Privacy

Madrigal Pharmaceuticals, Inc. Privacy Policy

Effective Date: January 14, 2022

Introduction

Madrigal Pharmaceuticals, Inc. and its affiliates and subsidiaries (“Madrigal” or “We” or “Us” or “Our”) respects your privacy and We are committed to protecting it through Our compliance with this policy. This privacy policy (the “Policy” or “Privacy Policy”) describes the types of information Madrigal collects from you or that you may provide when you visit Our website at www.madrigalpharma.com (Our “Website”) and Our practices for using, maintaining, protecting, and disclosing that information. “Personal Information” is information, or a combination of pieces of information that could reasonably allow you to be identified. This Policy also informs you about your privacy rights. It is our goal to be transparent about the use of your information so please read this Policy carefully to understand Our policies and practices. This Policy may change from time to time, so please check the Policy periodically for updates.

Information We Collect About You and How We Collect It

We collect several types of information and We collect this information:

Directly from you when you voluntarily provide to Us.
Automatically as you navigate through the Website.
From certain third parties, like technology partners and analytics providers

Any inferences We may draw from or related to the information provided below. Please note, information, including Personal Information, provided, or collected through the Website will be through a third-party hosting service. We may also share information, including Personal Information, with third-party data storage providers.

The Personal information We collect on or through Our Website may include:

Information that you provided, for example, by filling out forms on the Website. This information may include, without limitation, your name, e-mail address, telephone number and/or other information by which you may be personally identified.
Information that you provided, for example, by sharing your professional resume, which may include, in addition to the other items discussed in the above paragraph, your employment history, professional skills and related details.
Information We or certain third parties may collect automatically as you navigate to or otherwise interact with the Website. This information may include, without limitation:
- Your IP addresses, unique device identifiers, cookie identifiers, hash identifiers, device and browser settings and information, and internet service provider information.
- Information about your device and its internet connection, browsing activity, operating system, and browser type.
- Details of your visits to the Website, including traffic and usage data, geolocation data, and other communication data and the resources that you access and use on the Website.
- Information relating to your engagement with the content on the Website and other usage details.

The technologies We use for this automatic data collection include, but are not limited to:

Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Website. Unless you have adjusted your browser setting so that it will refuse cookies, Our system will issue cookies when you direct your browser to the Website.
Flash Cookies. Certain features of the Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on the Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
Google Analytics. We use “Google Analytics” to collect information about the usage of the Website. This service collects information about how often users visit the Website, what pages they visit and when they visit, as well as what other websites they used prior to landing on the Website, among other additional information. We use this information to improve of Website and related services.

To learn more about how Google uses information from websites or apps that use Google Analytics, you may visit: https://policies.google.com/technologies/partner-sites?hl=en-GB&gl=uk

To learn more about Google’s privacy policies, you may visit: https://policies.google.com/privacy?hl=en-GB&gl=uk

You may be able to opt-out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.

To find out more about what cookies We use and how We use them, please consult our Cookies Policies: https://www.madrigalpharma.com/cookies/

Our Third-Party Partners

We work with certain third-party companies, which hosts and manages your interaction with Our content for investors and potential investors.

We may also share Personal Information with other third-party companies that we work with, in the manners and for the purposes described in this Policy.

How We Use Your Information

We use information that We collect about you or that you provide to Us, including Personal Information:

To provide you with information regarding Madrigal’s products, services, and other information, and to improve the experience for visitors the Website, to maintain proper business functions, and to engage with you and others.
To respond to you, such as when you complete a form on the Website.
To personalize your experience with Us, including to present the Website and its contents to you, remember your interests and preferences, and customize your experience.
For analytics, to understand how you use the Website, track certain activity on and off the Website, including by identifying the different websites you visit to understand how you search, and to determine the methods and devices used to access the Website and improve the Website.
For our business purposes, such as operating and improving upon Our business, maintaining Our programs, contacts, and records, determining your satisfaction with Our Website, detecting, and preventing fraud or misuse of Our Website and related services, and for any other legitimate business purpose.
For legal and safety purposes, such as defending or protecting Us, Our customers, you, or third parties, from harm or in legal proceedings, protecting or enforcing Our rights, protecting Our security and the security of Our customers, employees, and property, responding to legal process, or addressing legal and regulatory compliance.
To fulfill any other lawful purpose for which you provide your information.
To notify you about changes to the Website or any products or services We offer or provide though it.
In any other way We may describe when you provide the information.

We rely upon legal bases permitted under applicable law to process your Personal Information. In most cases the legal bases upon which we process your Personal Information include the following:

To meet Our legitimate interests, for example, to provide you with information that enables us to understand how you use our services and to enable us to derive knowledge from that enable us to develop new services. When we process Personal Information to meet Our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that Our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
Performance of any contract or agreement We execute with you, for example to provide the services and to ensure that invoices are paid correctly;
Compliance with Our legal obligations; for example, to respond to legally binding requests from regulators, law enforcement authorities or other government authorities;
Collection of your consent, when required, such as for our direct marketing activities.

We may be required by law to collect certain Personal Information about you, or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations.

Disclosure of Your Information

We may disclose aggregated information about our users, that does not identify any individual or household, without restriction, for any lawful purposes. We may disclose your Personal Information that We collect, or you provide, as described in this Privacy Policy:

To Our subsidiaries and affiliates.
To contractors, service providers, and other third parties We use to support our business and who are bound by contractual obligations to keep confidential and use Personal Information only for the purposes for which we disclose it to them, such as to store or host Website content or to optimize the content, design, and function of the Website.
To a buyer or other successor in the event of a merger, divestiture, restructuring, liquidation, reorganization, dissolution, or other sale or transfer of some or all of Madrigal’s assets.
Law enforcement agency, court, regulator, government authority or third party. We may share your Personal Information to comply with any legal or regulatory obligation, including court order, law, or legal process, or to assist with the same, including to respond to any government or regulatory request.

To enforce or apply Our terms of use and any other agreements you enter with Us. You may review our terms of use by visiting www.madrigalpharma.com/terms-of-use/.

If we believe in good faith that disclosure is necessary or appropriate to protect the rights, property, or safety of Madrigal and/or its affiliates, employees, Our customers, or others.

Under no circumstances does Madrigal sell your Personal Information or share it or any portion thereof with any third party for direct marketing purposes.

Data Security and Storage

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk to the Personal Information. These measures are, among other things, designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, exfiltration, and disclosure, including through secure cloud storage of your Personal Information with third-party information technology vendors. These measures are also aimed at ensuring the ongoing integrity and confidentiality of Your Personal Information. We evaluate these measures on a regular basis to ensure the security of the processing.

Unfortunately, the transmission of information via the internet is not completely secure. Although We reasonably strive to protect your Personal Information, We cannot guarantee the security of Personal Information transmitted to the Website or transmitted between you and Us via electronic mail. Any transmission of Personal Information is at your own risk.

We will keep your Personal Information for as long as we have a relationship with you. Once Our relationship with you has come to an end, We will retain your Personal Information for a period of time that enables us to:

Maintain business records for analysis and/or audit purposes
Comply with record retention requirements under the law
Defend or bring any existing or potential legal claims
Deal with any complaints regarding the services

We will delete your Personal Information when it is no longer required for these purposes. If there is any information that We are unable, for technical reasons, to delete entirely from Our systems, We will put in place appropriate measures to prevent any further processing or use of the data.

Hyperlinks

The Website may provide hyperlinks to other websites as a service or convenience to you. We do not endorse, control, or have any responsibility for the content or security of any third-party websites. And We have no control over any information any third-party websites may collect from or about you. This Policy does not apply to any third-party websites. Third-party websites may have their own privacy policies which we strongly encourage you to review before providing any of your personal information.

Your UK/EU GDPR Rights

As a person located in the EU or UK, you have certain rights regarding your Personal Information, subject to your local law. These include the rights to:

access your Personal Information
rectify the information we hold about you
erase your Personal Information
restrict our use of your Personal Information
object to our use of your Personal Information
receive your Personal Information in a usable electronic format and transmit it to a third party (right to data portability)
to withdraw your consent where you have given your consent to the processing of your Personal Information;
lodge a complaint with your local data protection authority.

If you want to access, review, update, rectify, and delete any Personal Information We hold about you, or exercise any other rights available under the EU GDPR or UK GDPR, where applicable, you should contact Us via e-mail: [email protected].

Additional Disclosures for California Residents

If you are a California resident, please visit www.madrigalpharma.com/ca-compliance/ to learn more about how we process your Personal Information.

Your Nevada Privacy Rights

Nevada Revised Statutes Chapter 603A allows Nevada residents to submit a request to opt-out of the sale of their data. Nevada residents can make such a request by emailing us at [email protected]. Please include the words “Nevada Sales Opt-Out Request” in the subject line of your email.

Please note, however, We do not currently sell data triggering the statute’s opt-out requirements.

Additional Disclosures for Residents of Colorado, Connecticut, Utah, and Virginia

Depending on where you reside, and subject to applicable exceptions, you may have the following rights with respect to your Personal Information:

Access: You may have the right to request that we confirm whether we process your Personal Information and that we provide you access to such Personal Information.
Data Portability: You may have the right to request that we provide a copy of your Personal Information in a portable and, to the extent technically feasible, readily usable format.
Correction: You may have the right to request that we correct inaccuracies in the Personal Information that we hold about you.
Deletion: You may have the right to request deletion of your Personal Information.
Opt Out of Sales and Targeted Advertising: You may have the right to request that we not process your Personal Information for the purposes of targeted advertising or sales, as those terms are defined by applicable state law.
Opt Out of Profiling: You may have the right to request that we not process your personal data for the purpose of profiling in furtherance of decisions that produce legal or similarly significant effects.

You may submit requests to exercise your rights by emailing us at [email protected]. We may require additional information from you in order to verify your request. You may also use an authorized agent to act on your behalf to submit requests to exercise your rights. Where applicable under local law, we will honor a request from an authorized agent provided that (i) you provide written authorization to the authorized agent to act on your behalf and we can verify your identity, and (ii) the agent submits proof of authorization.

Depending where you reside, you may also have the right to appeal a refusal to take action on your request by contacting us at [email protected] and explaining the nature of your request.

International Data Transfers

Your Personal Information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information by the European Commission and/or by the UK government.

We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your Personal Information is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.

Changes to Our Privacy Policy

We will post any changes We make to this Policy on this page, so please check back periodically for updates. If We make a material change to this Policy, We will notify you. Please do not hesitate to contact us with questions about this.

Persons Under the Age of 18

The Website is not intended for use by people under the age of 18. We do not knowingly collect information from persons under the age of 18.

Contact Information

You may contact us with questions, comments, or complaints about this Privacy Notice or our privacy practices, or to exercise your rights regarding your information. When raising a request or complaint, please provide sufficient details (including your relationship with us) and any relevant documentation. Our contact information, including our Data Protection Officer, is:

Madrigal Pharmaceuticals Inc.

Attn: Legal Department – Privacy

200 Barr Harbor Drive, Suite 200

West Conshohocken, Pennsylvania 19428, United States of America.

[email protected]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

PRIVACY