Data Privacy Statement
(dated 31 January 2023)
THIS DATA PRIVACY STATEMENT comprises information on how 3B Pharmaceuticals GmbH, a german limited liability company with its registered seat at MagnusstraSSe 11, 12489 Berlin, Germany (“3B Pharmaceuticals” or “WE”), AS a data controller with respect to the online offerings on the 3B Pharmaceuticals website and social media profiles (hereinafter TOGETHER the “Services”), processes personal data of the natural persons that, in their discretion, have decided to visit and use the services (“you”).
there may be other situations in which we process your personal data, e.g. if you are a customer of 3B Pharmaceuticals, or if you are working for any of our customers, partners, or suppliers, or if you apply for a job at 3B Pharmaceuticals. please use the contact information provided herein if you seek information on any processing operation(s) concerning your personal data that are not comprised by this data privacy statement.
1. General Statement
(1) Personal Data. This Data Privacy Statement explains how we collect, process, and delete your personal data as a controller under applicable data protection laws, in particular the EU General Data Protection Regulation (“GDPR”). “Personal data”, according to Art. 4 No. 1 of the GDPR, means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
(2) Your Options. This Data Privacy Statement also describes the options available to you regarding our use of your personal data and the steps you can take to access your personal data and ask us to correct or delete it.
(3) Principles for the Processing. Personal data is solely collected, processed, and deleted in accordance with applicable law, and subject to the following principles for the processing of personal data: Personal data are:
- processed lawfully, fairly and in a transparent manner in relation to you;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
(4) Change in Processing Purposes. In the event that we intend to process personal data for purposes other than those set forth in this Data Privacy Statement, we will notify you of such changes and inform you of the purposes for which your personal data will be used and who, if any, the recipients are.
(5) Data of Minors. Subject to local laws, we do not knowingly collect data from minors, and our Services are not targeted at minors.
2. Processing Activities
(1) Contacting Us. We offer you the opportunity to contact us by e-mail or via specific contact forms. In this case, the information you provide will be stored for the purpose of processing your inquiry. The legal basis for processing your personal data is your consent given at the time of submission of your inquiry (Art. 6 para. 1 lit. a of the GDPR) or, in the case of (pre-)contractual inquiries, Art. 6 para. 1 lit. b of the GDPR. The personal data we collect and process upon submission of your inquiry will be deleted after completion of the request and, if applicable, after expiry of statutory retention periods (i.e., for example, if you send us a pre-contractual message via e-mail and we then establish a contractual relationship, or if your message relates to existing contractual relationships).
(2) Logfiles. Each time that you access our website, it collects a series of general information. This general information is stored in the logfiles of our webserver. Logfiles contain information as follows:
- shortened IP-address
- browser type/ browser version
- your operating system
- referrer URL (or the website visited previously)
- date and time of the server request
- amount of transmitted data
- your internet service provider
When using this general information, we generally do not draw any conclusions about a specific person. Rather, this information is needed to deliver the content of our website correctly and for basic statistical research concerning the number of visitors to our website. The legal basis for data processing is Art. 6 para. 1 lit. f of the GDPR. Our legitimate interest follows from the purposes for data collection listed above. The aforementioned logfiles are regularly anonymized after one week.
(7) Storage Periods. We will retain your personal data for as long as is necessary to fulfill the purposes described in this Data Privacy Statement (as described herein) or stated at the time of collection, unless a longer retention period is required or permitted by law or is necessary to comply with another legal obligation.
3. Data Recipients and Data Transfers
(1) Data Recipients. Unless stated to the contrary in this Data Privacy Statement, we will share your personal data with third parties only if (a) these recipients act as service providers who perform services on our behalf within the meaning of Art. 28 of the GDPR (e.g. hosting and web services), or (b) these data transfers are required for the following legitimate interests: (i) compliance with any valid legal process, request, law, rule or regulation; or (ii) detection and resolution of IT and data security concerns. These processing activities are based on legitimate interests as described above (Art. 6 para. 1 lit. f of the GDPR), and there may even be a legal obligation on our part to process your personal data for these purposes (Art. 6 para. 1 lit. c of the GDPR).
(2) Data Transfers. Usually and unless stated to the contrary in this Data Privacy Statement, we will not transfer any of your personal data to countries outside the European Union or the member states to the European Economic Area. Without prejudice to our obligation to specifically inform you if we wanted to transfer your personal data to such third country, we shall only transfer your personal data to recipients in third countries if the prerequisites set forth in Art. 44 et seq. of the GDPR are met. Hence, in order to appropriately safeguard your personal data, we make sure additional measures are put in place to protect your data, in particular by relying on EU Adequacy Decisions or EU Standard Contractual Clauses, for transfers of personal data to countries outside the EU/EEA, in addition to all the necessary privacy and security precautions required by applicable law.
4. Your Rights as a Data Subject
You have certain rights in relation to the personal data that we process about you. You may (a) access the information we hold about you (Art. 15 of the GDPR); we will provide you with this information usually within one month of your request at the latest;
(b) have your personal data corrected (Art. 16 of the GDPR) or deleted (Art. 17 of the GDPR); (c) obtain from us the restriction of processing under the conditions laid out in
Art. 18 of the GDPR; (d) have the information you provided to us sent to you or to another organization, where you have provided such information to us and we hold this information with your consent or for the performance of a contract with you (Art. 20 of the GDPR); and (e) lodge a complaint with the competent supervisory authority.
5. In Particular: Your Right to Object to the Processing of Personal Data
Where the legal basis for the processing of your personal data is our or a third party’s legitimate interest in accordance with Art. 6 para. 1 lit. f of the GDPR, you may, at any time and based on the grounds set out in Art. 21 of the GDPR, object to such processing.
6. No Automated Decision-Making Process
We do not use any automated decision-making processes within the meaning of Art. 22 of the GDPR, including profiling, which would produce legal effects concerning you as a data subject or similarly significantly affect you.
7. Contact Information
(1) Contacting Us. You may contact us in our capacity as data controller at the address indicated herein (for the attention of the Data Security department). You may also contact us by telephone: +49(0)30 63 92 43 17; telefax: +49(0)30 63 92 43 16; or e-mail to firstname.lastname@example.org.
(2) Data Protection Officer. If you have any question or concerns as regards the processing of your personal data, or if you want to exercise any of your rights, you may also directly contact our data protection officer by sending a letter to the address indicated herein (for the attention of the Data Protection Officer), or by contacting our data protection officer with an e-mail sent to email@example.com.
8. Updates to this Data Privacy Statement