Thank you for visiting our website. In the following, we will address your questions as to how we handle your personal data when using our website at www.idt-biologika.de (referred to as “our website” in this privacy policy).
This data privacy policy does not apply to third-party websites accessed from hyperlinks on our website. IDT Biologika GmbH (referred to as “IDT Biologika” in the following) is not responsible for how third-party websites process your data.
Party responsible (controller), data protection officer
Controller
IDT Biologika GmbH
Am Pharmapark
06861 Dessau-Roßlau
Tel.: +49 34901 8850
Fax: +49 34901 5323
E-mail: info@idt-biologika.de
Contact details of the data protection officer
IDT Biologika GmbH
Am Pharmapark
06861 Dessau-Roßlau
Tel.: +49 34901 8850
Fax: +49 34901 5323
E-mail: datenschutz@idt-biologika.de
Information applicable to all data processing
Information in this Section II applies to any personal data belonging to you and processed on this website. The term “personal data” refers to any information relating to an identified or identifiable individual person. An identifiable individual person is any person whose identifying characteristics may be used to identify that person, either directly or indirectly. Identifying features especially include the person’s name, identification number, location information, online login or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the person.
Recipient categories
We will not normally transfer your personal data to third parties. However, we may transfer your data on to our service providers, business partners, or affiliated companies with your consent or if we are legally required to do so in exceptional cases.
We will only transfer as much data as is necessary. Some of our service providers will receive your data for processing; these “processors” will be strictly bound to our instructions when handling your data. Some recipients act independently with the data we transmit to them.
We will name the recipients or categories of recipients in the description of the corresponding data processing activity for any data that we do transmit to them.
Storage period
We will usually only store personal data as long as necessary for the processing activities concerned, or if we also have legal justification for storage or as long as we are bound by legal retention periods.
We will state the respective storage periods in the description of the respective data processing activity.
Data transfers to third countries
We will not usually transfer your data to countries outside the EU or EEA or to international organizations unless this data transfer is expressly named in the above processing activities.
Any data that we do send in individual cases to third countries, that is, any country outside the EU or EEA, we will transfer on the basis of a suitable guarantee according to GDPR Chapter IV. This will usually involve an adequacy decision by the EU Commission or EU standard contractual clauses to ensure compliance with the appropriate level of data protection in the third country. We will ensure an adequate level of data protection for your data (copy available upon request) and the efficacy of enforceable rights and effective legal remedies if needed in addition to agreeing standard contractual clauses such as through contractual agreements with our contractual partners. We will also ask you for your express consent where applicable.
We have no control over how third-party websites handle your data with respect to countries outside the EU and EEA.
Automated decision-making including profiling
We do not use any systems for automatic decision-making or profiling.
Obligation to provide personal data
You are not obliged to share your personal data with us. However, note that we will not be able to display our website, or not with complete functionality, or answer any inquiries you may have sent us, provide you with information or similar, or conclude a contract with you if you refuse to share any personal data with us.
Rights in personal data processing
You have certain rights affecting how we process your data that we will describe in the following:
Your rights as a “data subject”
Right to access your data (GDPR Art. 15)
You have the right to request information on your personal data that we have stored and the scope of data processing and transfers that we have performed, and to receive a copy of your personal data that we have stored.
Right to rectification (GDPR Art. 16)
You have the right to request that we correct any inaccurate or incorrect personal data stored on you at the Montag Stiftungen foundation group.
Right to erasure (GDPR Art. 17)
You have the right to have us erase your personal data immediately as long as the statutory requirements are met. Note that this right to erasure is subject to limitations. For example, we are neither required nor permitted to erase any data subject to legal retention periods. Likewise, your right to erasure does not apply to any data that we need to assert, exercise, or defend legal claims.
We will inform any third-party recipients of your data on your erasure request if required by law.
Right to restriction on processing (GDPR Art. 18)
You have the right to request us to restrict processing on your personal data subject to legal requirements.
Right to data portability
You have the right to request us to send you your personal data that you have provided to us with the data in a generic structured machine-readable format, or for the Montag Stiftungen foundation group to send the data to another controller without hindrance, on condition that we have processed the data using automated processes on your consent or in managing a contract with you (including employment contracts). You also have the right to have the Montag Stiftungen foundation group transmit your personal data directly to another controller provided that this is technically feasible and does not impact the rights and freedoms of others.
Right to object
You have the right to object to us processing your personal data if processing your data serves our vested interests. We will no longer process your data in this case. This last point shall not apply if we can demonstrate compelling legitimate reasons for processing that outweigh your interests, or that we require your data to assert, exercise, or defend legal claims.
Right of revocation with consent as legal justification for processing
You have the right to revoke your consent for us to process your personal data at any time with future effect.
Right of objection with your supervisory authority
You may contact the data protection officer named in this privacy policy (see section A for contact details) or a supervisory authority to lodge a complaint, especially in the member state in which you have your residence, place of work, or the place of the alleged violation.
You may always contact the following:
Landesbeauftragter für den Datenschutz Sachsen-Anhalt
(State Commissioner for Data Protection, Saxony-Anhalt)
Otto-von-Guericke-Straße 34a
39104 Magdeburg
Tel.: +49 391 81803-0
Fax: +49 391 81803-33
E-mail: poststelle@lfd.sachsen-anhalt.de
Details on individual data processing processes
The following covers data processing on our website, its purpose and legal justification, corresponding storage periods, data recipients, and any data transfers to third countries where applicable.
Log files
Data processing
Your browser will transmit certain data to our web server when you visit our website as technically necessary to provide you with the information you have requested. The data will include your IP address; your browser type, version, and language; your operating system; your browser window and screen resolution; JavaScript activation; color depth; time of access, previous website, and whether you have Java and cookies set to on or off.
Purpose and legal justification
Automatic transmission occurs when you visit our website as it allows us to provide you with the content that you have requested on our website. This also necessarily includes processing your data to prepare the information you have requested for download. Transmitting the data also makes the website more comfortable and convenient to use while protecting the security of our IT systems, such as by detecting attacks.
GDPR Art. 6.1 (f) serves as legal justification for data processing. Our vested interest emerges from the above purposes of processing data.
Storage period
We will only store your personal data on our servers for the duration of your visit. We will immediately delete the personal data afterwards.
Recipient categories
- IT service providers whose responsibilities include storing data and supporting in system administration and maintenance. Public authorities and institutions depending on our statutory entitlement or obligation
Data transfers to third countries
We will not transfer any data to third countries.
Cookies
Data processing
We use what are referred to as “cookies” on our website. Cookies are small text files that the browser stores in your device’s memory. Cookies contain certain information such as your preferred language or page settings; your browser may send these details back to us when you visit our website again, depending on the lifespan of the cookie.
We also use a consent management platform to document your cookie settings and implement your settings on the website. We have commissioned Borlabs Cookie to operate the consent management platform we use.
Purpose and legal justification
We use the following cookies for the purposes stated below:
These cookies provide essential services supporting basic functionality and are necessary for our website to work as intended.
We use Consent Manager to fulfil our accountability obligations in documenting effective consent.
GDPR Art. 6.1 (c) therefore serves as legal justification for using Consent Manager. German Telecommunications and Telemedia Data Protection Act (TTDSG) Section 25 para. 2 No. 2 serves as legal justification for storing technical cookies for the first time. GDPR Art. 6.1 (f) serves as legal justification for subsequently processing technical cookies as it covers our vested interest in providing you with the services you have requested, with or without cookies. We initially store optional cookies on your consent according to German Telecommunications and Telemedia Data Protection Act (TTDSG) Section 25 para. 1. GDPR Art. 6.1 (a) serves as legal justification for subsequently processing the optional cookies subject to your consent.
Data transfers to third countries
Our service providers may transmit data to third countries.
Google Analytics
Our website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses what are referred to as “cookies” – text files stored on your computer that allow us to analyze how you use our website. Cookies store information on how you use our website, which is then usually transferred to Google servers in the US for storage. Our website uses Google Analytics with the _anonymizeIp () extension. This involves Google truncating the last octet of an IP address from a member state of the European Union or other parties to the Agreement on the European Economic Area beforehand. The full unabbreviated IP address will only be sent by US-based Google servers in exceptional cases. This will eliminate any direct personal connection with you as a data subject. Google will use this information to analyze how you use our website, compile reports on website activity, and provide additional services involving website and internet use as commissioned by this website’s webmaster. Google will not link your IP address in the Google Analytics service with any other data stored by Google.
One of the Google Analytics features we use is Google Signals, which helps us understand user behavior and optimize our website by collecting data especially on user behavior on the web. This information includes the browser and device you are using and the device you are searching for information on, and the devices that customers are more likely to complete a purchase with. However, Google only provides this data to us in a summarized pre-evaluated form, that is, the data will arrive aggregated and anonymized. This eliminates any possibility for us to access individual datasets or track any data back to individual users.
We will be processing and analyzing your personal and non-personal data on our website with the following legal justification:
– Your consent according to German Telecommunications and Telemedia Data Protection Act (TTDSG) Section 25 para. 1 on initial data storage and extraction
- – Your consent according to GDPR Art. 6.1 (a) GDPR for further data processing, such as data analysis
You have the right to revoke your consent at any time in the future by:
Configuring your browser to reject cookies using the appropriate settings in your browser software; however, note that you may not be able to use all the features of the website if you should choose to do so.
Downloading this browser plugin: http://tools.google.com/dlpage/gaoptout?hl=de
Clicking this
link to call up the Consent Manager again and deselecting the consent option in respective category, and then confirming the setting.
Refer to http://www.google.com/analytics/terms/de.html and http://www.google.com/intl/de/analytics/privacyoverview.html for more details.
Video services
Data processing and purpose
We embed YouTube and Vimeo videos on our website. YouTube and Vimeo will need to process data as technically necessary for us to be able to display the videos. YouTube and Vimeo are responsible for these data processing activities.
YouTube and Vimeo are restricted, and the videos will only be displayed on your consent to increase your data privacy when you visit our website. This ensures that you will not automatically form a connection with YouTube and Vimeo servers, and that your data will not be sent to YouTube or Vimeo just by accessing our website. Your browser will only establish a direct connection to YouTube or Vimeo servers for such purposes as viewing the videos that we have embedded once you have consented to data transmission to YouTube or Vimeo and clicked on the corresponding button. Neither we nor YouTube nor Vimeo will collect any data from you on our website without your consent.
Legal justification
GDPR 6.1 (a) serves as legal justification for us to process your data based on your consent.
Recipients
Your data will be transferred to the following providers. Refer to the providers’ privacy policies for more information on how they process your data.
YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; https://policies.google.com/privacy
Vimeo
Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; https://vimeo.com/privacy
Embedded brochures
Data processing and purpose
We use the ISSUU plugin to provide browsable brochures.
Legal justification
GDPR Art. 6.1 (f) serves as legal justification for us to process your data as it is in our vested interest to do so. Our vested interest is to display our brochures in an attractive and browsable format.
Recipients
Your data will be transferred to the plugin provider, ISSUU Inc., 131 Lytton Ave, Palo Alto, CA 94301, USA, when you view the brochures. Refer to https://issuu.com/legal/privacy for the ISSUU privacy policy.
How we process your data when you contact us by e-mail or using our contact form
Data processing
You may contact us using a contact form on our website or by e-mail to send us inquiries, for example. We will only process your personal data transmitted for this purpose to process your request.
The data processed by you via the contact form or e-mail to be processed will especially include your name, e-mail address, phone number, company, position, and any other information you have submitted voluntarily.
Legal justification and purpose
We will process your data to manage your enquiry.
GDPR Art. 6.1 (f) and Art. 6.1 (b) for an enquiry involving contract preparation or fulfilment serve as legal justification for us to process your data. Our vested interest arises from both parties having an interest in handling your enquiry.
Storage period
We will store your data until we have finished processing the data or until the end of our business relationship. We will only store your data beyond this time if required by commercial or tax law or similar, or if we have other legal justification for further storage.
Recipients
We will not usually transfer your data to third parties.
Other personal data processing scenarios
Processing data for job applications
Type and scope of data processing
We will process the personal data you submit to us as part of your job application. Personal data – simply referred to as “your data” in the following – covers any information referring to an identified or identifiable individual person such as your name, address, telephone number, and date of birth. An identifiable individual person is any person whose identifying characteristics may be used to identify that person, either directly or indirectly. Identifying features especially include the person’s name, identification number, location information, online login or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the person.
Your application documents may also contain special categories of personal data. GDPR Art. 9 defines special categories of personal data as data revealing racial and ethnic origin, political opinion, religious affiliation and denomination, ideological beliefs, trade union membership, and biometric data processed for clear identification such as photographs, health data such as on the degree of severe disability, and data on sex life or sexual orientation. We will not intentionally collect any information in special categories that you might include on your CV. We expressly ask you not to send us any data of this type.
Legal justification
We will process the data we have collected during the application process to manage the process when you apply for a vacancy at our company. GDPR Art. 88.1 and German Data Protection Act (BDSG) Section 26 para. 1 sentence 1 serve as legal justification for us to process your data, as we will need the data to reach an employment decision. The applicant data concerned will usually include the following: Your first and last name; academic degree if applicable; date and place of birth; contact details – your address, e-mail, landline and/or mobile phone number; and your application documents – mission statement, CV, references, language skills, and other skills and qualifications.
We will use the personal data you have provided as a basis for our decision during the application process according to legal requirements. For example, we will use your professional qualifications to decide whether or not to shortlist you amongst other candidates, or our personal impression of you from the interview to decide whether to offer you the position in your job application.
We have specifically asked you not to disclose any data belonging to special categories according to GDPR Art. 9.1 such as your photo or information on your religious affiliation/denomination. However, we will store any such information that you have disclosed to us on the basis of your consent according to GDPR Art. 88.1 in conjunction with the German Data Protection Act (BDSG) Section 26 para. 3 sentence 2. This will also apply to any additional personal data in a special category that you should disclose in the further course of the application process.
We will not take this information into account when making an employment selection decision unless statutory provisions require us to do so. One such example might be some job advertisements giving preferential treatment to people with disabilities according to an applicable law.
Disclosure is always voluntary in such cases and occurs on your express consent, which you will have given voluntarily by submitting this information and accepting this privacy policy.
Storage period
We will store your applicant data for the duration of the application process and for four months afterwards.
Recipients
We will show you any vacant positions on our website using the services of Indeed Deutschland GmbH, Theo-Champion-Str. 2, 40549 Düsseldorf for recruitment. Refer to https://hrtechprivacy.com/de/brands/about-indeed#privacypolicy for this provider’s privacy policy.
Processing in the talent pool
Type and scope of data processing
The application process includes your consent for us to store your data longer to enable us to contact you directly if there is a suitable vacancy for you in the future. We will store the following information on your consent to have your data stored in our database: Description of your work experience, training and qualifications, and personal contact information with which we can identify you including your name, address, telephone number and email address; you may also add other digital documents to your application such as your cover letter, references, application photo, and similar.
We may also add a short assessment to the database after we have interviewed you.
Legal justification
GDPR Art. 6.1 (a) and Art. 88 in conjunction with German Data Protection Act (BDSG) Section 26 para. 2 serve as legal justification for us to process your data.
Storage period
We will store your data in the talent pool for as long as you wish, and we will delete it as soon as you choose not to be included.
Processing for law enforcement
Type and scope of data processing
We will also process your personal data on our website if necessary to assert our rights and enforce legal claims and defend ourselves against legal claims against us. We will also process your personal data as long as necessary for the prevention or prosecution of criminal offences.
We will only process the data relevant to law enforcement such as master data, business data, and communications.
Legal justification and purpose
We will process the data to achieve the purposes stated in the above. We will also process personal data according to GDPR Art. 17.3 (e) to assert, exercise, or defend against legal claims in the event of potential obligation to delete personal data.
GDPR Art. 6.1 (f) serves as legal justification as we will be processing the data in order to defend our vested interests to assert legal claims or defend ourselves in legal disputes, or in the interests of prevention or prosecution of criminal offences.
Storage period
We will store your personal data until the limitation periods affecting any legal claims arising from our business relationship have expired. These limitation periods usually lie between one and three years but may extend to up to thirty years. We will store your personal data at least until a pending legal dispute has come to a final conclusion.
Recipients
The recipients would be our legal advisors where applicable if we are asserting legal claims.
Processing for contract fulfilment
Processing
We will also process your personal data to the extent required by law, such as to comply with statutory retention periods and/or documentation requirements.
Legal justification and purpose
We will process your data for the above purposes.
GDPR Art. 6.1 (c) serves as legal justification in conjunction with the respective statutory obligations in Germany such as retention periods according to Commercial Code (HGB) Section 257 para. 4 and Fiscal Code (AO) Section 147 para. 3 and 4.
Data categories
We will process data such as master data, business data, and communications as necessary to fulfil our legal obligations.
Storage period
Storage periods may usually extend up to ten years; some cases may require a longer storage period.
Recipients
Potential recipients will include the tax office and its employees in the event of a tax audit.
Links
Some parts of our website include links to third party websites. Each of these websites will be subject to its own privacy policy. We are not responsible for their operation, which includes how they process data. We advise you to check the privacy policies of these websites before submitting information using these third-party websites.
In particular, we use links to the Facebook, Instagram, X, LinkedIn, and YouTube social media platforms. Clicking on the link will redirect you to another website; your user information will only be transferred to the respective site at this point. Refer to the privacy policy on the respective websites for information on how they will be handling your data when you use these social media platforms.
Changes
This privacy policy is a transparency document according to GDPR Art. 13 and Art. 14, and we are required to keep this privacy policy current. Please check this privacy policy regularly for the latest version.
Last updated in November 2023