Legal Notice, Terms of Use, and Online Privacy Policy

Legal Notice, Terms of Use, and Online Privacy Policy (collectively "Privacy Policy")

‍

Effective:  February 13, 2026

‍

The materials on Atanis’s website (the “Site”) are provided by Atanis Biotech AG (“Atanis” or “we”) as a service to its customers and the general public and shall be used for informational purposes only. This Privacy Policy applies when you use any website, mobile application, or other online service that links to or refers to this Privacy Policy or otherwise interact with Atanis (collectively, the “Services”).

‍

By accessing and/or downloading materials from the Site, you agree to the terms of this Privacy Policy. If you do not agree to these terms, you are not authorized to use the Site or Services or to download any materials from the Site. You may withdraw your consent at any time, unless such withdrawal would frustrate our ability to comply with a legal obligation.

‍

Information We Collect

‍

Information You Provide to Us. In order to take advantage of certain Services or features offered or provided on the Site, you may be asked to provide personal information. For example, we may collect identifiers, such as your name, email address, employment information, and education-related information. We collect these categories of information when you provide it to us via the Site or directly to an Atanis representative. Atanis is dedicated to protecting the privacy of your personal information. Atanis maintains reasonable safeguards to protect your personal information and complies with applicable U.S. and international privacy standards, including the Health Insurance Portability and Accountability Act (“HIPAA”), the EU General Data Protection Regulation (“GDPR”), and the Swiss Federal Act on Data Protection (the “FADP”). While you are not obligated to provide us with personal information, your ability to use certain Services or features may be limited if you do not.

‍

Information About Use of the Services. When you use the Services, we collect internet or other electronic network activity information related to your use of the Services, including device information (such as internet protocol address (IP address), device identifiers, operating system) and usage information (such as time and duration of use, interaction with content, information stored in cookies or similar technologies), including through the use of cookies, web beacons and other tracking technologies. We collect this information directly from you or your device.

‍

Information From Third-Party Sources. We may receive personal identifiers, commercial information, professional or employment, or education-related information about you from publicly and commercially available sources, as permitted by law, which we may combine with other information we receive from or about you.

‍

HIPAA.  Atanis and its U.S. subsidiary, Atanis Biotech, Inc., may collect and process certain personal health information (“PHI”) in connection with clinical testing services. Atanis maintains safeguards required by HIPAA to protect the confidentiality, integrity, and availability of PHI. These include, but are not limited to, access controls, encryption, and secure data transmission and storage protocols. Atanis enters into Business Associate Agreements (“BAAs”) with relevant Covered Entities as required by law.

‍

How We Use Information

‍

To Provide and Manage the Services You Request and Better Understand our Users.  This includes, for example, enabling you to participate in features provided by the Services. We also may use information we gather to better understand and serve users and to improve our services.

‍

To Contact You. We may use your personal information to respond to questions you submit via the Services or to communicate with you regarding news, updates, or educational and marketing materials. You may opt out of receiving commercial email messages from us by following the instructions in those messages.

‍

To Protect the Rights of the Services and Others. We may use your information as we believe is necessary or appropriate to protect, enforce, or defend the legal rights, privacy, security, safety, or property of the Services, its employees or agents, or other users, and to comply with applicable law.

‍

Patient Data Transfers. Where required by applicable law, Atanis obtains patient consent or HIPAA-compliant authorization prior to the export of patient specimens or data from the United States. We may also provide notices, authorizations, or secure consent mechanisms as required by state or federal laws, including for the use of sensitive health data.

‍

Handling of Biospecimens.   In connection with our laboratory testing services, we may receive human biospecimens (e.g., serum) collected in the United States and shipped to our laboratories in Switzerland. Such specimens are handled using secure chain-of-custody procedures and are stored and processed in accordance with applicable data protection and biosafety regulations. Biospecimens may be de-identified or coded to protect patient privacy and will be retained or destroyed according to our internal policies and legal requirements.

‍

Use of Test Results.  In connection with laboratory testing, Atanis may use de-identified or coded test results for internal quality control, research and development, or to improve its services. Where applicable, test results may be returned to the ordering physician or other authorized healthcare providers. We do not share identifiable test results with third parties except as required by law or with your explicit authorization.

‍

Sharing of Information

‍

Affiliates. We may share your personal information with our subsidiaries or affiliates as part of our shared systems and administration.

‍

Service Providers. We rely on third parties to perform a variety of services for us, such as providing information technology services, data analysis, consulting and communication services, and cloud and web hosting services. To do so, we may need to provide your information to those businesses as necessary for them to perform the Services. Service providers acting on our behalf must execute agreements requiring them to maintain confidentiality and to process personal data as necessary to perform their functions in a manner consistent with applicable laws, rules, and regulations.

‍

Other Parties When Required by Law or As Necessary to Protect Our Services. We may share information when we have reason to believe that doing so is necessary to identify, contact, or bring legal action against someone who may be causing injury to or interference with the rights or property of us, other visitors, or anyone else that could be harmed by such activities. We may also share your information where otherwise required or permitted by law or legal process.

‍

Other Parties in Connection with a Corporate Transaction. We may transfer information collected on the Services in the event that we sell or transfer all or a portion of our business or assets to a third party in connection with a corporate transaction or bankruptcy.

‍

We may otherwise use information and share information about you with third parties with your consent. We also may provide to third parties information that is not directly identifiable or connected to you, such as information that has been aggregated or deidentified in accordance with applicable law (e.g., HIPAA).

‍

Online Tracking

‍

Our website may use cookies, pixel tags, and similar technologies to collect information about your browsing activities over time and across different websites. We use this information to enhance your user experience and to analyze site usage. At this time, the Site does not respond to browser "Do Not Track" signals. You may adjust your browser settings to limit certain tracking or disable cookies, though this may affect functionality.

‍

International Transfers

‍

Your information may be stored, processed, and accessed in Switzerland, the United States or any other country where Atanis has facilities. By using the Services, you consent that we may collect, transfer, store, and process information outside of your country.

‍

If you are located in a jurisdiction that specifies relevant legal grounds for processing personal information, the legal grounds for our processing activities are to perform our contract(s) with you; to meet your legal obligations; and for our legitimate business purposes, such as to maintain the privacy, security, safety, or property of the Services and in relation to any sale or transfer of all or a portion of our business.

‍

Where we transfer personal data, including health-related information, from the United States to Switzerland, we do so in accordance with applicable U.S. and international data protection laws. For data subject to the GDPR, FADP, or the UK Data Protection Act, transfers are made by implementing appropriate safeguards and guarantees (such as by entering into agreements on the basis of the EU standard contractual clauses for the transfer of personal data to third countries, as approved by the European Commission, and by implementing appropriate supplementary safeguards, such as pseudonymization). For transfers from the U.S. to Switzerland, we may rely on appropriate HIPAA authorizations and, where applicable, safeguards consistent with the Swiss-U.S. Data Privacy Framework.

‍

Notice to Visitors from the EEA, Switzerland and the UK.

‍

This section sets forth how Atanis complies with our information obligations according to the GDPR, FADP and the UK Data Protection Act towards users in the EEA, EU, Switzerland and the UK.

‍

Who is responsible for the processing of my personal data?

‍

For the processing of your personal data as described in this section, the controller within the meaning of the GDPR, FADP and the UK Data Protection Act is Atanis Biotech AG, Freiburgstrasse 251, 3018 Bern, Switzerland.

‍

What personal data will be collected? For which purposes and on which legal basis will my data be processed?

‍

For the purpose of this section "personal data" means any information related to you as an identified or identifiable natural person.

‍

Atanis processes your personal data on the basis of its legitimate interests in operating our Website, ensuring the efficiency and security of the Website, improving and maintaining site functionality, and establishing, exercising and defending our legal claims (Art. 6(1) lit. f) GDPR).

‍

The processing of your personal data is based on the necessity of the processing for purposes of our legitimate interests in ensuring an efficient communication and processing of any requests or inquiries, in ensuring and documenting compliance with our legal obligations, and in establishing, exercising and defending our legal claims (Art. 6(1) lit. c) and f) GDPR).

‍

To the extent you provide us with any health data when contacting us, we will process such data based on your consent. By sending any communication that includes any health data, you consent to the respective collection and processing of such health data by Atanis for the purpose of handling and processing your request, inquiry or other type of communication (Art. 6(1) lit. a), Art. 9(2) lit. a) GDPR). You can withdraw your consent at any time with effect for the future by contacting us using the contact details set out below at the end of this Privacy Policy.

‍

Complying with our Obligations and Exercising Our Rights

‍

We may use your personal data on the basis of our legitimate interests to establish, exercise and defend our legal rights where it is necessary to do so, for example to detect, prevent and respond to misuse of our Website or to protect ourselves against claims (Art. 6(1) lit. f) GDPR). We may further process your personal data to the extent necessary to comply with our legal or regulatory requirements, where this is required by law, for example for documenting and reporting product complaints and safety issues, complying with data retention obligations or other regulatory requirements (Art. 6(1) lit. c) GDPR).

‍

Where will my data be processed?

‍

Your personal data may be processed by Atanis in the USA or in Switzerland. It may be that certain recipients with whom we share your data (please see the Terms of Use and Online Privacy Policy under Section "Sharing of Information"), in particular external service providers, are located in countries outside the EEA, EU, Switzerland and the UK which may not provide for the same level of data protection as considered adequate in the EEA, EU, Switzerland and UK (such as the USA). In such cases Atanis will, to the extent required by the GDPR, the FADP and/or the UK Data Protection Act, ensure by implementing appropriate safeguards and guarantees (such as by entering into agreements on the basis of the EU standard contractual clauses for the transfer of personal data to third countries, as approved by the European Commission, and by implementing appropriate supplementary safeguards, such as pseudonymization) that your personal data will be adequately protected as required under the GDPR, the FADP and the UK Data Protection Act.

‍

How long will my data be stored?

‍

We retain your personal data for as long as needed for the purpose the data was collected and further processed, in accordance with our data retention policy (which sets forth data retention periods and deletion routines in accordance with applicable law). 

  • Data about Website Access (Log Files): The data about website access collected in the context of your use of our Website will generally be completely deleted or anonymized by shortening your IP address once it is no longer needed for the purposes described here unless the data is required for complying with statutory obligations or the establishments, exercise or defense of legal claims.
  • Contact and Communication Data: Any personal data disclosed to us in the context of a contact, such as an inquiry, the request for information or any other communication will generally be stored by Atanis only for as long as necessary for the complete processing and handling of your request or inquiry, except when longer storage is necessary to achieve the further purposes described here.

‍

Your personal data will be deleted thereafter, except where any further storage is necessary to comply with our legal obligations, in particular any applicable data retention obligations or for the establishment, exercise or defense of our legal claims (such the need to retain records in order to resolve disputes and investigate or defend against potential claims).

‍

Which rights do I have?

‍

Subject to applicable data protection laws of the member states of the EU/EEA, Switzerland and the UK, including the GDPR, the FADP, and the UK Data Protection Act, you have the right:

  • to obtain information on the personal data processed concerning you and to obtain a copy of such data (right of access);
  • to obtain the rectification of any inaccurate personal data and, having regard to the purposes of the processing, the completion of incomplete personal data (right to rectification);
  • if there are legitimate reasons, to request the deletion of your personal data (right to erasure; right to be forgotten);
  • to request the restriction of the processing of your personal data, if the legal requirements are met (right to restriction of processing);
  • if the legal requirements are met, to receive the personal data provided by you in a structured, commonly used and machine-readable format and to transfer this personal data to another controller or, if technically feasible, to have it transferred by Atanis (right to data portability); and
  • not to be subject to a decision based solely on automated processing which produces legal effects concerning you or significantly affects you in a similar way, if the legal requirements are not met. An automated decision-making process is not carried out by Atanis.
  • ‍

You also have the right to object, subject to applicable local law, to the processing of personal data which is necessary for the purposes of our legitimate interests at any time on grounds relating to your particular situation (right to object).

‍

If the data processing is based on consent, you can withdraw the consent at any time. The withdrawal of your consent does not affect the lawfulness of the processing of your personal data until its withdrawal. If you withdraw your consent, we might still need to process certain personal data relating to you to comply with a legal obligation (for example, to provide you important safety information) or to pursue a legitimate business interest.

‍

To exercise your rights (including the withdrawal of your consent), as well as in the event of questions regarding the processing of your personal data, please contact us at any time using the contact details below.

If you are a resident of the European Union (“EU”), you may also lodge a complaint with the relevant supervisory authority if you consider that our processing of your personal information infringes applicable law. Contact details for all EU Supervisory Authorities can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en

‍

Notice to California Residents

‍

California “Shine The Light”.  As provided by California Civil Code 1798.83, if you are a California resident, you have the right to receive (a) information identifying any third party company(ies) to whom we have disclosed your Personal Information to third parties for their marketing purposes to in the past 12 months, if any; and (b) a description of the categories of Personal Information disclosed. To obtain such information, please email your request to info@atanis-biotech.com with “Shine The Light Privacy Rights Request” in the subject line.

For California residents under the age of 18 and registered users, California law (Business and Professionals Code § 22581) provides that you can request the removal of content or information you posted on the Site. Any such request should be sent to us at info@atanis-biotech.com along with a description of the posted content or other information to be removed. Be advised, however, that other applicable law may not permit us to completely or comprehensively remove your deleted content or for other reasons as set forth in this California law.

‍

The Site does not currently recognize “Do Not Track” signals or technologies.

‍

California Consumer Privacy Act (“CCPA”).  The CCPA (as amended by the California Privacy Rights Act gives California consumers enhanced rights with respect to their personal information that is collected by businesses. The CCPA provides that California consumers can opt out of the “sale” or “sharing” of their Personal Information. 

‍

In addition, the CCPA grants California consumers the following rights:

  • Information. You can request information about how we have collected, used and shared your Personal Information during the past 12 months. We describe the sources through which we collect Personal Information and the types of Personal Information collected in the “Information We Collect” section above. We describe the purposes for which we use and share this information in the “How We Use Your Personal Information” section above and the “Disclosure of Personal Information” section above.
  • Access. You can request a copy of the Personal Information that we maintain about you.
  • Deletion. You can ask to delete the Personal Information that we maintain about you.
  • Opt out of the sale or sharing of your Personal Information. We do not sell or share Personal Information for purposes of the CCPA.

‍

Please note that the CCPA limits these rights by, for example, prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request.  You are entitled to exercise the rights described above free from discrimination regarding your access to and use of our Services.

‍

To request access to or deletion of Personal Information collected via the Services, please contact us via email at: info@atanis-biotech.com.

‍

To verify your identity prior to responding to your requests, we may ask you to confirm the information that we have on file about you or your interactions with us. Where we ask for additional Personal Information to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.

‍

Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf.

‍

Job Applicants. We may collect the following categories of Personal Information regarding job applicants.

  • Personal and online identifiers (such as first and last name, email address, cellphone number or unique online identifiers);
  • Location information;
  • Professional or employment-related information;
  • Education information;
  • Inferences drawn from the above information about your predicted characteristics and preferences; and
  • Other information about you that is linked to the Personal Information above.

‍

This information is collected directly from job applicants themselves or third parties who have a right to disclose this information to us. We use and disclose your Personal Information to process, evaluate and communicate with you about their application and qualifications for the position applied for, to check your references and to communicate with you about other jobs for which you may be qualified.

Job applicants may also submit requests to us to know what Personal Information we may have collected about you, correct your Personal Information or delete your Personal Information from our systems and records, as described above.

‍

Notice to Massachusetts Residents.

‍

We comply with the Massachusetts Standards for the Protection of Personal Information (201 CMR 17.00) by maintaining a comprehensive written information security program (WISP). This includes administrative, technical, and physical safeguards designed to protect personal information of Massachusetts residents.

‍

Recent other State consumer privacy laws – for example but not limited to Colorado, Connecticut, Virginia and Utah — may provide their residents with similar rights regarding our use of their Personal Information, such as:

‍

Confirm whether we collect and process their Personal Information;

  • Access and delete certain Personal Information;
  • Data portability;
  • Correct inaccuracies in their retained Personal Information;
  • Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects; and
  • Opt-out of selling or sharing Personal Data processing for online advertising and sales.

‍

To exercise any of these rights, please send an email to info@atanis-biotech.com.

‍

Privacy Rights

‍

As a data subject under applicable law, you may have the right to request, access, update, delete, or correct inaccuracies in the personal information we hold about you, subject to certain exceptions prescribed by law. We do not discriminate against any person who makes such a request, but deleting certain of your personal information may interfere or prevent us from being able to provide certain services to you. If you would like to exercise these rights, please contact us at:

‍

Atanis Biotech AG
Attn: Privacy Officer
Freiburgstrasse 251

‍

3018 Bern, Switzerland

info@atanis-biotech.com

+41 77 414 04 97

When submitting your request, please include your name, your contact information and any other information that may help us confirm the authenticity of the request. We may request reasonable authentication upon receipt of a request regarding your personal information for identity verification purposes.

‍

Contact Us

‍

If you have questions about our privacy practices, or wish to request this information in a different format, please contact us at the following:

‍

Atanis Biotech AG
Attn: Privacy Officer
Freiburgstrasse 251

‍

3018 Bern, Switzerland

info@atanis-biotech.com

+41 77 414 04 97

CLIA # 99D2331750

Other Important Information

‍

Updates to Privacy Policy. We may modify this Privacy Policy from time to time. Please look at the Effective Date at the top of this Privacy Policy to see when it was last revised. Any changes to this Privacy Policy will become effective when they are posted.

‍

Linked Services. The Services may link to sites operated by third parties or offer content developed and maintained by third parties. We are not responsible for the privacy practices of these third parties and when you interact with them you may be providing information to them directly. Such parties will have their own rules and policies with respect to the collection, use, and disclosure of personal information and we encourage you to review those rules and policies.

‍

Children’s Privacy. We do not knowingly collect any personal information from children under the age of the 13 without parental consent, unless permitted by law. If we learn that a child under the age of 13 has provided us with personal information, we will delete it in accordance with applicable law.

‍

Retention of your personal information. We retain your personal data for as long as required to provide the Services you request, and as necessary to comply with our legal obligations and resolve disputes.

‍

No Unlawful or Prohibited Use

‍

As a condition of your use of the Site or its content, you agree to not use the Site or its content for any purpose that is unlawful or prohibited by this Privacy Policy. The Site and its content may not be used in any manner that could damage, disable, overburden, or impair the Site or interfere with any other party’s use of the Site. No content from the Site may be downloaded or otherwise exported in violation of United States law.

‍

Personal and Non-Commercial Use

‍

The Site is intended for personal, non-commercial use. The Site and its content are protected by applicable copyright law. Except as specifically permitted, you may not copy, modify, distribute, transmit, display, publish, reproduce, license, create derivative works from, or sell any information obtained from the Site.

‍

Links to Other Web Sites

‍

The Site may contain hyperlinks or references to websites owned, operated, or controlled by other parties. Atanis does not endorse, warrant, or guarantee the products, services, or information described or offered on other parties’ websites and is not liable for any damages or injury arising from such content. Atanis does not control the content of other parties’ websites and provides these links as a convenience only. Accessing any other website is undertaken at your own risk, and Atanis is not responsible for the completeness, accuracy, or reliability of any information, data, opinions, advice, or statements made on these websites.

‍

Trademarks

‍

Unauthorized use of any Atanis trademark, service mark, or logo may be a violation of federal and state trademark law. Atanis products, service marks, and logos referenced by the Site are trademarks or registered trademarks of Atanis and/or its affiliates in the United States, Switzerland, and other countries. Other trademarks, products, service marks, or logos are the property of their respective owners.

‍

The Site Does Not Provide Medical or Professional Services Advice

‍

The medical information contained on the Site is presented for the purpose of general education for the public regarding food allergy diagnostic testing, functional allergy assessment, allergy research, and other general information concerning Atanis. No information provided on the Site is intended to constitute medical advice, instruction for medical diagnosis, or instruction for medical treatment. Any information provided on the Site should not be considered complete, nor should it be relied on to suggest a diagnosis or course of treatment for a particular individual. Information received from the Site should not be relied upon for personal, medical, legal, technical, or financial decisions. It should not be used in place of the consultation or advice of a physician or other qualified healthcare provider. Should you have any healthcare related questions, please consult with your physician or other qualified health care provider promptly. The information contained on the Site is compiled from a variety of sources. Atanis does not, through the Site or otherwise, directly or indirectly practice medicine, render medical advice, or provide medical services.

‍

No Warranties

‍

Atanis makes no representations or warranties about the suitability, reliability, availability, timeliness, completeness, or accuracy of the information, services, or related graphics contained on the Site for any purpose. All such information, services, and related graphics are provided “as is” without warranty of any kind. To the fullest extent permitted by law, Atanis and its officers, directors, employees and agents hereby disclaim all express or implied warranties and conditions with regard to the information, services, and related graphics, including all implied warranties or conditions of merchantability, fitness for a particular purpose, title, and non-infringement.

‍

Limitation of Liability

‍

In no event shall Atanis be liable for any direct, indirect, punitive, incidental, special, or consequential damages or any claim for lost profits or lost data arising out of or in any way connected with the use or performance of the Site, or with any delay or inability to use the Site, whether arising in contract, tort, negligence, strict liability, or otherwise, even if Atanis has been advised of the possibility of damages. This limitation of liability shall apply to the fullest extent permitted by law in the applicable jurisdiction.

‍

Governing Law

‍

These Terms and any disputes arising out of or related to these Terms or the Services shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law principles. Any legal action or proceeding arising under these Terms shall be brought exclusively in the federal or state courts located in Delaware, and you hereby consent to personal jurisdiction and venue therein.

‍

Updates

‍

The information and services included in or available through the Site may include inaccuracies or typographical errors. Atanis may make revisions, improvements, and/or changes to the Site at any time without notice but expressly disclaims any obligation to update such information.

‍

Atanis may revise this Privacy Policy at any time without notice. Certain provisions of these terms may be modified or superseded by legal notices or other terms located on particular pages within the Site. You are responsible for regularly reviewing this Privacy Policy.

‍

‍

‍Notice to Residents of Other US States

FAST-PASE® has been evaluated across clinical samples in our validated allergen panel. Performance data, including published studies, are available on our Publications page.

Based on unpublished data from over 10,000 patient samples tested over the past decade.