Privacy & cookies

  1. Home
Privacy & cookies

AUTOLUS PRIVACY NOTICE 
LAST UPDATED: February 2025

This Privacy Notice (“Notice”) details what personal information Autolus Therapeutics PLC and its global operating subsidiaries and affiliates (collectively, “Autolus”, “we”, “us” or “our”) collects through its website at www.autolus.com and any other website on which the Notice is posted (collectively, the “Sites”) and through any products or services provided through the Sites (“Services”), the purpose for collecting that  personal information, and the persons or entities to whom we disclose that  personal information. It also describes our use of cookies and other tracking technologies on the Sites. 

This Notice does not apply to personal information collected from patients that receive our treatments but does apply to personal information collected from health care providers that use our Sites and Services (“HCPs”).  We provide separate notices to patients relating to their personal information in connection with their treatment. 

We are committed to safeguarding your personal information in line with all applicable laws including the General Data Protection Regulation (GDPR) and the UK Data Protection Act 1998 and its implementation of GDPR (“UK GDPR”), and applicable laws in the jurisdiction in which we operate. The data controller of your personal information is: 

  • Autolus Inc., a company incorporated under the State of Delaware, registered number 6588448, with address 15810 Gaither Drive, Suite 230, Gaithersburg, MD 20877-1440, USA.
  • Autolus Limited, a company incorporated and registered in England with company number 09115837 with address The Mediaworks, 191 Wood Lane, London, W12 7FP.  

For any queries, please contact our designated data representative at [email protected] which includes the United Kingdom and European Union.

What personal information do we collect?

Autolus collects personal information from HCPs or other persons that complete forms or contact us through the Sites or Services, including first name, last name, email address, professional license number, affiliated institution, and institution postal code.

We may also offer individuals the opportunity to apply for jobs with Autolus through our Sites. In such cases, we will collect your name, address, email address, job history, employment history, educational background and other information pertaining to the position for which you are applying.  

Autolus also uses forms in connection with email alerts within the Investor Relations site (https://www.autolus.com/investor-relations-media/). GlobeNewswire collects this data; users should refer to GlobeNewswire privacy statement where relevant. The email alert form will only ask for your email address, in order for you to receive news and other financial information by email. By voluntarily submitting an email address to contact us, we will collect the information you choose to provide within your email (email address, name and any other information you deem relevant) which will be used to send you the information you have requested. None of the information sent via the above methods will be retained in databases on the Autolus site. Autolus will not share your information with any third parties beyond Euroland or use it to send you unsolicited communications from us, except as noted in the section entitled “Disclosure of Your Personal Information” below.

We may also automatically collect certain data when you visit and use our Sites or our Services (“Usage Data”).  The Usage Data  may include information such as your computer's Internet Protocol address (e.g. IP address, a unique numerical address assigned to a computer as it logs on to the internet), browser type, browser version, operating system, the web page that you were visiting before accessing our Sites, the pages of our Sites that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, the links on our Sites that you clicked on, and other diagnostic data. When you access Sites or Services with a mobile device, this Usage Data may also include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data. More information on our use of cookies and similar technologies can be found in our Cookie Notice.

For what purposes do we use personal information

Autolus uses the collected personal information for various purposes:

(a)   to provide and maintain our Sites and Services, and to work with HCPs in providing treatments to patients;

(b)   to notify you about changes to our Sites and Services;

(c)   to provide customer support;  

(e)   to gather analysis or valuable information so that we can improve our Sites and Services;

(f)    to monitor the usage of our Sites and Services;

(g)   to detect, prevent and address technical, security and fraud issues;

(h)   to fulfill any other purpose for which you provide it;

(i)    to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;

(j)   to provide you with news, special offers and general information or marketing or promotional materials about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information; 

(k) to process job applications and for employment purposes; 

(l) to respond to claims and legal process (including subpoenas);

(m) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and

(n) to stop any activity that we consider illegal, unethical or legally actionable activity.

Our legal bases for processing your personal information

To the extent required by applicable law (such as the GDPR), we rely on the following legal bases to process your personal information in our capacity as data controller:

(1) To enter into and perform contracts, such as to provide Services;

(2) To comply with legal obligations, such as to provide information to government or regulatory authorities; 

(3) To protect the vital interests of data subjects; 

(4) For our legitimate interest, such as to develop and improve our Sites and Services and for marketing purposes; and

(5) Your consent.

Disclosures of your personal information

We may disclose personal information that we collect, or you provide as follows: 

(a)   Disclosure for Law Enforcement.
Under certain circumstances, we may be required to disclose your personal information if required to do so by law or in response to valid requests by public authorities.

(b)   Business Transactions.
If we or our subsidiaries are involved in a merger, acquisition or asset sale, or a bankruptcy, your personal information may be transferred to other parties in connection with such transactions. 

(c)  Other cases. We may disclose your information also:

(i)    to our subsidiaries and affiliates;

(ii)   to advertising and social media platforms for purposes of targeted advertising; and

(iii)  to contractors, service providers, and other third parties we use to support our business.

Making requests and rights regarding your personal information

If you have submitted information to Autolus, you may get in touch at any time to ask for a copy of the information we hold about you and to have any mistakes corrected or apply any updates.   Please see the Contact Us section below for how to do so.

If your personal information is subject to the protections of GDPR or the UK GDPR, you have the following data protection rights if we are acting as a data controller of your personal information:

(a)   the right to access, update or to delete the personal information we have on you;

(b)   the right to have your  personal information rectified if that personal information  is inaccurate or incomplete;

(c)  the right to object to our processing of your personal information in certain circumstances;

(d)   the right to request that we restrict the processing of your personal information in certain circumstances;

(e)   the right to be provided with a copy of your personal information in a structured, machine-readable and commonly used format; and

(f)   where the processing of your personal information is based on consent, the right to withdraw consent. You can withdraw consent by emailing us at [email protected].  

You can make a request and exercise your rights by emailing us at [email protected]. Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not be able to provide certain aspects of the Sites or Services without some necessary data. 

If you are an EU or EEA resident, you have the right to complain to a data protection authority in your Member state about our collection and use of your personal information. For more information, please contact your local data protection authority in the European Economic Area (EEA).  If you are a UK resident, you have the right to complain to the Information Commissioner’s Office.  See https://ico.org.uk/make-a-complaint/ for more information.

Protecting your personal information

We use security measures and systems designed to keep your personal information secure, accurate and up to date. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Retention of your personal information 

We retain your personal information in accordance with our data retention policy for so long as is necessary for the purposes for which it is used or as is required by law or regulatory compliance.

Transfers of your personal information

Your personal information may be transferred to – and maintained on – computers or servers or other devices located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we may transfer your personal information to the United States and process it there.

It is important to note that the privacy laws in the United States may not be as comprehensive as those in other countries such as the European Union or the United Kingdom. Therefore, when we transfer your personal information from the European Union or United Kingdom to a third country, including but not limited to the United States, we have appropriate safeguards in place (e.g. standard contractual clauses, whether or not combined with the UK Addendum) to guarantee adequate protection of your data when your personal information is transferred to a country that is not recognized by the European Commission or the ICO as being an adequate jurisdiction. 

Third party website links

We may direct you to third party websites from content within our Site. Linked Sites will have their own privacy notices, policies and use of cookies which we suggest you review in order to understand their procedures for collecting, using and disclosing personal information. Please note, Autolus cannot be held responsible for the content of linked websites, any use of these sites, or the privacy practices of these websites.

Children

The Sites and the Services provided through the Websites are not intended for children under the age of 16. Autolus does not knowingly collect personal information from or about any person under the age of 16. If you are under 16 years old and wish to contact us, please get your parent or guardian to do so on your behalf.

Cookies

A cookie is a small text file that is stored on your computer or mobile device when you visit a website. Autolus uses these to make a user’s experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of the Site. For all other types of cookies, we need your permission.

We may also collect information via standard server logs or clear GIFs (also known as “Web beacons”). Web beacons and pixel tags are images embedded in a webpage or email for the purpose of measuring and analyzing usage and activity. We, or third-party service providers acting on our behalf, may use web beacons and pixel tags to help us analyze usage and improve our functionality and serve targeted advertising. Social media tools, like widgets and plug-ins, may be offered so you can share information on other sites such as Facebook. These interactive mini-programs collect your IP address, record the pages you visit on our Sites, and set cookies that will enable the widget to function properly. Your interactions with these widgets are governed by the privacy policy of the company providing them, not by this Notice. If we link or associate any information gathered through passive means with personal information, we treat the combined information as personal information under this Notice. Otherwise, we use information collected by passive means in non-personally identifiable form only.

Depending on your choices, your consent to the use of cookies applies to the Sites and may include consent to allow third parties providers of the cookies and web beacons to track your interactions with the Sites and collect Usage Data and other personal information use that information for advertising, analytics and other business purposes. 

When you first access the Sites, you are asked to consent to the use of cookies including performance and marketing cookies and web beacons. You can view and  change your Cookie Settings at any time here

Read Google’s Analytics and Clarity privacy policies for more information.

Do Not Track (DNT) browser setting

DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third party advertising networks, social networks and analytics companies. This website does not currently respond to DNT requests, however, you may opt-out of tracking on this website, including analytics, by following the instructions to opt-out of cookies above. A uniform standard has not yet been adopted to determine how DNT requests should be interpreted and what actions should be taken by websites and third parties. We will continue to review DNT and other new technologies and may adopt a DNT standard in the future.

Contacting us

If you have any questions specifically about this Notice or our privacy practices, please contact us.

Changes to this privacy notice

We reserve the right to amend this Notice at any time and will post any revisions on the Sites.  We recommend you to regularly visit our Sites to take knowledge of any updates to our Privacy Notice.