The following information serves to explain the type, scope and purpose of the collection and use of personal data and also informs you about your rights when collecting and processing your personal data. This information is provided in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR).

This privacy information is directed at (i) users of the website https://www.bluesky-itx.com, (ii) applicants for positions, and (iii) business partners/suppliers and customers, including their respective shareholders, bodies and employees.

1. Who is responsible for data processing and whom can you contact if you have any questions ?

Who is responsible for data processing:
Blue Sky Immunotherapies GmbH
FN 459645 z
Mariahilfer Straße 101/1/21
1060 Vienna
(hereinafter “BLUESKY“)

2. What data is processed and where does this data come from?

We process your data in different ways and for different purposes, depending on whether you are (i) a user of the website, (ii) a job applicant or (iii) a business partner/supplier or customer.

If you are a user of the website:
Cookies are used when using the website (even without registration). For further information please refer to point 6.

If you are an applicant for a position at BLUESKY:
If you apply to us, we process the personal data you provide (such as application documents, name, address, contact data, desired position) for the purpose of processing your application.

If you are a business partner/supplier or customer or their shareholders, employees or organs
Within the framework of a contractual or pre-contractual relationship, the personal data provided by you in the course of the initiation of the contractual relationship as well as the personal data provided during the upright contractual relationship will be processed. This includes the following data:

• Name, company or business name
• Address
• Contact details (phone, e-mail, fax)
• Company register data
• Data on creditworthiness incl. dunning and claim data
• Data of the bank account
• Credit card information
• UID number
• Names of contact persons
• Contact details of contact persons (phone, mail, fax, address, etc.)
• Contract texts and business correspondence

3. On what legal basis and for what purposes is the data processing carried out?

If you are a user of the website:
We process your personal data

• To fulfill legal obligations (Article 6 paragraph 1 letter c GDPR) based on the contractual relationship: Personal data is also processed for the purpose of fulfilling various legal obligations, such as our legal obligation under § 96 paragraph 3 Telekommunikationsgesetz (TKG) and for the purpose of providing information to law enforcement agencies and courts in the event of an incident.
• on the basis of legitimate interests, provided that, in the course of a weighing of interests, your right to confidentiality of this data does not outweigh our interest in processing it (Article 6 paragraph 1 letter f GDPR). Our legitimate interests are to ensure the security of the website operation, to improve and analyze our website, to increase user-friendliness. You can object to the processing of personal data for advertising purposes at any time (for more information on cookies, see point 6).

If you are an applicant for a position at BLUESKY:
We process your personal data

• in order to fulfil (pre-)contractual obligations (Article 6 paragraph 1 letter b GDPR), the data is processed as part of the application process with the aim of concluding a contract
  Without this data we cannot process the application.
• on the basis of your express consent (Article 6 paragraph 1 letter a GDPR): We process the data you provide if we wish to keep you on file as an applicant and you have given your express and voluntary consent to do so.

If you are a business partner/supplier or customer or their shareholders, employees or organs:
 We process your personal data

• for the fulfilment of (pre-)contractual obligations (Article 6 paragraph 1 letter b GDPR), in particular for the fulfilment of our (pre-)contractual obligations within the framework of the contractual relationship, such as the performance of (pre-)contractual protection, due diligence and information duties, the provision of services and the settlement of claims arising from the contract, accounting, etc.
  Without this data we cannot fulfill the contract with you.
• to fulfil legal obligations (Article 6 paragraph 1 letter c of the GDPR) on the basis of the contractual relationship: personal data is also processed for the purpose of fulfilling various legal obligations, such as the obligation to keep proper accounts or for the purpose of providing information to law enforcement agencies and courts in the event of an incident.
• to safeguard legitimate interests (Article 6 paragraph 1 letter f GDPR): We process personal data to safeguard our legitimate interests, unless these are outweighed by your interests in confidentiality. These legitimate interests include, for example, the interest in optimizing our offer, the interest in sending you advertising about our products and services, contacting you regarding the initiation or processing of further contractual relationships, and the interest in the availability of the data in the event of a legal dispute. You can object to the processing of personal data for advertising purposes at any time.

4. To whom will your data be passed on?

If you are a user of the website:
A transfer of the data relevant in individual cases is carried out on the basis of the legal provisions or contractual agreement to the following parties:

• Courts/authorities in the event of an incident;
• Legal representatives or attorneys and third parties involved in legal services.

If the above-mentioned recipients of your personal data are located outside the EEA and it has not been determined by a decision of the EU Commission that the country in question has an adequate level of data protection, we will ensure that the transfer takes place on the basis of standard contractual clauses (currently 2010/87/EC and/or 2004/915/EC) or otherwise in accordance with Articles 46, 47 or 49 GDPR.

In addition, processors commissioned by us (e.g. IT service providers‑) receive ‑your data for the purpose of fulfilling the respective service. All processors are contractually obliged to treat your data confidentially and to process it only within the scope of our assignment.

If you are an applicant for a position at BLUESKY:
A transfer of the data relevant in individual cases is carried out on the basis of the legal provisions or contractual agreement to the following parties:

• Courts/authorities in the event of an incident;
• Legal representatives or attorneys and third parties involved in legal services.

If you are a business partner/supplier or customer or their shareholders, employees or organs:
A transfer of the data relevant in individual cases is carried out on the basis of the legal provisions or contractual agreement and – if necessary – for the processing of contracts, among others, to the following parties:

• Banks;
• Legal representative in business cases;
• Chartered accountant;
• dishes;
• administrative authorities;
• Contributing contract and business partners;
• Insurances in case of an event;
• Provider (IT service provider).

If the above-mentioned recipients of your personal data are located outside the EEA and it has not been determined by a decision of the EU Commission that the country in question has an adequate level of data protection, we will ensure that the transfer takes place on the basis of standard contractual clauses (currently 2010/87/EC and/or 2004/915/EC) or otherwise in accordance with Articles 46, 47 or 49 GDPR.

In addition, processors commissioned by us (e.g. accounting, IT service providers‑) receive ‑your data for the purpose of fulfilling the respective service. All processors are contractually obliged to treat your data confidentially and to process it only within the scope of our assignment.

5. How long will your data be processed and stored?

We process your personal data as long as this is necessary. As soon as your data is no longer required, it will be deleted anonymously or automatically.

We store the personal data necessary for the performance of the contract in any case for the duration of the entire business relationship and beyond that in accordance with the statutory storage and documentation obligations (e.g. in accordance with the German Company Code or the German Federal Fiscal Code). In addition, we take into account the statutory limitation periods, which can be up to 30 years in certain cases, for example according to the “Austrian Civil Code” (Allgemeines bürgerliches Gesetzbuch, ABGB).

In the case of persons who apply for a position at BLUESKY without success, the period for asserting claims for violation of the equal treatment requirement under the “Equal Treatment Act” (Gleichbehandlungsgesetz, GlBG) and the period for asserting claims under the “Disabled Persons Employment Act” (Behinderteneinstellungsgesetz, BeinstG) will be taken into account. Unless the data is to be stored for a longer period of time due to the applicant’s continued consent, it will be deleted seven months after the application process has been completed.

6. Data processing in connection with the use of the website

Our website uses cookies if you have given your consent to do so. These are small text files which are temporarily stored on your end device with the help of the browser and which your browser saves. They do not cause any damage, but make the use of the website more user-friendly. Some cookies remain stored on your end device until you delete them. They enable us to recognize your browser on your next visit. If you do not wish this, you can set up your browser to inform you about the setting of cookies and to allow this only in individual cases. If you deactivate cookies, the functionality of our website may be limited.

In the course of your use of our website, we collect the following data (log files) automatically using cookies:

• IP address and IP location
• Number, duration and time of calls (your interaction with the website)
• Browser type, device type, screen resolution, Internet Service Provider and operating system

7. What rights are you entitled to?

Right of access to information
If we process personal data about you, you have the right to be informed about the purposes of the processing, the categories of personal data processed, the recipients of such personal data, the storage period, the rights you are entitled to, the origin of the personal data and the existence of automated decision making.

Correction and deletion
You have the right to request the correction of incorrect or incomplete personal data concerning you. You have the right to request the deletion of personal data concerning you, unless the processing of the data is lawful and there are no legal obligations on our part against the deletion.

Restriction of processing
In certain cases, you have the right to request that the processing of your data be restricted.

Data transferability
You are entitled to request that the data you have provided us with be transferred in a structured, common and machine-readable format. You have the right to have the personal data transferred directly by us to a responsible person, as far as this is technically feasible.

Objection
For reasons arising from your particular situation, you are entitled at any time to object to the processing of personal data concerning you. If you object, we will not further process personal data concerning you unless we can prove that our reasons for processing outweigh your interests.

Complaint
If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can complain to the supervisory authority. In Austria this is the data protection authority (www.dsb.gv.at).

Contact
To exercise your rights in relation to your personal data processed by us, please contact

Blue Sky Immunotherapies GmbH
FN 459645 z
Mariahilfer Straße 101/1/21
1060 Vienna
office@bluesky-itx.com

Definitions
Definitions of the terms used (e.g. “personal data” or “processing”) can be found in Article 4 GDPR.