Privacy Policy

Effective: May 10, 2020

Immunai Inc. (“Immunai”, “We” or “Our”) has certified with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield with respect to the Personal Data (defined below) that We receive from the Customers, Vendors and Partners (as defined below) or from Aimuna Medical Ltd. (“Aimuna Medical Ltd.”).  

Immunai Inc. complies with the principles of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred to the United States. Immunai Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and Our Privacy Shield certification, when approved, will be available here. 

If there is any conflict between the terms in this Privacy Shield Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/welcome.


  1. DEFINITIONS

Customer(s)” means prospective, current, or former customers, or clients of Immunai Inc. and/or Aimuna Medical Ltd. 

Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, email address, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, medial, biological, genetic, mental, economic, cultural or social identity of that natural person.  

Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

  1. SCOPE.

Immunai's participation in the Privacy Shield applies to the Personal Data subject to EU and Swiss data protection law that (i) Immunai receives from Aimuna Medical Ltd. and/or (ii) Immunai collects and/or Processes on behalf of Aimuna Medical Ltd. 

  1. PURPOSES OF DATA PROCESSING

Immunai provides a platform for generating and analyzing single-cell RNAseq data, together with high-quality cell-type mapping (the “Service(s)”). When providing the Services to our Customers, Immunai may receive Personal Data from the Customer or a third party on behalf of the customer, including, without limitation, biological samples, biological data (data from sequencing from other labs – de-identified), patient ID (random number), treatment details, medical history, name of disease and disease stage (including, if the patient took antibiotic or chemo recently), age, gender, country of birth, height/weight, previous treatment that the person took). For avoidance of doubt, Immunai rarely receive Personal Data that is identifiable to an individual as most is entered into the data collection systems using a random identification number which does not disclose the name, social security number, or any other form of medium that would permit for the data reviewer to identify the specific individual for which the data is submitted. Immunai does not control or collect any Personal Data directly from the data subjects or on behalf of the Customer.

In order to perform the Service, we, Immunai may use Personal Data for the purpose of analyzing the samples together with the Personal Data to provide the results to the Customers, providing support and analytics to Customers, or to support Customers in research. 

Immunai will Process the Personal Data it receives, also for the purposes of offering and/or providing the Service to Customers as well as to develop its AI machine. To fulfill these purposes, We may, without limitation, use the Personal Data to contact Customer to discuss or execute contracts, to provide the Service, to create statistical models and algorithms, to provide support and maintenance, to correct and address technical or service problems, to perform data analyses and other processing (including, research, anonymization, encryption and de-identification of Personal Data), for marketing purposes, to manage communications with the Customer(s), to perform accounting, auditing, and billing activities, to comply with applicable laws, regulations and orders from public authorities or courts and/or for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of- court procedures. In addition, Immunai collects relevant Personal Data, such as contact details and financial account information, of its suppliers, vendors and other third parties located in the EU that provide services or products to Immunai. Immunai uses this information to manage its relationships with these parties, process payments, expenses and reimbursements, and carry out Immunai's obligations under its contracts with these parties. 

  1. ONWARD TRANSFERS OF PERSONAL DATA.

Subject to Section ‎6 below, We will not transfer Personal Data originating in the EU and/or Switzerland to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of protection to the Personal Data as required by the Principles of the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We may transfer Personal Data to processors, service providers, vendors, contractors, partners and agents (collectively "Processors") who need the information in order to provide services to or perform activities on Our behalf. In cases of onward transfer to third parties of Personal Data received pursuant to the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, Immunai Inc. is potentially liable.

The abovementioned Processors and the description of the services that they provide and/or the activities that they perform are set out in the table below:

Service/Activity of the Processors

Hosting services

Bio-repository Management

Sequencing Services

  1. RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA.

Data subjects have the right to access Personal Data about them, and in some cases to limit use and disclosure of their Personal Data. If you would like to request access to the Personal Data We have processed on behalf of one of the Customers, please contact: privacyshield@immunai.com  and provide your name, contact information and observe the required formalities under applicable law. 

  1. REQUIREMENT TO DISCLOSE. 

Immunai may be required in certain circumstances to disclose Personal Data in response to lawful requests by courts or public authorities, including to meet national security or law enforcement requirement.

  1. PRIVACY SHIELD INDEPENDENT RECOURSE MECHANISM.

In compliance with the Privacy Shield Principles, Immunai commits to resolve complaints about Our collection or use of your Personal Data. EU and Swiss individuals with inquiries or complaints regarding Our Privacy Shield policy should first contact Immunai at: privacyshield@immunai.com or by postal mail sent to:

Immunai, Inc. 

Attn: Privacy Shield Inquiry

180 Varick St. 

New York, NY 10014

USA

Immunai has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles to JAMS, a non-profit alternative dispute resolution provider located in the United States to assist with the complaint resolution process. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint. The services of JAMS are provided at no cost to you. 

  1. U.S. FEDERAL TRADE COMMISSION ENFORCEMENT.

Immunai is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) to ensure compliance with the EU-US Privacy Shield Principles and the Swiss-U.S. Privacy Shield Principles outlined in this notice.

  1. ARBITRATION. 

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may also be able to invoke binding arbitration when other dispute resolution procedures have been exhausted.