This privacy statement informs you about how we treat your data. To make the processing of your data transparent, we would like to provide you with the following information to give you an overview of these processing operations. To keep things fair, we additionally want to inform you about your rights pursuant to the EU-General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). We will inform you in detail about
The Endosane Pharmaceuticals GmbH is the controller of the data processing (hereinafter referred to as ‘we’ or ‘us’).
If you have any questions or feedback concerning this information or wish to contact us to exercise your rights, please send your enquiry to Endosane Pharmaceuticals GmbH Jägerstr. 28-31 Tel.: Email: email@example.com
The legal term ‘personal data’ refers to all information relating to an identified or identifiable natural person. We process personal data in compliance with the data protection regulations, in particular the GDPR and the BDSG. We solely process data based on law. We process personal data
Unless otherwise stated in the following, we will only store your data for as long as required to achieve the intended processing purpose or to fulfil our contractual or statutory obligations. In particular, such statutory retention requirements may result from regulations under commercial or tax law.
For certain processing activities, we rely on service providers. These processing activities include, for example, hosting, maintenance and support for IT systems, customer and client management, order processing, accounting, marketing or destruction of paper files and data carriers. A ‘processor’ is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors process data not for their own purposes but solely for the controller and are contractually obliged to implement appropriate technical and organizational measures ensuring data protection. Apart from that, we may transfer your data to postal and delivery services, our bank, consultants/auditors or the fiscal authority if necessary. Should your data be transferred to further recipients, you can find this information under the description of the respective processing activity.
If you exercise your rights pursuant to Art. 15 to 22 GDPR, we process the personal data transferred in order for us to grant you your rights and to acquire proof thereof. For the purpose of providing information and preparing such information, we will process the stored data only for this purpose as well as for purposes of data protection control and otherwise restrict processing in accordance with Art. 18 GDPR. These processing operations are based on Art. 6 section 1 letter c) GDPR in combination with Art. 15 to 22 GDPR and section 34 para. 2 BDSG.
As the data subject, you are entitled to exercise your rights against us. In particular, you have the following rights:
Pursuant to Art. 21 section 1 GDPR, you have the right to object to processing activities based on Art. 6 section 1 letter e) or letter f) GDPR on grounds relating to your particular situation. If we process your personal data for the purpose of direct marketing, you may object to such processing pursuant to Art. 21 section 2 and section 3 GDPR.
You can reach the data protection officer of Endosane Pharmaceuticals GmbH at the following contact details:
Herting Oberbeck Data Protection GmbH
Hallerstr. 76, 20146 Hamburg
During use of our website, we collect information that you provide yourself. We also automatically collect certain information about your use of the site during your visit to the site. In data protection law, the IP address is also considered personal data. An IP address is assigned to each device connected to the internet by the internet provider so that it can send and receive data.
When using our website for informative purposes only, general information that your browser transfers to our server is initially stored automatically (not via registration). This includes by default: browser type/-version, operating system used, page called, the previously visited page (referrer URL), IP address, date and time of server request and HTTP status code. The processing is carried out in pursuit of our legitimate interests and is based on Art. 6 section 1 letter f) GDPR. This processing serves the technical administration and security of the website. The IP address is anonymized after 24 hours. For this the last octet is zeroed. The data collected will be deleted after seven days unless there is a justified suspicion of illegal use based on concrete indications and further examination and processing of the information is necessary for this reason. We are unable to identify you as a data subject based on the information collected. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 section 2 GDPR, unless you provide additional information to enable your identification in order to exercise the rights set out in these articles.
Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries where the DSGVO is not applicable law. Such a transfer shall be authorised if the European Commission has decided that an adequate level of data protection is ensured in such third country. In the absence of such an adequacy decision by the European Commission, personal data will only be transferred to a third country if appropriate safeguards are in place in accordance with Art. 46 DSGVO or if one of the conditions of Art. 49 DSGVO is met. Unless otherwise stated below, we use as appropriate safeguards the EU standard contractual clauses for the transfer of personal data to processors in third countries: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087.
Our website provides a contact form, through which you can enquire an offer from us. Your data is transferred encrypted (note the ‚https‘ in the address bar of your browser). All data fields marked as mandatory are necessary to be filled in for the handling of your request. Failure to provide the required information will result in us being unable to process your request. You have the alternative option to send us an email. We process the data for the purpose of handling your request. If your request relates to the establishment or execution of a contract with us, the processing of your data is based on Art. 6 section 1 letter b) GDPR. In all other cases we process data out of our legitimate interest in contacting the person enquiring. The latter data processing finds its legal basis in Art. 6 section 1 letter f) GDPR.
On our website we offer the possibility to subscribe to our newsletter. After the registration we will inform you regularly about the latest news about our offers. A valid e-mail address is required to register for the newsletter. To verify the e-mail address, you will first receive a registration e-mail, which you must confirm via a link (double opt-in). If you subscribe to the newsletter on our website, we process personal data such as your e-mail address and your name on the basis of the consent you have given. The processing is based on the legal basis of Art. 6 section 1 letter a) GDPR. You can revoke your consent at any time with effect for the future, for example by clicking on the “unsubscribe” link in the newsletter or by contacting us via the channels mentioned above. The legality of the data processing operations already carried out remains unaffected by the revocation. When you register for the newsletter, we also store the IP address and the date and time of registration. The processing of this data is necessary to prove that you have given your consent. The legal basis results from our legal obligation to document your consent (Art. 6 section 1 Letter c) in connection with Art. 7 section 1 GDPR). We also analyze the reading behavior and opening rates of our newsletter. For this purpose, we collect and process pseudonymized usage data which we do not merge with your e-mail address or IP address. The legal basis for the analysis of our newsletter is Art. 6 section 1 letter f) GDPR and the processing serves our legitimate interest in optimizing our newsletter. You can object to this at any time by contacting one of the contact channels mentioned above. For the administration of the subscribers and the sending of the newsletter, we use the service Klaviyo of the Klaviyo, Inc. (USA).
On our website we use the Consent Management Platform Usercentrics. Usercentrics is a product of the company Usercentrics GmbH (Germany), which enables users of our website to grant or revoke their consent to certain data processing procedures. In addition, Usercentrics supports us in being able to provide evidence of the declaration of consent. For this purpose, Usercentrics processes information on the declaration of consent and further protocol data on this declaration. Cookies are also used to collect this data. The collected IP address is only processed in anonymized form. Proof of the revocation of a previously given consent is kept for three years. This is done so that we can meet our obligation to provide proof. The processing of this data is necessary in order to be able to prove that consent has been granted. The legal basis is derived from our legal obligation to document your consent (article 6 paragraph 1 letter c) in conjunction with Art. 7 section 1 GPDR).
We operate company pages on multiple social media platforms via which we offer further opportunities to obtain information about our company and for exchange. We operate company pages on the following social media platforms:
Visiting a company page on social media can result in your personal data being processed. The information in your social media account constitutes personal data. This also encompasses messages and statements made with the account. Additionally, certain information about your visit to a company page is often collected automatically during your visit.
Certain information about you is processed relating to your visit to our Facebook page on which we present our company or individual products. Facebook Ireland Ltd (Ireland/EU – ‘Facebook’) is the sole controller of this processing. Further information about the processing of personal data by Facebook is available via https://www.facebook.com/privacy/explanation. Facebook provides the opportunity to object to certain processing activities; corresponding information and opt-out-methods are available via https://www.facebook.com/settings?tab=ads. Facebook provides us with anonymised statistics and insights for our Facebook page, which enable us to gain knowledge about the ways in which people interact with our page (so called ‘insights’). These insights are created based on certain information about persons who have visited our page. Facebook and we are joint controllers of this processing. The processing serves our legitimate interest in evaluating the ways in which people interact with our page and improving our page based on this. This finds its legal basis in Art. 6 section 1 letter f) GDPR. It is impossible to match the information obtained via insights to individual accounts which interact with our Facebook page. We have concluded an agreement with Facebook on joint controllership in which the data protection duties are allocated between Facebook and us. Details of the processing of personal data for the creation of insights and of the agreement we concluded with Facebook are available via https://www.facebook.com/legal/terms/information_about_page_insights_data. Regarding these processing activities, you may also exercise your rights (see above ‘Your Rights’) against Facebook directly. Further information is available in Facebook’s privacy statement via https://www.facebook.com/privacy/explanation. Please note that user data is also processed in the USA and other third countries according to Facebook’s data protection guidelines. Facebook only transfers user data to countries for which the European Commission has made an adequacy decision pursuant to Art. 45 GDPR or based on appropriate safeguards pursuant to Art. 46 GDPR.
Generally, the LinkedIn Ireland Unlimited Company (Ireland/EU – ‘LinkedIn’) is the sole controller of the processing of your personal data relating to a visit to our LinkedIn page. Further information on the processing of personal data by LinkedIn are available via https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy. If you visit or follow our LinkedIn company page, LinkedIn processes personal data to provide us with anonymised statistics and insights which enable us to gain knowledge about the ways in which interact with our page (so called ‘insights’). For this purpose, LinkedIn processes, in particular, such data that you already shared with LinkedIn by adding it to your profile like, for example, position, country, field of work, seniority, company size and employment status. Further, LinkedIn collects information on how you interact with our LinkedIn company page, for example whether you follow our LinkedIn company page. LinkedIn does not share personal data with us by providing us with the insights. We only have access to a summarized version of the insights. Also, we are unable to make conclusions about individual members from the information in the insights. LinkedIn and we are joint controllers of the processing regard the page insights. The processing serves our legitimate interest in evaluating the ways in which people interact with our page and improving our page based on this. This finds its legal basis in Art. 6 section 1 letter f) GDPR. We have concluded an agreement with LinkedIn on joint controllership in which the data protection duties are allocated between LinkedIn and us. The agreement is available via https://legal.linkedin.com/pages-joint-controller-addendum. The agreement stipulates the following:
Please note that user data is also processed in the USA and other third countries according to LinkedIn’s data protection guidelines. LinkedIn only transfers user data to countries for which the European Commission has made an adequacy decision pursuant to Art. 45 GDPR or based on appropriate safeguards pursuant to Art. 46 GDPR.
Generally, Twitter Inc. (USA) is the sole controller of the processing of your personal data relating to your visit to our Twitter account. Further information on the processing of personal data by Twitter Inc. is available via https://twitter.com/de/privacy.
Generally, Google Ireland Limited (Ireland/EU) is the sole controller of the processing of your personal data relating to your visit to our YouTube channel. Further information on the processing of personal data by YouTube and Google Ireland Limited is available via https://policies.google.com/privacy.
Additionally, we process information which you provide us with via the respective social media platform. Such information can include the username, contact details or a message to us. Generally, we only process this personal data if we have expressly requested you to share this data with us like, for example, in connection with a survey. We are the sole controller of such processing activities. We process this data in pursuit of our legitimate interest to reach out to persons submitting requests. The legal basis for this is Art. 6 section 1 letter f) GDPR. Additionally, we might process such data shared with us for purposes of evaluation or marketing. Such processing is based on Art. 6 section 1 letter f) GDPR and serve our legitimate interest to develop our product range and inform you about our product range. Further data processing can take place if you have consented (Art. 6 section 1 letter a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 section 1 letter c) GDPR).
If you send us a message via our contact email address, we will process the transferred data in order to process the request. We process this data in pursuit of our legitimate interest to reach out to persons submitting requests. The legal basis for this is Art. 6 section 1 letter f) GDPR.
In order to establish and execute the contractual relationship with our customers, suppliers and business partners it is regularly necessary to process the master, contract and payment data provided to us. If we process personal data of our contact persons at commercial customers, suppliers and business partners in the course of this, this happens in pursuit of our legitimate interests and is based on Art. 6 section 1 letter f) GDPR. In addition, we process customer and potential customer data for evaluation and marketing purposes. This processing takes place on the legal basis of Art. 6 section 1 letter f) GDPR and serves our interest in further developing our product range and informing you specifically about products by Endosane GmbH. Further data processing can take place if you have consented (Art. 6 section 1 letter a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 section 1 letter c) GDPR). August 2020