Privacy policy according to the DSGVO
This website is jointly operated by the Rentschler group of companies (hereinafter "we"). Jointly responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions are:
Rentschler Biopharma SE
Erwin-Rentschler-Str. 21
88471 Laupheim
Phone +49 7392 701-0
Fax +49 7392 701-300
E-mail: info@rentschler-biopharma.com
Rentschler Biopharma Inc.
27 Maple Street
Milford, MA 01757, USA
P +1 508 282-5800
F +1 508 478-1883
info@rentschler-biopharma.com
Rentschler ATMP Ltd.
Sycamore House
Leyden Road
Stevenage SG1 2BP
UK
P +44 1438 567870
info_atmp@rentschler-biopharma.com
If you have any questions regarding data protection, please contact the data protection officer at Rentschler Biopharma SE: datenschutzbeauftragter@rentschler-biopharma.com
1. Responsibility
The companies of the Rentschler Group "Rentschler Biopharma SE", "Rentschler Biopharma Inc." and "Rentschler ATMP Ltd." jointly operate this website. The processing of data within the scope of the website, as described in this data protection notice, takes place in different process sections and systems, which are primarily operated by Rentschler Biopharma SE. However, the processing is carried out for jointly pursued purposes, namely the promotional activities and public relations work of the companies of the Rentschler Group. Unless otherwise specified in the context of the respective processing, the companies of the Rentschler Group jointly determine the purpose and means of the processing and therefore qualify as joint controllers pursuant to Art. 26. para. 1 sentence 1 EU General Data Protection Regulation (GDPR). They are therefore jointly responsible for the protection of personal data. Within the scope of their joint responsibility under data protection law, the controllers have agreed which of them fulfills which obligations under the GDPR. This relates in particular to the exercise of the rights of the data subjects and the fulfillment of the information obligations pursuant to Articles 13 and 14 of the GDPR. Rentschler Biopharma SE shall make the information required under Articles 13 and 14 of the GDPR available to the data subjects free of charge in a precise, transparent, comprehensible and easily accessible form in clear and simple language. The other controllers shall provide it with all necessary information from their sphere of activity. The data controllers shall inform each other without delay about legal positions asserted by data subjects. They shall provide each other with all information necessary to respond to requests for information. Data protection rights can be asserted with Rentschler Biopharma SE, although assertion with the other data controllers is not excluded. Data subjects will generally receive the information from Rentschler Biopharma SE.
2. Scope of the processing of personal data
As a matter of principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by law.
3. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) lit. a DSGVO serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) lit. c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.
4. Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the responsible parties are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
5. Recipients of data
If we nevertheless transfer your data to third parties or otherwise grant them access to the data, this is also done exclusively on the basis of a legal basis mentioned at the beginning.
We use service providers in certain cases when processing your data. Should data be passed on within the scope of such commissioned processing, this will be done on the basis of Art. 28 DSGVO.
When selecting our service providers and partners, we rely on European partners wherever possible if your personal data is to be processed. Data transfers to a third country only take place if the special requirements of Art. 44 et seq. DSGVO are fulfilled. The processing of your data may therefore only take place on the basis of special guarantees, such as the so-called "standard contractual clauses" or in individual cases, your consent. If the data is transferred to the USA or another country where there is no equivalent level of data protection, we would like to point out that there is a theoretical risk that your data may be processed by US authorities for control and monitoring purposes, without you possibly having any legal remedies.
6. Oligation to provide
An obligation to provide data may be required by law (e.g. tax regulations) or arise from contractual provisions (e.g. information on the contractual partner). For example, you are obliged to provide us with personal data if you conclude a contract with us. Failure to provide the personal data would result in the contract not being concluded.
1. Description and scope of data processing
Each time our website is called up, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected in this context:
(1) Information about the browser type and version used.
(2) The operating system of the user
(3) The user's Internet service provider
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user's system accesses our website
(7) Websites that are accessed by the user's system via our website.
This data is also stored in the log files of our system. Not affected by this are the IP addresses of the user or other data that allow the data to be assigned to a user. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f DSGVO.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
In these purposes also lies our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
1. Description and scope of data processing
On our website we use the consent management platform UserCentrics of the provider Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich.
Usercentrics is a consent management service through which visitors to our website can manage their consents to the use of cookies, processing of your personal data for advertising purposes or similar.
The following personal data is collected for this purpose:
(1) Opt-in and opt-out data
(2) Referrer URL
(3) User Agent
(4) User settings
(5) Consent ID
(6) Time of consent
(7) Consent type
(8) Template version
(9) Banner language
(10) IP address
2. Legal basis for the data processing
The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. c DSGVO.
3. Gurpose of data processing
The purpose of using the Tool is to comply with the legal obligation to process certain personal data only with the prior consent of the data subjects and to inform data subjects about the processing as well as to provide a possibility to withdraw consent.
4. duration of storage
The consent data (granted consent and revocation of consent) will be stored for one year. The data will then be deleted immediately.
1. description and scope of data processing
Our website uses cookies and similar technologies.
We use cookies and similar technologies to make our website more user-friendly. All information about this can be found below:
1. Description and scope of data processing
A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored (e.g. title, name, e-mail address, address, contact details). In addition, such data is transmitted and stored that results from your message that you enter in the free text field.
The following data is also stored at the time the message is sent:
(1) The IP address of the user
(2) Date/time
(3) Server log data
For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy.
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored.
In this context, the data will not be passed on to third parties. The data is used exclusively for the processing of the conversation.
Please do not send us any data via our contact forms that could lead to conclusions about racial and ethnic origin, political opinions, religious or ideological convictions or trade union membership, as well as the processing of genetic data, biometric data for the unique identification of a natural person, health data or data on sexual life or sexual orientation.
2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
3. Purpose of the data processing
The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
1. Description and scope of data processing
The client survey is done by sending clients a link from us to participate in a client survey. The platform used is Microsoft Forms. If a client takes the opportunity to participate, the data entered in the input mask is transmitted to us and stored. These data are:
- Company
- First name
- Last name
The following data is also stored at the time the form is sent:
- The IP address of the user
- Date/Time
Your consent is implicitly obtained for the processing of the data by participating in the survey. There is no disclosure of data to third parties in this context. The data will be used exclusively for the processing of the conversation.
2. Legal basis for the data processing
The legal basis for the processing of data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.
3. Purpose of the data processing
The processing of personal data from the input mask serves us solely to improve project cooperation. The other personal data processed during the submission process serve to prevent misuse of the survey form and to ensure the security of our information technology systems.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the survey form, this is the case when the respective survey has ended. The survey is terminated when the circumstances indicate that the matter in question has been conclusively clarified. The circumstances shall be understood to mean the existing business relationship. The additional personal data collected during the submission process will be deleted no later than 3 months after the end of the business relationship.
1. Description, scope of data processing and responsibility.
We operate our own pages ("social media pages") on the social media platforms Facebook, Instagram, YouTube, LinkedIn and Xing.
The platforms are operated by:
Facebook: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook") Privacy Notice at: https://www.facebook.com/privacy/policy
Instagram: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Instagram"). Privacy policy at: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect
YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube") Privacy Notice at: https://policies.google.com/privacy?hl=de
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn") Privacy Notice at: https://www.linkedin.com/legal/privacy-policy?
Xing: New Work SE, Am Strandkai 1, 20457 Hamburg Germany ("Xing"). Data protection information at: https://privacy.xing.com/de/datenschutzerklaerung.
(hereinafter collectively "Operators").
When you access our pages on the respective platform, your personal data is collected, used and stored by the operators. This also happens if you yourself do not have a profile on the respective platform. The processing depends in each individual case on the platform and your user behavior. We have no influence on the processing.
In addition, we may also process personal data via the social media sites. This is particularly the case when the operators provide us with statistical evaluations of the use of our social media pages via tools such as pixels or insights. In this context, the respective operators create lists of visits to our posts or how often they were interacted with. These evaluations are only made available to us in anonymized form.
Insofar as we process personal data via social media sites, we are deemed to be joint controllers within the meaning of Art. 4 No. 7 DSGVO together with the respective operators.
For more information about the processing, please refer to the notices of the respective providers linked above.
2. Legal basis for the data processing
The legal basis is Art. 6 para. 1 lit. b) DSGVO insofar as we respond directly to your messages or communications. Otherwise, the legal basis is our legitimate according to Art. 6 para. 1 lit. f) DSGVO. We operate the pages in order to present our products and our company to visitors and to communicate with them. This serves our entrepreneurial goals.
3. Purpose of data processing
If you use our social media pages to contact us, the data you provide us with will be processed by us solely for the purpose of being able to contact you.
In addition, the processing serves the sole purpose of achieving our corporate line by presenting our company and our products.
4. Duration of storage
We delete stored data as soon as their storage is no longer necessary, or you request us to delete them.
5. Third country transfer
Some operators belong to a group based in the USA. We therefore expressly draw attention to the risks described under point 5. recipients of data.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right of access
You may request confirmation from the controller as to whether personal data concerning you are being processed by us. In this case, you also have the right to obtain further information about this data (e.g. purposes of processing, recipients of data, storage period) and the right to obtain copies of the data from us.
2. Right to rectification
You have a right to rectification and/or completion vis-à-vis the data controller if the processed personal data concerning you are inaccurate or incomplete. The data controller shall carry out the rectification without undue delay.
3. Right to restriction of processing
You have the right to request the restriction of processing in the cases mentioned in Art. 18 DSGVO.
4. Right to erasure
You may request the controller to delete the personal data concerning you without undue delay, provided that this does not conflict with any retention obligations. A right to erasure of the data exists in particular if the purpose of the processing ceases to apply, you revoke consent or there is unlawful processing.
5. Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right against the controller to be informed about these recipients.
6. Right to data portability
You have the right in the cases regulated in Art. 20 DSGVO to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format.
7. Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing.
8. Right to revoke declaration of consent
If your consent serves as the legal basis for the processing of personal data, you have the right to revoke your consent at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You may revoke your consent by sending an e-mail to communications(at)rentschler-biopharma.com or by contacting us at the above address.
9. Right of complaint to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.