Data Protection Notice
This data protection notice describes how your personal data are processed on this website, as well as in connection with job applications, business partner relations, reports of adverse drug reactions, product complaints, and medical inquiries.
1. Who is responsible for processing your personal data?
The controller responsible for processing your personal data is:
ABX advanced biochemical compounds - Biomedizinische Forschungsreagenzien GmbH
Heinrich-Gläser-Str. 10-14
01454 Radeberg, Deutschland
Telefon: +49 (0) 3528 4041 60
E-Mail: info@abx.de
("we", "our" or "us")
2. How can the Data Protection Officer be contacted?
The Data Protection Officer can be reached at the following email address: DPO(at)otsuka-us.com
3. How is your personal data processed?
The categories of personal data that we process, the legal basis for this processing and the purposes of this processing are outlined below.
3.1. Web browsing and log data
- Date and time of access
- IP address
- Website from which the current site was accessed / referrer
- Notification of whether the request was unsuccessful
- Amount of data transferred
- Browser type and browser version
- Operating system
Legal basis for processing: Legitimate Interest (see purpose of processing); Art. 6(1)(f) GDPR
Purpose of processing: Provision of the website; Security of information technology systems
3.2. Cookies
Session-Cookies. Cookies are small files that are stored by a website on a visitor’s computer or mobile device
Legal basis for processing: Legitimate Interest (see purpose of processing); Art. 6(1)(f) GDPR; Section 25(2) TDDDG (German Telecommunications-Digital Services Data Protection Act)
Purpose of processing: Provision of the website
3.3. Captcha Data
- IP address
- Date and time of the request
- Previously visited website (referrer)
- Browser type
- Browser version
- Interaction events (e.g. clicks on individual elements)
- Solution to the puzzle calculated by the device
Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) is a security mechanism used to verify whether a user is a human or an automated program.
Legal basis for processing: Legitimate Interest (see purpose of processing); Art. 6(1)(f) GDPR;Section 25(2) TDDDG (German Telecommunications-Digital Services Data Protection Act)
Purpose of processing: Website security
3.4. Contact request
- Name
- Surname
- Title
- Company
- Country
- E-Mail-address
- Message
Legal basis for processing: Legitimate Interest (see purpose of processing); Art. 6(1)(f) GDPR
Purpose of processing: Responding the contact request
3.5. Job applicant data
- Name
- Surname
- Contact Data
- CV and references
- Message
Legal basis for processing: Performance of pre-contractual measures: Art. 6(1)(b) GDPR; Consent: Art. 6(1)(a) GDPR
Purpose of processing: Processing of your application; Inclusion of rejected applicants in a talent pool if consent is provided
3.6. Business partner data
- Name
- Surname
- Title
- Company
- Position
- E-Mail-address
- Phone Number
- Business documents and correspondence
Legal basis for processing: Performance of contract or pre-contractual measures; Art. 6(1)(b) GDPR; Legitimate Interest (see purpose of processing); Art. 6(1)(f) GDPR
Purpose of processing: Establishment, performance and termination of business relationship
3.7. Data on adverse drug reactions, product complaints and medical enquiries
- Name
- Surname
- Contact data
- Profession
- Age group/age/date of birth
- Gender
- Medical data (on illness, treatment, etc.), if applicable
- Information on adverse events, product complaints or medical enquiries
- Health data
The data may relate to the patient or the person reporting.
Legal basis for processing: Compliance with legal obligations; Art. 6(1)(c) GDPR in conjunction with Art. 9(2)(i) GDPR and Section 63c of the German Medicinal Products Act (Arzneimittelgesetz), Section 20(1) of the Ordinance on the Manufacture of Medicinal Products and Active Substances (AMWHV)
Purpose of processing: Ensuring product safety, quality assurance and compliance with legal obligations regarding the documentation and reporting of adverse drug reactions
4. What is the source of your personal data?
We collect the personal data we process directly from you, for example, when you use our website or contact us (e.g. via email).
Reports concerning adverse drug reactions, product complaints, or medical inquiries may also be submitted by physicians, patients, or other individuals.
5. Social Media
We have a LinkedIn page. LinkedIn is a professional networking platform provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland. Information on data protection at LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy. Information on joint controllership and the associated agreement can be found at https://legal.linkedin.com/pages-joint-controller-addendum. We have agreed that: (1) we are joint controllers with LinkedIn for the processing of Page Insights data; (2) LinkedIn will assume primary responsibility and is principally responsible for providing you with information about the joint processing and enabling you to exercise your rights under the GDPR; (3) the Irish Data Protection Commission will be the lead supervisory authority overseeing the processing under joint controllership.
6. Who receives your personal data?
We disclose your personal data to the following categories of recipients:
a) to our group companies, third-party service providers, and partners who perform data processing services on our behalf or otherwise process personal data for purposes described in this privacy notice or communicated to you at the time your personal data are collected;
b) to competent law enforcement authorities, regulatory bodies, industry associations, government agencies, courts, or other third parties if we believe that disclosure is (i) required under applicable laws or regulations, (ii) necessary for the establishment, exercise, or defense of legal claims (based on our legitimate interest in defending our rights), or (iii) necessary to protect your vital interests or those of another person;
c) to a prospective buyer (and its representatives and advisors) in connection with a proposed purchase, merger, or acquisition of part of our business, provided that we inform the buyer that it may only use your personal data for the purposes stated in this privacy notice (based on our legitimate interest in ensuring business continuity);
d) to any other person with your consent to the disclosure.These recipients may act on our behalf as processors or as independent data controllers.The website is operated by our data processor 3m5. Media GmbH, Schevenstr. 17, 01326 Dresden, Deutschland gehostet.
These recipients may act on our behalf as processors or as independent data controllers.
The website is operated by our data processor 3m5. Media GmbH, Schevenstr. 17, 01326 Dresden, Deutschland.
7. What cross-border data transfers take place?
When sharing your personal data as described in Section 5, we may transfer your personal data across borders. Transfers to recipients in the United Kingdom, Switzerland, and Japan are based on adequacy decisions issued by the European Commission. Transfers to other countries, such as the United States of America, are carried out on the basis of appropriate safeguards, such as the European Commission’s standard contractual clauses. A copy of these safeguards is available upon request. We may also transfer your personal data if the transfer falls under an exception provided for in data protection laws, such as with your explicit consent.
8. Are you required to provide us with your personal data?
You are under no statutory or contractual obligation to provide us with your personal data. However, if you choose not to provide your personal data, we may be unable to properly deliver the website or process your inquiry, application, or report or carry out the business relationship with you.
9. How long is your personal data stored?
9.1. General Criteria
We determine the retention period for your personal data based on the following criteria.
We retain your personal data for as long as necessary in order to:
a) fulfil the purposes described in Section 3,
b) comply with retention obligations under applicable tax and commercial laws as well as regulatory requirements, or
c) establish, exercise or defend legal claims.
If the processing is based on consent, we will delete your personal data once you withdraw your consent.
9.2. Web browsing and log data
Your web browsing and log data are retained for a period of 90 days.
9.3. Cookies
Session cookies are automatically deleted when you close your browser.
9.4. Contact requests
Data relating to your contact requests will be deleted as soon as your inquiry has been answered. Further retention will occur only if we are legally required to do so, for example, under statutory retention obligations for adverse reaction reports on medicinal products.
9.5. Job applicant data
If you withdraw your application or your application is rejected, we will retain your application data for a period of six months in order to establish, exercise or defend legal claims.
If you consent to be included in our talent pool, we will retain your personal data for one year from the date of consent. Should you withdraw your consent, we will delete your personal data without undue delay.
9.6. Business partner data
The data of business partners is stored for the duration of the business relationship and subsequently for the duration of statutory retention periods. The statutory retention periods under commercial and tax law are up to 10 years.
9.7. Data on adverse reactions to medicinal products, product complaints and medical information requests
We store records of adverse reactions for the entire duration of the product’s marketing authorization and for 10 years thereafter.
We store records of product complaints and medical inquiries for 5 years from the date the record was created.
10. What Rights Do You Have Under Data Protection Law?
Under applicable data protection law, you have the following rights. Please note that these rights may be subject to certain legal limitations.
10.1. Right of Access
Pursuant to Article 15 of the GDPR, you have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed. Where that is the case, you are entitled to access your personal data and to receive the information required by law.
10.2. Right to Rectification
In accordance with Article 16 of the GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. You also have the right to have incomplete personal data completed, where appropriate.
10.3. Right to Erasure
Pursuant to Article 17 of the GDPR, you have the right to obtain from us the erasure of your personal data without undue delay where one of the following grounds applies, for example, if your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
10.4. Right to Restriction of Processing
Under Article 18 of the GDPR, you have the right to request the restriction of the processing of your personal data if one of the legal conditions is met, for example, if you have objected to the processing and we are verifying whether our legitimate grounds override yours.
10.5. Right to Object – Article 21 GDPR
You have the right, under Article 21 of the GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. In such cases, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
10.6. Right to Data Portability
According to Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller, where the processing is based on your consent or on a contract with us.
10.7. Right to Withdraw Consent
If your personal data is processed based on your consent, you have the right under Article 7(3) of the GDPR to withdraw that consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out based on the consent before its withdrawal.
10.8. Right to Lodge a Complaint
If you believe that the processing of your personal data violates data protection law, you have the right under Article 77 of the GDPR to lodge a complaint with a supervisory authority. This right exists without prejudice to any other administrative or judicial remedy.
11. How to Contact Us to Exercise Your Data Protection Rights
If you have questions about the protection of your personal data or wish to exercise your data protection rights, you may contact us or our Data Protection Officer. Contact details can be found in Sections 1 and 2.
1. Who is responsible for processing your personal data?
The controller responsible for processing your personal data is:
ABX advanced biochemical compounds - Biomedizinische Forschungsreagenzien GmbH
Heinrich-Gläser-Str. 10-14
01454 Radeberg, Deutschland
Telefon: +49 (0) 3528 4041 60
E-Mail: info@abx.de
("we", "our" or "us")
2. How can the Data Protection Officer be contacted?
The Data Protection Officer can be reached at the following email address: DPO(at)otsuka-us.com
3. How is your personal data processed?
The categories of personal data that we process, the legal basis for this processing and the purposes of this processing are outlined below.
3.1. Web browsing and log data
- Date and time of access
- IP address
- Website from which the current site was accessed / referrer
- Notification of whether the request was unsuccessful
- Amount of data transferred
- Browser type and browser version
- Operating system
Legal basis for processing: Legitimate Interest (see purpose of processing); Art. 6(1)(f) GDPR
Purpose of processing: Provision of the website; Security of information technology systems
3.2. Cookies
Session-Cookies. Cookies are small files that are stored by a website on a visitor’s computer or mobile device
Legal basis for processing: Legitimate Interest (see purpose of processing); Art. 6(1)(f) GDPR; Section 25(2) TDDDG (German Telecommunications-Digital Services Data Protection Act)
Purpose of processing: Provision of the website
3.3. Captcha Data
- IP address
- Date and time of the request
- Previously visited website (referrer)
- Browser type
- Browser version
- Interaction events (e.g. clicks on individual elements)
- Solution to the puzzle calculated by the device
Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) is a security mechanism used to verify whether a user is a human or an automated program.
Legal basis for processing: Legitimate Interest (see purpose of processing); Art. 6(1)(f) GDPR;Section 25(2) TDDDG (German Telecommunications-Digital Services Data Protection Act)
Purpose of processing: Website security
3.4. Contact request
- Name
- Surname
- Title
- Company
- Country
- E-Mail-address
- Message
Legal basis for processing: Legitimate Interest (see purpose of processing); Art. 6(1)(f) GDPR
Purpose of processing: Responding the contact request
3.5. Job applicant data
- Name
- Surname
- Contact Data
- CV and references
- Message
Legal basis for processing: Performance of pre-contractual measures: Art. 6(1)(b) GDPR; Consent: Art. 6(1)(a) GDPR
Purpose of processing: Processing of your application; Inclusion of rejected applicants in a talent pool if consent is provided
3.6. Business partner data
- Name
- Surname
- Title
- Company
- Position
- E-Mail-address
- Phone Number
- Business documents and correspondence
Legal basis for processing: Performance of contract or pre-contractual measures; Art. 6(1)(b) GDPR; Legitimate Interest (see purpose of processing); Art. 6(1)(f) GDPR
Purpose of processing: Establishment, performance and termination of business relationship
3.7. Data on adverse drug reactions, product complaints and medical enquiries
- Name
- Surname
- Contact data
- Profession
- Age group/age/date of birth
- Gender
- Medical data (on illness, treatment, etc.), if applicable
- Information on adverse events, product complaints or medical enquiries
- Health data
The data may relate to the patient or the person reporting.
Legal basis for processing: Compliance with legal obligations; Art. 6(1)(c) GDPR in conjunction with Art. 9(2)(i) GDPR and Section 63c of the German Medicinal Products Act (Arzneimittelgesetz), Section 20(1) of the Ordinance on the Manufacture of Medicinal Products and Active Substances (AMWHV)
Purpose of processing: Ensuring product safety, quality assurance and compliance with legal obligations regarding the documentation and reporting of adverse drug reactions
4. What is the source of your personal data?
We collect the personal data we process directly from you, for example, when you use our website or contact us (e.g. via email).
Reports concerning adverse drug reactions, product complaints, or medical inquiries may also be submitted by physicians, patients, or other individuals.
5. Social Media
We have a LinkedIn page. LinkedIn is a professional networking platform provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland. Information on data protection at LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy. Information on joint controllership and the associated agreement can be found at https://legal.linkedin.com/pages-joint-controller-addendum. We have agreed that: (1) we are joint controllers with LinkedIn for the processing of Page Insights data; (2) LinkedIn will assume primary responsibility and is principally responsible for providing you with information about the joint processing and enabling you to exercise your rights under the GDPR; (3) the Irish Data Protection Commission will be the lead supervisory authority overseeing the processing under joint controllership.
6. Who receives your personal data?
We disclose your personal data to the following categories of recipients:
a) to our group companies, third-party service providers, and partners who perform data processing services on our behalf or otherwise process personal data for purposes described in this privacy notice or communicated to you at the time your personal data are collected;
b) to competent law enforcement authorities, regulatory bodies, industry associations, government agencies, courts, or other third parties if we believe that disclosure is (i) required under applicable laws or regulations, (ii) necessary for the establishment, exercise, or defense of legal claims (based on our legitimate interest in defending our rights), or (iii) necessary to protect your vital interests or those of another person;
c) to a prospective buyer (and its representatives and advisors) in connection with a proposed purchase, merger, or acquisition of part of our business, provided that we inform the buyer that it may only use your personal data for the purposes stated in this privacy notice (based on our legitimate interest in ensuring business continuity);
d) to any other person with your consent to the disclosure.These recipients may act on our behalf as processors or as independent data controllers.The website is operated by our data processor 3m5. Media GmbH, Schevenstr. 17, 01326 Dresden, Deutschland gehostet.
These recipients may act on our behalf as processors or as independent data controllers.
The website is operated by our data processor 3m5. Media GmbH, Schevenstr. 17, 01326 Dresden, Deutschland.
7. What cross-border data transfers take place?
When sharing your personal data as described in Section 5, we may transfer your personal data across borders. Transfers to recipients in the United Kingdom, Switzerland, and Japan are based on adequacy decisions issued by the European Commission. Transfers to other countries, such as the United States of America, are carried out on the basis of appropriate safeguards, such as the European Commission’s standard contractual clauses. A copy of these safeguards is available upon request. We may also transfer your personal data if the transfer falls under an exception provided for in data protection laws, such as with your explicit consent.
8. Are you required to provide us with your personal data?
You are under no statutory or contractual obligation to provide us with your personal data. However, if you choose not to provide your personal data, we may be unable to properly deliver the website or process your inquiry, application, or report or carry out the business relationship with you.
9. How long is your personal data stored?
9.1. General Criteria
We determine the retention period for your personal data based on the following criteria.
We retain your personal data for as long as necessary in order to:
a) fulfil the purposes described in Section 3,
b) comply with retention obligations under applicable tax and commercial laws as well as regulatory requirements, or
c) establish, exercise or defend legal claims.
If the processing is based on consent, we will delete your personal data once you withdraw your consent.
9.2. Web browsing and log data
Your web browsing and log data are retained for a period of 90 days.
9.3. Cookies
Session cookies are automatically deleted when you close your browser.
9.4. Contact requests
Data relating to your contact requests will be deleted as soon as your inquiry has been answered. Further retention will occur only if we are legally required to do so, for example, under statutory retention obligations for adverse reaction reports on medicinal products.
9.5. Job applicant data
If you withdraw your application or your application is rejected, we will retain your application data for a period of six months in order to establish, exercise or defend legal claims.
If you consent to be included in our talent pool, we will retain your personal data for one year from the date of consent. Should you withdraw your consent, we will delete your personal data without undue delay.
9.6. Business partner data
The data of business partners is stored for the duration of the business relationship and subsequently for the duration of statutory retention periods. The statutory retention periods under commercial and tax law are up to 10 years.
9.7. Data on adverse reactions to medicinal products, product complaints and medical information requests
We store records of adverse reactions for the entire duration of the product’s marketing authorization and for 10 years thereafter.
We store records of product complaints and medical inquiries for 5 years from the date the record was created.
10. What Rights Do You Have Under Data Protection Law?
Under applicable data protection law, you have the following rights. Please note that these rights may be subject to certain legal limitations.
10.1. Right of Access
Pursuant to Article 15 of the GDPR, you have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed. Where that is the case, you are entitled to access your personal data and to receive the information required by law.
10.2. Right to Rectification
In accordance with Article 16 of the GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. You also have the right to have incomplete personal data completed, where appropriate.
10.3. Right to Erasure
Pursuant to Article 17 of the GDPR, you have the right to obtain from us the erasure of your personal data without undue delay where one of the following grounds applies, for example, if your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
10.4. Right to Restriction of Processing
Under Article 18 of the GDPR, you have the right to request the restriction of the processing of your personal data if one of the legal conditions is met, for example, if you have objected to the processing and we are verifying whether our legitimate grounds override yours.
10.5. Right to Object – Article 21 GDPR
You have the right, under Article 21 of the GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. In such cases, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
10.6. Right to Data Portability
According to Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller, where the processing is based on your consent or on a contract with us.
10.7. Right to Withdraw Consent
If your personal data is processed based on your consent, you have the right under Article 7(3) of the GDPR to withdraw that consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out based on the consent before its withdrawal.
10.8. Right to Lodge a Complaint
If you believe that the processing of your personal data violates data protection law, you have the right under Article 77 of the GDPR to lodge a complaint with a supervisory authority. This right exists without prejudice to any other administrative or judicial remedy.
11. How to Contact Us to Exercise Your Data Protection Rights
If you have questions about the protection of your personal data or wish to exercise your data protection rights, you may contact us or our Data Protection Officer. Contact details can be found in Sections 1 and 2.