Privacy policy

The purpose of this Personal Data Processing Policy (hereinafter "Policy") is to set out and inform the processing of personal data by Khiron of individuals who have provided this information, such as patients, suppliers, customers, healthcare professionals and employees of Khiron, and to disseminate and protect the rights of the holders of such personal data. This policy sets out the minimum requirements to ensure an adequate level of protection within Khiron when collecting, using, disclosing, transferring, storing and otherwise processing personal data.

KHIRON AND THIS DIRECTIVE

Khiron Europe GmbH is a German company with global operations through its local subsidiaries in various countries around the world. Whenever the term "KHIRON" is used in this document, it refers to the conglomerate of companies, without this term encompassing a group of companies as defined by the legislation of different countries. This is a global policy, but in the last section of this document you will find the specifics that apply to and are consistent with your jurisdiction. In the event of a conflict between this Directive and the specific provisions of a country, the latter shall prevail.

For the purposes of this Directive, the following definitions apply:

Consent: Prior, explicit and informed consent of the data subject to the processing of personal data.
Databases: Organized collection of personal data that is subject to processing.
Personal data: Any personal information that is linked to or can be associated with one or more identified or identifiable natural persons.
Sensitive personal data: Personal data that may affect the privacy of the data subject or whose misuse may lead to discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership of social or human rights organizations or the promotion of the interests of a political party, as well as data concerning the health or state of health of the individual or caregiver, sex life and biometric data.
Data processor: Natural or legal person governed by public or private law who, alone or in collaboration with others, carries out the processing of personal data on behalf of the controller.
Processing: Any operation or set of operations which is performed on personal data, such as collection, storage, use, disclosure or erasure.
Data subject: Natural person whose data is the subject of the processing.
Inhaber der Datenverarbeitung: Natürliche oder juristische Person, öffentlich oder privat, die allein oder in Zusammenarbeit mit anderen über die Datenbasis und/oder die Verarbeitung der Daten entscheidet, in diesem Fall Khiron.

Der Ethikkodex von Khiron unterstreicht die Verpflichtung des Unternehmens zum Schutz der Privatsphäre und der personenbezogenen Daten. Diese Richtlinie gilt für alle Datenbanken und/oder Dateien, die personenbezogene Daten enthalten, die von Khiron verarbeitet werden, und sie gilt für alle Kommunikations- und Interaktionskanäle, die Khiron nutzen kann und in denen personenbezogene Daten erhoben werden, d. h. sensible Daten, personenbezogene Daten, Handels- und/oder Verwaltungsdaten und andere.

LEGAL BASIS AND GUIDING PRINCIPLES

The personal data of the data subject will only be processed if the data subject has given their consent and only for the fulfillment of the specific purposes and legitimate interests for which the data is required.

When processing personal data and sensitive personal data, Khiron observes the following guiding principles of data protection: (i) lawfulness; (ii) purpose; (iii) freedom; (iv) veracity; (v) transparency; (vi) access and restricted disclosure; (vii) security; and (viii) confidentiality.

Personal data will only be processed for a period that is both adequate and necessary, in accordance with the intended purposes and in compliance with the regulations applicable to the matter in question (e.g. administrative, accounting, tax, legal and historical aspects of the information). Once the purpose or purposes of the processing have been fulfilled, Khiron will delete the personal data in its possession, subject to the possibility of retaining those necessary to fulfill a legal or contractual obligation or to enforce legal claims.

Personal data is processed under high standards of security and confidentiality, using the data exclusively for the purpose described in the relevant privacy policy and in compliance with the requirements of the applicable regulations.

Khiron takes the appropriate physical, technical, personnel and administrative measures to protect the records to prevent their falsification, loss, inspection, unauthorized or unlawful use, disclosure or access. Khiron's obligation and responsibility is limited to providing appropriate means for this purpose. Khiron does not guarantee the complete security of the data subject's data and is not liable for any consequences resulting from technical faults or unauthorized interference by third parties with the database or file in which the personal data processed by Khiron and the data controllers are stored. Khiron requires all third parties, including its contractors, with whom it exchanges information to take and comply with appropriate physical, technical, personnel and administrative measures to protect the personal data for which these third parties act as data controllers.

PASSIVE COLLECTION OF INFORMATION

Durch den Zugriff auf oder die Nutzung von Diensten auf den Khiron-Webseiten kann Khiron passiv Informationen über die Computerhardware und -software der betroffenen Person, die IP-Adresse der betroffenen Person, den Browsertyp, das Betriebssystem, den Domänennamen, die Zugriffszeiten und die Adressen der verweisenden Webseiten durch den Einsatz von Informationstechnologie wie Cookies sammeln (ohne dass Sie die Informationen direkt bereitstellen). Mit diesen Instrumenten werden keine personenbezogenen Daten der Nutzer direkt erhoben. Es werden auch Informationen über die vom Nutzer am häufigsten besuchten Seiten auf diesen Webseiten gesammelt, um etwas über seine Surfgewohnheiten zu erfahren. Der Nutzer der Khiron-Webseiten kann jedoch die Funktionsweise der Cookies entsprechend den Optionen seines Internetbrowsers konfigurieren.

Khiron und unsere Drittdienstleister sammeln und verwenden Informationen auf unterschiedliche Weise, wie unten aufgeführt:

Über den Browser der betroffenen Person: Einige Informationen werden von den meisten Browsern erfasst, z. B. die MAC-Adresse (Media Access Control) der betroffenen Person, der Computertyp (Windows oder Macintosh), die Bildschirmauflösung, die Version des Betriebssystems sowie Typ und Version des Internetbrowsers. Khiron kann ähnliche Informationen erfassen, z.B. den Gerätetyp und die Gerätekennung der betroffenen Person oder ob Sie die Webseite über ein mobiles Gerät aufrufen.

Verwendung von Cookies: Cookies sind eine Zusammenstellung von Informationen, die direkt auf dem von Ihnen verwendeten Computer gespeichert werden. Cookies ermöglichen es uns, Informationen wie Browsertyp, Verweildauer auf der Webseite, aufgerufene Seiten und Sprachpräferenzen zu sammeln. Khiron und unsere Dienstleister verwenden diese Informationen zu Sicherheitszwecken, um die Navigation zu erleichtern, Informationen effizienter darzustellen und die Navigation auf der Webseite an Ihre Bedürfnisse anzupassen. Khiron verwendet Cookies auch, um Ihren Computer oder Ihr Gerät wiederzuerkennen und Ihnen so die Nutzung der Webseite zu erleichtern, z.B. indem wir uns merken, was sich im Einkaufswagen befindet. Darüber hinaus verwendet Khiron Cookies, um statistische Informationen über die Nutzung der Webseite zu erhalten, um das Design und die Funktionalität der Webseite kontinuierlich zu verbessern, um zu verstehen, wie die Benutzer die Webseite nutzen, und um uns zu helfen, Fragen zur Webseite zu beantworten. Cookies sind auch nützlich, um auszuwählen, welche unserer Anzeigen oder Angebote Sie am ehesten ansprechen, und um sie anzuzeigen, während Sie auf der Webseite sind. Wir können Cookies auch in der Online-Werbung verwenden, um die Reaktionen der Verbraucher auf unsere Anzeigen zu verfolgen.

Sie können die Annahme dieser Cookies verweigern, indem Sie den Anweisungen Ihres Browsers folgen; eine solche Verweigerung kann jedoch zu Problemen bei der Nutzung der Webseite führen. Möglicherweise erhalten Sie auch keine Werbung oder andere Angebote von uns, die auf Ihre Interessen und Bedürfnisse zugeschnitten sind. Weitere Informationen über Cookies finden Sie unter www.allaboutcookies.org.

Verwendung von Zählpixeln, Web-Beacons, Clear GIFs oder anderen ähnlichen Technologien: Diese können in Verbindung mit bestimmten Seiten der Webseite und HTML-formatierten E-Mails verwendet werden, um u.a. die Aktionen von Webseite-Benutzern und E-Mail-Empfängern zu verfolgen, den Erfolg unserer Marketing-Kampagnen zu messen und Statistiken über die Webseiten-Nutzung und Antwortquoten zu erstellen.

Verhaltensbasierte Online-Werbung: Die Verwendung von Cookies, Web-Beacons, Pixel-Tags, Clear GIFs oder anderen ähnlichen Technologien ermöglicht es unseren Drittanbietern, Werbung über unsere Produkte und Dienstleistungen anzuzeigen, wenn Sie die Webseite oder andere Webseiten oder Web-Eigenschaften über das Internet aufrufen. Diese Anbieter können Web-Beacons, Clear GIFs oder ähnliche Technologien auf der Webseite und anderen Webseiten oder Web-Eigenschaften platzieren und können auch Cookies von Drittanbietern platzieren oder erkennen, wenn Sie die Webseite oder andere Webseiten oder Web-Eigenschaften aufrufen. Sie können Informationen über Ihre Besuche auf der Webseite und anderen Webseiten oder Web-Eigenschaften verwenden, um Werbung für Waren und Dienstleistungen anzuzeigen, die für Sie von Interesse sein könnten.

IP-Adresse: Die IP-Adresse ist eine Nummer, die der Internetdienstanbieter (ISP) der betroffenen Person dem von Ihnen verwendeten Computer automatisch zuweist. Eine IP-Adresse wird identifiziert und automatisch in unseren Server-Protokolldateien aufgezeichnet, wenn ein Nutzer die Webseite betritt, zusammen mit der Uhrzeit und der/den besuchten Seite(n). Das Sammeln von IP-Adressen ist eine gängige Praxis im Internet und wird von vielen Webseiten automatisch durchgeführt. Khiron verwendet IP-Adressen für Zwecke wie die Berechnung der Nutzung der Webseite, die Diagnose von Serverproblemen und die Verwaltung der Webseite.

Geräteinformationen: Es können Informationen über das mobile Gerät der betroffenen Person erfasst werden, wie z. B. eine eindeutige Gerätekennung.

TREATMENT AND PURPOSE

Khiron collects, stores, uses, disseminates, deletes, processes, compiles, reproduces, exchanges, updates, organizes, communicates and, where appropriate, transfers to third countries personal data of persons with whom it has or has had a relationship.

The general purposes for which Khiron processes personal data include the following:

To carry out activities related to the corporate purpose of Khiron in each country.
Conducting commercial and marketing activities, including research to develop and improve all or some of our products and services.
Sending important information about the data subject's relationship with Khiron and about products, campaigns, events, Khiron websites or digital initiatives, changes to Khiron's terms and conditions and policies, and other administrative information.
Follow-up activities, management of actions, identification of opportunities, quality of services, for administrative, organizational, academic, scientific and research purposes, reporting obligations established by law or codes of ethics.
Fulfillment of legal obligations, judicial, contractual or other proceedings.
For business purposes, such as data analysis, market research, audits, developing new products, improving the website, improving Khiron's products and services, identifying trends in website usage, customizing the customer experience on Khiron websites by presenting products and services, and determining the effectiveness of our advertising campaigns.
Answering your queries and processing your requests and sending you the documents or warnings you have requested by e-mail.
Tracking and processing complaints about product and/or service quality and reports of adverse events.
Manage and administer Khiron's human resources, payroll, benefits and other compensation programs.
Share, transfer and transmit your personal data within the conglomerate of companies to which the name Khiron refers and with internal third parties.
Share your personal data with our third party service providers who provide services such as website hosting and moderation, mobile application hosting, data analysis, payment processing, order fulfillment, infrastructure provision, IT services, customer service, email and direct mail, credit card processing, customer and supplier analytics, audit services and other services to enable them to provide these services.
Disclosure of your personal data to third parties in the event of a reorganization, merger, sale, spin-off, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including actions in connection with any bankruptcy or similar proceedings), or in the event of a change in Khiron's corporate or administrative structure.
Responding to requests from public and government authorities, including public and government authorities in your country of residence and abroad.
Assertion of the rights of Khiron.
Protect our activities.
Protecting our business, our rights, our privacy, our security or our assets, to name but a few.
Overall, to manage our relationship with you as a data subject.
For any other lawful, authorized purpose.

DATA TRANSMISSION

Khiron may share your personal data with internal and external third parties to fulfill the company's purpose and to fulfill the purpose you have authorized.

In such cases, Khiron enters into a contract for the transfer of personal data with the third party concerned, whereby the third party is obliged to treat the information confidentially, to secure it and to use it only for the performance or provision of the activities and/or services specified in the data transfer agreement or in the document containing the contractual relationship to be performed.

RECIPIENTS AND STORAGE OF PERSONAL DATA

We only process and store personal data for as long as is necessary to achieve the stated purposes or as required by law (e.g. retention obligations under commercial or tax law). As soon as the purpose of the processing no longer applies or statutory retention periods expire, the data will be deleted in accordance with the legal requirements. Details of recipients and storage periods can be found below:

Contact form data (name, e-mail, telephone number, message)
Purpose: Processing of inquiries and communication
Recipient: Hostinger (hosting), Microsoft Outlook (e-mail)
Storage period: Deletion usually within 6 months after completion, provided there are no legal storage obligations
Application documents (name, e-mail, CV, attachments)
Purpose: Implementation of the application procedure
Recipient: Hostinger (temporary storage on web server), Microsoft Outlook (e-mail)
Storage period: Storage during the application process; server files are deleted once a year; rejections deleted no later than 6 months after completion of the process
Server log files (IP address, access time, browser information)
Purpose: Security, troubleshooting and stability of the website
Recipient: Hostinger (hosting, SSL encryption, caching, CDN) Storage period: 7-30 days, then automatic deletion
E-mail correspondence
Purpose: Business communication and legal retention obligations
Recipient: Microsoft Outlook
Storage period: Storage for up to 6 years in accordance with commercial and tax law requirements
Cookies and analysis data
Purpose: Website functionality, statistics and optimization
Recipients: CookieYes (consent management), Google Analytics (usage statistics, visitor behavior), Google Search Console (SEO performance monitoring)
Storage period: Cookies are stored in accordance with the information in the cookie banner. Analytics data may be stored by Google for up to 14 months (if so configured); otherwise until consent is withdrawn.
Website security
Purpose: Protection against cyber attacks and misuse
Recipient: Wordfence (security plugin for WordPress)
Storage duration: Security logs (e.g. suspicious IP addresses) are usually stored for 30 days and then automatically deleted

INTERNATIONAL DATA TRANSFER

Your personal data may be processed in the country in which you work or reside or in another country in which Khiron is represented, insofar as this is permitted by law. For this purpose, Khiron must have your explicit consent.

In the event that your personal data is to be transferred outside the European Economic Area or any other country that prohibits the transfer of personal data, Khiron will apply the European Commission's Standard Contractual Clauses or other transfer mechanisms in accordance with local regulations, such as consent, to ensure that your personal data is maintained at an adequate or similar level of protection as in your home country.

Notwithstanding the foregoing, please note that Khiron may transfer your personal data to another country without your consent in the following cases where local law permits:

When an exchange of medical data takes place, if this is necessary for the treatment of the data subject or for reasons of public health or hygiene;
Cases of bank or stock exchange transfers, in accordance with the applicable legal provisions;
Transfers made in accordance with the international treaties signed by Colombia on the basis of the principle of reciprocity;
if a transfer required by law is necessary for the protection of the public interest or for the recognition, exercise or defense of a right in legal proceedings;
If this is necessary for the performance of a contract concluded between the data subject and Khiron, including an employment contract or for the implementation of pre-contractual measures, provided that the data subject has given his or her consent.

RIGHTS OF THE PERSONS CONCERNED

Below you will find a description of your rights as the owner of the personal data processed by Khiron:

To access, update, supplement, correct, rectify and/or delete personal data processed by Khiron at any time and free of charge, as well as to revoke, restrict or contest the authorization for processing;
Requesting proof of authorization granted to Khiron for the processing of personal data;
To be informed about Khiron's use of your personal data at your request;
Filing complaints with the relevant authorities in each country for violations of the provisions of the respective law on the protection of personal data and other provisions amending or supplementing this law;
Withdraw consent and/or request the deletion of personal data and/or sensitive personal data;
Free access to your personal data and/or sensitive personal data that has been processed.

PROCEDURE FOR THE EXERCISE OF RIGHTS

You can view, update, correct, rectify and/or delete your personal data processed by Khiron at any time free of charge, as well as revoke, restrict or contest the authorization for processing.

To do so, you must send a detailed notice of your request to Khiron's Data Protection Officer at the addresses or email addresses listed in the "Special Privacy Terms by Country" section. All physical communications to Khiron must include an e-mail or physical address so that the company can respond to the request.

Remember that these rights can only be exercised by: (i) the data subject, who must provide sufficient proof of identity; (ii) the data subject's authorized representatives (e.g. heirs, successors), who must provide proof of capacity; (iii) the data subject's legal representative and/or proxy, subject to prior accreditation of the representative or proxy; and (iv) a third party, if the provision is for the benefit of or on behalf of another person, subject to prior accreditation.

Khiron may only deny access to, revoke authorization or request deletion of personal data if (i) the applicant is not the data subject, his or her authorized representatives (e.g. heirs, successors) or legal representative is not duly authorized to do so; (ii) the applicant is not a public or administrative body in the exercise of its statutory functions or is not subject to a court order; and (iii) the data subject is contractually or, where applicable, legally obliged to remain in the database.

Requests: They will be answered within a maximum of ten (10) working days after receipt of the request. If the law expressly provides for a shorter deadline in the area of responsibility of the person concerned, this deadline will be observed. If the request or application cannot be answered within the aforementioned time limit, you will be informed of the reasons for the delay and the date on which the data subject's request or application will be answered, which date may in no case be more than five (5) working days after the expiry of the first deadline.

If more than one request is made per calendar month, Khiron will only charge the person concerned for the costs of sending, reproducing and, if applicable, notarizing the documents. The duplication costs may not exceed the costs for the replacement of the corresponding material.

For complaints or applications: If information is missing, you will be requested to provide the missing information within five (5) working days of receipt of the request. If the applicant has not provided the requested information within two (2) months from the date of the request, the application will be considered withdrawn. If the information on the complaint or application is complete, a note will be added to the database within two (2) working days stating "Application in progress" and the reason for this. This note will be retained until the claim has been clarified.

The maximum period for the settlement of complete complaints is fifteen (15) working days from the day following their receipt. If the law in the jurisdiction of the person concerned expressly provides for a shorter period, this period shall be observed by Khiron. For claims that are not resolved within this period, the party concerned shall be informed of the reasons for the delay and the date by which the claim is to be resolved, which shall in no case be more than eight (8) working days after the expiry of the first deadline.

SENSITIVE PERSONAL DATA AND DATA OF MINORS

In order to fulfill its corporate purpose, Khiron collects sensitive personal data and data of minors. In some cases, this type of personal data is processed as part of the KHIERO patient program (or its counterpart in a specific jurisdiction), which is a program for the continuous monitoring of patients during their treatment that complies with the legal requirements of the respective jurisdiction.

According to Art. 8 para. 1 GDPR, the processing of personal data of minors under the age of 16 is only permitted if the custodial parents or legal guardians have expressly consented; in Germany, this age limit remains unchanged at 16 years. In this framework or in another framework applicable to Khiron's business areas, Khiron or the third parties commissioned by Khiron undertake to process the sensitive personal data and the data of minors in accordance with the regulations applicable in the legal system of the data subject.

The creation of databases containing sensitive personal data must have a legitimate reason and a specific purpose and serves the development of Khiron's activities. Your express consent is required for the creation of this type of database. However, you must always bear in mind that you are not obliged to authorize the processing of personal data, as the granting of such consent is optional and Khiron ensures respect for the fundamental rights of children and adolescents and respects their interests. Khiron will also respect the minor's right to be heard where appropriate.

The processing of sensitive personal data for historical, statistical or scientific purposes is permitted. In such cases, Khiron will delete the identity of the data subject.

SPECIAL DATA PROTECTION REGULATIONS BY COUNTRY

Khiron in Germany/European Union: The controller in Germany is Khiron Europe GmbH, Hanauer Landstraße 291B, 60314 Frankfurt am Main.
Contact to exercise your rights: To contact Khiron Europe GmbH and to exercise your rights and submit a consultation, claim, request or complaint, please send an email to info@khironeurope.com
Legal basis and authority: In Germany, the Basic Law guarantees every citizen the right to decide for themselves on the disclosure and use of personal information. On the one hand, there is the Federal Data Protection Act (BDSG) and, on the other, the General Data Protection Regulation (GDPR), which applies throughout Europe. The regulations serve to protect the citizens of the EU and Germany when processing personal data and, in particular, against improper data processing.

Data protection laws aim to protect the privacy of citizens and prevent the misuse of data processing. Therefore, the processing of personal data is prohibited unless there is a legal basis. Such a legal basis may be:

A given consent to the processing of his personal data.
The processing of personal data serves the purpose of fulfilling the contract or, upon request, taking measures that precede the conclusion of a contract.
Processing is necessary for compliance with a legal obligation.
Processing is necessary for the purposes of the legitimate interests pursued by Khiron Europe GmbH

Personal data and personal information

The General Data Protection Regulation and the Federal Data Protection Act result in a variety of different rights and instruments for compliance by data subjects in the EU and in Germany. These rights form the basis for informal self-determination and ensure the exchange of information and transparency in data processing. Clear and specific rights of data subjects are therefore one of the foundations of data protection. The following rights can be asserted by the data subject:

The aforementioned right to data portability
The data subject's right of access to information
The right to rectification, technically known as the right to rectification
The also mentioned right to be forgotten (erasure of data)
The rights under consent (if this is the legal basis for processing)

Failure to comply with the required rights can be punished by the supervisory authorities with a fine of up to €10 million or 2% of the company's global annual turnover.

External hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host's servers. This includes IP addresses, contact requests, metadata and messages, contract information, contact information, names, website accesses and other data generated via a website.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR).

Our host will only process your data to the extent necessary to fulfill its performance obligations and to follow our instructions in relation to this data.

We use the following host: GoDaddy, Europe.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and the lock symbol appears in the browser line. If SSL or TLS encryption is activated, data that you transmit to us cannot be read by third parties.

Recording of data on this website

Cookies

Our websites and pages use so-called "cookies". Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted as soon as you end your visit. Permanent cookies remain archived on your device until you actively delete them or they are automatically deleted by your web browser.

In some cases, it is possible that third-party cookies are stored on your device as soon as you enter our website (third-party cookies). These cookies enable you or us to use certain services offered by the third party (e.g. cookies for the processing of payment services).

Cookies have a variety of functions. Many cookies are technically necessary, as certain functions of the website would not work without them (e.g. the shopping cart function or the display of videos). The purpose of other cookies may be to analyze user patterns or display advertising messages.

Cookies that are required to carry out electronic communication processes (necessary cookies) or to provide certain functions that you wish to use (functional cookies, e.g. for the shopping cart function) or those that are necessary to optimize the website (e.g. cookies that provide measurable insights into the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is cited. The website operator has a legitimate interest in the storage of cookies to ensure the technically error-free and optimized provision of the operator's services. If your consent to the storage of cookies has been obtained, the respective cookies are stored exclusively on the basis of the consent given (Art. 6 para. 1 lit. a GDPR); this consent can be revoked at any time.

You have the option of setting your browser so that you are informed about the setting of cookies and only allow the acceptance of cookies in individual cases. You can also exclude the acceptance of cookies for certain cases or in general or activate the delete function so that cookies are automatically deleted when the browser is closed. If cookies are deactivated, the functions of this website may be restricted.

If cookies are used by third parties or for analysis purposes, we will inform you separately in connection with this privacy policy and, if necessary, ask for your consent.

Server log files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The information includes

Type and version of the browser used
The operating system used
Referrer URL
The host name of the accessing computer
The time of the server request
The IP address

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The operator of the website has a legitimate interest in the technically error-free presentation and optimization of the operator's website. In order to achieve this, server log files must be recorded.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, if your request is related to the fulfillment of a contract or if it is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been obtained.

The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to data storage or the purpose for data storage no longer applies (e.g. after we have finished responding to your inquiry). Mandatory statutory provisions, in particular retention periods, remain unaffected by this.

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your request including the resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the data is processed on the basis of our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on the basis of your consent (Art. 6 para. 1 lit. a GDPR), provided that this has been obtained.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request).

Mandatory statutory provisions - in particular the statutory retention periods - remain unaffected.

Registration on this website

You have the option of registering on this website in order to be able to use additional website functions. We use the data you enter only for the purpose of using the respective offer or service for which you have registered. The data requested by us during registration must be provided in full. Otherwise we will refuse your registration.

In order to inform you about important changes to the scope of our portfolio or technical adjustments, we use the e-mail address provided during registration.

The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a GDPR).

The data collected during registration will be stored by us for as long as you are registered on this website. This data will then be deleted. Mandatory statutory retention obligations remain unaffected by this.

Analysis tools and advertising

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior patterns of website visitors. For this purpose, the website operator receives a variety of user data, such as pages viewed, time spent on the site, operating system used and origin of the user. Google can merge this data into a profile that is assigned to the respective user or their device.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of the website is usually transmitted to a Google server in the United States and stored there.

The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The operator of this website has a legitimate interest in the analysis of user behavior in order to optimize both the online offering and the operator's advertising activities. If a corresponding consent has been obtained (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Data is transferred to the USA on the basis of the European Commission's Standard Contractual Clauses (SCC). Details can be found here:

https://privacy.google.com/ businesses/controllerterms/mccs/

IP anonymization

We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the United States of America. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the operator of this website. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following URL:

https://tools.google.com/dlpage/gaoptout?hl=en

You can find more information about how Google Analytics handles user data in Google's privacy policy at

https://support.google.com/analytics/answer/6004245?hl=en

Demographic parameters provided by Google Analytics

This website uses the "Demographics" function of Google Analytics to display compatible ads to website visitors within the Google advertising network. This allows reports to be generated that contain information about the age, gender and interests of visitors to the website. The sources of this information are Google's interest-based advertising and visitor data obtained from third-party providers. This data cannot be assigned to a specific person. You have the option to deactivate this function at any time by changing the settings for advertising in your Google account or you can generally prohibit the collection of your data by Google Analytics, as explained in the section "Objection to the collection of data".

Archiving period

Event levels stored by Google in connection with cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymized or deleted after 14 months. For details, please click on the following link:

https://support.google.com/analytics/answer/7667196?hl=en

If you would like to subscribe to the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form takes place exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example by clicking on the "Unsubscribe" link in the newsletter. The legality of the data processing carried out up to that point remains unaffected by this.

The data stored by us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or by the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR.

After you have unsubscribed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is indefinite. You can object to the storage if your interests outweigh our legitimate interest.

Review procedure for doctors and pharmacists

As a doctor or pharmacist, you have the option of registering in a closed area of our website and using additional functions there. To activate this area, you must first verify your status as a doctor or pharmacist via the provider DocCheck (www.doccheck.com). We do not have access to the personal data processed as part of this verification process. Personal data will only be processed by us if you register as a doctor or pharmacist on our website after successful verification in order to use further functions of the website. We only use the data entered for this purpose for the use of the protected area for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject your registration. In the event of important changes, e.g. in the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.

Social media/Linkedin

We have a profile on LinkedIn. The provider of this platform is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified under the EU-US Privacy Shield.

We would like to point out that the company is headquartered in the USA and that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to disclose personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) may process and evaluate your data for surveillance purposes and store it permanently on US servers. We have no influence on these processing operations.

We use LinkedIn for recruiting, marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, we can improve our site and make it more interesting for you as a user.

Data processing for interactions on our LinkedIn profile We would like to point out that you use this LinkedIn page and its functions at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

Each time you visit our LinkedIn page, your IP address and other information is collected and stored on your PC in the form of cookies. This information is used to provide us, as the operator of the LinkedIn pages, with statistical information about the use of the LinkedIn page. LinkedIn provides further information on this at the following URL: https://privacy.linkedin.com/de-de

The data collected about you in this context is processed by LinkedIn Ireland Unlimited Company and may be transferred to countries outside the European Union. LinkedIn's privacy policy describes in general terms what information LinkedIn receives and how it is used. You will also find information on how to contact LinkedIn. The data usage policy is available at the following URL https://www.linkedin.com/legal/ privacy-policy?_l=en_EN