Vaxxinova Autogenous Vaccines GmbH
1. Juni 2018

Implementation of Information Requirements for Website Privacy Policies

1. Website Privacy Policy

We welcome you to our website. We would like to inform you about the management of your personal data in accordance with Art. 13 General Data Protection Regulation (GDPR).

Controller

The controller responsible for the described data collection and processing is:

Vaxxinova Autogenous Vaccines GmbH
Anton-Flettner-Straße 6
27427 Cuxhaven
Tel +49 4721 5907550
e-mail: info@vaxxinova.de

Usage Data

When you visit our website, the data collected from the use of the website is temporarily stored on our web server for statistical purposes in order to improve the quality of our website. This data set contains:

• the page, from which the data is requested
• the name of the data file,
• the date and time of the query,
• the amount of data transferred,
• the access status (file transmitted, file not found),
• a description of the type of browser used,
• the IP address of the requesting computer shortened to such an extent that no reidentification of any persona data is possible.

The listed usage data is stored anonymously.

2. Data Transfer to Third Parties

Data Transfer to Third Parties

We transfer your data to service providers who support us in the operation of our website and the associated processes. This transference is made under the scope of a data processing agreement in accordance to Art. 28 GDPR. Our service providers are bound to us by strict instructions and contractual obligations. We use the following service providers:

IT-Novative, Beuningen, The Netherlands

Data Transfer to Third Countries (Non-EU Countries)

In some cases, we may transfer personal data to third countries outside the EU. In each case, we ensure an appropriate level of data protection according to European standards.

In the case of Google Analytics / Double Click (USA), an appropriate level of data protection is ensured by the corresponding participation in the Privacy Shield Agreement (Art. 45 para. 1 GDPR).

3. Cookies

Cookies

We use cookies on our website. Cookies are small pieces of data that are stored and read in your end-device. A distinction is made between session cookies, which are deleted when you close your browser, and permanent cookies, which are stored even after your visit has expired. Cookies may contain data that enables the recognition of the device being used. However, in some cases cookies only contain information on certain settings which are not personal data.

We use permanent cookies on our website if you have given your consent to the cookie notice. Therefore, the data is processed based on you consent and in accordance to Art. 6 para. 1 s. 1 lit. a GDPR.

Please be aware that you can set your browser to inform you when cookies are being stored or used on the website you are visiting. Thus, any use of cookies is transparent to you. You have the possibility to delete your browser configuration at any time and prevent any use of new cookies. In the event you refuse the use of cookies, please note that our web sites may not be displayed optimally and some functions are then no longer technically available.

4. Explanation of Data Security Measures

Data Security

To avoid unauthorized access to your data, we have implemented technical and organizational measures. We use encryption technologies on our website. Your data will be transferred to our servers and back again via a connection that is protected by a TLS encryption technology. You can recognize that you are browsing on an encryption secured website by the lock-symbol shown in the address bar of your browser and by the address bar starting with https://.

5. Rights as a User

Your Rights as a User

As a website user, the GDPR grants you certain rights when processing your personal data.

1. Right of access (Art. 15 GDPR):
You have the right to obtain confirmation at to whether or not personal data concerning you is being processed, and, where that is the case access to the personal data and the information specified in Art. 15 GDPR.

2. Right to rectification and erasure (Art. 16 and 17 GDPR):
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if necessary, the right to have incomplete personal data completed.

You also have the right to obtain an erasure of the personal data concerning you without undue delay, if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer necessary for the intended purpose.

3. Right to restriction of processing (Art. 18 GDPR):
If one of the conditions set forth in Art. 18 GDPR applies, you shall have the right to restrict the processing of your data to mere storage, e.g. if you revoke consent, to the processing, for the duration of a possible examination.

4. Right to data portability (Art. 20 GDPR):
In certain situations, listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or demand a transmission of the data to another third party.

5. Right to object (Art. 21 GDPR):
If the data is processed pursuant to Art. 6 para. 1 s. 1 lit. f GDPR (data processing for the purposes of the legitimate interests), you have the right to object to the processing at any time for reasons arising out of your particular situation. We will then no longer process personal data, unless there are demonstrably compelling legitimate grounds for processing, which override the interests, rights and freedoms of the person concerned, or the processing serves the purpose of asserting, exercising or defending legal claims.

6. Right to lodge a complaint with a supervisory authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider the processing of the data concerning you infringes data protection regulations. The right to lodge a complaint may be invoked in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.

6. Online Applications

You can make an application by sending an email to jobs@vaxxinova.com . We process your personal data in accordance with applicable data protection regulations pursuant to § 26 BDSG-neu. We process the data you provide us in the context of your online application strictly for the purpose of selecting applicants. Data will not be processed for other purposes.

You determine the amount of data you want to send us in the context of your application. Applications are transferred electronically to our HR department and processed as quickly as possible. The transfer is encrypted. As a rule, applications are forwarded to the heads of the relevant departments in our company. Furthermore, your data will not be transferred to third parties. Your details will be treated confidentially in our company. If the application is unsuccessful, your documents will be deleted after 6 months.

If we may also consider your application for other or future job openings, please indicate this on your application. We will then process your data on the basis of Art. 6 para. 1 s. 1 lit. a GDPR. Throughout the application procedure you can exercise the same rights as stated above.

7. Contact Details of the Data Protection Officer

Contact Details of the Data Protection Officer
Please contact our data protection officer if you have any further questions, suggestions or wishes regarding data protection: info@vaxxinova.de