Immunic Therapeutics

Privacy Policy

  1. Home
  2. Investors
Investor Relations

Privacy Policy

General

Data protection is an important concern of Immunic Therapeutics, including Immunic, Inc., Immunic AG and Immunic Australia Pty Ltd (hereinafter, referred to as “Immunic”). Therefore, data is processed exclusively in compliance with the applicable data protection regulations (e.g., GDPR, BDSG-n.F.).

We collect and process personal data if you provide us with this data and we are entitled to collect, use and process it on the basis of a consent granted by you or on the basis of a statutory provision.

If we receive personal data from you from other companies, you will be informed about this as soon as possible, at the latest during the first contact. This data will also only be stored and processed on the basis of legal regulations.

Responsible body

The responsible party within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

Immunic AG
Lochhamer Schlag 21
82166 Gräfelfing
Germany
Phone: +49 89 2080 477 00

If you have any questions about data protection, please send us an email to: privacy@imux.com.

If you want to write to us by mail, please use the above-mentioned address.

Responsible person according to §5 Telemediengesetz (TMG):
Dr. Daniel Vitt

Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”).

We collect and process personal data, such as your name, email address, company or telephone number, if you provide us with this data when registering for our Investor Alert newsletter and for sending press releases, or if you provide us with this data in any other way. We do not process any personal data when using the website for purely informational purposes, except for data that is technically collected automatically when you visit the website (see log data).

When conducting clinical studies, we process anonymized patient data.

We process the above-mentioned personal data for the following purposes:

  • Conducting clinical trials (monitoring, publication);
  • Distributing Investor Alert newsletters or press releases regarding current information about our company;
  • Communicating about services, projects or other company-related topics, e.g., to process your inquiries;
  • Planning, executing and managing the (contractual) business relationship, e.g., to process orders for products and services, to collect payments, for accounting, billing and debt collection purposes and to perform deliveries, maintenance activities or repairs;
  • Maintain and protect the security of our products and services and our websites by preventing and detecting security risks, fraudulent activity, or other criminal activity or activity undertaken with the intent to cause harm;
  • Compliance with legal requirements (e.g., tax and commercial retention obligations) or existing obligations to conduct compliance screenings (to prevent white-collar crime or money laundering);
  • Compliance with national laws, for example defense, exercise or assertion of legal claims.

The processing of personal data is necessary to achieve the above purposes. The legal basis for the data processing is – unless expressly stated otherwise – Article 6 (1) (f) of the GDPR or your expressly given consent pursuant to Article 6 (1) (a) of the GDPR.

Insofar as the above data is to be further processed for a purpose other than the original purpose of collection, you will be informed of this prior to further processing. In this way, you have the opportunity to object to the processing of your data for another purpose.

As a matter of principle, your data will not be made available to third parties for use unless you have given your consent to this or we are legally entitled and/or obliged to pass on this data.

Data subject rights: Right to information, correction, deletion or restriction of the processing of your personal data, right to object and right to data portability.

Upon request, we will inform you in writing, in accordance with the applicable law, whether and which personal data we store in our company. If, despite our company’s efforts to ensure data security and accuracy, incorrect information has been stored, we will correct it at your request.

You also have the right to request the restriction of the processing of personal data by our company. In addition, you may request to receive the data you have provided to our company in a structured, common and machine-readable format. You may also object to the data processing of personal data by our company.

You also have the right to request the deletion of your personal data, provided that this does not conflict with statutory retention periods. We delete the data if we no longer need it for the purpose for which we collected and processed it, or if you revoke the consent you have given and there is no other legal basis for the further processing of your data. In addition, we delete this data if the processing has been unlawful for reasons unknown to us or if you have objected to the processing and there are no overriding legitimate interests for the processing. Your data will also be deleted if we are legally obliged to do so. Our company has also implemented technical measures to notify all recipients of your data of your request for deletion or rectification. This applies only in the event that we have disclosed or made public such data. Deleted shall be all links, copies and replications of your personal data.

If you have consented to the processing of your personal data, you have the right to revoke your consent at any time with effect for the future. The revocation of consent does not render the data processing unlawful for the past.

The transfer of data to our company is voluntary. However, this data is necessary for the further conclusion of the contract or to answer your inquiries. If you do not wish to disclose your data, the contract may not be concluded or your inquiries may not be answered. The provision of the data is necessary for the conclusion of the contract.

You also have the right to complain to the competent supervisory authority about data processing by our company.

The data protection authority responsible for our company is:

State Office for Data Protection Supervision, Promenade 27 (Schloss), 91522 Ansbach, Germany Web: http://www.lda.bayern.de

Storage period

If no explicit storage period is specified at the time of collection (e.g., as part of a declaration of consent), the personal data will be deleted insofar as it is no longer required to fulfil the purpose for which it was stored, unless legal retention obligations (e.g., commercial and tax retention obligations) prevent deletion.

Data security

We take technical and organizational security measures to protect the data we store and process in our company against manipulation, loss of confidentiality, destruction and against access by unauthorized persons. The security measures of our company are continuously improved according to the technological development.

Investor Alert Newsletter

We distribute Investor Alert newsletters (for example press releases, SEC filings or daily stock price updates for Immunic’s stock (Nasdaq: IMUX)) to registered interested parties at regular intervals. If you have registered to receive this information, we collect and process your personal data exclusively for sending the Investor Alert newsletter.

For an effective registration, name and a valid email address are required. In order to verify that a registration is actually made by the owner of an email address, we use the “double-opt-in” procedure. For this purpose, the order for the Investor Alert newsletter, the sending of a confirmation email and the receipt of the response requested herewith are logged. The data is used exclusively for sending the newsletter and is not passed on to third parties.

You can revoke your consent to the storage of your data and its use for the newsletter dispatch at any time. You will find a corresponding link in each newsletter. In addition, you can also communicate your corresponding wish at any time via the contact options provided at the end of this document.

Press releases

We periodically send press releases and/or information on certain current Immunic topics (for example, information on the status of our drug development programs and other research and development results, information on legal, regulatory, financial markets or company-related topics) to registered interested parties. If you have registered to receive this information, we will collect and process your personal data solely for the purpose of sending this information or press releases.

For an effective sending of press releases, name and a valid email address are required. The data will be used exclusively for sending press releases and will not be passed on to third parties.

You can revoke your consent to the storage of your data and its use for sending press releases at any time. You will find a link to this effect in every press release. In addition, you can communicate your corresponding wish via the contact options in the corresponding emails or via the contact options indicated at the end of this document.

Log data

When you access our company’s homepage, your internet browser automatically transmits the following data (hereinafter referred to as “log data”) to our company’s web server for technical reasons, which our company records in log files:

  • Name of the website accessed;
  • Date and time of the retrieval;
  • Amount of data transferred;
  • Message about successful retrieval;
  • Browser type and version;
  • The operating system of the user;
  • Referrer URL (the previously visited page);
  • IP address and the requesting provider;
  • Status codes.

This exclusively is information that does not allow any conclusions to be drawn about the natural person. This information is necessary to clarify any abuse or fraud. The log data is evaluated in anonymous form purely for statistical purposes in order to optimize our company’s Internet presence and the technology behind it and is deleted by our provider after 7 days.

Consent with Usercentrics

This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your device or for the use of specific technologies, and to document the former in a data protection compliant manner. The party offering this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 München, Germany, website: https://usercentrics.com/ (hereinafter referred to as “Usercentrics”).

Whenever you visit our website, the following personal data will be transferred to Usercentrics:

  • Your declaration(s) of consent or your revocation of your declaration(s) of consent
  • Your IP address
  • Information about your browser
  • Information about your device
  • The date and time you visited our website

Moreover, Usercentrics shall store a cookie in your browser to be able to allocate your declaration(s) of consent or any revocations of the former. The data that are recorded in this manner shall be stored until you ask us to eradicate them, delete the Usercentrics cookie or until the purpose for archiving the data no longer exists. This shall be without prejudice to any mandatory legal retention periods.

Usercentrics uses cookies to obtain the declarations of consent mandated by law. The legal basis for the use of specific technologies is Art. 6(1)(c) GDPR.

Cookies


Our company’s website can generally be visited without cookies. Internet browsers are regularly set to accept cookies. You can deactivate the use of cookies at any time via your browser settings. Alternatively, you can change our cookie preferences via the ”Change Privacy Settings” link in the footer of our website which reopens the cookie consent window. If cookies are deactivated, individual functions of our company’s website may no longer function (may be lost).

External social media sites

In general

We do not collect or process any data from your use of the services mentioned below. However, should you contact us via one of the sites or post comments on these sites, the data you enter with the respective service will be processed insofar as it is made available to us and, in the case of comments, included in our offer.

a) Facebook

We link from our website to services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (hereinafter, referred to as “Facebook”). For this purpose, we use a button in Facebook design. When you click on this button, the page you called up is transferred to Facebook and you are redirected to Facebook accordingly.

Facebook then receives the information that your browser has accessed the corresponding page of our website; even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook account.

Please note that the exact data processing at Facebook is beyond our knowledge.

If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website. For the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook’s privacy policy.

Facebook channel

We operate our own Facebook channel: https://www.facebook.com/ImmunicInc/.

If you use this, please note the following: the service is offered on the technical platform and by means of the services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.

For the data processing through our Facebook channel, there is a joint responsibility within the meaning of Art. 26 DSGVO of Facebook and Immunic AG. You can access and view the relevant agreement between Facebook and us here.

We would like to point out that you use our Facebook channel and its functions on your own responsibility and that we have no influence on the processing of data by Facebook. This applies in particular to the use of interactive functions (e.g., commenting, sharing, rating).

When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is present on your computer in the form of cookies. This information is used to provide us, as the operator of the Facebook page, with statistical information about the use of the Facebook page. Facebook provides more detailed information on this here.

The data collected about you in this context is processed by Facebook Ireland Ltd. and may be transferred to countries outside the European Union. Facebook describes in general terms what information it receives and how this information is used in its data usage guidelines. There you will also find information on how to contact Facebook and on how to change your settings for advertisements.

In what way Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, is not conclusively and clearly stated by Facebook and is not known to us.

b) Twitter

We link from our website to services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; the data controller for individuals living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. (hereinafter, referred to as “Twitter”). For this purpose, we use a button in Twitter design. When you click on this button, the page you called up is transferred to Twitter and you are forwarded to Twitter accordingly.

Twitter then receives the information that your browser has called up the corresponding page of our website (even if you do not have a Twitter account or are not currently logged in to Twitter). This information (including your IP address) is transmitted by your browser directly to a Twitter server in the USA and stored there.

Please note that the exact data processing by Twitter is beyond our knowledge.

If you do not want Twitter to assign your data to your account, you must log out of Twitter before visiting our website. For more information, please see Twitter’s privacy policy.

Twitter channel

We operate our own Twitter channel: https://twitter.com/ImmunicInc.

If you use our Twitter channel, please note the following: We use the technical platform and services of Twitter Inc., 795 Folsom St, Suite 600, San Francisco, CA 94107, USA for the short message service offered.

We would like to point out that you use the offered Twitter short message service and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., sharing, rating).

The data collected about you when using the service is processed by Twitter Inc. and may be transferred to countries outside the European Union. This includes, among other things, your IP address, the application you use, information about the terminal device you use (including device ID and application ID), information about websites you have visited, your location and your mobile phone provider.

This data is assigned to the data of your Twitter account or your Twitter profile. We have no influence on the type and scope of the data processed by Twitter, the way it is processed and used, or the transfer of this data to third parties. Information about which data is processed by Twitter and for which purposes can be found in Twitter’s privacy policy as well as via the option to view your own data at Twitter.

Furthermore, you have the option of requesting information via the Twitter data protection form or the archive requirements. You have options to restrict the processing of your data in the general settings of your Twitter account as well as under the item “Privacy and security”. In addition, for mobile devices (smartphones, tablet computers), you can restrict Twitter’s access to contact and calendar data, photos, location data, etc. in the settings options there. However, this depends on the operating system used. More information on these points is available on the following Twitter support pages:

– support.twitter.com/articles/105576

– https://support.twitter.com/search?utf8=%E2%9C%93&query=datenschutz

Via Twitter buttons or widgets embedded in websites and the use of cookies, it is possible for Twitter to record your visits to these websites and assign them to your Twitter profile. Based on this data, content or advertising can be offered tailored to you. Information on this and the available setting options can be found on the following Twitter support pages:

– https://support.twitter.com/articles/20171570

– https://support.twitter.com/articles/20170520

We would like to point out that you use the service offered here and its functionalities on your own responsibility. This applies in particular to the use of interactive functions, such as sharing.

c) LinkedIn

We link from our website to services of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter, referred to as “LinkedIn”). For this purpose, we use a button in LinkedIn design. When you click on this button, the page you called up is transferred to LinkedIn and you are redirected to LinkedIn accordingly. If you call up the page and are logged in to your LinkedIn account at the same time, LinkedIn can directly assign the visit to our website to your LinkedIn account.

Please note that the exact data processing at LinkedIn is beyond our knowledge.

If you do not want LinkedIn to assign your data to your account, you must log out of LinkedIn before visiting our website.

For information on the purpose and scope of data collection and the further processing and use of data by LinkedIn, as well as settings options for protecting your privacy, please refer to LinkedIn’s privacy policy.

LinkedIn channel

We operate our own LinkedIn channel: https://de.linkedin.com/company/immunic-therapeutics.

If you use our LinkedIn channel, please note the following: We rely on the technical platform and services of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA for the messaging service offered.

We would like to point out that you use the offered LinkedIn service and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., sharing, rating).

The data collected about you when using the service is processed by LinkedIn Corporation and may be transferred to countries outside the European Union. This includes, among other things, your IP address, the application you use, information about the terminal device you use (including device ID and application ID), information of accessed websites, if applicable, your location and your mobile phone provider.

d) Xing

We link from our website to services of XING AG, Dammtorstraße 30, 20354 Hamburg, Germany (hereinafter, referred to as “XING”). For this purpose, we use a button in XING design. When you click on this button, the page you called up is transferred to XING and you are redirected to XING accordingly. If you call up the page and are logged in to your XING account at the same time, XING can directly assign the visit to our website to your XING account.

Please note that the exact data processing at XING is beyond our knowledge.

If you do not want XING to assign your data to your account, you must log out of XING before visiting our website.

For further information, please refer to XING’s privacy policy.

XING channel

We operate a XING channel: https://www.xing.com/pages/immunicag.

If you use our XING site, please note the following: We use the website of XING AG, Dammtorstraße 30, 20354 Hamburg, Germany for the service offered there.

We would like to point out that you use the service offered here and its functionalities on your own responsibility. This applies in particular to the use of interactive functions, such as sharing.

We ourselves do not collect or process any data from your use of the service. However, should you contact us via the site or post comments, the data you enter with the service will be processed insofar as it is made available to us and, in the case of comments, included in our offer.

For more details, please refer to the XING’s privacy policy.

e) YouTube

We link from our website to services of YouTube, LLC, a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter, referred to as “LinkedIn”). For this purpose, we use a button in YouTube design. When you click on this button, the page you called up is transferred to YouTube and you are redirected to YouTube accordingly.

YouTube then receives the information that your browser has accessed the corresponding page of our website; even if you do not have a YouTube account or are not currently logged in to YouTube. This information (including your IP address) is transmitted by your browser directly to a YouTube server and stored there. If you are logged in to YouTube, YouTube can directly assign your visit to our website to your YouTube account.

Please note that the exact data processing at YouTube is beyond our knowledge. Immunic’s use of YouTube does not imply any endorsement of that medium, of YouTube itself or its privacy policy. Immunic recommends that all users inform themselves about YouTube’s data processing regulations and protect their privacy as best as possible.

If you do not want YouTube to assign the data collected via our website to your YouTube account, you must log out of YouTube before visiting our website. For the purpose and scope of the data collection and the further processing and use of the data by YouTube, as well as your rights in this regard and setting options for protecting your privacy, please refer to YouTube’s privacy policy.

YouTube channel

We operate our own YouTube channel: https://www.youtube.com/channel/UC-d9CktxCXwbNIi9UZEUUBg.

If you use our YouTube channel, please note the following: We rely on the technical platform and services of YouTube, LLC, a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland for the messaging service offered.

We would like to point out that you use the service offered here and its functionalities on your own responsibility. This applies in particular to the use of interactive functions, such as sharing.

We ourselves do not collect or process any data from your use of the service. However, should you contact us via the site or post comments, the data you enter with the service will be processed insofar as it is made available to us and, in the case of comments, included in our offer.

For more details, please refer to the YouTube’s privacy policy. Please also note the privacy tips for YouTube.

Analysis Tools

etracker

This website uses the analysis service etracker. The provider of this service is the etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.

etracker makes it possible to generate a user profile under a pseudonym based on the data. etracker uses technologies that make it possible to recognize the user (e.g., cookies or device fingerprinting). Data collected with the etracker technologies shall not be used in the absence of a separate declaration of consent given by the data subject to personally identify users of this website and shall not be merged with personal data about the holder of the pseudonym.

The use of this analysis tool is based on Art. 6(1)(f) GDPR. Immunic has a legitimate interest in the analysis of user patterns, in order to optimize itsweb offerings. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and §25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL) via HTTPS.

Questions to the data protection officer

If you have any questions about data protection, please email us at privacy@imux.com.