Privacy and social media guidelines
Last updated 25 May 2021
We want to make sure you understand what personal information we may collect about you when you interact with Immunocore Ltd, how we use your personal information, and how we keep it safe.
This Privacy Notice explains:
- What personal information we collect about you
- How we use your personal information
- On what basis we use your personal information
- How long we keep your personal information
- We may share your personal information with others and transfer it internationally
- How we protect your personal information
- Your rights regarding your personal information
- What to do if you don’t want to provide us with your personal information
We may change this Privacy Notice from time to time. We encourage you to review this Privacy Notice periodically.
If you have any questions, please get in touch via one of the methods set out in the Contact us section below.
What personal information do we collect?
The personal information we collect when you interact with us via this website, by email, by phone, at a conference or via any other means includes:
Information you provide us with, such as
- Your email address
- Email communications sent to Immunocore Ltd
Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.
How do we use your personal information?
We may use your personal information to:
Provide you with information and services including:
- Our press releases
- Our newsletters
Contact and interact with you, including to:
- Respond to your requests (for instance if you send us an email).
- Provide important notices and updates, such as changes to our terms and policies, security alerts and administrative messages.
Operate our business, including to:
- Comply with applicable laws, regulations and guidance.
- Comply with demands or requests made by regulators, governments, courts and law enforcement authorities.
- Investigate and take action against illegal or harmful behaviour of users.
Improve our day-to-day operations, including:
- For internal purposes such as auditing, data analysis and research to help us deliver and improve our Immunocore digital platforms, content and services.
- To monitor and analyse trends, usage and activities in connection with our products and services to understand which parts of our digital platforms and services are of the most interest and to improve the design and content of our platforms.
- To improve our products and services and our communications to you.
- Where applicable, to ensure we have up-to-date contact information for you.
On what basis do we use your personal information?
Data privacy law sets out a number of different reasons on which a company may rely to collect and use your personal information.
We use your personal information for the following reasons:
- For legitimate business purposes: We use your personal information to make our communications with you more relevant and personalised to you, and to make your experience of our products and services efficient and effective. It also helps us to operate and improve our business and minimise any disruption to the services that we may offer to you.
- To comply with our legal obligations and other demands for information: It is important to us that we are able to comply with laws, regulations and guidance, as well as the other requests or demands for data as set out here. They affect the way in which we run our business and help us to make our products and services as safe as we can.
- You have given your consent: At times we may need to get your consent to allow us to use your personal information for one or more of the purposes set out above. See the “Your rights regarding your personal information” section for information about the rights that you have if we process your information on the basis of your consent.
How long will we keep your personal information?
We will always keep your personal information for the period required by law and where we need to do so in connection with legal action or an investigation involving Immunocore. Otherwise, we keep your personal information:
- For as long as needed to provide you with access to services you have requested.
- Where you have contacted us with a question or request, for as long as necessary to allow us to respond your question or request.
We sometimes share your personal information with others and transfer it internationally
We may share your personal information with:
- Members of Immunocore Holdings plc
- The following trusted third parties:
- Our agents and suppliers, including those who provide us with technology services such as data analytics, hosting and technical support.
- Our professional advisors, auditors and business partners.
- Regulators, governments and law enforcement authorities.
- Other third parties in connection with re-organising all or any part of our business.
Your personal information may be processed by Immunocore and Immunocore’s trusted third party suppliers outside of your home country. Data privacy laws in the countries to which your personal information is transferred may not be equivalent to, or as protective as, the laws in your home country.
We will implement appropriate measures to ensure that your personal information remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. These measures include data transfer agreements implementing standard data protection clauses. You can find more information about data transfer agreements here.
Protecting your personal information
We use a variety of security measures and technologies to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction in line with applicable data protection and privacy laws. For example, when we share your personal information with external suppliers, we may put in place a written agreement which commits the suppliers to keep your information confidential, and to put in place appropriate security measures to keep your information secure.
The transmission to us of information via the internet or a mobile phone network connection may not be completely secure and any transmission is at your own risk.
Websites that we do not own or control
From time to time we may provide links to websites or mobile applications that are not owned or controlled by us. This Privacy Notice does not apply to those websites. If you choose to use those websites, please check the legal and privacy statements posted on each website or mobile application you access to understand their privacy practices.
Your rights regarding your personal information
Data privacy laws provide you with a number of rights over your personal information.
You may be entitled to:
- Ask Immunocore for access to the personal information Immunocore holds about you.
- Request the correction and/or deletion of your personal information.
- Request the restriction of the processing of your personal information, or object to that processing.
- Withdraw your consent to the processing of your personal information (where Immunocore is processing your personal information based on your consent).
- Request for the receipt or the transfer to another organisation, in a machine-readable form, of the personal information that you have provided to Immunocore.
- Complain to your local data protection authority if your privacy rights are violated, or if you have suffered as a result of unlawful processing of your personal information.
If you would like to exercise your rights, please let us know by getting in touch with us as set out in the Contact us section below.
What if you do not want to provide us with your personal information?
Where you are given the option to share your personal information with us, you can always choose not to do so.
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. This could mean that we may not be able to perform the actions necessary to achieve the purposes as set out in the section “How do we use your personal information?” above or that you are unable to make use of the services and products offered by us.
Cookies and other technologies
Social media guidelines
Our posts are informational only and are not to be considered health or medical advice. You should also not consider any comments or posts by others to be a substitute for advice from your own doctor. Always talk to a medical professional to address questions about a medical condition.
We have set up our social accounts to share news and information with you. We do not promise to respond to comments or links you may post but do reserve the right to remove a comment or link at our sole discretion. Reasons we might remove them include:
- The comment mentions a specific product - whether ours or those of another company- and does not include all the information required by the government;
- The comment includes false, misleading, inaccurate or deceptive information;
- The comment contains language, images or links that are defamatory, profane, obscene, or disparaging of others’ race, gender, religion, age or lifestyle, or it contains threats/ messages condoning violence or illegal behaviors;
- The comment is off-topic or is using our space to advertise or promote other sites, products or services or to solicit followers.
If you are a minor, do not post or share comments without the permission of a parent or legal guardian.
Please be cautious about sharing details about your own healthcare or providing advice or suggestions to others. If you share personal information about other people, you are representing to us that you have the legal right and/or permissions to do so.
Comments or content posted by any person other than Immunocore are solely the views, opinions and responsibility of the person expressing them, and do not necessarily reflect our views or opinions. Immunocore does not guarantee the accuracy or reliability of third party materials.
On occasion, Immunocore may link to another website or social media account not generated by Immunocore. Doing so is not an endorsement of that site, and Immunocore has no responsibility to independently validate the accuracy or content on the third-party account.
If you are a medical professional and require further information about Immunocore, clinical research or clinical trials we are conducting, please send an e-mail to firstname.lastname@example.org
If you are a patient and require further information about Immunocore, clinical research or clinical trials we are conducting, please contact your physician.
If you have questions or requests regarding this Privacy Notice, or if you would like to exercise your rights, please contact Immunocore Ltd using the contact information below.
T: +44 (0) 1235 438600
You can contact Immunocore’s Data Protection Officer using the email address: email@example.com
Effective Date: 05/06/2020
Definitions Specific to this Policy
“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Information does not include publicly available information obtained from government records; deidentified or aggregated consumer information that cannot be reconstructed to identify you; any information covered under the Gramm-Leach-Bliley Act or the California Financial Information Privacy Act, activities covered by the Fair Credit Reporting Act, or protected health information as defined under the Health Insurance Portability and Accountability Act.
“Sale” or “sell” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.
“Service Provider” means a sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners, that processes information on behalf of a business and to which the business discloses a consumer’s Personal Information for a business purpose pursuant to a written contract.
“Third Party” means a person or entity who is not a business that collects Personal Information from consumers, as defined in the CCPA, and to whom the business discloses a consumer’s Personal Information for a business purpose pursuant to a written contract.
The Personal Information We Collect
The chart below shows the categories of Personal Information we collect or “may collect”; examples of the type of Personal Information in each category; all types of sources from which each category of Personal Information is collected; and the business purpose(s) for which that category of Personal Information is collected. We do not sell Personal Information. This information covers the past 12 months.
Categories of Personal Information
Types of Sources from which this Category of Personal Information Is Collected
Business Purpose(s) for Collection
Name, address, telephone, email, online identifier, IP address
Emails to us from website users
To respond to emails to us from website users
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement
To analyze use of our website
To analyze use of our website
We will not collect a category of Personal Information not listed above, or use any Personal Information collected in any of the above categories for a business purpose not listed above, without first providing you with notice.
You have the right to request certain information regarding the Personal Information we have collected about you in the preceding 12 months. You may make such a request up to twice in a 12-month span. Please note that there are circumstances in which we may not be able to comply with your request pursuant to the CCPA, including when we cannot verify your request and/or when there is a conflict with our own obligations to comply with other legal or regulatory requirements. We will notify you following submission of your request if this is the case.
• If you would like to request (1) the categories of Personal Information collected about you; (2) the categories of sources providing that Personal Information; and (3) the business purpose for collecting that Personal Information, please email us at firstname.lastname@example.org.
• If you would like to request the specific pieces of Personal Information we collected about you, please email us at email@example.com. We will confirm receipt of the request within ten (10) business days.
• If you would like to request (1) the categories of Personal Information collected about you; and (2) the categories of Personal Information that were disclosed for a business purpose, please email us at firstname.lastname@example.org.
Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access and deletion, your request must be verifiable before we can fulfill such request.
Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information, or a person authorized to act on your behalf.
We will only use the personal information that you have provided in a verifiable request in order to verify your request. As stated above, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority.
Deletion of Your Personal Information
You have the right to request that we delete certain Personal Information that we have collected. Please note that there are circumstances in which we may not be able to comply with your request pursuant to the CCPA, including when we cannot verify your request and/or when there is a conflict with our own obligations to comply with other legal or regulatory requirements. We will notify you following submission of your request if this is the case.
• If you would like to request that we delete your Personal Information pursuant to the requirements of the CCPA, please email us at email@example.com.
You may designate an authorized agent to exercise your rights under the CCPA on your behalf.
Pursuant to the CCPA:
• Only a business entity or natural person registered with the California Secretary of State may act as an authorized agent.
• You must provide the authorized agent written permission to exercise your rights under the CCPA on your behalf.
• We may deny a request from an authorized agent on your behalf if the authorized agent does not submit proof that he, she, or it has been authorized by you to act on your behalf if we request such proof, as permitted by the CCPA.
• Even if you use an authorized agent to exercise your rights under the CCPA on your behalf, pursuant to the CCPA we may still require that you verify your own identity directly to us. This provision does not apply if you have provided with a power of attorney under California Probate Code sections 4000 to 4465.
Additional California Privacy Rights
California Civil Code Section § 1798.83 permits users of our web site that are California residents to request certain information regarding our disclosure of personal information to other parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org with the subject “Shine the Light Request.”