Last updated and effective date: October 1, 2025
This Privacy Notice describes how Fate Therapeutics, Inc. (“Fate Therapeutics”, “we”, “us”, or “our”) collects, uses, shares, and safeguards your personal information. This Privacy Notice also tells you about your rights and choices with respect to your personal information, and how you can reach us to get answers to your questions.
You can click on the following links to go directly to the corresponding sections of this Privacy Notice.
What Our Privacy Notice Covers
How We Collect Your Personal Information
Information We Collect and How and Why We Use It
Cookies and Similar Tracking Technologies
How We Share Information
Your Choices
How We Protect Information
How Long We Retain Information
Children’s Privacy
Third Party Links
Changes To Our Privacy Notice
Contacting Us
Information for California Residents
Information for Individuals in the EU and UK
What Our Privacy Notice Covers
This Privacy Notice does not apply to information collected from individuals participating in our clinical trials. If you are a clinical trial research participant, please refer to the study-specific consent and authorization forms for more information about the collection and use of your information. If you are an HCP, please refer to the HCP Privacy Notice available here.
This Privacy Notice does, however, apply to job applicants, and when you interact with us including through our websites (the “Site”).
Additionally, although this Privacy Notice covers job applicants, it does not apply to employees and staff members working for Fate Therapeutics. Such information is governed by a separate privacy notice.
We have a separate Consumer Health Data Privacy Notice that relates to rights provided under consumer health data privacy laws in relevant states. You can access our Consumer Health Data Privacy Notice here.
Note: If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), this Privacy Notice only applies in relation to the personal information we collect from you when you use our Site.
How We Collect Your Personal Information
We collect personal information about you in a variety of ways depending on how you interact with us and the Site, including:
- Directly from you when you provide it to us, such as when you request additional information about our company; sign up to receive our e-mail newsletters, alerts, or promotional messages; inquire about career opportunities, interact with us on social media, or communicate with us by phone, e-mail, or otherwise.
- Automatically through the use of cookies, pixel tags, web server logs, and other similar technologies when you visit or interact with our Site. For more information, please see “Cookies and Similar Tracking Technologies” section below.
- From other sources, including, for example, third parties, business partners, our affiliates, or publicly available sources. For example, if you submit a job application, we may receive certain information from recruiting firms that we work with. We may also conduct a background check where permitted by law.
Notice at Collection: Personal Information We Collect and Purposes for Collection
The following describes the type of personal information we collect, how we use that information, and for individuals located in the EEA or the UK we explain which of the legal bases we rely on to do so.
| Context | Types of Information | Primary Purpose for Collection and Use (and Legal Basis if you are located in the EEA/UK) |
| Communications Data | We collect information when you communicate with us, such as when you request additional information about our company; or inquire about career opportunities. We also collect information when you interact with us on social media. Examples of such information include your name, contact information, the date and time of your communications, online identifiers, social media profile, and the content of your communications. If you contact us about participation in a clinical trial, we may also collect limited health-related data. | We have a legitimate interest in receiving, and acting upon, your feedback or issues and responding to inquiries related to support, employment opportunities, or other requests. We do this to communicate with you, such as to respond to and/or follow-up on your requests, inquiries,
issues or feedback (Article 6(1)(f) GDPR). |
| Device Information | When you visit our Site, we collect certain information about your browser and the device you use to access our Site. Examples of such information include your device type, browser type, Internet protocol (IP) address, general location of your device, operating system, internet service provider, and other technical information about your device. | We have a legitimate interest in collecting and analyzing information about use of our Site. We also have a legitimate interest in detecting and preventing fraud (Article 6(1)(f) GDPR).
|
| Information about Contractors, Consultants, Vendors and Business Partners | We collect, among other things, the name and contact information of our contractors, consultants, vendors business partners and their respective employees or subcontractors with whom we interact. | We have a legitimate interest in communicating with our contractors, consultants, vendors and business partners concerning normal business administration (Article 6(1)(f) GDPR). |
| Job applicants | If you apply for a job posting, we collect information necessary to process your application. This may include, among other things, your Social Security Number, and educational and professional history information. Providing this information is required for the employment process. . We may also receive information from a background check where permitted by law. | We have a legitimate interest in using your information to have efficient staffing and work force operations. In some contexts, we are also required by law to collect information about job applicants.
We do this to make decisions about recruitment and in anticipation of a contract of employment. |
| Mailing List | When you sign up or agree to receive our e-mail newsletters, alerts, or promotional messages we collect your email address. | We share information about our products and services with individuals that consent to receive such information (where such consent is required by applicable law) (Article 6(1)(a), GDPR).
Where consent is not required, we have a legitimate interest in sharing information about our products or services (Article 6(1)(f), GDPR). We do this to send informational, recruiting, marketing and/or promotional materials. |
| Usage Data | We collect information about your interactions with our Site. Examples of such information include pages visited, links clicked, access date and times, referring website, and identifiers associated with browser cookies, web beacons, and similar technologies we deploy on our Site. | We have a legitimate interest in collecting and analyzing information about use of our Site. We do this to administer,
maintain, evaluate, and improve our Site and website offerings. We also have a legitimate interest in detecting and preventing fraud or other malicious, deceptive or illegal activity (Article 6(1)(f) GDPR).
|
| Lawful Business Operations | All types of personal information that we collect about you and your interactions with this Site, as described in this Privacy Notice. | We have a legitimate interest to use your personal information to: (i) detect and protect against malicious, deceptive, fraudulent, or illegal activity, including violation of our policies and terms and conditions, security incidents, and harm to the rights, property or safety of Fate Therapeutics and our users, employees or others; (ii) operate and improve upon our business and lawful business activities, such as to maintain our accounts and records, to conduct research and perform analytics, to manage our relationships, and for any other business purpose that is permitted by law and (ii) to comply with our legal or regulatory obligations, to establish or exercise our rights, and to defend against a legal claim.
We also have a legitimate interest to use your personal information to enable any due diligence and other appraisals or evaluations for any actual or proposed merger, acquisition, financing transaction or joint venture contemplated by Fate (Article 6(1)(f), GDPR). |
We collect the above-described personal information when you interact with our Site to contact you from time to time; to provide you with information about our business; for customer support; and to respond to your inquiries.
We also use personal information to monitor or improve our Site; for internal business analysis; to prevent fraud, activities that violate our contracts, or that are illegal; and to protect our rights and the rights and safety of our users or others.
For those who interact with us in a commercial capacity, we use your personal information to engage in business transactions with the entity you represent or to engage in diligence with the entities you represent.
To the extent we maintain and use personal information in a deidentified form, we will not attempt to reidentify the information, except for the purpose of determining whether our deidentification processes satisfy our legal obligations.
Cookies and Similar Tracking Technologies
We and our service providers use cookies, web beacons, and similar tracking technologies to collect certain information, including Device Information and Usage Data, when you interact with our Site. The types of technologies we may use include the following:
| Tracking Technology | Types of Information | Primary Purpose for Collection and Use |
| Cookies | Cookies are small files that a website sends to your computer’s hard drive through your web browser that enables the website to recognize your browser and capture and remember certain information. Cookies may be first party – meaning they are operated by the domain of the website you are visiting – or third party, meaning they are operated by a third party’s domain. Most web browsers allow you to reject or delete cookies through their settings preferences. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Site. | We have a legitimate interest in making our Site operate properly and efficiently. We also have a legitimate interest in analyzing the use and performance of our Site, including site traffic and site interaction so that we can improve the Site and offer better experiences and tools in the future.
Where required by law, we will obtain your consent for the deployment of cookies on our Site. |
| Web Beacons | A “web beacon” (also called a “pixel tag” or a “clear GIF”) is a small graphic image placed on website pages or in electronic communication that can be used for such things as counting the users who have visited those pages, clicked on links, opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). | We have a legitimate interest in understanding how you interact with our Site to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. |
| Web Logs | When you visit and interact with our Site, we record certain information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors. | We have a legitimate interest in monitoring our networks and the visitors to our Site for security purposes, including detecting and preventing fraud; analyzing the use and performance of our Site to understand which of our content is the most popular and to improve our Site. |
Cookies We Use
This Site uses two types of cookies:
- Persistent cookies i.e., cookies that remain on your device for a certain period of time (as indicated in the table below) or until you manually delete them or object to them; and
- Session cookies i.e., cookies that expire at the end of the browser session (e.g., when you leave our Site and close your browser).
Our cookies are either strictly necessary (i.e. cannot be disabled and are required to enable our Site to function and protect against fraud, malicious behaviour and brute force attacks) or non-essential (i.e. can be disabled and are used to analyse and improve our Site and provide you with an enhanced user experience).
On your first visit to our Site and every six months thereafter, on the homepage you will see a cookie banner informing you why cookies are used, and asking you to consent to non-essential cookies if you agree with us using them (“Accept Non-Essential Cookies”). If you do not agree, you can select “Reject Non-Essential Cookies” or customize your cookie preferences by selecting “Manage Cookie Preferences”.
You can change your cookie preferences through the cookie banner, where you have the option of opting-in or opting-out to the use of non-essential cookies on your device. Note that you will have to clear cookies on your device to immediately delete them. If you do not delete your cookies via your browser’s options (see below) then cookies will continue to operate until the end of their lifespan (see table below). However, you can also update your cookie preferences at all times by using the button available at the Site’s footer: [insert link].
Types of cookies used
| Operator | Domain | Cookie Name | Session or Persistent
|
Purpose | Lifespan |
| Strictly Necessary Cookies
|
|||||
| Moove Agency | https://www.fatetherapeutics.com/ | moove_gdpr_popup | Persistent | Control of cookie consent display | 1 day |
| Non-Essential Cookies
|
|||||
| https://www.fatetherapeutics.com/ | _ga | Persistent | Analytics | 5 weeks | |
Third-Party Analytics
We use third-party analytics services on our Site to monitor and analyze the use of our Site. For example, we use Google Analytics to help us analyze your use of the Site. To learn more about how Google collects and processes data, please visit https://policies.google.com/privacy?hl=en.
How We Share Information
In addition to the specific situations discussed elsewhere in this Privacy Notice, we disclose information in the following situations.
- Affiliates. We may share information with our corporate affiliates (g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control and that share common branding).
- Service Providers. We share information with third parties that perform services to support our business and internal operations, including ethics committees, study monitors and laboratory service providers. Among other things, service providers may help us to operate our Site, provide technical support, send communications, or assist with the other activities described in this Privacy Notice.
- Other Third Parties. We may disclose your information in response to subpoenas, warrants, court orders, government inquiries or investigations, or in connection with any other legal process, or to comply with relevant laws and regulations. We may also disclose your information to establish, exercise, or protect the rights of our company, employees, agents, and affiliates; to defend against a legal claim; to protect the safety and security of our visitors; to detect and protect against fraud; and to take action regarding possible illegal activities or violations of our policies.
- Business Transactions. In the event of a merger, divestiture, restructuring, reorganization, change of control, dissolution, or other sale or transfer of some or all of our company’s assets, including as part of a bankruptcy, liquidation, or similar proceeding, we will also share information with the buyer or other successor of our company, including at the negotiation stage.
- Other Disclosures with Your Consent. We may ask if you would like us to share your information with other third parties who are not described elsewhere in this Privacy Notice.
We do not “sell” personal information or “share” personal information for purposes of cross-context behavioral advertising (as such terms are defined under California law).
Your Choices (if you are not located in the EEA/UK)
You can opt out of receiving promotional emails by following the unsubscribe instructions in emails you receive from us. If you decide not to receive promotional emails, we may still send you service-related communications.
If you are located in a California, please see the section “Information for California Residents” below for information on additional privacy rights.
If you are located in the EEA/UK, please see the section “Individuals located in the EEA/UK” below.
How We Protect Information
No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. Accordingly, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable privacy.
Notice at Collection: How Long We Retain Information
We retain your personal information for only as long as necessary to fulfil the purposes outlined in this Privacy Notice, including for the purposes of satisfying any legal, accounting, or reporting requirements, unless a longer retention period is required or permitted by law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we obtained the information and whether we can achieve those purposes through other means, as well as applicable legal requirements and guidance.
Children’s Privacy
Our Site is not intended for or directed to children under the age of 13 and we do not knowingly collect personal information from children under the age of 13.
Third Party Links
For your convenience, we may provide links to websites and other third-party content that we do not own or operate. The websites and third-party content to which we link may have separate privacy notices or policies. Please note, we have no control over the privacy practices of websites or services that we do not own. We encourage you to review the privacy policies of any third-party website or application for details about what information is collected and how it is used and/or shared.
Changes To Our Privacy Notice
We may update our Privacy Notice from time to time. To the extent that our notice changes in a material way, the notice that was in place at the time that you submitted personal information to us will generally govern that information unless we receive your consent to the new privacy notice. To see when this Privacy Notice was last updated, please refer to the date at the top of this page.
Contacting Us
If you have any questions, comments, or concerns about our privacy practices or to make accessibility-related requests or report barriers, please contact us using the information below.
12278 Scripps Summit Drive, San Diego, CA 92131; Attn: Legal Department
privacy@fatetherapeutics.com
888-852-3891
Information for California Residents
California law requires us to disclose the following information related to our privacy practices. If you are a California resident, this section applies to you in addition to the rest of this Privacy Notice. California law gives residents various rights with respect to their personal information:
- Know Details About the Processing of Your Personal Information. You may request confirmation on whether or not we are processing your personal information and to access such data. You may also request the following information collected since January 1, 2022: Categories of personal information we have collected about you; categories of sources from which such personal information was collected; categories of personal information we sold or disclosed for a business purpose about you; categories of third parties to whom the personal information was sold or disclosed for a business purpose; and the business or commercial purpose for collecting or selling your personal information.
- Access to Your Personal Information. You may request to receive access to or request a copy of your personal information in a portable, machine-readable format, subject to certain exceptions.
- Correcting Your Personal Information. You may request that we correct inaccuracies in any personal information we maintain about you by following the instructions described below.
- Deletion of Your Personal Information. You may request that we delete your personal information by following the instructions described below. Please note that in certain situations, and to the extent permitted by law, we may be required to keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, to protect against fraudulent, deceptive, or illegal activity, or for another one of our business purposes.
We do not “sell” personal information or “share” personal information for purposes of cross-context behavioral advertising (as such terms are defined under California law).
Do Not Track Signals. Some Internet browsers have a “do not track” feature that lets you tell websites that you do not want to have your online activities tracked. We do not respond to “Do Not Track” signals.
How to Submit a Request
To submit a request to know, access/copy, correct, or delete your personal information, please contact us by email at privacy@fatetherapeutics.com, or by phone at 888-852-3891. We will provide a substantive response to these requests within 45 days of the date on which we received your request. If we require additional information or time to process your request, we will contact you.
In order to process your request, we must be able to verify your identity to make sure you are the person about whom we have collected personal information or an authorized representative. Depending on the type of request, we may conduct the verification process by email or phone using information that matches our records. The information you must provide as part of the verification process may include: name, contact information (such as email address or phone number), relationship with us, and residency. We may also ask for additional information as needed based on your relationship with us.
You may designate an authorized agent to submit a request on your behalf. To do so, you must (1) provide that authorized agent written and signed permission to submit such request, and (2) verify your own identity directly with us.
If you have been designated as an authorized agent to submit a request on behalf of another person, you must (1) download and complete this Authorized Agent Designation Form and have it signed by the individual, and (2) attach the signed form when you submit a request either by emailing us at privacy@fatetherapeutics.com or calling us at 888-852-3891. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized to submit such request.
Review of Requests
Please note, not all of the rights described above are absolute, and they do not apply in all circumstances. In some cases, we may limit or deny your requests. This may occur because the law permits or requires us to do so, or if we are unable to adequately verify your identity. When this is the case, we will explain our reasons for not providing you with the information or taking the action you requested.
We will not discriminate against individuals who exercise their privacy rights under applicable law.
Categories of Information We Disclosed For Business Purposes in the Past 12 Months
The table below identifies the categories of personal information we disclosed for a business purpose in the 12 months prior to the date of this Notice. Please note that because this list is comprehensive, it may refer to types of information that we collect and share about people other than yourself.
| Categories Of Personal Information We Collect | Categories Of Third Parties To Whom We Disclose Personal Information For Business Purpose |
| Identifiers – This may include Name, Postal Address, Phone Number, Unique Personal Identifier, Online Identifier, Internet Protocol (IP) Address, Device ID, Email Address, Account Name, Signature, Social Security Number, Driver’s License Number, Passport Number, or Other Similar Identifiers. | · Affiliates and/or Subsidiaries
· Business Partners · Data Analytics Providers · Internet Service Providers · Operating Systems and Platforms · Service Providers · Payment Processors and Financial Institutions · Social Networks · Government Entities, Law Enforcement, Lawyers, Auditors, Consultants and Other Parties as required by law |
| Financial Information – This may include Bank Account Number, Credit or Debit Card Number, or Other Financial Information. | · Affiliates and/or Subsidiaries
· Service Providers · Payment Processors and Financial Institutions · Government Entities, Law Enforcement, Lawyers, Auditors, Consultants and Other Parties as required by law |
| Medical / Health Insurance Information – This may include Information Regarding An Individual’s Medical History, Mental Or Physical Condition, Or Treatment, And Health Insurance Information. | · Affiliates and/or Subsidiaries
· Service Providers · Government Entities, Law Enforcement, Lawyers, Auditors, Consultants and Other Parties as required by law |
| Characteristics Of Protected Classifications – This may include Race, Gender, Physical or Mental Disability, And Religion. | · Affiliates and/or Subsidiaries
· Service Providers · Government Entities, Law Enforcement, Lawyers, Auditors, Consultants and Other Parties as required by law |
| Internet Or Other Electronic Network Activity Information – This may include Browsing History, Search History, and Information Regarding an Individual’s Interaction with an Internet Website, Application, or Advertisement. | · Affiliates and/or Subsidiaries
· Data Analytics Providers · Internet Service Providers · Operating Systems and Platforms · Service Providers · Social Networks · Government Entities, Law Enforcement, Lawyers, Auditors, Consultants and Other Parties as required by law |
| Geolocation Data – Such as Physical Location. | · Affiliates and/or Subsidiaries
· Data Analytics Providers · Internet Service Providers · Service Providers · Government Entities, Law Enforcement, Lawyers, Auditors, Consultants and Other Parties as required by law |
| Electronic And Sensory Data – Such as Audio, Electronic, Visual, Thermal, Olfactory, Or Similar Information (e.g., Pictures, a Recording of a Customer Service Call, Security Video Surveillance Footage). | · Affiliates and/or Subsidiaries
· Service Providers · Government Entities, Law Enforcement, Lawyers, Auditors, Consultants and Other Parties as required by law |
| Professional/Employment Information – Such as Occupation and Professional References. | · Affiliates and/or Subsidiaries
· Service Providers · Government Entities, Law Enforcement, Lawyers, Auditors, Consultants and Other Parties as required by law |
| Inferences drawn from any of the information listed above – Such as an individual’s preferences and characteristics. | · Affiliates and/or Subsidiaries
· Data Analytics Providers · Internet Service Providers · Service Providers · Government Entities, Law Enforcement, Lawyers, Auditors, Consultants and Other Parties as required by law |
For more information about the personal information we collect, including the sources from which we obtain personal information, please see the “How We Collect Your Personal Information” and “Personal Information We Collect and Purposes for Collection” sections above.
We collect, use and disclose personal information for the business or commercial purposes described in the “Personal Information We Collect and Purposes for Collection” and “How We Share Information” sections above.
California Sensitive Information Disclosure
Some of the personal information we collect is considered “sensitive personal information” under California law. We collect the following categories of sensitive personal information (as defined under California law): personal information concerning your health, social security number and driver’s license. This information is collected in order to process transactions, comply with laws, and manage our business. Note that we do not use such information for any purposes that are not identified within the California Privacy Rights Act Section 1798.121. We do not “sell” or “share” sensitive personal information for purposes of cross-context behavioral advertising.
California Shine the Light
California residents with an established business relationship may annually request information about the personal information disclosed to third parties for their direct marketing purposes in the preceding calendar year. We do not and did not make such disclosures.
Information for Individuals located in the EEA and UK
If you are located in the EEA or the UK, this section applies to you in addition to the rest of this Privacy Notice (unless otherwise specified).
As noted above, this Privacy Notice only applies in relation to the personal information we collect from you when you use our Site i.e.:
- Communications Data
- Device Information
- Mailing List
- Usage Data
- Lawful Business Operations
Refer to “Information We Collect and How and Why We Use It” above for information regarding the reasons why we process the related personal information and the legal basis we rely upon to do so.
You have a right to object to the processing of your personal information where that processing is carried out for our legitimate interests. Please note however that we may not be able to fulfil such requests in all instances.
Where we need to collect the abovementioned categories of personal information by virtue of a legal obligation or in light of a contract entered or to be entered into with you, and you do not provide this personal information when requested, we may not be able to comply with our legal obligations, provide you with the Services or perform the contract we have or are trying to enter into with you. In such case, we may have to terminate our relationship with you.
Fate Therapeutics is the controller of this personal information for the purposes of applicable data protection and privacy laws.
EEA/UK Data Subject Rights
You have certain rights which may be subject to limitations and/or restrictions. These include the right to:
- obtain access to or request the rectification of inaccurate personal information that we hold about you,
- ask for a copy of your personal information to be provided to you, or a third party, in a digital format, and
- object to the processing, or request the erasure, of your personal information.
Where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Withdrawal of consent will not impact the legality of the processing carried out in reliance on consent prior to the withdrawal.
Refer to “How to Submit a Request to Access, Correct, or Delete Your Personal Information” for instructions on how to make a request to exercise your rights.
You may also have the right to file a complaint with the competent data protection authority if you believe we did not properly handle your personal information or did not respect your rights. See “Queries and Complaints” below for further details.
International Transfers
We may transfer your personal information to countries other than the country in which the information was originally collected. As a result, your personal information may be processed and stored outside of your country of residence where privacy laws may be less stringent than the laws in your country.
If you are located in the EEA or the UK, we will transfer personal information outside of the EEA/UK in compliance with data protection laws in the EEA/UK and as deemed necessary, enter into a data transfer agreement (e.g., standard contractual clauses), seek to rely on Binding Corporate Rules or otherwise make the transfer in reliance on a derogation under EEA/UK data protection laws (e.g., where the transfer is necessary for the defense of legal claims).
If you would like more information in relation to, or a copy of the relevant safeguards, you can contact us using the details set out below.
Queries and Complaints
If you have a query or complaint in relation to this Privacy Notice, please use the contact details provided in “Contacting Us”.
In addition, we have appointed DataRep as our Data Protection Representative in the EU and the UK. If you wish to raise a question to us or otherwise exercise your rights in respect of your personal data, you may do so by either (1) sending an email to DataRep at datarequest@datarep.com, including “Fate Therapeutics, Inc.” in the subject line or contacting DataRep using their online webform at www.datarep.com/data-request.
If you are not satisfied with our response, and are in the EU or the UK, you may have a right to lodge a complaint with the data protection authority in your jurisdiction.