We at R-Biopharm AG take the protection of your personal data very seriously. Your privacy is important to us. The following provisions will provide you with information on the processing of your personal data in accordance with the requirements of the General Data Protection Regulation (GDPR), in particular, in accordance with the information obligations pursuant to.12 to 14 GDPR, and with the goal of clarifying the existing rights of data subjects pursuant to Arts. 15 to 22, and Art. 34 GDPR. We process your personal data in accordance with the applicable statutory data protection requirements for the purposes listed below.
The data controller responsible for the processing of your personal data is:
An der neuen Bergstraße 17
64297 Darmstadt, Germany
Tel.: +49 (0) 6151 – 8102-0
Fax: +49 (0) 6151 – 8102-40
General Information about Data Processing
In principle, we collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of the personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for factual reasons and processing of the data is permitted by law.
Legal basis for the processing of your data:
- Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 (1) (a) GDPR serves as the legal basis.
- In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual steps.
- Insofar as the processing of personal data is necessary in order to fulfill a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
- In the event that the vital interests of the data subject or any other natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
- If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.
Legitimate interests may include, in particular:
- answering inquiries;
- implementation of direct marketing measures;
- provision of services and/or information intended for you;
- processing and transfer of personal data for internal or administrative purposes;
- operation and administration of our website;
- provision of technical support to users;
- prevention and detection of fraud and crime;
- protection against payment defaults when soliciting credit reports in the case of requests for deliveries and services; and or
- safeguarding of network and data security, to the extent that such interests are consistent with applicable law and the rights and freedoms of the user.
Usage Data/Server Log Files
Each time our websites are accessed, our systems automatically collect data and information from the computer system of the calling computer.
The following types of data are collected here: browser type, version used, user’s operating system, Internet service provider, IP address of the user, date and time of request, web pages from which the user’s system has accessed our website or which the user accesses from our website.
The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR with the legitimate interests mentioned above.
The temporary storage of the IP address by the system is necessary to allow for delivery of the website to the user’s computer. For this, the user’s IP address must be stored for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data are used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest also lies in the data processing for these purposes. The data will be deleted as soon as their storage is longer necessary for the purpose for which they were collected. This is the case when data are collected for the provision of the website and the respective session has been ended. Furthermore, we reserve the right to check the files if, on the basis of concrete evidence, there is legitimate suspicion of unlawful use or a specific attack on the web pages. In this case, our legitimate interest is processing for the purposes of investigating and prosecuting such attacks and illegal uses.
Legal basis for data processing using cookies: Art. 6 (1) (f) GDPR forms the legal basis for the processing of personal data using cookies. Art. 6 (1) (f) GDPR forms the legal basis for the processing of personal data using cookies required for technical reasons. When the user’s consent is obtained, Art. 6 (1) (a) GDPR forms the legal basis for the processing of personal data using cookies for analysis purposes.
General Statements about Web Beacons/Tracking Pixels
Web beacons are invisible graphics the size of one pixel. These are used by partner companies, in particular for the purpose of tracking a user through various web pages to form a profile of use for user-customized advertising (targeting). A pixel embedded in the web page is loaded by the partner company’s server when the web page is called up. The partner receives your IP address, along with information about your browser and its version as well as browser plugins utilized (browser fingerprint), about your operating system and about your network operator.
Contents of External Providers
You can protect yourself, among other things, against further tracking through these providers’ use of tracking pixels by disabling the acceptance of third-party cookies in your browser’s settings.
Contact Form and Email Contact
Our website includes a contact form, which can be used for electronic contact. If a user decides to utilize this form, the data entered in the input mask will be sent to us and saved. These data include: name, address, e-mail address, telephone number, etc. When the message is sent, the following data are also stored: the IP address, date and time. In order for the data to be processed, your consent is obtained during the submission process and reference is made to this data privacy statement.
Alternatively, you may also contact us using the e-mail address provided. In this case, the user’s personal data transmitted by e-mail will be stored. In this context, there is no disclosure of the data to third parties. The data are used exclusively for processing the conversation.
The legal basis for the processing is:
- When the user’s consent is obtained after the user registers for the newsletter, Art.6 (1) (a) GDPR forms the legal basis for the processing of the data.
- Art. 6 (1) (f) GDPR with the legitimate interests mentioned above forms the legal basis for the processing of data transmitted in the course of sending an e-mail.
- If the conclusion of a contract is the intended purpose of the e-mail, then Art.6 (1) (b) GDPR forms an additional legal basis for the processing of the data.
We only process personal data from the input mask in order to process the contact. In the case of contact via e-mail, the processing of the data also includes the required legitimate interest. Other personal data sent during the submission process are processed in order to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as their storage is longer necessary for the purpose for which they were collected. Personal data from the contact form’s input mask and data sent by e-mail will be deleted when the respective conversation with the user has ended. The conversation is ended when the circumstances imply that the relevant facts have been definitively clarified. Additional personal data collected during the transmission process will be deleted at the latest after a period of seven days.
The user has the possibility of revoking his/her consent to the processing of his/her personal data at any time. If the user contacts us by e-mail, he/she may object to the storage of his/her personal data at any time. In such a case, the conversation cannot continue.
Some of our websites allow you to subscribe to a free newsletter. If you give us your separate consent, we will send you an e-mail newsletter with promotional information (hereinafter “newsletter”). Our newsletters contain information about our services, promotions, events, competitions, job offers and articles.
After registering, the user receives a confirmation e-mail containing an activation link that must be clicked on in order to complete the registration. This is the Double Opt-In procedure, which ensures that the user is not registered by a third party for the newsletter and for documentation purposes. The consent to receipt of the newsletter can be revoked by e-mail at the e-mail address given in the imprint or by clicking on the unsubscribe link within the newsletter.
News without promotional information that is sent as part of our contractual or other business relationship is not, however, included in the newsletter. These include, for example, the dispatch of service e-mails with technical instructions and queries regarding orders, events, contest notifications or comparable messages.
For the newsletter, only the e-mail address of the user concerned is collected and saved. The legal basis is Art. 6 (1) (f) GDPR with the above-mentioned legitimate interests.
A statistical evaluation of the user’s reading behavior takes place only to the extent that it can be determined whether the recipients have opened the newsletter and clicked on the links. This is a feature that we only use to validate user activity and optimize accordingly. For this purpose, the newsletter contains a web beacon, a pixel-sized file that is retrieved from our server when the newsletter is opened.
You can revoke your consent to the storage of the data, of the e-mail address and their use for sending the newsletter at any time. This revocation can be done by clicking on a link in the newsletter itself, (in your profile area) or by sending a message to the contact options below.
If you communicate personal data to us, then these will only be passed on to third parties if necessary for the settlement of the contractual relationship or if another legal ground legitimizes this transfer.
However, we provide certain services with the assistance of service providers. We have carefully selected these service providers and taken appropriate measures to protect your personal data.
Data Retention Periods
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is no longer valid. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the data controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.
You can prevent the storage of cookies through a corresponding setting of your browser software; however, please note that if you do so, you may not be able to use all the features of this website to the fullest extent possible. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of these data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, abbreviated versions of IP addresses are processed; determination of the user’s identity can be excluded. Insofar as the data collected about you are assigned a personal reference, it will be immediately excluded and the personal data will be deleted immediately. For exceptional cases in which personal data are transmitted to the US, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Integration of Google Maps
We use Google Maps on our website. This allows us to show you interactive maps directly on our website and allows you to conveniently use the map feature.
When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. Personal data are transmitted to Google (IP address, time of inquiry, content of the request, amount of data transferred, website from which the request comes, language and version of the browser, information about the operating system). This takes place regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as a usage profile and uses them for the purposes of advertising, market research and/or appropriate design of its website. Such an evaluation is done in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles, although you must contact Google to do so.
Integration of the Facebook Button
This offer uses social plugins from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). The plugins are recognizable by one of the Facebook logos (white “f” on blue tile, the terms “Like” or a “thumbs up” sign) or are marked with the note “Facebook Social Plugin”. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/. When a user pulls up a web page of this offer that contains such a plugin, the user’s browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and incorporated into the website. The provider therefore has no influence on the amount of data that Facebook collects with the help of this plugin and therefore informs users according to its level of knowledge: By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the offer. If the user is logged in to Facebook, Facebook can assign the visit to his/her Facebook account. If users interact with the plugins, for example, press the Like button or leave a comment, the corresponding information is transmitted from your browser directly to Facebook and stored there. If a user is not a Facebook member, there is still the possibility that Facebook will find and save their IP address. According to Facebook, only an anonymous IP address is stored in Germany. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and setting options for protecting the privacy of users, can be found in Facebook’s data policy: https://www.facebook.com/about/privacy/. If a user is a Facebook member and does not want Facebook to collect data about him/her via this offer and associate it with his/her member data stored on Facebook, he/she must log out of Facebook before visiting the website. Other settings and types of objections to the use of data for promotional purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads.
Integration of the Google +1 Button
Some of our websites use the “+1” plugin of the Google+ social network, operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”). The button is recognizable by the sign “+1” on a white or colored background.
If you visit a web page that contains the Google +1 button, your browser will connect to Google’s servers. The content of the plugin will be transmitted by Google to your browser and incorporated into the website by Google. According to Google, no personal data are collected without clicking on the button. Only for logged-in members, are data, such as the IP address, to be collected and processed. When you press the button, the resulting information is transmitted from your browser to Google and stored there.
If you are a Google+ member and do not want Google to collect personally-identifiable information from our web pages and associate it with your Google member account, you must log out of Google Plus before visiting our web pages. You’ll also need to delete the Google cookie before logging in to Google again to prevent a retroactive link.
Integration of Twitter Plugins
Integration of the XING Button
Integration of the LinkedIn Button
References to your Rights
You have the right:
- to require us to confirm whether personal data relating to you are being processed; if this is the case, you have a right to information about these personal data and to the information listed in Art. 15 GDPR.
- to require the publication of the data concerning you within the restrictions of Art. 20 GDPR in a common, electronic, machine-readable data format. This includes the release (if possible) to another person directly named by you.
- to require us to correct your data if they are incorrect, inaccurate and/or incomplete. Correction also includes the completion by declarations or communication.
- to demand from us that personal data concerning you be deleted without delay, provided that one of the reasons detailed in Art. 17 GDPR is met. Unfortunately, we are not allowed to delete data that are subject to a statutory retention period. If you do not want us to collect data from you or contact you again, we will store your related contact information on a blacklist.
- to revoke any consent given by you for the future, without incurring any disadvantages.
- to require us to restrict the processing if one of the conditions listed in Art. 18 GDPR is met.
- for reasons arising from its very special situation, to object to the processing of personal data concerning you at any time.
We then no longer process the personal data, unless we can show compelling reasons worthy of protection that outweigh your interests, rights and freedoms, or the processing serves for the assertion, exercise or defense of legal claims (Art. 21 GDPR).
- without prejudice to any other administrative or judicial remedy and if you believe that the processing of personal data concerning you is contrary to the GDPR, to file a complaint with
- our data protection officer: firstname.lastname@example.org or by post (see imprint)
- a supervisory authority in the Member State of your residence, place of work or place of alleged infringement.
The following supervisory authority is responsible for us: The Hessian Data Protection Officer, https://datenschutz.hessen.de/ (in German).
If you have any questions or comments about data privacy (for example, on the provision of information and updating of your personal data), please contact us using the keyword “Privacy” at the following email address email@example.com or by post.