Reading:
Data Protection Policy
3 months ago

Data Protection Policy


I.    Data protection
policy and information obligations

 

We are pleased about your visit to our website and your interest in CuroGens, our products and our services. Transparency about the data protection and data security of visitors to our website, customers and contractual partners is an important concern for us. In all our
business processes, we take the protection of your personal data very seriously.

 

This data protection policy informs you inaccordance with Art. 12 et seq. GDPR about how your personal data is handled when you use our website. In particular, it explains what data we collect and what we use them for. It also informs you about how and for what purpose this
is done – always taking into account the applicable data protection provisions, in particular the EU General Data Protection Regulation (GDPR), the Swiss Federal Data Protection Act and other applicable national laws.

 This data protection policy applies to all companies of the CuroGens named below.

 

II.    Responsible body

 

The responsible body is the company of the CuroGens group, which decides on the purposes and means of the personal data processing in accordance with applicable law. This also includes the (mobile) applications that refer to this data protection policy. Responsible bodies are thus the following:

 

CuroGens Inc. – Headquarter USA

Address
14300 Clay Terrace Blvd
Carmel, IN 46032
USA

 

CuroGens Deutschland GmbH

Address
Glockenstrasse 10
54290 Trier
Germany

 

CuroGens Denmark

Address
Vestervang 2, 2.
8000 Aarhus C
Denmark

 

CuroGens Ghana Limited

Address
22B Asafoatse Afua St.
West Airport
Accra
Ghana

 

Curogens Iberia SLU

Address
Carrer de Muntaner 239 ático
Barcelona, 08021
Spain

 

III. Data Protection Officer

 

Several data protection officers have been appointed for our group of companies.
For all other CuroGens companies:

mehrinformation@curogens.com

 

IV. Purpose and legal basis of the processing of personal
data

 

Some services on our website may require us to process personal data about you in order to provide our services. This is, of course, only done within the legal framework, insofar as it is necessary, and you have consented to it in the event of legal necessity. We take great care to
adhere to the principles of data reduction and data economy.

 

a. Calling up and visiting our website – server log files

 

For the purpose of the technical provision of
the website, it is necessary that we process certain data automatically
transmitted by your browser so that our website can be displayed in your
browser, and you can use it. When you access our website, our web server
automatically collects data in a server log file. They are the following:

 

browser type and browser version and operating system used the website from which your access is made the domain name of the Internet service provider the IP address of your computer the pages you visit on our website, as well as the date and duration of your visit.

 

The storage of the afore-mentioned access data is required for technical reasons in order to provide a functioning website and to ensure system security. This also applies to the storage of your IP address, without which you cannot visit our website. In theory, it would be possible to establish a personal reference.

 

Furthermore, we process these data from the server log files solely for statistical purposes and in order to optimise our website and improve user-friendliness.

 

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

 

 

 b. Contact form

If you contact us as a customer or as an employee of a customer via our online contact form, we will collect personal data to the extent provided by you. The following mandatory fields are
predefined:

First name
Last name
Company name
Job title
Email

 

We will only use your email address to process your request. Your data will then be deleted unless you have consented to further processing and use.

 The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR in the case of an existing contractual relationship or Art. 6 para. 1 sentence 1 lit. f GDPR in the case of other contact requests.

 

c. Newsletter

 

If you would like to receive our newsletter with information on current developments, studies and reports and events and webinars, you can subscribe to receive the newsletter. Therefore, we request as mandatory fields:

 

Email address

 

We only use your email address to register you for our newsletter, to send you the confirmation link and to subsequently send you the newsletter. If you no longer wish to receive our newsletter, you can withdraw your consent at any time.

 

The legal basis for the data processing is
Art. 6 para. 1 sentence 1 lit. a GDPR.

 

d. Downloading reports

 

If you would like to receive up-to-date reports on technological, strategic, or changing customer expectations, you can register to receive reports. The following mandatory fields are predefined:

 

Salutation
First name
Last name
Company name
Country
Email

 

We only use your email address to register our reports, to send you the confirmation link and to subsequently send you the reports. If you no longer wish to receive reports, you can withdraw your consent at any time.

 

The legal basis for the data processing is
Art. 6 para. 1 sentence 1 lit. a GDPR.

 

e. Downloading white papers

 

If you would like to receive the latest white papers, you can sign up to receive them. The following mandatory fields are predefined:

 

First name
Last name
Company name
Country
Email

 

We will only use your email address to register you to receive white papers, to send you the confirmation link and to subsequently send you the white papers. If you no longer wish to receive white papers, you can withdraw your consent at any time.

 

The legal basis for the data processing is
Art. 6 para. 1 sentence 1 lit. a GDPR.

 

f. Downloading publications on events

 

If you missed one of our events but would like to receive publications afterwards, you can register to receive them. The following mandatory fields are predefined:

 

First name
Last name
Email

 

We will only use your email address to register you to receive the publications for the events, to send you the confirmation link and to subsequently send you the publications. If you no
longer wish to receive publications, you can withdraw your consent at any time.

 

The legal basis for the data processing is
Art. 6 para. 1 sentence 1 lit. a GDPR.

 

g. Account/orders for the CuroGens online shop

 

If you would like to order from our online shop, you will need a customer account. The following mandatory fields have been predefined for registration:

 

First name
Last name
Email
Password
Further data are required for orders:
Address
Country
Phone number

 

The legal basis for the data processing is
Art. 6 para. 1 sentence 1 lit. b GDPR.

 

 

 

h. Applications

 

If you are interested in us as an employer and would like to apply for a job with us, we collect various personal data that we need to review your application. The following mandatory fields are predefined:

 

Salutation
First name
Last name
Password
User language
Email
Phone number
Salary expectations
Possible start date
How did you hear about us
Data release
Approval

 

We require the following documents:

Cover letter
CV
Other documents

 

The legal basis for data processing is Art. 6
para. 1 sentence 1 lit. b GDPR in conjunction with Art. 26 para. 1 Federal Data
Protection Act (BDSG, Germany).

 

i. Cookies

 

We use so-called cookies on our website.
Cookies are small text files that are stored by the web browser on your
computer or mobile device. Cookies do not cause any damage to your computer, do
not contain viruses, and are automatically deleted after they expire. Some
cookies expire when you end your Internet session; others are stored for a
maximum of 100 days.

 

Some of the cookies we use on our website come
from third parties that help us analyse the impact of our website content and
our visitors’ interests, measure the performance of our website or serve to
place ads and other content on our website or other websites. Within the
framework of our website, we use both first-party cookies (only visible in the
domain you are visiting) and third-party cookies (visible across domains and
regularly placed by third parties).

 

You can, of course, also view our website
without cookies. You can use your browser settings to prevent cookies from
being stored on your computer. Existing cookies can also be deleted via the
browser settings. In this event, however, the functionality of our website may
be limited.

 

The legal basis for data processing is Art. 6
para. 1 sentence 1 lit. a GDPR for third-party cookies, which we set mainly for
marketing purposes and thereby process personal data that are not required for
normal website operation. Another legal basis is Art. 6 para. 1 sentence 1 lit.
f GDPR for cookies that we place to protect our legitimate interests (technical
provision, optimisation, user-friendliness, security).

 

We use the following cookie-based
tools/plugins on our website:

 

j. Google Analytics

 

This website uses Google Analytics and Google
Remarketing based on your consent given to us. These are services provided by
Google, Inc. (“Google”). Google uses “cookies”, which are text files placed on
your computer to help the website analyse how users use the site. The
information generated by the cookie about your use of the website (including
your IP address) will be transmitted to and stored by Google in the United
States. In the event that IP anonymisation is activated, Google will truncate/anonymise
the last octet of the IP address for Member States of the European Union as
well as for other contracting parties to the Agreement on the European Economic
Area. Only in exceptional cases is the full IP address transferred to a Google
server in the USA and truncated there. On behalf of the website provider,
Google will use this information to evaluate your use of the website, compile
reports on website activity for website operators and provide other services
relating to website activity and Internet usage to the website provider. Google
will never associate your IP address with other Google data. You can refuse the
use of cookies by selecting the appropriate settings in your browser. Please
note, however, that if you do this, you may not be able to use all the features
of this website. Furthermore, you can prevent the collection and use of data
(cookies and IP address) by Google by downloading and installing the browser
plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en.

 

For more information on the terms of use and
data protection, please visit https://tools.google.com/dlpage/gaoptout?hl=en or
https://support.google.com/analytics/answer/6004245?hl=en or
https://support.google.com/adwordspolicy/answer/143465?hl=en. Please note that
on this website, the code of Google Analytics and Google Remarketing is
supplemented by “gat._anonymizeIp ()” to ensure the anonymised
collection of IP addresses (so-called IP masking).

 

The legal basis for data processing is Art. 49
para. (1) sentence 1 lit. a GDPR. Standard contractual clauses to ensure an
adequate level of data protection have also been concluded.

 

k. Google Tag Manager

 

This website uses Google Tag Manager. This
service allows us to manage website tags via an interface. Google Tool Manager
only implements tags. This means that no cookies are used and no personal data
are regularly collected in the process. However, this may trigger other tags,
which in turn may collect data. However, Google Tag Manager does not access
these data. If any deactivation has been made at domain or cookie level, this
will remain in place for all tracking tags if they are implemented with the Google
Tag Manager.

 

The legal basis for data processing is Art. 49
para. (1) sentence 1 lit. a GDPR. Standard contractual clauses to ensure an
adequate level of data protection have also been concluded.

 

l. DoubleClick/Google Ads

 

This website uses the DoubleClick or Google
Ads tool from Google. DoubleClick and Google Ads use cookies to provide ads
that are relevant to users, to improve campaign performance reports and to
prevent a user from seeing the same ads multiple times. Google uses a cookie ID
to record which ads are displayed in which browser. Moreover, DoubleClick uses
cookie IDs to track interactions related to ad enquiries. You can prevent this
tracking in the following ways:

 

by an appropriate setting of your browser, in
particular by suppressing third-party cookies

 

by deactivating the interaction tracking
cookies by setting your browser to block cookies from the domain
“www.googleadservices.com”. (https://www.google.de/settings/ads).
Please note that this setting will be deleted when you delete your cookies.

 

by deactivating the interest-based
advertisements of the providers via the link http://www.aboutads.info/choices.
This setting is also deleted when you delete your cookies by permanently
deactivating it in your Firefox, Internet Explorer or Google Chrome browsers
under the link http://www.google.com/settings/ads/plugin. You can find more
information about DoubleClick from Google at www.google.de/doubleclick or
support.google.com/adsense/answer/2839090. You can find out more about data protection
at Google in general at: www.google.de/intl/de/policies/privacy.

 

The legal basis for data processing is Art. 49
para. 1 sentence 1 lit. a GDPR. Standard contractual clauses to ensure an
adequate level of data protection have also been concluded.

 

m. ClickDimensions

 

ClickDimensions is an online and offline
marketing and sales tool for collecting and storing data and generating leads.
We use ClickDimensions forms on each of our product websites (in all countries
and in all languages), especially as a first point of contact and for
downloading white papers. Leads can be generated from this data and used by our
sales team. HubSpot can also record customer journeys with the aid of cookies
and IP addresses.

 

The data collected are stored by ClickDimensions
on servers in the USA. The transfer of data takes place in accordance with the
conditions of the standard contractual clauses. ClickDimensions is committed to
handling all personal data received from European Union (EU) Member States and
Switzerland in accordance with the applicable principles of the Standard
Contractual Clauses.

 

The legal basis for data processing is Art. 49
para. 1 sentence 1 lit. a GDPR.

 

n. Microsoft Bing Ads

 

This website uses Microsoft Bing Ads on the
basis of the consent you have given to us. We use Microsoft Bing Ads for
remarketing and completion tracking purposes. The service originates from
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 – 6399, USA,
hereinafter referred to only as “Microsoft”, which uses the so-called
Universal Event Tracking (UEN).

 

When you click on an advert placed by us on
the Internet search engine “Bing”, a cookie for tracking
functionality is stored by Microsoft on the end device via the Internet
browser. This tracking cookie loses its validity after 180 days and is not used
for personal identification. If the cookie is still valid and a specific page
of our website is accessed at the same time, both Microsoft and we can
recognise that the website visitor has clicked on an advert placed by us on
Bing and has been redirected from there to our website.

 

The data collected with Microsoft’s tracking
cookie are used to compile visit statistics, such as the number of accesses to
the adverts we have placed on Bing as well as on the Internet pages of our
website that were subsequently accessed. It is not possible to personally
identify the website visitor on the basis of these data. Microsoft may be able
to track user behaviour across multiple devices of a user via so-called
cross-device tracking, enabling Microsoft to display personalised advertising
across devices. The setting of cookies can be prevented by browser settings or
by refusing consent.

 

If you have a Microsoft account, you can also
change the settings for personalised advertising there under
http://choice.microsoft.com/de-de/opt-out.

 

Furthermore, Microsoft offers further
information on Bing Ads and on the collection and use of data as well as on
your rights and options to protect your privacy under
https://help.bingads.microsoft.com/#apex/3/de/53056/2 as well as under
https://privacy.microsoft.com/de-de/privacystatement. 

 

The legal basis for data processing is Art. 49
para. 1 sentence 1 lit. a GDPR. Standard contractual clauses to ensure an
adequate level of data protection have also been concluded.

 

p. YouTube

 

This website uses YouTube on the basis of the
consent you have given to us. The service originates from YouTube, LLC, 901
Cherry Ave, San Bruno, CA 94066, USA.

 

When you visit one of our pages that embeds
content from YouTube, a connection is established to servers from YouTube. The
YouTube server receives information about which of our pages you have visited.

 

If you are logged into your YouTube account,
you enable YouTube to associate your surfing behaviour directly to your
personal profile. You can prevent this by logging out of your YouTube account.

 

Further information on how your data is
handled in this regard can be found in YouTube’s privacy policy at:
https://www.google.de/intl/de/policies/privacy.

 

The legal basis for data processing is Art. 6
para. 1 sentence 1 lit. a GDPR.

 

V. Recipients of the data

 

Within our group, access to your data is given
to those offices that require them to fulfil our contractual and legal
obligations. Service providers and vicarious agents used by us (e.g. technical
service providers, shipping companies, waste disposal companies) may also
receive data for these purposes. Depending on the circumstances, we commission
these service providers within the framework of order processing. They are then
subject to our instructions and may only process the data for narrowly defined
purposes. In some cases, we also jointly define the purposes and means of data
processing within the framework of joint responsibility.

 

In individual cases, we also transmit personal
data to our legal and tax advisors, whereby these recipients are obliged to
maintain special confidentiality and secrecy due to their professional status.

 

VI. Data transfer to third countries

 

As CuroGens, we process your data
predominantly in Switzerland or in an EU Member State. Personal data are
transferred between affiliated companies in Switzerland, the European Union,
the United Kingdom and Singapore. Only the relevant departments and/or persons
in our company have access to the data to process your enquiries and requests.
For the aforementioned cookie-based tools/plugins and the aforementioned
purposes, we also transfer the aforementioned data to third countries on the
basis of the legal bases and the measures for ensuring an adequate level of
data protection mentioned there.

 

Potential risks may include unenforceable data
subject rights and a lower level of data protection. We minimise the risk as far
as possible by concluding order processing contracts (if such a contractual
relationship exists) and standard contractual clauses including effective
supplements required by the supervisory authorities.

 

VII. Duration of the data storage

 

We initially process and store your personal
data for the duration for which the respective purpose of use requires
corresponding storage. Depending on the circumstances, this also includes the
periods of time for initiating a contract and the subsequent performance of the
contract. If a contractual relationship ends, the data processing purposes no
longer apply or statutory retention periods expire, we will delete your data.
There are a wide variety of deadlines for the retention of data and documents,
which may result from the Commercial, the Fiscal or the Civil Code, for
example. The deletion periods range from a few days to 10 years, depending on
the circumstances.

 

VIII. Data security

 

To ensure the appropriate security of your
data on our website and systems, we take appropriate technical and
organisational measures to protect your data from loss, destruction,
unauthorised access, and manipulation. The measures we apply are continuously
developed in line with technological progress.

 

We use TLS encryption for our web forms. This
protects your entries in our web forms during transmission to our servers. You
can recognise an encrypted connection by the fact that the address line of your
browser changes from “http://” to “https://” and by the lock
symbol in your browser line. Nonetheless, we would like to point out that this
does not represent complete protection against attackers.

 

IX. Your rights as a data subject

 

Under the GDPR, you are entitled to the
following statutory data subject rights, provided that the prerequisites are
met:

 

Right to information about your data stored by
us in accordance with Art. 15 GDPR,

Right to rectification of inaccurate data in
accordance with Art. 16 GDPR,

Right to the deletion of the data stored by us
in accordance with Art. 17 GDPR,

Right to restrict the processing of data
stored by us in accordance with Art. 18 GDPR,

Right to data portability in accordance with
Art. 20 GDPR,

Right to revoke at any time under Art. 7 (3)
GDPR any consent given to us; this will result in us not being allowed to
continue the data processing based on this consent in the future.

Right to lodge a complaint with a competent
supervisory authority in line with Art. 77 of the GDPR if you consider that
processing of your personal data infringes the GDPR provisions: you can
exercise your right to complain to the competent authority in any country or
state where our offices are located or in the country or state where you are
located.

Right of objection

 

Insofar as the processing of your data is
carried out to protect legitimate interests, you have the right to object to
this processing at any time using the contact details provided if your
particular situation gives rise to reasons that prevent such data processing.
We will then no longer process your data unless they are predominantly based on
our own legitimate interest or another legal basis. If you would like to
exercise your right to object, send an email to the above email addresses of
our data protection officers.

 

X.    Obligation to provide data

 

In principle, you are not obliged to provide
us with your personal data. However, if you do not do this, we will not be able
to provide you with unrestricted access to our website or to respond to your
enquiries to us. Personal data that we do not absolutely need for the
above-mentioned processing purposes are marked accordingly as voluntary
information.

 

XI. Automated decision making/profiling

 

We do not use automated decision making or
profiling (an automated analysis of your personal circumstances).

 

XII. Updating and changing this privacy policy

 

Our data protection policy is regularly
revised and updated from time to time to comply with the legal data protection
and privacy laws in force.

 

 



Arrow-up