Privacy policy

With this privacy policy, we inform you about our handling of your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the German Bundesdatenschutzgesetz (BDSG). Endosane Pharmaceuticals GmbH (hereinafter referred to as "we" or "us") is controller for data processing.

I.              General information

1.    Contact us

If you have any questions or suggestions regarding this information or would like to contact us to assert your rights, please send your request to  

Endosane Pharmaceuticals GmbH

Jägerstr. 28-31

10117 Berlin, Germany

Phone: +49 (0) 30 8878 9424

E-mail: info@endosane.com

 

2.    Legal basis

The data protection term "personal data" refers to all information relating to an identified or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us only takes place on the basis of legal permission. We only process personal data with your consent (§ 25 para. 1 TTDSG or Art. 6 para. 1 letter a GDPR), to fulfill a contract to which you are a party or at your request to carry out pre-contractual measures (Art. 6 para. 1 letter b GDPR), to fulfill a legal obligation (Art. 6 para. 1 letter c GDPR) or if processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 para. 1 letter f GDPR).

If you apply for an open position in our company, we will also process your personal data to decide on the establishment of an employment relationship (§ 26 para. 1 sentence 1 BDSG or Art. 6 para. 1 letter b GDPR).

 

3.    Duration of storage

Unless otherwise stated in the following information, will only store the data for as long as is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law regulations.

 

4.    Categories of recipients of the data

We use processors within the scope of processing your data. The processing operations carried out by such processors include, for example, hosting, e-mail dispatch, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures or file and data carrier destruction. A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the controller and are contractually obliged to guarantee suitable technical and organizational measures for data protection. We may also transfer your personal data to bodies such as institutions and sponsors, postal and delivery services, your bank, tax consultants/auditors or the tax authorities. Further recipients may result from the following information.

 

5.    Data transfer to third countries

Our data processing may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is required in such a third country. If there is no such adequacy decision by the European Commission, personal data will only be transferred to a third country if there are suitable guarantees in accordance with Art. 46 GDPR or if one of the requirements of Art. 49 GDPR is met.

Unless there is an adequacy decision and unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data to third countries. You have the option of obtaining or viewing a copy of these EU standard data protection clauses. Please contact us at the address given under Contact. 

If you consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Art. 49 para. 1 letter a GDPR.

 

6.    Processing in the exercise of your rights

If you exercise your rights in accordance with Art. 15 to 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights by us and in order to be able to provide proof of this. We will only process data stored for the purpose of providing and preparing information for this purpose and for the purposes of data protection monitoring and will otherwise restrict processing in accordance with Art. 18 GDPR.

 This processing is based on the legal basis of Art. 6 para. 1 letter c GDPR in conjunction with. Art. 15 to 22 GDPR and § 34 para. 2 BDSG.

 

7.    Your rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

  • In accordance with Art. 15 GDPR and § 34 BDSG, you have the right to request information as to whether or not we process personal data relating to you and, if so, to what extent.

  • You have the right to demand that we rectify your data in accordance with Art. 16 GDPR.

  • You have the right to demand that we erase your personal data in accordance with Art. 17 GDPR and § 35 BDSG.

  • You have the right to restrict the processing of your personal data in accordance with Art. 18 GDPR.

  • In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller.

  • If you have given us separate consent to process your data, you can withdraw this consent at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.

  • If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

 

8.    Right of objection

In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 (2) and (3) GDPR.

 

9.    Data Protection Officer

You can reach our data protection officer using the following contact details:

E-mail: datenschutzbeauftragter@endosane.de

Herting Oberbeck Datenschutz GmbH

Hallerstr. 76, 20146 Hamburg

https://www.datenschutzkanzlei.de   

 

II.        Data processing on our website

When you use the website, we collect information that you provide yourself. In addition, certain information about your use of the website is automatically collected by us during your visit to the website. Under data protection law, the IP address is also considered personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.

 

1.    Processing of server log files

When using our website for purely informational purposes, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). By default, this includes: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code.

 The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 para. 1 letter f GDPR. This processing serves the technical administration and security of the website. The stored data will be deleted after 12 months[DPO1]  unless there is a justified suspicion of unlawful use based on concrete evidence and further examination and processing of the information is necessary for this reason. We are not in a position to identify you as a data subject on the basis of the stored information. Art. 15 to 22 GDPR therefore do not apply in accordance with Art. 11 para. 2 GDPR, unless you provide additional information that enables your identification in order to exercise your rights set out in these articles.

 

2.    Contact options and inquiries

Our website contains contact forms that you can use to send us messages. The transfer of your data is encrypted (recognizable by the "https" in the address line of the browser). All data fields marked as mandatory are required to process your request. If you do not provide this data, we will not be able to process your request. The provision of further data is voluntary. Alternatively, you can also send us a message via the contact e-mail. We process the data for the purpose of answering your request. If your request is aimed at the conclusion or execution of a contract with us, Art. 6 para. 1 letter b GDPR is the legal basis for data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for data processing is then Art. 6 para. 1 letter f GDPR.

3.    Cookies

We use cookies and similar technologies ("cookies") on our website. Cookies are small data records that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete cookies at any time in the security settings of your browser. You can object to the use of cookies through your browser settings in principle or for certain cases.

The use of cookies is in part technically necessary for the operation of our website and is therefore permitted without the user's consent. We may also use cookies to offer special functions and content and for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third-party cookies). We only use such technically unnecessary cookies with your consent in accordance with § 25 para. 1 TTDSG and, if applicable, Art. 6 para. 1 letter a GDPR. Information on the purposes, providers, technologies used, stored data and the storage duration of individual cookies can be found in the cookie settings  of our consent management tool.

 

4.    Consent Management Tool

This website uses the consent management tool Usercentrics, from Usercentrics GmbH (Munich, Germany) to control cookies and the processing of personal data.

The consent banner enables users of our website to give their consent to certain data processing operations or to withdraw their consent. By confirming the "I accept" button or by saving individual cookie settings, you consent to the use of the associated cookies.

The legal basis under data protection law is your consent within the meaning of Art. 6 para. 1 letter a GDPR.

The banner also helps us to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and other log data relating to this declaration. Cookies are also used to collect this data. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis arises from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 GDPR).

 

 

5.     Analysis of our website

c.     Squarespace Anlaytics

We use the Squarespace Analytics service of the provider Squarespace Ireland Limited (Ireland, EU) on our website.

 Squarespace Analytics is a web analytics service that enables us to collect and analyze data about user behavior on our website. Squarespace Analytics uses cookies for this purpose, which enable us to analyze the use of our website. Squarespace also processes personal data on our behalf in the form of IP addresses and information about interaction with our website. The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for data processing in connection with the Squarespace service is therefore Art. 6 para. 1 letter a GDPR. You can revoke this consent at any time via our Consent Management Tool with effect for the future.

Further information on data protection at Squarespace Analytics can be found at https://support.squarespace.com/hc/de/articles/360036134672-Datenschutz-und-Squarespace.

 

 

6.    LinkedIn Insight Tag

We use the LinkedIn Insight tag on our website, a marketing product of LinkedIn Ireland Unlimited Company (Ireland, EU). For information on LinkedIn Ireland's contact details and the contact details of LinkedIn Ireland's data protection officer, please refer to LinkedIn's data policy at https://www.linkedin.com/legal/privacy-policy. The LinkedIn Insight tag is a JavaScript code snippet that is triggered by LinkedIn when you visit our website and stores a cookie on the device you are using. Such storage of information by the LinkedIn Insight tag or access to information that is already stored on your device and any further processing of personal data in connection with the LinkedIn Insight tag will only take place with your consent. The legal basis for the collection and transmission of personal data by us to LinkedIn Ireland is therefore Art. 6 para. 1 letter a GDPR.

 

We can perform various functions via the LinkedIn Insight tag, which we describe in detail below.

LinkedIn conversion tracking is an analysis function that is supported by the LinkedIn Insight tag. The LinkedIn Insight tag enables the collection of data on visits to our website, including URL, referrer URL, IP address, device and browser characteristics (user agent) and timestamp. The IP addresses are shortened or (if they are used to reach members across devices) hashed. LinkedIn does not provide us with any personal data, but only offers reports (in which you are not identified) about the website target group and ad performance. This allows us to measure the effectiveness of LinkedIn ads for statistical and market research purposes.

The direct identifiers of the members are removed by LinkedIn within seven days in order to pseudonymize the data. LinkedIn then deletes this remaining pseudonymized data within 180 days. This processing is carried out for the purpose of obtaining information about our website target group and a report on the effectiveness of LinkedIn campaigns. We also use the "Matched Audiences" service to target our advertising campaigns to specific audiences. LinkedIn Matched Audiences and related data integrations allow us to target advertising to specific audiences based on data we provide to LinkedIn (e.g. company lists, hashed contact information, device identifiers or event data such as websites visited). This processing is carried out for the purpose of marketing our offers by displaying advertising to specific target groups. We have entered into a joint controllership agreement with LinkedIn, which sets out the allocation of data protection obligations between us and LinkedIn. You can view this here: https://legal.linkedin.com/pages-joint-controller-addendum. Please note that in accordance with the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn only transfers personal data to countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.

 

7.    External media and third-party services

a.     Google reCAPTCHA

We use the reCAPTCHA service of Google Ireland Limited (Ireland, EU). For such integration, it is technically necessary to process your IP address so that the content can be sent to your browser. Your IP address is therefore transmitted to Google Ireland. Google Ireland also collects further data, e.g. about your browser and your click behavior. For security reasons, we use the service to check whether form entries are made by a natural person. In this way, automated access attempts and attacks can be detected and prevented. We are legally obliged to take appropriate technical and economic measures to ensure the security of the portal.

 

The processing of your data takes place on the basis of Art. 6 para. 1 letter c GDPR in conjunction with. Art. 32 GDPR and § 19 para. 4 TTDSG.

 

Further information on data protection at Google can be found in Google's privacy policy at https://www.google.com/policies/privacy.  

 

III. Data processing on our social media pages

We have a company page on several social media platforms. In this way, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:

 

-        Instagram of Meta Platforms Ireland Limited, (Ireland, EU), hereinafter referred to as "Meta";

-        LinkedIn of LinkedIn Ireland Unlimited Company, (Ireland, EU), hereinafter referred to as "LinkedIn".

 

When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also includes messages and statements made using the profile. In addition, certain information is often automatically collected during your visit to a social media profile, which may also constitute personal data.

 

1.    Visiting a social media page

When you visit our social media page, which we use to present our company or individual products from our range, certain information about you is processed. The operators of the social media platforms are the solely controller for this processing of personal data. Further information on the processing of personal data can be found in their privacy policies, which we link to below:

 

-        Meta (https://www.facebook.com/privacy/explanation). Meta offers the option of objecting to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads;

-        LinkedIn (https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy)

The operators of the social media platforms collect and process event data and profile data and provide us with statistics and insights for our pages in anonymized form, with the help of which we gain knowledge about the types of actions that people take on our site (so-called "page insights"). These Page Insights are created on the basis of certain information about people who have visited our site. This processing of personal data is carried out by the social media operators and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these findings. The legal basis for this processing is Article 6(1)(f) GDPR.

 

We cannot assign the information obtained via Page Insights to individual user profiles that interact with our pages. We have concluded agreements with the operators of the social media platforms on processing as joint controllers, in which the distribution of data protection obligations between us and the operators is defined. Details on the processing of personal data for the creation of Page Insights and the agreement concluded between us and the operators can be found under the following links:

 

-        Meta (https://www.facebook.com/legal/terms/information_about_page_insights_data);

-        LinkedIn (https://legal.linkedin.com/pages-joint-controller-addendum).

You also have the option of asserting your rights against the operators. You can find further information on this under the following links:

-        Meta (https://www.facebook.com/privacy/explanation);

-        LinkedIn (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de).

We have agreed with Meta and LinkedIn that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.

 

2.    Communication via social media sites

We also process information that you have made available to us via our company page on the respective social media platform. Such information may include the username used, contact details or a message to us. This processing is carried out by us as the sole controller. We process this data on the basis of our legitimate interest in contacting inquiring persons. The legal basis for data processing is Art. 6 para. 1 letter f GDPR. Further data processing may take place if you have given your consent (Art. 6 para. 1 letter a GDPR) or if this is necessary to fulfill a legal obligation (Art. 6 para. 1 letter c GDPR).

IV.          Further data processing

1.    Applications

If you apply to our company, we will process your application data exclusively for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and acknowledged by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you have submitted for up to six months after any rejection for the purpose of answering questions in connection with your application and rejection. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage. The legal basis for data processing is § 26 para. 1 sentence 1 BDSG or Art. 6 para. 1 letter b GDPR. If we store your applicant data for longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 para. 3 GDPR. Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.

 

2.    Contact by e-mail

If you send us a message via the contact email provided, we will process the data transmitted for the purpose of responding to your request. We process this data on the basis of our legitimate interest in contacting inquiring persons.

 

The legal basis for data processing is Art. 6 para. 1 letter f GDPR.

 

3.    Customer and interested party data

When you contact our company as a customer or prospective customer, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of the personal master data, contract data and payment data provided to us, as well as the contact and communication data of our contact persons for commercial customers and business partners. The legal basis for this processing is Art. 6 para. 1 letter f GDPR.

 

We also process customer and interested party data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 para. 1 letter f GDPR and serves our interest in further developing our offer and informing you specifically about our offers.

 

Further data processing may take place if you have given your consent Art. 6 para. 1 letter a GDPR or if this is necessary to fulfill a legal obligation Art. 6 para. 1 letter c GDPR.