Synthekine Privacy Notice

Introduction

Synthekine, Inc. (“Synthekine”, “we”, “us”) is committed to protecting your privacy. This Privacy Notice explains how we collect, use, and share personal data, in compliance with the EU General Data Protection Regulation (GDPR) and UK GDPR. We use plain language so you can clearly understand what data we collect and why. We do not sell your personal data or use it for any purposes other than those described here. If we provide a more specific privacy notice at the time of data collection (for example, in a clinical trial informed consent or a job application form), that specific notice will also apply to how we process your data in that context.

Data Controller and Key Contacts

Controller: Synthekine, Inc., 1505 O’Brien Drive, Menlo Park, CA 94025, USA. Synthekine is the primary organization determining the purposes and means of processing your personal data (the “data controller”).

Data Protection Officer (DPO): Geoff Fatzinger, 1505 O’Brien Drive, Menlo Park, CA 94025 USA, Email: Gfatzinger@synthekine.com. You may contact our DPO for any privacy-related questions or requests.

EU Representative: Geoff Fatzinger, 1505 O’Brien Drive, Menlo Park, CA 94025, USA, Email: Gfatzinger@synthekine.com. This is our designated representative in the European Economic Area for GDPR purposes, per Article 27 GDPR.

UK Representative: Geoff Fatzinger, 1505 O’Brien Drive, Menlo Park, CA 94025, USA, Email: Gfatzinger@synthekine.com. This is our designated representative for the United Kingdom.

You can reach out to any of the contacts above with questions about this Privacy Notice or to exercise your data protection rights.

Personal Data We Collect and How We Use It

We collect different types of personal data depending on your relationship with us. Below we describe what information we collect for each category of individual, why we collect it, and the legal basis we rely on under GDPR. We also note how long we keep the data and who it might be shared with. Providing personal data is generally voluntary. However, if you choose not to provide certain information, we may not be able to fulfil the purpose in question (for example, we cannot respond to your inquiry without contact details, or we cannot consider you for a job if you don’t provide a resume). We do not engage in any automated decision-making that has legal or similarly significant effects on you.

Website Visitors

What we collect: If you visit our website, we collect limited data about your visit. This includes technical information like your IP address, browser type, operating system, and pages you viewed. We may use cookies or similar technologies to collect this usage information, but we do not use any third-party analytics or marketing cookies at this stage (only basic functional cookies if needed). If you choose to contact us through a form or email, we will collect the personal data you provide (such as your name, email address, phone number, and the content of your message). We do not intentionally collect sensitive information from website visitors, and we ask that you only provide basic contact details and your inquiry. Our website is not intended for children, and we do not knowingly collect data from anyone under 16 without parental consent.

How we use it and why: We use website data to ensure the site works properly, maintain security, and understand traffic in order to improve user experience. Any essential cookies or logs that collect technical data are used based on our legitimate interest in operating a secure, effective website. If you submit a contact form or request information, we will use your data to respond to you or provide the requested materials. For example, if you ask a question or request a demo, we use your email or phone to get back to you. The legal basis for processing information you provide via the website is typically consent (you choose to send us your info) or our legitimate interest in responding to inquiries and growing our business. If you sign up for any newsletter or updates (if offered), we will only send you communications with your consent, and you can unsubscribe at any time. We do not use website data to profile you or make automated decisions, and we do not share it with advertisers. We also do not sell this data.

Data retention: Website visit logs and technical data are kept for a short period (typically a few weeks to a few months) for security auditing and then routinely deleted. Contact form submissions or inquiry emails are retained as long as needed to fulfil your request and for a short period thereafter in case of follow-up questions. For example, if you contact us for information, we might keep our correspondence for up to [6 months] after resolving your inquiry, unless a longer period is required for legal reasons (e.g. to maintain evidence of communications). Email subscription data is kept until you unsubscribe, or the service is discontinued.

Recipients: We may share it with service providers that help us operate our website or email system (for instance, our website hosting company or IT support), under strict confidentiality and data protection agreements. These providers are processors who only act on our instructions. We may also disclose information if required for legal compliance or to protect our rights (for example, disclosing web logs to comply with a lawful request by law enforcement). Aside from such cases, we do not share website visitor data with third parties.

Clinical Trial Participants

What we collect: If you participate in a clinical trial that we sponsor, we will process personal data about you related to the study. This includes your identifying information (such as a participant ID number, and in some cases your name or contact details if needed for trial logistics), demographic details (age, sex, etc.), health and medical information (medical history, diagnoses, medications, lab results, imaging, genetic data, etc.), and information on your health status and responses during the trial. Most of this data is obtained through the trial investigators (your study doctor and clinical site staff) via study forms and medical records, or through research procedures (like blood tests, questionnaires, or imaging during the trial). In general, your identifiable information (like name, address) is kept confidential by the study site and replaced with a unique code before data is shared with Synthekine, so that much of the research data we receive is pseudonymized (coded) rather than directly identifying. We may also collect information related to your participation such as informed consent forms, which contain your name and signature, and any communications you have with us or the study staff. Source of data: We collect this data from you directly (through your interactions with study doctors and completion of study procedures) and from third parties involved in the trial – for example, your study doctor provides medical observations and records to us as the sponsor, and laboratories or imaging centers may generate test results. We ensure any third parties providing your data (e.g. labs or trial sites) have a lawful basis to do so and are following applicable laws.

How we use it and why: As the trial sponsor and data controller, we use participant data strictly for research and regulatory purposes. This includes: verifying your eligibility for the study, monitoring your health and any side effects, providing the investigational drug, analysing the study results, and reporting on the trial outcomes. We also use the data to fulfil our legal obligations in clinical research – for example, reporting serious adverse events and safety information to health authorities, ensuring participant well-being, and maintaining accurate clinical trial records. We may use your contact information to communicate with you via the study site or directly only as necessary (e.g. to schedule visits or follow up on safety, typically such communication is done by the study staff on our behalf). The legal bases under GDPR for processing clinical trial data include: consent – you will have signed an informed consent form to participate, which covers certain data uses (GDPR Art.6(1)(a) and Art.9(2)(a) for sensitive health data). You can withdraw your consent at any time; however, if you do, you may not be able to continue in the trial (withdrawing consent won’t affect the lawfulness of data processing already done). We also rely on legal obligations (Art.6(1)(c)) – for instance, we must collect and report data to comply with drug safety laws and clinical trial regulations. Additionally, we process data under the basis of public interest in public health and scientific research (Art.6(1)(e) and Art.9(2)(i)/(j)), as our trials aim to develop new therapies and ensure high standards of quality and safety. In some cases, legitimate interests (Art.6(1)(f)) of Synthekine may apply, such as our interest in managing the research efficiently; however, when we use legitimate interests, we ensure it does not override your rights and freedoms. We do not use trial data for any unrelated purposes like marketing. We may publish aggregated results from the study in scientific journals or share results with other researchers, but this will not identify you personally (any published data will be anonymized).

Data retention: Clinical trial data is retained for a long period due to legal and scientific requirements. We keep identifiable trial records (like consent forms linking you to your participant code) for at least as long as the study is ongoing and for the archiving period required by law. Typically, sponsors are required to retain clinical study data for 25 years or more after a trial ends to comply with regulations and to support new drug applications. We will retain your personal data from the trial for as long as necessary to fulfil the research purposes and to comply with laws (e.g. EU and FDA regulations). After that, we will either delete the data or irreversibly anonymize it. Note that even if you request deletion of your trial data, we might not be able to erase data that has already been collected and is necessary to maintain the scientific integrity of the study or to meet regulatory requirements. In such cases, we will continue to protect your data and only use it for required purposes.

Recipients: Synthekine may share your trial data with a limited set of parties, under strict confidentiality and legal safeguards, for the purposes of conducting and overseeing the study:

• Clinical study site and investigators: The doctors and healthcare institutions conducting the trial will have access to your full medical data and identity (they collected it). We receive coded data from them and may share necessary information back with your study doctor (for example, new safety findings) to ensure your safety.
• Service providers (CROs and labs): We may employ a Contract Research Organization (CRO) or other research service providers to manage the trial, analyse data, or perform specific tasks. These parties process your data on our behalf as processors and are bound by contracts to protect your information and use it only under our instructions. Examples include central laboratories (testing blood samples), data storage providers, or medical imaging analysts.
• Regulators and ethics committees: We are legally required to provide information to health authorities like the FDA, EMA or other national regulatory agencies and independent ethics committees to demonstrate trial safety and compliance. For instance, we report serious adverse events (with limited personal data) to regulators, and we may need to show trial records during an inspection or audit. Such disclosures are made under legal obligation.
• Collaboration partners: If we collaborate with another company or research partner on the trial or subsequent drug development, we may share trial data with them under strict agreements. For example, if Synthekine co-develops a therapy with a partner company, relevant trial data may be shared for regulatory submissions or joint analysis. In all cases, the partner must agree to use and protect the data in compliance with GDPR and this Notice.
• Others as required by law: In rare cases, we might have to disclose trial information in response to court orders, legal disputes, or to protect rights and safety (for example, to our legal counsel or insurance providers in defending a claim). Any such sharing will be limited to what is necessary and in line with applicable laws.

We do not share trial participants’ personal data with any third parties for marketing or unrelated purposes. All personnel and organizations involved in the study are obligated to maintain confidentiality. Where possible, we share data in a form that does not directly reveal your identity (coded or anonymized data) to further protect your privacy.

Job Applicants

What we collect: If you apply for a job or contract position with Synthekine, we collect the personal data you provide in the application process. This typically includes contact details (name, address, email, phone), background information in your resume/CV (such as education, work history, qualifications, skills), and any other information you choose to share (like a cover letter, references, or portfolio). We may also generate or obtain additional information during the recruitment process, such as interview notes, assessment scores, or correspondence with you. In some cases, we may seek information from third parties with your permission – for example, contacting the references you provided to verify your past employment, or conducting a background check if relevant for the role (we would inform you and get your consent where required by law before any background check). We do not seek any sensitive information that is not relevant to your candidacy; please avoid including sensitive personal data (e.g. racial or ethnic origin, health, or financial information) on your CV unless necessary. Any required demographic data for equal opportunity monitoring (if applicable) will be clearly requested and usually kept separate from hiring decisions.

How we use it and why: We use applicant data to evaluate and communicate with you about your candidacy. This includes reviewing your qualifications and experience, contacting you to schedule interviews or request additional information, and assessing your suitability for the role applied. If you are selected, we will use the information to proceed with hiring (such as preparing an offer and contract, and later onboarding you into our HR system). If you are not selected, we may retain your details to consider you for future positions, but only if allowed by law and, if required, with your consent. The GDPR legal bases for processing your data are: Contract (pre-contractual steps) – processing is necessary to take steps at your request before entering into an employment contract (GDPR Art.6(1)(b)), since by applying you are asking us to consider entering an employment agreement. We also rely on legitimate interests – our legitimate interest in hiring qualified personnel and managing our recruitment process (Art.6(1)(f)). We balance this interest with your privacy rights and only use your data in ways you would reasonably expect in a hiring context. Certain processing may be based on legal obligations (Art.6(1)(c)): for example, verifying your right to work in a given country, or complying with diversity reporting laws, where applicable. If we need to keep your application on file for future opportunities beyond the immediate hiring process, we will ask for your consent to do so, and you are free to decline. Whether or not you provide this consent will not affect your current job application. Providing your personal data for a job application is voluntary, but if you do not provide sufficient information, we cannot properly evaluate your application or communicate with you, so it may disqualify you from consideration.

Data retention: For candidates who are hired, your application information will become part of your employee record and will be retained in accordance with our employee privacy policy (you will be informed of that upon hiring). For candidates not hired, we retain application data for a limited period as outlined in the Synthekine Record Retention Schedule. This allows us to address any legal questions or disputes (for example, claims about the recruitment process) and to consider you for any suitable roles that open in that time frame. We may keep records longer if required by law (for instance, some jurisdictions mandate retaining hiring records for a certain period) or, conversely, we may delete them sooner if you request and we have no legal need to keep them.

Recipients: Your application data is shared internally with our hiring team and relevant personnel involved in the decision (e.g. the manager of the department with the opening). We use certain service providers to facilitate hiring – for example, our online careers portal or application system, which may be operated by a third-party HR software provider, and email or videoconferencing services for interviews. These providers act on our behalf and are bound by data protection agreements to keep your information secure. We may also share necessary details with background check agencies or credential verification services if applicable to the role (with your prior knowledge). If you have been referred by a recruiter or referral source, we might share limited feedback with them (e.g. informing a recruiting agency whether you were selected). All third parties involved in the hiring process are required to protect your data. We will not disclose your application to unrelated parties without your permission. In the event of a legal requirement, we might have to share applicant data with regulators or authorities (for instance, to demonstrate compliance with labor laws or if asked during an audit), but we will only do so if necessary and lawful.

Customers (Product Users and Other Business Contacts)

What we collect: “Customers” refers to individuals who use or inquire about our products or services, such as healthcare professionals, patients (e.g. in compassionate use programs or patient support programs), or representatives of client organizations. The personal data we collect will depend on the interaction. For example, if you are a healthcare professional who contacts us for information about our products or to report an adverse event, we may collect your name, professional contact details (clinic address, email, phone), your job title, and the content of your inquiry. If you are a patient or caregiver reaching out (outside of a clinical trial context), we might collect your contact information and any details you provide about your medical condition or experience with our product (for instance, if reporting a side effect or requesting compassionate use access). If you are a representative of a business or institution we work with (such as a hospital purchasing our product, or a research collaborator), we will collect your business contact details and any necessary identification information for that business relationship. We also collect any correspondence or records of interactions with you (e.g. records of orders, inquiries, support requests). We aim to collect only the data we need to serve you or to meet our obligations.

How we use it and why: We use customer data to provide and support our products or services and manage our relationship with you. Specifically, we may use your information to process orders or transactions, deliver products or services you requested, provide customer service and support, and respond to any inquiries or complaints. For example, if you are a physician who requests product information or samples, we use your details to fulfil that request and keep a record for compliance. If you report a side effect or quality issue, we use the information to address the issue and comply with pharmacovigilance laws (drug safety reporting obligations). We may also use contact information to send you communications about product updates, recalls, or regulatory information as required by law or as part of our services. For business customers or partners, we use data for contract management – e.g. to communicate about deliverables, arrange payments, and maintain records of the relationship. The legal bases under GDPR for processing customer data include: Contractual necessity (Art.6(1)(b)) – if you are purchasing or using our product or service, we need to process your data to fulfil our contract with you (for instance, shipping a product requires using your name and address). Legitimate interests (Art.6(1)(f)) – we have a legitimate interest in keeping our customers informed about the products they use, maintaining business communications, and improving our services. We ensure that any such processing is expected and does not unduly impact your privacy. Legal obligations (Art.6(1)(c)) also apply in certain cases – for example, collecting and reporting personal data for adverse event reporting, product safety, tax or accounting rules (if you make a purchase, we must keep transaction records), and other regulatory requirements in the pharmaceutical industry. If we ever send optional marketing or promotional communications, we will do so only in accordance with applicable laws (and seek your consent where required). At this stage, Synthekine does not use any third-party marketing tools or trackers, so any communication with customers is direct and pertinent to our relationship (no unsolicited marketing outreach without consent).

Data retention: We retain customer-related data for as long as necessary to manage the relationship and as required by law. For instance, if you purchase a product or service, we may keep records of that transaction for at least the duration of the contract and thereafter as needed for legal compliance (financial records may be kept for a number of years for tax and audit purposes, typically 7 years or as local law requires). Communications and support inquiries are generally kept for a period of time to ensure we have history to assist you better and to comply with any regulatory requirements (e.g. documentation of medical or safety-related inquiries may be kept as long as the product is on the market and for some years after, given pharmacovigilance record-keeping rules).  Data that must be retained longer (e.g. adverse event reports) will be archived securely and isolated from routine use once the active need for it has passed.

Recipients: We treat customer information confidentially and only share it with parties as necessary:

• Service providers: Similar to other categories, we may use third-party companies to provide services – for example, shipping companies (to deliver products), payment processors (to handle billing), or IT providers (for databases or customer relationship management systems). These service providers act under our instructions and are bound to protect your data.
• Affiliates and partners: If Synthekine works with affiliate companies or distributors, we may share your information with them to serve you (e.g. forwarding your inquiry to a local distributor who will assist you). We ensure any partner who receives personal data has a legal basis for processing and agrees to safeguard the information in line with GDPR.
• Regulatory authorities: As a pharma company, we may be obligated to share certain customer data with regulators. For example, if you report a side effect, we must report details (including personal data like initials, age, and the event) to health authorities under pharmacovigilance laws. We only provide the required information. Regulators may also request customer data during inspections or audits to ensure we are complying with legal requirements.
• Professional advisors: We may share information with our lawyers, auditors, or insurers on a need-to-know basis – for instance, if handling a legal matter or obtaining advice, which requires using some of your data. These recipients are bound by confidentiality.
• We will not share customer data with third parties for their independent marketing purposes without your consent. Any sharing is limited to the purposes stated above. In the event of a business transaction (such as a merger or acquisition of Synthekine), customer data may be transferred to the new owner as part of the business assets, but will remain subject to the protections in this Notice (you would be informed of any such change where required).

International Data Transfers

Synthekine is based in the United States, and the personal data we collect may be transferred to or stored in the USA or other countries outside of your home country. If you are located in the European Economic Area (EEA) or the UK, please note that your data may be processed in countries (such as the US) that do not necessarily have the same level of data protection as the EU/UK. When we transfer personal data out of the EEA/UK, we take steps to ensure your data remains protected. These steps include using Standard Contractual Clauses (SCCs) approved by the European Commission, and/or other appropriate safeguards as required by GDPR. In some cases, transfers may be justified by an adequacy decision (if the destination country is recognized by the European Commission as having adequate data protection laws) – for example, transfers to countries under the EU’s adequacy framework. Where applicable, we also rely on derogations (such as your explicit consent or necessity for contract) for specific transfers. You can request a copy of the relevant safeguards (such as SCCs) we use for international transfers by contacting us. Despite any foreign storage, we apply the same GDPR-level protections to your data, and our service providers are contractually bound to protect it no matter where it is processed. We continuously monitor the legal landscape for international data transfers and will adjust our mechanisms if needed to ensure ongoing compliance.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements. Retention periods vary depending on the category of data and the applicable laws. Below is a summary of how long we typically keep data for each context:

• Website Visitors: All site visitors are provided the option to opt out of website data collection upon entry to the Synthekine website. If a visitor enters the site and chooses not to allow recording of site access and history, visitor access will be automatically recorded.  Technical logs are retained for according to Synthekine Policy security review. Inquiry data (like contact form submissions) is kept until we have responded to your request and for a short additional period (generally up to [6 months – 1 year]) for follow-up or record-keeping, then deleted or anonymized. If you signed up for a newsletter, we keep your information until you unsubscribe or the newsletter program ends.
• Clinical Trial Participants: Due to regulatory requirements, trial data is stored for an extended duration. We retain clinical trial records (which may include your coded data and signed consent forms) for the period mandated by law – often at least 25 years after study completion, and sometimes longer if the drug is approved and on the market, to support ongoing safety monitoring. Personal data that is no longer needed for active research may be archived securely. After meeting all legal retention obligations, we will delete or permanently anonymize trial data.
• Job Applicants: For candidates who are not hired, we may keep your data for up to 5 years after the recruitment process (or longer, as per Synthekine Record Retention Policy. With your consent, we may hold your information longer to consider you for future roles, but we will proactively remove it if consent is withdrawn or it’s no longer needed. Hired candidates’ data becomes part of the employee file and is kept throughout employment (and for the required post-employment retention period, typically several years, under employment law – covered by a separate employee privacy notice).
• Customers: We retain customer and business partner data for the duration of our relationship (e.g. for as long as you use our product or service or we have an active contract) and thereafter as needed to comply with legal obligations or our internal retention policies. Records of product inquiries, support, and adverse event reports are kept in accordance with regulatory requirements – adverse event data may be retained for the life of the product and some years beyond. We do not keep personal data longer than necessary. When we no longer have a legitimate need or legal obligation to retain your information, we securely delete or anonymize it.

In all cases, we adhere to applicable legal retention requirements. We also periodically review the data we hold; if we determine that information is no longer needed, we will remove it. Please note that if you exercise your right to erasure, we will delete the data we can, but certain information might be exempt from deletion if we are required to keep it (for example, data involved in an ongoing contract, or research data that we must retain for regulatory purposes). We will inform you if that is the case.

Your Rights Under GDPR

If you are in the EU, UK, or a similar jurisdiction, you have specific data subject rights regarding your personal data. Synthekine respects these rights and has established processes to help you exercise them. Your rights include:

• Right of Access: You can request confirmation of whether we process personal data about you, and if so, ask for a copy of the data we hold about you, along with information on how we use it.
• Right to Rectification: If any personal data we have about you is incorrect or incomplete, you have the right to have it corrected or updated without undue delay.
• Right to Erasure: You can request that we delete your personal data in certain circumstances (for example, if the data is no longer needed for its original purpose, or if you withdraw consent and we have no other legal basis to continue processing). This is also known as the “right to be forgotten.” We will honor this right to the extent possible; however, please note it is not absolute. Sometimes we must retain certain information despite a deletion request – for instance, to comply with a legal obligation or if the data is necessary for the establishment, exercise or defense of legal claims. Clinical trial data in particular usually cannot be entirely erased due to regulatory requirements (instead, we may anonymize it). We will inform you if any such exception applies when you make your request.
• Right to Restrict Processing: You have the right to ask us to limit the processing of your data in certain situations – for example, if you contest the accuracy of your data, we can pause processing (aside from storage) until we verify the accuracy; or if you object to processing based on our legitimate interests, we will restrict processing while we consider your objection. When processing is restricted, we will safely store the data and inform you before lifting the restriction.
• Right to Data Portability: For data that you have provided to us and which we process by automated means on the basis of your consent or a contract with you, you can request to receive that data in a structured, commonly used, machine-readable format (for example, a CSV file). You can also ask us to transmit that data directly to another service provider where technically feasible. This right applies only to data you provided and that we process by consent or contract; it does not apply to data we process on other legal bases (for instance, most of the data in a clinical trial or collected for legal compliance would not be portable under GDPR).
• Right to Object: You have the right to object to our processing of your personal data when we are doing so under a legitimate interest or public interest basis. If you object, you should explain the particular situation that you believe makes our processing infringe on your rights, and we will consider your objection. We will stop the processing unless we have compelling legitimate grounds that override your interests or if we need to continue processing for legal claims. Direct marketing: You can always object to your personal data being used for direct marketing purposes. In practice, Synthekine currently does not send much marketing communication, but if we ever do (such as a newsletter you signed up for), you have an absolute right to opt out. If you object or unsubscribe from marketing, we will stop sending you marketing messages immediately.
• Right to Withdraw Consent: If we are processing any of your personal data based on your consent, you have the right to withdraw that consent at any time. For example, if you consented to receive updates via email, you can opt out later by clicking “unsubscribe” or contacting us, and we will stop that processing. Withdrawing consent does not affect the lawfulness of any processing we already carried out before your withdrawal. In other words, past processing remains valid, but we will cease future processing of the data for the purpose you originally consented to. If your participation in a program or service is contingent on consent (for instance, a clinical trial or a support program), withdrawing consent may mean we cannot continue providing that service to you. We will advise you if that is the case.
• Right not to be subject to automated decisions: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects on you. This right is relevant if decisions with a big impact on you (for example, credit approvals, hiring decisions, etc.) are made by algorithms without human involvement. Synthekine does not currently use your personal data in this way – we do not perform automated decision-making or profiling that would have such effects on you. If that ever changes, we will update this notice and ensure all GDPR safeguards are followed.

Exercising your rights: You can exercise any of your rights by contacting us (see the Contact section below). We may need to verify your identity to make sure we don’t disclose data to the wrong person. Exercising these rights is free of charge. We will respond to your request as soon as possible, and in any event within the timeframe required by law (generally within one month for GDPR). If we cannot fulfil your request (for example, if an exception applies or we need more time for complex requests), we will explain the situation to you.

Right to lodge a complaint: In addition to the rights above, you also have the right to file a complaint with a data protection supervisory authority. If you are in the EU/EEA, you can contact the supervisory authority in the country of your habitual residence, place of work, or where an alleged infringement of data protection law occurred. For example, in France it’s the CNIL, in Germany your state’s Datenschutz authority, in the UK it’s the Information Commissioner’s Office (ICO). We would appreciate the chance to address your concerns first, so we encourage you to reach out to us with any issue, but you are free to approach the regulators at any time.

How to Contact Us

If you have any questions, concerns, or requests regarding this Privacy Notice or your personal data, please do not hesitate to contact us:

• Email: Cgarten@synthekine.com (preferred for privacy inquiries and rights requests).
• Postal Mail: Privacy Office/DPO, Synthekine, Inc., 1505 O’Brien Drive, Menlo Park, CA 94025, USA.
• EU Representative Contact: Geoff Fatzinger, 1505 O’Brien Drive, Menlo Park, CA 94025, USA, Email: Gfatzinger@synthekine.com – You may contact our EU representative at this address for any issues related to processing of personal data in the EU.
• UK Representative Contact: Geoff Fatzinger, 1505 O’Brien Drive, Menlo Park, CA 94025, USA, Email: Gfatzinger@synthekine.com – You may contact our UK representative for issues related to UK personal data.

We will respond to inquiries or requests as soon as reasonably possible, and no later than required by law. If you are making a request to exercise your data rights, please describe your request in detail (for example, what information you want to access, or which processing activity you are objecting to) to help us process it efficiently.

We hope this Privacy Notice provides you with clear information about how Synthekine handles your personal data. We take privacy seriously and will update this Notice as needed to stay compliant with data protection laws and reflect any changes in our data practices. If we make material changes, we will post an updated Notice on our website with an updated effective date.

Thank you for trusting Synthekine. If you have any questions about this Notice, please contact us – we are here to help and ensure your rights and information are respected.