PRIVACY POLICY

Thank you for your interest in the CEVEC website under www.cevec.com (hereinafter “Website”). We respect your privacy and will collect and process your personal data in compliance with the applicable legal requirements at all times.

This privacy policy explains what kind of personal data we collect when you use the Website and how we process such personal data.

1. DATA CONTROLLER

Data controller within the meaning of the European General Data Protection Regulation (GDPR) is CEVEC Pharmaceuticals GmbH, Gottfried-Hagen-Str. 60-62, 51105 Cologne, Germany, phone +49.221.46020-800, fax +49.221.46020-801, e-mail info@cevec.com (hereinafter “CEVEC”, “we”, “our”, “us” etc.).

2. WHAT IS PERSONAL DATA

Personal data means any information relating to you, provided that you can be identified or are identifiable (directly or indirectly) with such information. For example, personal data includes your name, address, phone, fax or mobile phone number as well as your e-mail address. Personal data does not include information of a general nature that does not identify you; for example, the number of users of the Website.

3. WHAT TYPES OF PERSONAL DATA WE COLLECT AND PROCESS

The Website gathers personal data in two ways: (a) Passively (for example, through our Website’s technology); and (b) directly (for example, when you voluntarily provide personal data to us for certain services).

3.1 WEB SERVER PROTOCOLS (INCLUDING IP ADDRESS)

Each time you visit and use the Website our web server, due to technical reasons, automatically collects your IP address, the date and time of your visit of the Website, the sites visited on the Website, the referrer site, your browser type (e.g. Microsoft Explorer or Mozilla Firefox), your operating system (e.g. Microsoft Windows 10), the domain name and the address of your internet access provider.

We process this information for our endeavors (a) to provide you with a proper and meaningful user experience on the Website and within our services; and (b) to improve and optimize the Website and our services, the layout and content of the Website. The legal basis for such processing are our legitimate interests (Art. 6 para. 1 lit. f GDPR). In particular, to ensure the proper functioning of the Website and to improve the Website, its layout and content as well as our services.

Further, we may process such information in cooperation with your internet access provider and/or local authorities in cases of a system misuse in order to investigate and identify the originator of such system misuse. The legal basis for such processing are our legitimate interests (Art. 6 para. 1 lit. f GDPR). In particular, the protection of the integrity of the Website, our system as well as our users.

3.2 PERSONAL DATA SUBMITTED BY YOU IN THE FRAMEWORK OF OUR SERVICES

Further, we collect your personal data that you have provided to us on a voluntary basis; for example, when you use the contact form provided on the Website. We process such personal data for the purposes laid out below. Please note that you can generally use the Website without providing personal data to us that directly identifies you. However, please be aware that in this case you may not be able to use all of our services offered.

a. CONTACT FORM

In order to send us inquiries via our contact form (https://cevec.com/contact-us) it is necessary to provide your name, e-mail address and your inquiry in form of a text message. You may optionally also provide to us your phone number. We process such personal data in order to process and respond to your inquiry. The legal basis for this is taking steps at your request prior to entering into a contract (Art. 6 para. 1 lit. b GDPR).

b. NEWSLETTER

Provided that you have given us your consent, we will collect your e-mail address and name when you register for our newsletter. We process such personal data in order to provide you with our newsletter.

For the online newsletter form we use a so-called double opt-in in order to obtain your consent. In particular, you will receive an e-mail from us after you have registered for our newsletter which contains the request to click the included confirmation link. Only upon receipt of such confirmation you will be approved to receive our newsletter.

For the administration and analysis of our newsletter we use MailChimp, whereas the delivery is carried out by MC Services. Further information on this can be found unter item 4 and 6.3.

You may, at any time, opt out from receiving our newsletter by clicking the unsubscribe button included in each newsletter provided by us.

The legal basis for this is the consent provided by you (Art. 6 para. 1 lit. a GDPR).

4. TRANSFER OF PERSONAL DATA

We do not share personal data with any third party, unless (a) this is necessary to fulfil our services and/or the provision of the Website; (b) is permitted by applicable law; or (c) has been agreed by you.

Further, we are entitled to outsource the processing of personal data (completely or partially) to external service providers which are acting on our behalf as data processors in the meaning of Art. 4 no. 8 GDPR. When such third-party service providers are located outside of the European Union (EU) or the European Economic Area (EEA), we will put in place appropriate safeguards in accordance with the requirements set by law and data protection authorities to ensure that your personal data is duly protected.

A list of our external service providers, including a description of their services and the existence of appropriate safeguards in case the service provider is located outside of the EU/EEA can be found in the following overview:

Service provider:
MailChimp
, The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000. Atlanta, GA 30308 USA.

Provides services:
Newsletter service for the administration and analysis of our newsletters

Adequate level of data protection:
MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. They are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to each Framework’s applicable Principles.

Privacy policy: https://mailchimp.com/legal/privacy/

We have a Data-processing-Agreement with MailChimp in place.

Service provider:
MC SERVICES AG, Kaiser-Friedrich-Ring 5, 40545 Düsseldorf, Germany, phone +49 211 5292520, e-mail contact@mc-services.eu

Provides services:
Newsletter service for the delivery of our newsletters

Adequate level of data protection:
Germany

Service provider:
ALL-INKL.COM
– Neue Medien Münnich (Inhaber René Münnich), Hauptstr. 68, 02742 Friedersdorf, phone +49.35872.353-10, e-mail info@all-inkl.com

Provides services:
Hosting of the Website as well as hosting and support of our IT landscape and database

Adequate level of data protection:
Germany

5. STORAGE TIME

We will only store your personal data as long as necessary to fulfil the purposes for which they were collected or – where the law provides for longer retention periods – for the duration of the retention period required by law. After that your personal data will be deleted.

6. WEB ANALYSES SERVICES, COOKIES AND OTHER TECHNOLOGIES

6.1

We want to provide you with an proper and meaningful user experience. Therefore, we use third-party cookies and other technologies on the Website and within our services (a) in order to better understand how our users use the Website and our services; and (c) for the optimization of the Website and our services.

Cookies and other technologies help us in many ways to make your visit of the Website more enjoyable and meaningful.

Cookies are text information files that our web server sends to and places on your computer when you visit the Website. Most browsers accept cookies automatically, but can be configured in their settings not to accept cookies or to indicate when a cookie is being sent. For more information please check the help menu of your browser. Some or all of our cookies may be disabled or deleted later.

Further information on how to delete cookies within the common browsers can be found via the links laid out below.

Microsoft Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox: https://support.mozilla.com/de/kb/cookies-loeschen-daten-von-websites-entfernen?redirectlocale=de&redirectslug=Cookies+l%C3%B6schen

Google Chrome: https://support.google.com/chrome/answer/95647?hl=de

Apple Safari: https://support.apple.com/?path=Safari/3.0/de/11471.html

Opera: http://help.opera.com/Windows/9.10/de/cookies.html

You can either disable our cookies via the browser settings or via the opt-out possibilities as set out in the table under item 6.3 below. Please note that you do not have to accept our cookies in order to use the Website. However, if you opt out of the cookie function, some areas and functions of the Website may be disabled.

6.2

We use analytic cookies based on user conduct and behavior on the Website. These cookies allow us the storage, administration and analysis of information on the usage behavior which we obtain through the continuous observation of browsing habits. These cookies enable us to optimize the Website and the provision of our services.

The legal basis for such processing are our legitimate interests (Art. 6 para. 1 lit. f GDPR). In particular, to provide a user-friendly and meaningful Website as well as services which fulfil your expectations and our commercial interests.

6.3

In particular, we use the following third-party services which use cookies and other technologies. If you do not agree to this use, you may deactivate these services by refusing to accept the cookies in your browser. You may also deactivate the service by clicking on the opt-out link or using other opt-out possibilities. For the opt-out links and other opt-out possibilities, please see the column “Opt-out” in the table below. You will find further information about the services in the related privacy policies, accessible via the links provided in the column “Privacy and/or security policy” in the table below. The table further displays in the column “Countries where data is transferred and appropriate safeguards” to which country the data is transferred and if appropriate safeguards are fulfilled.

Third party services utilizing tracking on the Website: Google Analytics

Service provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, e-mail data-protection-office@google.com, phone +1.650.253.0000, fax +1.650.618.1806

Description of the purpose of the tracking and use of the tracking data: Google Analytics tracks website traffic and user behaviour on the Website based on user profiles and provides us with respective reports (https://developers.google.com/analytics/resources/concepts/gaConceptsTrackingOverview#howAnalyticsGetsData). The IP address is anonymized.

Privacy and/or security policy: Terms of use: http://www.google.com/analytics/terms/de.html
Privacy policy: http://www.google.com/intl/de/analytics/privacyoverview.html

Opt-out: http://tools.google.com/dlpage/gaoptout?hl=en

Countries where data is transferred and appropriate safeguards: USA, EU-US Privacy Shield certified (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

7. YOUR RIGHTS UNDER DATA PROTECTION LEGISLATION

In particular but without limitation, the following rights are vested in you by applicable data protection law:

  1. Right of access, rectification, erasure and restriction of processing: You have the right to obtain at any time access to your personal data stored by us. If we process or use your personal data, we shall endeavor to ensure by implementing suitable measures that your personal data is accurate and up-to-date for the purposes for which they were collected. If your personal data is inaccurate or incomplete, you have the right to obtain the rectification of such personal data. Furthermore, you may have the right to obtain the erasure or restriction of processing of your personal data, for example if no legitimate business purpose exists anymore for the data processing under this privacy policy or applicable law and the further storage is not necessary under statutory storage obligations.
  2. Right to data portability: You may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to transmit this data to another controller.
  3. Right to withdraw your consent: If you have given your consent to the collection or processing of your personal data, you have the right to withdraw your consent at any time on a prospective basis without affecting the lawfulness of processing based on the consent before its withdrawal. You may also object to use of your personal data for purposes of market research and public opinion polling as well as advertising.
  4. Supervisory authority competent for complaints: You have the right to lodge a complaint with the data protection supervisory authority of North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen), Helga Block, Kavalleriestr. 2-4, 40213 Dusseldorf, phone +49.211.384.24-0, fax +49.211.384.24-10, e-mail poststelle@ldi.nrw.de, which is competent for CEVEC. For a list of further conceivable data protection supervisory authorities please cf. under https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to object:

As far as we process your personal data on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you may object to processing at any time. You may find the detailed description of our processing activities and the legal basis in the provisions of this privacy policy. If you object, we will no longer process your personal data, unless there are compelling and prevailing legitimate grounds for the processing or the personal data is necessary for the establishment, exercise or defense of legal claims. If you object to such processing, we ask you to state the grounds of your objection in order for us to examine the processing of your personal data and decide whether to adjust the processing accordingly.

8. SECURITY

We take appropriate and reasonable steps to protect the personal data you provide to us and transmit via the Website and to protect such information from loss, misuse, and unauthorized access, disclosure, alteration or destruction. However, we would like to point out that data transmissions via the internet (e.g. e-mail communication) cannot be absolutely secure and may have security vulnerabilities, due to the inherent nature of the internet.

9. LINKS TO OTHER SITES

9.1

The Website may contain links to other sites to which our privacy policy does not apply. We provide these links for your convenience, but we do not review, control, or monitor the privacy practices of sites operated by others. We are not responsible for the performance of these sites or for your business dealings with them. Your use of any other sites is subject to the terms and conditions of those sites, including the privacy policies of those sites.

9.2

In particular, we provide a link to our company page on the social network LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). The link is labeled with the logo of LinkedIn.

Please note that this is solely a link and not a so-called social plug-in. This means that neither a direct connection to LinkedIn’s servers is established nor webserver information (cf. item 3.1 above) is provided to LinkedIn when you visit the Website. LinkedIn does not come to know that you visit the Website.

Only in cases where you click the link you will provide LinkedIn with webserver information so that LinkedIn is informed that you have been visiting the Website. If you interact with (click on) the link while you are logged onto LinkedIn, this information may be matched to your profile and shown on other sites of the internet. For further information about the purpose and extent of the data collection and further use of your data by LinkedIn, as well as your profile setting options to protect your privacy, please view the data privacy notices of LinkedIn (https://www.linkedin.com/legal/privacy-policy).

10. CHANGES

CEVEC reserves the right to change this privacy policy from time to time in compliance with the legal requirements, for example to be compliant with new laws or to add new services.

Date: 25 May 2018