Privacy Policy

Neumirna Therapeutics ApS

This Privacy Policy explains how Neumirna Therapeutics ApS, A.C.Meyers Vænge 15, 2450 Copenhagen SV, Denmark (“we”, “us”, “our”) processes personal data about you if you visit our website, communicate with us, enter into agreements with us, or engage with us in relation to recruitment. This Privacy Policy also applies to information collected from you when you visit our facilities.

1. Why we process personal data and what we collect
We process personal data for different purposes depending on who you are and how the personal data is collected. We process personal data for the following purposes:

  1. In order to provide information about our products and services, including sending newsletters, we use email addresses. The use of your email address is based on your consent, cf. Article 6(1)(a) of the GDPR.
  2.  Our marketing in newsletters, including social media, is adapted to our knowledge of you through use of cookies, consents given, information from social media and customer databases, where our legitimate interest in profiling you overrides your interests and fundamental rights, cf. Article 6 (1) (f) of the GDPR. We do not use automated decisions that have a legal effect or similarly significantly affect you.
  3. To answer inquiries from you, we process your name, phone number, email address, title and any other personal information included in your inquiry, based on our legitimate interests where the need to process your personal data overrides your interests and fundamental rights, cf. Article 6(1)(f) of the GDPR.
  4. If we enter into an agreement with you (e.g., for sales or purchases), we process your business contact details and information regarding the agreement in order to perform the agreement between the parties, cf. Article 6(1)(b) of the GDPR.
  5. If you visit our facilities, we process your business contact details to identify you and to inform you about applicable visitor rules, where our legitimate interest incorrectly identifying you and providing visitor instructions overrides your interests, cf. Article 6(1)(f) of the GDPR.
  6. For recruiting purposes, we collect and store your CV, application, certificates and references, where the necessity in processing the personal data overrides your interest in the personal data not being processed, cf. Article 6 (1) (f)of the GDPR. Where the personal data contains special categories of personal data, we will process the personal data in connection with establishing potential legal claims, cf. Article 9 (2) (f) of the GDPR.
  7. For board members (including prospective and alternate members), we process identification and contact details, appointment and role information, meeting invitations and materials, declarations of interests and independence, evaluations, travel and expense information, and documentation for D&O insurance. Processing is necessary to comply with corporate law and other legal obligations, cf. Article 6(1)(c) of the GDPR, to perform any engagement or retainer agreement, cf. Article 6(1)(b), and for our legitimate interests in effective corporate governance and record-keeping, cf. Article 6(1)(f). Where processing relates to establishing, exercising or defending legal claims (e.g., disputes or investigations), we may process special category data only to the extent necessary, cf. Article 9(2)(f) of the GDPR.
  8. For investors and beneficial owners, we process identification and contact details, ownership/cap table information, communications regarding general meetings, capital changes, capital calls, and records needed for maintaining the shareholder register. We also conduct KYC/AML and sanctions/PEP screening as required. Processing is necessary for compliance with company, securities and anti-money laundering legislation, cf. Article 6(1)(c) of the GDPR, for performance of investment/transaction agreements, cf. Article 6(1)(b), and for our legitimate interests in maintaining investor relations and corporate records, cf. Article 6(1)(f). If national law requires checks involving criminal-offence data, such processing is carried out only as permitted under Article 10 of the GDPR and applicable law. We do not intentionally collect special category data for these purposes.
  9. If required under applicable securities rules, we process identification and contact details, role or function, project assignments and timestamps to maintain insider or project lists, manage closed periods, and respond to requests from competent authorities. Processing is necessary to comply with legal obligations, cf. Article 6(1)(c) of the GDPR, and for our legitimate interests in ensuring market-conduct compliance, cf. Article 6(1)(f).
  10. We process shareholder identification and holdings, proxies, voting instructions, attendance and minutes to plan and conduct general meetings (including virtual/hybrid formats) and document resolutions. Processing is necessary to comply with legal obligations under company law, cf. Article 6(1)(c), and for our legitimate interests in efficient meeting administration and dispute prevention, cf. Article 6(1)(f).
  11. We send statutory and transactional communications (e.g., notices of meetings, shareholder circulars and updates on capital measures) where required by law, cf. Article 6(1)(c), or under our legitimate interests in investor relations, cf. Article 6(1)(f). Where communications constitute direct marketing unrelated to statutory obligations, we rely on your prior consent where required, cf. Article 6(1)(a), or our legitimate interests where permitted, cf. Article6(1)(f), subject to your right to object.
  12. We process bank details, payment identifiers, tax numbers, and documentation necessary to administer board remuneration, expense reimbursements, dividends and similar distributions, and to meet accounting and tax obligations. Processing is necessary to comply with legal obligations, cf. Article 6(1)(c), and to perform relevant agreements, cf. Article 6(1)(b).
  13.  We may process relevant personal data about board members and investors to handle audits, inquiries from regulators, litigation and pre-litigation matters.Processing is based on our legitimate interests in ensuring compliance and defending legal rights, cf. Article 6(1)(f). Where strictly necessary for legal claims, special categories of personal data may be processed under Article9(2)(f) of the GDPR.
  14. We have implemented security solutions on our website, in our contractual processes and at our premises. On our website we process your business contact details, cookies chosen and user behaviour. In our contractual processes we use your business contact details and other documentation as legally required. At our premises images of you are captured by video surveillance in marked areas.  The processing of your personal data in the security solutions is for the purpose of ensuring anti-corruption, anti-fraud, anti-bribery, technical and physical security which overrides your interest in the information not being processed, cf. Article 6 (1) (f) of the GDPR.

2. Sharing of personal data with third parties

We do not share personal data with third parties unless you have consented to this, sharing is necessary to perform a contract with you, we have a legal obligation, or sharing is necessary for our legitimate interests that are not overridden by your interests or fundamental rights.

Where we use third-party service providers to collect, store or otherwise process personal data on our behalf we do so under data processing agreements. We may also disclose personal data to independent controllers such as auditors, banks, insurers, lawyers, corporate finance advisers and, where relevant, market operators and competent authorities including courts etc.

We do not transfer personal data to countries outside the EU or EEA unless appropriate safeguards are in place. These include adequacy decisions, Standard Contractual Clauses supported by transfer impact assessments and, where needed, supplementary measures. We avoid relying on derogations except where strictly necessary and incidental, for example in connection with legal claims or where you have given explicit consent. You may request a copy or a summary of the relevant transfer safeguards. Commercially sensitive terms maybe redacted.

3. Storing of personal data

We will keep your personal data for as long as needed to fulfil the purposes of processing described above. We apply documented retention schedules and delete or irreversibly anonymise data when the relevant period expires, unless we are required under applicable law to retain your personal data for a longer period or it is necessary for us to retain the information for handling and defending a claim or dispute.

4. Your rights

In connection with our processing of your personal data, you have the following right to ask us:

  1. for information about or access to your personal data. There are some exemptions, which means you may not always receive all of the information we process;
  2. to ask us to stop using your personal data by objecting. However, this only applies in certain circumstances, and we may not need to stop processing if we can demonstrate legitimate grounds to continue;
  3. to request the erasure of your personal data in certain circumstances;
  4. for a copy of your personal data in a structured, commonly used and machine-readable format. If technically feasible, you may request that the personal data is transmitted directly to another company or person acting as a data controller;
  5. to rectify the personal data you think is inaccurate. You also have the right to ask us to complete the personal data you think is incomplete;
  6. to restrict the processing of your personal data in certain circumstances; and
  7. to withdraw your consent. However, this will not affect our right to process personal data obtained prior to your withdrawal, or our right to continue parts of the processing based on legal bases other than your consent.

To exercise your rights, please contact us at info@neumirna.com. We will respond to your inquiry as soon as possible, and at the latest within 30 days.

If you wish to exercise your rights, we will require that you confirm your identity by providing additional information. We do this to ensure that third parties are not given access to personal data.

5. Complaints

If you believe that our collection, storage or use of personal data does not comply with this Privacy Policy or with applicable data protection law, you may contact us or complain to your local data protection authority.

6. Changes to our Privacy Policy

Neumirna Therapeutics ApS may change this Privacy Policy from time to time. Any such changes will be posted here and, where appropriate, notified to you in writing. We advise you to check back frequently to see any updates or changes.