We at R-Biopharm AG take the protection of your personal data very seriously. Your privacy is important to us. The following provisions will provide you with information on the processing of your personal data in accordance with the requirements of the General Data Protection Regulation (GDPR), in particular, in accordance with the information obligations pursuant to.12 to 14 GDPR, and with the goal of clarifying the existing rights of data subjects pursuant to Arts. 15 to 22, and Art. 34 GDPR. We process your personal data in accordance with the applicable statutory data protection requirements for the purposes listed below.


Data Controller

The data controller responsible for the processing of your personal data is:

R-Biopharm AG
An der neuen Bergstraße 17
64297 Darmstadt, Germany
Tel.: +49 (0) 6151 – 8102-0
Fax: +49 (0) 6151 – 8102-40
e-mail: info@r-biopharm.de


General Information about Data Processing

In principle, we collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of the personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for factual reasons and processing of the data is permitted by law.

Legal basis for the processing of your data:

  • Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 (1) (a) GDPR serves as the legal basis.
  • In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual steps.
  • Insofar as the processing of personal data is necessary in order to fulfill a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
  • In the event that the vital interests of the data subject or any other natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
  • If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

Legitimate interests may include, in particular:

  • answering inquiries;
  • implementation of direct marketing measures;
  • provision of services and/or information intended for you;
  • processing and transfer of personal data for internal or administrative purposes;
  • operation and administration of our website;
  • provision of technical support to users;
  • prevention and detection of fraud and crime;
  • protection against payment defaults when soliciting credit reports in the case of requests for deliveries and services; and or
  • safeguarding of network and data security, to the extent that such interests are consistent with applicable law and the rights and freedoms of the user.

Usage Data/Server Log Files

Each time our websites are accessed, our systems automatically collect data and information from the computer system of the calling computer.

The following types of data are collected here: browser type, version used, user’s operating system, Internet service provider, IP address of the user, date and time of request, web pages from which the user’s system has accessed our website or which the user accesses from our website.

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR with the legitimate interests mentioned above.

The temporary storage of the IP address by the system is necessary to allow for delivery of the website to the user’s computer. For this, the user’s IP address must be stored for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data are used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest also lies in the data processing for these purposes. The data will be deleted as soon as their storage is longer necessary for the purpose for which they were collected. This is the case when data are collected for the provision of the website and the respective session has been ended. Furthermore, we reserve the right to check the files if, on the basis of concrete evidence, there is legitimate suspicion of unlawful use or a specific attack on the web pages. In this case, our legitimate interest is processing for the purposes of investigating and prosecuting such attacks and illegal uses.

Use of Cookies

We use cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. The cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened. We use cookies to make our website more user-friendly. Certain elements of our website require the calling browser to be identified even after a page has been changed. The following data are stored and transmitted in the cookies: Language settings, articles in a shopping cart, log-in information, etc.

We also use cookies on some of our websites to allow for analysis of users’ browsing habits. In this way, search terms entered, frequency of page views, use of website functions, etc. are transmitted. The users’ data collected in this way are pseudonymized using technical precautions. This makes it no longer possible to assign the data to the calling user. The data will not be stored together with any other personal data of the users.

Legal basis for data processing using cookies: Art. 6 (1) (f) GDPR forms the legal basis for the processing of personal data using cookies. Art. 6 (1) (f) GDPR forms the legal basis for the processing of personal data using cookies required for technical reasons. When the user’s consent is obtained, Art. 6 (1) (a) GDPR forms the legal basis for the processing of personal data using cookies for analysis purposes.

The purpose of using cookies required for technical reasons is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these features, the browser must be able to be recognized even after a page change. We require cookies for the provision of the shopping cart, the adoption of language settings, the memorization of search terms, etc. Analytic cookies are used to improve the quality of our website and its contents. Analytic cookies help us learn how the website is used so that we can constantly optimize our offer. Our legitimate interest also lies in the data processing for these purposes. When accessing our website, the user is informed that cookies are used for analytic purposes and that his/her consent to the processing of the personal data used in this context is obtained automatically. In this context, a reference to this data privacy statement is also provided. Cookies are stored on the user’s computer and transmitted by the computer to our system. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, the user might not be able to use all of the features of the website to the fullest. You can manage cookies from certain US companies via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/uk/your-ad-choices/.

General Statements about Web Beacons/Tracking Pixels

Web beacons are invisible graphics the size of one pixel. These are used by partner companies, in particular for the purpose of tracking a user through various web pages to form a profile of use for user-customized advertising (targeting). A pixel embedded in the web page is loaded by the partner company’s server when the web page is called up. The partner receives your IP address, along with information about your browser and its version as well as browser plugins utilized (browser fingerprint), about your operating system and about your network operator.

Contents of External Providers

On our website, we use active JavaScript content and fonts, which can also originate from external providers such as Google. By calling up our website, these providers may receive information about your visit to our website, for example through the transmission of your IP address. You can prevent this transmission by using a JavaScript blocker; for example, you can install the ‘NoScript’ browser plugin or disable JavaScript in your browser. However, this can lead to functional restrictions.

Some of our websites include content from third parties, such as Youtube videos, Google Maps, images, text and multimedia files, RSS feeds or other services from other websites. This always requires transmission of your IP address to the providers of this content. We cannot provide any information about the way that these providers use your data and have no influence on their further processing. In particular, we cannot provide information about whether the data are used for other purposes, such as profiling. Please refer to the respective privacy policy of the respective third-party providers.
You can protect yourself, among other things, against further tracking through these providers’ use of tracking pixels by disabling the acceptance of third-party cookies in your browser’s settings.

Contact Form and Email Contact

Our website includes a contact form, which can be used for electronic contact. If a user decides to utilize this form, the data entered in the input mask will be sent to us and saved. These data include: name, address, e-mail address, telephone number, etc. When the message is sent, the following data are also stored: the IP address, date and time. In order for the data to be processed, your consent is obtained during the submission process and reference is made to this data privacy statement.

Alternatively, you may also contact us using the e-mail address provided. In this case, the user’s personal data transmitted by e-mail will be stored. In this context, there is no disclosure of the data to third parties. The data are used exclusively for processing the conversation.

The legal basis for the processing is:

  • When the user’s consent is obtained after the user registers for the newsletter, Art.6 (1) (a) GDPR forms the legal basis for the processing of the data.
  • Art. 6 (1) (f) GDPR with the legitimate interests mentioned above forms the legal basis for the processing of data transmitted in the course of sending an e-mail.
  • If the conclusion of a contract is the intended purpose of the e-mail, then Art.6 (1) (b) GDPR forms an additional legal basis for the processing of the data.

We only process personal data from the input mask in order to process the contact. In the case of contact via e-mail, the processing of the data also includes the required legitimate interest. Other personal data sent during the submission process are processed in order to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data will be deleted as soon as their storage is longer necessary for the purpose for which they were collected. Personal data from the contact form’s input mask and data sent by e-mail will be deleted when the respective conversation with the user has ended. The conversation is ended when the circumstances imply that the relevant facts have been definitively clarified. Additional personal data collected during the transmission process will be deleted at the latest after a period of seven days.

The user has the possibility of revoking his/her consent to the processing of his/her personal data at any time. If the user contacts us by e-mail, he/she may object to the storage of his/her personal data at any time. In such a case, the conversation cannot continue.


Some of our websites allow you to subscribe to a free newsletter. If you give us your separate consent, we will send you an e-mail newsletter with promotional information (hereinafter “newsletter”). Our newsletters contain information about our services, promotions, events, competitions, job offers and articles.

After registering, the user receives a confirmation e-mail containing an activation link that must be clicked on in order to complete the registration. This is the Double Opt-In procedure, which ensures that the user is not registered by a third party for the newsletter and for documentation purposes. The consent to receipt of the newsletter can be revoked by e-mail at the e-mail address given in the imprint or by clicking on the unsubscribe link within the newsletter.

News without promotional information that is sent as part of our contractual or other business relationship is not, however, included in the newsletter. These include, for example, the dispatch of service e-mails with technical instructions and queries regarding orders, events, contest notifications or comparable messages.

For the newsletter, only the e-mail address of the user concerned is collected and saved. The legal basis is Art. 6 (1) (f) GDPR with the above-mentioned legitimate interests.

A statistical evaluation of the user’s reading behavior takes place only to the extent that it can be determined whether the recipients have opened the newsletter and clicked on the links. This is a feature that we only use to validate user activity and optimize accordingly. For this purpose, the newsletter contains a web beacon, a pixel-sized file that is retrieved from our server when the newsletter is opened.

You can revoke your consent to the storage of the data, of the e-mail address and their use for sending the newsletter at any time. This revocation can be done by clicking on a link in the newsletter itself, (in your profile area) or by sending a message to the contact options below.

Data Transfer

If you communicate personal data to us, then these will only be passed on to third parties if necessary for the settlement of the contractual relationship or if another legal ground legitimizes this transfer.

However, we provide certain services with the assistance of service providers. We have carefully selected these service providers and taken appropriate measures to protect your personal data.

Data Retention Periods

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is no longer valid. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the data controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.


Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies, text files that are stored on your computer and that allow for an analysis of your use of the website. The information generated by the cookie about your use of the website is usually transmitted to a Google server in the US and stored there. However, in the event of activation of IP anonymization on this website, your IP address will be abbreviated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and abbreviated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and Internet usage to the website operator. The IP address provided by your browser in the context of Google Analytics will not be merged with other Google data. Art. 6 (1) (f) GDPR forms the legal basis for the processing of the user’s personal data. We use Google Analytics to analyze and regularly improve the use of our website. With the statistics gained, we can improve our offer and make it more interesting to you as a user. This website also uses Google Analytics for cross-device analysis of visitor traffic conducted through a user ID. You can disable the cross-device analysis of your usage under My Data, Personal Data in your customer account.

You can prevent the storage of cookies through a corresponding setting of your browser software; however, please note that if you do so, you may not be able to use all the features of this website to the fullest extent possible. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of these data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, abbreviated versions of IP addresses are processed; determination of the user’s identity can be excluded. Insofar as the data collected about you are assigned a personal reference, it will be immediately excluded and the personal data will be deleted immediately. For exceptional cases in which personal data are transmitted to the US, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, Privacy Policy overview (in German): http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the Data Privacy Statement: http://www.google.de/intl/de/policies/privacy (in German).

Integration of Google Maps

We use Google Maps on our website. This allows us to show you interactive maps directly on our website and allows you to conveniently use the map feature.

When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. Personal data are transmitted to Google (IP address, time of inquiry, content of the request, amount of data transferred, website from which the request comes, language and version of the browser, information about the operating system). This takes place regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as a usage profile and uses them for the purposes of advertising, market research and/or appropriate design of its website. Such an evaluation is done in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles, although you must contact Google to do so.

For more information on the purpose and scope of the data collection and processing by the plugin provider, please refer to the provider’s privacy policy. There you will also find further information about your rights and settings options for the protection of your privacy: http://www.google.de/intl/de/policies/privacy (in German). Google also processes your personal information in the United States and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Integration of the Facebook Button

This offer uses social plugins from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). The plugins are recognizable by one of the Facebook logos (white “f” on blue tile, the terms “Like” or a “thumbs up” sign) or are marked with the note “Facebook Social Plugin”. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/. When a user pulls up a web page of this offer that contains such a plugin, the user’s browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and incorporated into the website. The provider therefore has no influence on the amount of data that Facebook collects with the help of this plugin and therefore informs users according to its level of knowledge: By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the offer. If the user is logged in to Facebook, Facebook can assign the visit to his/her Facebook account. If users interact with the plugins, for example, press the Like button or leave a comment, the corresponding information is transmitted from your browser directly to Facebook and stored there. If a user is not a Facebook member, there is still the possibility that Facebook will find and save their IP address. According to Facebook, only an anonymous IP address is stored in Germany. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and setting options for protecting the privacy of users, can be found in Facebook’s data policy: https://www.facebook.com/about/privacy/. If a user is a Facebook member and does not want Facebook to collect data about him/her via this offer and associate it with his/her member data stored on Facebook, he/she must log out of Facebook before visiting the website. Other settings and types of objections to the use of data for promotional purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads.

Integration of the Google +1 Button

Some of our websites use the “+1” plugin of the Google+ social network, operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”). The button is recognizable by the sign “+1” on a white or colored background.
If you visit a web page that contains the Google +1 button, your browser will connect to Google’s servers. The content of the plugin will be transmitted by Google to your browser and incorporated into the website by Google. According to Google, no personal data are collected without clicking on the button. Only for logged-in members, are data, such as the IP address, to be collected and processed. When you press the button, the resulting information is transmitted from your browser to Google and stored there.
The purpose and scope of the data collection and the further processing and use of the data by Google, as well as the related rights and setting options for protecting your privacy, can be found in Google’s +1 button privacy policy.
If you are a Google+ member and do not want Google to collect personally-identifiable information from our web pages and associate it with your Google member account, you must log out of Google Plus before visiting our web pages. You’ll also need to delete the Google cookie before logging in to Google again to prevent a retroactive link.

Integration of Twitter Plugins

Our website uses plugins and services from Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, and are linked by buttons or links to “Twitter” or “follow” or to an image with a blue bird. This makes it possible to share a post or page on Twitter or to follow an account or topic on Twitter. If you visit a website that contains such a button, your browser establishes a connection with the Twitter servers in order to transmit the content of the button to your browser. We have no control over the amount of data Twitter collects through these services and we can only provide information to the best of our knowledge. To our knowledge, only your IP address and the URL of the respective website will be transmitted when the button is clicked. We cannot say if Twitter uses this information for any other purpose. For more information, see the Twitter privacy policy at http://twitter.com/privacy.

Integration of the XING Button

Some of our websites contain the “XING Share Button”. When accessing the website, a short-term connection to XING AG servers (“XING”) is established via your browser, with which the “XING Share Button” functions (in particular the calculation/display of the counter value) are provided. XING does not store personal data about you when you call up this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behavior via the use of cookies in connection with the “XING Share Button”. The current data protection information on the “XING Share Button” as well as additional information can be found on this website: https://www.xing.com/app/share?op=data_protection

Integration of the LinkedIn Button

On some of our websites, we use the social network plugin for LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). The plugin can be recognized by the LinkedIn logo or a corresponding “Recommend” label on the button. When you visit our website, the plugin creates a connection between your browser and LinkedIn. LinkedIn receives the information from your IP address that you have visited our site. If you click the LinkedIn button while logged in to LinkedIn, you can link the contents of our pages to your LinkedIn profile. This allows LinkedIn to associate your visit to our website with your profile. As provider of the website, we have no knowledge of the content of the transmitted data and their use by LinkedIn. For more information on the purpose and scope of the collection, processing or use of the data, please refer to LinkedIn’s privacy policy: http://www.linkedin.com

References to your Rights

You have the right:

  • to require us to confirm whether personal data relating to you are being processed; if this is the case, you have a right to information about these personal data and to the information listed in Art. 15 GDPR.
  • to require the publication of the data concerning you within the restrictions of Art. 20 GDPR in a common, electronic, machine-readable data format. This includes the release (if possible) to another person directly named by you.
  • to require us to correct your data if they are incorrect, inaccurate and/or incomplete. Correction also includes the completion by declarations or communication.
  • to demand from us that personal data concerning you be deleted without delay, provided that one of the reasons detailed in Art. 17 GDPR is met. Unfortunately, we are not allowed to delete data that are subject to a statutory retention period. If you do not want us to collect data from you or contact you again, we will store your related contact information on a blacklist.
  • to revoke any consent given by you for the future, without incurring any disadvantages.
  • to require us to restrict the processing if one of the conditions listed in Art. 18 GDPR is met.
  • for reasons arising from its very special situation, to object to the processing of personal data concerning you at any time.
    We then no longer process the personal data, unless we can show compelling reasons worthy of protection that outweigh your interests, rights and freedoms, or the processing serves for the assertion, exercise or defense of legal claims (Art. 21 GDPR).
  • without prejudice to any other administrative or judicial remedy and if you believe that the processing of personal data concerning you is contrary to the GDPR, to file a complaint with
    • our data protection officer: datenschutz@r-biopharm.de or by post (see imprint)
    • a supervisory authority in the Member State of your residence, place of work or place of alleged infringement.
      The following supervisory authority is responsible for us: The Hessian Data Protection Officer, https://datenschutz.hessen.de/ (in German).

If you have any questions or comments about data privacy (for example, on the provision of information and updating of your personal data), please contact us using the keyword “Privacy” at the following email address datenschutz@r-biopharm.de or by post.