiers; internet or other similar network activity including browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement; and/or Geolocation data.

We obtain these categories of Personal Information listed above directly or indirectly from you in the manner described in the Privacy Policy.

Use of Personal Information

We use the Personal Information We collect in the ways described in the Privacy Policy.

We will not collect additional categories of Personal Information or use the Personal Information We have collected for materially different, unrelated, or incompatible purposes without first providing you notice.

Sharing Personal Information

We do not sell your Personal Information. We do, however, disclose your Personal Information or certain components thereof, to certain third parties we work with to support our business and who are bound by contractual and/or other obligations to keep confidential and use Personal Information only for the purposes for which we disclose it to them, such as to store or host Website content, or to optimize the content, design and function of the Website.

Additionally, We may share your Personal Information by disclosing it to a third party for a business purpose as detailed in the chart below. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the Personal Information confidential, and prohibit using the disclosed information for any purpose except performing the contract.

 

Personal Information Category Category of Third-Party Recipients
Business Purpose Disclosures Sales
Identifiers (including names, email addresses, online identifiers, I.P. addresses, postal addresses, or other similar identifiers)
  • IT Service Providers
  • Analytics Providers
  • Data Storage Providers
  • Technology Partners
None
California Customer Records personal information categories (including credit card numbers, debit card numbers, or other financial information) None None
Protected classification characteristics under California or Federal law (including age, race, color, ancestry, national origin, or citizenship) None, except gender, by inference arising from the use of a title (e.g. Mr. or Mrs.) or first name (e.g. Joseph or Alice) when voluntarily provided by a Website visitor.

  • IT Service Providers
  • Analytics Providers
  • Data Storage Providers
  • Technology Partners
 

None

Commercial information (including purchasing or consuming histories) None None
Internet or other similar network activity (including browsing history, search history, information on a consumer’s interaction with a website
  • IT Service Providers
  • Analytics Providers
  • Data Storage Providers
  • Technology Partners
None
Geolocation data
  • IT Service Providers
  • Analytics Providers
  • Data Storage Providers
  • Technology Partners
None
Professional or employment related information
  • IT Service Providers
  • Analytics Providers
  • Data Storage Providers
  • Technology Partners
None

 

Your Rights and Choices

The CCPA provides California residents with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

Right to Know and Data Portability

You have the right to request that We disclose certain information to you about Our collection and use of your Personal Information over the past 12 months. Once We receive your request, confirm your identity, and confirm that We have collected your Personal Information, We will disclose to you the categories of Personal Information We have collected about you, the sources for the Personal Information We have collected about you, our business or commercial purpose for collecting that Personal Information, and the categories of third parties with whom We share that Personal Information, if any.

Also, if We disclosed your Personal Information for a business purpose, We will provide a list identifying the Personal Information categories that each category of recipient obtained and the specific pieces of Personal Information We collected about you (also called a data portability request).

Right to Delete

You have the right to request that We delete any of your Personal Information that We collected from you and retained, subject to certain exceptions. Once We receive your request and confirm your identity, We will review your request to see if an exception allowing us to retain the information applies. If such an exception applies, We may deny your deletion request.

We will delete or deidentify Personal Information not subject to an exception from our records and will direct our service providers to take similar action.

Exercising Your Rights to Know or Delete

To exercise your rights to know or delete described above, please submit a request by either:

Emailing us at privacy@madrigal.com or call at 888-210-2064. Please include the words “CCPA Data Right Request” in the subject line of your email.

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your Personal Information. You may also make a request to know or delete on behalf of your child.

You may only submit a request to know twice within a 12-month period. Please describe your request with enough detail to allow Us to properly, understand, evaluate and respond to it. Your request to know or delete must provide sufficient information that allows Us to reasonably verify you are the person about whom We have collected Personal Information or an authorized representative, which must include your first and last name, email address, and zip code.

We may ask you to submit additional evidence to prove your identity. The evidence We may request from you, and the degree of certainty We will require to reach regarding your identity and the authenticity of your request will depend upon the nature of your request.

We cannot respond to your request or provide you with Personal Information if We cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We will only use Personal Information provided in the request to verify the requestor’s identity or authority to make it.

Response Timing and Format

We will confirm receipt of your request within ten (10) business days.

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If We require more time (up to another 45 days), We will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response We provide will also explain the reasons We cannot comply with a request, if applicable. For data portability requests, We will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If We determine that the request warrants a fee, We will tell you why We made that decision and provide you with a cost estimate before completing your request.

Personal Information Sales Opt-Out and Opt-In Rights

You have the right to direct Us to not sell your Personal Information at any time.

To exercise the right to opt-out, you (or your authorized representative) may submit a request to us at privacy@madrigal.com or call at 888-210-2064.

Please note, that under no circumstances does Madrigal sell your Personal Information or share it or any portion thereof with any third party for direct marketing purposes.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, We will not deny you goods or services, charge you different prices or rates for goods or services, or provide you a different level or quality of goods or services.

Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of the Website that are California residents to request certain information regarding our disclosure of certain information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@madrigal.com.

Contact Information

If you have any questions or comments about this notice, the ways in which We collect and use your information described here and in the Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:

Email: privacy@madrigal.com

Postal Address: 200 Barr Harbor Drive Suite 200, West Conshohocken, PA 19428

If you need to access to our Privacy Policy or this supplement in an alternative format due to having a disability, please contact privacy@madrigal.com.