With this data protection notice, we inform you about our handling of your personal data and about your rights according to the European Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Responsible for data processing is dinox GmbH (hereinafter referred to as „we“ or „us“).

Contents

I. General Information

1. Contact
2. Legal Basis
3. Duration of Storage
4. Categories of Recipients of Data
5. Processing in the exercise of Your Rights
6. Your Rights
7. Right to Object
8. Data Protection Officer

II. Processing of Server Log Files

III. Data Processing for Clinical Study Participation

IV. Data Processing on our LinkedIn Page

1. Visit on Our LinkedIn Profile
2. Comments and Direct Messages

V. Further Data Processing

1. Contact by E-Mail
2. Customer and Prospect Data
3. Use of the E-Mail Address for Marketing Purposes Verwendung der E-Mail-Adresse zu Marketingzwecken
4. Applications

I. General information

1. Contact

If you have any questions or suggestions regarding this information, or you wish to contact us about asserting your rights, please send your requests to

Anklamer Straße 38
10115 Berlin
Tel: +49 (0)30-440 595 22
E-Mail: kontakt@dinox.de

2. Legal Basis

The term „personal data“ under data protection law refers to all information that relates to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, particularly the GDPR and the Federal Data Protection Act. Data processing by us only takes place based on legal permission. We process personal data only with your consent (s. 25 (1) Telecommunications and Telemedia Data Protection Act (TTDSG) or Art. 6 (1) lit. a GDPR), for the performance of a contract to which you are a party, or at your request for the performance of pre-contractual measures (Art. 6 (1) lit. b GDPR), for compliance with a legal obligation (Art. 6 (1) lit. c GDPR) or if the processing is necessary in order to protect our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms (Art. 6 (1) lit. f GDPR).

If you apply for a vacant position in our company, we will also process your personal data for the purpose of deciding about the establishment of an employment relationship (s. 26 (1) Sentence 1 Federal Data Protection Act).

3. Duration of Storage

Unless otherwise stated in the following notes, we only store the data for as long as it is necessary to achieve the purpose of processing or to fulfill our contractual or legal obligations. Such statutory retention requirements may arise particularly from commercial or tax law provisions. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. Additionally, we will retain data in connection with consents requiring proof as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

4. Categories of Recipients of Data

Regarding the processing of your data, we use processors. Processing operations carried out by such processors include, for example, hosting, sending e-mails, maintenance and support of IT systems, customer and order management, order processing, accounting, and billing, marketing measures or file and data carrier destruction. A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller. Processors do not use data for their own purposes but perform data processing exclusively for the controller and are contractually obligated to ensure appropriate technical and organizational data protection measures. In addition, we may transfer your personal data to bodies such as postal and delivery services, the company’s bank, tax advisors/auditors or the tax authorities. For the purpose of infection control, data may be transferred to the responsible health department. Further recipients may result from the following information.

5. Processing in the Exercise of Your Rights

If you exercise your rights under Articles 15 to 22 GDPR, we will process the personal data provided for the purpose of implementing these rights by us and to be able to provide evidence thereof. We will process data stored for the purpose of providing information and preparing it only for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Art. 18 GDPR.

These processing operations are based on the legal basis of Art. 6 (1) lit. c GDPR in conjunction with Art. 15 to 22 GDPR and s. 34 (2) Federal Data Protection Act.

6. Your Rights

As data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

• In accordance with Art. 15 GDPR and s. 34 Federal Data Protection Act, you have the right to request information about whether and, if so, to what extend we are processing personal data relating to you or not.
• You have the right to demand that we correct your data in accordance with Art. 16 GDPR
• You have the right to demand that we delete your personal data in accordance with Art. 17 GDPR and Art. 35 GDPR.
• You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
• You have the right, in accordance with Art. 20 GDPR, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
• If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Art. 7 (3) GDPR. Such a revocation does not affect the lawfulness of the processing that was carried out on the basis of the consent until revocation.
• If you believe that the processing concerning your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

7. Right to Object

In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) lit. e or lit. f GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to this processing pursuant to Art. 21 (2) and (3) GDPR.

8. Data Protection Officer

You can reach our Data Protection Officer at the following contact details:

E-Mail: dsb@dinox.de
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg
https://www.datenschutzkanzlei.de

II. Processing of Server Log Files

During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e., not via registration). This includes by default: browser type/version, operating system used, page viewed, the previously visited page (referrer URL), IP address, date and time of server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) f GDPR. This processing is for the technical management and security of the website. The stored data will be deleted after 4 weeks unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject based on the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11 (2) of the GDPR, unless you provide additional information that enables us to identify you in order to exercise your rights set out in these articles.

III. Data Processing for Clinical Study Participation

To participate in our clinical studies, registration via www.studienteilnehmergesucht.de is required. The information required for registration is evident from the input mask. The provision of the information marked as mandatory by * is absolutely necessary to complete the registration. Further information, particularly about your state of health is voluntary. These data processing operations are carried out based on your consent pursuant to Art. 6 (1) lit. a GDPR or, regarding the processing of health data, pursuant to Art. 9 (2) lit. a GDPR.

When registering and logging in to a study, we also store your IP address and the date and time of your registration. The processing of this data is necessary to have prove of the consent you have given. The legal basis arises from our legal obligation to document your consent (Art. 6 (1) lit. c, in conjunction with Art. 7 (1) GDPR).

The collection, storage and in part also the processing of your data is carried out on our behalf and according to our instructions by powerMedia CRO Services GmbH (Hanau, Germany), with whom we have concluded a processing agreement.

If we conclude a contract with test persons for the performance of studies, the processing of data for the performance of this contract is based on the legal basis of Art. 6 (1) lit. b GDPR.

IV. Data Processing on our LinkedIn Page

We are represented on LinkedIn with a company profile. Through this, we would like to offer further opportunities to obtain information about our company and to interact. When you visit or interact with our profile on LinkedIn, personal data may be processed. The information associated with a LinkedIn profile regularly constitute as personal data. This also includes messages and statements made using the profile. In addition, certain information is often automatically collected during your visit of a LinkedIn profile, which may also be considered as personal data.

1. Visit on Our LinkedIn Profile

LinkedIn Ireland Unlimited Company (Ireland/EU – “LinkedIn”) is the sole responsible party for the processing of personal data when you visit our LinkedIn page. You can obtain further information about the processing of personal data by LinkedIn at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy .

When you visit, follow, or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights about the types of actions people take on our site (so-called Page Insights). For this purpose, LinkedIn processes in particular information that you already provided to LinkedIn in your profile, such as information on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you are interacting with our LinkedIn company page, e.g., whether you are a follower of our LinkedIn company page. With Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the summarized Page Insights. It is also not possible to draw conclusions about individual members from the information of the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves out legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these findings. The legal basis for this processing is Art. 6 (1) f GDPR. We have entered into a joint controller agreement with LinkedIn, which specifies the distribution of data protection obligations between us and LinkedIn. This agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:

 

• LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn about this online via the following: https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de or reach LinkedIn via the contact details in the privacy policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at our contact details provided regarding the exercise of your rights in connection with the processing of personal data in the context of Page Insights. In this case we will forward your request to LinkedIn.
• LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at dataprotection.ie) or any other supervisory authority.

 

Please note that according to the LinkedIn privacy policy, personal data may also be processed by LinkedIn in the U.S. or other third countries. LinkedIn transfers personal data only to countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 of the GDPR or based on appropriate safeguards pursuant to Art. 46 of the GDPR.

2. Comments and Direct Messages

We also process information that you have provided to us through our company page on LinkedIn. Such information may be usernames, contact details or a message to us. These processing operations are carried out by us as the sole controller. We process this data based on our legitimate interest in contacting inquiring persons. The legal basis for data processing is Art. 6 (1) lit. f GDPR. Further data processing may take place if you have consented (Art. 6 (1) lit. a GDPR) or if this is necessary for the fulfillment of a legal obligation.

V. Further Data Processing

1. Contact by E-Mail

If you send a message to us via the contact e-mail provided, we will process the transmitted data for the purpose of responding to your inquiry. We process this data based on our legitimate interest in contacting inquiring persons. The legal basis for the data processing is Art. 6 (1) lit. f GDPR.

2. Customer and Prospect Data

If you contact our company as a customer or interested party, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of the provided personal master data, contract data and, if applicable, payment data as well as contact and communication data of our contact persons at commercial customers and business partners. The legal basis for this processing is Art. 6 (1) lit. b GDPR. We also process customer and prospect data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 (1) lit. f GDPR and serves our interest to further develop our offerings and to inform you specifically about our offers. Further data processing may take place if you have consented (Art. 6 (1) lit. a GDPR) or if this is necessary for the fulfillment of a legal obligation (Art. 6 (1) lit. c GDPR).

3. Use of the E-Mail Address for Marketing Purposes

We may use the e-mail address you provided during registration to inform you about our own similar products and services offered by us. The legal basis is Art. 6 (1) lit. f GDPR in conjunction with s. 7 (3) UWG (Law Against Unfair Competition). You can object to this at any time without incurring any costs other than the transmission costs according to the prime rates. To do so, you can unsubscribe by clicking on the unsubscribe link contained in each mailing or by sending an e-mail to kontakt@dinox.de .

4. Applications

If you apply to our company, we process your application data solely for the purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and noted by the relevant contacts at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer employment to you, we will retain the data submitted by you for up to six months after any rejection in order to be able to respond to questions related to your application and rejection. This does not apply in case there are legal provisions preventing deletion, if further storage is necessary for the purpose of evidence or if you have expressly consented to longer storage. The legal basis for data processing is s. 26 (1) sentence 1 Federal Data Protection Act. If we retain your applicant data beyond the period of six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 (3) GDPR. Such revocation shall not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.