The website (hereinafter “website”) is operated by Imvax, Inc. and its affiliates (hereinafter “Imvax”, “we” or “our”).

Imvax is responsible for the content of the website that relates to data privacy. We recognize the significance of your personal data and are under obligations to observe and protect it.

This Privacy Policy relates to the capturing and use of information by Imvax while you visit and use the website. If you are located in the European Union (“EU”), you may have particular rights and obligations in relation to your personal information collected by Imvax (which are explained below) and Imvax shall be the data controller under EU data protection laws, to the extent necessary and applicable.

Please read this Privacy Policy carefully so that you know what information we capture from you, how this information will be used, who it may be disclosed to, what choices you have with regard to the capturing of your personal data, what rights you have in terms of this information, and what safety measures we have implemented to protect your personal data. This Privacy Policy is also part of the Terms and Conditions that are applicable for this website (hereinafter, “Terms and Conditions”).

By using this website, you consent to our Terms and Conditions and this Privacy Policy.

We review our Privacy Policy from time to time to ensure compliance with applicable law, and to optimize and further develop them, since the protection of your personal data is an important concern for us. Any changes to our Privacy Policy will be posted on this page in the future, and you may be notified by e-mail if applicable.

Please check here periodically for all updates and changes to our privacy policy.


The term personal data as used in this Privacy Policy refers to information such as your name, birth date, e-mail address, mailing address, or telephone number that can be used to identify you. Generally, we will only process your personal data captured while you visit this website as described in this Privacy Policy. However, we reserve the right to conduct additional processing to the extent permitted or required by law, or in support of any legal or criminal investigation.

The next sections explain how and when we collect personal data from you and what we do with it.


We will collect and process the following personal data about you:

Information you give us: If you send us an e-mail to the e-mail addresses stated on the “Contact” page of the website, or if you correspond with us by other means such as the telephone, the personal data provided by you (which could include data concerning your medical condition) will be collected and processed by Imvax. This includes information such as your name, your e-mail address, and/or telephone number, if you have reported these in your e-mail.

When you contact us by e-mail or via our contact form, the data you provide (your e-mail address and your name, possibly your telephone number) will be stored by us in order to answer your questions. The collection and processing of this data is carried out exclusively for the purpose of processing your request in accordance with your wishes and providing the service you have requested, such as sending you marketing materials (Art. 6 para. 1 lit. b and f GDPR). The data will only be stored for as long as is necessary to process your request or due to statutory retention periods. We delete the data arising in this connection after the storage is no longer necessary, or restrict the processing if there are legal storage obligations.

If we wish to use external contract service providers for individual functions of our offer or use your data for advertising purposes, we will inform you below in detail about the respective processes. We also specify the fixed criteria for the storage period.

Information we collect about you: We also automatically collect information from all of our website visitors, on each of their visits to our website. When you access the website, technical data is captured by our automated data capturing systems, which may include cookies and other common technologies.

If you only use the website for information purposes, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Contents of the request (concrete page)
  • Access status/HTTP status code
  • amount of data transferred in each case
  • Website from which the request originates
  • browser
  • Operating system and its interface
  • Language and version of the browser software.

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie (here by us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.


Our websites are directed toward adults. We do not knowingly collect or use any personal data from children under age of 16, and if we become aware that we have collected such data we will delete it.


Affiliates: We share your personal data with our affiliates as necessary to fulfil the purpose for which this information was provided including providing our product or communicating with you.

Service providers: We share information with service providers that assist us with certain functions of the website as well as with the provision of the product. This includes: direct marketing, website hosting, analytics, and technical support. All services providers must adhere to our Privacy Policy and use of the data is only permitted by them within the framework of providing services on our behalf.

Information security: The server used to operate the website automatically identifies a computer using its IP address. If we determined that the website has been used improperly, or that you have caused or have attempted to cause any damage to the website, we may carry out an investigation and work together with the relevant prosecution authorities to protect our rights or our property. Your personal data may be disclosed in the context of such an investigation.

Compliance with legal obligations: In a similar manner, we will disclose your personal data in accordance with any applicable law, regulation, legal process, or enforceable governmental request, or when directed to by state authorities, or if we are of the opinion that this disclosure is to protect our rights and our property, and/or the rights, property, or security of third parties, including consultants, prosecution authorities, legal, and regulatory authorities, as well as healthcare authorities such as the European Medicines Agency (EMA).

Business reorganization: We will transmit your personal data to third parties in the event we are involved in a merger, acquisition, restructuring, or if the entirety of our assets or business shares, or a part thereof, are acquired, or if our legal successor assumes control of, or becomes a part of our company if we are involved in liquidation proceedings.


We process your personal data for the purposes described above, based on the following legal grounds:

  1. With your consent: We ask for your consent to process your information for specific purposes and you have the right to withdraw your consent at any time. You may unsubscribe from this mailing at any time.
  2. For our legitimate interests: We process your information for our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. For example, we process your information to help us:
    1. Provide, maintain, and improve our website;
    2. Perform analytics and research aimed at improving the accuracy, effectiveness, usability, or popularity of the website;
    3. Improve the content and features of the website or develop new content and features;
    4. Promote website content;
    5. Detect, prevent, or otherwise address fraud, abuse, security, or technical issues with our website;
    6. Protect against harm to the rights, property, or safety of Imvax, our employees, or the public as required or permitted by law;
    7. Share information with our third-party providers in connection with the management or optimization of our website
    8. Share information with third parties in connection with a business reorganization or liquidation proceedings
    9. Enforce legal claims, including investigation of potential violations of applicable Terms and Conditions.
  3. To fulfill our contractual obligations: We process your personal data to provide a service you have requested under a contract. For example, we will use your information to respond to inquiries that you have sent to us on the website.
  4. To comply with legal obligations: We process your personal data when we have a legal obligation to do so, for example, if we are responding to legal process or an enforceable governmental request.


We will retain your information for as long as is necessary for the purpose for which you provided the data and in accordance with our Records Retention Policy developed in accordance with applicable data protection law. We may retain information for a longer time to the extent that we are obliged to do so in accordance with applicable laws and regulations and/or as necessary to protect our legal rights or for certain business requirements.

Please note that even if you request that we delete your information, deletion by our third-party providers may not be immediate and the deleted information may persist in backup copies for a reasonable period of time.


If our processing of your information is subject to the data protection laws of the European Union, you are entitled to:

  • Right to information (i.e., receive copies of your personal data under certain circumstances)
  • Right to rectification (i.e., request the correction or deletion of erroneous or incomplete personal data to the fullest legally permissible extent)
  • Right to deletion i.e., (i.e., requests to delete personal data will be subject to any applicable legal and ethical reporting or document filing or retention obligations imposed on us)
  • Right to limit or object to the processing (i.e., have the processing of your personal data restricted where you dispute its accuracy, if you think its processing is unlawful, or if you otherwise object to its processing or when Imvax no longer needs your personal data and you need it in relation to a legal claim)
  • Right to data transferability (i.e., move your data)

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

If you would like to exercise the above-mentioned rights, please direct your written concerns to:

Imvax, Inc.
601 Walnut Street, Suite 440W
Philadelphia, PA 19106
Attn: Chief Legal Officer

Please do not send us any unencrypted personal data via e-mail. We would also like to inform you that in order to determine its authenticity, we must review and investigate any correspondence that we receive via e-mail that makes an application for access to, or amendment of your data.


The safety of your personal data is an important concern for us. We take appropriate steps, including technical, administrative, and physical security measures to protect the personal data provided to us against loss, misuse, and unauthorized access, disclosure, amendment, and deletion. However, no Internet security or transmission processes are 100% safe. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Always exercise caution when transmitting personal data via the Internet.


  1. This website uses the following types of cookies, the scope and functionality of which are explained below:
    1. Transient Cookies (see 2)
    2. Persistent Cookies (see 3).
  2. Transient Cookies are automatically deleted when you close your browser. This includes session cookies in particular. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
  3. Persistent Cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
  4. You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.
  5. When you visit our website, we place a “cookie” on your computer for the allocation of a session ID and based on the content prepared in accordance with your interests; This allows you to use our website more easily during further visits. Internet browsers usually allow cookies to be deleted from the hard drive or blocked, or warned when a cookie appears. It is up to you whether you accept or decline cookies. Most web browsers automatically accept cookies, but you can change your browser settings so that you have the option to decline cookies. If you block cookies on your computer, you may not be able to access all features and features of the website.
  6. For more information about cookies and where they are placed and how they are managed and how they can be deleted, see


If you have questions, comments, or suggestions regarding this Privacy Policy or our internal Data Privacy Procedures, please contact us at:

Imvax, Inc.
601 Walnut Street, Suite 440W
Philadelphia, PA 19106