Find out more about who we are, what we do and the people behind Epitopea.
Find out what makes us unique and the work we do with our revolutionary CryptoMapTM platform.
All the latest company news, press releases and updates from Epitopea.
Contact

Privacy & Cookie Policy

Revealing the true targets for next generation immunotherapies.
Learn More

Website Privacy Notice

1. INTRODUCTION

    Epitopea is committed to respecting your privacy and protecting your personal information.  This Privacy Notice informs you of how we process and look after any personal data that we collect, or you provide to us, including when you visit or provide contact details through our website: www.Epitopea.com.

    This privacy notice also informs you of what we will use your personal data for and with whom we may share it.  Please read the following carefully to understand our practices regarding your personal data and how we will treat it. In this Privacy Notice, references to "you" and "your" are references to the individual the personal data relates to.

    By providing us with your data you warrant that you are over 16 years of age. Please note that this website is not intended for children, and we do not knowingly collect personal information relating to children. If we become aware that we have unknowingly collected personally identifiable information from a child under the age of 16, we will make reasonable efforts to delete such information from our records.

    2. WHO MAKES DESICIONS IN RELATION TO THE PERSONAL INFORMATION YOU PROVIDE?

    Epitopea Inc and Epitopea Ltd (collectively Epitopea also referred to as “we” “our” “us”) is the data controller and we are responsible for making decisions relating to your personal data.

    We use third-party service providers to operate and provide our website.  However, Epitopea is the data controller for the purpose of Data Protection Legislation.

    Our registered office is at: Epitopea Limited, Salisbury House, Station Road,
    Cambridge,Cambridgeshire, United Kingdom, CB1 2LA.

    We have a designated member of our Senior Leadership team, who is responsible for overseeing any questions, concerns or complaints relating to this privacy Notice or the processing of your personal information. Please reach out by e-mail at dataprivacy@epitopea.com.

    3. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?

    Personal Data means any information capable of identifying an individual. It does not include anonymised data.

    We may collect, use store and transfer information about you including, but not limited to:

    • General information that you provide to us, such as name, postal address, address and/or phone number.

    Communication data

    • Information provided voluntarily by you, for example when you register for information by filing in forms on our website (e.g. the contact us section) or by corresponding with us by phone, e-mail, text, social media messaging, social media posting or otherwise.

    Technical data

    • We also collect aggregated data such as statistical or demographic data to monitor and obtain information about your use of our website including details of your visits such as pages viewed and the resources that you access. Such information includes digital information generated from your use of our websites and mobile applications, such as IP address, geo-localization, device ID and data transmitted via cookies. Like most websites, we use "cookies" to help us make our website – and the way you use it – better.  We may also use analytics providers such as Google Analytics to provide this aggregated data and information. See section 18 (below) for more information on cookies.

    Marketing data

    • Marketing and communications data based on your preferences in receiving information from us.

    Recruitment & employment

    • As part of our recruitment process or when you are applying for a job vacancy with us, you may provide personal information in a CV or other format. Such information may include but is not be limited to your contact information, such as your home address and contact details (including your mobile telephone number), your date of birth, your academic background, educational and professional qualifications, your right to work, visa status, employment history and status; and any other information about you that you disclose to us during the application process.
    • Information about the way in which that personal data will be used and processed by Epitopea will be communicated to you in a separate privacy policy.

    4. FOR WHAT PURPOSE DO WE COLLECT YOUR PERSONAL DATA?

    We will only use your personal data for the purposes for which it was initially collected.  We may process your personal information for purposes including, but not limited to:

    • Responding to enquiries, and inviting individuals to our events;
    • Engaging with healthcare professional and key opinion leaders;
    • Conducting surveys and interviews with healthcare professional to help us improve our products;
    • Providing information about our products and services;
    • To inform you of any changes to our website, product or services;
    • Complying with legal and regulatory obligations;
    • Improving the content, functionality and usability of our websites;
    • Personalising the content of our websites according to the user’s interests;
    • Managing and administrating our business;
    • To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • Recruitment & employment

    Automated decision making

    • We do carry out automated decision making or any type of automated profiling.

    5. ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR PERSONAL DATA?

    Data Protection Legislation permits Epitopea to process your personal data in the way that we do because the processing is:

    • necessary to perform our contractual obligations with our customers, including to provide you with products or information you have requested;
    • Consented to by you (in which cases, such consent can be withdrawn at any time);
    • necessary to comply with legal and regulatory obligations that we are subject to and may be necessary to establish, exercise or defend our legal rights or for the purpose of legal proceedings;
    • necessary to protect the vital interests of an individual;
    • necessary for the purposes of the Recognised Legitimate interests (RLIs) that we pursue, such as direct marketing to keep our clients and suppliers informed about our business services, intra-group data sharing for internal administration to ensure we manage and administer the operation of our business effectively and efficiently and comply with internal policies and procedures; ensuring network and information security by obtaining further knowledge of current threats to network security; crime prevention such as preventing fraud; safeguarding vulnerable individuals; and emergency response;
    • necessary for the purposes of the legitimate interests that we pursue, such as to discharge our legal obligations; to store and disclose information where necessary; monitoring the use of our copyrighted materials; evaluating, developing and improving our products and services; to respond appropriately to queries received about our business and products; to protect our business interests; and to ensure complaints are investigated; or
    • for purposes that are not incompatible with the purposes we have described to you above, including archiving purposes, in the public interest, scientific research or statistical purposes, if permitted by Data Protection Legislation.

    We endeavour to make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. However, please note that no balancing test is required for RLIs, although PECR requirements may still apply. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

    5.1 SPECIAL CATEGORY DATA (SENSITIVE INFORMATION)

    To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will generally rely on your specific consent in order to process such data. However, it may be necessary for us to use certain personal data in order to comply with our legal obligations.

    6. MARKETING COMMUNICATIONS

    Our lawful ground of processing your personal data to send you marketing communications is either your consent, Recognized Legitimate Interests (RLIs) or our Legitimate Interests, namely, to grow our business. 

    Under the UK Privacy and Electronic Communications Regulations (PECR), we may send you marketing communications if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and, in each case, you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing emails from us at any time.

    Before we share your personal data with any third party for their own marketing purposes, we will get your express consent.

    You can ask us or third parties to stop sending you marketing messages at any time by:

    7. IS YOUR PERSONAL DATA PROVIDED TO ANYONE ELSE?

    We may share your personal information within the Epitopea group of companies, namely Epitopea Inc and Epitopea Ltd, for the purposes described above.

    We may also share your personal information outside of the Epitopea group for the following purposes:

    • with our business partners. For example, this could include our partners from whom you or your company or your organisation purchased the Epitopea product(s). Personal information will only be transferred to a business partner who is contractually obliged to comply with appropriate data protection obligations and the relevant privacy and confidentiality legislation;
    • with third party agents and contractors for the purposes of providing services to us (for example, Epitopea’s accountants, professional advisors, IT and communication and marketing providers and debt collectors). These third parties will be subject to appropriate data protection obligations, and they will only use your personal information as described in this Privacy Policy;
    • to the extent required by law, for example if we are under a duty to disclose your personal information in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators), or to establish, exercise or defend its legal rights;
    • if we sell our business or assets, in which case we may need to disclose your personal information to the prospective buyer for due diligence purposes; and
    • if we are acquired by a third party, in which case the personal information held by us about you will be disclosed to the third-party buyer. Those third-party buyers may then use your personal data for the same reasons as set out in this Privacy Notice and in accordance with Data Protection Legislation.

    8. WHERE DO YOU STORE MY PERSONAL DATA?

    We may store your personal data at any of our group of companies, namely Epitopea Inc or Epitopea Ltd. All personal data is stored securely. We may share, transfer, or store your personal data within said Epitopea group of companies. We may also transfer your personal data to third party subcontractors or website service providers to store on our behalf.

    The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") that is not deemed to provide adequate protection of your information by the European Commission. It may also be processed by staff operating outside the EEA who work for us or for one of our subcontractors or suppliers. 

    All of the Epitopea companies are subject to the same privacy rules when processing your personal data.

    Where we transfer your personal information to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements and ensure appropriate safeguards are in place.

    9. HOW DO WE SAFEGUARD YOUR INFORMATION?

    We have extensive controls in place to maintain the security of our information and information systems. Client files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. We ensure that there are appropriate technical, physical, electronic, and administrative safeguards in place to protect your information from unauthorized access.

    Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data you transmit to our website; any transmission is at your own risk.

    Physical access to areas where personal information is gathered, processed or stored is limited to authorised employees.  As a condition of employment, Epitopea employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive personal information is limited to those employees who need it to perform their roles. Unauthorised use or disclosure of confidential client information by an Epitopea employee is prohibited and may result in disciplinary measures.

    We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy and applicable Data Protection Legislation.

    In relation to data being transferred outside of Europe, for example, this may be done in one of the following ways:

    • the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Data;
    • the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal information;
    • use of specific contracts approved by the ICO (such as the International Data Transfer Agreement or the UK addendum to the EU standard contractual Clauses), which give personal data the same protection as it has in the UK;
    • use of US-based providers that are part of the UK-US data bridge (the UK extension of the EU-US Data Privacy Framework), who are obliged to have equivalent safeguards in place;

    Where none of the above safeguards are available, we may request your explicit consent to the specific transfer, which you have the right to withdraw at any time.

    You have the right to obtain more details of the protection given to your personal information when it is transferred outside Europe (including a copy of the standard data protection clauses) by contacting us as described in section 17 below.

    10. HOW LONG WE KEEP YOUR PERSONAL DATA?

      We will only hold your personal data for as long as reasonably necessary to fulfil the purposes for which it was originally collected.  How long we will hold your personal information for will vary and will be determined by the following criteria:

      • The type of personal data;
      • the purpose for which we are using it – Epitopea will need to keep the data for as long as is necessary for that purpose; and
      • legal obligations – laws or regulation may set a minimum period for which we have to keep your personal information.

      11. CAN I FIND OUT WHAT INFORMATION YOU HOLD ON ME?

        You have the right to access your personal information that we hold about you.

        You will not have to pay a fee to access your personal information held by us. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

        12. ACCURACY OF YOUR PERSONAL DATA

          It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.

          13. YOUR LEGAL RIGHTS

            In all the above cases in which we collect, use or store your personal information, you may have the following rights, which include:

            • the right to obtain information regarding the processing of your personal information and access to the personal information which we hold about you;
            • the right to withdraw your consent to the processing of your personal information at any time (to the extent such processing is based on previously obtained consent). Please note, however, that we may still be entitled to process your personal information if we have another legitimate reason for doing so. For example, we may need to retain personal information to comply with a legal obligation;
            • in some circumstances, the right to receive some personal information in a structured (right to Data Portability), commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal information which (i) you have provided directly to Epitopea and (ii) Epitopea processed it by computer (automated processing) and (iii) Epitopea was processing it under consent or to perform a contract. This does not apply to anonymised data;
            • the right to request that we rectify your personal information if it is inaccurate or incomplete;
            • the right to request that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information, but we are legally entitled to retain it;
            • the right to object to processing of your personal data in certain circumstances;
            • the right to request that we restrict our processing of your personal information in certain circumstances. Again, there may be circumstances where you ask us to restrict our processing of your personal information, but we are legally entitled to refuse that request;
            • the right to request transfer of your personal data;
            • the right to make a request a copy of any personal information that we hold about you along with other supplementary information. This can also be done on behalf of others where you have appropriate authority to do so; and
            • the right to lodge a complaint with us directly, and to the relevant data protection regulator if you are unsatisfied with the response you receive from us.

            In most cases, you will not have to pay a fee to access your personal information held by us. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. We may also be permitted to refuse to comply with your request in these circumstances.

            We may need to request specific information from you to help us confirm your identity and ensure your legal right to access or exercise any other rights in relation to personal data. This is to ensure that we do not give your personal data to the wrong person.

            You can exercise your rights by contacting us according to paragraph 17 below.

            14. HOW DO I COMPLAIN?

              If you have any questions or concerns about this Privacy Notice or would like to complain about our handling of your personal data, we ask that you contact us first so that we can try to resolve it for you. You can submit a data protection complaint to us by:

              • Writing to us at Salisbury House, Station Road, Cambridge, Cambridgeshire, United Kingdom, CB1 2LA; or
              • Emailing us at  dataprivacy@epitopea.com

              15. HOW QUICKLY WILL YOU RESPOND TO A COMPLAINT?

                We will acknowledge your complaint within 30 days of receiving it. We will investigate your complaint without undue delay, keep you informed of our progress, and communicate the outcome to you clearly with sufficient detail for you to understand how we reached our conclusion.

                16. WHAT IF I AM NOT SATISIFIED WITH THE OUTCOME?

                  We are usually able to resolve privacy questions or concerns promptly and effectively. However, if you are in the UK and are not satisfied with the response you receive from us, you have the right to escalate your complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

                  If you are not based in the UK and are not satisfied with the response you receive from us, you have the right to escalate your complaint to the applicable privacy regulator of the country in which you are based.

                  Upon request, Epitopea will provide you with the contact information for that regulator.

                  17. DOES THIS NOTICE ALSO APPLY TO OTHER WEBSITES?

                    Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. This Privacy Notice only applies to this website and to our use of your personal data.

                    We do not control these third-party websites and are not responsible for the content of third-party websites, how these websites handle your personal data, or their privacy statements. Your use of these websites is at your own risk. When you leave our website, we encourage you to read the Privacy Notice of every website you visit.

                    18. COOKIES

                      Like most websites, we use "cookies" to help us make our website – and the way you use it – better.

                      You can set up your browser to refuse all or some browser cookies, or to alert you when websites access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

                      For more information about the cookies we use, please see our cookie policy.

                      19. UPDATES TO THIS PRIVACY NOTICE

                        We may change this Privacy Notice at any time. Any changes will become effective when we post the revised Privacy Notice on this website. We recommend that you regularly review the Privacy Notice when you visit our website.

                         This Privacy Notice was last updated in June 2026.

                        Cookie Policy

                        1. What is a cookie?

                        Cookies are small text files of letters and numbers that a website may place or store on your computer or mobile device when you visit a site or page.

                        When navigating on this website, cookies may be placed on your computer or mobile device.

                        You have the right reconsider your decision at any time.

                        2. Types of cookies

                        Session cookies: These cookies only last as long as your online session and disappear from your computer or device when you close your browser (like Internet Explorer or Safari).

                        Persistent cookies: These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie.

                        3. Your agreement to the use of cookies

                        The use of cookies is subject to your agreement. You accept the use of cookies by pursuing your navigation after your first entrance on the website, but you can change your settings at any time.

                        4. How can I control or delete cookies?

                        In relation to our website, most browsers are initially set up to automatically accept cookies that are placed on your computer or mobile device when you use websites. You can change the settings on your browser to block cookies or to alert you when cookies are being set on your computer or mobile device. You can also delete cookies stored on your computer or mobile device through your browser.

                        Please refer to your browser instructions or Help screen to learn more about how to adjust or modify your browser settings.

                        Please note that parts of our websites may not function correctly if you disable the cookies.

                        5. How to Contact Us

                        If you have any questions, comments, or concerns about this Cookie Policy please use the contact information included in our Privacy Policy.

                        6. Changes to This Cookie Policy

                        If this Cookie Policy changes, the revised policy will be posted on this site.

                        Revealing Novel Targets For Next Generation Immunotherapies
                        © 2022 – 2026 Epitopea Ltd | All Rights Reserved
                        Created by FDM Digital