Privacy policy
We, R-Biopharm AG, as the entity responsible for content and responsible under data protection law for the website imupro.com, take the protection of your personal data very seriously. Your privacy is very important to us.
The following provisions aim to provide you with information about the processing of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR), in particular taking into account the information obligations in accordance with Articles 12 to 14 GDPR and clarifying the rights of data subjects set out by GDPR in accordance with Articles 15 to 22 and Article 34 GDPR.
Information on the responsible authority
The following is responsible for the processing of your personal data:
R-Biopharm AG
An der neuen Bergstraße 17
D-64297 Darmstadt
Tel.: +49 – (0) 6151 – 81020
Fax: +49 – (0) 6221 – 810240
Email: info@r-biopharm.de
Further information is available in the imprint.
Information on our data protection officer
You can contact our data protection officer on datenschutz@imupro.com.
General information on data protection
We process your personal data in accordance with the respective applicable statutory data protection requirements for the purposes listed below for each group of data subjects:
In principle, we only collect and use our users’ personal data to the extent that this is necessary to provide a functional website and our content and services. Our users’ personal data are only collected and used after users have granted their consent. An exception to this rule applies in cases in which obtaining consent in advance is not possible for factual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of your data:
- Where we obtain consent from the data subject for the personal data processing processes, the legal basis for this is Article 6 paragraph 1A of the EU General Data Protection Regulation (GDPR).
- When processing personal data that is necessary to perform a contract, the contracting party of which is the data subject, Article 6 paragraph 1B GDPR is the legal basis. This also applies to processing that is necessary to perform pre-contractual measures.
- Where processing is necessary to fulfil a legal obligation to which our company is subject, Article 6 paragraph 1C GDPR is the legal basis.
- If the processing is necessary to protect the legitimate interests of our company of a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interests, Article 6 paragraph 1F GDPR is the legal basis of the processing.
Legitimate interests can in particular be:
- responding to queries;
- carrying out direct marketing measures;
- providing services and/or information intended for you;
- processing and transferring personal data for internal or administrative purposes;
- operating and managing our website;
- providing technical support to our users;
- avoiding and identifying cases of fraud and criminal offences;
- protecting against payment default when collecting information on creditworthiness in the event of queries regarding deliveries and services; and/or
- ensuring network and data security where these interests are in line with the rights and freedoms of the user.
Categories of recipient
- Service providers to optimise the website, online marketing service providers and tools, information and communication technology companies, software and device maintenance companies where described in greater detail below.
- Social networks and communities where described in greater detail below
- Internal recipients based on the “need to know” principle
Usage data/server log files
Each time our websites are accessed, our systems automatically store data and information from the computer system accessing the website.
The following types of data are collected: browser type, version used, user’s operating system, internet service provider, user’s IP address, date and time the website was accessed, websites from which the user’s system arrived at our website or which the user accesses from our website.
The legal basis for the temporary storage of the data and the log files is Article 6 paragraph 1F GDPR with the above-mentioned legitimate interests.
The temporary storage of the IP address by the system is needed to deliver the website to the user’s computer. In order to do this, the user’s IP address must remain stored for the duration of the session.
Log files are stored to ensure the functionality of the website. We also use the data to optimise the website and ensure the security of our information technology systems. There is no evaluation of the data for marketing purposes in this context. These purposes represent a legitimate interest in data processing on our part. The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the recording of the data to provide the website, this is the case when the respective session is ended. We further reserve the right to check the files if there are specific reasons for a justified suspicion of illegal use or a specific attack on the websites. In this case, our legitimate interest is processing for the purpose of clarifying and prosecution of attacks and illegal use of this type.
Use of cookies
We use cookies. Cookies are text files stored in the internet browser or by the internet browser on the user’s computer system. If a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic sequence of characters that enables the browser to be clearly identified if the website is accessed again. We only use cookies to make our website more user-friendly. Some elements of our website require the browser accessing the site to be able to be identified after the webpage has been changed. The cookies only store and send the following data: language settings, items in a shopping basket, login information etc.
The legal basis for the processing of personal cookies using cookies that are technically necessary is Article 6 paragraph 1F GDPR.. Our justified interest lies in the provision of our website and the improvement of our website performance.
The purpose of the use of technically necessary cookies is to simplify the use of websites for users. A number of functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognised again after the page is changed. We require cookies to provide a shopping basket, to transfer language settings, to remember search terms etc. Cookies are stored on the user’s computer and sent by this computer to our website. You as the user therefore have full control of the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transfer of cookies. Cookies that have already been stored can be deleted at any time. This can also occur automatically. If cookies are deactivated for our website, not all of the functions of the website may be able to be used to the full extent. You can manage the cookies of a number of US companies via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/uk/your-ad-choices/.
Google Analytics
Some of our websites use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer, to analyse the use of the website. The information about your use of this website generated by the cookie is generally transferred to a Google server in the USA and stored there. If IP anonymisation is activated on this website, your IP address will be truncated by Google in advance within Member States of the European Union or other contracting parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website to analyse, to prepare reports on the website activities and to provide further services to the website operator linked to the use of the website and the use of the internet. The IP address sent by your browser as part of Google Analytics is not combined with other Google data. The legal basis for the processing of users’ personal data is Article 1 paragraph 1F GDPR. We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our website and make it more interesting to you as a user. This website also uses Google Analytics for a cross-device analysis of user flows carried out using a user ID. You can deactivate the cross-device analysis of your use in your customer account under “My data”, “Personal data”.
You can prevent the storage of cookies at any time by setting your browser software accordingly; we wish to note, however, that if you do this you will not be able to use all of the functions of this website to the full extent. You can also prevent the detection of the information generated by the cookie and related to the use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de. This website uses Google Analytics with the extension „_anonymizeIp()“. This results in IP addresses being processed in abbreviated form, so it is possible to exclude a link to any individual. Where the data collected about you refers to you as a person, this is immediately ruled out and the personal data therefore immediately deleted. For the exceptional cases in which personal data are transferred to the US, Google has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Information on the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User terms: http://www.google.com/analytics/terms/de.html, Overview of privacy: http://www.google.com/intl/de/analytics/learn/privacy.html, and the privacy policy: http://www.google.de/intl/de/policies/privacy.
Google reCAPTCHA
In order to ensure sufficient data security when sending forms, we use the reCAPTCHA service provided by Google Inc. This is primarily used to distinguish whether the entry is made by a natural person or is abusive machine or automated processing. Once you have entered the information and pushed the relevant confirm button, your IP address and other data that may be necessary for the reCAPTCHA service are sent to Google. The legal basis for the processing of your IP address and the use of reCAPTCHA is Article 6 paragraph 1F GDPR. Our legitimate interest lies in the secure transfer of form data and the smooth operation of our website.
Deviating data protection provisions from Google Inc. also apply. Further information on the Google Inc. data protection regulations can be found on http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/.
Use of New Relic
A plugin provided by the website analysis service by New Relic is used on this website. This service is provided by New Relic Inc., 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA. This enables a statistical evaluation to be carried out of the speed of the website. Through the plugin, New Relic receives the information that a user has accessed the corresponding page on the website. If you are logged in as a New Relic user, New Relic will be able to attribute the visit to your account. If you are not a member of New Relic, however, New Relic can still find out and store your IP address. The purpose and scope of the data collection and information on the processing and use of the data by New Relic along with possible settings to protect users’ privacy can be found in the New Relic privacy statements: https://newrelic.com/privacy.
If you are a member of New Relic and do not want New Relic to collect data about you via our websites and link it to your membership data stored with New Relic, you have to log out of New Relic before you visit our website.
Facebook plugins
Our website uses social media plugins provided by the social network facebook.com which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can be identified by the Facebook logo (a white “f” on a blue box, the term “Like”, “Gefällt mir” [like] or a “thumbs up” symbol) or are labelled “Facebook social plugin”. The list and the appearance of the Facebook social plugin can be viewed here: https://developers.facebook.com/docs/plugins/. When a user or a website accesses a page on our website that contains a plug-in of this type, the browser will establish a direct connection to the Facebook servers. The content of the plug-in will be sent by Facebook directly to your browser and integrated by your browser into the website. The provider has no influence over the scope of the data that Facebook collects via this plugin and therefore informs the user in line with the provider’s level of knowledge: The inclusion of the plugin means Facebook receives the information that a user has accessed the corresponding page on the website. If the user is logged in to Facebook, Facebook can attribute their visit to their Facebook account. If users interact with the plugins, for example they click on the Like button or make a comment, the relevant information will also be sent directly to Facebook by the browser and stored there. If you are not a member of Facebook, Facebook can still find out your IP address and store it. According to Facebook, only anonymised IP addresses are stored in Germany. The purpose and scope of the data collection and the further dissemination and use of data by Facebook and users’ rights in this regard and settings to protect their privacy are available in Facebook’s privacy policy: https://www.facebook.com/about/privacy/. If a user is a Facebook member and does not want Facebook to collect data about them via this website and link it to their membership data stored on Facebook, they have to log out of Facebook before visiting the website. Further settings and refusals for the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads.
Special privacy policy for Twitter plugins
This website uses plugins and services by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, that are linked by buttons or links with “Twitter” or “Follow” on them or a blue bird. These can be used to share an article or a website on Twitter or follow an account or topic on Twitter. If you access a page on this website that contains a button of this kind, your browser will create a link to the Twitter servers to send the content of the button to your browser. We have no influence over the scope of data that Twitter collects with the help of these services and can only provide information to the best of our knowledge. As far as we are aware, only your IP address and the URL of the respective website are sent when you use the button. We are not able to make any statements on whether Twitter uses these data for further purposes. You can find further information about this in Twitter’s privacy policy on http://twitter.com/privacy.
Special privacy policy for the LinkedIn button
On our website, we use plugins provided by the social network LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). The plugin can be identified by the LinkedIn logo or a corresponding “recommended” label on the button. When you visit our website, a link is established between your browser and LinkedIn via the plugin. Through your IP address, LinkedIn obtains the information that you have visited our website. If you click the LinkedIn button while logged in to your LinkedIn account, you can link the content of our pages to your LinkedIn profile. LinkedIn can then attribute your visit to our website to your profile. As the provider of the websites, we do not receive any information about the content of the data transferred or its use from LinkedIn. More information on the purpose and scope of the collection, processing or use of the data can be found in the LinkedIn privacy policy: http://linkedin.com/legal/privacy-policy
ImuPro Quick Check
ImuPro Quick Check can be used on our website. ImuPro Quick Check is a self-diagnosis tool which can provide an initial assessment of whether foods could be a critical factor in chronic symptoms. Once you have answered all the questions in the check, you can print out your results or send them via email. If a user chooses the email option, the data entered into the entry form are sent to us and stored. These data are: name, email address, country, optionally your telephone number etc. At the point at which the message is sent, the following data are also stored: IP address, date and time. Your consent for the processing of the data is obtained during the sending process and reference is made to the privacy policy. The data collected as part of the processing of data to send your test results are not passed on to third parties. The data are only used to send the Quick Check results. Where the user has consented to the processing of the data, the legal basis for this is Article 6 paragraph 1A GDPR.
Contact form and email contact
There is a contact form on our website which can be used for making electronic contact. If a user makes use of this option, the data entered into the input field are sent to us and stored. These data are: name, address, email address, telephone number etc. At the point at which the message is sent the following data are also stored: IP address, date and time. Your consent for the processing of the data is obtained during the sending process and reference is made to the privacy policy.
Alternatively, contact can be made via the email address provided. In this case, the personal data sent in the email are stored. These data are not passed on to third parties. The data are used exclusively for the conversation.
The legal basis for the processing is:
- For the processing of data following registration by the user for a newsletter where the user has consented, Article 6 paragraph 1A GDPR.
- For the processing of data sent via an email, Article 6 paragraph 1F with the above-mentioned legitimate interests.
- If the email contact aims to conclude a contract, the additional legal basis for the processing is Article 6 paragraph 1B GDPR.
The processing of personal data from the input field is exclusively used to make contact. In the event that contact is made via email, there is also a legitimate interest in the processing of the data. The other personal data processed during the sending process are used to prevent abuse of the contact form and ensure the security of our information technology systems.
The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of personal data entered into the contact form and that sent via email, this is the case once the respective conversation with the user is over. The conversation is over when the circumstances dictate that the content in question has been finally clarified. The personal data also collected during the sending process are deleted after a period of no more than seven days.
The user can revoke his or her consent for the processing of his/her personal data at any time. If the user contacts us via email, he/she can revoke his/her consent for the storage of his/her personal data at any time. In this case, the conversation cannot be continued.
Data collection during registration and registered use: Some of our websites require or offer registration. The data collected are used for the purposes of use of the respective websites and services unless otherwise described and explicitly consented to during registration. The data collected come from the input screen during registration. All additional data that you may add later to complete your profile are optional and voluntary. After registration, we are permitted to inform you of relevant circumstances linked to the service for which you have registered using the email address provided.
Sending data via the internet
There are fundamentally certain risks attached to the sending of data via the internet. There is no particular encryption of the data, in particular messages from contact forms on our website and messages in the chat service are sent unencrypted.
Please consider this when sending data. If you want to communicate with us via encrypted email, this is possible via S/MIME encryption. Please inform us if you wish to use encryption as we normally send unencrypted information due to the low level of penetration of email encryption processes on the market.
Data transfer
If you communicate your personal data to us, they will only be passed on to third parties where this is necessary to conclude the contractual relationship or this is justified for another legal reason.
We provide certain services, however, with the assistance of service providers. We have selected these service providers carefully and taken appropriate measures to protect your personal data.
Storage periods: The personal data of the data subject will be deleted or blocks as soon as the purpose of the storage no longer applies. The data can also be stored if this is provided for under European or national legislation in directives, laws or other provisions under European Union law to which the responsible party is subject. The data are also blocked or deleted if a storage period set out by the above-mentioned standards expires unless there is a need for further storage of the data for the conclusion of a contract or the performance of a contract.
Reference to your rights
You have the right
- to request confirmation from us regarding whether personal data concerning you are processed by us; if this is the case, you are entitled to information about these personal data and to the information individually listed in Article 15 GDPR.
- to request the transmission of the data concerning you subject to the restrictions of Article 20 GDPR in a commonly-used and machine-readable format. This also includes the transmission (where possible) to another controller directly appointed by you.
- to request that we correct your data where this is incorrect, inaccurate and/or incomplete. Correction also includes completion by means of clarification or communication.
- to request that we delete personal data concerning you immediately where one of the reasons listed individually in Article 17 GDPR applies. We are unfortunately not able to delete data that are subject to a statutory storage period. If you want us to cease contacting you via newsletter or in other ways, we will store your contact details on a blocked list for this purpose.
- to revoke any consent you may have granted effective for the future without experiencing any disadvantages as a result.
- to request that we restrict processing if one of the conditions set out in Article 18 GDPR is met.
- to refuse consent for the processing of personal data concerning you for reasons arising from your specific situation. We will then cease to process the personal data unless we are able to show compelling, reasons that are worthy of protection and outweigh your interests rights and freedoms, or the purpose of the processing is the establishment, exercise or defence of legal claims (Article 21 GDPR).
- irrespective of any other legal remedies under administrative law or common law, if you are of the opinion that the processing of personal data concerning you breaches GDPR to object to
- our data protection officer: datenschutz@imupro.com or by post (see imprint)
- to make a claim to the supervisory authorities in the member state in which you are resident, in the location where you work or in the location of the alleged breach.