Data protection

1. Name and contact details of the responsible person

2. Contact details of the data protection officer

3. Data subject rights

4. Data transfer to third countries

5. General data processing when visiting our website

6. Cookies use

7. Consent Management Platform (CMP)

8. SalesViewer

9. Google Analytics

10. YouTube

11. Use of contact forms

12. Data processing in the context of business communication

13. Application procedure

14. Use and application of social networks & job boards

 

 

1. Name and contact details of the responsible person

hameln pharma gmbh
Island road 1
31787 Hamelin
Phone: +49 (0) 5151 / 80 50 0
Fax: +49 (0) 5151 / 80 80 124
E-Mail: mail@hameln-pharma.com

 

2. Contact details of the data protection officer

hameln pharma gmbh
Data protection assignment
Island road 1
31787 Hamelin
E-Mail: datenschutz@hameln-pharma.com

 

3. Data subject rights

Every data subject has the right to

  • Information (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Deletion (Art. 17 DSGVO)
  • Restriction of processing (Art. 18 DSGVO)
  • Objection (Art. 21 DSGVO)
  • Data portability (Art. 20 GDPR)

Consent to the processing of personal data can be revoked at any time. You also have the right to lodge a complaint with a competent data protection supervisory authority. You can find an overview of competent supervisory authorities under the following
link https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

 

4. Data transfer to third countries

When choosing our external services and service providers on our website, we pay attention to European companies wherever possible. Only in exceptional cases will we have data processed outside the European Union or the European Economic Area in the context of using third-party services.

We only permit data processing in third countries if the special requirements of Art. 44 et seq. DSGVO are fulfilled. As a rule, we will obtain consent from data subjects in accordance with Art. 49 DSGVO prior to such data transfer.
Alternatively, data processing may be carried out on the basis of special guarantees, e.g., the officially recognized determination by the EU Commission of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations (so-called standard data protection clauses).

We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in countries outside the EU / EEA. For example, US companies are obliged to hand over personal data to security authorities without data subjects being able to take legal action against this. It can therefore not be ruled out that U.S. authorities will process, evaluate and permanently store data located on U.S. servers for monitoring purposes.

 

5. General data processing when visiting our website

Description and purpose of data processing

When visiting our website, information of a general nature is automatically collected. This information of website visitors includes, for example, the type of web browser, the operating system used, the domain name of the Internet service provider, the IP address and the like.
In particular, they are processed for the following purposes:

  • Ensuring that the website connection is established without any problems,
  • Ensuring a smooth use of our website as well as
  • Ensuring and evaluating system security and stability, in particular for abuse detection, and
  • for the technically error-free presentation and optimization of our website.

We do not use data to draw conclusions about individuals. However, we reserve the right to check server log files retrospectively if there are concrete indications of illegal use.

Legal basis

The processing is carried out pursuant to Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website and ensuring system security and abuse detection.

Storage duration

As a matter of principle, we delete personal data when it is no longer required for the defined purpose of data processing and no legal retention obligations prevent deletion. IP addresses and names of Internet service providers used are stored by our external service company, which hosts our website, for a period of seven days and then deleted.

Receiver

Recipients may be the technical service providers we use to operate and maintain our website, who act as our processors.

Provision prescribed or required

The provision of personal data is neither legally nor contractually required. Failure to provide data means that the functionality of our website may not be guaranteed. In addition, individual services may not be available or may be limited.

 

6. Cookies use

Description and purpose of data processing

When our website is called up, cookies are stored on the end device of the website visitor. We distinguish between essential cookies, which enable us to provide basic and proper website functions, and statistical cookies, which help us to understand how visitors use our website.

Legal basis

The processing of the essential cookies takes place on the basis of § 25 para. 2 no. 2 TTDSG.
The processing of statistics cookies is based on your consent according to § 25 para. 1 TTDSG in conjunction with. Art. 6 para. 1 lit. a DSGVO.

Storage duration

Information on the storage period of our cookies can be found in our Consent Management Platform (CMP). Our CMP can be accessed via the privacy settings in the footer of our website.

Receiver

Recipients may be the technical service providers we use to operate and maintain our website, who act as our processors.

Provision prescribed or required

The provision of personal data is neither legally nor contractually required. However, without this data, the service and functionality of our website cannot be guaranteed. In addition, individual services and services may not be available or may be limited.

Revocation of consent

Consents can be revoked at any time in our Consent Management Platform (CMP). You can access our CMP via the privacy settings in the footer of our website.

Profiling

With the help of web analysis tools, the behavior of visitors to our website can be evaluated and interests analyzed. For this purpose, we create a pseudonymous user profile.

 

7. Consent Management Platform (CMP)

Description and purpose of data processing

We use a Consent Management Platform (CMP) on our website to be able to manage the consents of our website visitors. This requires the use of cookies to store the selected consent options.
The provider of the CMP is Borlabs GmbH (Hamburger Str. 11, 22083 Hamburg, Germany).

Legal basis

The use of the CMP is based on Art 6 (1) lit. c DSGVO for the fulfillment of our legal obligation.

Storage duration

The storage period for consent data is generally 12 months from the time of consent.

Receiver

The data is transferred to the provider of our CMP, which acts as a processor for us.
Recipients may also be the other technical service providers used by us for the operation and maintenance of our website, which act as our order processors.

Provision prescribed or required

The provision of personal data is voluntary. By not providing it, the use of our website is unfortunately not possible.

 

8. SalesViewer

Description and purpose of data processing

On our website, we process visitor data using SalesViewer technology in order to find out which companies are interested in the content of our website. For this purpose, a javascript-based code is used to collect company-related data and the corresponding usage. The collected data is encrypted via a non-returnable one-way function and immediately pseudonymized. In doing so, this data is not used to personally identify visitors to our website.

The provider of the technology is SalesViewer GmbH (Huestrasse 30, 44787 Bochum, Germany).

Legal basis

The use of the technology is based on Art. 6 para. 1 lit. f DSGVO our legitimate interest.

Receiver

The data is transferred to the provider of the SalesViewer technology, which acts as a processor for us.

Storage duration

No personal data is stored. The data stored within the framework of SalesViewer shall be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations.

Provision prescribed or required

The provision of the data is voluntary. By not providing it, the use of our website is unfortunately not possible.

Alternatively, website visitors can use an opt-out cookie provided by the provider under linkLink . Subsequently, no further tracking via SalesViewer technology takes place in the respective
browser.

 

9. Google Analytics

Description and purpose of data processing

We use the web analytics service Google Analytics on our website. The service uses cookies, which allows an analysis of the use of our website.
IP anonymization is used on our website. The IP address of the visitor is shortened within the member states of the EU and the European Economic Area. This shortening eliminates the personal reference of the IP address. The information collected may be transferred by the provider to servers in the USA and stored there.

The provider of the service is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).

Legal basis

The processing is based on the consent of our website visitors according to Art. 6 para. 1 lit. a DSGVO.

Receiver

The data is transferred to the provider of the web analytics service, which acts as a processor for us.
Recipients may also be the other technical service providers used by us for the operation and maintenance of our website, which act as our order processors.

Storage duration

Information on the storage period can be found in our Consent Management Platform (CMP).
Our CMP can be accessed via the privacy settings in the footer of our website.

Provision prescribed or required

The provision of personal data is voluntary. Failure to provide it has no consequences for website visitors.

Revocation of consent

Consents can be revoked at any time in our Consent Management Platform (CMP). You can access our CMP via the privacy settings in the footer of our website.
In addition, storage can be prevented by website visitors through corresponding settings in the browser. This may prevent the full use of certain functions of our website.
Further, by installing a browser plugin under link, the processing by the provider of the web analytics service can be prevented.

Profiling

With the help of the web analytics service, the behavior of website visitors can be evaluated and interests can be analyzed. A pseudonymous user profile is created for this purpose.

 

10. YouTube

Description and purpose of data processing

On our website, we embed video content from the provider YouTube. When the video content is called up, the IP address is transmitted to the provider, which is why we have blocked the automatic loading of the content by default.

The provider of the service is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).

Legal basis

The processing is based on the consent of our website visitors according to Art. 6 para. 1 lit. a DSGVO.
We do not collect consents for this data processing via our CMP, but via a separate 2-click solution on the corresponding websites.

Storage duration

We do not store any data in this context. You can find the provider’s detailed data protection information at https://policies.google.com/privacy.

Receiver

We do not forward any data to third parties in this context.
By using the service, the provider of the service will receive data.

Provision prescribed or required

The provision of personal data is neither legally nor contractually required. Failure to provide it will unfortunately mean that the video content cannot be displayed on our website.

Revocation of consent

Consents are automatically revoked when the relevant web page is updated.

 

11. Use of contact forms

Description and purpose of data processing

The data entered in our contact forms are stored for the purpose of individual communication with the person entering the data. For this purpose, it is necessary to enter the data in the input fields marked with an asterisk. This data is used for the assignment of an inquiry and the subsequent response to the same. The specification of further data is optional and voluntary.

Legal basis

The processing of the data entered in the contact form is based on our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO. By providing the contact form, we would like to enable an uncomplicated contact. Information provided will be stored for a limited time for the purpose of processing the request and for possible follow-up questions.
Alternatively, processing takes place on the basis of Art. 6 para. 1 lit. b DSGVO (e.g. in the case of an offer request or similar).

Storage duration

The collected data will be deleted no later than six months after processing the request. If a contractual relationship arises, we are subject to the statutory retention periods and the storage period is based on the relevant legal requirements.

Receiver

In principle, only those persons have access to personal data transmitted via our contact forms who require this data for the processing of contact requests.
Recipients may also be the technical service providers used by us for the operation and maintenance of our website, who act as our processors.

Provision prescribed or required

The provision of personal data is neither legally nor contractually required. However, contact inquiries can only be processed if the data is entered in the input fields marked with an asterisk.

 

12. Data processing in the context of business communication

Description and purpose of data processing

In the context of business communication, we process data in order to be able to communicate with our partners. This can be done to initiate business or to fulfill contractual and legal obligations, to offer products and to strengthen customer relationships and more.

Legal basis

Depending on the phase of the contact, the following legal bases may be relevant for processing data in this context:

  • For the execution of pre-contractual measures or for the fulfillment of a contract according to Art. 6 para. 1 lit. b DSGVO
  • For the fulfillment of legal obligations to which we are subject according to Art. 6 para. 1 lit. c DSGVO
  • For the protection of our legitimate interests according to Art. 6 para. 1 lit. f DSGVO

Storage duration

Personal data is generally deleted or blocked as soon as the purpose of the storage no longer applies. The purpose results from the content of the communication and the respective business transaction. Retention periods are determined for the respective business transactions on a case-by-case basis. As a rule, data is stored for the purpose of complying with retention periods under commercial and tax law, unless longer storage is necessary for the defense of legal claims.

Receiver

Within our company, we ensure that only those persons receive data who need them to fulfill contractual and legal obligations. Depending on the nature of the business relationship, data may be passed on to partner companies in order to fulfill contractual obligations. In some cases, we use additional service providers to process business transactions. These can be, for example, parcel services, banks, Internet service providers, manufacturers, IT service providers and tax consultants.

Provision prescribed or required

The provision of personal data may be necessary due to the contractual relationship. If the data is not provided, business communication is unfortunately not possible.

 

13. Application procedure

We describe detailed information on our handling of personal data in the application process under Data protection notice for applicants..

 

14. Use and application of social networks & job boards

Description and purpose of data processing

We maintain company profiles on various social networks, job boards and comparable platforms. These presences serve to present the company and create contact channels for interested parties, customers and third parties.
Insofar as our profiles in social networks or comparable platforms are used to contact us (e.g. by creating your own posts, responding to one of our posts or sending private messages to us), the data provided to us will be used exclusively for the purpose of communication and processing requests.

We hereby point out that when visiting our profiles in networks and comparable platforms, personal data may also be collected, used and stored by the operators of the respective network and comparable platforms. This also happens when visitors themselves do not have a profile in the respective social network. For a detailed presentation of the respective data processing of the platforms used by us, we refer to the information of the respective providers linked below:

LinkedIn (Provider:: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland)
Privacy policy: https://www.linkedin.com/legal/privacy-policy

Indeed (Provider: Indeed Ireland Operations, Ltd., 124 St. Stephen’s Green, Dublin 2, Ireland)
Privacy policy: https://de.indeed.com/legal/gdpr_de?hl=de

Legal basis

Depending on the phase of the contact, the following legal bases may be relevant for processing data in this context:

  • For the execution of pre-contractual measures or for the fulfillment of a contract according to Art. 6 para. 1 lit. b DSGVO
  • For the fulfillment of legal obligations to which we are subject according to Art. 6 para. 1 lit. c DSGVO
  • For the protection of our legitimate interests according to Art. 6 para. 1 lit. f DSGVO

Storage duration

We delete stored data as soon as their storage is no longer necessary or we are requested to delete them. As a rule, data is stored for the purpose of complying with retention periods under commercial and tax law, unless longer storage is required for the defense of legal claims.

Receiver

We do not pass on collected data to third parties. However, we cannot exclude and also have no influence on the extent to which the operators of the respective social networks and comparable platforms pass on data to third parties.

Provision prescribed or required

The provision of personal data is neither legally nor contractually required. Failure to provide it will result in no contact with us via our social networks and comparable platforms.

Parts of the privacy policy were created with the help of activeMind AG (version #2020-09-30).