Data Privacy

Data Privacy Policy – Immatics Biotechnologies GmbH

Version 28. May 2018

We, Immatics Biotechnologies (in the following „Immatics“) appreciate your visit to our web site and your interest in our products and offerings. The correct handling of your data while respecting your privacy rights as well as the observance of your right to informational self-determination in the use of your personal data is an important concern for us. In this policy we inform you which date we collect for which purpose, how long we store data and which rights under data privacy law you can exercise against us, if we process your data.

In the first section we provide general information on our data protection. In other sections we explain how data are processed on our web site as well as for our business purposes.

(1) General Information

Controller under data protection law is Immatics Biotechnologies GmbH, Paul-Ehrlich-Str. 15, 72076 Tuebingen. For more details about us, please refer to our Imprint and to our Contact us page.

You can contact our Data Protection Officer Katja Steinhardt directly by sending an Email to Datenschutz@immatics.com.”

In our Privacy Policy we use terms and definitions of the GDPR, in particular Art. 4 GDPR. In pursuit of this regulation we are “Controller” of personal data, you are the “data subject”. Information that directly or indirectly relates to you is “personal data”. For the purpose of this privacy policy “your data” is the data that directly or indirectly relate to you as a natural person such as name, address, telephone number, your email address, your company and further details, which you fill into forms on our web portal.

Of course you can visit our web sites without providing any personal data to us. In any case, when using our web portal, data is automatically collected and processed, which do not allow us to relate them to you in person. Please refer to the sections

  • “Web Service Logfiles”
  • “Our use of Cookies”
  • “Web Analysis Tool Google Analytics”

in this privacy policy.

This privacy policy is only applicable to our web site „immatics.com”. On third party web sites, to which we link from our own, the privacy policy of the owner of the web site is applicable. Please refer to the imprint of the linked web site.

(1.1) Your rights relating to your personal data

As a data subject you may exercise your right of access to your personal data (Art. 15 GDPR). You may have your data rectified in pursuit of Art. 16 GDPR, or on specific grounds have them erased according to Art. 17 GDPR. In accordance with Art.18 GDPR you have the right to restriction of processing, and on grounds relating to your particular situation, you additionally have the right (in pursuit of Art. 21 GDPR) to object to processing your data generally or in parts. For data that you have provided to us, you have the right to receive them in a commonly used and machine-readable format. You have the right to withdraw your consent with processing of your data at any time, with future effect. That means that your withdrawal can only effect future processing. Consequently, past processing remains in compliance with data protection stipulations.

You have a general right to object our processing of your contact and address data for direct marketing purposes, except where you have solicited such material.

Please use info@immatics.com or any of the contact details provided in our Imprint to exercise your rights against us.

You have the right to lodge a complaint at a supervisory authority.

(2) Processing of your data by Immatics

(2.1) Our processing of personal data of customers, suppliers, service providers

We at Immatics collect data of natural persons, who are contacting us or who belong to or represent a company that is in a business relation with us. This data includes your name, the name and address of your company, your business contact data including email and telephone, and your job title. The legal ground for processing your data is our legitimate interest in communicating with you as a representative of your company, as well as the legitimate interest of your company in establishing the communication with us. Your contrary interests may outweigh our legitimate interest, e.g. after you have left your company.

For the purpose of performing a contract we process your company’s data in our business systems. Depending on your role and responsibility in your company, these data may include the above mentioned personal data, which directly relate to you as a person. However, the purpose of the processing does not relate to you as an individual but to your company instead, as our business partner. Data protection regulations do not apply to business data that do not relate to a natural person.

If you contact us as a natural person, we will process your data on legal grounds of a contractual relationship, since we have to take steps at your request.

In any case, as a data subject you have rights under data privacy law, e.g. the right to withdraw consent, the right of access to your data, and several other rights. Please refer to section (1.1) Your rights relating to your personal data.

(2.2) Our processing of personal data in clinical studies

We process personal data of individual persons involved in clinical studies, may it be sponsor or clinical study center personnel, designated monitors or any other personnel. Our processing observes the regulations and national laws which govern clinical studies. In particular our retention time of study data is governed by these regulations and laws.

As a data subject you have rights under data privacy law, e.g. the right to withdraw consent, the right of access to your data, and several other rights. Please refer to section (1.1) Your rights relating to your personal data.

(2.3) Our processing of personal data of study participants

We process so called “study data” relating to a study participant on legal grounds of the individual’s consent to the study center to participate in the study. This consent expressly includes the necessary processing of health data for the purpose of the study. In pursuit of applicable regulations and laws, study data must be processed in a pseudonymised way. Consequently we at Immatics cannot relate study data to an individual study participant, because we cannot know the participant’s identity. That is why we generally cannot meet your requests for exercising your rights under data privacy law.

(3) Processing of your data on our web site

We never collect personally identifiable information on our web site except where otherwise indicated in this policy. Our web site does provide a menu button “contact”, but this subpage does not deploy a contact form.

(3.1) Web server log data

In order to serve our web site contents to your browser, our web server needs to collect data that relate to you. When you access our website with your browser, the server logs the data required for the operation of a web service in the log files: the name of your browser, the name of your internet service provider, the IP address of your PC, the address of the site from which you accessed our website, the name of your operating system, the web pages you visit, and the date and duration of your visit. This data is automatically collected and will only be used for investigations of malfunctions as well as for technical improvement of our web service. Access to this data has the internet service provider that hosts our web site, and if required, IT service providers that we instruct to do so. The legal ground for this processing is our legitimate interest in maintaining the web services in full function. Log data are automatically overwritten after two weeks time.

(3.2) Our use of cookies

Our website uses cookies. These are small files that the web server transfers to your PC. These files are used to track your way through the pages of our website or to accept an order.

Cookies are distinguished on the one hand according to the duration of their storage. Session cookies are automatically deleted when you close their browser. A session cookie can serve to manage an order form or record which services are of particular interest. Permanent cookies, on the other hand, remain stored on your PC. A permanent cookie can be read again on the next visit of our website. To prevent this, you can delete the permanent cookie after visiting our website. Session cookies are deleted automatically when you close your browser.

On the other hand, cookies are differentiated according to their origin. So-called first-party cookies always come from the website, which is indicated in the address bar of your browser. Third-party cookies are from websites that you have not directly accessed, but which have been linked to images or advertisements on the site of the first provider. Your browser can tell you which sources are stored on your PC.

Most browsers are set to accept cookies. To disable this, please change the appropriate settings of your browser. If your browser does not allow cookies, you may not be able to use all pages of our Internet site without problems.

On legal ground of legitimate interest, we use cookies “_ga”, “_gat” and “_gid” to analyse your use of our web site. Please refer to section Web Analysis Tool Google Analytics for more information.

Possibility of Objection

Most browsers are set to accept cookies.  To disable this, please change the appropriate settings of your browser.

(3.3) Web Analysis Tool Google Analytics

On legal grounds of legitimate interest in continuous improvement of our web services, this website uses Google Analytics, a web analytics service provided by Google, Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called “cookies”, text files which are stored on your computer and which allow an analysis of the use of the website by you. The information generated by the cookies _ga, _gat and _gid  about your use of this web site is generally transferred to a Google server in the USA and stored there.

On our website, IP anonymization is activated, which means that your IP address will be shortened by Google prior to transmission to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website usage and internet usage against the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Possibility of Objection

You can prevent cookies from being saved by setting your browser software accordingly. This may result in impairment of the functionality of our websites. Deleting permanent cookies after visiting our websites does not result in any impairment.

In addition, you may prevent Google’s processing of the data (including your IP address) generated by the cookie and your use of the website (including your IP address) as well as the processing of this data by Google by using the browser plugin http://tools.google.com/dlpage/gaoptout?hl=en download and install.

For more information on Google’s Terms of Service and Privacy, please visit http://www.google.com/analytics/terms/en.html or https://www.google.com/intl/en/policies/.

(4) Processing your data on third party web sites

Our web site links to third party web sites as described in the following. In general, the owner of any thirds party web site is responsible for data protection on their site.

(4.1) Careers

Our “Careers” page provides “Apply here” Links to the web page of an external recruiter, who collects and processes your application data. Data of suitable candidates are forwarded to our HR department. However, this is an external web site and provides its own privacy policy.

(4.2) Social Media Buttons

On our web site we display XING, LinkedIn and Twitter buttons for easy access to our presences in social media. We have integrated these buttons such that you need to klick on them to open the link. This way your data are collected at the respective third party web site after you’ve opened the link. Please refer to these third party websites’ data privacy policies for information.

 

Data Protection Officer

Katja Steinhardt
datenschutz@immatics.com
Tel. +49 7071 5397-132