Privacy
I. At a glance
We, Kyberg Pharma Vertriebs-GmbH, attach great importance to the protection and security of personal data. In doing so, we comply with the relevant provisions of data protection laws, in particular the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the Telecommunications and Telemedia Data Protection Act (TTDSG).
In the following, we would like to inform you about the use of your data when visiting our websites and inform you about your options and your rights under the data protection laws.
II. General notes and mandatory legal information
1) Controller
Responsible for processing your personal data when visiting our website is
Kyberg Pharma Vertriebs-GmbH
Keltenring 8
82041 Oberhaching
Germany
represented by the CEOs Thomas Lix und Marcus Baier
Contact information:
Phone: +49 89 613 809 0
Fax: +49 89 613 809 2199
E-Mail: info@kyberg.de
2) Data protection officer (DPO)
We have designated a data protection officer.
You can reach him by telephone at +49 89 716 8024 0, by e-mail at datenschutz@kyberg.de or by post:
msecure GmbH
z. H. DSB Kyberg Pharma
Bajuwarenring 21
82041 Oberhaching
Germany
3) Data processing for the fulfillment of legal reporting obligations
(pharmacovigilance)
Personal data of data subjects will generally be deleted by Kyberg Pharma Vertriebs-GmbH as soon as the purpose of the processing ceases to apply. Deviating from this, however, it may be necessary to store personal data even after the original need has ceased to exist, e.g. due to legal obligations.
If we receive information or a report in connection with the use of our medicines, we are required by law to record these reports in a structured manner and forward them to the responsible drug regulatory organizations.
Within the scope of the notification, personal data of the notifying person and the patients concerned are processed. The legal basis for this processing of personal data is the fulfillment of legal obligations regarding the monitoring of the safety of medicinal products in accordance with Article 6 (1) (c) and Article 9 (2) (i) GDPR in conjunction with Regulation (EU) 520/2012.
The data will be transferred to appropriately authorized organizations exclusively for the purpose of clarifying the facts and fulfilling the reporting obligations. Personal data are stored for the duration of the marketing authorization of the drug and for a further 10 years beyond that.
III. Description and scope of data processing
1) Provision of the website and log files
Each time you visit our website, our system, i.e. the web server, automatically collects information from the system of your calling computer or terminal.
The following data is collected by us:
• Type, used version and language of the browser
• Operating system and user interface of the device
• Internet service provider (ISP)
• IP address
• Date and time of access
• Time zone difference to Greenwich Mean Time (GMT)
• previous website from which the user reached our website (referrer URL)
The temporary storage of this data by our system is necessary to enable delivery of the website to your device. For this purpose, in particular the IP address of the used device must necessarily remain stored for the duration of the session. The storage of the above data in so-called log files is done to ensure the functionality of our website. In addition, we use this data to optimize the website and to ensure the security of our information technology systems (e.g. for attack detection).
b) Legal basis
The legal basis for the temporary storage of the data and the log files is Art. 6 (1) (f) GDPR (legitimate interests of us as website operators in the secure, trouble-free and legally compliant provision of the website).
c) Duration of storage
The above data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after 14 days at the latest. Storage beyond this period is possible. In this case, the IP address of the user is deleted or alienated by us, so that an assignment of the calling client is no longer possible and the data contained no longer have any personal reference.
2) Session cookies
In order to guarantee certain functions in some areas of our websites, it is technically necessary to use so-called session cookies. These are data records (character strings) that are temporarily stored on your terminal device.
a) Purpose of data processing
The purpose of setting session cookies is to recognize a calling browser even after a page change. The data is not used to enable an analysis of the behavior of users.
b) Legal basis
The legal basis for the storage of session cookies is Art. 6 (1) (f) GDPR in conjunction with § 25 (2) No. 2 TTDSG (our legitimate interest in providing certain functions on our websites).
c) Duration of storage
Session cookies are deleted again when the browser is closed.
3) E-Mail and contact form
We can be contacted via our contact form and the e-mail address provided. In this case, the personal data of the sender transmitted with the request (in any case, the category of the subject, last name and the e-mail address) will be stored together with the content of the message.
a) Purpose of data processing
The processing of this personal data serves us to process the content of the communication.
b) Legal basis
The legal basis for the processing of this data, which is transmitted in the course of sending an inquiry, is Art. 6 (1) (f) GDPR (legitimate, similar interest of us as the responsible body in communicating with the person transmitting the message).
If the request is aimed at the conclusion or fulfillment of a contract, the legal basis is Art. 6 (1) (b) GDPR (fulfillment of a contract or pre-contractual measures for this).
c) Duration of storage
The above data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For personal data sent via e-mail or the contact form, this is the case when the respective conversation with the user has ended. As a rule, the conversation is ended when it can be inferred from the circumstances that the relevant facts have been conclusively clarified. In the case of the preparation or execution of contracts, longer retention periods may result from legal (e.g. tax law) requirements.
d) Right to object
As a user, you have the possibility at any time to object to the data processing with effect for the future on one of the contact channels mentioned under section II. 1.
In this case, all personal data stored in the course of contacting us will be deleted immediately, unless there are legal retention periods or other legal reasons to the contrary.
4) Consent Management Tool „CookieFirst“
In order to obtain and document your declarations regarding data processing requiring your consent pursuant to Art. 6 (1) (a), 49 GDPR, § 25 TTDSG, we use the Consent Management Tool of the provider CookieFirst by Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018 DH Amsterdam, The Netherlands, with whom we have concluded an data processing agreement pursuant to Art. 28 GDPR.
For this purpose, cookies are placed on your terminal device that assign you an individual ID for the duration of the session and manage the status of your consent (e.g. "Accept all", "Reject all").
a) Purpose of data processing
The purpose of the processing is to obtain your legally required consent to individual data processing operations and to document and manage them.
b) Legal basis
The legal basis is our legitimate interest in the technically efficient and legally compliant management of your consent, Art. 6 (1) (f) GDPR for the fulfillment of legal requirements under data protection laws.
c) Duration of processing
The data (cookies) are deleted after expiration and are stored for documentation purposes in log files for 2 years latest.
5) Google Tag Manager
We use the Google Tag Manager.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, with whom we have concluded a corresponding data processing agreement.
a) Purpose of processing
As a website operator, we have an interest in the fast and uncomplicated management of the various tools on our website.
The Google Tag Manager is an organizational tool with which we can integrate website tags centrally and via a user interface and manage them efficiently.
The Google Tag Manager collects data on the website and forwards it to the connected analysis tools. These tools (e.g. Google Analytics) then store and evaluate them if they are activated.
The Google Tag Manager does not store any data itself. It has no access to it. The Tag Manager only collects data on how individual tags are used. However, the Google Tag Manager collects your IP address, which may also be transmitted to Google's parent company in the United States.
b) Legal basis
The legal basis for the processing is Art. 6 (1) (a) GDPR (your consent, which you have given us via our consent banner).
You can view the privacy policy of Google here: https://policies.google.com/privacy?hl=en
Google also processes your data in the USA, among other places. We have concluded an order processing agreement with Google incorporating the so-called Standard Contractual Clauses (SCCs) of the European Commission and have taken additional technical and organizational measures to increase the protection of your personal data. Nevertheless, we would like to point out that, as things stand at present, there is no level of data protection in the USA that is comparable with the standards of the European Union, nor are there any comparable legal remedies available to you.
c) Duration of processing
Data is not stored by the tag manager itself. You can revoke your consent for the usage of the tool at any time with effect for the future.
6) Analysis of the website (Google Analytics)
Insofar as you have given your consent, Google Analytics, a web analytics service provided by Google LLC, is used on this website. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and processed and stored there.
We use the function 'anonymizeIP' (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
During your website visit, the following data is collected, among other things:
- The pages you visit, your "click path"
- achievement of "website goals" (conversions, e.g. newsletter sign-ups, downloads, purchases)
- Your user behavior (for example, clicks, dwell time, bounce rates)
- Your approximate location (region)
- Your IP address (in shortened form)
- Technical information about your browser and the devices you use (e.g., language setting, screen resolution)
- your internet service provider
- the referrer URL (via which website/ via which advertising medium you came to this website)
a) Purposes of the processing
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website on a pseudonymous basis and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website.
b) Recipient of the data
The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as an order processor. We have concluded an order processing agreement with Google for this purpose. A transfer of data to the USA cannot be ruled out. Google LLC, based in California, USA, and US authorities may have access to the data stored by Google.
We would like to point out that, as things stand at present, there is no level of data protection in the USA that is comparable with the standards of the European Union, nor are there any comparable legal remedies available to you.
For more information on the terms of use of Google Analytics and data protection at Google, please visit https://marketingplatform.google.com/about/analytics/terms/en/ and https://policies.google.com/?hl=en
c) Legal basis
The legal basis for this data processing is your consent, Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future.
d) Storage period
The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by not giving your consent to the setting of the cookie or by preventing the storage of cookies by selecting the appropriate settings on your browser software. However, if you configure your browser to refuse all cookies, you may experience limitations in functionality on this and other websites.
7) Analysis of the website (Hotjar)
We use the tool "Hotjar" of the company Hotjar Ltd, Level 2, St. Julian's Business Centre, 3, Elia Zammit Street, St. Julians STJ 1000, Malta, on our website to statistically analyze visitor data. Hotjar is a service that analyzes the behavior and feedback of you as a visitor to our website. We receive reports and visual representations from Hotjar that show us where and how you "move" on our site (so-called heat maps). Personal data is anonymized and never reaches Hotjar's servers. Hotjar stores cookies on your terminal device.
a) Purpose of processing
The purpose of using Hotjar is to create analyses of the online behavior of visitors as well as to obtain the opinion of users through the use of a feedback tool in order to improve the quality of the website.
b) Legal basis
The use of Hotjar is based on your consent, Art. 6 (1) (a) GDPR, which we have obtained via our cookie consent banner. You can revoke your consent at any time with effect for the future.
c) Duration of storage
Personal data is anonymized immediately by Hotjar. The anonymized data, which after evaluation can no longer be qualified as personal, has a maximum storage period of one year on Hotjar's servers.
IV. Your rights
According to the General Data Protection Regulation (GDPR), you have the right:
- to request information about your personal data processed by us pursuant to Art. 15 GDPR. This includes, among other things, the processing purposes, the categories of personal data, the categories of recipients of the data, the planned storage period, the origin of your data, as well as about the existence of automated decision-making, including profiling;
- pursuant to Art. 16 GDPR, to request the correction of incorrect or completion of your personal data stored by us;
- pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful and you refuse the erasure of your data, as well as in cases where we no longer need your data but you need it to enforce legal claims. Restriction of processing will also be carried out if you have objected to the processing but it has not yet been determined whether our legitimate interests override yours;
- pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
- in accordance with Art. 7 (3) GDPR, to revoke any consent given to us at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation;
- PURSUANT TO ART. 21 GDPR THE RIGHT TO OBJECT
If the data processing is carried out on the basis of Art. 6 (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Article 21(1) GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR);
- complain to a supervisory authority in accordance with Art. 77 GDPR. If you believe that we have not sufficiently complied with your rights and our obligations under data protection laws, you have the right to lodge a complaint with a data protection authority.
