The reporting system is operated by LORICA GmbH, Pfotenhauerstr. 63, 01307 Dresden, on behalf of R-Biopharm AG. LORICA GmbH acts as a processor for R-Biopharm AG. The following company is responsible for the processing of your personal data

R-Biopharm AG
An der neuen Bergstraße 17
64297 Darmstadt

Tel.: +49 (0) 6151 – 8102-0
Fax: +49 (0) 6151 – 8102-40

E-mail: datenschutz@r-biopharm.de

Your personal data will be processed in accordance with the applicable legal data protection requirements for the purposes listet below for each group of data subjects.

Purpose of data collection

Your personal data will be used primarily to investigate matters reported by you, to decide on and take follow-up action and to continue communicating with you.
Types of data we process

In this context, we process in particular private and official contact data (name, address, telephone number, e-mail).
Categories of recipients

We send your personal data to service providers for the operation of the reporting office and, if necessary, also to authorities such as public prosecutors, customs authorities and other authorities, as well as to companies affiliated under company law (group companies).

Legal basis for processing

Processing is only carried out on a legal basis. The following legal bases come into consideration in particular in the employment relationship:

§ Section 26 BDSG (version as of 25 May 2018) insofar as necessary for the implementation of the employment relationship or for the clarification of a concrete suspicion of criminal offences.

Art. 6 para. 1 lit. a) GDPR on the basis of your consent,

Art. 6 para. 1 lit.b) GDPR for the implementation of a contractual relationship,

Art. 6 para. 1 lit.c) GDPR for the fulfilment of a legal obligation,

Art. 6 para. 1 lit. f) GDPR to protect a legitimate interest.

Legitimate interests

Where we process your data as part of our legitimate interest this is, for example:

  • Ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
  • asserting, pursuing, or defending legal claims, including data to document performance flows,
  • preventing damage and/or liability to the company by taking appropriate measures.

You have the right to object to the processing of personal data in the context of a legitimate interest on grounds relating to your particular situation. We will then no longer process your data unless we can demonstrate compelling legitimate grounds on our part that override your rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims.

Automated decision-making

We do not use the personal data you provide to make automated decisions concerning you.

Use of service providers

Some of the above processes or services are carried out by carefully selected and contracted service providers. We transmit or receive personal data from these service providers solely on the basis of a processing contract. There is no transfer to a third country.

Deletion of your data

Unless otherwise stipulated in the more detailed data protection declarations, we delete your personal data when the contractual relationship with you has ended, you have exercised your right of deletion, all mutual claims have been fulfilled and there are no other legal retention obligations or legal justification bases for the storage. Retention periods under commercial law for financially relevant data are generally up to 10 years. We may also retain data for as long as is necessary to protect us from claims that could be made against us. These periods can be up to 30 years.

Information about your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR. As a data subject you have various rights, such as the right to obtain information, correction and deletion . You can find comprehensive information on your rights as a data subject in our comprehensive data protection policy under the section “Information on your rights”.