Data Privacy Statement
The provider (in the following also referred to as “we”) collects, uses and stores your personal data in accordance with the EU General Data Protection Regulation (GDPR), the German Data Protection Act (“Bundesdatenschutzgesetz”) and the German Telemedia Act (“Telemediengesetz”). Personal data means any information relating to an identified or identifiable natural person. Below we inform you about the type, extent and purpose of the collection and use of personal data.
- Who is responsible for data processing and who can you contact?
The party responsible for data processing is:
3B Pharmaceuticals GmbH, Magnusstraße 11, 12489 Berlin, Germany, Telephone: +49(0)30 63 92 43 17; Telefax: +49(0)30 63 92 43 16; firstname.lastname@example.org
- Which data are being processed and what are the sources of these data?
We process personal data (Art. 4 No 1 GDPR) which we receive in the course of conducting our business as a biotech company, for example in connection with requests regarding information on our products and services. Personal data which we process include personal information such as name, address, email-addresses, IP-address and, in some instances, further data, for example regarding interest areas of the requesting person.
- For what purpose and on what legal basis are the data processed?
We process personal data in order to be able to conduct our activities and provide our services as a biotech company and in order to receive and reply to your requests. We process personal data in accordance with the following data protection-related provisions: We process personal data pursuant to Art. 6 para. 1 lit. a GDPR upon your consent, for example in order to inform you about our services. In the event that our company enters into a contractual relationship, including the initiation of a contractual relation, the processing of personal data takes place in order to fulfil contractual obligations in accordance with Art. 6 para. 1 lit. b GDPR. In the event that our company is subject to a legal obligation which requires the processing of personal data, such as for example the fulfilment of tax obligations, or for being able to demonstrate that your consent has been given, the processing of personal data is made pursuant to Art. 6 para. 1 lit. c GDPR. In exceptional cases the processing of personal data may be required in order to protect the vital interests of the data subject or another natural person. This could for example be the case were a visitor will be injured in our premises and in consequence his name, age, health insurance data or other vital information need to be transmitted to a doctor, hospital or other third party. In that event the processing will be made pursuant to Art. 6 para. 1 lit. d GDPR. Finally, data processing activities can be conducted on the basis of Art. 6 para. 1 lit. f GDPR which covers data processing activities which do not fall under any of the afore mentioned legal provisions and which covers data processing which is necessary for the purposes of the legitimate interests pursued by us or a third party and provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. The European legislator has explicitly mentioned that such legitimate interests could exist for example where the data subject is a client of the party responsible (recital 47 sentence 2 GDPR). As another example the legislator mentioned that the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest (recital 47 sentence 7 GDPR).
- Legitimate interests of the controller that are being pursued by the controller or a third party
If the processing of personal data is based on Article 6 para. 1 lit. f GDPR our legitimate interest is the conduct of our business and the related communication with you (recital 47 GDPR).
- Data protection in the context of job applications and job application procedures
We collect and process personal data of job applicants for the purpose of conducting and processing the job application procedure on the basis of Art. 6 para. 1 lit. b GDPR. The processing may be made electronically which will in particular be the case where job applicants transmit respective application documents to us electronically, such as by e-mail or via the web form on our website. If we conclude an employment contract with the applicant, the transmitted data will be stored for the purposes of execution of the engagement relationship in compliance with the legal provisions. If we do not conclude an employment contract with the applicant the application documents will be erased six months after filling the respective position, provided there are no conflicting legitimate interests of us for further data processing. Those legitimate interests within the afore meaning include, but are not limited to, obligations of providing evidence in proceedings pursuant to the German General Act on Equal Treatment (AGG).
For security reasons and in order to protect confidential information, such as requests submitted via our contact form, we use SSL-encryption. If an encrypted connection has been effected the address-line of your browser will show “https://” instead of “http://” and you might notice a locker symbol in your browser. If SSL is activated third parties cannot read data that you send to us.
- Server Logfiles
We collect and store information on the basis of Art. 6 para 1 lit. f GDPR about your visits of our website in so called log-files on our server. The log-files contain data that your browser is automatically sending to us, such as:- shortended IP-address
– browser type/ browser version
– your operating system
– referrer URL (or the website visited previously)
– date and time of the server request
– amount of transmitted data
– your internet service provider
These data will be collected and processed only for the purpose of measuring the statistics of our website performance. These data will not be connected with data from other data sources.
- Period of Data Storage and Routinely Data Erase
We process and store personal data only for the period, which is required to meet the purpose of processing, or as long and to the extent as statutory laws require us to process and/or store such data. If the purpose of processing does not apply anymore and the applicable statutory retention requirement expires, we will as a matter of routine erase data or restrict the processing of data in accordance with the applicable statutory laws.
- Google reCAPTCHA
Our website uses Google reCAPTCHA to check and prevent automated servers (“bots”) from accessing and interacting with our website. This is a service provided by Google Inc., Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google). Through certification according to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Google guarantees that it will follow the EU’s data protection regulations when processing data in the United States. This service allows Google to determine from which website your request has been sent and from which IP address the reCAPTCHA input box has been used. In addition to your IP address, Google may collect other information necessary to provide and guarantee this service.The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the security of our website and in the prevention of unwanted, automated access in the form of spam or similar. Google offers detailed information at https://policies.google.com/privacy concerning the general handling of your user data.
- Google Maps
Our website uses Google Maps to display our location and to provide directions. This is a service provided by Google Inc., Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).Through certification according to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active Google guarantees that it will follow the EU’s data protection regulations when processing data in the United States.
To enable the display of certain fonts on our website, a connection to the Google server in the USA is established whenever our website is accessed.
If you access the Google Maps components integrated into our website, Google will store a cookie on your device via your browser. Your user settings and data are processed to display our location and create a route description. We cannot prevent Google from using servers in the USA. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in optimizing the functionality of our website. By connecting to Google in this way, Google can determine from which website your request has been sent and to which IP address the directions are transmitted.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your browser. Further details can be found in the section about cookies above.
- Is there an automated decision-making process?
We do not use automated decision-making processes under Art. 22 GDPR for initiating decisions on the establishment or carrying out of the business relationship, which would have legal consequences for the data subject or would have a similar significant negative impact on this person.
- Documentation of declared consent
If you have given us your consent under Art. 7 DSGVO, Â§ 7 UWG to contact you via email, then your consent is as follows:You can withdraw a given consent at any time free of charge. A withdrawal can e.g. done by email or by post or by using the unsubscribe function in the respective email.
- Rights of Data Subject
According to Art. 15 GDPR the data subject has the right to obtain, upon request, free of costs, information about his or her personal data stored as well as the purpose of the data processing. According to Art. 16, 17 and 18 GDPR the data subject has also the right to correct incorrect data and block and delete his or her personal data. Moreover the data subject has, subject to Art. 20 GDPR, the right to receive his or her personal data, which he or she has provided to us, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance from our part. According to Art. 21 para. 1 GDPR, the data subject has also the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on Art. 6 para. 1 lit. e or f GDPR. We will comply with the aforementioned requests if and to the extent such compliance is required by the applicable statutory laws.Any requests regarding your personal data, including rectification, erasure or restriction of processing, may be directed to the email address email@example.com or to the following postal address:
3B Pharmaceuticals GmbH
Attn. Data Security
12489 Berlin, Germany
Each data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.