Effective Date: January 2022
We want to make sure you understand what personal information we may collect about you when you interact with Immunocore Ltd, how we use your personal information, and how we keep it safe.
This Privacy Notice explains:
- What personal information we collect about you
- How we use your personal information
- On what basis we use your personal information
- How long we keep your personal information
- How we may share your personal information with others and transfer it internationally
- How we protect your personal information
- Your rights regarding your personal information
- What to do if you do not want to provide us with your personal information
We may change this Privacy Notice from time to time. We encourage you to review this Privacy Notice periodically.
If you have any questions, please get in touch via one of the methods set out in the “Contact us” section.
What personal information do we collect?
The personal information we collect when you interact with us via this website, by e-mail, by phone, at a conference, or via any other means includes:
Information you provide us with, such as
- Your e-mail address
- E-mail communications sent to Immunocore Ltd
- Health information
Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
How do we use your personal information?
We may use your personal information to:
Provide you with information and services including:
- Our press releases
- Our newsletters
Contact and interact with you, including to:
- Respond to your requests (for instance, if you send us an e-mail).
- Provide important notices and updates, such as changes to our terms and policies, security alerts, and administrative messages.
Operate our business, including to:
- Comply with applicable laws, regulations, and guidance.
- Comply with demands or requests made by regulators, governments, courts, and law enforcement authorities.
- Investigate and take action against illegal or harmful behavior of users.
Improve our day-to-day operations, including:
- For internal purposes such as auditing, data analysis, and research to help us deliver and improve our Immunocore digital platforms, content, and services.
- To monitor and analyze trends, usage, and activities in connection with our products and services to understand which parts of our digital platforms and services are of the most interest and to improve the design and content of our platforms.
- To improve our products and services and our communications to you.
- Where applicable, to ensure we have up-to-date contact information for you.
On what basis do we use your personal information?
Data privacy law sets out a number of different reasons on which a company may rely to collect and use your personal information.
We use your personal information for the following reasons:
- For legitimate business purposes: We use your personal information to make our communications with you more relevant and personalized to you, and to make your experience of our products and services efficient and effective. It also helps us to operate and improve our business and minimize any disruption to the services that we may offer to you.
- To comply with our legal obligations and other demands for information: It is important to us that we are able to comply with laws, regulations, and guidance, as well as the other requests or demands for data as set out here. They affect the way in which we run our business and help us to make our products and services as safe as we can.
- You have given your consent: At times we may need to get your consent to allow us to use your personal information for one or more of the purposes set out herein. See the “Your rights regarding your personal information” section for information about the rights that you have if we process your information on the basis of your consent.
How long will we keep your personal information?
We will always keep your personal information for the period required by law and where we need to do so in connection with legal action or an investigation involving Immunocore. Otherwise, we keep your personal information:
- For as long as needed to provide you with access to services you have requested.
- Where you have contacted us with a question or request, for as long as necessary to allow us to respond to your question or request.
We sometimes share your personal information with others and transfer it internationally
We may share your personal information with:
- Members of Immunocore Holdings plc
- The following trusted third parties:
- Our agents and suppliers, including those who provide us with technology services such as data analytics, hosting, and technical support.
- Our professional advisors, auditors, and business partners.
- Regulators, governments, and law enforcement authorities.
- Other third parties in connection with reorganizing all or any part of our business.
Your personal information may be processed by Immunocore and Immunocore's trusted third-party suppliers outside of your home country. Data privacy laws in the countries to which your personal information is transferred may not be equivalent to, or as protective as, the laws in your home country.
We will implement appropriate measures to ensure that your personal information remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. These measures include data transfer agreements implementing standard data protection clauses. You can find more information about data transfer agreements here.
Protecting your personal information
We use a variety of security measures and technologies to help protect your personal information from unauthorized access, use, disclosure, alteration, or destruction in line with applicable data protection and privacy laws. For example, when we share your personal information with external suppliers, we may put in place a written agreement which commits the suppliers to keep your information confidential and to put in place appropriate security measures to keep your information secure.
The transmission to us of information via the internet or a mobile phone network connection may not be completely secure, and any transmission is at your own risk.
Websites that we do not own or control
From time to time we may provide links to websites or mobile applications that are not owned or controlled by us. This Privacy Notice does not apply to those websites or mobile applications. If you choose to use those websites or mobile applications, please check the legal and privacy statements posted on each website or mobile application you access to understand its privacy practices.
Your rights regarding your personal information
Data privacy laws provide you with a number of rights over your personal information.
You may be entitled to:
- Ask Immunocore for access to the personal information Immunocore holds about you.
- Request the correction and/or deletion of your personal information.
- Request the restriction of the processing of your personal information, or object to that processing.
- Withdraw your consent to the processing of your personal information (where Immunocore is processing your personal information based on your consent).
- Request the receipt or the transfer to another organization, in a machine-readable form, of the personal information that you have provided to Immunocore.
- Complain to your local data protection authority if your privacy rights are violated, or if you have suffered as a result of unlawful processing of your personal information.
If you would like to exercise your rights, please let us know by getting in touch with us as set out in the “Contact us” section.
What if you do not want to provide us with your personal information?
Where you are given the option to share your personal information with us, you can always choose not to do so.
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. This could mean that we may not be able to perform the actions necessary to achieve the purposes as set out in the section “How do we use your personal information?” or that you are unable to make use of the services and products offered by us.
Cookies and other technologies
Social media guidelines
We have set up our social accounts to share news and information with you. We do not promise to respond to comments or links you may post but do reserve the right to remove a comment or link at our sole discretion. Reasons we might remove comments or links include:
- The comment mentions a specific product—whether ours or that of another company—and does not include all the information required by the government;
- The comment includes false, misleading, inaccurate, or deceptive information;
- The comment contains language, images, or links that are defamatory, profane, obscene, or disparaging of others' race, gender, religion, age, or lifestyle, or the comment contains threats/messages condoning violence or illegal behaviors;
- The comment is off-topic or is using our space to advertise or promote other sites, products, or services or to solicit followers.
If you are a minor, do not post or share comments without the permission of a parent or legal guardian.
Please be cautious about sharing details about your own healthcare or providing advice or suggestions to others. If you share personal information about other people, you are representing to us that you have the legal right and/or permissions to do so.
Comments or content posted by any person other than Immunocore are solely the views, opinions, and responsibility of the person expressing them, and do not necessarily reflect our views or opinions. Immunocore does not guarantee the accuracy or reliability of third-party materials.
On occasion, Immunocore may link to another website or social media account not generated by Immunocore. Doing so is not an endorsement of that site, and Immunocore has no responsibility to independently validate the accuracy or content on the third-party account.
If you are a medical professional and require further information about Immunocore, clinical research, or clinical trials we are conducting, please send an e-mail to email@example.com.
If you are a patient and require further information about Immunocore, clinical research, or clinical trials we are conducting, please contact your physician.
If you have questions or requests regarding this Privacy Notice, or if you would like to exercise your rights, please contact Immunocore Ltd using the following contact information:
T: +1 (484) 534-5261
You can contact Immunocore's Data Protection Officer using the following e-mail address: firstname.lastname@example.org.
California Privacy Rights
Definitions Specific to This Policy
“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Information does not include publicly available information obtained from government records; de-identified or aggregated consumer information that cannot be reconstructed to identify you; any information covered under the Gramm-Leach-Bliley Act or the California Financial Information Privacy Act; activities covered by the Fair Credit Reporting Act; or protected health information as defined under the Health Insurance Portability and Accountability Act.
“Sale” or “sell” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to another business or a third party for monetary or other valuable consideration.
“Service Provider” means a sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners, that processes information on behalf of a business and to which the business discloses a consumer's Personal Information for a business purpose pursuant to a written contract.
“Third Party” means a person or entity who is not a business that collects Personal Information from consumers, as defined in the CCPA, and to whom the business discloses a consumer's Personal Information for a business purpose pursuant to a written contract.
The Personal Information We Collect
The chart below shows the categories of Personal Information we collect or “may collect”; examples of the type of Personal Information in each category; all types of sources from which each category of Personal Information is collected; and the business purpose(s) for which that category of Personal Information is collected. We do not sell Personal Information. This information covers the past 12 months.
|Categories of Personal Information||Examples:||Types of Sources from Which This Category of Personal Information Is Collected||Business Purpose(s) for Collection|
|Unique identifiers||Name, address, telephone, e-mail, online identifier, IP address, office address, specialty, NPI#||E-mails to us from website users, Request A Representative form submissions sent to us from website users||To respond to e-mails to us from website users, to respond to requests to connect with a representative from website users|
|Internet activity||Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement||Website host||To analyze use of our website|
|Geolocation data||Geolocation data||Website host||To analyze use of our website|
We will not collect a category of Personal Information not listed in this chart, or use any Personal Information collected in any of the categories listed in this chart, for a business purpose not listed above, without first providing you with notice.
You have the right to request certain information regarding the Personal Information we have collected about you in the preceding 12 months. You may make such a request up to twice in a 12-month span. Please note that there are circumstances in which we may not be able to comply with your request pursuant to the CCPA, including when we cannot verify your request and/or when there is a conflict with our own obligations to comply with other legal or regulatory requirements. We will notify you following submission of your request if this is the case.
- If you would like to request (1) the categories of Personal Information collected about you; (2) the categories of sources providing that Personal Information; and (3) the business purpose for collecting that Personal Information, please e-mail us at email@example.com.
- If you would like to request the specific pieces of Personal Information we collected about you, please e-mail us at firstname.lastname@example.org. We will confirm receipt of the request within ten (10) business days.
- If you would like to request (1) the categories of Personal Information collected about you; and (2) the categories of Personal Information that were disclosed for a business purpose, please e-mail us at email@example.com.
Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access and deletion, your request must be verifiable before we can fulfill such request.
Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information, or a person authorized to act on your behalf.
We will only use the personal information that you have provided in a verifiable request in order to verify your request. As stated previously, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority.
Deletion of Your Personal Information
You have the right to request that we delete certain Personal Information that we have collected. Please note that there are circumstances in which we may not be able to comply with your request pursuant to the CCPA, including when we cannot verify your request and/or when there is a conflict with our own obligations to comply with other legal or regulatory requirements. We will notify you following submission of your request if this is the case.
- If you would like to request that we delete your Personal Information pursuant to the requirements of the CCPA, please e-mail us at firstname.lastname@example.org.
You may designate an authorized agent to exercise your rights under the CCPA on your behalf.
Pursuant to the CCPA:
- Only a business entity or natural person registered with the California Secretary of State may act as an authorized agent.
- You must provide the authorized agent written permission to exercise your rights under the CCPA on your behalf.
- We may deny a request from an authorized agent on your behalf if the authorized agent does not submit proof that he, she, or it has been authorized by you to act on your behalf if we request such proof, as permitted by the CCPA.
- Even if you use an authorized agent to exercise your rights under the CCPA on your behalf, pursuant to the CCPA we may still require that you verify your own identity directly to us. This provision does not apply if you have provided a power of attorney under California Probate Code sections 4000 to 4465.
Additional California Privacy Rights
California Civil Code Section § 1798.83 permits users of our website that are California residents to request certain information regarding our disclosure of personal information to other parties for their direct marketing purposes. To make such a request, please send an e-mail to email@example.com with the subject “Shine the Light Request.”