• Home
  • Pipeline
  • Company
    • About Us
    • Approach
    • Leadership
    • News
  • Relations
    • Investors
    • Career
  • Contact
  • Home
  • Pipeline
  • Company
    • About Us
    • Approach
    • Leadership
    • News
  • Relations
    • Investors
    • Career
  • Contact

Data Protection Data Privacy

Privacy Policy | iOmx Therapeutics AG
As of 14.08.2024

Who we are
The data controller responsible in accordance with the purposes of the General Data Protection Regulation (GDPR) of the European Union and other data protection regulations is:
iOmx Therapeutics AG, Fraunhoferstraße 22, 82152 Martinsried, Deutschland, +49 89 89997090-0, info@iomx.com, https://iomx.com/.

How to contact the data protection officer
The designated data protection officer is:
DataCo GmbH, Nymphenburger Str. 86, 80636 Munich, Deutschland,
+49 89 7400 45840, www.dataguard.de.

General information on data processing
On this page, we provide you with information regarding the processing of your personal data on our website. How we collect and use your personal data will depend on how you interact with us or the services you use. We only collect, use or share your personal data where we have a legitimate purpose and a legal basis for doing so.

What do we mean by ‘legal basis’?
Consent (Art. 6(1)(a) GDPR) – You have given us your consent to process your personal data for the specific purpose we have explained to you. You have the right to withdraw your consent at any time. For further information on how to withdraw consent, please see the ‘Exercising your rights’ subsections in the subsequent sections of this Privacy Policy.

Contract (Art. 6(1)(b) GDPR) – We need to use your data to fulfil a contract you have with us or to take steps prior to entering into a contract.

Legal Obligation (Art. 6(1)(c) GDPR) – We need to use your data to comply with the law.

Vital Interests (Art. 6(1)(d) GDPR) – Processing your data is necessary to protect your vital interests or those of another person (e.g., preventing serious physical harm).

Public Task (Art. 6(1)(e) GDPR) – Using your data is necessary for the performance of a task carried out in the public interest.

Legitimate Interests (Art. 6(1)(f) GDPR) – Processing your data is necessary to support a legitimate interest we or another party have, only where this is not outweighed by your own interests.

Please note: Where your data is processed under the performance of a contract or for a legal obligation, if you do not provide the data requested, we may be unable to provide you with our app.

Data sharing and international transfers
We use various service providers to help us deliver our services and keep your data secure. When we use these service providers, it is necessary to share your personal data with them. We have agreements in place with all our service providers obliging them to protect your data. Where personal data is shared outside the EU, we ensure equivalent protection by either adequacy decisions or Standard Contractual Clauses (SCCs). For example, with US service providers, we rely on SCCs or the EU-US Data Protection Framework. You can request a copy of the SCCs by contacting us.

Your rights
When your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights:

Right of access (Art. 15 GDPR): Request information about the processing of your personal data.

Right to rectification (Art. 16 GDPR): Correct or complete inaccurate data.

Right to restriction of processing (Art. 18 GDPR): Request the restriction of data processing under certain conditions.

Right to erasure (“Right to be forgotten”, Art. 17 GDPR): Request deletion of personal data under specific conditions.

Right to data portability: Receive your data in a structured, machine-readable format and transfer it to another controller.

Right to object: Object to data processing based on Art. 6(1)(e) or (f) GDPR, including profiling.

Right to lodge a complaint with a supervisory authority: If you believe your data has been processed unlawfully.

A list of supervisory authorities in Germany can be found here.

Data processing when you load our website
Each time our website is accessed, our system collects data such as browser type, operating system, Internet service provider, access date and time, referring websites, and visited pages. This data is stored in server log files to ensure website functionality and IT security. Data is deleted after seven days unless further storage is necessary; in such cases, IP addresses are anonymized.

Contact via Email
If you contact us via email, your transmitted data will be stored and used exclusively for the conversation’s processing. Legal basis is Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR if the email aims to conclude a contract. Data is deleted when no longer necessary, usually after the conversation concludes or seven days for additional data.

Application via Email and Form
You can apply for jobs via a form or email. Data collected includes name, contact information, CV, certificates, work permit status, and availability. Data is used exclusively for application processing and stored for up to six months unless legal obligations require longer retention.

Use of corporate profiles in professionally oriented networks
We maintain corporate profiles on networks like LinkedIn for communication, job applications, and public relations. If you interact with our profile, personal data like your profile name and photo may become public. Legal basis is Art. 6(1)(f) GDPR; if contract-related, also Art. 6(1)(b) GDPR.

Cookie Banner
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/

The legal basis for the processing of personal data in this context are Art. 6 (1) (c) GDPR and Art. 6 (1) (f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the personal data. If you do not provide the personal data, we will not be able to manage your consents.

Hosting
Our website is hosted by domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany. Their privacy policy is available at https://www.df.eu/de/datenschutz/. The servers automatically collect browser and access data to ensure a technically flawless website presentation. Data is processed based on Art. 6(1)(f) GDPR. The server location is Germany.

This privacy policy has been created with the assistance of DataGuard.

  • Pipeline
  • Company
    • About Us
    • Approach
    • Leadership
    • News
  • Relations
    • Investors
    • Career
  • Contact
    • info@iomx.com
    • +49 89 8999 70900
© 2025 iOmx Therapeutics AG
  • Imprint
  • Privacy policy
  • Privacy Settings
  • Privacy History
  • Revoke Consents