Job code: CM-GB-KIM-2400005 DOP: April 2025
This site is intended for healthcare professionals within the United Kingdom
This notice is applicable to Immunocore’s processing of personal data of Healthcare Professionals (“HCP”), where that processing is subject to the UK GDPR, EU GDPR or the new Swiss Federal Act on Data Protection (“FADP”). This means that it applies only to data relating to people, not to healthcare organisations.
(If you are a health care professional who is also a supplier to Immunocore, please see our [supplier privacy notice] too.)
This page was last updated on 4th September 2024.
Outside of the United States of America, which is not in scope of this privacy notice, Immunocore is established in the United Kingdom (“UK”), the European Union (“EU”) and Switzerland.
Its UK entity is Immunocore Limited;
Its EU (for Austria, Belgium, Denmark, Finland, France, Germany, Ireland, Italy, Luxembourg, Netherlands, Portugal, Spain and Sweden (the “IMCR EU Countries”)) entity is Immunocore Ireland Limited;
Its Swiss entity is Immunocore GmbH.
Outside of the countries listed above, in the remainder of the EU, Medison Pharma is independent data controller for HCP data in the following countries:
Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Estonia, Greece, Hungary, Latvia, Lithuania, Malta, Poland, Romania, Slovakia, Slovenia (the “Medison EU Countries”).
The data controllers for Immunocore’s processing of personal data are as follows:
| TYPE OF DATA | DATA CONTROLLER |
| FOR UK HCP DATA | Immunocore Limited, 92 Park Drive, Milton Park, Abingdon, Oxon, OX14 4RY |
| FOR IMCR EU COUNTRIES HCP DATA | Immunocore Ireland Limited, Unit 1, Sky Business Centre, Port Tunnel Business and Technology Park, Dublin D17 FY82, Ireland |
| FOR SWISS HCP DATA | Immunocore GmbH, Suurstoffi 37, CH-6343, Risch-Rotkreuz, Switzerland |
| FOR MEDISON EU COUNTRIES HCP DATA | Medison Pharma AG |
If you have questions or requests regarding this privacy notice, or if you would like to exercise your rights, please contact Immunocore Ltd using the contact information below.
T: +44 1235 438600
E: info@immunocore.com
You can contact Immunocore’s Data Protection Officer using the email address: dataprotection@immunocore.com
We may process the following types of information about healthcare professionals relevant to the services which Immunocore offers and the treatments which Immunocore is developing:
Contact information: name, surname (including prefix or title), email, telephone number, identity that enables us to contact you.
Professional information and experience, i.e. Information about your qualifications, licensing/admission, areas of research and speciality.
If you have contacted us and provided us with personal data, those personal data.
If we interact with you or your staff, we may obtain personal data in the course of those interactions.
Directly from you when you:
Interact with us;
We also combine information about you from various sources, including the information you provide to us and personal information, which is collected during your relationship with us.
You are not required to provide us with any personal data.
References to the basis of processing (e.g. "(Basis: Art. 6(1)(f).)") are a reference to the article of the General Data Protection Regulation (UK or EU, as applicable) under which we undertake the processing in question.
Managing access to and operating the website
If you call us or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, to help us plan our business strategy and improve our products and services.
Managing your registration enabling you to access the website.
Basis: Art. 6(1)(b): we need to use your details to follow up with you. Art. 6(1)(f): Providing you with access to our website and services.
Meeting our legal obligations, including
Verifying your eligibility to access certain products, services and data that may be provided only to licensed healthcare professionals or otherwise conducting background checks to ensure we are not precluded from working with you;
Meeting our transparency obligations;
Record-keeping regulatory monitoring and reporting obligations, including those related to adverse events, product complaints and product safety; and
Complying with anti-corruption and transparency obligations;
Basis: Art. 6(1)(c): compliance with a legal obligation
Running our business, including protecting our rights, privacy, safety or property, and/or that of our affiliates, you or others
Basis: Art. 6(1)(f): for the legitimate interest of running our business.
The Immunocore group is established in the UK, the EU, and the USA. We transfer information, including personal data, between the entities in our group.
We also use services which entail storing personal data outside the UK and EU, particularly in the USA.
For transfers subject to the UK GDPR, we mainly rely on the UK’s international data transfer agreement, or addendum to the EU’s standard contract clauses.
For transfers subject to the EU GDPR, we mainly rely on the EU’s standard contract clauses.
You have the right to request access to, and rectification or erasure of, your personal data, or restriction of processing concerning you, or to object to processing, depending on the circumstances.
If you want to exercise any of these rights, please just contact us.
You also have the right to lodge a complaint about our processing with a supervisory authority — for example, the UK's Information Commissioner's Office, or Ireland’s Data Protection Commissioner.
We share your personal information on a need to know basis, and to the extent necessary to follow laws and regulations, and to manage and run the activities during our relationship with you.
We share your personal information only with teams in our Immunocore companies and affiliates who need to see it to do their jobs.
In some countries, our relationship with you is managed for us by specialised service providers. We will share your personal information with their people and teams who need to see it as part of their job.
We use a range of third party suppliers and service providers to operate our business, including:
IT service providers,
Healthcare services providers.
Event Agencies
Suppliers managing adverse event reports, which may require us to provide personal data to regulators or other authorities
Local or foreign regulators, courts, governments and law enforcement and
Professional advisors, such as auditors, accountants and lawyers.
If you registered and we did not approve your registration, we will delete your data after 90 days.
If you registered and we approved your registration, we will revisit that approval every two years. If, at any point, we do not approve, or remove, your registration, we will delete your data after 90 days from that point.
Job code: CM-GB-KIM-2400005 DOP: April 2025
This site is intended for healthcare professionals within the United Kingdom
Thanks, your contact request has been received.
There was a problem submitting your request, please try again later.