Effective date: 1 December 2024

At Inhibrx Biosciences, Inc. (“Inhibrx,” “we,” “us,” or “our”), we take your privacy and the security of your information very seriously.

This Privacy Policy (“Policy”) covers Inhibrx owned and operated websites (“Site” or “Sites”), including https://inhibrx.com/. It does not cover other services that Inhibrx may offer through other offerings. For information on how we handle your data through our other offerings please contact [email protected]. If you took part in a clinical trial as a study subject and have questions relating to this, you should contact the institute where your trial took place.

This Policy is incorporated into, and is part of, our Terms of Use, available at https://inhibrx.com/terms-of- use/, which govern your access to the Site and your use of the Site, unless you have entered into a separate written agreement with Inhibrx. If you have entered into a separate written agreement with Inhibrx, that separate written agreement shall control, and only those terms within this Policy that do not conflict with said separate written agreement shall apply. Unless otherwise defined herein, capitalized terms shall have the meaning assigned to such terms in the Terms of Use.

If you have any questions regarding this Policy, please contact us at [email protected].

The Policy describes the types of information we gather from people visiting our Site and from individual users (“you” or “users”) interacting with our Site and how we use, transfer, and secure such information. By accessing any Site, you agree to be bound by this Policy. This Policy does not govern information we receive from third parties. Further, if you do not agree to the terms of this Policy, please do not use the Site. Each time you use any Site, the current version of this Policy will apply. Accordingly, when you use any Site, you should check the date of this Policy (which appears at the top) and review any changes since you last reviewed the Policy.

1. Types of Information We Collect

We may collect Personal Information from users of our Sites. References to “Personal Information” in this Policy means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.1. Personal Information Collected

1.1.1. Information you provide to We collect Personal Information that you voluntarily provide to us when you use our Site. For example, you may provide us with:

  • Contact data, such as your email address, first name and last name, and phone number, if you provide them to us by using the “Contact Us” form;
  • Registration data, such as first name and last name, and email address, if you elect to join our distribution list;
  • Content that you choose to provide in the “Contact Us” form that contains Personal Information;
  • Marketing data, such as your preferences for receiving our newsletter and promotional communications;
  • Communications data in communications that we exchange, including when you message us or contact us with questions; and
  • Other information that we may collect from you which is not specifically listed here, which we will use as described in this Policy or as otherwise disclosed at the time of collection.
  • Information from other sources. We may combine Personal Information we receive from you with Personal Information we obtain from other sources, e.g. public sources such as clinicaltrials.gov, corporate websites, etc.

1.1.2. Automatic data collection. We and our service providers automatically log information about you, your computer or mobile device, and your activity over time on our Site, such as:

  • Geolocation data. We aggregate metrics about visits to our web page by geographical region, but do not collect your specific location; and
  • Online activity data, such as pages or screens you viewed, which are viewed by Inhibrx only in aggregate and not individually.
  • Cookies and other technologies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser to help us identify you when you come to our We also use other technologies such as pixels and beacons and other tracking technologies. You have choices with respect to cookies, but opting out of some cookies may make parts of the website work poorly or not at all for you.

2. How We Use Your Personal Information

2.1. We use your Personal Information for the following purposes or as otherwise described at the time of collection:

2.1.1. Service We may use your Personal Information to:

  • Communicate with you and respond to your questions; and
  • Establish and maintain your registration on the distribution

2.1.2. Research and We may use your Personal Information for research and development purposes, including to analyze your use of the Site, improve the Site, and help us understand user activity on the Site, including which pages are most and least visited and how users move around the Site. We use third parties, such as Google Analytics or other analytics providers, for this purpose. Google Analytics does not create individual profiles for visitors and only collects aggregate data.

2.1.3. To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your Personal Information and other individuals whose Personal Information we We make Personal Information into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this data and share it with third parties for our lawful business purposes, including to analyze and improve the Site.

2.1.4. Marketing and advertising. We and our service providers may collect and use your Personal Information for direct marketing and advertising purposes, such as to send you our newsletter and promotional communications if you have opted to join the distribution list.

2.1.5. Compliance and We may use your Personal Information to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements and internal policies;
  • enforce the terms and conditions that govern the Site; and
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

2.1.6. Further uses/Use for new purposes. We may use your Personal Information for reasons not described in this Policy where permitted by law and the reason is compatible with the original purpose for which we collected it. If we need to use your Personal Information for an unrelated purpose, we will notify you and explain the applicable legal basis.

2.1.7. Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the websites. If you provide us with any sensitive personal information when you use the Sites, you consent to our processing and use of such sensitive personal information in accordance with this If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our Sites.

3. Legal Bases For

We use your Personal Information only as permitted by law. Under some data protection laws such as GDPR, we are required to have a legal basis. Our legal bases for processing the Personal Information described in this Policy are described in the table below.

Personal Information Processing purpose Legal basis
Contact data Service delivery Legitimate interest
Registration data Service delivery Your consent
Content Service delivery Legitimate interest
Communications data Service delivery / Marketing and advertising Your consent
Marketing data Marketing and advertising Your consent
Device data Research and development Your consent
Online activity data Research and development / Compliance and protection Your consent
Other information All of the purposes listed above Your consent

4. How We Share Your Personal Information

4.1. We may share your Personal Information with our affiliates and the following parties or as otherwise described in this Policy or at the time of collection:

4.1.1. Service Companies and individuals that provide services on our behalf or help us operate the Site (such as information technology, hosting, email delivery and website analytics) and communicate with you about current or future offerings. These third party service providers are not authorized to retain, share, store, or use the Personal Information for any purposes other than to provide the services they have been hired to provide;

4.1.2. Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us;

4.1.3. Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the purposes described in the Compliance and protection section above;

4.1.4. Business transferees. Relevant participants in business transactions (or potential transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Inhibrx (including, in connection with a bankruptcy or similar proceedings); and

4.1.5. Other third parties, as otherwise required or permitted by law, including any contractual obligations of Inhibrx.

5. International Data Transfer

We are headquartered in the United States and may use service providers that operate in other countries. Your Personal Information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your states, province or country. To ensure an adequate level of data protection is provided, transfers will be done in compliance with data protection legislation.

6. Retention

We retain Personal Information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.

When we no longer require the Personal Information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible. If we anonymize your Personal Information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.

7. Your Rights

7.1. Under data protection legislation you may have the following rights depending upon your jurisdiction:

  • Receive a copy of the Personal Data we hold about you – Right of Access
  • Correct the Personal Data we hold about you – Right to Rectification
  • Ask us to delete your Personal Data or restrict how it is used in certain circumstances– Right to Erasure
  • Request that we cease processing your data in certain conditions – Right to Restrict Processing
  • You have the right to object to our processing in certain circumstances such as marketing – Right to Object
  • Information related to Automated decision making or profiling. (We do not use automated decision-making or profiling)
  • Lodge a complaint to your designated supervisory authority- Right to lodge a complaint

7.2. Declining to provide We need to collect Personal Information to provide certain services. If you do not provide the information requested, we may not be able to provide those services.

7.3. Opt-out of If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included in each communication.

You may submit these requests by [email protected]. We may request specific information from you to help us confirm your identity and process your request.

If you would like to submit a complaint about our use of your Personal Information or our response to your requests regarding your Personal Information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction.

You can find the contact details for European Economic Area (EEA) data protection authorities here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. The UK data protection authority is the Information Commissioner’s Office and the contact details are available here: https://ico.org.uk/make-a-complaint/. If you are a resident in Switzerland, the contact details for the data protection authority are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

8. Cookies and Do Not Track Signals

8.1.1. You have the following choices with respect to your Personal

Cookies.

Please see the cookie banner on our websites for more information about the cookies we set and to select your cookie preferences. Alternatively, you can modify your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject all cookies you may be unable to use those aspects of our Site that require registration in order to participate. You can learn more about cookies and how they work at www.allaboutcookies.org. You can always disable cookies through your browser settings. Doing so, however, may disable certain features on our Sites.

8.1.2. Do Not Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track.” To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

9. Other Sites and Services

The Site may contain links to websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or other online services that are not associated with us. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions.

10. Children and Privacy

The Sites are not intended for use by children under 16 years of age. If we become aware that a child under the age of 16 has provided Personal Information through our Sites without the consent of the child’s parent or guardian, we will immediately delete the child’s Personal Information.

11. How Do We Protect Your Personal Information

We take the security of your Personal Information very seriously. We use reasonable organizational, physical, and technical safeguards to secure the Personal Information you share with us. Despite these safeguards and our additional efforts to secure your information, we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third-parties will not be able to defeat our security and improperly collect, access, steal, or modify your Personal Information.

12. Will We Change This Privacy Policy?

This Policy is subject to change from time to time. Any modifications will be effective upon our posting the modified version. Each time you use our Site, the current version of the Policy will apply. When you use our Site, you should check the effective date of this Policy (which appears at the top of the Policy) and review any changes since the last version. Your use of the Site after the effective date of any modified Policy indicates your acknowledgement that the modified Policy applies to your interactions with the Site. Unless stated otherwise, our current Policy applies to all information that we have about you.

13. How Do You Contact Us?

To contact us with your questions or comments regarding this Policy or the information collection and dissemination practices of this website, please email us at [email protected].

14. Data Protection Representatives

General  Data  Protection  Regulation  (GDPR)  –  European  Representative Pursuant to Article 27 of the General Data Protection Regulation (GDPR), we have appointed Clinical DPO as our GDPR Representative in the EU. You can contact [email protected] regarding matters pertaining to the GDPR.

UK General Data Protection Regulation (GDPR) – UK Representative Pursuant to Article 27 of the UK General Data Protection Regulation (UK GDPR), we have appointed Clinical DPO as our UK GDPR Representative in the EU. You can contact [email protected] regarding matters pertaining to the UK GDPR.

Data Protection Officer

We have appointed a Data Protection Officer, whose contact information is: [email protected]

11. Governing Law

This Policy is governed by the laws of the State of California, U.S.A. without giving effect to any principles of conflict of law.