Effective Date: January 6, 2021

We at Rigel Pharmaceuticals, Inc. (“Rigel”) respect the privacy of users of our websites and any mobile applications we may offer. This Privacy Policy is intended to inform you of our policies and practices regarding the collection, use and disclosure of personal information about you when you use our websites located at www.rigel.com and www.tavalisse.com or any other websites, applications or documents owned or controlled by Rigel that post or link to this Privacy Policy (collectively, the “Sites”) or otherwise provide us with Personal Information. For purposes of this Policy, “Personal Information” about you means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.

Please be sure to read this Privacy Policy before using a Site or otherwise providing Personal Information to us, as you are deemed to consent to the collection, use and disclosure of information in accordance with this Privacy Policy when you use any of the Sites or provide us with Personal Information after using any of the Sites.

Please note that Rigel reserves the right to revise this Privacy Policy at any time at our sole discretion.  If we modify the Privacy Policy in a material way, we will post a notice on the Sites to let you know that the Policy has been so modified.

Your use of any of the Sites following a revision of the Privacy Policy constitutes your acceptance of the revised Privacy Policy.  If you object to any such changes, you must cease using our Sites.  We therefore urge you to review the Privacy Policy periodically when you visit a Site to ensure that you are familiar with the most current version.

Collection of Personal Information

Rigel collects Personal Information about you when you actively provide it to us, such as by completing an online form, responding to a request for information, signing up to receive communications from us (such as our investor information communications), providing through submission of enrollment forms for our prescription access programs, or sending us an email or letter.  Some areas of the Sites ask you to submit Personal Information in order for you to benefit from the specified features or to participate in a particular activity.  For example, if wish to receive information about a specific product, (i) if you are a health care provider, we collect your first and last name, postal address, e-mail address (you may also elect to provide your specialty type, practice type, and other medical profession information), and (ii) if you are a patient or care partner, we collect your e-mail address and information related to your medical condition (you may also elect to provide your year of diagnosis and whether you are currently receiving treatment for the medical condition).

For visitors who subscribe to our mailing list to be notified when our products are available for purchase, we collect your e-mail address.

For visitors who email us directly via an e-mail hyperlink, we collect your e-mail address and any Personal Information that may be included with the e-mail.

For health care providers who request access to any of our prescription access programs, such as our Expanded Access Program or Patient Assistance Program, we collect your username, first and last name, e-mail address, and for certain programs may also collect password as well as your clinical investigator’s name, address, e-mail address, and phone number.

We also may collect Personal Information about you from other sources, such as our business partners; the Internet, including social media websites; the press or other print media; and other organizations or individuals as permitted under applicable law.

Listed below are the types of Personal Information that we may have collected about you within the past 12 months.  Some of these types of information may not be Personal Information, depending on other information we have access to about you.  Each type of information listed below is Personal Information only if we are the information identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.

  • Identifiers, such as your name, postal address, online identifier, Internet Protocol (IP) address, email address, Social Security number, driver’s license number, or other similar identifiers.
  • “Customer Records” information (some of which may be identifiers or professional/employment-related information as well), such as your name, signature, Social Security number, physical characteristics or description, address, telephone number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
  • Commercial information, such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Geolocation data, such as the physical location of the device you use to connect with us online.
  • Biometric information, such as fingerprints or voiceprints.
  • Sensory data, such as audio, electronic, visual, or similar information.
  • Professional or employment-related information, such as your current or past job history.
  • Education information, such as your record of performance at an educational institution.
  • Personal characteristics that are related to classifications legally protected from discrimination, such as race, national origin, ethnicity, marital status, age and gender.
  • Inferences drawn from other Personal Information, such as a summary we might make based on your apparent personal preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
  • Internet or other similar network activity, such as browsing history, search history, information on your interaction with our website, mobile application(s), or an advertisement.  This may include hardware and browser information of your computer or other online device.  The information we collect in this category may include:
  • The date, time, and duration of your visit to a Site and the Site’s pages and links you click on while navigating within our Sites;
  • Information about your interactions with any content appearing on our Sites, such as the type of content accessed via our Sites;
  • Information about your interactions with our email messages, such as the links you click on and whether you open or forward a message, the date and time of these interactions and the device you use to read emails;
  • The site you visited before and after visiting our Sites;
  • your Internet Protocol (IP) address (a numerical address assigned to your computer or device by your Internet service provider so that other computers or devices connected to the Internet can communicate with your computer or device online) that can sometimes be used to derive your general geographic area;
  • Search terms you enter on our Sites or on a referral site;
  • Information about your device such as your device type and model, screen size, browser type, language and other settings, memory capacity, operating system, Wi-Fi information, and time zone;
  • If you are using a mobile device to access a Site, unique identifiers such as non-global mobile device identification numbers, radio type (e.g. LTE, 3G, etc.), and carrier code; and
  • Information collected through cookies, pixel tags and other tracking technologies (see additional descriptions of these terms below).
  • Cookies
    We may also log information using small data files stored on your hard drive when you visit our Sites (“Cookies”). We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Sites. This type of information is collected to make the Sites more useful to you and to tailor your experience with us to your special interests and needs. In addition, when we post videos, we may use local shared objects, known as “Flash Cookies,” to store your preferences for volume control or to personalize certain video features. Flash Cookies are different from browser Cookies because of the amount and type of data and how the data is stored. Cookie management tools provided by your browser will not remove Flash Cookies. To learn more about Cookies, please visit http://www.allaboutcookies.org.
  • Pixel Tags
    We and our service providers may also use “Pixel Tags” (sometimes referred to as clear gifs, web beacons, or web bugs). Pixel Tags are tiny graphic images with a unique identifier, similar in function to Cookies, that are used to track online movements of web users. In contrast to Cookies, which are stored on a user’s computer hard drive, Pixel Tags are embedded invisibly in web pages. Pixel Tags allow us to send e-mail messages in a format that users can read, and they tell us whether e-mails have been opened to help us ensure that we are sending messages that are of interest to our users.
  • Do Not Track
    We do not currently respond to “do not track” signals from web browsers.

How We Use Personal Information

We may use the Personal Information we collect from you for a variety of purposes permitted by law, including:

    • To facilitate the creation of and secure your account on our network;
    • To send you a welcome e-mail to verify ownership of the e-mail address provided when your account was created;
    • To determine the frequency of, or to eliminate the sending of, e-mail messages sent to you.
    • To identify you as a user in our system;
  • To provide improved administration of our Sites;
  • To provide you with content that may be of interest to you;
  • To provide the services you request;
  • To respond to your e-mail inquiries and other requests, including providing you with notification regarding the availability our products for purchase;
  • To measure and analyze audience traffic and improve the quality of your experience with our Sites, products, and services;
  • To send investor information, new product availability information, administrative e-mail notifications (e.g. security or support and maintenance advisories);
  • To understand how you use our Sites;
  • To detect and prevent fraud and other potentially prohibited or illegal activities and comply with applicable law, our Privacy Policy, and the terms of any applicable agreements; and
  • For any other purposes disclosed to you at the time of collection or pursuant to your consent.

If you are an employment applicant, we may use your Personal Information to process and respond to your job application, including to assess your skills, interests, and qualifications for job opportunities, conduct reference checks, verify the information provided, and for compliance with corporate governance and legal and regulatory requirements. Personal Information that you submit may also be added to our candidate database for future consideration when job vacancies arise. If you are hired, we may also use the information collected during the application process for other business purposes relating to your employment.

Our job application links to a third-party website hosted by ADP, LLC (“ADP”). Any Personal Information you provide to ADP through the job application will be collected and processed by ADP in accordance with ADP’s Privacy Policy available at https://www.adp.com/privacy.aspx. We will receive Personal Information that you provide on your job application from ADP in order to assess your qualification for the position to which you are applying. To the extent that you voluntarily provide us with Personal Information outside of the requirements of the job application, you expressly authorize us to handle such details in accordance with this Privacy Policy. If you provide information of a prior supervisor, reference, or other third party, it is your responsibility to obtain such third party’s consent to provide this information to us. you are responsible for the information that you provide or make available and you must ensure that it is legal, honest, truthful, accurate, and not misleading in any way. you must ensure that any information provided does not contain any material that is obscene, defamatory, or infringing on any rights of any third party, or otherwise legally actionable by such third party.

How We May Share Personal Information

We may share any of the Personal Information we collect from you as follows:

  • With our service providers, whom we engage to provide us with services such as technology support, operational support, quality assurance testing and other forms of assistance, and whom we bind by contract to protect the confidentiality and security of the Personal Information we share with them. Our service providers include analytics services (“Analytics Services”), such as Google Analytics and Bing Webmaster Tools, with whom we share information from Cookies and other tracking tools (this information generally is not Personal Information but could be in certain circumstances) so they can compile reports on user activity. The Analytics Services may also transfer the Analytics Information to third parties where required to do so by law or where such third parties process Analytics Information on their behalf. Each Analytics Service’s use and sharing of Analytics Information is governed by such Analytics Service’s terms of use and privacy policy.  For a list of our Analytics Services, please contact us at webmaster@rigel.com.
  • Although we currently do not have a parent company, any active subsidiaries, joint ventures, or other companies under a common control (collectively, “Affiliates”), we may in the future. We may share some or all of your Personal Information with these Affiliates, in which case we will require our Affiliates to honor this Privacy Policy.
  • We may share some or all of your Personal Information in connection with or during negotiation of any contemplated or actual merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. Thus, if another company acquires our company, business, or assets, that company will possess the Personal Information collected by us. In the event of an insolvency, bankruptcy, or receivership, Personal Information may also be transferred as a business asset.
  • We may disclose Personal Information if we believe in good faith that such disclosure is necessary (a) in connection with any legal investigation or proceeding; (b) to comply with relevant laws or to respond to subpoenas, warrants or any other duly authorized information-request from government authorities; (c) to protect or defend the rights or property of Rigel, its agents, customers, or others; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or the terms of any applicable agreements.
  • For any other purpose you may agree to at or before the time the Personal Information is shared.

Absent your consent, we do not sell your Personal Information and we do not share your Personal Information with non-affiliated entities for them to use for their own direct marketing purposes.

Retention and Security of Personal Information
We will retain Personal Information about you for the period necessary to fulfill the purposes outlined in this Policy.  We use industry-standard methods to secure the communication of Personal Information from your computer to our servers. In addition, we use industry-standard methods of securing our databases of Personal Information, including the use of firewalls. Except as provided elsewhere in this Privacy Policy, we limit access to Personal Information databases to those persons in our organization who have a business need for such access. However, you should know that no company, including Rigel, can fully eliminate security risks associated with Personal Information.

Regarding Children
Our Sites are not designed for children under the age of 13.  If we discover that a child under 13 has submitted Personal Information to us, we will attempt to delete the information as soon as possible. If you believe that we might have any Personal Information from a child under 13, please contact us at privacy@rigel.com

Links to Other Sites
Our provision of a link to any other website or location is for your convenience and does not signify our endorsement of such other website or location or its contents. We have no control over, do not review, and cannot be responsible for, these third-party websites or their content. Please be aware that the terms of our Privacy Policy do not apply to these third-party websites. We encourage you to review the policies of these third-party websites.

Your Choices

  • Email: In every promotional email we send, we will provide instructions regarding how to opt-out of receiving future mailings. You may also contact us at the address provided on any promotional email you receive to request removal from our mailing list.  We may continue to send you account or service-related communications, including notices of any updates to our Privacy Policy and the terms of any applicable agreements
  • Cookies: You can typically remove and reject Cookies from our Sites with your browser settings. Many browsers are set to accept Cookies until you change your settings. If you remove or reject our Cookies, it could affect how our Sites work for you. To learn how to manage privacy and storage settings for Flash Cookies specifically, please visit: https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.
  • Google Analytics: You may opt-out of tracking by Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.
  • Access and Correction: You may request to access or correct any of your Personal Information collected by Rigel by contacting webmaster@rigel.com.   (If you are a California resident, please see the section immediately below for more specific information on your access and other rights.)

California Residents’ Privacy Rights

If you are a resident of California, you have certain privacy rights under the California Consumer Privacy Act (“CCPA”).   We honor those rights, as described below, and we are prohibited by law from discriminating against you for exercising any of those rights.

  • Right to Know

If you are a California resident, you have the right to know what Personal Information we have collected about you, why we collected it, and the categories of third parties (excluding service providers) with whom we have shared the Personal Information during the past 12 months.  (See below on “How to Submit a Request.”)   You may request that we provide a description of the categories of Personal Information we have collected (a “Categories Request”) or a request for access to the specific pieces of Personal Information we have collected (a “Specific Pieces Request.”)

If you make a Categories Request, and you do not have any type of account with us, we will need you to provide us with at least two data elements specific to you, such as your cell phone number or mother’s maiden name (depending on the data elements we already maintain about you), so that we can verify your identity.  After we confirm that your request is a verifiable consumer request, we will disclose to you:

  • The categories of Personal Information we collected about you.
  • The categories of sources for the Personal Information we collected about you (g., social media websites, government records available to the public, etc.).
  • Our business or commercial purpose for collecting that Personal Information.
  • The categories of third parties other than service providers (if any) with whom we shared the Personal Information.

If you make a Specific Pieces Request, we need to be sure we have verified your identity with great certainty to safeguard your privacy.  In order for to verify your identity, if you do not have any type of account with us, you will need to provide to us at least three data elements specific to you, together with a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.  After we confirm that your request is a verifiable consumer request, we will disclose to you the specific pieces of Personal Information we collected about you that you requested.

  • Right to Request Deletion

You have the right to request that we delete any of your Personal Information that we collected from you and retained.  We are not obligated to comply with your request if we have a legal basis to retain the Personal Information.  If you make a request for us to delete Personal Information, and you do not have any type of account with us, we may need you to provide us with at least two data elements specific to you so that we can verify your identity.  Once we receive and confirm that your request is a verifiable consumer request (see below on “How to Submit a Request”), we will inform you whether we have deleted (and have directed our service providers to delete) your Personal Information from our records, or whether we are declining to grant your request to delete due to an exception to the CCPA deletion requirements.

  • Exceptions

If you are working for or seeking to work for Rigel, or if you are an employee or other representative of a business or other organization that is exploring or engaging in a business-to-business transaction with Rigel, the CCPA does not provide you with a “right to know” or “right to request deletion,” at least until January 1, 2023.

If we collect, either from you or otherwise, information related to your health and you as a patient, the privacy of that information is not regulated by the CCPA but rather by another California privacy law, the California Confidentiality of Medical Information Act.  You therefore do not have the rights described above with respect to health-related information we collect about you as a patient (that information is not “Personal Information” for purposes of the CCPA).

  • How to Submit a Request

To request access to or deletion of your Personal Information as described above, please submit a verifiable consumer request to us by either:

  • Calling us at our Privacy Rights toll-free number: (833) 747-4435
  • Sending us an email at privacy@rigel.com
  • Mailing your request to: Rigel Pharmaceuticals, Inc., 1180 Veterans Boulevard, South San Francisco, CA 94080, Attention: Privacy Officer

You may make a request on your own behalf, and if you are the parent or guardian of a minor child, you also may make a request related to your child’s Personal Information.  If you wish to designate an authorized agent to make a request on your behalf, please provide us with a signed declaration stating that your intent is to permit that individual to act on your behalf and include such individual’s full name, address, email address, and phone number.  That way we will be sure you have fully authorized us to act in accordance with the requests of that individual.

As indicated above, in order to protect your Personal Information from unauthorized disclosure or deletion at the request of someone other than you or your legal representative, Rigel requires identification verification before granting any request to provide copies of, know more about, or delete your Personal Information.  We take special precautions to help ensure this.  We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm that the Personal Information relates to you.   We will only use Personal Information collected in connection with a verifiable consumer request to verify the requestor’s identity or authority to make the request.

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing.

A Note to Users Outside of the United States
your Personal Information collected by us through our Sites or otherwise will be processed in the United States, where laws regarding the processing of Personal Information may be less protective than the laws in your country.  By providing us with your Personal Information, you are consenting to our processing the information in the United States in accordance with applicable law.  To the extent Rigel collects Personal Information about you from third parties located outside the United States, Rigel intends that the transfer of such information to Rigel complies with all applicable laws and regulations, including the European Union (“EU”) 2016/679 General Data Protection Regulation (“GDPR”).  For Personal Information transferred to Rigel from third parties located within the European Economic Area, the transfers will be made pursuant to Standard Contractual Clauses (the form clauses issued by the European Commission), in conformity with the GDPR.

Contact Us
Should you have any questions or concerns regarding this Privacy Policy, please contact us:

Rigel Pharmaceuticals, Inc.
1180 Veterans Boulevard
South San Francisco, CA 94080
privacy@rigel.com