Autolus Privacy and Cookie Notice
Effective Date: November 2025
1. Introduction
This Privacy and Cookie Notice (“Notice”) explains how Autolus Therapeutics PLC and Autolus Inc. (together, “Autolus”, “we”, “us” or “our”) collect and use personal information when you access or use the Autolus Healthcare Professional (“HCP”) Portal and Healthcare Organisation (“HCO”) Centres (collectively, the “Site”).
This Notice applies to healthcare professionals and representatives of healthcare organisations located in the United Kingdom who access or use the Site. It describes what personal information we collect, how we use it, and your rights under applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. Data Controller and Contact Details
The data controller responsible for your personal information is:
Autolus Therapeutics PLC
The MediaWorks, 191 Wood Lane, London, W12 7FP, United Kingdom
Email: privacy@autolus.com
Autolus Inc. (15810 Gaither Drive, Suite 230, Gaithersburg, MD 20877, USA) may also process personal information on behalf of Autolus Therapeutics PLC for administrative, technical and support purposes.
3. What Personal Information We Collect
We may collect the following categories of personal information when you register for, log in to, or use the Site:
- Identification details: name, professional title, and professional registration or licence number.
- Contact information: business email address, telephone number, and affiliated institution.
- Login information: username, password, and related access credentials.
- Usage data: IP address, browser type, device identifiers, date and time of access, and pages visited on the Site.
We do not collect or process patient data through this Site.
4. How We Use Personal Information
We use your personal information for the following purposes:
- To manage your account and provide access to the HCP Portal and HCO Centres.
- To verify your professional status and maintain secure user access.
- To communicate with you in relation to your account or enquiries.
- To maintain and improve the functionality, performance and security of the Site.
- To comply with legal or regulatory obligations, including pharmacovigilance or audit requirements.
We do not use your personal information for direct marketing or profiling.
5. Legal Bases for Processing
We rely on the following legal bases under the UK GDPR to process personal information:
- Performance of a contract: to provide access to and manage your HCP Portal account.
- Compliance with legal obligations: to meet regulatory and record-keeping duties.
- Legitimate interests: to maintain the security and integrity of our systems and to ensure appropriate access control.
6. Disclosure of Personal Information
Your information may be shared only as necessary with:
- Autolus Inc. (USA) for IT hosting, maintenance and administrative support;
- Authorised service providers that operate and maintain the Site on our behalf under data-processing agreements; and
- Regulatory authorities or other third parties when required by law.
We do not sell or rent your personal information to third parties.
7. International Data Transfers
Where personal information is transferred to the United States, we ensure adequate protection through the use of UK International Data Transfer Addendum and Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO).
8. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes described in this Notice or as required by law and regulatory record-keeping obligations.
9. Data Security
Autolus uses appropriate technical and organisational measures to protect personal information against unauthorised access, loss, or misuse. While we strive to protect your data, no system is completely secure and we cannot guarantee absolute security.
10. Your Rights
Under the UK GDPR, you have the following rights:
- To access the personal information we hold about you;
- To request correction of inaccurate or incomplete data;
- To request deletion of your data, subject to legal obligations;
- To restrict or object to certain processing; and
- To request data portability.
You may exercise your rights or contact us by emailing legal.notices@autolus.com You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk
11. Cookies
A cookie is a small text file stored on your device when you visit a website. We use cookies to ensure the Site functions correctly and to analyse usage for performance improvement.
We use the following types of cookies on the Sites:
Necessary
These are cookies required to enable core Site functionality and to remember user preferences and choices, such as language preferences or customized settings. You cannot turn these cookies off.
| Name | Provider | Purpose | Duration | Type | Technical Names |
|---|---|---|---|---|---|
| __cf_bm | .umbraco.io | This cookie is used by Cloudflare to distinguish between humans and malicious bots. It helps protect the website against automated abuse such as credential stuffing or scraping. It does not track users across sites and is essential for security and performance. | 30 minutes | Third-party / HTTPOnly | __cf_bm |
________________________________________
Preference
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
________________________________________
Performance and Analytics
These cookies provide quantitative measures of Site visitors and collect Usage Data. With the usage of these cookies, we are able to count visits and traffic sources to improve the performance of our Sites. You can opt-out of these cookies by going to the Cookies Settings.
________________________________________
Advertising
These cookies are used by advertising companies to serve ads that are relevant to your interests. These cookies allow us to track browsing habits as you visit the Sites. Based on your browsing history and with your permission, we may use third-party advertising partners who can then display to you a relevant ad when you are on a third-party site such as a social media platform. Within these cookies, we may also know your precise location such as latitude, longitude, GeoIP, and other location-specific information. You can opt-out of these cookies by going to the Cookies Settings.
When you first visit the Site, you will be asked to set your cookie preferences. You can update these preferences at any time using the Cookie Settings link on the Site.
12. Links to Third-Party Sites
The Site may include links to external websites operated by third parties. Autolus is not responsible for the privacy or cookie practices of those websites. We recommend reviewing their privacy notices before providing any personal information.
13. Changes to This Notice
We may update this Notice from time to time. Any material changes will be posted on this page with an updated “Last updated” date. Please review this Notice periodically.
14. Contact Us
If you have questions about this Notice or our data-handling practices, please contact:
Email: privacy@autolus.com
Address: Autolus Therapeutics PLC, The MediaWorks, 191 Wood Lane, London W12 7FP, United Kingdom