PRIVACY POLICY

Privacy Policy


Corden Pharma International GmbH (hereinafter referred to as Corden Pharma International) takes the protection of your data very seriously and maintains our platform in accordance with the applicable data protection law, which includes the EU General Data Protection Regulation (GDPR). The following illustrates how and to what extent your personal data is processed by our company.

General Information


This privacy policy shall inform you about how Corden Pharma International (Controller) processes data when using our website and related services. Corden Pharma International is responsible for the website and related services:

Controller
Corden Pharma International GmbH
Otto-Hahn-Straße
68723 Plankstadt
Deutschland

Represented by the Managing Directors Heiko Serwe and Dr. Michael Quirmbach
Phone: +49 6202 99 2299
Fax: +49 6202 99 2000

Data Protection Officer
Wolfgang Matzke
KLW GmbH
Parkweg 4
74360 Ilsfeld
Deutschland
Tel.: +49 706 291 591-0
[email protected]
www.klw.de

1. General Information on Data Processing

Scope of personal data processing
We process any personal data disclosed to us by our users only in so far as required for providing a working website as well as that of our content as services. Any processing of personal data of our users regularly only takes place after their consent was obtained. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.

Legal basis for processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) a GDPR as the legal basis.

In the processing of personal data required for the performance of a contract of which the data subject is a contacting party, Art. 6 (1) b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 (1) d GDPR serves as the legal basis.

In case that vital interests of the concerned person or another natural person necessitate the processing of personal data, Art. 6 (1) f GDPR serves as the legal basis.

If the processing is required for safeguarding the legitimate interest of our company or that of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) f GDPR serves as the legal basis for processing.

Duration of storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Besides, data may be stored if this has thus been provided for by European or national legislators in EU regulations, laws or other provisions to which the responsible party is subject.

Data shall also be blocked or deleted in cases when a storage period- stipulated by any of the standards mentioned before expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

2. Collection & Processing of Personal Data When Visiting Our Website

With every visit of our website, our system automatically collects data and information from the computer system of the calling computer. We only collect the personal data such as log data that your browser transmits to our server, which are technically necessary for us to display our website to you and to guarantee stability and security.

When you visit our website, we store certain information as follows:
• Information on the used browser, browser version and operating system
• Information on the service provider
• Information on the IP- address
• Information on the date and time of the visit
• Information on the websites from which the user’s system accessed our website
• Information on the websites the user access via our website

These data are also stored in the log files of our system. There is no joint storage of such data together with other personal data of the user.

Legal basis

The legal basis for the temporary storage of data and log files is Art. 6 (1) f GDPR.

Purpose of data processing

The temporary storage of an IP address by the system is necessary to display our website and set up its content. For this purpose, the user’s IP address must be stored for the duration of the session. Furthermore, the data serves to optimize the website and to guarantee the stability and security. No evaluation of the data for marketing purposes is taking place in this context.

Duration of storage

The data is deleted as soon as it has served the purpose of collection. After the termination of the session, the data will not be saved any longer or will be erased 14 days at the latest.

Option of objection and deletion

The collection of data for providing the website and the storage of such data in log files is indispensable for operating the website. Consequently, there is no possibility of objection on the part of the user.

3. Cookies

Our website uses so-called "cookies". Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (essential cookies). Other cookies are non-essential and used to evaluate user behavior (statistic cookies) or to display advertising (marketing cookies).

Cookies that are necessary to carry out the electronic communication process (essential cookies) are stored on the basis of Art. 6 (1) f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free provision of its services. If consent to store cookies has been requested, the cookies in question are stored exclusively on the basis of this consent (Art. 6 (1) a) GDPR); consent can be revoked at any time.

Statistic and marketing cookies are only activated if there is consent from the website visitor within the cookie banner for this (Art. 6 (1) a) GDPR).

When calling up our website, users are informed by an info banner about the use of non-essential cookies and referred to this privacy policy. The use of non-essential cookies only takes place with the consent of the user in accordance with Art. 6 (1) a) GDPR by consent in the cookie banner. You can revoke your consent at any time by setting the non-essential cookies to inactive in the cookie setting.

3.1. Analysis Tools & Third-party Tools

a) Google Analytics

For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, for customizing and optimizing our website by analyzing the user’s activity. The legal basis for this is your consent in the cookie banner according to Art. 6 (1) a) GDPR. You can revoke your consent at any time by setting the cookies to inactive in the cookie setting.

In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website such as

- browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request,

are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for the purposes of market research and demand-oriented design of these web pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (a href="https://tools.google.com/dlpage/gaoptout?hl=de "https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially with browsers on mobile devices, you can also prevent the collection by Google Analytics by installing the Google Analytics Opt-out Browser-Add-on. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

b) Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a solution operated by Google LLC. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register personal data. The tool causes other tags to be activated which may, for their part, register data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.

c) Google Web Fonts

Our website uses Google Web Fonts to represent the fonts as provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. If your browser does not support web fonts, your computer will display standard fonts. For further information, please visit https://developers.google.com/fonts/faq or https://www.google.com/policies/privacy/.

d) Google Maps

On this website, we use the Google Maps service provided by Google Dublin, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The legal basis for this is your consent in the cookie banner according to Art. 6 (1) a) GDPR. You can revoke your consent at any time by setting the cookies to inactive in the cookie setting.

This website uses Google Maps API to visually display geographical information. When using Google Maps, Google also collects, processes and uses data about visitors' use of the map functions. You can find more information about data processing by Google in the Google privacy policy: https://policies.google.com/privacy. There you can also change your personal privacy settings in the Privacy Center.

e) Pardot by Salesforce

This website uses Pardot, LLC, a Salesforce Company, to improve marketing initiatives and this includes also the use of cookies.

Pardot sets first-party cookies for tracking purposes and sets third-party cookies for redundancy. The cookies are used as a unique identifier and do not save personally identifying information.

Please visit Pardot’s privacy policy for further information on data storage and security: https://www.salesforce.com/company/privacy/ and for more information about Pardot’s Cookie and Activity Tracking Policy please visit https://help.salesforce.com/articleView?id=pardot_basics_cookies.htm&type=5

The legal basis for this is your consent in the cookie banner according to Art. 6 (1) a) GDPR. You can revoke your consent at any time by setting the cookies to inactive in the cookie setting.

f) YouTube

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video - establishes a connection to the Google DoubleClick network. Therefore, the videos were additionally prevented from direct data transmission to YouTube by an image file preceding the video. This means that no data about users is transmitted to YouTube as long as videos are not played. Only when the video is played, data is transmitted to YouTube.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can save various cookies on your end device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts. Cookies remain on your device until you delete them.

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control. YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) f) GDPR. If a corresponding consent was requested, the processing is based exclusively on Art. 6 (1) a) GDPR; the consent can be revoked at any time. For more information about data protection at YouTube, please see their privacy policy at: https://policies.google.com/privacy?hl=de.

g) Vimeo

This website embeds videos from Vimeo. The operator of the pages is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When a page with an integrated Vimeo plugin is called up, a connection to the Vimeo servers is not immediately established. Instead, a local image ("thumbnail") is loaded to announce the video and refer to Vimeo as a third-party provider. Users must actively start the Vimeo video. Only then does Vimeo learn the IP address of your end device and the page with Vimeo video that you have just called up, even if you are not logged into the video portal or do not have an account there.

Vimeo can assign your surfing behavior directly to your personal profile. By logging out beforehand, you have the option to prevent this. The use of Vimeo only takes place with your consent by your active start of the video in terms of Art. 6 (1) a) GDPR.

Details on the handling of user data can be found in Vimeo's privacy policy at: https://vimeo.com/privacy

h) Campaign Manager (formerly: Google DoubleClick)

This website uses the Campaign Manager, formerly Google DoubleClick of the company Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. DoubleClick uses cookies in order to show relevant advertisements to users, to improve reporting on campaign performance, and if the frequency capping feature is enabled to prevent users from seeing the same advertisements multiple times. Using a cookie ID, Google can register which advertisements have been shown in which browser, preventing users from seeing the same advertisement multiple times. Besides, DoubleClick can use cookie IDs to record what are known as conversions, which are related to ad requests.

A conversion happens if, e.g., a user sees a DoubleClick advertisement and then later visits the advertiser’s website and makes purchase using the same browser. According to Google, DoubleClick cookies do not contain any personal information.

Due to the use of DoubleClick, your browser automatically establishes a direct connection to the Google server. We do not have any influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating DoubleClick, Google receives information that you have accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

For further information on DoubleClick by Google please visit https://www.doubleclickbygoogle.com and on data protection at Google in general visit https://policies.google.com/privacy?hl=en.

There are a number of ways in which you can opt out of participation in Google AdWords and DoubleClick:

By making the appropriate settings in your browser; in particular, suppressing third-party cookies means that you will not receive advertisements from third parties.

By disabling the cookies for conversion tracking by setting your browser to refuse cookies from the domain www.googleadservices.com – see https://www.google.co.uk/settings/ads. This setting will be undone once you delete your cookies.

By disabling interest-based advertising by providers that participate in the About Ads self-regulatory program at http://www.aboutads.info/choices. This setting will be undone once you delete your cookies.

By permanently opting out: http://www.google.com/settings/ads/plugin when using Firefox, Internet Explorer or Google Chrome. Please note that you may not be able to use all of the functions on this website if you do this.

The legal basis for this is your consent in the cookie banner according to Art. 6 (1) a) GDPR. You can revoke your consent at any time by setting the cookies to inactive in the cookie setting.

4. Newsletter

On our website there is the possibility to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us.

For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy. If you have given your consent, we will send you a newsletter to inform you about news on our products and services and to point out offers of our dealers and distributors or other third parties. Your data will not be passed on by us to those third parties to whose offers we refer you through the newsletter, unless you have consented to this.

The legal basis for the processing of the data after registration for the newsletter by the user is, if the user has given his consent, Art. 6 (1) a) GDPR.

Consent to the storage of personal data can be revoked at any time, for this you can unsubscribe from the newsletter at any time by clicking on the corresponding link at the end of the e-mail. You can also revoke this consent at any time with effect for the future by unsubscribing via https://info.cordenpharma.com/l/68932/2017-02-10/5py52z.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's personal data will be stored as long as the subscription to the newsletter is active.

5. Cross Border Data Transfers

Within the scope of our information sharing activities set out above, your personal data may be transferred to other countries (including countries outside the EEA) which may have different data protection standards than your country of residence. We have proper guarantees with the involved third parties in place (e.g. other operating the websites on our behalf) to ensure an adequate level of protection for personal data. Please note that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavor to take reasonable measures to keep up adequate level of data protection also when sharing your personal data with such countries.

In the case of a transfer outside of the EEA, this transfer is safeguarded by EU Standard Contractual Clauses.

6. Contact Form & Contact by E-Mail

We provide a contact form which can be used to contact us electronically. If you contact us by using the contact form, we will process the information you provide to contact you and answer your questions and requests.

Description and scope of data processing

Following information must be entered in the contact form “tell us about yourself”::
- First name
- Last name
- Phone
- Company Name
- Country
- Newsletter opt-in
- Buyer or seller
- Comments

Furthermore, following information will also be saved:
- IP- address
- Date and time of the registration

Alternatively, you can contact us via E-Mail. In this case, all the personal data transmitted via E-Mail will be stored.

Purpose of data processing

We will process the personal data provided solely for the purpose of processing your enquiry. The other personal data processed during the dispatching process serve to prevent any misuse of the contact form and ensure the security of our information technology system.

Furthermore, your consent is obtained for the processing of the data during the course of the dispatching process and reference is made to this privacy policy. In this context, the data will not be passed on to third parties. The data is used only for processing the conversation. Your personal data will not be disclosed to third parties for purposes other than those listed below.

We will only pass on your personal data to third parties if,
- You have given express consent pursuant to Art. 6 (1) a GDPR,
- A legal obligation exists for the disclosure pursuant to Art. 6 (1) c GDPR and
- This is legally permissible and is necessary for the processing of contractual relationships with you pursuant to Art. 6 (1) b GDPR.

Legal basis

The legal basis for the processing of data is Art. 6 (1) a GDPR if the user’s consent has been given and for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) f GDPR.

If the purpose of the e-mail contact is the conclusion of a contract, then the additional legal basis for the processing is Art. 6 (1) f GDPR. If the purpose of the e-mail contact is the conclusion of a contract, or the contact form is used, then the additional legal basis for the processing is Art. 6 (1) b GDPR.

Duration of storage

The data will be deleted as soon as the purpose for which they were collected is fulfilled. That is the case for the personal data from the input mask of the contact form and those sent by e-mail, when the respective conversation with the user is finished. Any conversation is considered as terminated when the inquiry is completely clarified and there is no need for a follow- up. The additional personal data collected during the dispatching process are deleted after a period of 14 days at the latest.
Possibility of objection and elimination

The user has the chance at any time to revoke his consent to the processing of personal data. If the user contacts us by e-mail, he can object the saving of his personal data at any time. Consequently, the conversation cannot be continued and the transmitted data will be erased.

7. Application Procedure

The data provided to us with your application will only be used for the corresponding selection procedure and for the preparation of a possible employment.

Scope of personal data processing

We process data that you provide to us when you apply for an advertised position or send us an unsolicited application (personal data, contact data, data on education, data on your professional career to date, cover letter, resume, portrait photo, references, etc.) in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process.

We need this data to be able to carry out your application procedure.

Legal basis and consent

a) Data processing for purposes of the employment relationship

Your personal data will be processed for the purpose of personnel selection to fill open positions, i.e. to initiate an employment contract. The necessity and the scope of the data collection are assessed, among other things, according to the position to be filled. If your intended position involves the performance of particularly confidential tasks, increased personnel and / or financial responsibility, or is linked to certain physical and health requirements, more extensive data collection may be necessary. The legal basis is § 26 (1) of the Bundesdatenschutzgesetz (BDSG).

b) Based on your consent

If you have given us consent to process certain personal data, then this consent forms the legal basis for the processing of this data according to Art. 6 (1) a) GDPR, §26 (2) BDSG.

In the following cases, we process your personal data on the basis of consent given by you:
- Inclusion in the applicant pool, i.e. we store the application documents and other data created about you in the course of the application process beyond the current application process for consideration in subsequent application processes.
- If we base data processing on your consent, you have the right to revoke your consent at any time with effect for the future. If possible, please send your revocation by e-mail to [email protected] The lawfulness of the processing of your data up to the time of the revocation remains unaffected.
c) In the context of legitimate interests (Art. 6 (1) f) GDPR).

In certain cases, we process your data to protect a legitimate interest of us or of third parties, provided that your interests or fundamental rights and freedoms do not prevail. A legitimate interest exists, for example, if your data is required for the assertion, exercise or defense of legal claims in the context of the application process. In the event of a legal dispute, we have a legitimate interest in processing the data for evidence purposes.

Transfer of data

Your data will only be passed on to the employees in the personnel department who are responsible for the application process, as well as to the employees of the respective specialist departments, insofar as this is necessary for the decision on the establishment of the employment relationship.

Duration of storage

We store your personal data only for as long as we need it for the application process. If you have not given your consent for further processing of your data (e.g. for the applicant pool), your application data will be stored for six months after completion of the application process for an advertised position and then deleted.

If no employment relationship is established, but you have given us your consent for the further storage of your data (applicant pool), we will store your data until you revoke your consent, but for no longer than 24 months.

If your application leads to an employment contract, your personal data will be stored in your personal file. After the termination of the employment contract the data will be deleted as far as no statutory period of time for safeguarding is given.

8. Privacy Notice for Customers

Scope of personal data processing

We process data that we receive from the business relationship with you. We receive the data directly from you, e.g. in the context of concluding a contract or placing an order.

Specifically, we process the following data:
- Master data from the contract documents (e.g. name, address and contact details, bank details).
- Data in connection with the performance of the contract (e.g. subject matter of the contract, delivery address, method and manner of payment) Correspondence (e.g. correspondence with you) Advertising and sales data (e.g. products potentially of interest to you).

Legal basis for processing of personal data

In the following, we inform you about what we process your data for and on what legal basis.

a) For the performance of contractual obligations (Art. 6 (1) b) GDPR).

We process your data for the performance of our contracts with you, i.e. in particular for the execution of your orders. The purposes of the data processing depend in detail on the specific product and the contract documents.

b) In the context of legitimate interests (Art. 6 (1) f) GDPR).

We may also use your data on the basis of a balance of interests to protect the legitimate interests of us or of third parties. This is done for the following purposes:

- Support of our employees in customer advice and support and sales
- General business management and further development of services and products
- Advertising, market and opinion research
- Assertion of legal claims and defense in the event of legal disputes - prevention and investigation of criminal offences
- Ensuring IT security and IT operations Our interest in the respective processing results from the respective purposes and is otherwise of an economic nature (efficient task fulfillment, sales, avoidance of legal risks). To the extent permitted by the specific purpose, we process your data pseudonymously or anonymously.

c) Based on your consent (Art. 6 (1) a) GDPR).

Insofar as you have given us consent to process personal data, the respective consent is the legal basis for the processing referred to therein. This relates in particular to any consent you may have given when concluding a contract for the first time to the forwarding of your data to our employees for customer advice and support. In addition, you may have consented to being contacted by e-mail or telephone for advertising purposes.

d) Due to legal requirements (Art. 6(1) c) GDPR).

We are subject to various legal obligations, i.e. legal requirements (e.g. Commercial Code, tax laws). If we process your data on the basis of a legal obligation or legal requirement, Art. 6 (1) c) GDPR is the legal basis for the data processing.

Transfer of data

Your data will only be passed on if a legal basis permits this. Within our company, those departments will receive your data that need it to fulfill our contractual and legal obligations or to perform their respective tasks. In addition, the following bodies may receive your data:

- Order processors used by us (Art. 28 GDPR), in particular in the area of IT services and logistics, who process your data for us in accordance with instructions
- public bodies and institutions (e.g. tax authorities) if there is a legal or official obligation, as well as
- other bodies for which you have given us your consent to the transfer of data

Duration of storage

As far as necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations, which result, among other things, from the Handelsgesetzbuch (HGB) and the Abgabenordnung (AO). The retention and documentation periods specified there are two to ten years.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the Bürgerliches Gesetzbuch (BGB), are generally three years, but in certain cases can be up to thirty years.

Data transfers to a third country or to an international organization

We transfer your data to countries outside the European Economic Area – EEA (third countries) only if this is necessary for the execution of your orders or is required by law or if you have given us your consent.

9. Privacy Notice for Suppliers

Scope of personal data processing

We process data that we receive from the business relationship with you. We receive the data directly from you, e.g. in the context of concluding a contract or placing an order.

Specifically, we process the following data:

- Master data from the contract documents (e.g. name, address and contact details, bank details).
- Data in connection with the performance of the contract (e.g. subject matter of the contract, delivery address, method and manner of payment) Correspondence (e.g. correspondence with you) Advertising and sales data (e.g. products potentially of interest to you).
Legal basis for processing of personal data

In the following, we inform you about what we process your data for and on what legal basis.

a) For the performance of contractual obligations (Art. 6 (1) b) GDPR).

We process your data for the performance of our contracts with you, i.e. in particular for the execution of our orders. The purposes of the data processing depend in detail on the specific product and the contract documents.

b) In the context of legitimate interests (Art. 6 (1) f) GDPR).

We may also use your data on the basis of a balance of interests to protect the legitimate interests of us or third parties. This is done for the following purposes:

- Supporting our employees in customer advice and support and sales
- General business management and further development of services and products
- Advertising, market and opinion research
- Assertion of legal claims and defense in the event of legal disputes - prevention and investigation of criminal offences
- Ensuring IT security and IT operations Our interest in the respective processing results from the respective purposes and is otherwise of an economic nature (efficient task fulfillment, sales, avoidance of legal risks).
To the extent permitted by the specific purpose, we process your data pseudonymously or anonymously.

c) Based on your consent (Art. 6 (1) a) GDPR).

Insofar as you have given us consent to process personal data, the respective consent is the legal basis for the processing referred to therein. This relates in particular to any consent you may have given when concluding a contract for the first time to the forwarding of your data to our employees for customer advice and support. In addition, you may have consented to being contacted by e-mail or telephone for advertising purposes.

d) Due to legal requirements (Art. 6 (1) c) GDPR).

We are subject to various legal obligations, i.e. legal requirements (e.g. Commercial Code, tax laws). If we process your data on the basis of a legal obligation or legal requirement, Art. 6 (1) c) GDPR is the legal basis for the data processing.

Transfer of data

Your data will only be passed on if a legal basis permits this. Within our company, those departments will receive your data that need it to fulfill our contractual and legal obligations or to perform their respective tasks. In addition, the following bodies may receive your data:

- Order processors used by us (Art. 28 GDPR), in particular in the area of IT services and logistics, who process your data for us in accordance with instructions
- Public bodies and institutions (e.g. tax authorities) if there is a legal or official obligation, as well as
- Other bodies for which you have given us your consent to the transfer of data

Duration of storage

As far as necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are subject to various storage and documentation obligations, which result, among other things, from the Handelsgesetzbuch (HGB) and the Abgabenordnung (AO). The retention and documentation periods specified there are two to ten years.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the Bürgerliches Gesetzbuch (BGB), are generally three years, but in certain cases can be up to thirty years.

Data transfers to a third country or to an international organization

We transfer your data to countries outside the European Economic Area – EEA (third countries) only if this is necessary for the execution of your orders or is required by law or if you have given us your consent.

10. Your Data Protection Rights

As a data subject, you have the following rights in relation to your personal data:

Right of access (Art. 15 GDPR)

You can ask the responsible party if there is any personal data stored about you and being processed.

If this is the case, you have the right to access, which includes following information:

1. The purposes of the processing.
2. The categories of personal data concerned.
3. The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations.
4. Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
5. The existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing.
6. The right to lodge a complaint with a supervisory authority.
7. Where the personal data are not collected from the data subject, any available information as to their source.
8. The existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
9. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Art. 46 relating to the transfer.
10. The Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

Right to rectification (Art. 16 GDPR)

The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (Art. 17 GDPR)

1. The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:

- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing is based according to point (a) of Art. 6 (1), or point (a) of Art. 9 (2), and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Art. 21 (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2).
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1).

2. Where the Controller has made the personal data public and is obliged pursuant to point 1 to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform Controllers which are processing the personal data that the data subject has requested the erasure by such Controllers of any links to, or copy or replication of, those personal data.

3. Point 1 and 2 shall not apply to the extent that processing is necessary:

- For exercising the right of freedom of expression and information.
- For compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
- For reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 (2) as well as Art. 9 (3).
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) in so far as the right referred to in point 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing or,
- For the establishment, exercise or defence of legal claims.

Right to restriction of processing (Art. 18 GDPR)

1. The data subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:

- The accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- The Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
- The data subject has objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the Controller override those of the data subject.

2. Where processing has been restricted under 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the right of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

3. A data subject who has obtained restriction of processing pursuant to 1 shall be informed by the Controller before the restriction of processing is lifted.

Right to data portability (Art. 20 GDPR)

1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine- readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided, where:

- The processing is based on consent pursuant to point (a) of Art. 6 (1) or point (a) of Art. 9 (2) or on a contract pursuant to point (b) of Art. 6 (1) and
- the processing is carried out by automated means.

2. In exercising his or her right to data portability pursuant number 1, the data subject shall have the right to have the personal data transmitted directly from one Controller to another, where technically feasible.

3. The exercise of the right referred to in point 1 of this Article shall be without prejudice to Art. 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

Right to object (Art. 21 GDPR)

You have the right at any time to object to the processing of personal data concerning you personally under Art. 6 (1) (e) or (f) of the GDPR; for reasons rising from your particular circumstances this also applies to profiling based on these provisions.

The responsible party no longer processes the personal data concerning you personally, unless it can provide compelling legitimate grounds for the processing, which outweigh your interests, rights and freedoms, or else the processing serves to assert, exercise or defend legal claims.

In case that data concerning you personally are processed for direct marketing purposes, you have the right to object at any time to the processing of these data for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such forms direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility to exercise your right of objection- regarding the use of services of the information society- by means of automated procedures using technical specifications, irrespective od Directive 2002/58/EC.

Right to evoke the consent to the data privacy statement

You have the right to revoke your consent to data privacy statement at any time. The revocation of consent shall not affect the legality of the processing carried out based on the consent until its revocation. Please direct your revocation to:

Corden Pharma International GmbH
Otto-Hahn-Straße
68723 Plankstadt
[email protected]

Automated decision making on a case-by-case basis including profiling

You have the right not to be subject to a decision based solely on automated processing- including profiling- that has legal effect on you or that affects your significantly negatively in a similar manner. This does not apply if the decision

1. Is essential for the conclusion or performance of a contract between you and the responsible party,
2. Is permissible under the legislation of the Union or the Member States to which the responsible party is subject and if that legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or
3. Is taken with your express consent.

However, these decisions may not be based on the special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

Regarding cases referred to in (1) and (3), the responsible party shall take appropriate measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a representative on the part of the responsible party, the right of stating your own point of view and the right to object the decision.

Right of appeal to a supervisory authority

Irrespective of any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State of your residence, workplace or the location of the suspected infringement, if you believe that the processing your personal data is in violation of GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

Data security

We use during your website visit the most common SSL (Secure Socket Layer) method along with the highest level of encryption supported by your browser. Usually this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the type of lock/ key pictogram displayed in the lower status bar of your browser. We also use suitable technical and organizational security measures to protect your data from any accidental or intentional manipulation, its partial or complete loss, destruction or from the unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Up-to-dateness and potential amendments of this privacy statement: This privacy statement is currently valid as per March 2022. It may become necessary to change this privacy statement, due to the further development of our website or that of products and services offered via platform or due to legal and official requirements. You can access and print out the current privacy statement at any time on our website under the heading privacy.