Privacy statement

This Notice applies to all Visitors of the LCB’s website whose personal data (including cookies) is being processed.

The following Notice does not refer to foreign internet sites of other providers to which our site is linked, or, vice versa, from which a link to our website is made.

In processing your personal data, Light Chain Bioscience-Novimmune SA acts as the Data Controller (“Owner”) as per GDPR and FADP. This means that we are responsible for deciding how we hold and use personal data about you.

Email address: This email address is being protected from spambots. You need JavaScript enabled to view it.

Postal address: Chemin du Pré Fleuri 15, CH-1228 Plan-Les-Ouates, Geneva, Switzerland.

LCB has appointed a Data Protection Officer (or “Data Protection Advisor”), whose role in relation to data protection includes informing and advising LCB of its obligations under applicable Data Protection Laws. 

The contact details of the Data Protection Officer are as follows:

Email Address:  This email address is being protected from spambots. You need JavaScript enabled to view it.

Do you use the information for other purposes? Newsletters, participation to events, other contact forms…

LCB does not sell or trade to outside parties your personal data.

LCB may transfer your personal data with relevant LCB’s departments and third parties where it is necessary for the purposes described in this Notice. Those third parties are the following:

• LCB appropriate department to answer to your request
• LCB HR department and hiring department in case you are a candidate
• Any authority for which we are legally obliged to do so where applicable (e.g. Tax Authorities, social security authorities)

In certain situations, your personal data may be transferred to third parties through the use of products or services integrated on our Website. For further information, please refer to our Cookies Notice.

Sharing your personal data as described above may involve transferring it to third countries located (i) outside Switzerland, or (ii) outside the European Economic Area, whose data protection and Data Protection Laws may not be equivalent to, or as protective as, those that exist in your country of residence.

In case of such cross-border disclosure, your personal data will only be transferred to third country guaranteeing an adequate level of protection in accordance with the applicable (i) Swiss Federal Council’s decision or, (ii) the European Commission’s decision.

In case of absence of such adequacy decision, your personal data will still be disclosed abroad only if appropriate safeguards are guaranteed pursuant to FADP or GDPR, including EU Commission’s Standard Contractual Clauses (subject to Swiss Addendum when transfer is covered by both FADP and GDPR)

The list of all the third countries outside Switzerland to which LCB intends to transfer your personal data can be found in

You can receive a copy of the appropriate safeguards by contacting LCB’s Data Protection Officer at the contact details provided above (in the section entitled “How to contact LCB’s Data Protection Officer ?”).

Automated decision-making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a justification for doing so and we have prior notified you.

LCB takes appropriate technical and organizational security measures to protect your personal data in compliance with applicable data protection and privacy laws, which includes protection against accidental or unlawful destruction, loss, alteration, unauthorized access to, or disclosure of your personal data.

Your personal data are contained behind secured networks and are only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.

Our website «www.lightchainbio.com» uses SSL encryption for reasons of security and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection if the address line of your browser changes from “http://” to “https://” and the padlock icon is dis-played in your browser line. If SSL encryption has been activated, the data you transmit to us cannot be read by third parties.

We process and store personal data mostly in Switzerland and the European Economic Area (EEA). In certain cases, however, we may also disclose personal data to service providers and other recipients (see section 8) who are located outside this area or who process personal data outside this area, in principle in any country in the world. The countries concerned may not have laws that protect your personal data to the same extent as in Switzerland or the EEA. If we transfer your personal data to such a country, we will ensure the protection of your personal data in an appropriate manner.

One means of ensuring adequate data protection is, for example, the conclusion of data transfer contracts with the recipients of your personal data in third countries that ensure the necessary data protection. These include contracts that have been approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner, so-called standard contractual clauses. An example of the data transfer contracts we typically use can be found here. Please note that such contractual arrangements can partially compensate for weaker or missing legal protection, but cannot completely exclude all risks (e.g. of government access abroad). In exceptional cases, the transfer to countries without adequate protection may also be permissible in other cases, e.g. based on consent, in connection with legal proceedings abroad or if the transfer is necessary for the performance of a contract.

Certain types of personal data are considered "particularly worthy of protection" under data protection law, e.g. information on health and biometric characteristics. Depending on the constellation, the categories of personal data mentioned in section 4 may also include such particularly sensitive personal data. As a rule, however, we only process particularly sensitive personal data if it is necessary for the provision of a service, you have provided us with this data of your own accord or you have consented to the processing. We may also process particularly sensitive personal data if this is necessary to uphold the law or to comply with domestic or foreign legal provisions, if the data concerned has clearly been disclosed to the public by the person concerned or if the applicable law otherwise permits its processing.

We may process sensitive personal data in the following cases, for example:

• You apply for a job vacancy and provide information about your health, trade union affiliation or criminal record.

"Profiling" means the automated processing of personal data in order to analyse personal aspects or make predictions, e.g. the analysis of personal interests, preferences, affinities and habits or the prediction of probable behaviour. Profiling can be used in particular to derive preference data (for more information, see section 4.5).

Profiling is a common process, e.g. in automated processing

• of behavioural, transactional and technical data in connection with our websites;
• of information in connection with the attendance of events;
• of communication data, e.g. your response to advertising and other communications;
• from other behavioural and transactional data.

Profiling helps us to do this, for example,

• to continuously improve our services and better tailor them to individual needs;
• To present our contents and offers to you in a way that meets your needs;
• To better support you in customer service;
• to decide which payment options are available based on a credit check.

In order to improve the quality of our analyses and forecasts, we may also combine personal data from different sources as a basis for profiling, e.g. data collected via various of our services. Self-learning algorithms (specific programming in computer programs) may also be used.

You can object to profiling in certain cases as described in section 15.

An "automated individual decision" is a decision that is fully automated, i.e. without human influence, and that has legal consequences for the data subject or otherwise significantly affects him or her. We do not usually do this, but will inform you separately should we use automated individual decisions in individual cases. You then have the option of having the decision reviewed by a human being if you do not agree with it.

We take appropriate security measures of a technical and organisational nature to maintain the security of your personal data, to protect it against unauthorised or unlawful processing and to protect against the risk of loss, accidental alteration, unauthorised disclosure or access. However, like all companies, we cannot rule out data security breaches with absolute certainty; certain residual risks are unavoidable.

Security measures of a technical nature include, for example, the encryption and pseudonymisation of data, logging, access restrictions and the storage of backup copies. Security measures of an organisational nature include, for example, instructions to our employees, training and controls. We also oblige our order processors to take appropriate technical and organisational security measures.

We process and store your personal data,

• as long as it is necessary for the purpose of the processing or purposes compatible with it, in the case of contracts as a rule at least for the duration of the contractual relationship;
• as long as we have a legitimate interest in storing it. This may be the case in particular if we need personal data to enforce or defend claims, for archiving purposes and to ensure IT security;
• as long as they are subject to a statutory retention obligation. For certain data, for example, a ten-year retention period applies. For other data, shorter retention periods apply in each case, e.g. for recordings from video surveillance or for recordings of certain processes on the internet (log data).

In certain cases, we also ask for your consent if we want to store personal data for longer (e.g. for job applications that we want to keep pending). After expiry of the above-mentioned periods, we delete or anonymise your personal data.

We are guided by the following retention periods, for example, although we may deviate from these in individual cases:

• Contracts: As a rule, we keep master and contract data for ten years from the last contract activity or from the end of the contract. However, this period may be longer if this is necessary for reasons of evidence, legal or contractual requirements or for technical reasons. Transaction data in connection with contracts is generally retained for ten years.
• Technical data: Cookies are usually stored for between a few days and two years, unless they are deleted immediately after the end of the session.
• Communication data: E-mails, messages via the contact form and written correspondence are generally retained for ten years.
• Image and sound recordings: The retention period varies depending on the purpose. It ranges from a few days for security camera recordings to several years for reports on events with images.
• Job applications: As a rule, we delete application data within six months after completion of the application process. With your consent, we may keep your application pending with a view to possible subsequent employment.

You have the right to object to data processing, especially if we process your personal data on the basis of a legitimate interest and the other applicable conditions are met. You can also object to data processing in connection with direct marketing at any time. This also applies to profiling, insofar as this is connected with such direct marketing.

To the extent that the applicable requirements in each case are met and no statutory exceptions apply, you also have the following rights:

• the right to request information about your personal data stored by us;
• the right to have inaccurate or incomplete personal data corrected;
• the right to request the deletion or anonymisation of your personal data;
• the right to request the restriction of the processing of your personal data;
• the right to receive certain personal data in a structured, common and machine-readable format;
• the right to revoke consent with effect for the future, insofar as processing is based on consent.

Please note that these rights may be restricted or excluded in individual cases, e.g. if there are doubts about the identity or if this is necessary to protect other persons, to safeguard interests worthy of protection or to comply with legal obligations.

You can also contact us in accordance with section 16 if you wish to exercise any of your rights or if you have any questions about the processing of your personal data.

You are also free to lodge a complaint with a competent supervisory authority if you have concerns about whether the processing of your personal data complies with the law.

• The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

If you have any questions about this privacy statement or the processing of your personal data, you can contact the respective company responsible at the contact details listed on its website.

You can also contact us as follows:

Light Chain Bioscience / NovImmune SA
15B Chemin du Pré-Fleuri
CH-1228 Plan-Les-Ouates Switzerland

https://www.lightchainbio.com/contact/contact-us.html

This privacy policy may be amended over time, in particular if we change our data processing practices or if new legislation becomes applicable. We actively inform persons whose contact details are registered with us of such changes in the event of significant changes, if this is possible without disproportionate effort. In general, the data protection statement in the version current at the time of the start of the processing in question applies to data processing in each case.
 

Last changes: 31.08.2023