We, R-Biopharm AG, as the entity responsible for content and responsible under data protection law for the website imupro.com, take the protection of your personal data very seriously. Your privacy is very important to us.
The following provisions aim to provide you with information about the processing of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR), in particular taking into account the information obligations in accordance with Articles 12 to 14 GDPR and clarifying the rights of data subjects set out by GDPR in accordance with Articles 15 to 22 and Article 34 GDPR.
Information on the responsible authority
The following is responsible for the processing of your personal data:
An der neuen Bergstraße 17
Tel.: +49 – (0) 6151 – 81020
Fax: +49 – (0) 6221 – 810240
Further information is available in the imprint.
Information on our data protection officer
You can contact our data protection officer on firstname.lastname@example.org.
General information on data protection
We process your personal data in accordance with the respective applicable statutory data protection requirements for the purposes listed below for each group of data subjects:
In principle, we only collect and use our users’ personal data to the extent that this is necessary to provide a functional website and our content and services. Our users’ personal data are only collected and used after users have granted their consent. An exception to this rule applies in cases in which obtaining consent in advance is not possible for factual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of your data:
- Where we obtain consent from the data subject for the personal data processing processes, the legal basis for this is Article 6 paragraph 1A of the EU General Data Protection Regulation (GDPR).
- When processing personal data that is necessary to perform a contract, the contracting party of which is the data subject, Article 6 paragraph 1B GDPR is the legal basis. This also applies to processing that is necessary to perform pre-contractual measures.
- Where processing is necessary to fulfil a legal obligation to which our company is subject, Article 6 paragraph 1C GDPR is the legal basis.
- If the processing is necessary to protect the legitimate interests of our company of a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interests, Article 6 paragraph 1F GDPR is the legal basis of the processing.
Legitimate interests can in particular be:
- responding to queries;
- carrying out direct marketing measures;
- providing services and/or information intended for you;
- processing and transferring personal data for internal or administrative purposes;
- operating and managing our website;
- providing technical support to our users;
- avoiding and identifying cases of fraud and criminal offences;
- protecting against payment default when collecting information on creditworthiness in the event of queries regarding deliveries and services; and/or
- ensuring network and data security where these interests are in line with the rights and freedoms of the user.
Categories of recipient
- Service providers to optimise the website, online marketing service providers and tools, information and communication technology companies, software and device maintenance companies where described in greater detail below.
- Social networks and communities where described in greater detail below
- Internal recipients based on the “need to know” principle
Usage data/server log files
Each time our websites are accessed, our systems automatically store data and information from the computer system accessing the website.
The following types of data are collected: browser type, version used, user’s operating system, internet service provider, user’s IP address, date and time the website was accessed, websites from which the user’s system arrived at our website or which the user accesses from our website.
The legal basis for the temporary storage of the data and the log files is Article 6 paragraph 1F GDPR with the above-mentioned legitimate interests.
The temporary storage of the IP address by the system is needed to deliver the website to the user’s computer. In order to do this, the user’s IP address must remain stored for the duration of the session.
Log files are stored to ensure the functionality of the website. We also use the data to optimise the website and ensure the security of our information technology systems. There is no evaluation of the data for marketing purposes in this context. These purposes represent a legitimate interest in data processing on our part. The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the recording of the data to provide the website, this is the case when the respective session is ended. We further reserve the right to check the files if there are specific reasons for a justified suspicion of illegal use or a specific attack on the websites. In this case, our legitimate interest is processing for the purpose of clarifying and prosecution of attacks and illegal use of this type.
The legal basis for the processing of personal cookies using cookies that are technically necessary is Article 6 paragraph 1F GDPR.. Our justified interest lies in the provision of our website and the improvement of our website performance.
Some of our websites use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer, to analyse the use of the website. The information about your use of this website generated by the cookie is generally transferred to a Google server in the USA and stored there. If IP anonymisation is activated on this website, your IP address will be truncated by Google in advance within Member States of the European Union or other contracting parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website to analyse, to prepare reports on the website activities and to provide further services to the website operator linked to the use of the website and the use of the internet. The IP address sent by your browser as part of Google Analytics is not combined with other Google data. The legal basis for the processing of users’ personal data is Article 1 paragraph 1F GDPR. We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our website and make it more interesting to you as a user. This website also uses Google Analytics for a cross-device analysis of user flows carried out using a user ID. You can deactivate the cross-device analysis of your use in your customer account under “My data”, “Personal data”.
You can prevent the storage of cookies at any time by setting your browser software accordingly; we wish to note, however, that if you do this you will not be able to use all of the functions of this website to the full extent. You can also prevent the detection of the information generated by the cookie and related to the use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de. This website uses Google Analytics with the extension „_anonymizeIp()“. This results in IP addresses being processed in abbreviated form, so it is possible to exclude a link to any individual. Where the data collected about you refers to you as a person, this is immediately ruled out and the personal data therefore immediately deleted. For the exceptional cases in which personal data are transferred to the US, Google has committed to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
In order to ensure sufficient data security when sending forms, we use the reCAPTCHA service provided by Google Inc. This is primarily used to distinguish whether the entry is made by a natural person or is abusive machine or automated processing. Once you have entered the information and pushed the relevant confirm button, your IP address and other data that may be necessary for the reCAPTCHA service are sent to Google. The legal basis for the processing of your IP address and the use of reCAPTCHA is Article 6 paragraph 1F GDPR. Our legitimate interest lies in the secure transfer of form data and the smooth operation of our website.
Deviating data protection provisions from Google Inc. also apply. Further information on the Google Inc. data protection regulations can be found on http://www.google.de/intl/de/privacy or https://www.google.com/intl/de/policies/privacy/.
Use of New Relic
A plugin provided by the website analysis service by New Relic is used on this website. This service is provided by New Relic Inc., 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA. This enables a statistical evaluation to be carried out of the speed of the website. Through the plugin, New Relic receives the information that a user has accessed the corresponding page on the website. If you are logged in as a New Relic user, New Relic will be able to attribute the visit to your account. If you are not a member of New Relic, however, New Relic can still find out and store your IP address. The purpose and scope of the data collection and information on the processing and use of the data by New Relic along with possible settings to protect users’ privacy can be found in the New Relic privacy statements: https://newrelic.com/privacy.
If you are a member of New Relic and do not want New Relic to collect data about you via our websites and link it to your membership data stored with New Relic, you have to log out of New Relic before you visit our website.
Our website uses the “+1″ plugin provided by the social network Google+, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). The button can be identified by the “+1” symbol on a white or coloured background.
If you access website that contains the Google +1 button, your browser will establish a direct connection to the Google servers. The content of the plugin will be sent by Google to your browser and integrated by your browser into the website. According to Google, no personal data are collected unless you click on the button. Data of this kind, such as IP addresses, should only be collected and processed from members who are logged in. If you push the button, the resulting information is sent by your browser to Google and stored there.
If you are a Google+ member and do not want Google to collect personal data via our website and link it to your Google member account, you have to log out of Google Plus before visiting our websites. You also have to delete the Google cookie before logging in to Google again to prevent a retroactive link.
Our website uses plugins provided by the social network Pinterest, operated by Pinterest Inc., 635 High Street, Palo Alto, California, 94301, USA (“Pinterest”). You can identify the plugin from the “Pin it” button. When your access the button the IP address and further information about your browser, your operating system and your internet provider are sent to Pinterest. Pinterest also sets a cookie. If you click the Pin it button while you are logged in to your Pinterest account, our website will be linked to your Pinterest profile and your use of our websites linked to your profile. We are not aware nor do we have influence over the collection, processing or use of your data by Pinterest. Further information is available from Pinterest: www.pinterest.com
Imupro Quick Check
Contact form and email contact
Alternatively, contact can be made via the email address provided. In this case, the personal data sent in the email are stored. These data are not passed on to third parties. The data are used exclusively for the conversation.
The legal basis for the processing is:
- For the processing of data following registration by the user for a newsletter where the user has consented, Article 6 paragraph 1A GDPR.
- For the processing of data sent via an email, Article 6 paragraph 1F with the above-mentioned legitimate interests.
- If the email contact aims to conclude a contract, the additional legal basis for the processing is Article 6 paragraph 1B GDPR.
The processing of personal data from the input field is exclusively used to make contact. In the event that contact is made via email, there is also a legitimate interest in the processing of the data. The other personal data processed during the sending process are used to prevent abuse of the contact form and ensure the security of our information technology systems.
The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of personal data entered into the contact form and that sent via email, this is the case once the respective conversation with the user is over. The conversation is over when the circumstances dictate that the content in question has been finally clarified. The personal data also collected during the sending process are deleted after a period of no more than seven days.
The user can revoke his or her consent for the processing of his/her personal data at any time. If the user contacts us via email, he/she can revoke his/her consent for the storage of his/her personal data at any time. In this case, the conversation cannot be continued.
Data collection during registration and registered use
Some of our websites require or offer registration. The data collected are used for the purposes of use of the respective websites and services unless otherwise described and explicitly consented to during registration. The data collected come from the input screen during registration. All additional data that you may add later to complete your profile are optional and voluntary. After registration, we are permitted to inform you of relevant circumstances linked to the service for which you have registered using the email address provided.
Sending data via the internet
There are fundamentally certain risks attached to the sending of data via the internet. There is no particular encryption of the data, in particular messages from contact forms on our website and messages in the chat service are sent unencrypted.
Please consider this when sending data. If you want to communicate with us via encrypted email, this is possible via S/MIME encryption. Please inform us if you wish to use encryption as we normally send unencrypted information due to the low level of penetration of email encryption processes on the market.
If you communicate your personal data to us, they will only be passed on to third parties where this is necessary to conclude the contractual relationship or this is justified for another legal reason.
We provide certain services, however, with the assistance of service providers. We have selected these service providers carefully and taken appropriate measures to protect your personal data.
The personal data of the data subject will be deleted or blocks as soon as the purpose of the storage no longer applies. The data can also be stored if this is provided for under European or national legislation in directives, laws or other provisions under European Union law to which the responsible party is subject. The data are also blocked or deleted if a storage period set out by the above-mentioned standards expires unless there is a need for further storage of the data for the conclusion of a contract or the performance of a contract.
Reference to your rights
You have the right
- to request confirmation from us regarding whether personal data concerning you are processed by us; if this is the case, you are entitled to information about these personal data and to the information individually listed in Article 15 GDPR.
- to request the transmission of the data concerning you subject to the restrictions of Article 20 GDPR in a commonly-used and machine-readable format. This also includes the transmission (where possible) to another controller directly appointed by you.
- to request that we correct your data where this is incorrect, inaccurate and/or incomplete. Correction also includes completion by means of clarification or communication.
- to request that we delete personal data concerning you immediately where one of the reasons listed individually in Article 17 GDPR applies. We are unfortunately not able to delete data that are subject to a statutory storage period. If you want us to cease contacting you via newsletter or in other ways, we will store your contact details on a blocked list for this purpose.
- to revoke any consent you may have granted effective for the future without experiencing any disadvantages as a result.
- to request that we restrict processing if one of the conditions set out in Article 18 GDPR is met.
- to refuse consent for the processing of personal data concerning you for reasons arising from your specific situation. We will then cease to process the personal data unless we are able to show compelling, reasons that are worthy of protection and outweigh your interests rights and freedoms, or the purpose of the processing is the establishment, exercise or defence of legal claims (Article 21 GDPR).
- irrespective of any other legal remedies under administrative law or common law, if you are of the opinion that the processing of personal data concerning you breaches GDPR to object to
- our data protection officer: email@example.com or by post (see imprint)
- to make a claim to the supervisory authorities in the member state in which you are resident, in the location where you work or in the location of the alleged breach.