Exelixis online privacy statement

Updated June 2024

Thank you for visiting the Exelixis website and reading our Online Privacy Statement (or “Statement”). This Statement pertains to www.exelixis.com and other Exelixis websites that link to this Statement (generally referred to here as “our websites”). This Statement also provides disclosures about certain information we collect offline, as described below. It does not apply to information we collect through clinical trials. Our employees also receive a supplementary privacy notice that supplies additional information about our privacy practices.

Exelixis appreciates that visitors to our websites may have concerns over their privacy, so we want to share with you what information we collect and how we use it. We do, however, reserve the right to disclose information (i) during emergencies if safety is at risk, (ii) if we are required to do so by law or to comply with valid legal processes (such as a search warrant, subpoena, or court order), or (iii) to protect Exelixis’ rights or property, including in the event of a transfer of control of Exelixis or the sale of substantially all its assets. This Statement also provides information about the purposes of our collection of personal information and certain rights individuals may have with respect to such information.

Please read this entire Statement before using or submitting information to this website. By using this website, you agree to our Terms of Service, which incorporate this Statement, and you acknowledge and agree to the collection, use and disclosure of any information you share in accordance with this Statement.

As used in this Statement, “personal information” means information that can be reasonably used to identify a living person or that reasonably relates to a living person. For individuals who are residents of California, please read our California Notice at Collection.

Data we collect and how we use it

We may collect data from you, including personal information under certain circumstances, through your interactions with our websites, through your use of our products (including as required for us to collect pursuant to applicable regulations), and through other means in which you contact us by phone, email, fax, mail or in person and provide personal information. For more information about the specific information we collect through various means and the business purposes for which we may do so, please click here.

Disclosure of your information to third parties

We may disclose your personal information as necessary to operate our websites or business, market our products and services, respond to medical information requests, or respond to other specific inquiries. In such cases, the personal information we disclose may include identifiers, internet or other electronic network activity, geolocation data, and, in certain instances in the context of medical information requests or our adverse event reporting and safety activities, medical information. Such disclosures may be made to third parties who perform certain functions and services for us, including organizing, processing, tracking and storing information on our behalf. These service providers may have access to such personal information to perform their functions but are not permitted to use personal information for purposes other than providing services to us.

We may also share information with our partners relating to medical information requests for the purposes of ensuring the request is appropriately handled by the correct party.

We may disclose your personal information if we conclude that we are required by law (including to regulatory authorities pursuant to applicable regulations) or to comply with valid legal processes (such as a search warrant, subpoena, or court order), or if we have a good faith belief that access, preservation, or disclosure of such information is reasonably necessary to protect the rights, property, or safety of Exelixis, our customers, or the public. We also may disclose such information in the event of a transfer of control of Exelixis or the sale of substantially all its assets (subject to appropriate confidentiality protections).

We do not otherwise exchange your personal information with unaffiliated entities unless you are first notified and expressly consent to such transfer, and we do not sell your personal information.

Aggregated information

Exelixis may also collect non-personal information in aggregate form to track data such as the total number of visitors to each page of our websites, and the domain names of our visitors’ Internet Service Providers. We may use this information, which remains in aggregate form, to understand how our visitors use our websites so that we may make them better.

Children

Exelixis does not solicit or knowingly collect any personal information from or about children under 13 years old through our websites and we do not knowingly sell or share such information. However, if the parent or the guardian of a child under 13 believes that the child has provided us with personal information, the parent or guardian of that child should contact us at privacy@exelixis.com, or via any applicable data subject request process as detailed below, if they want this information deleted from our files. Anyone under 18 years old should seek their parent’s or guardian’s permission prior to using or disclosing any personal information on our websites.

How you can control and update data about you

We want to be sure that we keep only the most accurate and up-to-date information in our records. Therefore, whenever you believe that your contact information needs to be updated, you can contact us at privacy@exelixis.com. You may also, at any time, choose to remove your name, telephone number and postal and e-mail addresses from lists we use to send notices or updates, and/or elect not to receive correspondence from us, by contacting us at privacy@exelixis.com or completing our web form.

Cookies, web beacons and online advertising

As described under “Data We Collect and How We Use It—Information We Collect Online—2. Information we may collect automatically online” above, we or our service providers may use cookies, web beacons or other tracking technologies to collect information passively. Cookies are small data files stored on your device. Web beacons are electronic images that we may use on our websites or communications, which may be used to deliver cookies, count users who have visited our websites, or otherwise understand how you interact with our websites or services.

We may use these technologies to collect information about how you interact with our websites or our communications, and to improve and personalize our websites, services and advertising, including by targeting advertisements to you on third-party websites. We may also enter into relationships with third-party companies to drive traffic to our websites, and such third-party companies may also collect information through their own cookies or other tools. We do not have access to or control over cookies or other tools used by these companies, and their information practices are not covered by this Statement. Please contact them directly for more information about their privacy practices.

Choices about tracking technologies and advertising

You can set your browser to refuse all or some browser cookies; however, refusing cookies may affect your experience using website features or services. We may also allow certain service providers to serve targeted advertisements to you on third-party websites based upon your use of our websites or services. For further information about targeted advertising and how you can opt out of having certain providers use your browsing information for these activities, visit www.aboutads.info/choices.

We may also use third-party analytics providers (such as Google Analytics) on our websites to collect and analyze usage information using cookies and similar tools, to engage in auditing, research, or reporting, assist with fraud prevention, or provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-Out add-on for your browser by visiting https://tools.google.com/dlpage/gaoptout.

Do Not Track requests

Your browser may allow you to transmit a “Do Not Track” signal to online services. There is no consensus as to what these “Do Not Track” signals mean, or common recognition of how to respond to them. Like many other online services, we do not currently alter any of our online practices when a “Do Not Track” signal is received. For more information about “Do Not Track,” please visit www.allaboutdnt.com.

Data subject rights

Depending on your residency, you may have certain rights relating to your personal information. These rights vary by state and country, but they may include the following rights:

  • The right to request additional disclosures about the personal information we collect, use, and disclose;
  • The right to request access to, rectification, or erasure of your personal information;
  • The right to restrict or object to the processing of your personal information;
  • The right to opt-out of the sale or sharing of personal information (if any);
  • The right to obtain a copy of your personal information in portable format; and
  • The right to limit the use of Sensitive Personal Information.

We will not discriminate against you for exercising any rights available to you under applicable law.

Exercising data subject rights

If you would like to exercise any of the rights described above, please email privacy@exelixis.com with the phrase “Data Subject Request” in the subject line. You may also call 1-833-306-0552 or complete our web form. We will review your request and respond accordingly. Please note that the rights described are not absolute and we reserve all of our rights available under applicable laws. Additionally, if we retain information relating to you in de-identified form, we will not attempt to re-identify your information in response to a request.

If you make a request relating to your personal information, you will be required to supply a valid means of identification as a precaution to verify your identity. In order to do this, we will request that you match specific pieces of information we have been provided previously, as well as, in some instances, provide a signed declaration under penalty of perjury that you are the individual whose personal information is the subject of the request. If it is necessary to collect additional information from you, we will use the information only for verification purposes and will delete it as soon as practicable after complying with the request. For requests relating to particularly sensitive information, we may require additional proof of identification.

If you make a request relating to your personal information through an authorized agent, we will require written proof that the agent is authorized to act on your behalf.

We will process requests within the timeframe provided under applicable law.

Data integrity and security

Exelixis takes reasonable steps to protect your personal information as you transmit your information from your computer to our website and to protect your information from loss, misuse and unauthorized access, disclosure, alteration or destruction. We endeavor to keep information transmitted to this website secure to the extent possible using existing and appropriate technology. You should keep in mind, however, that no internet transmission is ever 100% secure or error free. In particular, email sent to or from this website may not be secure, and you should therefore take special care in deciding what information you send to us via email. Moreover, it is your responsibility to safeguard passwords, ID numbers, or other special access features you use on this website.

Hyperlinks

This website may provide links to other websites as a service to our visitors. These are websites we believe may have helpful information. However, Exelixis does not endorse and is not responsible for the content of third-party websites. Similarly, Exelixis does not have any control over information you may choose to provide to those websites.

This Statement does not apply to third-party websites, even if they are linked to Exelixis websites. Other Internet websites you visit may have their own privacy policies or no policy at all. Other websites might use personal information differently than this Statement permits. We strongly encourage you to review the privacy policies of any website before providing any personal information.

Cross-border data transfers

This website and other websites that link to this Statement are controlled and operated by Exelixis from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Any information you provide to us through use of our websites may be stored and processed, transferred between and accessed from the United States and other countries that may not guarantee the same level of protection of personal data as the one in which you reside. However, we will handle your personal data in accordance with this Statement regardless of where your personal data is stored or accessed.

EEA/UK disclosures

If you are located in the European Economic Area (EEA) or United Kingdom (UK), please click here for additional disclosures that may apply to you.

Thailand disclosures

If you are located in Thailand, please click here for additional disclosures that may apply to you.

CCPA Notice at Collection for online sources

The California Consumer Privacy Act of 2018, as amended, including by the California Privacy Rights Act of 2020 effective January 1, 2023 (CCPA), requires us to provide certain disclosures before our collection of personal information from California residents, as summarized below. Other than through your voluntary submissions through contact forms or job applications, described below, we do not collect Sensitive Personal Information Online.

Category of personal information Purpose for collection and use Is the personal information “sold” or “shared”? How long is the personal information retained?
A. Identifiers: such as your name, postal address, email address or phone number

Respond to emails or other inquiries, to help improve our websites and our services, or to send updates or notices about Exelixis or our websites that we think may be of interest to you

Combine the personal information you provide with other generally or publicly available information to help us identify visitors’ preferences or interests, or to improve our websites and our services

IP address and other online identifiers are shared for advertising and marketing purposes but are not “sold” as the term is traditionally used for money No longer than necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): a name, address, telephone number, education, employment, employment history

Respond to emails or other inquiries, to help improve our websites and our services, or to send updates or notices about Exelixis or our websites that we think may be of interest to you

Combine the personal information you provide with other generally or publicly available information to help us identify visitors’ preferences or interests, or to improve our websites and our services

No No longer than necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements
C. Internet or other similar network activity: Internet Protocol (“IP”) addresses and other unique identifiers used online; internet or other electronic network activity, including operating system, device details, usage details such as the date and times a website is accessed, referring URL, webpages viewed and links clicked

Improve our website and services

Diagnose problems with our servers

Report aggregated information determine the fastest route for your computer to use in connecting to our websites

Tailor website functionality for certain geographies

Administer and improve the websites

Better understand our audience and personalize our website, services or advertisements

IP address and other online identifiers are shared for advertising and marketing purposes, but are not “sold” as the term is traditionally used for money No longer than necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements
D. Professional or employment-related information: Information you submit through our “Careers” page

Process the application you have submitted

As otherwise disclosed in our employee/applicant privacy policy

No No longer than necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements
E. Sensitive personal information: Race and ethnicity data collected for equal employment purposes; health information when voluntarily provided through contract forms

Equal employment purposes for job applications

Process the application you have submitted

Process medical information requests and other communications you send voluntarily including such information

No No longer than necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements

To opt-out of the “sale” or “sharing” of your personal information, please email privacy@exelixis.com with the phrase “Data Subject Request” in the subject line. You may also call 1-833-306-0552 or complete our web form.

California Shine the Light

In addition to other rights that may be provided to California residents, California law permits users of our websites who are California residents to request certain information about how their information is shared with third parties for direct marketing purposes. If you would like to make such a request, please email us at privacy@exelixis.com or write us at Legal Department, Exelixis, Inc., 1851 Harbor Bay Parkway, Alameda, California 94502, Attn: Privacy.

Washington and Nevada Consumer Health Data Notice

Additional information about our collection, use and disclosure of Consumer Health Data is available here.

Changes

You should check this Online Privacy Statement regularly for any changes. We will provide a notice if we make any material changes to this Statement, which we may do by posting a message on our websites.

Questions

In the event of any questions, comments or concerns, please write to us at Legal Department, Exelixis, Inc., 1851 Harbor Bay Parkway, Alameda, California 94502, or at privacy@exelixis.com. Or, you can call us at 1-650-837-7000.

You are now leaving the exelixis.com website. This link will take you to a website to which our Privacy Policy does not apply. You are solely responsible for your interactions with that website.