Last updated in August 2023
Thank you so much for visiting the IMMUCURA Diagnostics website.
Table of Contents
- GENERAL INFORMATION
1.2 IDENTIFICATION OF WEBSITE OWNER AND CONTROLLER
1.3. Minimum age requirement to access and using website information
- DATA PROTECTION CONTACT
- PERSONAL DATA PROCESSED BY VISITING AND USING OUR WEBSITE
- Legitimacy for data management
- INTERNATIONAL DATA TRANSFER and DATA LOCATION (RECIPIENTS)
- DATA RETENTION
- YOUR RIGHTS AS A DATA SUBJECT
8.2 RESPONSE PERIOD
8.3 DENIAL OF REQUESTS
10. DISCLOSURE OF YOUR PERSONAL DATA
- GOOGLE ANALYTICS
- SOCIAL MEDIA
- LINKS TO OTHER WEBSITES
- SECURITY MEASURES IN PLACE FOR PROCESSING YOUR DATA
1. GENERAL INFORMATION
Part of our success is our attention to global data privacy: At IMMUCURA MED SL (hereinafter ‘Immucura’) we have hired a best-in-class Data Privacy Consultant that taught our team with advance knowledge in this rapidly evolving area, ensuring the compliance and risk management. IMMUCURA MED SL is committed to user privacy, and we invest in the customer trust.
All focusing in being in accordance with the relevant data protection legislation, especially the European General Data Protection Regulation (hereinafter GDPR) EUR-Lex – 32016R0679 – EN – EUR-Lex (europa.eu)
The objective of this Policy is to explain exactly what is entailed in this process in further detail below.
Adequacy Decision – A decision issued by the European Commission that a country or region or a category of recipients in such country or region is deemed to provide an “adequate” level of data protection.
Confidential Information – means any information disclosed by either party to the other party, either directly or indirectly, in writing, orally or by inspection of tangible objects (including, without limitation, documents, prototypes, samples, plant and equipment), which is designated as ‘Confidential,’ ‘Proprietary’ or some similar designation by the Company.
Controller – refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by EEA/EU.
Customer – shall mean any person, private organization, or government body that purchases, may purchase, or has purchased an Immucura product or service.
Data Concerning Health – means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
Data Protection Officer (DPO) – means an independent data protection expert who has numerous responsibilities regarding data processing in the Company, such as: (i) monitoring an organization’s data protection compliance; (ii) informing the Company about and advising it on its data protection obligations; (iii) providing advice on data protection impact assessments (DPIAs) and monitoring their performance; and (iv) acting as a contact point for data subjects and the relevant data supervisory authorities.
Data Protection Law – shall mean the provisions of mandatory law of an EEA country containing rules for the protection of individuals with regard to the Processing of Personal Information including security requirements for and the free movement of such Personal Information.
European Union (EU) and European Economic Area (EEA) countries – The area set up by the EEA agreement, comprising the 27 Member States of the European Union and the three countries of EFTA (the European Free Trade Association), which are bound by the Agreement on the European Economic Area (EEA). The 27 Member States are Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden. The three EFTA countries which are also bound by the Data Protection Directive, through being part of the EEA, are Iceland, Liechtenstein and Norway.
GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Individual – shall mean any Customer, Supplier or Business Partner (employee of or any person working for) and any other person whose personal Information Immucura processes in the context of the provision of its services.
Information/data – shall refer to knowledge communicated or received via materials and/or data produced by, procured by, or obtained for Immucura that can be in electronic or physical (e.g., printed or written on various physical media) form.
Personal Data – refers to any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Processor – means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Sensitive Information – shall mean personal data that reveals an Individual’s racial or ethnic origin, political opinions or membership in political parties or similar organizations, religious or philosophical beliefs, membership in a professional or trade organization or union, physical or mental health including any opinion thereof, disabilities, genetic CSB Information, biometric CSB Information, addictions, sex life, criminal convictions or offenses, or social security numbers issued by the government. Sensitive information encompasses a broader category of personal data, including not only health data but also other sensitive attributes like mentioned before.
Supplier – shall mean any Third-Party that provides goods or services to Immucura (e.g., an agent, consultant, or vendor), including Third-Party Processors.
Third Country - Any country other than the EU and EEA Member States.
1.2 IDENTIFICATION OF WEBSITE OWNER AND CONTROLLER.
Pursuant to the GDPR and Spain´s Personal Data Protection and Digital Rights Laws IMMUCURA may be as well considered a CONTROLLER of your personal data. By acting as a Controller, IMMUCURA can determine the purposes and means by which the processing of your personal information is collected. However, before collecting your information the Company will request your consent during registration, as it is required by legislation before the continuation of registration.
1.3. Minimum age requirement to access and using website information.
Our services are intended for individuals who are at least 18 years old. By accessing or using our website you represent and warrant that you meet the minimum age requirement and that you have the legal capacity to give digital consent and to use the information available in this website. If you are accessing or using our services on behalf of a minor, you further represent and warrant that you are the parent or legal guardian of the minor and have the authority to bind them to these terms.
Immucura do not collect, process or maintain personal data of individuals under the specified minimum age. If you do not meet these age requirements or do not have the necessary legal representation, you must not access or use our webservices.
2. DATA PROTECTION CONTACT
IMMUCURA has a Data Protection Officer based in Europe who is well versed in European Data Protection Regulations. Users may contact them at the following email address: firstname.lastname@example.org.
If you have any questions or concerns regarding this Policy, please don’t hesitate to contact our DPO.
3. PERSONAL DATA PROCESSED BY VISITING AND USING OUR WEBSITE
When you visit our website and/or use our online services your visit will be logged, and the following data may be collected:
• Date and time
• IP address currently used by your device
• Browser type and operating system of your device, and pages accessed
• The time you spend on those pages
Similarly, the data we request from you in the forms on our website is appropriate and strictly necessary for the following purposes:
• To provide and maintain our service, including to monitor the usage of our service.
• To manage your account: to manage your registration as a user of the service. The personal data you provide can give you access to different functionalities of the service that are available to you as a registered user.
• For the performance of a contract: the development, compliance and undertaking of the purchase contract for the services you have purchased or of any other contract with us through the service.
• Handling and responding to your contact, query and/or complaint requests.
• Send you communications that include relevant information about the contracted service.
• For you to download your free booklet and book an appointment.
• The communication by chatbot where we can assist you during your visit or related with the services that we provide.
• Registering for our webinars
• Managing your subscription to our email newsletter.
The processing is legally based on legitimate interest, i.e., it is in our legitimate interest to protect our website and to improve the quality of our services. The purpose of collecting this data is optimizing and improving our website as well our online services.
If you decide to subscribe to our newsletter, we inform you that your personal data will be processed until you unsubscribe from the newsletter by sending an email to email@example.com. Please be advised that you will not receive any more newsletters from us after you unsubscribe. This subscription will have a duration of 2 years, after which period we will send you an email requesting the renewal of this subscription.
The personal data you have provided in the registration form will only be processed to respond to your request and further support you in using our services. Filling out and submitting the contact form indicates an affirmative action by which you have given your consent for the data processing.
The following personal data will be collected:
• Full name;
• Phone number;
• Role (optional);
• Details about your health condition; and
• IP address.
• You can also let us know your areas of interest and you can leave a message with suggestions or questions. Note: In this field, please do not provide additional personal data, only those listed above in the appropriate fields.
Your personal data will only be recorded until you cancel your subscription. If you proceed with the cancelation, your personal data will be deleted without undue delay except where we are legally obliged by law to further store your data. Please, note that you will no longer be able to use your customer account after it has been deleted. If you change your mind later, please proceed with a new registration.
We collect and process sensitive information data solely for the purpose of providing you with our advanced non-invasive cancer actions based on immunotherapy with dendritic cells. The information collected may include but is not limited to medical records, test results, treatment plans used and introduced so far, and any other data relevant to your health history, that you understand pertinent for us to know.
We use this sensitive information data to:
• Develop personalized actions plans tailored to your specific medical needs.
• Monitor and track the progress of your care for the best possible outcome.
• Ensure the highest standard of medical care and safety throughout the process.
• Comply with legal and regulatory requirements related to services.
We employ strict technical, physical, and administrative measures to protect your sensitive information data from unauthorized access, disclosure, alteration, or destruction. Our medical staff is trained to handle sensitive data with the utmost confidentiality and is bound by strict confidentiality agreements and we may share your sensitive information or data with trusted third-party service providers who assist us in delivering our services, medical professionals involved in your care, and regulatory authorities as required by law. Before sharing your data, we ensure that these entities have appropriate data protection measures in place and are compliant with relevant laws. The sensitive information will not be used for marketing or advertising purposes.
4. Legitimacy for data management
When you visit our website, we use ‘cookies’ to make your visit more enjoyable, in addition to allowing you to use certain functions, in accordance with GDPR and the ePrivacy Directive (Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002).
Cookies are small text files that websites store/place on your device (such as laptop or smartphone) as you are visiting a website. These files contain information about the user’s interactions with the website, preferences, and other data. They are processed and stored by your web browser. Cookies serve various purposes, including improving the user experience, enabling website functionality, and providing analytics to website owners. Don’t forget that you can generally easily viewed and deleted the cookies.
Some of the cookies we use are deleted after your browser session ends. However, other cookies can remain on your device and enable us or our partner companies to recognize your browser on your next visit. It is possible to configure your browser so that you can be informed about all kinds of cookies that are in use. In this way, you can individually allow access to certain cookies while excluding the other ones. If you do not accept certain types of cookies, it is possible that certain functionality on our website will be limited.
In addition, for more information about your rights under the ePrivacy Directive click on the following link: EUR-Lex – 32002L0058 – EN – EUR-Lex (europa.eu)
6. INTERNATIONAL DATA TRANSFER and DATA LOCATION (RECIPIENTS)
Third party service providers who process your personal data may be located in countries within and outside the European Union (EU) and the European Economic Area (EEA). Whenever possible, we aspire to ensure that these providers have an adequate level of data protection, even if personal data is transferred to a country outside the EEA for which there is no EU Commission Adequacy Decision.
Please note that transfers of personal data to other recipients are not carried out, except when we are required to do so by law. Your data may also be disclosed to public authorities or other organizations for the purpose of meeting our legal obligations.
If you need more information about appropriate safeguards for the international data transfer or a copy of them, please contact our DPO, that can be contacted through the channels provided above on item 2.
We would like to emphasize that your information is processed and stored only in the EEA and the UK in the company’s internal system.
We emphasize that we have a hosting for the website, however no personal information is collected and process by this hosting.
We will comply with applicable data protection laws in the event that we need to transfer your personal data outside the EEA. Below are some of the mechanisms we may use when transferring your personal data abroad:
• Your personal data is transferred to a country the European Commission officially recognizes as ensuring a suitable level of personal data protection.
• We reserve the right to use specific contracts approved by the European Commission which afford personal data the same protection as they have in Europe (known as EU Standard Clauses).
7. DATA RETENTION
Your personal data provided to us via our website will only be stored until the purpose for which it was processed has been fulfilled or until you withdraw your consent. Retention periods under commercial and tax law must be observed in accordance with the customs and laws of your locality.
In general, your data will be recorded in our internal system for subscription and/or registration for two years, after which period we will send you an email requesting the renewal of this subscription and/or registration. However, storage periods may also be amended due to our legitimate interest (e.g., to guarantee data security, to prevent misuse or to prosecute criminal offenders) to the exercise or defense of legal claims under applicable law. This period will in any case be limited and we will contact you to have your registration/subscription renewed.
8. YOUR RIGHTS AS A DATA SUBJECT
As a data subject, you have rights that you may request and that IMMUCURA highly respects, according to the following descriptive list:
• Right to receive information about the data processing;
• Right to access information about your personal data that we hold about you;
• Right to demand the rectification of inaccurate data or incomplete data, in addition to changes to your personal data. Nevertheless, you may also update your personal data directly in your account settings whenever is possible;
• Right to request the erasure of your personal data (the right to be forgotten) you can ask to delete your personal data, after they have been blocked;
• Right to demand us the restriction of the data processing under certain circumstances;
• Right to data portability and receive the personal data concerning the data subject in a systematic, commonplace and machine-readable format and to demand the transmittance of these data to another controller;
• Right to object you can withdraw your consent to our data processing of your personal data by objecting to the further procedure;
• Right to withdraw a given consent at any time to stop a data processing that is based on your consent; and
• Right to file a complaint with the competent supervisory authority according to your location.
You can exercise your rights by writing to IMMUCURA LIMITED by emailing firstname.lastname@example.org .
However, we recall that depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked. For example, where there is a statutory or contractual requirement for us to process your personal data, it would interfere with our legal obligations if we were to stop.
For more information on your rights is available from the links below:
EUR-Lex – 32016R0679 – EN – EUR-Lex (europa.eu)
Any requests to exercise the data subject’s rights should be sent to the DPO via email to email@example.com
Prior to fulfilling the request of the individual, IMMUCURA may require them to:
• Specify the categories personal information to which he or she is seeking access;
• Indicate, to the extent reasonably possible, the system in which the individual’s data is likely to be stored;
• Specify the circumstances in which IMMUCURA obtained their Information;
• Provide proof of your identity when IMMUCURA has reasonable doubts concerning it, or provide additional information enabling your identification;
• In case of a request for rectification, deletion, or restriction, specify the reasons why the personal data is incorrect, incomplete, or not processed in accordance with IMMUCURA policies or data privacy legislation.
8.2 RESPONSE PERIOD
Within one calendar month of IMMUCURA receiving the request, the Company shall inform the individual in writing or electronically either:
• of ours position regarding the request and any action the IMMUCURA has taken or will be taking in response; or
• of the ultimate date on which you will be informed of IMMUCURA position and the reasons for the delay, which shall be no later than two calendar months after the original one-month period.
8.3 DENIAL OF REQUESTS
IMMUCURA may deny your request if (listed but not limited):
• the request does not meet the requirements of the item (1) above;
• the request is not sufficiently specific;
• the identity of the relevant individual cannot be established by reasonable means, including additional information they provided; or
• we can reasonably demonstrate that the request is manifestly unfounded or excessive.
10.DISCLOSURE OF YOUR PERSONAL DATA
IMMUCURA may share your personal information in the following situations:
• With third-party service providers: We may share your personal information with Service Providers to monitor and analyze the use of our Service. We will seek to share the minimum amount necessary. We may use third-party tools to monitor and analyze the use of our websites, and to automate certain processes related to the development and operation of our websites.
• With business partners: We may share your information with our business partners to offer you certain products, services, or promotions.
• With your consent: We may disclose your personal information for any other purpose with your explicit consent.
• Law enforcement: Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
• Other legal requirements: we may disclose your personal data in the good faith belief that such action is necessary to: (i) Comply with a legal obligation; Protect and defend the rights or property of the Company; (ii) Protect vital interests of the data subject or of another natural person; (iii) Prevent or investigate possible wrongdoing in connection with the Service; (iv) Protect the personal safety of users of the service or the public; Protect the public interest or to exercise official authority; (v) Protect against legal liability.
11. GOOGLE ANALYTICS
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy
12. SOCIAL MEDIA
IMMUCURA has profiles on the main social media sites (LinkedIn, Instagram, Facebook, Twitter, YouTube, and Blog) and acknowledges that it is the controller for processing the data of its users, followers and people who post comments on these sites. Equally, it disclaims any liability whatsoever for comments made by users and followers on its social media profiles.
IMMUCURA may use the profiles specified above to share information with its customers and other stakeholders on topics it thinks they may be interested in.
13. LINKS TO OTHER WEBSITES
14. SECURITY MEASURES IN PLACE FOR PROCESSING YOUR DATA
We have put in place security measures to ensure our personal data processing systems’ confidentiality, integrity, availability, and resilience. We also verify and assess regularly the technical and organizational measures we have implemented to safeguard the security of personal data.
Currently, Immucura has an internal Global Data Privacy Program, led by the DPO. All Data Privacy related documents are collected, maintained, and retained using world-class security and technology features and software.