This privacy policy informs you about our handling of your personal data ("Data"). Your data will only be processed to the extent permitted by law and in compliance with the applicable laws. Insofar as certain processing operations are not listed below, we fulfill our legal information obligations separately. References to statutory provisions refer to the General Data Protection Regulation ("GDPR"), as well as the Federal Data Protection Act ("BDSG").
Insofar as certain processing operations are not listed below, we fulfill our legal information obligations separately. Please also note our
1. Data Controller
Unless otherwise indicated below, the following companies of Vetter ("Vetter") are responsible for the processing of your Data pursuant to Art. 4 (7) GDPR:
Vetter Pharma-Fertigung GmbH & Co. KG, Schützenstraße 87, 88212 Ravensburg.
Vetter Pharma International GmbH, Eywiesenstraße 5, 88212 Ravensburg.
Vetter Development Services Austria GmbH, Römergrund 6, 6830 Rankweil.
All of the companies ("Vetter Companies") are subject to the same internal privacy policies for compliance with all applicable data protection laws and may be either individually or jointly responsible, depending on the context. You may contact any of the aforementioned companies with any privacy concerns you may have. Your concern will then be forwarded.
You can reach Vetter's Data Protection Officer at:
RISCREEN GmbH
Türltorstrasse 4
85276 Pfaffenhofen
E-Mail: dataprotection@vetter-pharma.de
Content
2. Visiting our Web Pages
The Controller for data processing in connection with your visit to the web pages run by Vetter is the Vetter company named in the imprint.
(1) Web Server Logfiles
When you access our web pages, the browser of your end device automatically transmits the following data, which we collect and process in our web server logs:
Type of Data: Connection data (IP address shortened by last 2 digits, called URL as well as previous URL (referrer), date and time of the call, name and size of the requested data), device data (operating system environment, browser type and configuration).
Purposes of Processing: Enabling our servers to communicate with your terminal device. Ensuring the security and integrity of our IT systems. Improving the offer of our websites. Troubleshooting.
Legal Basis: safeguarding our legitimate interest in the operation of our website (Art. 6 (1) lit. f) GDPR).
Storage Period: We process and store your data only for as long as is necessary to achieve the respective purpose and to fulfill our legal obligations. The web server logs are automatically deleted or anonymized after 7 days, unless longer storage is necessary in individual cases (e.g., in the event of attacks on system security).
Recipients: IT service providers with whom we have concluded data processing agreements.
Voluntariness: Without the provision of the data, the use of our websites is not possible.
(2) Cookies and other Technologies
We use cookies and other technologies. You can find details about this in our Cookie Statement. There you can control the use of cookies and set which cookies and technologies you want to use. In addition, you can set your browser to accept or reject cookies. Please note, however, that some areas of our sites may not function properly if you reject cookies.
(3) Social Networks
We maintain presences in various social networks and platforms ("Social Network"). In this context, we are legally considered to be jointly responsible with the respective provider.
In connection with your visits to Social Networks, the provider collects and processes your data to enable you to use the social network and to fulfill the purposes stated in the privacy statements of the providers. For details of this and your rights, please refer below to the information provided by the respective provider.
Vetter process data beyond this only to a very limited extent, as described below under type of data. Vetter maintains presences in the following Social Networks:
Facebook. Facebook is provided by Facebook Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland ("Facebook"). Facebook's privacy policy can be found here.
Facebook collects and uses information you provide to us to provide analytics services (called "Page Insights") so that we can gain insights into how visitors interact with individual pages and related content. Our Joint Controller Addendum can be found here.
Instagram. Instagram is provided by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA You can find Instagram's privacy policy here.
YouTube. YouTube provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland You can find the privacy policy here.
LinkedIn. LinkedIn is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy can be found here.
LinkedIn collects and uses data provided by you to provide us with analytics services (called "Page Insights") so that we can gain insights into how visitors interact with individual pages and related content. Our Joint Controller Addendum can be found here.
Xing. Xing is provided by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany ("XING"). You can find Xing's privacy policy here.
Twitter. The provider of Twitter is Twitter Inc, 1355 Market Street, Suite 900, San Fransisco, CA 94103, USA. You can find the privacy policy here.
Type of Data: Aggregated "insights data" provided by Social Networks that do not allow conclusions to be drawn about individual persons. If you write us messages or posts, we process the data and content you provide in the message or post, such as your first and last name.
Purposes of Processing: Processing of your messages and contributions. Communication with you and the public. Needs-based design and ongoing optimization of our websites and offers.
Legal basis: Safeguarding our legitimate interest in processing inquiries and communicating with you and the public (Art. 6 para. 2 lit. f) GDPR).
Storage Period: We only process your data for as long as is necessary to achieve the respective purpose and to fulfill our legal obligations. We delete messages and posts that you have written to us only in the event that they contain content that violates the terms of use of the Social Network or laws. As a rule, you also have the option of deleting the post yourself. We delete posts and comments at regular intervals, insofar as there are no retention periods to the contrary.
Recipients: IT service providers that we use within the scope of an order processing agreement.
Voluntariness: The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data is not provided, we will not be able to interact with you.
(4) Flockler
We use Flockler, a social media aggregator tool, to curate social media feeds and present social media content that we believe is relevant and inspiring to you. Flockler does not store any information about your visit. However, depending on the platform, social media services may store information about you if you choose to interact with the content (e.g., play a video or visit our social media profile page).
(5) Vetter Brand Hub
The Controller for data processing in connection with your visit to the Vetter Brand Hub is Vetter Pharma-Fertigung GmbH & Co. KG.
Type of Data: First and last name, password (for external users), email address, job title, profile picture, client IP address, log data (see above in Section (1)) and the cookies required for running the Vetter Brand Hub (see Cookie Declaration).
Purposes of Processing: Enabling our servers to communicate with your terminal device. Ensuring the security and integrity of our IT systems. Improving the offer of our websites. Troubleshooting.
Legal Basis: Safeguarding our legitimate interest when providing and ensuring secure operation of the Vetter Brand Hub, asserting and defending legal claims (Art. 6 (1) lit. f) GDPR), fulfilling the terms of a contract in creating a user account (Art. 6 (1) lit. b) GDPR).
Storage Period: We process and store your data only for as long as is necessary to achieve the respective purpose and to fulfill our legal obligations.
Recipients: IT service providers we have selected with due care and with whom we have concluded data processing agreements.
Transfer to a Third Country: In individual cases, personal data may be transferred to third countries (USA) (see Section 9). The security of processing is ensured by the use of standard contractual clauses and additional guarantees.
3. Communication with Vetter
We enable you to communicate with us via all channels (telephone, e-mail, fax, mail, contact forms, etc.). The Vetter-Company to which you send your message or the Vetter-Company named in the imprint of the respective website is responsible for processing.
Type of Data: Information you provide in the communication ("Content Data"), first and last name, address, position, telephone number, e-mail address ("Contact Data") and possibly IP address and time of request ("Connection Data").
Purposes of Processing: Processing of your request.
Legal Basis: If your request is directed towards the conclusion of a contract or the fulfillment of a contract, Article 6 (1) b) GDPR is the legal basis. In all other cases, the legal basis is the protection of our legitimate interest in processing your request (Article 6 (1) (f) GDPR).
Storage period: We only process your data for as long as is necessary to achieve the respective purpose and to fulfill our legal obligations. The data is usually deleted after ten years.
Recipients: IT service providers that we use within the scope of an order processing agreement.
Voluntariness: The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data is not provided, we will not be able to communicate with you.
4. Marketing Communication from Vetter
We send newsletters and other messages to inform you about us and our activities and invite you to events where appropriate. Responsible is the Vetter-Company, which is indicated in the newsletter or message.
Type of Data: First and last name, e-mail address, company ("Contact Data"), tracking information, such as IP address, browser, operating system, time when the newsletter was opened ("Metadata") and evidence of when you registered for the newsletter.
Purposes of the Processing: Sending the marketing communication, measuring the success and reach of the marketing communication at an aggregated level and proving that the sending of the newsletter is lawful.
Legal Basis: If you are a business contact of Vetter or a contact person of a business contact of Vetter, the legal basis is the protection of our legitimate interest in communicating with you, including information about comparable offers (Art. 6 para. 1 lit. f) GDPR. In all other cases, the legal basis is your consent pursuant to Art. 6 (1) a) GDPR.
Storage Period: Your data will only be processed for as long as is necessary to achieve the respective purpose and to fulfill our legal obligations. As a rule, we delete or anonymize your data if you revoke consent or unsubscribe from the newsletter or object to receiving it.
Recipients: IT service providers that we use within the scope of an order processing agreement.
5. Application Process at Vetter
Responsible for processing application documents that you send to us is the Vetter company that conducts the application procedure with you.
Type of Data: Salutation, first and last name, address, e-mail address, telephone number ("Contact Data"), information in the application documents ("Content Data") including such data that fall under the special types of personal data as defined in Art. 9. GDPR, such as a severely disabled status or equality ("Health Data").
Purpose of the Processing: Applicant selection and carrying the application process.
Legal Basis: The legal basis is § 26 BDSG in conjunction with Art. 6 para. 1 lit. b) GDPR and Art. 88 GDPR. The legal basis for the processing of Voluntariness information in the context of the application is § 26 para. 2 BDSG in conjunction with your consent pursuant to Art. 6 para. 1 lit. a) GDPR, Art. 9 para. 2 lit a) GDPR and Art. 88 GDPR.
Storage Period: Your applicant data will be deleted or anonymized four months after the end of the specific application process. If you have also expressed interest in other positions, your data will remain stored for up to 12 months after the last job offer or expression of interest.
Recipients: The data is forwarded within Vetter to the responsible Vetter-Companies and decision-making employees. Other recipients of your personal data also include IT service providers that we use under an order processing agreement.
Voluntariness: The provision of your data is necessary for the application process.
6. Events from Vetter
Responsible for the processing of your data in connection with events is the Vetter-Company, which organizes the event.
Type of Data: First and last name, address, company, telephone number, e-mail address. company, position, title ("Contact Data"). Image recordings and sound recordings of the event in which you or your accompanying persons are recognizable ("Documentation").
Purpose of Processing: Contact details are processed for purposes of organization, implementation and follow-up (e.g. feedback, further invitations). Documentation is done for purposes of press and public relations.
Legal basis: The processing of Contact Data is necessary for the conduct of the event (Art. 6 para. 1 lit. b) GDPR) including the fulfillment of our obligations under tax and commercial law (Art. 6 para. 1 lit. c) GDPR) and to protect our legitimate interest (Art. 6 para. 1 lit. f) GDPR) in the efficient preparation and follow-up of the event. The legal basis for processing the documentation is our legitimate interest in documenting the event we have held for corporate communication and public relations purposes (Art.6 para. 1 lit. f) GDPR). We assume that your interests are sufficiently taken into account in this regard, as you will be informed of this in advance of the event. ck
Storage Period: Image and sound recordings are generally not deleted. All other data is deleted when the event is completed and further storage of the data is no longer necessary to secure evidence. This is usually the case after 10 years.
Recipients: IT service providers that we use under an order processing agreement. Image and sound recordings may be used by us in printed and digital form worldwide free of charge. Recipients may include journalists, media companies, press and photo agencies and Social Networks for the purposes of press and public relations work.
Voluntariness: The provision of Contact Data is mandatory. Without providing this data, participation in events is not possible. The provision of documentation on which you are recognizable is not mandatory. If you do not wish to be photographed or recorded, please inform our staff or representatives at the event location.
7. Video Conferences from Vetter
Responsible for the processing of your data in connection with video conferences, workshops and similar web meetings is the Vetter-Company by which the event is organized.
Type of Data: First and last name, company, address, email address, telephone number ("Contact Data"), IP address, details of the title and time of the video conference, device and hardware information, time stamp ("Metadata"). Video image, voice and text inputs, including recordings of video image, audio and text inputs ("Documentation").
Purpose of the Processing: Invitation and conduct of the video conference together with preparation and follow-up. A recording of the video conference will be made in order to make it available to a wider audience, with the exact purpose being communicated to you at the beginning of the video recording.
Legal basis: Contact Data and Metadata are processed to protect our legitimate interest in conducting the video conference (Art. 6 para. 1 lit. f) GDPR). The legal basis for recording the event is your consent pursuant to Art. 6 para. 1 lit. a GDPR. The legal basis for possible data processing in third countries when using Microsoft Teams is your consent pursuant to Art. 6 (1) a) in conjunction with Art. 49 (1) a) DS-GVO. In the USA, there is no level of data protection comparable to the requirements of the GDPR. Despite security measures taken in the form of standard contractual clauses with supplementary security concessions, it is possible that government agencies access personal data without us or you knowing about it. Effective enforcement of your rights is probably not possible in the USA.
Storage Period: The data is generally deleted when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims.
Recipients: We use software solutions to conduct the video conferences, where data is processed via third-party servers. In particular, we use "Microsoft Teams", a service of Microsoft Corporation based in Redmont, USA. You can find Microsoft's privacy policy here: https://privacy.microsoft.com/de-de/privacystatement
Voluntariness: The provision of Contact Data and Metadata is mandatory. Without this data, the video conference cannot take place. The provision of recordings is usually not mandatory. You will be informed in advance that the conference will be recorded. You can switch off or mute the camera or microphone of your end device yourself at any time via the applications.
8. Recipients of your Data
We may pass on your data to third parties for a specific purpose if this is necessary to carry out or fulfill the above-mentioned purposes. This concerns in particular the transfer to other Vetter-Companies. Furthermore, in individual cases, e.g. in connection with legal disputes, your data may be passed on to specialized service providers (such as consultancies and law firms) and, if required by law or by court or official order, to authorities or other third parties.
We also use various service providers who process your data on our behalf and according to our instructions as part of so-called commissioned processing (Article 28 GDPR). These are in particular technical service providers who perform IT maintenance and services for us as well as providers of cloud services or agents who assist us in processing business transactions, for example by providing customer services, sending marketing information about our products, services and offers.
9. Transfer to Third Countries
To fulfill the purposes stated in this privacy policy, your data may be transferred to countries within and outside the EU or the European Economic Area, in particular to Switzerland and the USA.
For some of these countries, an adequate level of data protection has been established by an adequacy decision of the EU Commission. For countries for which such an adequacy decision does not exist, we ensure compliance with an adequate level of data protection by agreeing on appropriate safeguards, in particular EU standard contractual clauses pursuant to Article 46 of the GDPR, supplemented with additional measures if necessary. For more information on the guarantees, please visit the website of the EU Commission.
In connection with the use of Social Networks and the use of cookies and other technologies in accordance with our Cookie Policy, data is transmitted to third party providers in third countries outside the EEA, which may form usage profiles and enrich your data with data from other websites. By using the offers and accepting corresponding cookies, you revocably consent to these data transfers at any time. This consent also includes your consent to data processing outside the EEA such as in the USA (Art. 49 (1) a) GDPR), where the high European level of data protection does not exist, so that the data may be subject to access by authorities for control and monitoring purposes, against which neither effective legal remedies nor data subject rights can be enforced with any prospect of success. For more information, please refer to the Cookie Policy.
10. Rights of Data Subjects
Data Subjects have the following rights under the GDPR:
(1) Right of Access. According to Art. 15 GDPR, you can find out what data we have stored about you.
(2) Right to Rectification. According to Art. 16 GDPR, you can have incorrect data corrected by us. This applies, for example, to old address data.
(3) Right to Erasure. According to Art. 17 GDPR, you can have data that we store or process about you deleted.
(4) Right to Restriction. According to Art. 18 GDPR, you can have us restrict the processing of your data.
(5) Right of Revocation in the case of given consent. If you have given us your consent to the processing of your data, you may informally revoke this consent at any time with effect for the future. Unless otherwise specified, this is possible in particular by sending an informal e-mail to the person responsible. Please note that in case of publication of the recordings in e.g. print media or on the internet it will not always be possible to remove your data.
(6) Right of Objection. Pursuant to Art. 21 GDPR, you may object in whole or in part to the processing of your data for reasons arising from your particular situation, provided that we process your personal data for the purpose of safeguarding our legitimate interests (Article 6 (1) (f) GDPR). We will then re-examine the interest situation and, if necessary, stop processing your data. Under certain circumstances, we may then no longer be able to provide some services
(7) Right of appeal to the data protection supervisory authority. You also have the right to complain to a competent data protection supervisory authority in accordance with Art. 77 GDPR if you believe that a processing operation violates applicable law.