Thank you for visiting www.biotest.com, the website of Biotest AG (hereinafter “Biotest”), thus showing your interest in our organization, products and Web pages.
WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA.
Biotest AG, Landsteinerstraße 5, 63303 Dreieich, Germany, is the entity responsible for all personal data that you provide to us in the context of our existing business relationship or for the purpose of starting a business relationship.
CATEGORIES OF PERSONAL DATA COLLECTED BY US
We may collect and process the following categories of personal data in particular:
- Contact details such as full name, position, business address, work phone number, work mobile phone number, work fax number and work email address, mobile device unique identifier and the IP address of your computer if you use our online services.
- Professional information such as specialisations and areas of expertise of healthcare professionals.
- Payment data, such as needed for processing payments (especially in connection with congresses or contractual payment obligations) and for fraud prevention, including credit/debit card numbers, security codes and other related billing information.
- Further business information necessarily processed in a business or other contractual relationship with Biotest or voluntarily provided by you, such as orders placed, purchases, services, any kind of procurement processes and other business activities, product feedback, your lifelong doctor’s ID number (LANR) and other information that you provide us with in the context of a business relationship or that result from it.
- Information about your preferences and interests, which we obtain from web tracking or analysis technologies, especially when using our website or from products or other services that we offer online (e.g. content that we make available for download). For example we may collect information about what content you download from our website and what content you viewed or clicked on in what way.
- Information that we obtain from public sources, databases, and from credit reporting agencies.
- Information that we are entitled to collect in order to fulfil our legal and/or regulatory, in particular pharmacovigilance, obligations, which may include information about legal disputes or legal proceedings that you or people you are in a business relationship with are involved in, or information about interactions with you that could be relevant from an antitrust perspective.
- Special categories of personal data. In connection with the registration for and provision of access to an event or seminar, we may ask for information about your health for the purpose of identifying and being considerate of any disabilities or special dietary requirements you may have. Any such information will be used only with your consent. If you do not provide any such information about disabilities or special dietary requirements, we will not be able to take any respective precautions.
FOR WHICH PURPOSES WE USE YOUR PERSONAL DATA.
We will only process your personal data for the following purposes ("Permitted Purposes"):
- Planning, performing, managing and administering your contractual relationship (or the contractual relationship of your organisation) with Biotest Group, e.g. by performing business transactions and orders of products or services, as part of all procurement processes by Purchasing, among other things processing associated payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services or providing other services which you or your organisation have ordered or requested, or which Biotest has ordered or requested from you.
- Informing and advising within an existing business relationship through similar or associated products or services of Biotest, provided this is permitted under the applicable law.
- We use personal data of medical professionals, depending on their interests and the nature of our collaboration, possibly also in the context of managing and ensuring our drug safety (pharmacovigilance), carrying out research and development projects, e.g. clinical studies, for informing, inviting to and documenting expert panels and advisory boards and other events, and to manage medical queries.
- Maintaining and protecting the safety of our products, services and websites or other systems, preventing and identifying security risks, fraudulent or other criminal or illegal activities.
- To comply with our legal or regulatory obligations. For example, this can include storing sales documents for tax purposes or sending legally required communications and other notifications, compliance screenings or recording obligations (e.g. based on competition law, export law, trade sanctions and embargo regulations or to prevent white-collar crime or money laundering). In this regard, we may be obliged to check your contact or identity data against relevant sanction lists and confirm your identity in case of a possible match, record information about the collaboration with you if this could be relevant under anti-trust law, and notify the competent supervisory authorities, law enforcement agencies or other competent authorities, or support their investigations.
- Settling disputes, fulfilling our contractual agreements and justifying, exercising, or defending legal claims.
- If you have expressly given us your consent or there is another legal basis, we can use your personal data for the following purposes as well:
- Communicating with you through the communication channels in which you have agreed to be kept up to date about the latest announcements, offers and other information about products, technologies and services of Biotest (including marketing newsletters), and events and projects of Biotest;
- To implement the transparency regime of the AKG e.V. (Arzneimittel und Kooperation im Gesundheitswesen [medicinal products and cooperation in the health care sector]) by publishing the asset benefits in EUR/net paid to you as a doctor or health professional on our website http://www.biotest.com every year.
- Administering and carrying out marketing campaigns, market analyses, competitions or other promotional measures or events or
- Profiling and automated processing: We collect information about your preferences on the basis of your activities when you use our websites and any products, downloadable content (e.g. downloading images, documents, information) or other services we offer to you online. On the basis of this information (e.g. which content is downloaded, clicked or viewed for how often and how long), we create a user profile to personalise and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics). The logic behind our profiling activities is to identify areas which may be useful or otherwise of interest for you and to inform you about such areas in a more effective and targeted way. The algorithms used apply this logic and automatically deliver the targeted content or information to you.
Please note: Under the European General Data Protection Regulation (Article 21 (2)) you have the right to object to the use of your personal data for direct marketing purposes, including the profiling described above. Please refer to "Your rights" below for further explanation of your rights and how to exercise them.
With regard to marketing-related types of communication (i.e. emails and phone calls), we will where legally required provide you with such information only after you have opted in and provide you the opportunity to opt out if you do not want to receive further marketing-related types of communication from us.
We will not use your personal data to make automated decisions that affect you or to create profiles in any way other than that described above.
The legal bases for processing of your personal data are set forth in Article 6 of the European General Data Protection Regulation. Depending on the above permitted purposes for which we use your personal data, the processing is either necessary for the performance of a contract or other business agreement with Biotest or for compliance with our legal obligations or for purposes of legitimate interests pursued by Biotest or third parties, always provided that such interests are not overridden by your interests or fundamental rights and freedoms. In addition, the processing may be based on your consent where you have expressly given that to us.
HOW WE COLLECT AND USE YOUR PERSONAL DATA.
We will typically collect your personal data directly from you when you interact with us, e.g. when you visit our website, communicate with us in relation to our products and services, submit an order, register to receive our newsletter or participate in our customer surveys.
Where legally permissible, we may also obtain your personal data from third parties. In particular, we maintain information about the specialisation of healthcare professionals (especially doctors and pharmacists) for information and advice purposes with the help of OneKey, a database operated by IQVIA Commercial GmbH & Co. OHG, Albert Einstein-Allee 3, 64625 Bensheim. If you transmit your data to us directly or we receive it in another way, the data is not automatically stored in the OneKey database. IQVIA may receive a notice from us and then contact you directly to record or update your data. You can opt out of IQVIA recording your data at any time or contact the data protection officer at IQVIA. Of course you can also notify us at any time if you no longer wish to receive further information from us (see further details about this below).
WHERE WE PROCESS YOUR PERSONAL DATA
Biotest is a globally operating enterprise. In the course of our business activities, we may transfer your personal data also to recipients in countries outside the European Economic Area (“third countries”), in which applicable laws do not offer the same level of data protection as the laws of your home country. When doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data, in particular by entering into the EU Standard Contractual Clauses which are available under Standard Contractual Clauses. You may contact us any time using the contact details below if you would like further information on such safeguards.
HOW WE PROTECT YOUR PERSONAL DATA
We maintain physical, electronic and procedural safeguards in accordance with the technical state of the art and legal data protection requirements to protect your personal data. These safeguards include implementing specific technologies and procedures designed to protect your privacy, such as secure servers, firewalls and SSL encryption. We will at all times comply with applicable laws and regulations regarding the confidentiality and security of personal data.
WHO WE SHARE YOUR PERSONAL DATA WITH
We may share your personal data as follows:
- With our affiliates within Biotest Group worldwide if and to the extent required for the Permitted Purposes and legally permitted. In such cases, these entities will then use the Personal Data for the same purposes and under the same conditions as described above. Please refer to our website (https://www.biotest.com/de/en/company/biotest_at_a_glance_/global_locations.cfm)
- for a list of Biotest Group affiliates with contact details.
- We may also instruct service providers (so called data processors) within or outside of Biotest Group, domestically or abroad (e.g. shared service centres or cloud providers), to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. Biotest will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers.
- With courts, law enforcement authorities, regulators or attorneys if legally permitted and necessary to comply with a legal obligation or for the establishment, exercise or defence of legal claims.
- With credit reference agencies and other companies for use in credit decisions, for fraud prevention and to collect debts.
- We share information about the specialisation of healthcare professionals (especially doctors and pharmacists) with IQIVIA Commercial GmbH & Co. OHG for information and advice purposes.
- We may also share your personal data with third parties if we sell or buy any business or assets, in which case we may disclose personal data to the prospective seller or buyer of such business or assets, along with its professional advisers. If Biotest or substantially all of its assets are acquired by a third party, personal data held by us about customers and other contacts will be one of the transferred assets.
- Otherwise, we will disclose your personal data only when you direct or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or when we suspect fraudulent or criminal activities.
HOW LONG WE STORE YOUR PERSONAL DATA.
We will hold your personal data as long as required to provide the services, products or information you have requested and to carry out and administer our business relationship with you. If you have asked us not to communicate with you, we will hold this information as long as required to comply with your request. We are also legally required to keep certain types of personal data for certain periods under applicable law (e.g. due to retention obligations under commercial or tax laws). Your personal data will be promptly deleted when it is no longer required for these purposes.
Subject to certain legal conditions, you may request access to, rectification, erasure or restriction of processing of your personal data. You may also object to processing or request data portability. In particular you have the right to request a copy of the personal data that we hold about you. If you make this request repeatedly, we may make a charge for this. Please refer to Articles 15-22 of the EU General Data Protection Regulation for details on your data protection rights.
If you have given us your consent for the processing of your personal data, you can withdraw your consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. In case consent is withdrawn, we may only further process the personal data where there is another legal ground for the processing or we are legally obliged to do so.
For any of the above requests, please send a brief description of your personal data concerned stating your name, customer number or other identification number (if applicable) as proof of identity to the contact address below or by email to firstname.lastname@example.org. We may require additional proof of identity to protect your personal data against unauthorised access. We will carefully consider your request and may discuss with you how it can best be fulfilled.
If you have any concerns about how your personal data is handled by us or wish to raise a complaint on how we have handled your personal data, you can contact us at the contact address below to have the matter investigated. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the competent data protection supervisory authority in your country.
OBLIGATION TO PROVIDE PERSONAL DATA.
As a general principle, you will provide us with your personal data entirely voluntary; there are generally no detrimental effects on you if you choose not to consent or to provide personal data. However, there are circumstances in which Biotest cannot take action without certain of your personal data, for example because this personal data is required to process your orders, provide you with access to a web offering or newsletter or to carry out a legally required compliance screening. In these cases, it will unfortunately not be possible for Biotest to provide you with what you request without the relevant personal data.
WEB SERVER LOGS.
We evaluate those Web Server logs for statistical purposes on a regular and anonymous basis in order to ascertain which pages of our website are visited. Thereby, we can get a more precise idea as to the use of our website. This is generally referred to as “Web statistics” and it enables us to optimise our services. In addition, we may use that information in cooperation with your Internet provider and/or public authorities in the event of a misuse of the system to locate the originator of such misuse.
This website uses Internet Protocol (IP) addresses. An IP address is a number assigned to your computer by your Internet provider to provide you with access to the Internet. IP addresses are used as a part of the Web Server log data referred to above. To this end, IP addresses will, however, be shortened, or anonymised, by us so that we are unable to derive the names of persons from the IP address.
Some of our Web pages use so-called “web beacons” - also referred to as “single-pixel GIFs” - or measurement codes that render it possible to prepare Web Server logs. A web beacon is a graphic image on a Web page or in an email that renders it possible to track the visited pages. That information is automatically gathered in a Web Server log when you visit our Web pages. The Web Server automatically recognises certain data such as your IP address, the date and time of your visits, the pages on our website visited by you, the website visited by you before, the browser (e.g., Internet Explorer) and operating system (e.g., Windows 7) used by you, as well as the domain name and address of your Internet provider (e.g., AOL).
Please note that your refusal to create cookies on your computer may result in certain restrictions in visits of Web pages of Biotest or in your no longer being able to access certain parts of this website (or linked Web pages).
This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files which are stored on your computer and facilitate an analysis of the use of the website by you. The information regarding the use of the website by you generated by the cookie will normally be transmitted to a server of Google in the USA and will be stored there. In the event of an activation of the IP anonymisation on this website, however, your IP address will be shortened before by Google within the Member States of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server of Google in the USA and be shortened there. Google will use such information on behalf of the operator of this website to analyse your use of the website, to compile reports on the website activities and to provide to the website operator other services relating to the website and Internet use.
The IP address transmitted by your browser through Google Analytics will not be combined with other data by Google. You can prevent the storage of cookies by setting your browser software accordingly; we hereby inform you, however, that you may in such case be unable to use all functions of this website in full. You can also prevent the collection and processing by Google of the data (including your IP address) relating to your use of the website generated by the cookie by downloading and installing the browser plug-in available through the following link. (http://tools.google.com/dlpage/gaoptout?hl=de).
Please note that the transmission of data through the Internet is not secure and that there exists the danger of third parties intercepting and using the data. You are free to provide us with your data by mail or over the phone at any time to the following address or under the following phone number, respectively:
Tel.: +49 - 6103 / 801 - 0
IF I AM UNDER 16 YEARS OLD.
If you are under 16, please make sure that you obtain your parent/guardian’s permission prior to providing us with any of your personal data. Persons under the age of 16 are not permitted to provide us with their personal data without such consent.
AREAS RESERVED FOR QUALIFIED VISITORS.
Based on the German law on advertising in the healthcare sector (Heilmittelwerbegesetz) more information on therapeutic products is available exclusively on a password-protected site. Admission is possible with a DocCheck password only. In order to enter the site you must be a registered user with DocCheck Medical Services GmbH (www.doccheck.de). We use the data solely for the purpose of verifying your access authorisation. This information will not be used as a basis for contacting you again, unless you have given us your express consent to do so. For each login to the restricted site, an authentication request is sent to DocCeck and processed there without revealing your identity to us. http://www.doccheck.de/
REPORTING OF ADVERSE EVENTS
When reporting an adverse event or other pharmacovigilance relevant information to a Biotest product, we will use and share this data solely for pharmacovigilance purposes. Biotest ensures that personal data in the submitted reports are treated in strict confidence according to European General Data Protection Regulation and the German Federal Data Protection Law. All data in the report is collected in our pharmacovigilance database and are processed and evaluated by medical professionals at Biotest. Submission of the printed report is possible via e-mail, mail or fax. Biotest is obliged to report pharmacovigilance relevant information to health authorities worldwide. For further information relating to the purpose of data collection, handling of the reports, retention period and Information requests about the handling of your personal data etc., please note our detailed privacy notice for Pharmacovigilance at https://www.biotest.com/de/en/contact/reporting_of_suspected_adverse.cfm.
INQUIRIES USING THE “CONTACT” FORM.
Under “Contact”, visitors of our Web pages can make inquiries. Please note that personal health-related inquiries cannot be answered there. If you contact us via the website, we may store information such as name, company, industry, postal address, email address, type of query, and other possible information in order to answer your query. This information will not be used as a basis for contacting you again, unless you have given us your express consent to do so. You are entitled to withdraw your consent for the use of your personal data at any time or to have your data deleted. In this case, please contact email@example.com. Please note that normal email correspondence is not a secure means of communication.
LINKS TO OTHER WEBSITES.
This website also contains links to other websites. The guidelines and procedures described here do not apply for these linked websites. May we ask you to visit those websites directly to obtain information regarding data protection, safety, the collection of data and the provisions relating to data transmission. Biotest may not be held liable for any actions taken from, or the contents of, those websites.
HOW TO GET IN TOUCH WITH US.
If you have any further questions on “data protection at Biotest” or if you want to assert your rights, you can contact our Data Protection Officer at the following postal address:
CHANGES TO THIS NOTICE
This Data Privacy Notice was last updated in May 2018. We may make changes to or amend this Notice as required to reflect any changes to the way in which we use your personal data or changing legal requirements. So you may wish to check for changes from time to time or when you provide us with personal information. Changes to the Data Protection Notice will apply from the date they are posted on our website.
MEMO FOR SHAREHOLDERS OF BIOTEST AG
Biotest AG processes personal data taking into account the EU General Data Protection Regulation (GDPR), the Bundesdatenschutzgesetz (German Federal Data Protection Act, BDSG), the Aktiengesetz (German Stock Corporation Act, AktG), and all other relevant legal provisions.
The common shares and preference shares of Biotest AG are individual share certificates and are made out to the bearer. Biotest AG uses your personal data for the purposes set out in company law. In particular, this applies to the technical performance of Annual General Meetings. The financial institutions involved in the acquisition, safekeeping or sale of your Biotest AG shares transfer your personal data (name and class of shares) to Biotest AG for the list of participants required by company law.
Via our website you have the opportunity to inform us of address changes, e-mail addresses or, if applicable, your power of attorney or instructions in advance of the Annual General Meeting of Biotest AG. If you exercise this opportunity, we will use the personal data you provided solely for the purpose of updating our share register in accordance with your information.
The legal basis for processing of your personal data is the German Stock Corporation Act (AktG) in conjunction with GDPR Article 6, Para. 1 c.
If we would like to process your personal data for a purpose not referred to above, we will inform you of this beforehand in the context of legal provisions.
Your data will be shared with the following categories of recipients:
External service providers: For the technical processing of Annual General Meetings, Biotest AG makes use of external service providers. In the context of registering for the Annual General Meeting, these are, for example, companies in the categories of services for printing and shipping the invitation to the Annual General Meeting or for supporting the performance of the Annual General Meeting.
Other recipients: Additionally, it may be required to transmit your personal data to other recipients, to the extent required for compliance with legal obligations. If you participate in an Annual General Meeting, under Section 129 AktG, other Biotest shareholders may consult the data collected on your person in the list of participants required by company law.
We delete your personal data as soon as they are no longer required for the purposes referred to above. For the data collected in conjunction with Annual General Meetings, the retention period is regularly up to three years. It may happen that personal data are retained for the time in which claims against our company may be asserted (statutory limitation periods of three to 30 years). We generally store your personal data to the extent that we are not obligated by law for further storage to provide proof and retention. This results inter alia from the Handelsgesetzbuch (German Commercial Code, HGB), the Abgabenordnung (German Fiscal Code, AO) and the Geldwäschegesetz (German Money Laundering Act). These storage periods amount to up to ten years.
As of May 2018