Data protection statement
Data protection declaration
Note: This is a translation of the German language data protection declaration. This translation is made for convenience purposes only. The sole legal binding document is the text in the German language.
1 Information about the collection of personal data
(1) In the following we inform about the collection of personal data when using our website. Personal data are all data that are personally identifiable to you, e.g. name, address, e-mail addresses, user behavior.
(2) The person responsible pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is
B.R.A.I.N. Biotechnology Research and Information Network AG
Darmstädter Straße 34-36
(see our imprint).
You can reach our data protection officer at firstname.lastname@example.org or at our postal address with the addition “data protection officer”.
(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable your name and your telephone number) will be stored by us in order to answer your questions. We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.
(4) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.
2 Your rights
(1) You have the following rights towards us with regard to personal data concerning you:
- right of information,
- right of correction or deletion,
- right of limitation of processing,
- right of opposition to the processing,
- right of data transferability.
(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
3 Collection of personal data when you visit our website
(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):
- IP address
- date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- the amount of data transferred in each case
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to the place that sets the cookie (here by us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
a) This website uses the following types of cookies, the scope and functioning of which are explained below:
Transient cookies (see b)
Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
d) You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third party cookies or all cookies. Please note that you may not be able to use all functions of this website.
4 Further functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services which you can use if you are interested. As a rule, you must provide further personal data, which we use to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
(3) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.
5 Use of Matomo (formerly PIWIK)
(1) This website uses the web analysis service Matomo to analyse and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. The legal basis for the processing of personal data is Art. 6 para. 1 sentence 1 lit. f GDPR.
(2) Cookies (more details in section 3) are stored on your computer for this evaluation. The information collected in this way is stored exclusively on a server in France. You can set the evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we point out that you may not be able to use this website in its entirety. The prevention of the storage of cookies is possible through the setting in your browser. To prevent Matomo from being used, uncheck the following box to activate the opt-out option:
(3) This website uses Matomo with the setting “AnonymizeIP”. This shortens the processing of IP addresses and prevents direct personal contact. The IP address transmitted by your browser using Matomo will not be merged with other data collected by us.
(4) The Piwik program is an open source project.
(5) For third-party privacy information, visit https://matomo.org/
6 Newsletter/ Information request / Use of Cleverreach
(1) With your consent you can subscribe to our newsletter, with which we inform you about us and our Investor Relations news.
(2) We use the double opt-in procedure to subscribe to our newsletter. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your e-mail address. After your confirmation we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
(4) You can revoke your consent to the sending of the newsletter at any time and cancel the newsletter. You can cancel your subscription by clicking on the link provided in every newsletter e-mail or by sending an e-mail to email@example.com
(5) We point out to you that we evaluate your user behaviour when sending the newsletter. For this analysis, the e-mails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files stored on our website. The data is collected exclusively pseudonymised. During the evaluation we record whether a newsletter has been viewed and which links have been clicked on, whereby there is no link to your data.
The information is stored for as long as you have subscribed to the newsletter. Tracking of the newsletters viewed and the links clicked on is also not possible if you have deactivated the display of images in your e-mail program by default. In this case the newsletter will not be displayed completely and you may not be able to use all functions. If you display the images manually, the above tracking takes place.
7 Social plugins, links to social networks and content sharing options
(1) This website uses the timeline (plugin) of the Twitter service. This feature is provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.
By accessing the part(s) of this website containing the timeline, the browser establishes a direct connection with the servers of Twitter. The content of the Twitter timeline is transmitted by Twitter directly to the user’s browser. Therefore we do not have an influence on the amount of data that Twitter collects with the help of this plugin and inform the users according to our knowledge. According to our knowledge only the IP address of the user and the URL of the respective website when visiting the timeline are transmitted.
(2) When integrating the icons of social networks such as Twitter, XING, and LinkedIn, we only make reference to these networks with an external link. In some cases, the link takes you to a share function of the network in question. This means that you can share our website, which you called up, with other users directly using the page of the social network to which the sharing button belongs.
8 Use of web fonts
The use of these web fonts represents a legitimate interest of our company in the sense of a consistent and appealing presentation of our online offer according to art. 6 para. 1 f of the GDPR.
The individual web font services used on our website are listed below.
(1) Adobe Typekit
Our website uses fonts from Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe), which are provided by the Adobe Typekit service on the website.
When you visit our website, your browser loads the required web fonts into your browser cache to display them in the correct way. This is done by connecting your browser to the Adobe servers in the USA.
Adobe is certified under the EU-US Privacy Shield. This is an agreement between the European Union (EU) and the United States of America (USA) to ensure compliance with European data protection standards. For more information, see:
For more information about Adobe privacy and the use of Adobe Typekit, please see the following links:
(2) Fonts.com / Monotype
Our website uses fonts provided by Monotype Imaging Inc, 600 Unicorn Park Drive, Woburn, MA 01801, USA (Monotype) through the Fonts.com service on the website.
When you visit our website, your browser loads the required web fonts into your browser cache to display them correctly. This is done by connecting your browser to Monotype’s servers in the USA.
Additional data is also collected using Monotype’s Web Font Tracking Tool. These are in detail:
- Web Font Project Number (anonymized)
- URL of the licensed website (including customer ID)
- referring URL
The transmission of this data serves the logging of the use and/or the call of the corresponding web page, the counting of the calls (counter) and the prevention of the abuse of the counter. These data are stored in the form of log files and deleted after 30 days, so that the corresponding data can no longer be processed.
9 Data protection information in the recruitment process
(1) We process the candidate data only for the purpose and in the context of the recruitment process in accordance with the legal requirements. The processing of the applicant data takes place in order to fulfil our (pre)contractual obligations in the context of the application procedure according to Art. 6 para. 1 lit. b. GDPR and Art. 6 para. 1 lit. f. GDPR if data processing becomes necessary for us, e.g. within the framework of legal procedures (in Germany also § 26 of the German Federal Data Protection Act “BDSG”).
(2) The recruitment process requires that candidates provide us with personal data. Necessary candidate data are personal information, postal and contact addresses and the documents belonging to the job application, such as cover letter, curriculum vitae and certificates. In addition, candidates may voluntarily provide us with additional information.
(3) By submitting the application to us, candidates agree to the processing of their data for the purposes of the recruitment process in accordance with the nature and scope set out in this data protection declaration.
(4) Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated within the scope of the recruitment procedure, they are additionally processed in accordance with Art. 9 para. 2 lit. b GDPR (e.g. health data, e.g. severely disabled status or ethnic origin). If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from candidates during the application procedure, they are additionally processed in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data, if these are required for the exercise of the profession).
(5) Candidates can send us their applications by post or by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and that the candidates themselves must ensure that they are encrypted. We can therefore accept no responsibility for the transmission of the application between the sender and the reception on our server. If the candidate is concerned about the security of sending the application documents by e-mail, we recommend sending the application documents by post.
(6) The data provided by the candidates can be further processed by us in the case of a successful employment relationship. Otherwise, if the application for a job offer is not successful, the candidates’ data will be deleted. Candidates’ data will also be deleted if an application is withdrawn, which the candidates are entitled to do at any time.
(7) Candidates will be deleted after a period of six months, subject to justified revocation, so that we can respond to any follow-up questions to the application and meet our obligations under the Equal Treatment Act.
In the case that you have agreed to further storage of your personal data, we will add your data to our applicant pool. The data will be deleted there after a period of two years.
If you have been awarded a job during the application process, the data will be transferred from the applicant data system to our personnel information system and deleted 10 years after termination of employment.
Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.
10 Objection or revocation against the processing of your data
(1) If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation influences the permissibility of processing your personal data after you have given it to us.
(2) If we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the following description of the functions. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.
(3) Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising contradiction under the following contact data: firstname.lastname@example.org or under
B.R.A.I.N. Biotechnology Research and Information Network AG
Data Protection Officer
Darmstädter Straße 34-36