- by us (or our vendors), offline or through any other means including, should you enrol in a clinical trial sponsored by us in which case we will provide you with a separate privacy notice; or
- about job applicants or our employees – which, in certain jurisdictions, is governed by separate privacy notices; and/or
- by any third party, including through any application or content (including advertising) that may link to or be available from the Site.
- Categories of Personal Data
- Purposes and legal bases for processing
- Sharing of Personal Data
- Retention period
- Your data privacy rights
- International Transfers
- Other websites
- Contact Us
1. Categories of Personal Data
1.1 We collect and process the following types of Personal Data:
- Your personal identifiers and contact details such as your name, email address and Internet Protocol (IP) address;
- Internet or other electronic activity information such as your browser type and operating system, the websites you visited before and after visiting the Site, the pages you view and links you click on within the Site, information about your interactions with e-mail messages, such as the links clicked on and whether the messages were received, opened, or forwarded; and Standard Server Log Information; and
- Any other information you voluntarily provide to us e.g. when you contact us.
1.2 Sources of Personal Data
We collect Personal Data directly from you when you visit our Site, when you contact us via the Site, request information about our business or clinical trials, where you subscribe to receive our newsletter, and when you otherwise voluntarily provide us with your Personal Data.
2. Purposes and legal basis for processing
We use and process your Personal Data for the purposes and legal bases set out below:
|Communicating with you, providing you with information about our business, customer service, and operating and improving our Site.||IO Biotech has a legitimate interest to operate its Site and communicate with you upon your request (Article 6(1)(f), GDPR)|
|Contact you with respect to products and/or services offered by us which we believe may interest you (including direct marketing) unless you advise us that you do not wish to receive marketing or market research communications from us||If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent (Article 6(1)(a), GDPR). If you wish to stop receiving marketing or market research communications from us you can unsubscribe via the link at the bottom of the relevant marketing e-mail or contact us using the contact details below IO Biotech has a legitimate interest to carry out direct marketing in certain instances (Article 6(1)(f), GDPR)|
|Carrying out audits and investigations, and to investigate and resolve complaints||IO Biotech has a legitimate interest to manage its business and to ensure that all investigations and proceedings are managed efficiently and effectively (Article 6(1)(f), GDPR) IO Biotech may have a legal obligation to do so (Article 6(1)(c), GDPR)|
|Preparing for and acting in relation to enquiries, investigations or proceedings, by governmental, administrative, judicial or regulatory authorities, including civil litigation||IO Biotech has a legitimate interest to manage its business and to ensure that all investigations and proceedings are managed efficiently and effectively (Article 6(1)(f), GDPR) IO Biotech may have a legal obligation to do so (Article 6(1)(c), GDPR)|
|In connection with a potential asset or stock acquisition of IO Biotech, or the outsourcing or insourcing of services provided by employees, providing reasonable diligence material to a third party or meeting any disclosure obligations as required by law||IO Biotech has a legitimate interest to manage its business (Article 6(1)(f), GDPR)|
You have a right to object to the processing of your Personal Data where that processing is carried out for our legitimate interests. Please note however that we may not be able to fulfil this request in all instances.
3. Sharing of Personal Data We make personal data available to our business partners, including IT suppliers that stores and process personal data on our behalf. Such business partners and suppliers are subject to IO Biotech’s instructions regarding the storing and processing of personal data. Further, it is IO Biotech’s responsibility that the storing and processing is in accordance with the data privacy legislation.
We also share your Personal Data as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We also share your Personal Data with third parties to help detect and protect against fraud or data security vulnerabilities. And we may transfer your Personal Data to a third party in the event of a sale, merger, reorganization of our entity or other restructuring.
4. Retention period
We store Personal Data for as long as necessary to fulfil the purposes described above. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of the Personal Data, the purposes for which we process the Personal Data and whether we can achieve those purposes through other means. We also consider the applicable legal requirements and the extent to which it is necessary to process the Personal Data. In exceptional cases (e.g., in pending litigation matters or where the law requires us to) your Personal Data may need to be kept for longer periods of time.
5. Your data privacy rights
You have the following rights with regard to Personal Data which we process about you, which may be subject to limitations and/or restrictions:
- You have the right to request access to the Personal Data we process about you.
- You have the right to request us to rectify any Personal Data that might be incorrect, as well as the right to request us to restrict the processing of your Personal Data.
- You may request to receive a copy of your Personal Data that you provided to us, in a structured, commonly used and machine-readable format, if our processing of such Personal Data is based on your consent or a contract that you concluded with us (data portability).
- You have the right to request that we erase your Personal Data.
- You have the right to withdraw consent to the processing of your Personal Data at any time.
You also have the right to lodge a complaint with the competent data protection supervisory authority.
6. International Transfers
IO Biotech will, for the purposes identified above, transfer Personal Data to recipients as referred to above, that are located in countries outside the European Economic Area (“EEA”)/ UK, including the US, and which are not considered to provide an adequate level of data protection. Personal Data will only be transferred from the EEA/UK to a recipient in a country which is not considered to provide an adequate level of data protection when the transfer is made in compliance with applicable data protection and privacy laws (e.g., by entering into standard contractual clauses (“SCCs”) with the recipient, relying on the recipients Binding Corporate Rules, or by relying on a derogation such as, where the transfer is necessary for performance or a contract or the establishment or defence of legal claims).
7. Other Websites
If our Site provides links to other websites, these websites may operate independently from us and may have their own privacy notices or policies, which we advise you to review. To the extent any linked websites or apps are not owned or controlled by us, we are not responsible for their content.
9. Contact Us
Please do not hesitate to contact us if you have any questions in regard to the protection of your Personal Data or if you wish to exercise your data protection rights (as described in Section 4 above).
IO Biotech ApS, Ole Maaløes Vej 3, DK-2200 Copenhagen N, Denmark
Data Protection Officer: firstname.lastname@example.org