1. Name and contact details of the responsible person
2. Contact details of the data protection officer
3. Data subject rights
4. Data transfer to third countries
5. General data processing when visiting our website
6. Cookies use
7. Consent Management Platform (CMP)
8. SalesViewer
9. Google Analytics
10. YouTube
11. Use of contact forms
12. Data processing in the context of business communication
13. Application procedure and recruiting
14. Use and application of social networks & job boards
1. Name and contact details of the responsible person
hameln pharma gmbh
Island road 1
31787 Hamelin
Phone: +49 (0) 5151 / 80 50 0
Fax: +49 (0) 5151 / 80 80 124
E-Mail: mail@hameln-pharma.com
2. Contact details of the data protection officer
hameln pharma gmbh
Data protection assignment
Island road 1
31787 Hamelin
E-Mail: datenschutz@hameln-pharma.com
3. Data subject rights
Every data subject has the right to
- Information (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Deletion (Art. 17 DSGVO)
- Restriction of processing (Art. 18 DSGVO)
- Objection (Art. 21 DSGVO)
- Data portability (Art. 20 GDPR)
Consent to the processing of personal data can be revoked at any time. You also have the right to lodge a complaint with a competent data protection supervisory authority. You can find an overview of competent supervisory authorities under the following
link https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
4. Data transfer to third countries
When selecting external services and service providers on our website, we endeavour to use European companies wherever possible. In certain cases, however, it may be necessary to transfer personal data to recipients in so-called third countries.
Such a transfer only takes place if the special requirements of Art. 44 et seq. GDPR are fulfilled. These include in particular
- An adequacy decision by the EU Commission pursuant to Art. 45 GDPR,
- Appropriate safeguards pursuant to Art. 46 GDPR (e.g. standard contractual clauses),
- If none of these bases exist, the processing is carried out with your express consent in accordance with Art. 49 para. 1 lit. a GDPR.
We would like to point out that in some third countries (e.g. the USA) no level of data protection comparable to that in the EU can be guaranteed. For example, US companies may be obliged to disclose personal data to government agencies without effective legal remedies being available to data subjects. It can therefore not be ruled out that US authorities may access, analyse and permanently store personal data.
5. General data processing when visiting our website
Description and purpose of data processing
When visiting our website, information of a general nature is automatically collected. This information of website visitors includes, for example, the type of web browser, the operating system used, the domain name of the Internet service provider, the IP address and the like.
In particular, they are processed for the following purposes:
- Ensuring that the website connection is established without any problems,
- Ensuring a smooth use of our website as well as
- Ensuring and evaluating system security and stability, in particular for abuse detection, and
- For the technically error-free presentation and optimization of our website.
We do not use data to draw conclusions about individuals. However, we reserve the right to check server log files retrospectively if there are concrete indications of illegal use.
Legal basis
The processing is carried out pursuant to Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website and ensuring system security and abuse detection.
Storage duration
As a matter of principle, we delete personal data when it is no longer required for the defined purpose of data processing and no legal retention obligations prevent deletion. IP addresses and names of Internet service providers used are stored by our external service company, which hosts our website, for a period of seven days and then deleted.
Recipient
Recipients may be the technical service providers we use to operate and maintain our website, who act as our processors.
Provision prescribed or required
The provision of personal data is neither legally nor contractually required. Failure to provide data means that the functionality of our website may not be guaranteed. In addition, individual services may not be available or may be limited.
6. Cookies use
Description and purpose of data processing
When you visit our website, cookies and similar technologies can be used to store information on the end device of the website visitor or retrieve information from it. We make a fundamental distinction between essential cookies, which enable us to provide basic and flawless website functions, and statistics cookies, which help us to understand how visitors use our website.
Legal basis
The use of essential cookies is based on § 25 para. 2 no. 2 TTDSG.
We use statistics cookies on the basis of your consent in accordance with Section 25 (1) TTDSG. If personal data is processed as a result, this is also done on the basis of Art. 6 para. 1 lit. a GDPR.
Storage duration
Information on the storage duration of the individual cookies can be found in our Consent Management Platform (CMP). Our CMP can be accessed via the data protection settings in the footer of our website.
Recipient
Recipients may be the technical service providers we use to operate and maintain our website, who act as our processors.
Provision prescribed or required
The provision of personal data is neither legally nor contractually required. However, without this data, the service and functionality of our website cannot be guaranteed. In addition, individual services and services may not be available or may be limited.
Revocation of consent
Consents can be revoked at any time in our Consent Management Platform (CMP). You can access our CMP via the privacy settings in the footer of our website.
Profiling
With the help of web analysis tools, the behavior of visitors to our website can be evaluated and interests analyzed. For this purpose, we create a pseudonymous user profile.
7. Consent Management Platform (CMP)
Description and purpose of data processing
We use a Consent Management Platform (CMP) on our website to be able to manage the consents of our website visitors. This requires the use of cookies to store the selected consent options.
The provider of the CMP is Borlabs GmbH (Hamburger Str. 11, 22083 Hamburg, Germany).
Legal basis
The use of the CMP is based on Art 6 (1) lit. c DSGVO for the fulfillment of our legal obligation.
Storage duration
The storage period for consent data is generally 12 months from the time of consent.
Recipient
The data is transferred to the provider of our CMP, which acts as a processor for us.
Recipients may also be the other technical service providers used by us for the operation and maintenance of our website, which act as our order processors.
Provision prescribed or required
The provision of personal data is voluntary. By not providing it, the use of our website is unfortunately not possible.
8. SalesViewer
Description and purpose of data processing
On our website, we process visitor data using SalesViewer technology in order to find out which companies are interested in the content of our website. For this purpose, a javascript-based code is used to collect company-related data and the corresponding usage. The collected data is encrypted via a non-returnable one-way function and immediately pseudonymized. In doing so, this data is not used to personally identify visitors to our website.
The provider of the technology is SalesViewer GmbH (Huestrasse 30, 44787 Bochum, Germany).
Legal basis
The use of the technology is based on Art. 6 para. 1 lit. f DSGVO our legitimate interest.
Recipient
The data is transferred to the provider of the SalesViewer technology, which acts as a processor for us.
Storage duration
No personal data is stored. The data stored within the framework of SalesViewer shall be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations.
Provision prescribed or required
The provision of the data is voluntary. By not providing it, the use of our website is unfortunately not possible.
Alternatively, website visitors can use an opt-out cookie provided by the provider under linkLink . Subsequently, no further tracking via SalesViewer technology takes place in the respective
browser.
9. Google Analytics
Description and purpose of data processing
We use the web analytics service Google Analytics on our website. The service uses cookies, which allows an analysis of the use of our website.
IP anonymization is used on our website. The IP address of the visitor is shortened within the member states of the EU and the European Economic Area. This shortening eliminates the personal reference of the IP address. The information collected may be transferred by the provider to servers in the USA and stored there.
The provider of the service is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).
Legal basis
The processing is based on the consent of our website visitors according to Art. 6 para. 1 lit. a DSGVO.
Recipient
The data is transferred to the provider of the web analytics service, which acts as a processor for us.
Recipients may also be the other technical service providers used by us for the operation and maintenance of our website, which act as our order processors.
Storage duration
Information on the storage period can be found in our Consent Management Platform (CMP).
Our CMP can be accessed via the privacy settings in the footer of our website.
Provision prescribed or required
The provision of personal data is voluntary. Failure to provide it has no consequences for website visitors.
Revocation of consent
Consents can be revoked at any time in our Consent Management Platform (CMP). You can access our CMP via the privacy settings in the footer of our website.
In addition, storage can be prevented by website visitors through corresponding settings in the browser. This may prevent the full use of certain functions of our website.
Further, by installing a browser plugin under link, the processing by the provider of the web analytics service can be prevented.
Profiling
With the help of the web analytics service, the behavior of website visitors can be evaluated and interests can be analyzed. A pseudonymous user profile is created for this purpose.
10. YouTube
Description and purpose of data processing
On our website, we embed video content from the provider YouTube. When the video content is called up, the IP address is transmitted to the provider, which is why we have blocked the automatic loading of the content by default.
The provider of the service is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).
Legal basis
The processing is based on the consent of our website visitors according to Art. 6 para. 1 lit. a DSGVO.
We do not collect consents for this data processing via our CMP, but via a separate 2-click solution on the corresponding websites.
Storage duration
We do not store any data in this context. You can find the provider’s detailed data protection information at https://policies.google.com/privacy.
Recipient
No data is transferred to the provider before a video is activated.
An active click on an embedded video establishes a connection to the servers of the respective provider. Data may also be transmitted to servers in so-called third countries (e.g. the USA). The provider may link this data to an existing user account and process it for its own purposes (e.g. for advertising or profiling). We have no influence on this data processing.
If our profile on the respective video platform is used to contact us (e.g. through comments or reactions to a video), we do not pass on the personal data provided to us in this context to third parties.
We use external service providers (e.g. hosting or website service providers) for the technical operation, maintenance and ensuring the functionality of our website and the integrated services. They are not involved in the data processing described above, but may potentially gain access to personal data in the course of their activities, particularly during maintenance or technical administration. In such cases, processing takes place exclusively within the framework of order processing. The service providers are contractually bound to confidentiality and act exclusively on our instructions.
Provision prescribed or required
The provision of personal data is neither legally nor contractually required. Failure to provide it will unfortunately mean that the video content cannot be displayed on our website.
Revocation of consent
Consents are automatically revoked when the relevant web page is updated.
11. Use of contact forms
Description and purpose of data processing
The data entered in our contact forms are stored for the purpose of individual communication with the person entering the data. For this purpose, it is necessary to enter the data in the input fields marked with an asterisk. This data is used for the assignment of an inquiry and the subsequent response to the same. The specification of further data is optional and voluntary.
Legal basis
The processing of the data entered in the contact form is based on our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO. By providing the contact form, we would like to enable an uncomplicated contact. Information provided will be stored for a limited time for the purpose of processing the request and for possible follow-up questions.
Alternatively, processing takes place on the basis of Art. 6 para. 1 lit. b DSGVO (e.g. in the case of an offer request or similar).
Storage duration
The collected data will be deleted no later than six months after processing the request. If a contractual relationship arises, we are subject to the statutory retention periods and the storage period is based on the relevant legal requirements.
Recipient
In principle, only those persons have access to personal data transmitted via our contact forms who require this data for the processing of contact requests.
Recipients may also be the technical service providers used by us for the operation and maintenance of our website, who act as our processors.
Provision prescribed or required
The provision of personal data is neither legally nor contractually required. However, contact inquiries can only be processed if the data is entered in the input fields marked with an asterisk.
12. Data processing in the context of business communication
Description and purpose of data processing
In the context of business communication, we process data in order to be able to communicate with our partners. This can be done to initiate business or to fulfill contractual and legal obligations, to offer products and to strengthen customer relationships and more.
Legal basis
Depending on the phase of the contact, the following legal bases may be relevant for processing data in this context:
- For the execution of pre-contractual measures or for the fulfillment of a contract according to Art. 6 para. 1 lit. b DSGVO
- For the fulfillment of legal obligations to which we are subject according to Art. 6 para. 1 lit. c DSGVO
- For the protection of our legitimate interests according to Art. 6 para. 1 lit. f DSGVO
Storage duration
Personal data is generally deleted or blocked as soon as the purpose of the storage no longer applies. The purpose results from the content of the communication and the respective business transaction. Retention periods are determined for the respective business transactions on a case-by-case basis. As a rule, data is stored for the purpose of complying with retention periods under commercial and tax law, unless longer storage is necessary for the defense of legal claims.
Recipient
Within our company, we ensure that only those persons receive data who need them to fulfill contractual and legal obligations. Depending on the nature of the business relationship, data may be passed on to partner companies in order to fulfill contractual obligations. In some cases, we use additional service providers to process business transactions. These can be, for example, parcel services, banks, Internet service providers, manufacturers, IT service providers and tax consultants.
Provision prescribed or required
The provision of personal data may be necessary due to the contractual relationship. If the data is not provided, business communication is unfortunately not possible.
13. Application procedure and recruiting
We describe detailed information on our handling of personal data in the application process and recruiting under Data protection notice for applicants..
14. Use and application of social networks & job boards
Description and purpose of data processing
We maintain company profiles on various social networks, job boards and comparable platforms. These presences serve to present the company and create contact channels for interested parties, customers and third parties.
Insofar as our profiles in social networks or comparable platforms are used to contact us (e.g. by creating your own posts, responding to one of our posts or sending private messages to us), the data provided to us will be used exclusively for the purpose of communication and processing requests.
We hereby point out that when visiting our profiles in networks and comparable platforms, personal data may also be collected, used and stored by the operators of the respective network and comparable platforms. This also happens when visitors themselves do not have a profile in the respective social network. For a detailed presentation of the respective data processing of the platforms used by us, we refer to the information of the respective providers linked below:
LinkedIn (Provider:: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland)
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Indeed (Provider: Indeed Ireland Operations, Ltd., 124 St. Stephen’s Green, Dublin 2, Ireland)
Privacy policy: https://de.indeed.com/legal/gdpr_de?hl=de
Legal basis
Depending on the phase of the contact, the following legal bases may be relevant for processing data in this context:
- For the execution of pre-contractual measures or for the fulfillment of a contract according to Art. 6 para. 1 lit. b DSGVO
- For the fulfillment of legal obligations to which we are subject according to Art. 6 para. 1 lit. c DSGVO
- For the protection of our legitimate interests according to Art. 6 para. 1 lit. f DSGVO
Storage duration
We delete stored data as soon as their storage is no longer necessary or we are requested to delete them. As a rule, data is stored for the purpose of complying with retention periods under commercial and tax law, unless longer storage is required for the defense of legal claims.
Recipient
We do not pass on collected data to third parties. However, we cannot exclude and also have no influence on the extent to which the operators of the respective social networks and comparable platforms pass on data to third parties.
Provision prescribed or required
The provision of personal data is neither legally nor contractually required. Failure to provide it will result in no contact with us via our social networks and comparable platforms.
Parts of the privacy policy were created with the help of activeMind AG (version #2020-09-30).