Data Privacy

Information pursuant to Art. 13 and Art. 14 General Data Protection Regulation

Dr. Falk Pharma GmbH (hereinafter "we") is controller of the personal data of our customers, applicants for an open position in our company and other persons in contact with us (hereinafter "you").

In accordance with Art. 13 and Art. 14 of the Regulation (EU) 2016/679 (General Data Protection Regulation) ("GDPR"), we are obliged to inform you as follows when collecting your personal data:

This data protection information is intended for you because we process personal data about you, and the protection of your data and your information is very important to us.

Contact data of the controller

Dr. Falk Pharma GmbH
Leinenweberstr. 5
79108 Freiburg
Germany

Phone: +49 (0)761 1514 0
Email: zentrale[at]drfalkpharma.de

Contact data of the controller’s data protection officer

Dr. Falk Pharma GmbH
Der Datenschutzbeauftragte
Leinenweberstr. 5
79108 Freiburg
Germany

Phone: +49 (0)761 1514 0
Email: dataprotection[at]drfalkpharma.de

Further below, you will find specific information on the processing of your personal data in the following circumstances along with information on the processed data categories:

  • If you use the websites of Dr. Falk Pharma GmbH
  • If you are applying for a job
  • If you order literature from us
  • If you are a participant of a training course for medical doctors
  • If you receive post from us as part of our print mailing service
  • If you receive product samples from us
  • If you report side effects or other safety risks (Pharmacovigilance)
  • If you participate in the conduct of a study of Dr. Falk Pharma GmbH
  • If you are one of our business partners

First, we will give you general information on the data processing at Dr. Falk Pharma GmbH which apply to all cases of data processing by our company.

Information on Joint Controllership pursuant to Art. 26, para. 2, 2. sentence of the General Data Protection Regulation (GDPR)

What is the reason for the joint controllership?

Dr. Falk Pharma GmbH ("Dr. Falk Pharma") and Falk Foundation e.V. ("Falk Foundation") use jointly a contact database for their business activities. This may also affect the processing of your personal data. The parties have defined the steps of data processing in the individual process stages. Within the process stages described below, Dr. Falk Pharma and Falk Foundation are jointly responsible for the protection of your personal data (Art. 26 GDPR).

Further information

General information pursuant to Art. 13 and Art. 14 GDPR

Transfer of data to entities outside the European Union


In certain cases, the processing of your data takes place in countries outside of the European Union ("EU") or we have to transfer the data to recipients outside of the EU (e.g., foreign authorities, affiliated companies and distribution partners to comply with local reporting obligations).

In some cases we also use service providers from countries outside the European Union or the European Economic Area ("third countries"). We select these service providers carefully and check them regularly. In such cases, data will only be transmitted if the other conditions for such transmission under the GDPR are fulfilled (e.g. signing of EU standard contractual clauses with the service provider(s) under Art. 46 (2) c) GDPR).

If you are travelling to a third country during one of our events and your contract also includes our travel booking, we will organise the trip for you. For example, we may transfer your personal data to a hotel in a third country for the purpose of organising your trip. In such cases, transmission shall take place in accordance with the conditions laid down in Art. 49 GDPR.

Duration of data storage

We store your personal data as long as this is necessary for the original purpose of the data processing (e.g., performance of a contract) and, in addition, as long as we are legally obliged to do so. For example, we are required by law to keep records under the Pharmaceutical Laws or for tax purposes (§ 147 Abgabenordnung) and for accounting purposes (§ 257 Handelsgesetzbuch). The retention periods are six to ten years. Insofar as we are legally obliged to store the data, it is stored in a limited form for your protection. If the data is no longer required for the fulfilment of contractual or legal obligations, the data will be deleted in accordance with our deletion concept.

Your rights

You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), right to be forgotten (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR).

In addition, you have the right to object under Art. 21 GDPR in the context of processing based on Art. 6 (1) f) GDPR.

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data is contrary to the GDPR. This right shall be without prejudice to any other administrative or judicial remedy.

Provision of personal data

In contractual relationships we collect your personal data only for the purposes described above, i.e. insofar as this is necessary, for example, for the proper execution of the contract. You are not obliged to provide personal data. However, if you do not provide any personal data, the contract cannot be fulfilled.

If you give us your consent, we use your personal data solely for the purpose covered by the consent; this purpose is described in detail in the consent text. Consent is voluntary, which means you can give it or not.

If the processing of your personal data is based on legal requirements, there is a provision obligation based on these legal requirements. In order to comply with these legal requirements, we need the necessary information from you, which may contain personal data. If you do not provide us with the necessary information, we will not be able to establish or continue the desired business relationship with you.

If we process your personal data on the basis of our legitimate interests, we may be obliged to make them available on the basis of general obligations of providing assistance. In any case, before processing your personal data, we consider whether the processing is necessary and whether your interests in non-processing predominate. In the case of processing based on Article 6 (1) f) GDPR, you have a right to object pursuant to Art. 21 GDPR.

Information on the right to object pursuant to Art. 21 GDPR

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Art. 6 (1) f) GDPR (data processing necessary for the purposes of legitimate interests). Further information on our data processing and on which legal regulation we base them in each case can be found in our specific data protection information further down in accordance with Art. 13, 14 GDPR. If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

The objection can be made free of charge and form and should be addressed to

Dr. Falk Pharma GmbH
Leinenweberstr. 5
79108 Freiburg
Germany

Phone +49 (0)761 1514 0
Email objection[at]drfalkpharma.de

Specific information pursuant to Art. 13 and Art. 14 GDPR

Collection of personal data when you visit our website

When you use our website for informational purposes

If you do not register with us or otherwise provide us with information, we only process the personal data that your browser transmits to our server. This includes your IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page) and the access status/HTTP status code (“server log data“). This processing is technically necessary for us to display our website to you and to ensure the stability and security of the website.

The server log data will be deleted after one week.

The legal basis for such processing of the server log data is Art. 6 (1) f) GDPR. We have a legitimate interest in ensuring security and stability when you visit our website. In particular due to the short duration of storing your data, we take your interest into account that your data will not be processed if possible.

You also have the right to object to the processing of server log data pursuant to Art. 21 GDPR. In this case, we will delete this data as soon as you object, unless we can demonstrate that our legitimate interests outweigh your interest.

Registration on our website

Some services require you to register on our website. Personal data that we collect upon registration include, for example, your personal details, job title and your e-mail address. In addition, we require your uniform training number from the state medical associations ("EFN") for individual services. We process the personal data you provide us in the process only for the purpose of using the respective service for which you have registered. The provision of this data is voluntary. However, if you do not wish to provide this information, we will have to refuse the registration.

We store the data collected by us during registration until the purpose for data storage no longer applies. The data are deleted subsequently. However, legal retention periods remain unaffected.

The legal basis for such processing is Art. 6 (1) b) GDPR.

Cookies

We use cookies on our website. Cookies are small text files that are stored on your device during a session (session cookies), until you delete them or until they are automatically deleted by your web browser (permanent cookies). Cookies cannot execute programs or transfer viruses to your device. The use of our websites requires the placement of cookies that are technically necessary for operation (Art. 6 (1) f) GDPR). In addition, you can give us consent to use other cookies (e.g. for analysis and marketing purposes) (Art. 6 (1) a) GDPR).

You can find detailed information about the cookies we use, the storage periods and the respective third-party providers under the following link. There you also have the option to change your cookie settings at any time (give / withdraw consent):

Show Cookie Manager

 

Passing on your data

We partly work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to IT service providers.

In addition, your personal data is exchanged between us and the associated Dr. Falk Pharma GmbH.

Purposes and legal basis of processing your personal data

To decide on the establishment of your employment at our company

We process the following personal data in order to be able to decide on your application with us, whereby we limit ourselves in any case to the extent necessary for us to make a decision. Under these conditions we process personal data such as:

  • Data from your cover letter.
  • Your personal details and contact address (name, address, date of birth, e-mail address), professional history (previous employments with other companies, job titles, areas of responsibility and achievements), information on schools, universities and higher education institutions, qualifications, certificates and degrees.
  • We are also subject to public law obligations in some cases. We have to transfer your personal data to the respective authorities, for example due to labour and social security law, but also for the administration of tax and insurance law regulations.
  • To reimburse travel expenses for your job interview, we process your bank details as personal data.

The legal basis for this processing is § 26 (1) sentence 1 Bundesdatenschutzgesetz (“BDSG”).

Special categories of your personal data, such as religious affiliation and health data, will only be processed by us if this is necessary to exercise rights or to fulfil legal obligations under labour law, social security law and social protection law and there is no reason to assume that your legitimate interest in non-processing prevails. The legal basis for this is § 26 (3) BDSG in conjunction with Art. 9 (2) b) GDPR.

Data transfer within associated companies

Data is exchanged within our associated companies for internal organisational and administrative purposes. This data exchange is necessary for us, for example, if we use the same human resources department and also manage other administrative processes centrally.

The legal basis for such processing is Article 6 (1) f) GDPR.

Passing on your personal data

In particular, we work together with the following service providers who may be recipients of your personal data:

  • IT service providers
  • Insurances
  • Certified public accountants
  • Tax advisers
  • Audit companies

The service providers are carefully selected and regularly checked by us.

Some of your personal data will also be passed on to public authorities, for example the Federal Employment Agency.

In addition, your personal data is exchanged between us and the associated Falk Foundation e.V.

Categories of data

When you order literature from our web shop, we process data categories such as personal details (surname, first name, title), address, e-mail address.

Purposes and legal basis of processing your personal data

  • For the fulfilment of contractual obligations, Art. 6 (1) b) GDPR
    We offer you the opportunity to obtain special literature on selected topics via our web shop. In this context, your personal data will only be processed in order to process your order, in particular in order to provide you with the desired literature.
  • On the basis of our legitimate interest, Art. 6 (1) f) GDPR
    We have a legitimate interest in keeping our company competitive in the pharmaceutical market and in ensuring that the company operates efficiently and stabile. We process some of your personal data on the basis of the legitimate interests listed below:
    • To assert and defend legal claims.
    • Data is exchanged within associated companies for internal organisational and administrative purposes. This data exchange is necessary for us, for example, if we use the same human resources department and also manage other administrative processes centrally.
    • For the prevention and investigation of criminal offences.
    • To guarantee our network and information security (IT security).

Passing on your personal data

We partly work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to the following categories of recipients:

  • International Sales
  • IT service providers

In addition, your personal data is exchanged between us and the associated Falk Foundation e.V.

Categories of data

If you attend one of the events organised by Dr. Falk Pharma GmbH as a participant or as a speaker, moderator or a comparable active participant, we process data categories such as personal details (surname, first name), address, e-mail address, your uniform medical association training number, bank account details as well as your profession and field of activity.

Purposes and legal basis of processing your personal data

  • For the fulfilment of contractual obligations, Art. 6 (1) b) GDPR
    We process your personal data for the execution of our contracts with you. If you are a participant of one of our events, we will only process your personal data if this is necessary for your participation, for example to assign it to a specific presentation or to print name tags.
    If you participate in a training event as a speaker, moderator or a comparable active participant, we will process your personal data to the extent necessary for preparation, organisation and participation. This includes, for example, the processing of your personal data as part of the organisation of your arrival and departure and your accommodation. In addition, we process your personal data in particular for the creation of name tags, participant lists, certificates and for the assignment to a specific presentation or for other necessary preparations for your contribution as a speaker.
  • On the basis of our legitimate interest, Art. 6 (1) f) GDPR
    We have a legitimate interest in keeping our company competitive in the pharmaceutical market and in ensuring that the company operates efficiently and stabile. A processing of personal data is partly based on the following legitimate interests:
    • To assert and defend legal claims.
    • Data is exchanged within associated companies for internal organisational and administrative purposes. This data exchange is necessary for us, for example, if we use the same human resources department and also manage other administrative processes centrally.
    • For the prevention and investigation of criminal offences.
    • To guarantee our network and information security (IT security).

Passing on your personal data

We work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to the following categories of recipients:

  • Technical companies
  • Booth builder
  • Transfer services
  • Scientific organisations
  • Event participants
  • Graphic designers
  • Printing services providers
  • Press agencies
  • IT service providers
  • Medical associations

In some cases, your personal data is passed on to the state medical associations on the basis of medical law regulations.

In addition, your personal data is exchanged between us and the associated Falk Foundation e.V.

Categories of data

As part of our print mailing service, we process data categories such as your personal details (surname, first name, title), address of your clinic or practice, customer number as well as information about your profession, specialist area and function.

Sources of collected data (Art. 14 GDPR)

We obtain your personal data listed under "Categories of data" from the following sources - unless a data source is expressly designated as "publicly accessible", it is not publicly accessible:

  • A data source can be a previous business contact with you in which context we received your personal data.
  • In addition, your own internet presence (e.g. your practice website) can serve as a possible publicly accessible data source.
  • Finally, we cooperate with the commercial database provider IQVIA Commercial GmbH & Co. OHG, Unterschweinstiege 2-14, 60549 Frankfurt, which has a broad spectrum of potential data records for various advertising purposes.

Purposes and legal basis of processing your personal data

  • On the basis of our legitimate interest, Art. 6 (1) f) GDPR
    We have a legitimate interest in keeping our company competitive in the pharmaceutical market and in ensuring that the company operates efficiently and stabile. Hence, we inform you about current topics and services of our company by means of postal mailings. We base this on our legitimate interest in advertising our company offer. Our mailings include information on the topics:
    • Scientific information material (such as brochures, journals, etc.)
    • Information on congresses, training courses (both as an announcement in the form of programmes and as follow-up reports or event overviews)
    • Offers and order forms for requesting samples, literature and discounts
    • Information on certified further training (online modules)
    • Overviews of the services offered by Falk Foundation e. V. and Dr. Falk Pharma GmbH as well as the possibility to register for the Falk Gastro Info Newsletter.
    • Product information
    • Information on indications
  • Further legitimate interests arise for us:
    • To assert and defend legal claims.
    • Data is exchanged within associated companies for internal organisational and administrative purposes. This data exchange is necessary for us, for example, if we use the same human resources department and also manage other administrative processes centrally.
    • For the prevention and investigation of criminal offences.
    • To guarantee our network and information security (IT security).

Passing on your personal data

We work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to the following categories of recipients:

  • IT service provider
  • Letter shops

As already mentioned, under pharmaceutical law regulations, we are obliged to provide the competent supervisory authority (Regierungspräsidium Tübingen) with proof of the provision of product samples (including associated personal data) upon request.

Categories of data

When you order a product sample from us, we process data categories such as personal details (surname, first name, title), field, function, address, telephone number, e-mail address and your customer number.

Purposes and legal basis of processing your personal data

  • For the fulfilment of contractual obligations, Art. 6 (1) b) GDPR
    If you give us a written request for a medical sample, we will send you (maximum 2 times a year) a sample together with specialist information as medical information. In this context, your personal data will only be processed in order to process your order, in particular to be able to supply you with the desired samples.
  • On the basis of our legitimate interest, Art. 6 (1) f) GDPR
    We have a legitimate interest in keeping our company competitive in the pharmaceutical market and in ensuring that the company operates efficiently and stabile. We process some of your personal data on the basis of the legitimate interests listed below:
    • To assert and defend legal claims.
    • Data is exchanged within associated companies for internal organisational and administrative purposes. This data exchange is necessary for us, for example, if we use the same human resources department and also manage other administrative processes centrally.
    • For the prevention and investigation of criminal offences.
    • To guarantee our network and information security (IT security).
  • Due to legal requirements, Art. 6 (1) c) GDPR
    When sending product samples to doctors, we are obliged by pharmaceutical law to provide proof of the recipients of samples, as well as of the type, scope and time of the delivery of samples. We must submit this evidence to the competent authority upon request.

Passing on your personal data

We work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to the following categories of recipients:

  • IT service provider
  • Courier service provider

As already mentioned, under pharmaceutical law, we are obliged to provide the competent supervisory authority (Regierungspräsidium Tübingen) with proof of the provision of product samples (including associated personal data) upon request.

In addition, your personal data is exchanged between us and the associated Falk Foundation e.V.

Purposes and legal basis of processing your data

The safety surveillance over medicines (pharmacovigilance) is of enormous importance for the public health. Reporting of side effects or other medicines risks (such as e.g. quality complaints) is important for assessing the safety of our medicines and for the public health in general. We evaluate the data for the purposes of pharmacovigilance and pass them on to the relevant authorities in accordance with statutory reporting obligations. We are obliged to report the information relevant for pharmacovigilance to authorities worldwide. This includes notifications in countries where the level of data protection is not equivalent to the EU. Some of the notifications in those countries are made by our subsidiaries or local distribution partners, who are involved in the data processing for this purpose.

The legal basis for this data processing is Art. 6 (1) c) GDPR in conjunction with the applicable laws on pharmacovigilance and medicines monitoring (e.g. § 63 c of the German Medicines Act (Arzneimittelgesetz); § 22 (1) c) German Data Protection Act (Bundesdatenschutzgesetz)).

Processing for the purpose of medicines monitoring (pharmacovigilance)

The patients themselves, a doctor or another third person (e.g. pharmacist or a member of the press) can report side effects or other medicines risks. We may receive the notification by telephone, mail, e-mail, oral communication or other means.

In the following, the processing of the received data and your rights concerning data protection is explained. For the purpose of pharmacovigilance, we are processing personal data such as:

  • First and last name and contact information (address, telephone number, e-mail address) if the person concerned is also the reporting person;
  • Demographic data such as date of birth, gender, weight and height, ethnic origin;
  • Data on the dosage and use of medication, data on the circumstances and description of the reported event, laboratory and anamnesis data and other relevant information;
  • Disease and treatment information in order to be able to medically evaluate and report the side effect.

Passing on your personal data

Your personal data will first be stored electronically in our safety database. When collecting and processing data, we cooperate with third-party providers (specialised service providers such as pharmacovigilance database operators). These service providers also have access to your personal data in order to support us in the data collection and evaluation and the fulfilment of the related reporting obligations.

We pass on the data to the following recipients (please note that patient data is never passed on with the patient's name):

  • To health authorities based on the statutory reporting obligations and other public bodies (e.g. ethics committees);
  • To subsidiaries of Dr. Falk Pharma GmbH (e.g. affiliates in other countries) and distribution and licensing partners, insofar as they are obliged to report to their competent authorities;
  • Contractual service providers such as consultants, database operators, auditors.

As the reporting person, you are free to provide us with your contact details. In individual cases, we will disclose the name, profession (e.g. doctor), address, e-mail and telephone number of the reporting person to the extent that this data is available to us. This makes it possible for the authorities to contact the reporting person directly.

We have obligated our service providers and cooperation partners to use your personal data only for the provision of the contractual services and compliance with pharmacovigilance obligations and to treat them as confidential.

If the data is passed on to subsidiaries, partnering companies and service providers in non-EU countries, we will contractually work towards ensuring that the EU data protection level is maintained in these cases as well.

Duration of data storage

We will only store your personal data for as long as this is necessary to fulfil the purpose for which it was collected or to fulfil statutory or official requirements. As notifications of medicines risks are important for the public health, they are kept for at least 10 years after the medicines no longer have marketing authorisation in any country. However, the records must be retained longer, if required by law.

Your rights

Regarding your rights, we kindly refer to the corresponding explanations in the preceding general section "Your Rights". However, since pharmacovigilance data are processed on the basis of legal obligations, please note that applicable laws may prevent us from fulfilling requests to delete such data or from restricting their processing.

Purposes and legal basis of the processing of your data

As a research-based company, Dr. Falk Pharma GmbH also conducts clinical trials and non-interventional studies (both referred to jointly as "studies"). As an essential feature of every study, personal data needs to be processed. This especially includes personal data of the patients and healthy subjects who participate in such studies. In addition, for the proper preparation and conduct of a study, we must also process data from a large number of other persons and sometimes report it to authorities and public bodies (such as ethics committees).

The patients and healthy subjects participating in the study receive data protection information and declarations of consent specially prepared for the study. Therefore, this very data protection information is not addressed to patients and healthy subjects but to the following groups of persons:

  • The healthcare professionals with whom we conduct a study or establish or maintain a relationship for future studies (e.g. investigators, study coordinators, pharmacists, auditors);
  • Our business partners who are natural persons like independent pharmacists, pathologists, and other individuals;
  • The employees, representatives or contacts of our business partners who are legal entities (e.g. managing directors of study sites, pharmacists at wholesalers);
  • Employees and representatives of persons, companies, corporations and other organizations with whom we are in contract negotiations or otherwise in the process of establishing a business relationship.

This data protection information is intended for you because we process personal data about you and the protection of your data and your information is very important to us.

Here we explain how we process your personal data (e.g. collect, use, store and transfer). We process all personal data about you in accordance with applicable laws.

The personal data we process may come either directly from you, from our contractual or business partners (i.e. the entity for which you work), from third parties (e.g. medical institutions) or from publicly available sources (e.g. PubMed, ClinicalTrials.gov, congress or university websites) who, with your consent, disclose or pass on such personal data to us. We collect various types of personal data about you, for example:

  • Your general data and contact information (e.g. first name, last name, gender, e-mail address and/or postal address, landline and/or mobile number);
  • Your professional function (e.g. title, position, name of company/employer, and, for healthcare professionals, their therapeutic field, graduation year, publications, congress activities, awards, CV, education, links to universities, expertise and collaboration/contributions to clinical trials, guidelines, editorial offices and organizations);
  • Payment information (e.g. credit card details, bank details, VAT ID or other tax numbers);
  • Information about your scientific and medical activities and cooperation with us, including possible future cooperation.

If you wish to provide us with personal data about other persons (e.g. your employees and colleagues), you must inform them accordingly. You are welcome to provide them with a copy of this privacy statement (either directly or through your employer).

Legal basis

We will only process your personal data if we have a legal basis for doing so. When carrying out a study with medicines, different legal bases come into consideration depending on the group of persons and the processing procedure. Due to the complexity of studies and the diversity of the required interactions and data processing activities, the processing of personal data of one group of persons may sometimes be based on several legal bases.

Against this background, we have outlined some of the legal basis that are applicable for the processing of your personal data here:

  • We process personal data on the basis of your prior consent (Art. 6 (1) a) GDPR). We ask you for this consent in a separate document in which we inform you of the exact purpose of the processing; or
  • The processing is necessary to perform a contract with you or to fulfil pre-contractual obligations (Art. 6 (1) b) GDPR). This can be, for example, the study contract or your employment contract as study staff working for the study site (we assume that you will also receive comprehensive information from your employer in accordance with Art. 13 GDPR); or
  • The processing is necessary in order to comply with our legal and official obligations (Art. 6 (1) c) GDPR). We are legally obliged to forward reports on adverse events and possible side effects of the studied medicines to national and international authorities and ethics committees; or
  • The processing is necessary due to our legitimate interests and your interests or fundamental rights and freedoms are not unreasonably affected (Art. 6 (1) f) GDPR). Within the framework of the selection of suitable study sites, we process and store, for example, personal data of investigators or study nurses, also for possible future study projects for which we would like to contact these persons.

Please note that when processing your personal data on the latter basis ("legitimate interests"), we always try to maintain the balance between our legitimate interests and your privacy and only process the data that is absolutely necessary.

Purposes of the data processing

In the event of studies, data processing is carried out for various purposes. Examples of such purposes are:

  • Planning, preparation, conduct and termination of clinical trials and non-interventional studies (including recruitment and checking of investigators' and other study staff's qualifications for possible new trials);
  • Evaluation and reporting of completed studies and their results;
  • Submission of applications for study approvals or evaluation of the conduct of studies and, subsequently, submission of study reports to regulatory authorities worldwide by us or by one of our contractors for the purpose of applying for an approval of medicines or other regulatory submissions;
  • Perform reporting obligations on adverse events and medicines risks;
  • Publication of study results.

Passing on your personal data

Your personal data will first be stored electronically. When collecting and processing data, we cooperate with third-party providers (specialised service providers such as database operators). These service providers also have access to your personal data in order to support us in data collection and evaluation and the related reporting obligations.

We pass on the data to the following recipients (please note that data is never passed on with the patient’s name):

  • Health authorities within the framework of statutory reporting obligations or other public authorities, e.g. in connection with investigations;
  • Subsidiaries of Dr. Falk Pharma GmbH (e.g. affiliates in other countries);
  • Contractually bound partners (e.g. licensing partners, consultants, service providers such as contract research organizations (CROs), database operators or auditors).

We have obligated our service providers and cooperation partners to use your data only for the provision of the contractual services and performance of contractual or statutory obligations and to treat them as confidential. If the data is passed on to subsidiaries and partner companies as well as service providers in non-EU countries, we will contractually work towards ensuring that the EU data protection level is also observed in these cases.

Duration of data storage

We will only store your personal data for as long as this is necessary to fulfil the purpose for which it was collected or to fulfil legal or official requirements.

In the case of data processing based on contracts, the retention period corresponds to the term of your (or of the contract concluded by you) contract with us, plus the period until the legal claims arising from this contract finally expire, unless mandatory statutory or regulatory regulations (e.g., tax laws) require a longer retention period. After expiry of this period, your personal data will be removed from our active systems.

Your rights

Regarding your rights, we kindly refer to the corresponding remarks in the previous general section "Your Rights" at the top of this page. However, since the processing of data in clinical studies is sometimes subject to legal obligations, please note that the applicable laws may prevent us from fulfilling requests to delete such data or from restricting its processing.

Purposes of the processing of your data

In this section of the data protection information, we explain the data processing and procedures we use to process personal data of our customers, suppliers, service providers and other business partners and the personal data of their employees and representatives (collectively, the "Business Partners").

This data protection information is addressed to you

  • If you as a natural person (e.g. as a consultant or entrepreneur) are a Business Partner of Dr. Falk Pharma GmbH;
  • If you are an employee or representative of a Business Partner, who has a relationship with us on behalf of that Business Partner (e.g., if you work on our projects or represent the Business Partner);
  • If you are an employee or representative of any person, company, corporation or other organization with whom we are in contractual negotiations or otherwise in the process of establishing a business relationship.

In addition, we refer to our other data protection information on this website in connection with the special services of our company and activities described there.

Personal data is processed for the following purposes:

  • Establishing, carrying out, expanding and initiating business relationships (e.g. fulfilment of contractual obligations, implementation of a business cooperation, invitations to events, documentation and expansion of the business relationship, storage for liaising for future business opportunities, invoicing, payment as well as tax and legal purposes);
  • Data exchange with affiliated companies. This data exchange is necessary, for example, when administrative processes are performed centrally by one affiliate;
  • To fulfil statutory or regulatory obligations in Germany and other countries (e.g., notification, disclosure and reporting obligations);
  • Data processing to prevent and investigate criminal offences, to guarantee our network and information security (IT security) and to assert and defend legal claims.

Data categories

We collect and process the following categories of personal data about you that is collected from you or by authorized third parties (e.g. your supervisors, publicly available sources) in connection with our business relationship. This data may include:

  • General data and contact information (e.g. first and last name, academic title, gender, address, telephone number, address, e-mail address, fax number, professional position);
  • Communication and customer relations data (e.g. information on business documents and internet websites, date and time of personal meetings or discussions);
  • Payment details (e.g. bank account details, credit card details);
  • Authentication data for IT systems (e.g. login-data or name, passwords).

Passing on your personal data

Each passing on of your data is subject to a special assessment. We may share your information with the following categories of recipients:

  • Service providers of Dr. Falk Pharma GmbH. They are carefully selected and regularly checked by us. They include IT service providers, database operators, payment service providers and commissioned data processors;
  • Lettershops and printers;
  • Specialist consultants (e.g. accountants, lawyers, tax consultants, auditors);
  • Authorities;
  • Contractual partners of Dr. Falk Pharma GmbH such as distribution and licensing partners, as far as the transfer is necessary for the fulfilment of legal or contractual obligations;
  • Affiliated companies of Dr. Falk Pharma GmbH.

Your data will only be passed on to such persons and only to the extent necessary to fulfil the underlying purpose. With regard to other aspects of passing on your personal data, we also refer to the explanations in the above "General Information" in this data protection information.

Legal basis for data processing

The legal basis for the processing is Art. 6 (1) b) GDPR, if the processing of your personal data is necessary for the performance of a contract or for conducting pre-contractual measures.

As legal basis for the processing, we rely on Art. 6 (1) f) GDPR if the processing is based on legitimate interests (e.g. data processing with associated companies for administrative purposes, data submission to authorities during inspections and inquiries, data processing to ensure IT security or assertion of legal claims).

We may also use Art. 6 (1) c) GDPR as a legal basis if the data processing is necessary for the fulfilment of legal obligations (e.g. fulfilment of notification, disclosure and reporting obligations).

We refer to Art. 6 (1) a) GDPR as the legal basis if the data subject concerned has given us his/her consent to the intended processing of his/her personal data.

If we do not receive information about a person directly from that person, we assume that the Business Partner for whom that person is employed will provide such employee with the necessary data protection information in accordance with Art. 13 GDPR. This includes the specific processing of your personal data based on your capacity as an employee of the respective company or organisation.

Duration of data storage and your rights

With regard to the duration of the storage of your personal data and your rights, we refer to the above explanations in the general part of this data protection information.