Information in accordance with Art. 13 DS-GVO for the processing of personal data

I. SCOPE
This data protection Information according to art. Art. 13 DS-GVO applies to the collection of personal data by Immunic AG with the exception of the collection of personal data via the website of the Immunic AG (www.immunic-therapeutics.de). The present information therefore applies in particular to personal data that is communicated to Immunic AG by letter post or telephone, by fax or by e-mail.  Note: For the collection of personal information by Immunic AG via its website (www.immunic-therapeutics.de), a separate privacy policy of Immunic AG applies.

II. RESPONSIBILITY
Responsible for the processing of your personal data is:
Immunic AG
Am Klopferspitz 19
82152 Planegg / Martinsried
Germany
Phone: +49 (89) 250 0794 60
Fax: +49 (89) 900 19373
E-Mail: info@accuris.de

III. CONTACT DETAILS OF THE DATA PROTECTION OFFICER
accuris AG,
Dr. Christian Scharff
Agnes-Pockels-Bogen
180992 München
E-Mail: datenschutz@accuris.de

IV. PURPOSE AND LEGAL BASIS OF PROCESSING
We collect, process and use personal information when you provide us with this information and we are authorized to collect, use and process it based on your consent or on the basis of a legal requirement. Personal data is any information that relates to an identified or identifiable natural person (hereinafter referred to as “data subject”). This is the personal data that we collect and process:

  • Name, first name, professional activity/position, employer, address, telephone number, marital status, date of birth, gender, e-mail-address

The above-mentioned personal data will be processed for the following purposes:

  • Communication on products, services and projects, e.g. to process inquiries or to create individual offers;
  • Initiation, planning, execution and administration of the contractual business relationship between Immunic AG and its customers, service providers and other business partners;
  • To conduct surveys, marketing campaigns, market analysis or similar actions and events;
  • Providing newsletters and advertising on new products and services;
  • Maintaining and protecting the security of our compounds and services and our website, preventing and detecting security risks, fraudulent activity or other criminal or intentional acts;
  • Compliance with legal requirements such as tax and commercial retention requirements or existing obligations to conduct compliance screening (to prevent white-collar crime or money laundering)

The processing of the personal data is necessary for the achievement of the above-mentioned purposes, including the execution of the (contractual) business relationship with the business partner. Legal basis for the data processing is – as far as not otherwise specified – art. 6 (1) (b) and (f) of the DS-GVO or the expressly granted consent (article 6 (1) (a) of the DS-GVO) customers, suppliers and other business partners.

The data you submit to us will be kept confidential. Your personal data will not be sold to third parties or otherwise marketed by us. In principle, the data will not be made available to third parties for any use, unless you have given your consent to this or we are legally entitled or obliged to disclose this data.

To the extent permitted by law, and to the extent necessary to comply with applicable law, or to enforce, exercise or defend legal claims,   we transmit personal data to the courts, tax authorities, regulators. However, we take all measures to ensure appropriate and adequate safeguards for the protection of your personal information.

VI. STORAGE DATA AND STORAGE PERIODS
Insofar as no explicit retention period is specified during the collection (e.g. as part of a declaration of consent), the personal data will be deleted insofar as these are no longer required to fulfill the purpose of the storage, unless there are statutory retention requirements (e.g. commercial and taxation retention requirements) against a deletion.

VII. RECIPIENTS OR CATEGORIES OF RECIPIENTS
In principle, personal data that you provide us about yourself will only be processed by Immunic AG. However, in individual cases, fulfilling our tasks may require that we transfer the personal data stored about you to our service providers, tax authorities or other authorities. Transmission to service providers in the United States will only occur if the purpose requires, and the company(ies) in the United States are certified under the EU/US Privacy Shield (http://www.privacy-shield.gov). This ensures that your data will also be processed in compliance with data protection regulations in the USA (Appropriateness decision of the European Commission dated 12.07.2016, Ref. C (2016) 4176 final, OJ L 207/1 dated 01.08.2016).

VIII. YOUR RIGHTS

  1. Right of information: You can demand information in accordance with Art. 5 DS-GVO about your personal data processed by us. You may also request that you receive the data you provide us in a structured, common and machine-readable format.
  2. Right of correction: If the information concerning you is no longer correct, you may request a correction under Art. 16 DS-BER. If your data is incomplete, you can request a completion.
  3. Right of deletion:  Under the terms of Art. 17 DS-GVO you may request the deletion of your personal data. We have also implemented technical measures to notify all recipients of your data, as well as third parties, about your request for deletion or for the right to rectification and restriction of processing, if we have disclosed or made public your data to them. All links, copies and replications of your personal data will then be deleted.  Your right to delete depends among others on whether the data concerning you are still needed by us to fulfill our statutory duties.
  4. Right of restriction of processing: Within the framework of the provisions of Art. 18 DS-GVO you have the right to demand a limitation of the processing of the data concerning you. You also have the right to object to the processing of your personal data by us.
  5. Right of objection: If you believe that we have not complied with data protection regulations when processing your data, you can contact us with your complaint. Please note the contact details of the data protection officer of our company: datenschutzbeauftragter@accuris.de. You also have the right to contact us to complain to the competent authority about the processing of data by our company. This is the data protection authority responsible for our company: Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), 91522 Ansbach, Germany Internet: http://www.lda.bayern.de