Privacy Policy
Last Updated: 10 February 2026
General Information
In order to ensure transparency and give you more control over your Personal Data, this privacy policy (“Privacy Policy”) governs how we, Immunai Inc. and its affiliates and subsidiaries (together, “Immunai” “we”, “our” or “us”) use, collect, and store Personal Data we collect or receive from or about you (“you”).
The contact details of the organization responsible for Immunai’s Personal Data processing activities are as follows:
Immunai Inc. 430 E 29th St, New York, NY 10016, United States. Email: privacy@immunai.com.
Please read this Privacy Policy carefully, so you can fully understand our practices in relation to Personal Data. “Personal Data” or “Personal Information” means any information that can be used, alone or together with other data, to uniquely identify any living human being. Please note that this is a master privacy policy and some of its provisions only apply to individuals in certain jurisdictions.
Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.
In this policy we provide the following information about how we process Personal Data:
- Who controls your Personal Data;
- The circumstances in which we collect Personal Data;
- The types of Personal Data we collect and the reasons we collect it;
- Use of automated decision making;
- Use of cookies and similar technologies;
- Use of anonymized data;
- How long we keep Personal Data;
- How your Personal Data is shared;
- How we protect your Personal Data
- International data transfers;
- Your privacy rights;
- Privacy information for residents of California;
- Use by children;
- Interaction with Third Party Products;
- Contact details of our Data Protection Officer.
Who Controls Your Personal Data?
Immunai may act as either a data controller or a data processor, depending on the context in which your Personal Data is collected and used.
When we collect and use Personal Data directly from you (for example, through our website, job applications, or business contacts), we act as the data controller.
When we process Personal Data on behalf of our Partners or Customers we act as a data processor, and the relevant Partner or Customer is the data controller. In these cases, we process the data only under the controller’s instructions and our contractual obligations, and any questions about your rights should be directed to the data controller.
The Circumstances in which Immunai Collects Personal Data
Immunai collects Personal Data in the following circumstances:
- When you browse, visit or otherwise interact with our website, https://www.immunai.com (“Website”);
- When you contact us;
- When you provide us with your Personal Data and/or you give us your business card for networking purposes;
- When you/the company/organization you work for becomes an Immunai Partner or Customer and we process your details in relation to this relationship;
- When you/the company/organization you work for becomes a vendor for Immunai and we process your details in relation to our business relationship with you;
- When we process medical research data provided by our Partners and Customers as part of the Services we provide to them;
- When you use or interact with Immunai’s online products or services;
- When we collect and process medical research data for the purpose of conducting our own medical research or improving the accuracy/effectiveness of our products and services;
- When you interact with us on our social media profiles (e.g., Twitter, LinkedIn);
- When you apply for a job with Immunai or any of its subsidiaries.
In general, you are not required by law to provide us with your Personal Data and providing the same is voluntary. However, some Personal Data may be required for us to provide specific services or fulfill our legal or contractual obligations. Where we collect information directly from you, we will clearly indicate:
- Which data fields are mandatory (e.g., marked with an asterisk *);
- The purpose of collection;
- The consequences of not providing the information (e.g., limited access to services).
The Types of Personal Data We Collect and Why We Collect It
| Specific Personal Data we collect | Purposes for the data collection | GDPR Legal basis for processing data where Immunai is the controller of the data | Israeli PPL Legal Basis |
| When you browse, visit or otherwise interact with our Website | |||
| Data collected from cookies and analytics tools including IP address, location, analytics/usage data e.g. number of times you visit the website, which pages of the website you visit, how long you spent visiting the website. For more information, please read our cookies policy https://www.immunai.com/cookie-notice. | To operate, monitor and analyze the Website, to improve the Website, and provide you with certain functionalities on the Website. | GDPR Article 6(1) (a) Consent to use cookies and similar technology that are not essential to the functioning and provision of the Website. GDPR Article 6(1) (f) Legitimate interest to use cookies and similar technology essential to the functioning and provision of the Website. | Consent to use cookies and similar technology that are not essential to the functioning and provision of the Website. Legitimate interest to use cookies and similar technology essential to the functioning and provision of the Website. |
| When you contact us | |||
| Full name, email address, country of residence, job title, message/comments. Any other information that you choose to provide us with. | To process and answer questions, to process and answer commercial inquiries, to provide you with support. | GDPR Article 6(1) (b) Processing is necessary for the performance of a contract e.g. to provide you with support with services we are contracted to provide to you. GDPR Article 6(1) (f) Legitimate interest to answer your enquiries and questions. | Contractual necessity e.g. to provide you with support with services we are contracted to provide to you. Legitimate interest to answer your enquiries and questions. |
| When you provide us with your Personal Data and/or you give us your business card for networking purposes | |||
| Full Name, email address, phone number, job title, company name. Any other information that you choose to provide us with. | To establish a business connection with you or the organization you represent, to inform you about Immunai and the services we provide. | GDPR Article 6(1) (f) Legitimate interest for certain B2B discussions or lead generation activities. | Legitimate interest for certain B2B discussions or lead generation activities. |
| When you/the company/organization you work for becomes an Immunai Partner or Collaborator and we process your details in relation to this partnership/collaboration | |||
| Full name, business email, company name, job title, business phone number, details of any interactions we have with you. | To provide our products and services, to perform the applicable agreement, to comply with legal requirements, to communicate with our Partners and Collaborators. | GDPR Article 6(1) (b) Processing is necessary for the performance of a contract e.g. to provide services we are contracted to provide to you/the company organization you work for. GDPR Article 6(1) (f) Legitimate interest e.g. to provide you with information about related services. | Contractual necessity e.g. to provide services we are contracted to provide to you/the company organization you work for. Legitimate interest e.g. to provide you with information about related services. |
| When you use or interact with Immunai’s online products or services | |||
| Name, email address, IP address, product usage and analytics data including: number of logins, downloads, features used, time spent using a product or specific feature. | To understand the way our products and services are used and to improve our products and services. | GDPR Article 6(1) (a) Consent to use cookies and similar technology that are not essential to the functioning and provision of the online product or service. GDPR Article 6(1) (f) Legitimate interest to use cookies and similar technology essential to the functioning and provision of the online product or service. | Consent to use cookies and similar technology that are not essential to the functioning and provision of the online product or service. Legitimate interest to use cookies and similar technology essential to the functioning and provision of the online product or service. |
| When we process medical research data provided by our Partners and Collaborators as part of the Services we provide to them | |||
| Pseudonymised patient ID reference, demographic information e.g. patient gender, height, weight. Biological data e.g. blood/tissue samples, disease and treatment information, genetic data. | To provide our products and services, to perform applicable contractual agreements, to comply with legal requirements, to perform scientific medical research. | In most circumstances, Immunai processes this data as a processor of a Partner or a Collaborator, however Immunai processes any data it is required to retain for regulatory purposes as a controller. In this circumstance the following legal bases may apply: GDPR Article 6(1) (c) Compliance with a legal obligation e.g. laws related to retention and destruction of medical research information. GDPR Article 9(2) (g) Substantial public interest conditions e.g. where Immunai is required to retain this data under laws and regulations related to medical research. | In most circumstances, Immunai processes this data as a processor of a Partner or a Collaborator, however Immunai processes any data it is required to retain for regulatory purposes as a controller. In this circumstance the following legal bases may apply: Legal obligation e.g. where Immunai is required to retain this data under laws and regulations related to medical research. |
| When we collect and process medical research data for the purpose of conducting our own medical research or improving the accuracy/effectiveness of our products and services | |||
| Immunai patient ID reference, demographic information e.g. patient gender, height, weight. Biological data e.g. blood/tissue samples, disease and treatment information, genetic data. | To perform scientific medical research, to train our AI platform, to provide our products and services, to comply with legal requirements. | GDPR Article 6(1) (a) consent to process data for research purposes e.g. where we collect directly from individuals. GDPR Article 6(1) (c) compliance with a legal obligation e.g. laws related to retention and destruction of medical research information. | Consent to process data for research purposes e.g. where we collect directly from individuals. Compliance with a legal obligation e.g. laws related to retention and destruction of medical research information. |
| When you apply for a job with Immunai or any of its subsidiaries | |||
| Name, email address, postal address, resume, work history, LinkedIn profile, references, interview notes, right to work details. | To process your job application and evaluate your suitability in regards to a role you applied for, to find prospective candidates for open vacancies, to communicate with you about your job application or roles you may be suitable for. | Article 6(1)(b) – processing is necessary for the performance of a Contract e.g. to assess your suitability for a job role you applied for. Article 6(1) (a) consent e.g. after rejection, to keep in touch with you about new vacancies or store your resume in case you may be suitable for future roles. Article 6(1) (f) legitimate interests to headhunt and communicate with suitable candidates for vacant job roles. | Consent to process applications for the purpose of assessing candidate suitability for the role. |
| When you interact with us on our social media profiles | |||
| Full name, social media handle, comments/queries, any other data you decide to provide to us. | To reply and/or respond to your request, comment or question. | GDPR Article 6(1) (f) Legitimate interest (e.g. to respond to your request, comment or question). | Implied consent to process the information necessary to respond or manage the interaction. |
Finally, please note that some of the abovementioned Personal Data will be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes. Personal Data may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims.
Where required by law, we will request your informed, specific, and explicit consent before collecting or processing sensitive Personal Data, such as genetic, biometric, or health-related information.
You may withdraw your consent at any time by contacting us at privacy@immunai.com. This will not affect any processing already carried out based on your prior consent.
Use of Automated Decision Making
Immunai uses Artificial Intelligence (AI) as part of its research and related commercial services. This means that any Personal Data provided to us for research purposes may be subject to automated decision making. If you have the right to opt out of automated decision making under applicable data protection regulations e.g. GDPR and CPRA details on how you can exercise this right are available in the ‘Your Privacy Rights’ section of this policy.
Use of Cookies and Similar Technologies
Immunai uses cookies and similar technologies within its Websites and products. Cookies are files saved on your phone, tablet or computer when you visit a website that collects information about how you use a website or product. Some cookies (e.g. cookies that are essential for a website or product to work) cannot be disabled. You may control and delete these cookies through your browser settings. You can read more in our cookie policy. https://www.immunai.com/cookie-notice.
Immunai uses a tool called “Google Analytics” within its Website and products to collect information about use of the Website. Google Analytics collects information such as how often users visit this Website, what pages they visit when they do so, and what other websites they used prior to coming to this Website. We use the information we get from Google Analytics to maintain and improve the Website and our products. We do not combine the information collected through the use of Google Analytics with Personal Data we collect. Google’s ability to use and share information collected by Google Analytics about your visits to this Website is restricted by the Google Analytics Terms of Service, available at https://marketingplatform.google.com/about/analytics/terms/us/, and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. You may learn more about how Google collects and processes data specifically in connection with Google Analytics at http://www.google.com/policies/privacy/partners/. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.
We reserve the right to remove or add new analytic tools.
Use of Anonymized Data
In certain cases, we may anonymize or de-identify your Personal Data. “Anonymous Information” means information which does not enable identification of an individual user, such as aggregated information about the use of our services. We may use and store Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our services and enhance your experience with them).
How Long We Keep Personal Data
Your Personal Data (as described above) will be stored until we no longer need it for the purposes detailed in this policy, or for a longer period if required by relevant laws. We will proactively delete or anonymize it, or keep it until you send a valid deletion request. Please note that we may need to retain data in accordance with data retention laws. We have an internal data retention policy to ensure that we do not retain your Personal Data perpetually.
In some circumstances we may store your Personal Data for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings.
How Your Personal Data is Shared
We may share your Personal Data in the following circumstances:
- With our affiliated companies and business partners with whom we jointly offer products or services;
- With third party service providers Immunai uses to perform business related tasks on our behalf under our instructions;
- To the extent necessary, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
- If, in the future, we sell or transfer, or we consider selling or transferring, some or all of our business, shares or assets to a third party, including without limitation in the context of liquidation, we will disclose your Personal Data to such third party (whether actual or potential) in connection with the foregoing events, including in the context of negotiating the foregoing;
- In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your Personal Data in connection with the foregoing events, including in the context of negotiating the foregoing;
- Where you have provided your consent to us sharing or transferring your Personal Data (e.g., where you provide us with marketing consents or opt-in to optional additional services or functionality).
Subprocessors
Immunai uses the following third party service providers (known as subprocessors) to support the delivery of our services. These subprocessors may process your Personal Data:
| Name | Purpose | Location |
| Google Cloud Platform | Data storage platform | USA |
| Google Workspace | Email, calendar, document creation and storage platform | USA and EU |
| Benchling | Lab and research data platform | USA |
| Hetzner | Data storage platform | Germany |
| GENEWIZ/Azenta | Genomics services | USA |
| Spin.AI | Data backup services | USA |
| Comeet | Recruitment management platform | USA |
| Cookiebot | Cookie consent management platform | Denmark |
| AWS | Data transfer and storage | USA |
| Zoom | Video conferencing | USA |
How We Protect Your Personal Data
We have implemented appropriate technical, organizational and security measures designed to protect your Personal Data including encryption, role based access and the implementation of security policies and processes. However, please note that we cannot guarantee that the information will not be compromised as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
Data Breach Notification
In the event of a Personal Data breach, Immunai will take prompt action to contain and mitigate the incident. We will assess the severity and nature of the breach and comply with all applicable legal obligations, including notifying the relevant data protection authorities and affected individuals where required. The table below outlines our notification obligations under key privacy laws, including the circumstances in which a breach must be reported and to whom.
| Legislation | When is a breach reportable? | Where is it reported? |
| Israel – Protection of Privacy Law (Amendment 13) | When the breach creates a real risk of harm to the rights of data subjects | To the Israeli Privacy Protection Authority (PPA). Affected individuals must also be notified if there is real risk of harm |
| EU – General Data Protection Regulation (GDPR) | When the breach is likely to result in a risk to the rights and freedoms of natural persons | To the relevant EU Data Protection Authority (DPA) within 72 hours. Individuals must also be notified if risk is high |
| Switzerland – Federal Act on Data Protection (FADP, 2023) | When the breach is likely to lead to a high risk to the personality or fundamental rights of the data subject | To the Swiss Federal Data Protection and Information Commissioner (FDPIC). Individuals may also need to be informed |
| California – California Privacy Rights Act (CPRA) | When unencrypted Personal Data is acquired by an unauthorized person | To affected individuals without unreasonable delay. Also to the California Attorney General if >500 residents are affected |
International Data Transfers
Transfers of Personal Data from EU/EEA/UK are covered by the European Commission’s Adequacy Decision regarding Israel. You can read more here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
Your Personal Data may be transferred within the Immunai group of companies (including subsidiaries and affiliates), some of which may be located outside your jurisdiction, including outside of Israel, the EU, the EEA, the UK, or other countries with recognized adequacy status. Transfers within the Immunai group are governed by an intra-group data transfer agreement that ensures your Personal Data is protected with a consistent and adequate level of security and privacy safeguards, regardless of where it is processed.
If you are located in the EU/EEA/UK, we rely on standard contractual clauses (SCCs) approved by the European Commission or the UK Information Commissioner’s Office to safeguard Personal Data transferred to countries without an adequacy decision.
If your Personal Data is transferred from Israel to a third country that does not ensure an adequate level of data protection (as defined by the Israeli Protection of Privacy Law), we ensure that the transfer is made:
With your informed consent, or;
To a recipient who is subject to contractual or legal safeguards that ensure an adequate level of protection in accordance with Israeli law and regulations.
Your Privacy Rights
The following rights (which may be subject to certain exemptions or derogations) shall apply to individuals where these rights are provided for under applicable local data protection laws e.g. the GDPR/UK GDPR, FADP, CPRA, Israeli PPL:
- The right to access Personal Data held about you;
- The right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
- The right to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the establishment, exercise or defense of legal claims;
- The right to object, to or to request restriction, of the processing;
- The right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
- The right to object to profiling;
- The right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
- The right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality;
- The right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.
You can exercise your rights by contacting us at privacy@immunai.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfill your request.
When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initial requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
Privacy information for Residents of California
The following additional information is provided for California residents, including details about the personal information we collect about California consumers and their rights under the California Consumer Privacy Act or “CCPA,” as amended by the California Privacy Rights Act or “CPRA”.
California law requires Immunai to provide the following information to California residents about the Personal Data we collect 1) the categories and purpose for which we use each category of personal information we collect; and (2) the categories of third parties to which we (a) disclose such personal information for a business purpose, (b) “share” personal information for “cross-context behavioral advertising,” and/or (c) “sell” such personal information.
The CPRA defines “sharing” as sharing information in the context of targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites. “Selling” is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration.
- Immunai processes the following personal information about California Consumers: Identifiers/contact information;
- Commercial information;
- Internet or electronic network activity information;
- Financial information;
- Geolocation information;
- Professional or employment-related information;
- Audio and visual data;
- In limited circumstances where allowed by law, information that may be protected under California or United States law; and
- Inferences drawn from any of the above categories.
We collect this information for the business and commercial purposes described above.
The CCPA provides California consumers with the following rights:
- The right to request to know more details about the categories or specific personal information we collect (including how we use, disclose, or may sell this information);
- The right to delete their personal information;
- The right to opt out of any “sales”, to know and opt out of “sharing” of personal information for delivering advertisements on third party websites;
- The right not to be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at privacy@Immunai.com. We may require you to provide information to verify your identity prior to fulfilling your request.
Our California Do Not Track Notice: Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Use by Children
We do not offer our products or services for use by children and, therefore, we do not knowingly collect Personal Data from, and/or about children under the age of eighteen (18). If you are under the age of eighteen (18), do not provide any Personal Data to us without involvement of a parent or a guardian. For the purposes of the GDPR, we do not intend to offer information society services directly to children. In the event that we become aware that you provide Personal Data in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at privacy@immunai.com.
Interaction with Third Party Products
We enable you to interact with third party websites, mobile software applications and products or services that are not owned or controlled by us (each a “Third Party Service”). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services can collect Personal Data from you and use it differently from us. We have no control over what is done with information collected by Third Party Services and therefore we take no responsibility whatsoever for how they gather or use data, share data with third parties or any other action they take with data they have collected. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service.
Contact Us
Immunai has appointed a Data Protection Officer (DPO). The DPO is responsible for overseeing data protection best practice within Immunai and its subsidiaries. In addition, Immunai has appointed a Data Security Officer (DSO). The DSO is responsible for implementing and supervising data security measures. If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to contact us first.
The DPO’s and DSO’s details are as follows:
| Role | Name | Contact information |
| DPO | Suzy Bartlett | privacy@immunai.com |
| DSO | Eli Hakimov | privacy@immunai.com |
Rights, Appeals and Complaints
If you are unhappy with the way your request/complaint/query has been dealt with by Immunai you have the right to complain to the relevant data protection supervisory authority as follows:
| Law | Jurisdiction | Supervisory Authority |
| GDPR | EU / EEA | National Data Protection Authority (see: edpb.europa.eu) |
| Israeli PPL (Amendment 13) | Israel | Privacy Protection Authority (PPA) — gov.il/PPA, ppa@justice.gov.il |
| Swiss FADP | Switzerland | Federal Data Protection and Information Commissioner (FDPIC) — edoeb.admin.ch, info@edoeb.admin.ch |
| CPRA (formerly CCPA) | California, USA | California Privacy Protection Agency (CPPA) — cppa.ca.gov, info@cppa.ca.gov |
EU–U.S. Data Privacy Framework Notice
Immunai Inc. complies with the EU–U.S. Data Privacy Framework (“EU–U.S. DPF”), the UK Extension to the EU–U.S. DPF, and the Swiss–U.S. Data Privacy Framework (“Swiss–U.S. DPF”) as set forth by the U.S. Department of Commerce. Immunai has certified to the U.S. Department of Commerce that it adheres to the DPF Principles with respect to the processing of personal data received from the European Union, the United Kingdom (and Gibraltar), and Switzerland in reliance on the applicable DPFs.
If there is any conflict between the terms in this Privacy Policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
U.S. Regulatory Enforcement
Immunai is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Independent Recourse Mechanism
In compliance with the EU–U.S. DPF, the UK Extension to the EU–U.S. DPF, and the Swiss–U.S. DPF, Immunai commits to resolve complaints about our collection or use of personal data transferred to the United States under the DPFs.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, Immunai has committed to cooperate with JAMS, a U.S.-based alternative dispute resolution provider, to resolve such complaints free of charge.
You may contact JAMS at: https://www.jamsadr.com/dpf-dispute-resolution
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Immunai commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
Binding Arbitration
Under certain conditions, EU, UK, and Swiss individuals may invoke binding arbitration as a last resort to resolve complaints regarding Immunai’s compliance with the DPF Principles that are not resolved through other DPF mechanisms. This option is available pursuant to the DPF arbitration procedures, as described in Annex I of the DPF Principles.
Onward Transfers
In the context of onward transfers, Immunai remains responsible for the processing of personal data it receives under the DPFs and subsequently transfers to a third party acting as an agent on its behalf. Immunai shall remain liable under the DPF Principles if its agent processes such personal data in a manner inconsistent with the DPF Principles, unless Immunai proves that it is not responsible for the event giving rise to the damage.
Access Rights
In accordance with the DPF Principles, individuals have the right to access personal data about them that is transferred to the United States under the DPFs, and to correct, amend, or delete information that is inaccurate or has been processed in violation of the DPF Principles, subject to applicable legal limitations.
Requests to exercise these rights should be submitted to: privacy@immunai.com
Oversight by the U.S. Department of Commerce
Immunai’s commitments under the EU–U.S. DPF, the UK Extension, and the Swiss–U.S. DPF are subject to oversight and enforcement by the U.S. Department of Commerce and the Federal Trade Commission.
Updates to the Privacy Policy
This Privacy Policy is updated from time to time to make sure it is up to date and accurate. We therefore ask you to check back periodically for the latest version of this Privacy Policy. If we implement significant changes to the use of your Personal Data in a manner different from that stated at the time of collection, we will notify you by posting a notice on our Website or by other means as required under relevant local laws. Unless stated otherwise, all changes will go into effect on the day of their publication on our Website or Application.