Privacy Policy
Corvus Pharmaceuticals, Inc. (“Corvus,” “we,” “us” or “our) created and maintains the Corvus website (the “Website”), currently located at www.corvuspharma.com, and other online services owned or controlled by Corvus (collectively, the “Services”). This Website Privacy Notice, describes how Corvus collects, uses, discloses and secures information collected from or about you through the Services. you acknowledge that you have read and understood the terms of this Website Privacy Notice and consent to the collection, use, and processing of your information as described herein. Corvus may update this Website Privacy Notice from time-to-time in our sole discretion in accordance with the modification provision of the Terms of Use. Your use of the Service following us posting a new Website Privacy Notice on the Service signifies that you agree to the terms of the Website Privacy Notice as modified pursuant to the “Modifications of Terms” section of the Terms of Use.
What is Personal Information?
Personal Information means any information that can identify you or be linked to you. This includes things like your name, address, email address, phone number, and account details. It can also include information about your activities on our Services, as well as details such as your date of birth, gender, location, or preferences when connected to other information that identifies you.
Personal Information We Collect:
You may provide Personal Information to us when you interact with us through the Service and/or provide information to Corvus. For example, depending on the specific Services, you may provide us with Personal Information when you:
- Contact us by email or through our contact form for any reason (such as to ask a question or provide us with your comments/feedback) and we collect your name, email address, and other information you provide from this contact;
- Submit your resume or other personal information in response to a job opening posted on the Services.
By voluntarily providing us with Personal Information and using the Services, you are consenting to our use of it in accordance with this Website Privacy Notice. If you provide Personal Information to the Service, you acknowledge and agree that such Personal Information may be transferred from your current location to the offices and servers of Corvus and the authorized third parties referred to herein located in the United States.
Non-Identifiable Information:
When you interact with Corvus through the Service, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. Corvus may store such information itself or such information may be included in databases owned and maintained by Corvus affiliates, agents or service providers. The Service may use such information and pool it with other information to track, for example, the total number of visitors to our Service or the number of visitors to each page of our Website. No Personal Information is available or used in this process.
Cookies:
When you visit the Services, some information is also automatically collected, such as your computer’s Internet Protocol (IP) address, your computer’s operating system, the browser type, the address of a referring web site, and the time and date of your visit and pages visited. This information is collected through the use of “cookies.” A cookie is a piece of information that the computer that hosts our Service gives to your browser when you access the Service. We use cookies on the Services to help optimize your online experience.
Corvus does not require that you accept cookies; however, some functionality on the Services may be disabled if you decline to accept cookies. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether or not to accept it.
How We Use Personal Information and Other Information:
Corvus may use your Personal Information and other personally non-identifiable information collected through the Service for internal purposes only to help us improve the content and functionality of the Service, to better understand our users and to improve the Corvus Services. Corvus and its affiliates may use this information to contact you in the future to tell you about services we believe will be of interest to you. If we do so, each communication we send you will contain instructions permitting you to “opt-out” of receiving future communications. In addition, if at any time you wish not to receive any future communications or you wish to have your name deleted from our mailing lists, please contact us as indicated below. When we use your personal information, it may be processed on our servers in the United States of America and in other countries, and your information may be processed on a server that lies outside your own country.
Use of Aggregate Information:
Personal Information does not include “aggregate” information. Aggregate information is data we collect about a group or category of services or users, from which individual identities have been removed. In other words, information about how you use a service may be collected and combined with information about how others use the same service, but no personal information will be included in the resulting data. Aggregate data helps us understand trends and customer needs so that we can better consider new services and tailor existing services to customer desires. We may share aggregated non-personal information with third parties outside of Corvus.
Our Disclosure of Your Personal Data and Other Information:
Corvus does not sell, rent or share your Personal Data with third parties without your prior consent. There are, however, certain circumstances in which we may share your Personal Information with certain third parties without further notice to you, as set forth below:
Business Transfers: We may provide your Personal Information and other non-personal information to a third party in connection with the sale, transfer or reorganization of some or all of Corvus or its assets, and any such acquirer or transferee will have the right to use and disclose such information subject to the terms of this Website Privacy Notice.
Related Companies: We may also share your Personal Information with companies related to us, such as subsidiaries, for purposes consistent with this Website Privacy Notice.
Agents, Consultants and Related Third Parties: We may disclose your Personal Information and other non-personal information to our third-party service providers (e.g., hosting providers, payment processors, analytics companies, etc.). When we supply information to these third parties, we require them to use it only for the purpose for which they are working with Corvus, and prohibit disclosure except at our direction and consistent with the services they are contracted to provide.
Legal Requirements: We may disclose your Personal Information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Corvus, (iii) act in urgent circumstances to protect the personal safety of users of the Service or the public, or (iv) protect against legal liability.
Your Choices:
“Do Not Track” or “DNT” Technology; Opting Out: The Website, whether accessed on a computer or a mobile device, is not at this time configured to read or respond to “do not track” settings or signals in your browser headings, which vary by browser provider. The only way to completely “opt out” of the collection of any information through cookies or other tracking technology is to actively manage the settings on your browser or mobile device to delete and disable cookies and other tracking/recording tools. Some features of the Website require the use of cookies and other tracking/recording tools in order to customize the delivery of information to you. If you disable such tools you may not be able to use certain aspects of the Services.
Data Retention:
We may retain your data as long as necessary to fulfil the purpose for which such data was collected, to comply with law, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigations, enforce our Terms of Use and take other actions otherwise permitted by law. We may also retain anonymous data collected through the Services and this data may be shared with third parties but you will not be identifiable from the data sets that we share.
Links to Other Web Sites:
The Services may contain links to other web sites. Any Personal Information you provide on the linked pages is provided directly to that third party and is subject to that third party’s privacy policy. Except as described above, we are not responsible for the content or privacy and security practices and policies of web sites to which we link. Links from the Services to third parties or to other web sites are provided for your convenience only. We encourage you to learn about their privacy and security practices and policies before providing them with Personal Information.
Security:
Corvus takes reasonable steps to protect the Personal Information provided via the Service from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from the Service may not be secure. Therefore, you should take special care in deciding what information you send to us via e-mail. Please keep this in mind when disclosing any Personal Information to Corvus via the Internet.
Children’s Privacy:
We do not seek or knowingly collect any personal information about children under 13 years of age. If we become aware that we have unknowingly collected personal information from a child under the age of 13, we will make commercially reasonable efforts to delete such information from our database.
If you are the parent or guardian of a minor child who has provided us with personal information, you may contact us using the information below to request it be deleted.
Governing Law:
This Privacy Policy shall be subject to the “Governing Law and Arbitration; No Class Actions” provision in the Terms of Use.
Your California Privacy Rights:
This Privacy Policy describes how we may share your information for marketing purposes. It applies to all users of the Corvus Service, including California residents.
We share information with others as more fully set forth above. We share your information with other parts of our business and with our service providers.
You may contact us with any questions, or to request a list of third parties to whom we may disclose information for marketing purposes and the categories of information we may disclose. See below for our contact information:
Contact Us:
If you require any more information or have any questions or complaints about our Privacy Policy, please feel free to contact us at 650-900-4520 or info@corvuspharma.com.
Special Section for Visitors from the EEA and the UK:
This section of the Website Privacy Notice is relevant to you, if you are visiting our Website and using our Services from the EEA or the UK. Certain additional legal requirements apply in these jurisdictions, and those are outlined below. Except as otherwise stated in this section, the remainder of this Website Privacy Notice continues to apply regardless of your location. In the event of any conflict between this EU/UK-Special section and other parts of the Website Privacy Notice, the provisions in this section shall prevail for users in the EEA and UK.
PROCESSING OF PERSONAL DATA
The term personal information has the meaning of “Personal Data”, as defined by the applicable data protection laws in these territories, including, but not limited to, the Regulation (EU) 2016/679 (GDPR) and the UK Data Protection Act 2018 (UK GDPR), collectively understood as Applicable Data Protection Laws for this section of the Website Privacy Notice.
Accordingly, the term “process” or “processing” shall have the meaning assigned to it by the Applicable Data Protection Laws.
DATA CONTROLLER
Corvus, being the entity responsible for the processing of your Personal Data when you are using the Services is the Data Controller.
Corvus has appointed a Data Protection Representative in the EU and the UK, which can be reached at the following address:
Data Protection Representative in the EU:
iliomad Health Data
64 avenue Pierre Grenier 92100 Boulogne-Billancourt, France
dpr@iliomad.fr
Data Protection Representative in the UK:
iliomad Health Data UK
Salisbury House, Station Road, Cambridge, United Kingdom, CB1 2LA
dpr@iliomad.fr
RECIPIENTS OF YOUR PERSONAL DATA
The entities listed in the section “Our Disclosure of Your Personal Data and Other Information” of this Website Privacy Notice shall have the meaning of Recipients of your Personal Data, as defined in the Applicable Data Protection Laws.
LEGAL BASES FOR THE PROCESSING OF YOUR PERSONAL DATA
The legal basis for the processing of your Personal Data for Corvus’ Business Purposes described in section “How We Use Personal Information and Other Information” of the Website Privacy Notice, is Corvus’ legitimate interest to conduct business and to promote its activities to the public.
For the processing of your Personal Data based on the communication that you have initiated with Corvus, by using Corvus’ contact form or any other means of communication, the legal basis is your consent.
Finally, Corvus may under certain circumstances collect and process your personal data to comply with its legal obligations.
YOUR RIGHTS AS A DATA SUBJECT
You have the following rights in relation to the Personal Data we hold about you, unless provided otherwise by local law:
- To request access to, or rectification of, the Personal Data we hold about you.
- To request the erasure of the Personal Data we hold about you.
- To request us to restrict the processing of the Personal Data we hold about you.
- To object to us processing Personal Data relating to you.
- Where you have given us consent to process your Personal Data, you have the right to withdraw that consent at any time.
- To export the Personal Data you have provided to us in a format that can be transferred electronically to a third party.
Please note that some of these rights are not absolute. In some cases, we may refuse a request to exercise particular rights if complying with it meant that we are no longer able to meet our contractual obligations. We will keep you informed as to the actions that we can take when you make your request.
In order to exercise any of your rights related to the processing of your Personal Data by Corvus, you can contact Corvus’ Data Protection Officer at the following address: compliance@corvuspharma.com
If, despite Corvus’ commitment to respecting your rights and protecting your Personal Data, you remain dissatisfied, it is possible to file a complaint with the competed supervisory authority:
For the EU:
National Commission on Informatics and Liberty
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
France
https://www.cnil.fr/fr/adresser-une-plainte
For the UK:
Information Commissioner’s Office
Wycliffe House Water Lane
Wilmslow Cheshire SK9 5AF
United Kingdom
https://ico.org.uk/about-the-ico/our-information/request-information-from-us/
CROSS-BORDER TRANSFERS OF YOUR PERSONAL DATA
As a US-based company, Corvus might transfer your Personal Data to the US, which is a country outside the EU or the UK. At the same time, some of the Recipients of your Personal Data can be based outside the EU or the UK in countries not covered by an adequacy decision. For these cases, Corvus has put in place appropriate safeguards to ensure that your Personal Data will be protected adequately in these third countries, according to the measures listed in Chapter V of the GDPR and the UK GDPR.
This Website Privacy Notice was last modified on September 10, 2025.
