Privacy notice

Effective – 16 October 2020

ONK Therapeutics Limited is a business engaged or involved in development, manufacture, supply or distribution in the area of adopted natural killer cell based immunotherapy ONK Therapeutics Limited, and its subsidiaries and affiliates (hereinafter referred to as “ONK”, “us” or “we”) are committed to protecting your privacy.

This Privacy Notice applies to the capture of Personal Data on our website located at “Website”) together with the collection of data by other means and the steps taken by us to respect your privacy.

ONK Therapeutics Limited is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

We have created this Privacy Notice to demonstrate our commitment to fair information practices and its respect for your right to privacy and the protection of privacy. This Privacy Notice describes how we collect, use, disclose, transfer and store your information. By using the Website, you (the “User” or “you”) consent to the data practices contained in this Privacy Notice. If you do not agree with the data practices described in this Privacy Notice, please immediately cease using the Website.

The Privacy Notice explains the following:

  • How we collect and use your personal data.
  • The purpose and legal basis for collecting your personal data.
  • How we store and secure personal data.
  • Details of third parties with who we share personal data.
  • What your rights are.

How ONK Therapeutics Limited collects your personal data

Personal Data is information that can be used to identify or contact a single person and refers to any information that you voluntarily submit to us, including contact information (email, telephone number, address), financial data (such as credit card details) and other information about you and/or your business (“Personal Data”). We may supplement the Personal Data provided by you with additional Personal Data gathered from public sources or from third parties who may lawfully provide such information to us. You are under no obligation to provide Personal Data, with the caveat that if you chose not to do so, in many cases we will not be able to provide you with our products or services or respond to any queries you may have.

We collect personal data about you in the following ways:

Direct Interaction

  • Through direct enquiries;
  • By sending us emails and text messages (SMS or MMS) hard copy paper agreements signed by you;
  • By speaking to us in our offices or over the telephone, for example in making an enquiry;

If you are aged 16 or under, you must get your parent or guardian’s consent to provide your Personal Information to the Website, otherwise you are not allowed to provide any of your Personal Information to us.

The kind of information we hold about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

There are certain types of more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation. Information about criminal convictions also warrants this higher level of protection.

We will collect, store, and use the following categories of personal information about you:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.

Contact Data includes address, email address and telephone numbers.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Use of Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data. You have the right to withdraw consent at any time by contacting us.

Other Disclosure. Except under the following circumstances, we will keep your Personal Data private and will not disclose it to third parties: (i) by operation of law, legal process, litigation and/or requests from public and governmental authorities within or outside your country of residence; (ii) if we determine that for the purposes of national security, law enforcement or other issues of public importance, disclosure is necessary or appropriate; (iii) transfer to a successor organisation in the event of a merger, acquisition or bankruptcy; and (iv) to strategic third party trusted partners that work with us to provide our products and services such as suppliers, marketing, social medial, conducting customer research or satisfaction surveys We may report your Personal Information, including without limitation, the unpaid balance and your personal contact details to consumer credit reporting services, collection agencies, legal advisers and others as may be necessary.

You agree that any data you provide to us will be true, complete and accurate in all respects and you agree to notify us immediately of any changes to it.

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/ActivityType of dataLawful basis for processing including basis of legitimate interest
To process job applications made through the enquiry form on the website(a) Identity
(b) Contact
(c) copies of right to work documentation
(d) references and other information included in a CV or cover letter or as part of the application process
(a) Performance of a contract with you
(b) Necessary for our legitimate interests
To manage our relationship with visitors to the website which may include:
(a) Notifying you about changes to our terms or privacy policy
(b) Addressing queries raised through the enquiry form
(a) Identity
(b) Contact
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To use data analytics to improve our website and visitor experience(a) Technical
(b) Usage
Necessary for our legitimate interests (to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

Security of your Personal Data

We have implemented and maintain reasonable security procedures and practices to protect against unauthorised access, use, modification, destruction or disclosure of your Personal Data.

We store User’s data on secure servers, protected from unauthorised use or disclosure. Personal Data may be transferred within the European Economic Area (EEA). Your Personal Data may also be processed by staff operating outside of the EEA, who work for us, or for one of our suppliers.

Your Personal Information may also be processed by staff operating outside of the EEA, who work for the Company, or for one of its suppliers. By submitting your Personal Information, you agree to this transfer, storing and processing. We will take all reasonable steps necessary to ensure that your Personal Information is treated securely and in accordance with this Privacy Statement. Whenever we transfer your personal data out of the EEA, we will ensure a similar degree of protection is afforded to it.

We use a variety of security technologies and procedures to help protect personal Information from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. Any transmission of data, therefore is at User’s own risk.

Transfer outside the EEA

We may share your personal data within ONK which may involve transferring your data outside the European Economic Area (EEA).

If our external third parties are based outside the EEA their processing of your personal data will involve a transfer of data outside the EEA.

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

Sharing of Personal Data

We may have to engage with other companies and people to facilitate our relationship with you.

By submitting your Personal Data, you agree to the transfer, storing and processing by us and our trusted third-party service providers of your Personal Data. We will take all reasonable steps necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Notice.

We use a variety of security technologies and procedures to help protect Personal Data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. Any transmission of data, therefore is at your own risk.

Retention of Personal Data

We will retain your Personal Data for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by applicable law. We will delete this information if we have no legitimate reason to be in possession of it from our servers upon receipt of an express written request to do so.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Collection and Use of Non-Personal Data

Like most websites, our Website automatically gathers information of the sort that browsers automatically make available, including (i) IP addresses; (ii) domain servers; (iii) types of computers accessing the Website; and (iv) types of Web browsers accessing the Website (collecting “Traffic Data”). Traffic Data is anonymous information that does not on its own, personally identify the User or permit direct association with any specific individual. If we do combine Traffic Data with Personal Data, the combined information will be treated as Personal Data for so long as it remains combined. We may collect, use, transfer and disclose Traffic Data for any purpose. The following are some examples of Traffic Data that we may collect and how we may use it:

  • We may collect information such as occupation, language, area code, referrer URL, location and time zone so that we can better understand customer behaviours and improve our products, services and advertising.
  • We may collect and store details of how you use our Website, including search queries. This information may be used to improve the relevancy of results provided by our services.

Cookies and other Technologies

Our Website and advertisements may use “cookies” and other technologies such as pixel tags. These technologies tell us which parts of our Website are visited and gather demographic information about our user base as a whole. You should read this Privacy Policy in conjunction with our Cookie Policy available at [create link] and our Terms of Use at [create link]. By using our Website, you agree to our use of cookies. We treat information collected by cookies and other technologies as Traffic Data. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered Personal Data, we will treat such identifiers as Personal Data.

External Websites

Clicking on certain links within this Website may take the user to other websites. We do not control and assume no responsibility for the content or practices of websites linked on our Website. This Privacy Notice does not apply to these other websites, which are subject to any privacy and other policies they may have.

Updates and Changes to Privacy Notice

We reserve the right, at any time and without notice, to add, update, change or modify this Privacy Notice, simply by posting such update, change or modification on this page. Any such addition, update, change or modification will be effective immediately upon posting on the Website. Your continued use of the Website and/or continued provision of Personal Data to us, will be subject to the terms of the then current Privacy Notice. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

If we are communicating with you by other means we will endeavour to notify you of changes to the policy. Please look out for notices from us within our correspondence.

Your Privacy Rights & Questions

You have several rights in relation to how we use your Personal Data. You have the right to:

  • Find out if we use your Personal Data, access your Personal Data and receive copies of the information we retain about you;
  • Request that inaccurate information is corrected and incomplete information updated;
  • Object to particular uses of your Personal Data where the legal basis for our use of your data is our legitimate business interests or the performance of a task in the public interest. However, doing so may have an impact on the services and products we may be able to provide;
  • Object to use of your Personal Data for direct marketing purposes. If you object to this use, we will stop using your Personal Data for direct marketing purposes.
  • Have your Personal Data deleted or its use restricted – you have a right to this under certain circumstances. • obtain a transferable copy of certain Personal Data to which can be transferred to another provider, known as “the right to data portability”, where technically feasible.
  • Withdraw consent at any time, where any processing is based on consent. If you withdraw your consent, it will not affect the lawfulness of processing based on your consent before its withdrawal.

If you have any questions or concerns about your rights, when they apply or our Privacy Notice or data processing; wish to review the information you have supplied to us; request that we correct any errors or update your Personal Data; or if you would like to make a complaint about a possible breach of applicable privacy laws, please contact us by email at :

We are obliged to respond within a reasonable time frame. In most instances, we will respond within one calendar month. If we are unable to deal with your request fully within a calendar month (due to the complexity or number of requests), we may extend this period by a further two calendar months. Should this be necessary, we will explain the reasons why.

You have the right to complain to the Data Protection Commission or another supervisory authority. You can contact the Office of the Data Protection Commission at: