Privacy Policy

1. Data protection at a glance

Introduction

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that could allow you to be personally identified. Detailed information on the subject of data protection can be found in our privacy policy below.

Data collection on our website

Who is responsible for the data collection on this website and who is the data protection officer?

The data collected on this website are processed by the website operator. The operator’s contact details can be found in the website’s required legal notice.

Our data protection officer can be contacted at the following contact details:

DataCo GmbH, Dachauer Str. 65, 80335 München
Tel.: +49 89 442 550 - 62649
E-Mail: datenschutz@dataguard.de

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or the date and time you accessed the site. Such data are collected automatically when you use our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyse how visitors use the site. We use the data you enter on contact forms to contact you.

What rights do you have regarding your data?

You have, at any time, the right to request at no cost information about any personal data we have retained about you, including its origin, its recipients and the purpose of its collection. You also have the right to request that it be corrected, blocked or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about data protection. You may also, of course, file a complaint with the competent supervisory authority.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behaviour. This is done primarily through the use of cookies and analytic services. The analysis of your surfing behaviour is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using particular tools. Detailed information can be found in the following privacy policy.

You can object to this analysis. We will inform you below about how to exercise your options in this regard.

External links

Our website contains links to the websites of third parties. As we have no control over the content of these websites, we can assume no liability for such third-party content. In all cases, the responsibility for the content and accuracy of the information found on the linked websites lies with the respective website provider or operator. At the time the links were created, the linked pages were checked for possible legal infringements. There was no evidence of illegal content on the linked pages at this time. However, a continuous monitoring of the content of linked websites is not reasonable without specific evidence indicating a legal infringement. Upon obtaining knowledge of a legal infringement, we will immediately remove the link in question.

2. General information and mandatory information

Data protection

The operator of this website takes the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory provisions on data protection and this privacy policy.

If you use this website, various personal data will be collected. Personal information is any data that could allow you to be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this is done.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. It is not possible to fully protect your data from third-party access.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

Biotechnologie-Industrie-Organisation Deutschland e.V. (BIO Deutschland e. V.)
Headquarters
Schützenstraße 6a
10117 Berlin
Germany

Phone: +49 30 2332164-00
Email: info@biodeutschland.org

The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (names, email addresses, etc.).

Legal basis for processing personal data

We will process your personal data only after you have given your express consent to such processing pursuant to Article 6(1)(a) of the European Union’s General Data Protection Regulation (GDPR).

An exception applies where it is not possible to obtain prior consent due to factual reasons and where statutory provisions ‒ Article 6(1)(b-f) of the GDPR ‒ permit the processing of data.

You have the right to revoke, at any time, the consent you have given. This can be done by simply sending an email to the party responsible for this website at info@biodeutschland.org. The legality of the data processing carried out up until the point of revocation remains unaffected by the revocation of consent.

Data retention and deletion

Your personal data will be deleted or blocked as soon as it is apparent that the data is no longer needed for the purpose for which it was retained. Your personal data may be retained beyond this time if this is provided for by the European or national legislator in EU regulations, laws or other statutory provisions to which we are subject. The data will also be blocked or deleted if a retention period prescribed by the above-mentioned legal rules expires, unless further storage of the data is necessary for conclusion or fulfilment of a contract.

SSL/TSL encryption

This site uses SSL or TLS encryption for security reasons as well as to protect the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address bar when the URL changes from "http://" to "https://" and when a lock icon is displayed there.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties

3. Data collection on our website

Cookies

We use so-called cookies on certain portions of our website. Cookies neither harm your computer nor contain any viruses. Cookies help make our website more user-friendly, efficient and secure. Cookies are small text files that are placed on your computer and saved by your browser.

Most of the cookies we use are session cookies. They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies enable us to recognise your browser the next time you visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or decline a cookie. You can also configure your browser to automatically accept cookies under certain conditions or to rejects all cookies, or to automatically delete cookies when closing your browser. Disabling cookies may negatively impact the functionality of this Website.

Cookies that are necessary to enable electronic communications or to provide particular functions you wish to use (such as the shopping cart) are stored pursuant to Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in storing cookies in order to ensure its services are provided in an optimal way and without any technical errors. If other types of cookies (such as those used to analyse your surfing behaviour) are also stored, they will be discussed separately in this privacy policy under Section 6 (“Analytics and advertising”).

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in server log files. This information includes:

  • browser type and browser version
  • operating system used
  • referrer URL
  • host name of the accessing computer
  • time and date of the server request
  • IP address

This information will not be combined with data from other sources. The legal basis for processing such data is Article 6(1)(b) of the GDPR, which permits the processing of data if such is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Forms

Should you send us an inquiry via forms on this website, we will retain the data entered on the form, including the contact details you provide, in order to process your inquiry and any follow-up inquiries. We will not share this information without your consent.

Data that you enter into forms on this website are thus processed solely on the basis of consent given by you pursuant to Article 6(1)(a) of the GDPR. You may revoke your consent at any time. This can be done by simply sending an email to the party responsible for this website at info@biodeutschland.org. The legality of the data processing carried out up until the point of revocation remains unaffected by the revocation of consent.  

We will retain the data you enter into forms on this website until you request its deletion, revoke your consent for its retention or the purpose for its retention no longer applies (such as after the processing of your inquiry has been completed). Any mandatory statutory provisions, especially those pertaining to mandatory data retention periods, remain unaffected by this provision.

Data processing (customer and contract data)

We collect, process and use personal data only insofar as necessary to establish or modify legal relationships with us (master data). This is done pursuant to Article 6(1)(b) of the GDPR, which permits the processing of data if this is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. We collect, process and use personal data concerning the usage of our website (usage data) only to the extent required to enable you to use our service or to invoice you for the same.

Customer data that are retained will be deleted upon completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Data transferred during the conclusion of contracts concerning services and digital content

We transfer personal data to third parties only to the extent necessary for the performance of a contract to which the data subject is party, such as to banks with which we have contracted for payment processing.

Your data will not be transferred for any other purpose unless you have given your express consent to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.

The legal basis for processing such data is Article 6(1)(b) of the GDPR, which permits the processing of data if this is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

4. Newsletter

Newsletter data

If you would like to receive the newsletter offered via this website, we need an email address from you as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No further data is collected unless you provide data on a voluntary basis.

We use this data exclusively for the purposes of sending the requested information and do not pass it on to third parties. Data that you enter into the newsletter sign-up form are processed solely on the basis of consent given by you pursuant to Article 6(1)(a) of the GDPR. You may revoke, at any time, your consent to the retention of your data and your email address as well as to their being used for sending the newsletter. This can be done, for example, via the “unsubscribe” link in the newsletter. The legality of the data processing carried out up until the point of revocation remains unaffected by the revocation of consent.

The data you provided when signing up for the newsletter will be retained as long as you maintain your subscription. Should you cancel your subscription, this data will be deleted. Data that we have retained for other purposes (such as email addresses for the members area) remain unaffected.

5. Plug-ins and tools

Social media - Twitter plug-in

Our website incorporates functions of the Twitter service. These functions are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use Twitter and the retweet function, the websites you visit will be connected to your Twitter account and can be viewed by other users. In doing so, data will also be transferred to Twitter. Please note that, as the operator of this website, we have no knowledge of the content of the data transferred to Twitter or how it will be used by Twitter. Further information about Twitter's privacy policy can be found at: https://twitter.com/privacy .

You can change your Twitter privacy settings in your account settings: https://twitter.com/account/settings.

YouTube

Our website uses plug-ins from YouTube, which is operated by Google. The operator of the website is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plug-in, a connection to YouTube’s servers is established. Information about which of our pages you have visited is relayed to YouTube’s servers. If you're logged in to your YouTube account, YouTube allows you to link your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used to present our online content in an appealing way. This constitutes a legitimate interest pursuant to Article 6(1)(f) of the GDPR.

For more information on how YouTube handles users’ data, see Google’s privacy policy at https://policies.google.com/privacy?hl=en.

Google Maps

This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use Google Maps, it is necessary to save your IP address. This information is generally transferred to a Google server in the United States and stored there. The operator of this website has no influence on this data transfer.

The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a legitimate interest pursuant to Article 6(1)(f) of the GDPR.

For more information about how Google handles user data, see Google’s privacy policy at www.google.de/intl/de/policies/privacy/.

6. Analytics and advertising

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses “cookies”, which are text files placed on your computer to help the website analyse how users use the site. The information generated by the cookie about your use of the website will normally be transferred to and stored by Google on servers in the United States. Google Analytics cookies are stored based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in analysing user behaviour to optimize both its website and its advertising.

IP anonymisation

We have activated the IP anonymisation feature on this website. Your IP address will be truncated by Google within an EU member state or other EEA state before being transferred to the United States. Only in exceptional situations will your full IP address be sent to a Google server in the United States and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the website operator. Google will not link the IP address transmitted by your browser as part of Google Analytics to any other data held by Google.

Browser add-on

You can prevent cookies from being stored by selecting the appropriate settings in your browser. Please note, however, that in doing so you may not be able to fully use all functions of this website. You can also prevent the data generated by cookies about your use of the website (including your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser add-on available at https://tools.google.com/dlpage/gaoptout?hl=en-GB.

Opting out of data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link (an opt-out cookie will be placed on your computer to prevent your data from being collected on subsequent visits to this website): Disable Google Analytics.

For more information about how Google Analytics handles users’ data, see Google’s privacy policy at https://support.google.com/analytics/answer/6004245?hl=en.

Google Analytics’ demographics and interests tool

This website uses Google Analytics’ demographics and interests tool. This allows reports to be generated containing information about the age, gender and interests of site visitors. These data come from interest-based advertising from Google and third-party user data. The collected data cannot be attributed to any specific person. You can disable this tool at any time by changing the ads settings in your Google account or you can prohibit Google Analytics from collecting your data by following the instructions in the section “Opting out of data collection”.

Use of Facebook Pixel

Scope of the processing of personal data

We use Facebook Pixel from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA and its representative in the European Union Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour , D2 Dublin, Ireland, (hereinafter “Facebook”), on our website. This allows us to track the behaviour of users after they have viewed or clicked on a Facebook ad. As a result, personal data may be stored and analysed, in particular the activity of users (especially which pages they have visited and which elements they have clicked on), device and browser information (especially the users’ IP address and operating system), data about the displayed ads (especially which ads were displayed and whether users clicked on them) as well as data of advertising partners (especially pseudonymised user IDs). This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes.

Such data may be transferred to Facebook servers in the United States. Facebook is certified under the Privacy Shield Agreement between the European Union and the United States. This ensures Facebook is committed to complying with the standards and regulations of European data protection law. For more information, see the following link: www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

The data collected this way is anonymous to us, which means we do not see the personal data of individual users. However, this data is stored and processed by Facebook. Facebook may link this data to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s data policy.

For more information about how Facebook processes data, see Facebook’s data policy at https://en-gb.facebook.com/policy.php.

Purpose of the data processing

The use of Facebook Pixel enables us to analyse and optimise advertising measures.

Legal basis for processing personal data

The legal basis for the processing of personal data is the consent of the user in accordance with Article 6(1)(1)(a) of the GDPR.

Duration of data storage

Your personal information will be stored for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.

Objection and removal options

You have the right to revoke your declaration of consent pursuant to data protection law at any time. The revocation of your consent does not affect the legality of the processing that took place on the basis of your consent prior to revocation.

You can prevent the collection and processing of your personal data by Facebook by stopping third-party cookies from being stored on your computer, by using the “Do Not Track” feature of a supporting browser, by disabling the execution of script code in your browser, or by installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (www.ghostery.com) in your browser.

Further information about objection and removal options regarding Facebook can be found at https://en-gb.facebook.com/policy.php.

7. Rights and remedies

If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:

Right of access

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data concerning you or restriction of processing of such personal data or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from you, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to obtain from the controller information as to whether or not personal data concerning you are being transferred to a third country or to an international organisation. Where that is the case, you have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.

Your right of access may be restricted only if it is likely to render impossible or seriously impair the achievement of the objectives of processing for research or statistical purposes and the restriction is necessary to achieve the objectives of processing for research or statistical purposes.

Right to rectification

You have the right to obtain from the controller the rectification of inaccurate personal data concerning you, as well as the right to have incomplete personal data completed. The controller is obligated to carry out the rectification without undue delay.

Your right to rectification may be restricted only if it is likely to render impossible or seriously impair the achievement of the objectives of processing for research or statistical purposes and the restriction is necessary to achieve the objectives of processing for research or statistical purposes.

Right to restriction of processing

You have the right to obtain from the controller restriction of processing where the following applies:

  • you contest the accuracy of personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the you oppose the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
  • you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

Where the processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state. If you have obtained restriction of processing pursuant to the above requirements, you shall be informed by the controller before the restriction of processing is lifted.

Your right to restriction of processing may be restricted only if it is likely to render impossible or seriously impair the achievement of the objectives of processing for research or statistical purposes and the restriction is necessary to achieve the objectives of processing for research or statistical purposes.

Right to erasure (“right to be forgotten”)

Obligation to erase

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase such personal data without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you withdraw consent on which the processing is based according to Article 6(1)(a), or Article 9(2)(a) of the GDPR, and where there is no other legal ground for the processing;
  • you object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in European Union or member state law to which you are subject;
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

Informing third parties

Where the controller has made personal data concerning you public and is obliged pursuant to Article 17(1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. Derogations

The right to erasure shall not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by the European Union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with Article 9(1)(h) and (i) as well as Article 9(3) of the GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in Section (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.
Right to be notified

If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you request such information.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  • the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR;
  • and the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. That right should not adversely affect the rights or freedoms of others. That right shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, you, on grounds relating to your particular situation, have the right to object to processing of personal data concerning you.

Your right to object may be restricted only if it is likely to render impossible or seriously impair the achievement of the objectives of processing for research or statistical purposes and the restriction is necessary to achieve the objectives of processing for research or statistical purposes.

Right to lodge a complaint with a supervisory authority

If your data protection rights are breached, you have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection matters is the data protection commissioner of the German federal state in which our association is domiciled. A list of the data protection officers and their contact details can be found at: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.