This privacy policy (the “Policy”) addresses how we handle and protect personal data collected via the EVAXION BIOTECH website. We strongly recommend that you read this privacy policy and, if you have any questions, contact us via dataprivacy@evaxion-biotech.com.

“EVAXION” or “we” means Evaxion Biotech, a Danish company with our registered office at Dr Neergaards Vej 5 F, 2970 Hørsholm, Denmark.

As data controller we respect your right to privacy. We will only process personal data (related to visitors and subscribers to the EVAXION alert services) as described in this Policy and in accordance with the relevant data protection legislation, including the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”).

EVAXION is responsible for the processing of your personal data and may collect and process the following personal data about you.

When you access the site, the servers consulted will automatically collect the following personal data:

• the IP address assigned to you during your connection;
• the date and time you have accessed the website;
• the platform and/or operating system installed on your computer;
• the search engine and key words used to find the website.

These personal data are processed and kept for the sole purpose of measuring the number of visitors to the different sections of the website and to make improvements to our website.

When subscribing to the EVAXION alert services through the contact forms on our website, it may well be that we obtain your email address, your first and last name and some other limited personal data, which may include your organization, that you provide when completing the contact forms. Furthermore, we may process personal data that are publicly available about you or that we lawfully obtain from third parties or that we obtain during a personal meeting or conversation with you.

These personal data are processed and stored for the sole purposes:

• of providing the information requested by you as user of the website;
• to recruit you as a potential employee or service provider;
• to enter into a business relation with you as potential customer, supplier or investor;
• to ensure that the website functions properly;
• to comply with the applicable law and regulations.

We will keep personal data as long as is needed to achieve the relevant purpose for which it was collected or for a longer period if required by applicable law and regulations.

We will not transfer personal data to third parties except if we have a legal basis to do so. This means that we can transfer personal data to a third party in the following circumstances:

• If there is a legitimate interest: to ensure the functioning of the website and to protect it, to receive requests and questions, to get in contact with a user as a potential employee, service provider, customer, supplier or investor.
• For the performance of a contract: if you are a candidate seeking employment, a service provider, an employee, a potential customer or supplier or investor seeking to do business with us, the entering into the contract or the business relation may require us to transmit personal data to enter into and to perform our contract with your;
• In case of consent: we will ask for your consent before we use personal data to send you direct marketing information about our products;
• To comply with applicable laws and regulations.

We can disclose personal data to our subsidiaries for the above purposes.

Notwithstanding the above we may transfer personal data to third parties that are successor in title to our business or assets or that acquire (parts of) our business or our shares. Furthermore, we may transfer personal data to service providers that assist us in achieving the above purposes. As a consequence, human resources or pay-roll service providers or IT service providers may receive personal data we have collected through our website.

Your personal data may be transferred to countries outside the European Economic Area. In such countries there may not be the same level of protection as within the European Economic Area. When we transfer personal data to such countries, we will strive to include appropriate safeguards so that your personal data are protected.

EVAXION may change the Privacy Policy at any time. Any changes to the Privacy Policy will become effective when the revised Privacy Policy is made available on the website. Please read the content of the Privacy Policy regularly before accessing the website, as your continued use of the website after any changes to the Privacy Policy means that you accept the revised Privacy Policy.

Subject to the GDPR and its implementing laws, you have the following rights:

• You have the right to request access to your personal data.
• You have the right to request that your personal data be corrected or deleted.
• You have the right to request that we restrict our processing of your personal data.
• You have the right to object to the processing of your personal data.
• You can require that your personal data are transferred to a third party.
• You have the right to request that personal data that has been transmitted by you to us, be provided to you in a machine-readable format.
• You have the right to launch a complaint with the competent data protection authority if you believe we did not properly handle your personal data or did not respect your rights.

Please contact us via dataprivacy@evaxtion-biotech.com in case you wish to have exercise any of these above rights.

While we take all reasonable measures to ensure confidentiality of your personal data, you acknowledge that a transmission of personal data via the Internet is never without risk. To the fullest extent permitted by law, you hence agree that any possible direct or indirect damage that you would suffer following an illegal or wrongful use of your personal data by third parties who do not have authorization to do so, can never be allocated to nor recovered from us.

For any privacy-related questions, including regarding how we collect, store and use your personal data, you can contact us:

by sending an email to the following address:
dataprivacy@evaxtion-biotech.com

by writing to the following postal address:
EVAXION BIOTECH
Dr Neergaards Vej 5F, 2970 Hørsholm
Denmark