Information pursuant to Art. 13 and Art. 14 General Data Protection Regulation

Collection of personal data when you visit our website

When you use our website for informational purposes

If you do not register with us or otherwise provide us with information, we only process the personal data that your browser transmits to our server. This includes your IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page) and the access status/HTTP status code (“server log data“). This processing is technically necessary for us to display our website to you and to ensure the stability and security of the website.

The server log data will be deleted after one week.

The legal basis for such processing of the server log data is Art. 6 (1) f) GDPR. We have a legitimate interest in ensuring security and stability when you visit our website. In particular due to the short duration of storing your data, we take your interest into account that your data will not be processed if possible.

You also have the right to object to the processing of server log data pursuant to Art. 21 GDPR. In this case, we will delete this data as soon as you object, unless we can demonstrate that our legitimate interests outweigh your interest.

Registration on our website

Some services require you to register on our website. Personal data that we collect upon registration include, for example, your personal details, job title and your e-mail address. In addition, we require your uniform training number from the state medical associations ("EFN") for individual services. We process the personal data you provide us in the process only for the purpose of using the respective service for which you have registered. The provision of this data is voluntary. However, if you do not wish to provide this information, we will have to refuse the registration.

We store the data collected by us during registration until the purpose for data storage no longer applies. The data are deleted subsequently. However, legal retention periods remain unaffected.

The legal basis for such processing is Art. 6 (1) b) GDPR.

Cookies

We use cookies on our website. Cookies are small text files that are stored on your device during a session (session cookies), until you delete them or until they are automatically deleted by your web browser (permanent cookies). Cookies cannot execute programs or transfer viruses to your device. The use of our websites requires the placement of cookies that are technically necessary for operation (Art. 6 (1) f) GDPR). In addition, you can give us consent to use other cookies (e.g. for analysis and marketing purposes) (Art. 6 (1) a) GDPR).

You can find detailed information about the cookies we use, the storage periods and the respective third-party providers under the following link. There you also have the option to change your cookie settings at any time (give / withdraw consent):

Passing on your data

We partly work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to IT service providers.

In addition, your personal data is exchanged between us and the associated Dr. Falk Pharma GmbH.

Purposes and legal basis of processing your personal data

To decide on the establishment of your employment at our company

We process the following personal data in order to be able to decide on your application with us, whereby we limit ourselves in any case to the extent necessary for us to make a decision. Under these conditions we process personal data such as:

• Data from your cover letter.
• Your personal details and contact address (name, address, date of birth, e-mail address), professional history (previous employments with other companies, job titles, areas of responsibility and achievements), information on schools, universities and higher education institutions, qualifications, certificates and degrees.
• We are also subject to public law obligations in some cases. We have to transfer your personal data to the respective authorities, for example due to labour and social security law, but also for the administration of tax and insurance law regulations.
• To reimburse travel expenses for your job interview, we process your bank details as personal data.

The legal basis for this processing is § 26 (1) sentence 1 Bundesdatenschutzgesetz (“BDSG”).

Special categories of your personal data, such as religious affiliation and health data, will only be processed by us if this is necessary to exercise rights or to fulfil legal obligations under labour law, social security law and social protection law and there is no reason to assume that your legitimate interest in non-processing prevails. The legal basis for this is § 26 (3) BDSG in conjunction with Art. 9 (2) b) GDPR.

Data transfer within associated companies

Data is exchanged within our associated companies for internal organisational and administrative purposes. This data exchange is necessary for us, for example, if we use the same human resources department and also manage other administrative processes centrally.

The legal basis for such processing is Article 6 (1) f) GDPR.

Passing on your personal data

In particular, we work together with the following service providers who may be recipients of your personal data:

• IT service providers
• Insurances
• Certified public accountants
• Tax advisers
• Audit companies

The service providers are carefully selected and regularly checked by us.

Some of your personal data will also be passed on to public authorities, for example the Federal Employment Agency.

In addition, your personal data is exchanged between us and the associated Falk Foundation e.V.

Categories of data

When you order literature from our web shop, we process data categories such as personal details (surname, first name, title), address, e-mail address.

Purposes and legal basis of processing your personal data

• For the fulfilment of contractual obligations, Art. 6 (1) b) GDPR
  We offer you the opportunity to obtain special literature on selected topics via our web shop. In this context, your personal data will only be processed in order to process your order, in particular in order to provide you with the desired literature.
• On the basis of our legitimate interest, Art. 6 (1) f) GDPR
  We have a legitimate interest in keeping our company competitive in the pharmaceutical market and in ensuring that the company operates efficiently and stabile. We process some of your personal data on the basis of the legitimate interests listed below:
  • To assert and defend legal claims.
  • Data is exchanged within associated companies for internal organisational and administrative purposes. This data exchange is necessary for us, for example, if we use the same human resources department and also manage other administrative processes centrally.
  • For the prevention and investigation of criminal offences.
  • To guarantee our network and information security (IT security).

Passing on your personal data

We partly work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to the following categories of recipients:

• International Sales
• IT service providers

In addition, your personal data is exchanged between us and the associated Falk Foundation e.V.

Categories of data

If you attend one of the events organised by Dr. Falk Pharma GmbH as a participant or as a speaker, moderator or a comparable active participant, we process data categories such as personal details (surname, first name), address, e-mail address, your uniform medical association training number, bank account details as well as your profession and field of activity.

Purposes and legal basis of processing your personal data

• For the fulfilment of contractual obligations, Art. 6 (1) b) GDPR
  We process your personal data for the execution of our contracts with you. If you are a participant of one of our events, we will only process your personal data if this is necessary for your participation, for example to assign it to a specific presentation or to print name tags.
  If you participate in a training event as a speaker, moderator or a comparable active participant, we will process your personal data to the extent necessary for preparation, organisation and participation. This includes, for example, the processing of your personal data as part of the organisation of your arrival and departure and your accommodation. In addition, we process your personal data in particular for the creation of name tags, participant lists, certificates and for the assignment to a specific presentation or for other necessary preparations for your contribution as a speaker.
• On the basis of our legitimate interest, Art. 6 (1) f) GDPR
  We have a legitimate interest in keeping our company competitive in the pharmaceutical market and in ensuring that the company operates efficiently and stabile. A processing of personal data is partly based on the following legitimate interests:
  • To assert and defend legal claims.
  • Data is exchanged within associated companies for internal organisational and administrative purposes. This data exchange is necessary for us, for example, if we use the same human resources department and also manage other administrative processes centrally.
  • For the prevention and investigation of criminal offences.
  • To guarantee our network and information security (IT security).

Passing on your personal data

We work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to the following categories of recipients:

• Technical companies
• Booth builder
• Transfer services
• Scientific organisations
• Event participants
• Graphic designers
• Printing services providers
• Press agencies
• IT service providers
• Medical associations

In some cases, your personal data is passed on to the state medical associations on the basis of medical law regulations.

In addition, your personal data is exchanged between us and the associated Falk Foundation e.V.

Categories of data

As part of our print mailing service, we process data categories such as your personal details (surname, first name, title), address of your clinic or practice, customer number as well as information about your profession, specialist area and function.

Sources of collected data (Art. 14 GDPR)

We obtain your personal data listed under "Categories of data" from the following sources - unless a data source is expressly designated as "publicly accessible", it is not publicly accessible:

• A data source can be a previous business contact with you in which context we received your personal data.
• In addition, your own internet presence (e.g. your practice website) can serve as a possible publicly accessible data source.
• Finally, we cooperate with the commercial database provider IQVIA Commercial GmbH & Co. OHG, Unterschweinstiege 2-14, 60549 Frankfurt, which has a broad spectrum of potential data records for various advertising purposes.

Purposes and legal basis of processing your personal data

• On the basis of our legitimate interest, Art. 6 (1) f) GDPR
  We have a legitimate interest in keeping our company competitive in the pharmaceutical market and in ensuring that the company operates efficiently and stabile. Hence, we inform you about current topics and services of our company by means of postal mailings. We base this on our legitimate interest in advertising our company offer. Our mailings include information on the topics:
  • Scientific information material (such as brochures, journals, etc.)
  • Information on congresses, training courses (both as an announcement in the form of programmes and as follow-up reports or event overviews)
  • Offers and order forms for requesting samples, literature and discounts
  • Information on certified further training (online modules)
  • Overviews of the services offered by Falk Foundation e. V. and Dr. Falk Pharma GmbH as well as the possibility to register for the Falk Gastro Info Newsletter.
  • Product information
  • Information on indications
• Further legitimate interests arise for us:
  • To assert and defend legal claims.
  • Data is exchanged within associated companies for internal organisational and administrative purposes. This data exchange is necessary for us, for example, if we use the same human resources department and also manage other administrative processes centrally.
  • For the prevention and investigation of criminal offences.
  • To guarantee our network and information security (IT security).

Passing on your personal data

We work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to the following categories of recipients:

• IT service provider
• Letter shops

As already mentioned, under pharmaceutical law regulations, we are obliged to provide the competent supervisory authority (Regierungspräsidium Tübingen) with proof of the provision of product samples (including associated personal data) upon request.

Categories of data

When you order a product sample from us, we process data categories such as personal details (surname, first name, title), field, function, address, telephone number, e-mail address and your customer number.

Purposes and legal basis of processing your personal data

• For the fulfilment of contractual obligations, Art. 6 (1) b) GDPR
  If you give us a written request for a medical sample, we will send you (maximum 2 times a year) a sample together with specialist information as medical information. In this context, your personal data will only be processed in order to process your order, in particular to be able to supply you with the desired samples.
• On the basis of our legitimate interest, Art. 6 (1) f) GDPR
  We have a legitimate interest in keeping our company competitive in the pharmaceutical market and in ensuring that the company operates efficiently and stabile. We process some of your personal data on the basis of the legitimate interests listed below:
  • To assert and defend legal claims.
  • Data is exchanged within associated companies for internal organisational and administrative purposes. This data exchange is necessary for us, for example, if we use the same human resources department and also manage other administrative processes centrally.
  • For the prevention and investigation of criminal offences.
  • To guarantee our network and information security (IT security).
• Due to legal requirements, Art. 6 (1) c) GDPR
  When sending product samples to doctors, we are obliged by pharmaceutical law to provide proof of the recipients of samples, as well as of the type, scope and time of the delivery of samples. We must submit this evidence to the competent authority upon request.

Passing on your personal data

We work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to the following categories of recipients:

• IT service provider
• Courier service provider

As already mentioned, under pharmaceutical law, we are obliged to provide the competent supervisory authority (Regierungspräsidium Tübingen) with proof of the provision of product samples (including associated personal data) upon request.

In addition, your personal data is exchanged between us and the associated Falk Foundation e.V.

Purposes and legal basis of processing your data

The safety surveillance over medicines (pharmacovigilance) is of enormous importance for the public health. Reporting of side effects or other medicines risks (such as e.g. quality complaints) is important for assessing the safety of our medicines and for the public health in general. We evaluate the data for the purposes of pharmacovigilance and pass them on to the relevant authorities in accordance with statutory reporting obligations. We are obliged to report the information relevant for pharmacovigilance to authorities worldwide. This includes notifications in countries where the level of data protection is not equivalent to the EU. Some of the notifications in those countries are made by our subsidiaries or local distribution partners, who are involved in the data processing for this purpose.

The legal basis for this data processing is Art. 6 (1) c) GDPR in conjunction with the applicable laws on pharmacovigilance and medicines monitoring (e.g. § 63 c of the German Medicines Act (Arzneimittelgesetz); § 22 (1) c) German Data Protection Act (Bundesdatenschutzgesetz)).

Processing for the purpose of medicines monitoring (pharmacovigilance)

The patients themselves, a doctor or another third person (e.g. pharmacist or a member of the press) can report side effects or other medicines risks. We may receive the notification by telephone, mail, e-mail, oral communication or other means.

In the following, the processing of the received data and your rights concerning data protection is explained. For the purpose of pharmacovigilance, we are processing personal data such as:

• First and last name and contact information (address, telephone number, e-mail address) if the person concerned is also the reporting person;
• Demographic data such as date of birth, gender, weight and height, ethnic origin;
• Data on the dosage and use of medication, data on the circumstances and description of the reported event, laboratory and anamnesis data and other relevant information;
• Disease and treatment information in order to be able to medically evaluate and report the side effect.

Passing on your personal data

Your personal data will first be stored electronically in our safety database. When collecting and processing data, we cooperate with third-party providers (specialised service providers such as pharmacovigilance database operators). These service providers also have access to your personal data in order to support us in the data collection and evaluation and the fulfilment of the related reporting obligations.

We pass on the data to the following recipients (please note that patient data is never passed on with the patient's name):

• To health authorities based on the statutory reporting obligations and other public bodies (e.g. ethics committees);
• To subsidiaries of Dr. Falk Pharma GmbH (e.g. affiliates in other countries) and distribution and licensing partners, insofar as they are obliged to report to their competent authorities;
• Contractual service providers such as consultants, database operators, auditors.

As the reporting person, you are free to provide us with your contact details. In individual cases, we will disclose the name, profession (e.g. doctor), address, e-mail and telephone number of the reporting person to the extent that this data is available to us. This makes it possible for the authorities to contact the reporting person directly.

We have obligated our service providers and cooperation partners to use your personal data only for the provision of the contractual services and compliance with pharmacovigilance obligations and to treat them as confidential.

If the data is passed on to subsidiaries, partnering companies and service providers in non-EU countries, we will contractually work towards ensuring that the EU data protection level is maintained in these cases as well.

Duration of data storage

We will only store your personal data for as long as this is necessary to fulfil the purpose for which it was collected or to fulfil statutory or official requirements. As notifications of medicines risks are important for the public health, they are kept for at least 10 years after the medicines no longer have marketing authorisation in any country. However, the records must be retained longer, if required by law.

Your rights

Regarding your rights, we kindly refer to the corresponding explanations in the preceding general section "Your Rights". However, since pharmacovigilance data are processed on the basis of legal obligations, please note that applicable laws may prevent us from fulfilling requests to delete such data or from restricting their processing.

Purposes and legal basis of the processing of your data

As a research-based company, Dr. Falk Pharma GmbH also conducts clinical trials and non-interventional studies (both referred to jointly as "studies"). As an essential feature of every study, personal data needs to be processed. This especially includes personal data of the patients and healthy subjects who participate in such studies. In addition, for the proper preparation and conduct of a study, we must also process data from a large number of other persons and sometimes report it to authorities and public bodies (such as ethics committees).

The patients and healthy subjects participating in the study receive data protection information and declarations of consent specially prepared for the study. Therefore, this very data protection information is not addressed to patients and healthy subjects but to the following groups of persons:

• The healthcare professionals with whom we conduct a study or establish or maintain a relationship for future studies (e.g. investigators, study coordinators, pharmacists, auditors);
• Our business partners who are natural persons like independent pharmacists, pathologists, and other individuals;
• The employees, representatives or contacts of our business partners who are legal entities (e.g. managing directors of study sites, pharmacists at wholesalers);
• Employees and representatives of persons, companies, corporations and other organizations with whom we are in contract negotiations or otherwise in the process of establishing a business relationship.

This data protection information is intended for you because we process personal data about you and the protection of your data and your information is very important to us.

Here we explain how we process your personal data (e.g. collect, use, store and transfer). We process all personal data about you in accordance with applicable laws.

The personal data we process may come either directly from you, from our contractual or business partners (i.e. the entity for which you work), from third parties (e.g. medical institutions) or from publicly available sources (e.g. PubMed, ClinicalTrials.gov, congress or university websites) who, with your consent, disclose or pass on such personal data to us. We collect various types of personal data about you, for example:

• Your general data and contact information (e.g. first name, last name, gender, e-mail address and/or postal address, landline and/or mobile number);
• Your professional function (e.g. title, position, name of company/employer, and, for healthcare professionals, their therapeutic field, graduation year, publications, congress activities, awards, CV, education, links to universities, expertise and collaboration/contributions to clinical trials, guidelines, editorial offices and organizations);
• Payment information (e.g. credit card details, bank details, VAT ID or other tax numbers);
• Information about your scientific and medical activities and cooperation with us, including possible future cooperation.

If you wish to provide us with personal data about other persons (e.g. your employees and colleagues), you must inform them accordingly. You are welcome to provide them with a copy of this privacy statement (either directly or through your employer).

Legal basis

We will only process your personal data if we have a legal basis for doing so. When carrying out a study with medicines, different legal bases come into consideration depending on the group of persons and the processing procedure. Due to the complexity of studies and the diversity of the required interactions and data processing activities, the processing of personal data of one group of persons may sometimes be based on several legal bases.

Against this background, we have outlined some of the legal basis that are applicable for the processing of your personal data here:

• We process personal data on the basis of your prior consent (Art. 6 (1) a) GDPR). We ask you for this consent in a separate document in which we inform you of the exact purpose of the processing; or
• The processing is necessary to perform a contract with you or to fulfil pre-contractual obligations (Art. 6 (1) b) GDPR). This can be, for example, the study contract or your employment contract as study staff working for the study site (we assume that you will also receive comprehensive information from your employer in accordance with Art. 13 GDPR); or
• The processing is necessary in order to comply with our legal and official obligations (Art. 6 (1) c) GDPR). We are legally obliged to forward reports on adverse events and possible side effects of the studied medicines to national and international authorities and ethics committees; or
• The processing is necessary due to our legitimate interests and your interests or fundamental rights and freedoms are not unreasonably affected (Art. 6 (1) f) GDPR). Within the framework of the selection of suitable study sites, we process and store, for example, personal data of investigators or study nurses, also for possible future study projects for which we would like to contact these persons.

Please note that when processing your personal data on the latter basis ("legitimate interests"), we always try to maintain the balance between our legitimate interests and your privacy and only process the data that is absolutely necessary.

Purposes of the data processing

In the event of studies, data processing is carried out for various purposes. Examples of such purposes are:

• Planning, preparation, conduct and termination of clinical trials and non-interventional studies (including recruitment and checking of investigators' and other study staff's qualifications for possible new trials);
• Evaluation and reporting of completed studies and their results;
• Submission of applications for study approvals or evaluation of the conduct of studies and, subsequently, submission of study reports to regulatory authorities worldwide by us or by one of our contractors for the purpose of applying for an approval of medicines or other regulatory submissions;
• Perform reporting obligations on adverse events and medicines risks;
• Publication of study results.

Passing on your personal data

Your personal data will first be stored electronically. When collecting and processing data, we cooperate with third-party providers (specialised service providers such as database operators). These service providers also have access to your personal data in order to support us in data collection and evaluation and the related reporting obligations.

We pass on the data to the following recipients (please note that data is never passed on with the patient’s name):

• Health authorities within the framework of statutory reporting obligations or other public authorities, e.g. in connection with investigations;
• Subsidiaries of Dr. Falk Pharma GmbH (e.g. affiliates in other countries);
• Contractually bound partners (e.g. licensing partners, consultants, service providers such as contract research organizations (CROs), database operators or auditors).

We have obligated our service providers and cooperation partners to use your data only for the provision of the contractual services and performance of contractual or statutory obligations and to treat them as confidential. If the data is passed on to subsidiaries and partner companies as well as service providers in non-EU countries, we will contractually work towards ensuring that the EU data protection level is also observed in these cases.

Duration of data storage

We will only store your personal data for as long as this is necessary to fulfil the purpose for which it was collected or to fulfil legal or official requirements.

In the case of data processing based on contracts, the retention period corresponds to the term of your (or of the contract concluded by you) contract with us, plus the period until the legal claims arising from this contract finally expire, unless mandatory statutory or regulatory regulations (e.g., tax laws) require a longer retention period. After expiry of this period, your personal data will be removed from our active systems.

Your rights

Regarding your rights, we kindly refer to the corresponding remarks in the previous general section "Your Rights" at the top of this page. However, since the processing of data in clinical studies is sometimes subject to legal obligations, please note that the applicable laws may prevent us from fulfilling requests to delete such data or from restricting its processing.

Purposes of the processing of your data

In this section of the data protection information, we explain the data processing and procedures we use to process personal data of our customers, suppliers, service providers and other business partners and the personal data of their employees and representatives (collectively, the "Business Partners").

This data protection information is addressed to you

• If you as a natural person (e.g. as a consultant or entrepreneur) are a Business Partner of Dr. Falk Pharma GmbH;
• If you are an employee or representative of a Business Partner, who has a relationship with us on behalf of that Business Partner (e.g., if you work on our projects or represent the Business Partner);
• If you are an employee or representative of any person, company, corporation or other organization with whom we are in contractual negotiations or otherwise in the process of establishing a business relationship.

In addition, we refer to our other data protection information on this website in connection with the special services of our company and activities described there.

Personal data is processed for the following purposes:

• Establishing, carrying out, expanding and initiating business relationships (e.g. fulfilment of contractual obligations, implementation of a business cooperation, invitations to events, documentation and expansion of the business relationship, storage for liaising for future business opportunities, invoicing, payment as well as tax and legal purposes);
• Data exchange with affiliated companies. This data exchange is necessary, for example, when administrative processes are performed centrally by one affiliate;
• To fulfil statutory or regulatory obligations in Germany and other countries (e.g., notification, disclosure and reporting obligations);
• Data processing to prevent and investigate criminal offences, to guarantee our network and information security (IT security) and to assert and defend legal claims.

Data categories

We collect and process the following categories of personal data about you that is collected from you or by authorized third parties (e.g. your supervisors, publicly available sources) in connection with our business relationship. This data may include:

• General data and contact information (e.g. first and last name, academic title, gender, address, telephone number, address, e-mail address, fax number, professional position);
• Communication and customer relations data (e.g. information on business documents and internet websites, date and time of personal meetings or discussions);
• Payment details (e.g. bank account details, credit card details);
• Authentication data for IT systems (e.g. login-data or name, passwords).

Passing on your personal data

Each passing on of your data is subject to a special assessment. We may share your information with the following categories of recipients:

• Service providers of Dr. Falk Pharma GmbH. They are carefully selected and regularly checked by us. They include IT service providers, database operators, payment service providers and commissioned data processors;
• Lettershops and printers;
• Specialist consultants (e.g. accountants, lawyers, tax consultants, auditors);
• Authorities;
• Contractual partners of Dr. Falk Pharma GmbH such as distribution and licensing partners, as far as the transfer is necessary for the fulfilment of legal or contractual obligations;
• Affiliated companies of Dr. Falk Pharma GmbH.

Your data will only be passed on to such persons and only to the extent necessary to fulfil the underlying purpose. With regard to other aspects of passing on your personal data, we also refer to the explanations in the above "General Information" in this data protection information.

Legal basis for data processing

The legal basis for the processing is Art. 6 (1) b) GDPR, if the processing of your personal data is necessary for the performance of a contract or for conducting pre-contractual measures.

As legal basis for the processing, we rely on Art. 6 (1) f) GDPR if the processing is based on legitimate interests (e.g. data processing with associated companies for administrative purposes, data submission to authorities during inspections and inquiries, data processing to ensure IT security or assertion of legal claims).

We may also use Art. 6 (1) c) GDPR as a legal basis if the data processing is necessary for the fulfilment of legal obligations (e.g. fulfilment of notification, disclosure and reporting obligations).

We refer to Art. 6 (1) a) GDPR as the legal basis if the data subject concerned has given us his/her consent to the intended processing of his/her personal data.

If we do not receive information about a person directly from that person, we assume that the Business Partner for whom that person is employed will provide such employee with the necessary data protection information in accordance with Art. 13 GDPR. This includes the specific processing of your personal data based on your capacity as an employee of the respective company or organisation.

Duration of data storage and your rights

With regard to the duration of the storage of your personal data and your rights, we refer to the above explanations in the general part of this data protection information.

Purposes and legal basis of the processing of your data

Dr. Falk Pharma GmbH regularly conducts online queries (survey, quiz, evaluation, etc.) for example in the context of events or seminars. The purpose of the query and its conduction will be explained to you when you are asked to participate in a query.

Participation in queries may be voluntary or mandatory (e.g., required to obtain a certificate). Unless otherwise described in the query, it is anonymous. All mandatory fields in queries are marked with an *. If you would like to participate anonymously in the query, please do not enter any personal data (e.g., name, e-mail address) in free text fields. In some queries there is the possibility to voluntarily enter personal data (e.g., name, e-mail address, telephone number), so that we can contact you afterwards or to get more detailed results. If you provide us with your personal data, it will be processed exclusively for the purposes of the query.

By sending the query, you give us your consent for the processing of the data you provided (Art. 6 para. 1 lit. a GDPR). This applies to voluntary queries. In the case of mandatory queries, the legal basis for data processing is Art. 6 para. 1 lit. b.

Data categories

• Anonymous participation: no personal data
• Voluntary or mandatory provision of personal data, in particular:
  • E-mail address
  • Telephone number
  • Surname, first name (alternatively: specification of a pseudonym).

To ensure a secure participation in the survey, data transmission is exclusively encrypted. In the process, so-called log data is collected, to prevent, for instance, misuse of the query forms. The log data includes, for example, your IP address. The log data collected is not evaluated or merged with other query data, so that anonymity can be guaranteed.

Passing on your personal data

We work together with certain service providers. These are carefully selected and regularly monitored by us. Under these conditions, recipients of personal data may be:

• Streaming platform providers
• Providers of online conferences
• IT service providers

In some cases, your personal data is passed on to the state medical associations.

In addition, an exchange of your personal data takes place between us and the associated Falk Foundation e.V..

In particular, the Microsoft services Microsoft Forms and Microsoft Dynamics 365 Customer Voice of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA (hereinafter "Microsoft") are used to perform queries. Microsoft stores the data collected as part of the query on servers in Europe. The data transfer is exclusively encrypted. To ensure the confidentiality of your data, we have concluded standard contractual clauses with Microsoft. All further information on data processing by Microsoft can be found at https://privacy.microsoft.com/de-de/privacystatement.

Storage period

We store the results of the query until it is completed, and the internal evaluation is finished. After that, any personal data that may have been collected as part of the query will be set to inactive and made available for deletion.

Your rights

Regarding your rights, we politely refer to the relevant explanations in the preceding general section "Your rights" on the upper part of this page.
 

Specific information can be found under "Data Privacy" at https://drfalkpharma.integrityline.com

As the operator of a LinkedIn Company Page, we act jointly with LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, as follows: LinkedIn, Controllers within the meaning of Article 4 (7) General Data Protection Regulation (GDPR).

As Joint Controllers of the Company Page, we have reached an agreement with LinkedIn which governs the conditions for the use of company pages and similar instances of online presence. The following agreement is critical:

LinkedIn: Page Insights Joint Controller Addendum. Accessible at: LinkedIn Pages Joint Controller Addendum.

LinkedIn may also process personal data in connection with your visit to our company profile. In this case the processing is done without our knowledge and LinkedIn is solely responsible for the processing. You can find more detailed information on data protection in relation to the LinkedIn platform in the LinkedIn Privacy Policy.

When you visit our LinkedIn Page, the personal data of visitors to the page are processed by the Controllers as follows:

Use of insights, analyses and cookies

In connection with operating our LinkedIn Page, we use the analysis functions provided there to obtain statistical analyses on the users of our LinkedIn Page.

We use LinkedIn Page analytics in connection with operating our LinkedIn profile. This is how we obtain information about how our contents are used. Which cookies are used for which purposes by LinkedIn and are then processed in subsequent data processing can be found in the LinkedIn Cookie Policy and the LinkedIn Cookie Table included in the latter. Dr. Falk Pharma has no influence on the data processing conducted by LinkedIn.

Purpose of the processing

We use our LinkedIn Page to communicate with our customers, prospective customers as well as users and to provide information on the services we offer. In this connection, we obtain further information as appropriate e.g. from user comments, private messages or because you follow us or share our content. Processing is done exclusively for the purposes of communication and interaction with you.

Processing should also allow us, as operator of the LinkedIn Page, to obtain statistics based on visits to our social media pages. The aim of this is to manage the marketing of our activities. For example, it enables us to provide you with content that may interest you.

To improve our understanding of how we can promote our business objectives with our LinkedIn Page, the information collected is also used to produce demographic and geographical analyses and to make them available to us. As an example, we may use this information to make targeted interest-based contributions. In doing so, however, we do not obtain any direct knowledge of the user’s identity. If visitors use social media services on several end devices, collection and analysis may also take place across devices and platforms if the visitors in question are registered and logged in with their own profiles.

The visitor statistics produced are transmitted to us exclusively in anonymised form and we have no access to the relevant underlying data.

Legal basis

We operate our LinkedIn Page to introduce ourselves to, and communicate with, the users of this platform and other interested persons who visit our LinkedIn Page. Users’ personal data is processed on the basis of our legitimate interests of an optimised company presentation (Article 6 (1) f) GDPR), on the basis of consents under Article 6 (1) a) GDPR, e.g. for the publication of photos, videos, contributions/posts, and on the basis of legal obligations such as reports on pharmacovigilance.

Disclosure of your personal data

It is possible with LinkedIn that some of the information collected is also processed in the USA outside the European Union. On the basis of standard contractual clauses approved by the European Commission, LinkedIn transfers data to the LinkedIn Corporation 1000 W Maude Ave Sunnyvale, CA, USA. We have no influence on these data processing operations. 

The only parties at Dr. Falk Pharma GmbH that can access your personal data are those departments and their employees who need such access to fulfil one of the purposes named under “Purpose of the processing”, including potential compliance with potential regulatory reporting duties.

If you send us message concerning pharmacovigilance, a medical request or a product complaint via our LinkedIn Page, your data will be stored for regulatory reasons and passed on to business partners or service providers if this is necessary to comply with legal requirements. Dr. Falk Pharma GmbH is also obliged to transfer information relevant to pharmacovigilance to health authorities worldwide. You can find further information on this under “If you report side effects or other safety risks (Pharmacovigilance)”. Please note that we reserve ourselves the right to respond and do not guarantee feedback via our LinkedIn Page. Additionally, we may even be unable to respond under some circumstances because of the strict regulations that apply to us.

Nature of joint responsibility / assertion of data subject rights

The agreement with LinkedIn on joint responsibility states that LinkedIn complies with the rights of data subjects under Articles 12 - 22 GDPR and Articles 31-24 GDPR including the right to information, deletion etc. You can exercise your data subject rights in relation to us and LinkedIn.

Rights to object

The following rights to object in particular are available to you:

LinkedIn: Processing by LinkedIn can be objected to here. You can reach the LinkedIn Data Protection Officer using this form. 

Retention period

You can find out how long data are stored for at LinkedIn from the LinkedIn Privacy Policy and from the LinkedIn Cookie Policy.

Dr. Falk Pharma GmbH only stores your personal data for as long as necessary to fulfil the purpose for which they were collected or to fulfil legal or official requirements. If you contact us via the functions provided (the comment function for example), we only process your data for as long as they are visible to us. You can decide on visibility yourself by removing your relevant data, e.g. by deleting your comments on our LinkedIn Page or your rating.

You can find further information on our social media presence in our Social Media Guidelines.

Purposes and legal basis for the processing of your data

To respond to your request and to store data temporarily for regulatory reasons and tracking. If your request contains information about an adverse reaction or product complaint, your data are processed for the purpose of pharmacovigilance as above (see “If you report side effects or other safety risks (Pharmacovigilance)”).

For the purposes of processing your medical request, we process personal data such as:

• First name and surname and contact information (address, telephone number and email address)
• Demographic data such as date of birth, sex
• Data about the dosage and use of medications, laboratory and medical history data and other relevant information
• Information on disease and treatment

Legal basis

If your request includes information on a potential adverse reaction or product complaint, the legal basis is the fulfilment of legal obligations (Article 6 (1) c) and Article 9 (2) i) GDPR, Section 6b and 63c AMG [German Medicinal Products Act]).

Otherwise, the legal basis is the protection of our legitimate interest in responding to your request (Article 6 (1) f) GDPR).

Duration of data retention

We process and store your data only for as long as necessary to achieve the relevant purpose and to comply with our contractual, legal or official obligations. The duration of data retention essentially depends on the content of your request. Reportable incidents or reports of suspected adverse reactions for example are retained for regulatory reasons for at least 10 years after the market withdrawal of the products in question in the last country where they were offered. However, the documents must be retained for longer, if legal provisions specify this.

Disclosure of your data

In connection with pharmacovigilance and medical requests, your data are stored and passed on to business partners or service providers insofar as necessary to comply with legal requirements. Dr. Falk Pharma GmbH is also obliged to transfer information relevant to pharmacovigilance to health authorities worldwide. You can find further information on this under “If you report side effects or other safety risks (Pharmacovigilance)“.

Your rights to the data

On the matter of your rights, we kindly refer to the corresponding statements in the previous general section “Your rights“. However, as the processing of data on pharmacovigilance is based on legal obligations, please note that the applicable legislation may prevent us from meeting requests to delete these data or to restrict their processing.

Purposes and legal basis for the processing of your data

To process the product complaint and fulfill the legal obligations existing in this connection.

For the purposes of processing your product complaint

• First name and surname and contact information (address, telephone number and email address),

Legal basis

The protection of our legitimate interest in the product complaint (Article 6 (1) f) GDPR) or the fulfilment of legal obligations (Article 6 (1) c) and Article 9 (2) i) GDPR).

Duration of data retention

We process and store your data only for as long as necessary to achieve the relevant purpose and to comply with our contractual, legal or official obligations. The duration of data retention essentially depends on the content of your request. Reportable incidents or reports of suspected adverse reactions for example are retained for regulatory reasons for at least 10 years after the market withdrawal of the products in question in the last country where they were offered. However, the documents must be retained for longer, if legal provisions specify this.

Disclosure of your data

In connection with pharmacovigilance, medical and pharmaceutical requests and product complaints, your data are stored and passed on to business partners or service providers insofar as necessary to comply with legal requirements. Dr. Falk Pharma GmbH is also obliged to transfer information relevant to pharmacovigilance to health authorities worldwide. You can find further information on this under “If you report side effects or other safety risks (Pharmacovigilance)”.

Your rights to the data

On the matter of your rights, we kindly refer to the corresponding statements in the previous general section “Your rights“. However, as the processing of data on pharmacovigilance is based on legal obligations, please note that the applicable legislation may prevent us from meeting requests to delete these data or to restrict their processing.