With this data protection notice we inform you about our handling of your personal data and about your rights according to the European Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG). Responsible for data processing is axunio Pharma GmbH (hereinafter referred to as “we” or “us”).
I. General information
1. Contact us
If you have any questions or suggestions regarding this information or if you wish to contact us about asserting your rights, please send your request to
axunio Pharma GmbH
Van-der-Smissen- Strasse 122767 Hamburg, Germany
Telephone: +49 40 38023214
2. Legal basis
The term “personal data” under data protection law refers to all information relating to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the DSGVO and the BDSG. Data processing by us only takes place based on legal permission. We process personal data only with your consent (Section 15 (3) TMG or Art. 6 (1) a DSGVO), for the performance of a contract to which you are a party, or at your request for the performance of pre-contractual measures (Art. 6 (1) b DSGVO), for the performance of a legal obligation (Art. 6(1)(c) DSGVO) or where processing is necessary for the purposes of protecting our legitimate interests or the legitimate interests of a third party, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data (Art. 6(1)(f) DSGVO).
3. Duration of storage
Unless otherwise stated in the following notes, we only store data for as long as is necessary to achieve the purpose of the processing or to fulfil our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law provisions. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof, as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.
4. CATEGORIES OF RECIPIENTS OF THE DATA
We use processors in the course of processing your data. Processing operations carried out by such processors include, for example, hosting, emailing, maintenance and support of IT systems, marketing activities or file and disk destruction. A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes but carry out data processing exclusively for the data controller and are contractually obliged to guarantee appropriate technical and organisational measures for data protection. In addition, we may transfer your personal data to bodies such as postal and delivery services, the company’s bank, tax advisors/auditors or the tax authorities. Further recipients may be listed in the following notes.
5. TRANSFER OF DATA TO THIRD COUNTRIES
Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is warranted in such third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards pursuant to Article 46 of the GDPR are in place or if one of the conditions of Article 49 of the GDPR is met.
Unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data to third countries. You have the possibility to obtain a copy of these EU standard data protection clauses or to inspect them. To do so, please contact us at the address given under Contact.
If you consent to the transfer of personal data to third countries, the transfer is made on the legal basis of Art. 49 (1) a DSGVO.
6. PROCESSING WHEN YOU EXERCISE YOUR RIGHTS
If you exercise your rights under Articles 15 to 22 of the GDPR, we will process the personal data provided for the purpose of implementing those rights by us and to be able to provide evidence thereof. We will only process data stored for the purpose of providing information and preparing it for this purpose and for the purpose of data protection control and otherwise restrict processing in accordance with Art. 18 DSGVO.
These processing operations are based on the legal basis of Art. 6 para. 1 lit. c DSGVO in conjunction with. Art. 15 to 22 DSGVO and § 34 para. 2 BDSG.
7. Your rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
- In accordance with Art. 15 DSGVO and Section 34 BDSG, you have the right to request information as to whether and, if so, to what extent we are processing personal data relating to you or not.
- You have the right to demand that we correct your data in accordance with Art. 16 DSGVO.
- You have the right to demand that we delete your personal data in accordance with Art. 17 DSGVO and § 35 BDSG.
- You have the right to have the processing of your personal data restricted in accordance with Art. 18 DSGVO.
- You have the right, in accordance with Art. 20 DSGVO, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
- If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Art. 7 (3) DSGVO. Such a revocation does not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
- If you are of the opinion that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.
8. right of objection
In accordance with Article 21(1) of the GDPR, you have the right to object to processing based on the legal basis of Article 6(1)(e) or (f) of the GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to this processing in accordance with Art. 21 (2) and (3) DSGVO.
9. Data protection officer
You can reach our data protection officer at the following contact details:
axunio Pharma GmbH Christian Peter
Phone: +49 40 441809 95
II. DATA PROCESSING ON OUR WEBSITE
When you use the Website, we collect information that you provide yourself. In addition, during your visit to the website, we automatically collect certain information about your use of the website. In data protection law, the IP address is also generally considered to be a personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
1. PROCESSING OF SERVER LOG FILES
During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). This includes by default: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) f DSGVO. This processing serves the technical administration and security of the website. The stored data is deleted after seven days unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject from the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11(2) of the GDPR, unless you provide additional information enabling us to identify you in order to exercise your rights set out in these articles.
2. CONTACT OPTIONS AND ENQUIRIES
During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). This includes by default: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) f DSGVO. This processing serves the technical administration and security of the website. The stored data is deleted after seven days unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject from the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11(2) of the GDPR unless you provide additional information enabling us to identify you in order to exercise your rights set out in those articles.
3. ADVERSE EVENT REPORTS
We are required by law to report suspected adverse reactions and may be required to report them to the relevant public health authority (without names). Your report is of great importance to public health. You can submit the report anonymously or with your personal data. If you have provided your details and agree to this, we may contact you if we have any queries. We will only use and share this information for pharmacovigilance purposes (pharmacovigilance refers to the actions taken to detect, evaluate, understand and prevent adverse effects or other problems associated with medicines).
The contact details are necessary to be able to follow up with the reporter in order to obtain high quality and complete information on suspected adverse drug reactions. If the reporter does not want to provide their contact details to axunio or the authorities, “Data protection” is entered in the field for the reporter’s name.
When you call us, data is automatically transmitted to us for technical reasons, e.g. your telephone number, date and time. In the case of an adverse reaction report, your call will be transferred directly to the department responsible for drug safety. If, in exceptional cases, this is not possible, your contact data will be processed in an e-mail and then transferred to the processing drug safety department so that you can be called back. Please also pass on this information to persons who will be involved on your side as part of the call/phone call, such as family members or patients. We collect, process and use the information provided exclusively for processing your specific request.
If you provide information such as your name in the context of the message by which you can be identified, this data is processed with your consent. The legal basis for data processing is Art. 9 (2) a DSGVO.
axunio is obliged to report information relevant to pharmacovigilance to health authorities in the EU/EEA. The reports contain detailed information about the potential adverse reaction, but personal data will only be used to a limited extent and on the basis of your consent in the “adverse reaction report” form. With regard to the reporter, depending on the information available, the report will contain the name, professional activity, if you are reporting as a healthcare professional (e.g. doctor, pharmacist), address, email address and telephone number.
As adverse event reports are important for public health reasons, reports will be kept for at least 10 years after the product is no longer marketed in any country.
Information on the purposes, providers, technologies used, data stored and the storage period of individual cookies can be found in the cookie settings of our Consent Management Tool, which you can access via the following button:
5. Consent Management Tool
This website uses a consent management banner to control cookies. The consent banner enables users of our website to give consent to certain data processing procedures or to revoke a given consent. By confirming the “I accept” button or by saving individual cookie settings, you consent to the use of the associated cookies. The legal basis under data protection law is your consent within the meaning of Art. 6 (1) a DSGVO.
In addition, the banner helps us to be able to provide evidence of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration. Cookies are also used to collect this data.
The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 letter c in conjunction with Art. 7 para. 1 DSGVO).
6. Google Analytics
We use the Google Analytics service of the provider Google Ireland Limited (Google Ireland/EU) on our website.
Some of this data is information stored in the terminal device you are using. In addition, further information is also stored on your end device via the cookies used. Such storage of information by Google Analytics or access to information already stored in your terminal device will only take place with your consent.
Google Ireland will process the data thus collected on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with further services related to the use of our website and the use of the Internet. In doing so, pseudonymous user profiles can be created from the processed data.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the Google Analytics service is therefore Art. 6 (1) a DSGVO. You can revoke this consent via our Consent Management Tool at any time with effect for the future.
The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google Ireland’s sub-processors maintain facilities. The legal basis for this transfer is the standard contractual clauses for the transfer of personal data to third countries pursuant to Art. 46 para. 2 lit. c DSGVO.
We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google Ireland within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by the user’s browser is not merged with other data.
We use the Google Universal Analytics variant. This enables us to assign interaction data from different devices and from different sessions to a unique user ID. This allows us to put individual user actions in context and analyse long-term relationships.
The data on user actions is stored for a period of 14 months and then automatically deleted. Data whose storage period has expired is automatically deleted once a month. Further information.
We also use the Google Analytics advertising functions (remarketing). This function enables us, in conjunction with the cross-device functions of Google, to display advertisements in a more targeted manner and to present users with ads that are tailored to their interests. Remarketing displays ads and products to users that have been identified as being of interest on other websites in the Google network. The function allows us to link advertising target groups created via Google Analytics Remarketing with the cross-device functions of Google Ads. In this way, interest-based, personalised advertising messages that have been adapted to a user depending on previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another end device of the user (e.g. tablet or PC).
If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every end device on which you log in with your Google account. The aggregation of the collected data in your Google Account is based solely on your consent, which you can give or revoke at Google. For these linked services, data is then collected via Google Analytics for advertising purposes. To support the remarketing function, Google Analytics collects users’ Google-authenticated IDs, which are temporarily linked to our Google Analytics data. This is used to define and create target groups for cross-device ad advertising.
You can also prevent the collection of information generated by the cookie by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout. If you visit our website via a mobile device, you can deactivate Google Analytics by clicking on this link.
You can permanently object to cross-device tracking by deactivating personalised advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/
7. EXTERNAL MEDIA AND THIRD PARTY SERVICES
Our website uses so-called web fonts or icons for the uniform display of fonts or icons, which are provided by the provider Fonticons, Inc. (USA). When you call up a page, your browser loads the required web fonts or icons into your browser cache in order to display texts, fonts and icons correctly.
For this purpose, the browser you are using must establish a connection to the servers of Fonticons, Inc. This enables Fonticons, Inc. to know that our website has been accessed via your IP address. Font Awesome is used to protect our legitimate interests in the optimisation and economic operation of our website and is based on the legal basis of Art. 6 (1) f DSGVO.
b. Google reCAPTCHA
Limited (Ireland/EU). For such integration, processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Google. Google also collects further data, e.g. about your browser and your click behaviour. We use the service for security reasons to check whether form entries are made by a natural person. In this way, automated access attempts and attacks can be recognised and warded off. We are legally obliged to take technically and economically appropriate measures to ensure the security of the portal. The legal basis is Art 6 I c DSGVO in conjunction with. Art. 32 DSGVO and § 19 para. 4 TTDSG.
You can prevent this data processing at any time via the settings of the browser used or certain browser extensions. One such extension is the Matrix-based firewall uMatrix for the browsers Firefox and Google Chrome. Please note that this may result in functional restrictions on the website or portal.
In the case of Google services, the transmission of data to Google Inc. in the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. Users can find further information on data protection at Google in Google’s data protection information: https://www.google.com/policies/privacy
III. DATA PROCESSING ON OUR SOCIAL MEDIA PAGES
We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information about our company and for sharing. Our company has company pages on the following social media platforms:
When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile used also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.
1. VISITING A SOCIAL MEDIA SITE
a. Facebook and Instagram pages
When you visit our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Facebook Ireland Ltd (Ireland/EU – “Facebook”). Further information about the processing of personal data by Facebook can be found at https://www.facebook.com/privacy/explanation. Facebook offers the possibility to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.
b. LinkedIn company page
when you visit our LinkedIn page. Further information about the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymised statistics and insights. This provides us with insights into the types of actions that people take on our page (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. With Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members using the information in the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these insights. The legal basis for this processing is Article 6(1)(f) DSGVO. We have entered into a joint controller agreement with LinkedIn which sets out the allocation of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Accordingly, the following applies:
- LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see dataprotection.ie) or any other supervisory authority.
2. COMMENTS AND DIRECT MESSAGES
We also process information that you have provided to us via our company page on the relevant social media platform. Such information may be the username used, contact details or a message sent to us. These processing operations are carried out by us as the sole data controller. We process this data on the basis of our legitimate interest in contacting people who make enquiries. The legal basis for the data processing is Art. 6 para. 1 letter f DSGVO. Further data processing may take place if you have consented (Art. 6 (1) (a) DSGVO) or if this is necessary to comply with a legal obligation (Art. 6 (1) (c) DSGVO).
Status: December 2021