Updated: 05 February 2025
At OtoImmune Ltd (“we”, “us”, “our”, as appropriate), we take the confidentiality, integrity, and security of your data seriously. We have designed this privacy policy (this “Policy”) to inform you about the types of, and ways in which we, process personal data that is provided to us by you and/or which we collect through our website.
Please note that we have a separate privacy notice for the market research questionnaire noted on our website and which can be found at the link here.
Data we may collect from you
· Data collected may also be processed on our behalf by Microsoft, through our subscription with them for their Microsoft Office 365 offering. Details relating to how Microsoft process and store your data can be found here: https://www.microsoft.com/en-gb/trust-center/privacy.
· Details of visits to this website, including but not limited to traffic data, location data, and other communication data and the resources which you access.
Please note: we do not knowingly collect personal data from or about any person under the age of 16. Accordingly, this site is not intended for any person under the age of 16. If you are under 16 years old and wish to contact us, please get your parent or guardian to do so on your behalf.
How we collect our data
As noted above, we collect data from you by filling out the various forms on our website.
At the time of writing we do not use cookies to collect personal information about you-but reserve our right to do so in the future.
What do we do with your data?
We aim to collect and use only personal data that we can justify we need for our legitimate business purposes. Typically, that will be to provide you with information about OtoImmune and any of its connected companies. However, and not withstanding this, we may disclose your personal information to:
· our subsidiaries and connected entities in theUK from time to time;
· to any party that processes or stores data on our behalf (e.g. Microsoft, as noted above);
· if we are under a duty to disclose or share your personal data to: comply with a legal obligation; comply with an order of a court or order of another competent authority or relevant regulatory body; to enforce or apply our terms of use and any other agreements; or protect our rights, property or ensure our safety and/or the safety of our customers or others. This includes exchanging information with other companies and organisations or the purposes of fraud protection and credit risk reduction. Your personal data may also be transferred and stored at destinations outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us, our subsidiaries or for one of our suppliers and/or distributors and/or parties working on our behalf.
We will take all steps reasonably necessary to ensure that your personal data is treated securely in accordance with this Policy.
Your rights
You have a right to know whether we (being the data controller of your personal data) are processing your personal data and to request access to your personal data, including: the purpose of the processing of your personal data; the categories of personal data being processed; the recipients or categories of recipient to whom personal data is sent, including recipients who are established in the EEA and those established outside the EEA; and how long your personal data will be retained and how we make our decisions as to how long your personal data will be retained.
You also have the right to request changes to your personal data, by either correcting or supplementing the personal data we hold, and, in certain circumstances, you have the right to request the deletion of your personal data held by us.
If you have submitted information to us, you may get in touch at any time to ask for a copy of the information we hold about you and to have any mistakes corrected or apply any updates, or to ask us to cease to hold the information.
You have rights to receive your personal data in a structure, commonly-used and machine-readable format and to transmit your personal data to another data controller if certain criteria are met.
We do not charge a fee for providing a copy of your personal data being processed in an electronic fashion but we reserve the right to charge a reasonable administrative fee for copies to be supplied in hard copy and/or additional requests.
Not withstanding the above, nothing in this Policy impacts your rights for and in relation to any of your personal data held by Microsoft (as noted above) and you may exercise your rights in this regard directly through Microsoft.
You also have the right to make a complaint to our supervisory authority which is the Information Commissioner in the UK (https://ico.org.uk/). You may exercise any of the above mentioned rights by emailing our data protection office at dataprotection@startcodon.co.