Privacy Statement

Datenschutz für Kunden der BWT Pharma & Biotech GmbH (PDF-Dokument - Deutsch)
Data Proctection Policy for Customers of BWT Pharma & Biotech GmbH (PDF-Document - English)

Datenschutz für Lieferanten der BWT Pharma & Biotech GmbH (PDF-Dokument - Deutsch)
Data Protection Policy for Suppliers of BWT Pharma & Biotech GmbH (PDF-Document - English)


We, the company BWT Pharma & Biotech GmbH, are pleased that you have visited our website. The protection of your data and your privacy are very important to us. The processing of personal data is always in accordance with the General Data Protection Regulation (GDPR) and in consultation. With this privacy statement, our company would like to inform you about the nature, scope and purpose of the personal data processed by us and to inform you about your rights.

 

1. General remarks

 

The privacy statement of BWT Pharma & Biotech GmbH is based on the definitions set out in GDPR.

"Personal data" means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. "Non-personal data" is pseudonymised and is information that cannot be attributed to data subjects under any circumstances. For this reason, non-personal data is not subject to data protection law.


"Data subject" is any identified or identifiable natural person whose personal data are processed by the processor handling the processing.


"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


"Controller" or "party responsible for processing" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.


"Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

 

"Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

2. Name and address of the controller


BWT Pharma & Biotech GmbH
Carl-Benz-Straße 4

74321 Bietigheim-Bissingen

Telephone: +49 7142 3737-500
Fax: +49 7142 3737-700

E-Mail: office@bwt-pharma.com


Representatives of the controller are the Managing Directors Stephan Stautmeister and Cay Mânsson.

3. Data Protection Officer

 

You can contact our Data Protection Officer at the e-mail address datenschutz@bwt-pharma.com or via our postal address by addressing the correspondence to ”der Datenschutzbeauftragte“ (the Data Protection Officer).

 

4. Processing of personal data

4.1. Visiting our website

4.1.1. Description and scope of data processing

For technical reasons, when you visit our website, your browser transmits the following data to our server (so-called server log files):


  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT) 
  • Content of the requirement (specific page) 
  • Operating system and its access status / HTTP status code 
  • The amount of data transmitted 
  • Website from which the request originates ("referrer URL") 
  • Browser, language and version of the browser software

4.1.2. Purpose of data processing

The storage of this data in log files is necessary for the provision of the website.

4.1.3. Legal basis of the processing

We collect this data on the basis of our legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR to be able to display our website and ensure its security.


4.1.4. Storage duration

Information in the log files is stored for security reasons (e.g. to investigate abusive or fraudulent activities) for a period of seven days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.


4.1.5. Scope for objection and removal

The collection of data for the provision of the website and its storage in log files is essential for operation for technical reasons. There is consequently no scope to object on the part of the user.


4.2. Contact form and e-mail contact

4.2.1. Scope of data processing

A contact form is available on our website, which you can use to send us questions or suggestions electronically. If you use this option, the data entered in the input mask will be transmitted to us and saved. The data in question is: First name, last name, e-mail address, street, zip code, city, phone number, country, message. Alternatively, contact via provided e-mail addresses is possible. In this case, the user's personal data transmitted by e-mail will be stored. In this context, there is no onward transfer. The data is used exclusively to process the conversation and to process the request.


4.2.2. Purpose of data processing

We only process the personal data from the input mask for the purpose of facilitating communication. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending process, such as the IP address, serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

4.2.3. Legal basis of the processing


When contacting us (via contact form or e-mail), the information provided by the user is processed to handle the contact request and its processing in accordance with Article 6 (1) (b) GDPR

 

4.2.4. Storage duration

The data will be erased as soon as it is no longer necessary for fulfilling the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

 

4.2.5. Scope for objection and removal

You have the option to revoke your consent to the processing of your personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In such a case, the conversation cannot continue. In this case you can send an e-mail to office@bwt-pharma.com. All personal data stored in the course of contact will be deleted in this case.

 

4.3. Applications (career)

4.3.1. Scope of data processing

If you are interested in working for BWT Pharma & Biotech GmbH, you can apply online. Under the menu item "Jobs & Career" you will find jobs that we have advertised. You can also send an unsolicited application.

 

If you apply via the Career Form to an advertised position, we process the following personal data: Form of address, title, first name, surname, e-mail address, cover letter as well as the documents you send us. You can also use LinkedIn, XING or softgarden services to upload your CV. In this case you need an account with the respective provider. Please note the privacy statements of these providers in this context.

 

If you send an unsolicited application via the Career Form, we process the following personal data: First name, last name, e-mail address, area of interest, career level, location and the documents you submit to us. You can also use LinkedIn, XING or softgarden services to upload your CV. In this case you need an account with the respective provider.

 

4.3.2. Purpose of data processing

We process personal data for the decision on the establishment of an employment relationship, in particular for the selection process of suitable candidates and the administrative implementation of the application process.

 

4.3.3. Legal basis of the processing


Legal basis is Section 26 (1) German Data Protection Act-revised

4.3.4. Recipients of this personal data

Your personal data may be consulted by the Human Resources Department and the department responsible for filling the vacancy.

 

4.3.5. Collaboration with processors

For data protection order processing pursuant to Art. 28 GDPR, we engage the provider softgarden e-recruiting GmbH, Tauentzienstraße 14, D-10789 Berlin, for the operation, maintenance and hosting of our application management system.

We have taken appropriate legal precautions and appropriate technical and organisational measures to protect personal data in accordance with applicable law.

 

4.3.6. Storage duration

If the application results in an employment relationship, we process this data to establish an employment relationship. These will then be included in our human resource management system.

If the application does not lead to an employment relationship, these data will be deleted, taking into account the time-limit for bringing an action afforded by the General Treatment Act 3 months after completion of the application process, unless the applicant has consent pursuant to Article 6 (1)(a) GDPR and Article 7 GDPR to longer-term retention of his personal data granted in order to considered when new job offers arise.

 

4.3.7. Scope for objection and removal

The information you provide to us can be updated or deleted at any time upon request. To do this, please send an e-mail to personal@bwt-pharma.com. This does not apply if you have applied for a specific position with us in an ongoing application process. In this case, we will store the information you provide for this position until the expiration of the statutory time-limits for bringing an action (in particular Section 15 General Equal Treatment Act).


4.4. Cookies

4.4.1. Scope of data processing

Our website uses cookies. Cookies are small text files that are saved when you visit our website on your computer. Cookies do not harm your computer and do not contain malicious software such as viruses. Cookies contain a characteristic string that allows the browser to be uniquely identified when the website is reopened. Some elements of our website require that the calling browser be identified even after changing page. This website uses transient and persistent cookies.

 

a) Transient cookies are automatically deleted when you close the browser. These include in particular so-called session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. When you return to our website, your computer can be recognised. The session cookies are deleted when you log out or close the browser.

 

b) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

 

4.4.2. Purpose of data processing

We use cookies to make our website attractive and user-friendly, to improve it and to speed up inquiries. Some elements of our website require that the calling browser be identified even after changing page. For these, it is necessary that the browser is recognised even after changing page. These include, for example, log-in information and shopping cart functionalities.

 

4.4.3. Legal basis of data processing

The legal basis for the processing of personal data using the technically necessary cookies is Article 6 (1)(f) GDPR.

4.4.4. Storage duration

Session cookies are deleted as soon as the browser is closed. Persistent cookies are automatically deleted after a specified period of time.

 

4.4.5. Scope for objection and removal

As a user, you have full control over the use of cookies. By changing the settings in your Internet browser, you can set it so that cookies are not stored at all or automatically deleted at the end of your Internet session. To do this, select "Do not accept cookies" in your browser settings. In Microsoft Internet Explorer, select "Tools> Internet Options> Privacy> Settings"; In Firefox, choose “Tools> Settings> Privacy> Cookies”; If you use another internet browser, please refer to the help function of the browser for the instructions regarding the prevention and deletion of cookies. Please note, however, that in this case you may not be able to use all functions of our website.

4.5. Web analysis

4.5.1 Scope of data processing

etracker

The provider of this website uses the services of etracker GmbH based in Hamburg, Germany (www.etracker.com) to analyse usage data. It uses cookies that allow a statistical analysis of the use of this website by its visitors and the display of usage-related content or advertising. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that makes it possible to identify a user.

 

The data generated by etracker are processed and stored by etracker exclusively in Germany on behalf of the provider of this website and are thus subject to the strict German and European data protection laws and standards. etracker was independently audited, certified and awarded the ePrivacyseal privacy seal .

 

Data processing takes place on the legal basis of Art. 6 (1) (f) (legitimate interest) of the EU General Data Protection Regulation (EU GDPR). Our legitimate interest lies in the optimisation of our online offer and our website. Since the privacy of our visitors is particularly important to us, etracker's IP address is anonymised as early as possible and log-in or device identifiers are converted into a unique key that is not assigned to one person. Any other use, merging with other data or a transfer to third parties is not undertaken by etracker.

 

You may object to the above-described data processing at any time, provided the data is personal data. Your objection has no adverse consequences for you.

 


Further information on data protection at etracker can be found here.

I object to the processing of my personal data with etracker on this website.

4.5.2. Purpose of data processing

On our behalf etracker uses this information to evaluate the use of our website and to compile reports on the activities within our website. This enables us to optimise our online offer and our website.


4.5.3. Legal basis of the processing

The data processing serves our legitimate interest in designing targeted advertising. Legal basis is Article 6 (1) (f) GDPR.

5. Data security

In accordance with Article 32 GDPR, we take technical, contractual and organisational security measures for data processing according to the state of the art to ensure a level of protection appropriate to the risk and to protect the data processed by us against destruction, loss, alteration and unauthorised access. One of these security measures is the encrypted transfer of data between your browser and our servers. Please note that SSL encryption is only activated for transmissions made over the Internet if the key symbol appears in the lower menu bar of your browser window and the address begins with https: //. Secure Socket Layer (SSL) protects data transmission against third-party data piracy using encryption technology. If this option is not available, you may choose not to send certain data over the Internet.

 

All information you submit to us will be stored on our servers in the European Union.


6. Cooperation with processors and third parties


Data is transferred to third parties only on the basis of a legal permit. We only transfer the data of the users to third parties if, for example, on the basis of Article 6 (1) (b) GDPR is required for contract purposes or based on legitimate interests in accordance with Article 6 (1)(f) GDPR for the economic and effective operation of our business.


We engage, in accordance with data protection law order processing pursuant to Article 28 GDPR, subcontractors for the provision of our services, in particular for the operation, maintenance and hosting of the online services and IT systems. We have taken appropriate legal precautions and appropriate technical and organisational measures to protect personal data in accordance with applicable law.



7. Integration of services and contents of third parties


We include external services or content on our website. This is done on the basis of our legitimate interests in the analysis, optimisation and economic operation of our online offer within the meaning of Article 6 (1)(f) GDPR.

 

When using such a service or to display third party content, communication data such as date, time and IP address are exchanged between you and the respective provider for technical reasons. Specifically, this is your IP address which is required in order to display content in your browser.


It may be that the provider of the respective services or contents will process your data for further, own purposes. However, as we have no influence on the data collected by third parties and their processing by them, we cannot give any binding information on the purpose and scope of the processing of your data.

 

 

For more information on the purpose and scope of the collection and processing of your data, please refer to the privacy policy of the respectively responsible data protection provider of the services or content we include. The following list provides an overview of third-party providers as well as their contents and links to their data privacy statements, which contain further information on the processing of data and the scope for objection (so-called opt-outs).


  • If you use the payment services of third parties (e.g. PayPal, Visa, Mastercard, giropay), the terms and conditions and the privacy notices of our partner for electronic payment processing (mPAY24), which can be called up in the transaction application, apply.
  • The maps provided in the service "Google Maps" is operated by the third party Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data Privacy Statement: https://www.google.com/policies/privacy/ Opt-Out: https://www.google.com/settings/ads/.
  • Videos hosted on the platform "YouTube" are operated by the third party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data Privacy Statement: https://www.google.com/policies/privacy/ Opt-Out: https://www.google.com/settings/ads/
  • Our online offer includes features of the Google+ service. These features are provided by the third party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged into your Google+ account, you can link the contents of our pages to your Google+ profile by clicking on the Google+ button. This allows Google to associate your visit to our pages with your user account. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Google+. Data Privacy Statement: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/
  • We use social plugins from the Pinterest social network operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA ("Pinterest"). When you visit a page containing such a plugin, your browser connects directly to the servers of Pinterest. The plugin transmits protocol data to the server of Pinterest in the USA. This log data may include your IP address, the address of the websites visited, which also includes Pinterest features, browser type and settings, the date and time of the request, how you use Pinterest, and cookies. Data Privacy Statement https://about.pinterest.com/de/privacy-policy
  • Our online offer includes features of the Instagram service. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, United States. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to our pages with your user account. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Instagram. Data Privacy Statement: http://instagram.com/about/legal/privacy/ .
  • We use features of the network XING. Provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time you visit one of our sites that includes Xing features, it connects to Xing servers. Your personal data is not stored to the best of our knowledge. In particular, no IP addresses are stored or the usage behaviour is evaluated. Data Privacy Statement: https://www.xing.com/app/share?op=data_protection .
  • Features of the social network Facebook are embedded within our website. These features are offered by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

 

The plugins can represent interaction elements or content (e.g. videos, graphics or articles) and can be recognised by one of the Facebook logos (white "f" on blue tile, the terms "Like", "Like" or a "thumbs up" sign ) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/ .

 


Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation ( https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active ).

 


When a user invokes a feature of this online offering that includes such a plugin, their device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the device of the user and incorporated by it into the online offer. In the process, user profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects with this plugin and therefore inform users based on our level of knowledge.

 


By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example, press the Like button or leave a comment, the information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save their IP address. According to Facebook, only an anonymous IP address is stored in Germany.

 


Please refer to Facebook's data privacy guidelines in order to find out about the purpose and extent of data collection and the further processing and use of the data by Facebook as well as your corresponding rights and configurable settings designed to protect your privacy: https://www.facebook.com/about/privacy/.

 


If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and link it to his member data stored on Facebook, he must log out of Facebook and delete his cookies before using our online offer. Other settings and inconsistencies regarding the use of data for promotional purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads

 


8. Your rights

When we process personal information about you, you are a data subject within the meaning of the General Data Protection Regulation (GDPR) and you have the following rights in relation to use regarding the personal data relating to you:

 

  • right to information (Article 15 GDPR)
  • right to rectification (Article 16 GDPR) 
  • right to erasure (Article 17 GDPR) 
  • right to restriction of processing (Article 18 GDPR) 
  • right to data portability (Article 20 GDPR) 
  • right to object to processing (Article 21 GDPR) 
  • right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR).

9. Amendment of the data privacy statement

We reserve the right to change the data privacy statement in order to adapt it to altered legal situations, or to changes in the service and data processing. However, this only applies to statements on data processing. If users' consent is required or elements of the data privacy statement relate to provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.

Please inform yourself regularly about our privacy policy.