WarenkorbDrucken
Falk Foundation | Dr. Falk
You are here:  Privacy policy

Information pursuant to Art. 13 and Art. 14 General Data Protection Regulation

Dr. Falk Pharma GmbH (hereinafter "we") is controller of the personal data of our customers, applicants for an open position in our company and other persons in contact with us (hereinafter "you").

In accordance with Art. 13 and Art. 14 of the Regulation (EU) 2016/679 (General Data Protection Regulation) ("GDPR"), we are obliged to inform you as follows when collecting your personal data:

This data protection information is intended for you because we process personal data about you, and the protection of your data and your information is very important to us.

Contact data of the controller

Dr. Falk Pharma GmbH
Leinenweberstr. 5
79108 Freiburg
Phone: +49 761 1514 0
E-Mail: zentrale[at]drfalkpharma.de

Contact data of the controller’s data protection officer

Dr. Falk Pharma GmbH
Der Datenschutzbeauftragte
Leinenweberstr. 5
79108 Freiburg
Phone: +49 761 1514-0
E-Mail: dataprotection[at]drfalkpharma.de

Further below, you will find specific information on the processing of your personal data in the following circumstances along with information on the processed data categories:

If you use the websites of Dr. Falk Pharma GmbH
If you are applying for a job
If you order literature from us
If you are a participant of a training course for medical doctors
If you receive post from us as part of our print mailing service
If you receive product samples from us
If you report side effects or other safety risks (Pharmacovigilance)
If you participate in the conduct of a study of Dr. Falk Pharma GmbH
If you are one of our business partners


First, we will give you general information on the data processing at Dr. Falk Pharma GmbH which apply to all cases of data processing by our company.


Information on Joint Controllership pursuant to Art. 26, para. 2, 2. sentence of the General Data Protection Regulation (GDPR)

What is the reason for the joint controllership?

Dr. Falk Pharma GmbH ("Dr. Falk Pharma") and Falk Foundation e.V. ("Falk Foundation") use jointly a contact database for their business activities. This may also affect the processing of your personal data. The parties have defined the steps of data processing in the individual process stages. Within the process stages described below, Dr. Falk Pharma and Falk Foundation are jointly responsible for the protection of your personal data (Art. 26 GDPR). more


GENERAL INFORMATION PURSUANT TO ART. 13 and Art. 14 GDPR

 

Transfer of data to entities outside the European Union

In certain cases, the processing of your data takes place in countries outside of the European Union ("EU") or we have to transfer the data to recipients outside of the EU (e.g., foreign authorities, affiliated companies and distribution partners to comply with local reporting obligations).

In some cases we also use service providers from countries outside the European Union or the European Economic Area ("third countries"). We select these service providers carefully and check them regularly. In such cases, data will only be transmitted if the other conditions for such transmission under the GDPR are fulfilled (e.g. signing of EU standard contractual clauses with the service provider(s) under Art. 46 (2) c) GDPR).

If you are travelling to a third country during one of our events and your contract also includes our travel booking, we will organise the trip for you. For example, we may transfer your personal data to a hotel in a third country for the purpose of organising your trip. In such cases, transmission shall take place in accordance with the conditions laid down in Art. 49 GDPR.

Duration of data storage

We store your personal data as long as this is necessary for the original purpose of the data processing (e.g., performance of a contract) and, in addition, as long as we are legally obliged to do so. For example, we are required by law to keep records under the Pharmaceutical Laws or for tax purposes (§ 147 Abgabenordnung) and for accounting purposes (§ 257 Handelsgesetzbuch). The retention periods are six to ten years. Insofar as we are legally obliged to store the data, it is stored in a limited form for your protection. If the data is no longer required for the fulfilment of contractual or legal obligations, the data will be deleted in accordance with our deletion concept.

Your rights

You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), right to be forgotten (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR).

In addition, you have the right to object under Art. 21 GDPR in the context of processing based on Art. 6 (1) f) GDPR.

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data is contrary to the GDPR. This right shall be without prejudice to any other administrative or judicial remedy.

Provision of personal data

In contractual relationships we collect your personal data only for the purposes described above, i.e. insofar as this is necessary, for example, for the proper execution of the contract. You are not obliged to provide personal data. However, if you do not provide any personal data, the contract cannot be fulfilled.

If you give us your consent, we use your personal data solely for the purpose covered by the consent; this purpose is described in detail in the consent text. Consent is voluntary, which means you can give it or not.

If the processing of your personal data is based on legal requirements, there is a provision obligation based on these legal requirements. In order to comply with these legal requirements, we need the necessary information from you, which may contain personal data. If you do not provide us with the necessary information, we will not be able to establish or continue the desired business relationship with you.

If we process your personal data on the basis of our legitimate interests, we may be obliged to make them available on the basis of general obligations of providing assistance. In any case, before processing your personal data, we consider whether the processing is necessary and whether your interests in non-processing predominate. In the case of processing based on Article 6 (1) f) GDPR, you have a right to object pursuant to Art. 21 GDPR.
 

Information on the right to object pursuant to Art. 21 GDPR

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you under Art. 6 (1) f) GDPR (data processing necessary for the purposes of legitimate interests). Further information on our data processing and on which legal regulation we base them in each case can be found in our specific data protection information further down in accordance with Art. 13, 14 GDPR. If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

The objection can be made free of charge and form and should be addressed to

Dr. Falk Pharma GmbH
Leinenweberstr. 5
79108 Freiburg, Germany
+49 761 1514 0
objection[at]drfalkpharma.de


SPECIFIC INFORMATION PURSUANT TO ART. 13 and Art. 14 GDPR


If you use the websites of Dr. Falk Pharma GmbH

Collection of personal data when you visit our website

When you use our website for informational purposes

If you do not register with us or otherwise provide us with information, we only process the personal data that your browser transmits to our server. This includes your IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page) and the access status/HTTP status code (“server log data“). This processing is technically necessary for us to display our website to you and to ensure the stability and security of the website.

The server log data will be deleted after one week.

The legal basis for such processing of the server log data is Art. 6 (1) f) GDPR. We have a legitimate interest in ensuring security and stability when you visit our website. In particular due to the short duration of storing your data, we take your interest into account that your data will not be processed if possible.

You also have the right to object to the processing of server log data pursuant to Art. 21 GDPR. In this case, we will delete this data as soon as you object, unless we can demonstrate that our legitimate interests outweigh your interest.

Registration on our website

Some services require you to register on our website. Personal data that we collect upon registration include, for example, your personal details, job title and your e-mail address. In addition, we require your uniform training number from the state medical associations ("EFN") for individual services. We process the personal data you provide us in the process only for the purpose of using the respective service for which you have registered. The provision of this data is voluntary. However, if you do not wish to provide this information, we will have to refuse the registration.

We store the data collected by us during registration until the purpose for data storage no longer applies. The data are deleted subsequently. However, legal retention periods remain unaffected.

The legal basis for such processing is Art. 6 (1) b) GDPR.


Cookies

When using our website, cookies are stored on your computer. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to the website that sets the cookie (here by us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

Types of cookies (background information)

As explained in the following paragraphs, we use the following types of cookies on our website:

Transient cookies are automatically deleted when you close your browser. This includes in particular the so-called session cookies. These store a session ID, with which different requests of your browser can be assigned to the same session. For example, this will allow your computer to be recognized when you switch to sub-websites or return to our website.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

First-party cookies are managed and placed by us, whereas third-party cookies are managed and placed by a third-party provider. Third-party cookies are typically placed for advertising purposes; the third-party provider collects user information with such cookies through advertisements placed on other websites. In this process, data records will be stored in the browser of the website visitor (“user”), through which she or he can be recognized.

You can set your browser in a way that you will be informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website may be limited.

Technically required cookies

The cookies listed below are technically necessary, in particular to enable your decisions (for example your language or the region in which you live, your consent and, if applicable, the text you entered in our contact form) to be stored for a limited period of time. This is solely for the purpose of improving the usability of our website.

PHPSESSID

This cookie will be set when the website is accessed. It assigns a session ID to the visit, allowing several related requests of a user to be recognized and assigned to the same session.

The PHPSESSID cookie is a first party/session cookie (see above) and will be deleted at the end of the visit of the website.

The legal basis for the use of the PHPSESSID cookie is Art. 6 (1) f) GDPR. We have a legitimate interest in assigning a session ID to your website visit for a limited period of time. Otherwise, you would have to select settings such as language etc. again each time you call up a sub-website, which would considerably affect the usability of our website. Due to the short duration of storage of your data, we take your interest into account that your data will not be processed if possible.

You also have the right to object to the processing of the PHPSESSID cookie pursuant to Art. 21 GDPR. In this case, we will delete this data as soon as you object, unless we can demonstrate that our legitimate interests outweigh your interest.

be_typo_user

This cookie will be set when a user logs in with a username and password for non-public areas of our website. It enables the authorisation of the user for these non-publicly accessible areas.

The be_typo_user cookie is a first-party/session cookie (see above) and will be deleted at the end of the visit of the website.

The legal basis for the use of the be_typo_user cookie is Art. 6 (1) f) GDPR. We have a legitimate interest in storing the information that you have authorised for the non-public area for a limited period of time. Otherwise, we would have to ask you to re-authorise each time you access a sub-website, which would significantly affect the usability of our website. Due to the short duration of storage of your data, we take your interest into account that your data will not be processed if possible.

You also have the right to object to the processing of the be_typo_user cookie pursuant to Art. 21 GDPR. In this case, we will delete this data as soon as you object, unless we can demonstrate that our legitimate interests outweigh your interest.

fe_typo_user

This cookie will be set when the website is accessed. It is also used to assign a session ID to the visit, allowing the user to be recognized when she or he accesses sub-websites. For example, it is not necessary for the user to log in again with a username and password when accessing a sub-website if she or he has already logged in.

The fe_typo_user cookie is a first party/session cookie (see above) and will be deleted at the end of the visit of the website.

The legal basis for the use of the fe_typo_user cookie is Art. 6 (1) f) GDPR. We have a legitimate interest in storing the information that you have authorised for the non-public area for a limited period of time. Otherwise, we would have to ask you to re-authorise each time you access a sub-website, which would significantly affect the usability of our website. Due to the short duration of storage of your data, we take your interest into account that your data will not be processed if possible.

You also have the right to object to the processing of the fe_typo_user cookie pursuant to Art. 21 GDPR. In this case, we will delete this data as soon as you object, unless we can demonstrate that our legitimate interests outweigh your interest.

Consent cookies

To save the cookie settings of the user, various so-called consent cookies will be set. They serve the purpose that the user does not have to declare her or his consent to the use of cookies every time she or he visits the website again or changes to its sub-websites. Consent cookies do not contain any data with which a user could be easily identified, nor are they requested by or passed on to third parties.

Consent cookies are first-party/persistent cookies (see above). They are saved for a period of 2 weeks and will be automatically deleted afterwards.

The legal basis for the use of consent cookies is Art. 6 (1) f) GDPR. We have a legitimate interest in storing the given consent to use cookies after your first visit of our website for a limited period of time. Otherwise, we would have to ask you to give your consent, for example to use tracking cookies, each time you access the website or a sub-website, which would significantly affect the usability of our website. Due to the short duration of storage of your data, we take your interest into account that your data will not be processed if possible.

You also have the right to object to the processing of consent cookies pursuant to Art. 21 GDPR. In this case, we will delete the consent cookies as soon as you object, unless we can demonstrate that our legitimate interests outweigh your interest.


Tracking cookies   |   Manage cookie settings

Matomo Webanalytics

If you have explicitly given us your consent, we use “Matomo” to track your website visit (“Matomo”), a web analytics service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand.

Matomo stores the following cookies on your terminal device, which enable an analysis of your use of our website. We use Matomo with the setting “Anonymous Visitors' IP addresses”, as a consequence, IP addresses are not processed completely but abbreviated by masking 2 bytes of it (e.g., 192.168.xxx.xxx), and it is no longer possible to assign the shortened IP address to the accessing computer. The IP address transmitted by your browser via Matomo is also not merged with other data collected by us. Through the cookies listed below, we are able to collect and process the following data for analysis purposes. The collected data will be stored exclusively on a server in Germany.

pk_id. [variable]

This cookie will be set when the website is accessed. It is used to assign a unique, non-personal ID (see above) to the browser for analysis data. This cookie can be used in the analysis tool to determine, for example, whether the page has already been accessed by this browser before.

The pk_id.[variable] cookie is a third-party/persistent cookie and will be deleted after 13 months.

pk_ref.[variable]

This cookie will be set when the website is accessed. It is used to assign a unique, non-personal ID to the browser for analysis data. This cookie can be used in the analysis tool, for example, to trace via which page a user has reached the website (referrer).

The pk_ref.[variable] cookie is a third-party/persistent cookie and will be deleted after 6 months.

pk_ses.[variable]

This cookie will be set when the website is accessed. It is used to assign a unique, non-personal ID to the browser for analysis data. This cookie can be used in the analysis tool, for example, to track which other sub-websites of a website are accessed.

The pk_ses.[variable] cookie is a third-party/persistent cookie and will be deleted after 30 minutes.

The legal basis for the use of Matomo is your explicit consent, which we obtain at the beginning of your website visit, Art. 6 (1) a) GDPR. This consent can be revoked at any time without affecting the legality of the processing that has been conducted on the basis of the consent until revocation. You may also revoke your consent without a specific form by clicking on the link above.

DocCheck

If you subscribed to the DocCheck service, you can also log in to our website with your DocCheck user data (hereinafter "single sign-on"). DocCheck is a service of DocCheck Medical Services GmbH, Vogelsanger Straße 66, 50823 Cologne ("DocCheck"). The verification of user name and password is done directly on DocCheck servers. We have no possibility to read your username or password. For the "Unique Key" service that we are using, only a random string of characters is passed, which serves to record repeat visits to our website. The character string does not allow any conclusions to be drawn about you as a user. No personal data will be passed on to us.

With regard to the personal data collected and processed exclusively by DocCheck, we refer to the data protection information of DocCheck at http://info.doccheck.com/de/privacy/. We recommend that you read DocCheck's privacy policy carefully and inform yourself before opting for the single sign-on procedure.

In addition, we transmit the following personal data to DocCheck when you are using single sign-on: protocol data of the user (IP address, access date, access time, referrer URL, information about used hardware and software such as browser features, device information such as resolution).

This data is not used to draw conclusions about you as a person, but serves to ensure the correct presentation of the page or iFrame contents and/or the security of the DocCheck services.

The legal basis for such processing is Art. 6 (1) a) GDPR.

Passing on your data

We partly work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to IT service providers.

In addition, your personal data is exchanged between us and the associated Dr. Falk Pharma GmbH.

back


If you are applying for a job

Purposes and legal basis of processing your personal data

To decide on the establishment of your employment at our company


We process the following personal data in order to be able to decide on your application with us, whereby we limit ourselves in any case to the extent necessary for us to make a decision. Under these conditions we process personal data such as:


The legal basis for this processing is § 26 (1) sentence 1 Bundesdatenschutzgesetz (“BDSG”).

Special categories of your personal data, such as religious affiliation and health data, will only be processed by us if this is necessary to exercise rights or to fulfil legal obligations under labour law, social security law and social protection law and there is no reason to assume that your legitimate interest in non-processing prevails. The legal basis for this is § 26 (3) BDSG in conjunction with Art. 9 (2) b) GDPR.

Data transfer within associated companies

Data is exchanged within our associated companies for internal organisational and administrative purposes. This data exchange is necessary for us, for example, if we use the same human resources department and also manage other administrative processes centrally.

The legal basis for such processing is Article 6 (1) f) GDPR.

Passing on your personal data

In particular, we work together with the following service providers who may be recipients of your personal data:


The service providers are carefully selected and regularly checked by us.

Some of your personal data will also be passed on to public authorities, for example the Federal Employment Agency.

In addition, your personal data is exchanged between us and the associated Falk Foundation e.V.

back


If you order literature from us

Categories of data

When you order literature from our web shop, we process data categories such as personal details (surname, first name, title), address, e-mail address.

Purposes and legal basis of processing your personal data

For the fulfilment of contractual obligations, Art. 6 (1) b) GDPR

We offer you the opportunity to obtain special literature on selected topics via our web shop. In this context, your personal data will only be processed in order to process your order, in particular in order to provide you with the desired literature.

On the basis of our legitimate interest, Art. 6 (1) f) GDPR

We have a legitimate interest in keeping our company competitive in the pharmaceutical market and in ensuring that the company operates efficiently and stabile. We process some of your personal data on the basis of the legitimate interests listed below:


Passing on your personal data

We partly work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to the following categories of recipients:


In addition, your personal data is exchanged between us and the associated Falk Foundation e.V.

back


If you are a participant of a training course for medical doctors

Categories of data

If you attend one of the events organised by Dr. Falk Pharma GmbH as a participant or as a speaker, moderator or a comparable active participant, we process data categories such as personal details (surname, first name), address, e-mail address, your uniform medical association training number, bank account details as well as your profession and field of activity.

Purposes and legal basis of processing your personal data

For the fulfilment of contractual obligations, Art. 6 (1) b) GDPR

We process your personal data for the execution of our contracts with you. If you are a participant of one of our events, we will only process your personal data if this is necessary for your participation, for example to assign it to a specific presentation or to print name tags.

If you participate in a training event as a speaker, moderator or a comparable active participant, we will process your personal data to the extent necessary for preparation, organisation and participation. This includes, for example, the processing of your personal data as part of the organisation of your arrival and departure and your accommodation. In addition, we process your personal data in particular for the creation of name tags, participant lists, certificates and for the assignment to a specific presentation or for other necessary preparations for your contribution as a speaker.

On the basis of our legitimate interest, Art. 6 (1) f) GDPR

We have a legitimate interest in keeping our company competitive in the pharmaceutical market and in ensuring that the company operates efficiently and stabile. A processing of personal data is partly based on the following legitimate interests:


Passing on your personal data

We work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to the following categories of recipients:


In some cases, your personal data is passed on to the state medical associations on the basis of medical law regulations.

In addition, your personal data is exchanged between us and the associated Falk Foundation e.V.

back


If you receive post from us as part of our print mailing service

Categories of data

As part of our print mailing service, we process data categories such as your personal details (surname, first name, title), address of your clinic or practice, customer number as well as information about your profession, specialist area and function.

Sources of collected data (Art. 14 GDPR)

We obtain your personal data listed under "Categories of data" from the following sources - unless a data source is expressly designated as "publicly accessible", it is not publicly accessible:


Purposes and legal basis of processing your personal data

On the basis of our legitimate interest, Art. 6 (1) f) GDPR

We have a legitimate interest in keeping our company competitive in the pharmaceutical market and in ensuring that the company operates efficiently and stabile. Hence, we inform you about current topics and services of our company by means of postal mailings. We base this on our legitimate interest in advertising our company offer. Our mailings include information on the topics:


Further legitimate interests arise for us:


Passing on your personal data

We work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to the following categories of recipients:


As already mentioned, under pharmaceutical law regulations, we are obliged to provide the competent supervisory authority (Regierungspräsidium Tübingen) with proof of the provision of product samples (including associated personal data) upon request.

In addition, your personal data is exchanged between us and the associated Falk Foundation e.V.

back


If you receive product samples from us

Categories of data

When you order a product sample from us, we process data categories such as personal details (surname, first name, title), field, function, address, telephone number, e-mail address and your customer number.

Purposes and legal basis of processing your personal data

For the fulfilment of contractual obligations, Art. 6 (1) b) GDPR

If you give us a written request for a medical sample, we will send you (maximum 2 times a year) a sample together with specialist information as medical information. In this context, your personal data will only be processed in order to process your order, in particular to be able to supply you with the desired samples.

On the basis of our legitimate interest, Art. 6 (1) f) GDPR

We have a legitimate interest in keeping our company competitive in the pharmaceutical market and in ensuring that the company operates efficiently and stabile. We process some of your personal data on the basis of the legitimate interests listed below:


Due to legal requirements, Art. 6 (1) c) GDPR

When sending product samples to doctors, we are obliged by pharmaceutical law to provide proof of the recipients of samples, as well as of the type, scope and time of the delivery of samples. We must submit this evidence to the competent authority upon request.

Passing on your personal data

We work together with certain service providers. These are carefully selected and regularly checked by us. Under these conditions we possibly pass on your personal data to the following categories of recipients:


As already mentioned, under pharmaceutical law, we are obliged to provide the competent supervisory authority (Regierungspräsidium Tübingen) with proof of the provision of product samples (including associated personal data) upon request.

In addition, your personal data is exchanged between us and the associated Falk Foundation e.V.

back


If you report side effects or other safety risks (Pharmacovigilance)

Purposes and legal basis of processing your data

The safety surveillance over medicines (pharmacovigilance) is of enormous importance for the public health. Reporting of side effects or other medicines risks (such as e.g. quality complaints) is important for assessing the safety of our medicines and for the public health in general. We evaluate the data for the purposes of pharmacovigilance and pass them on to the relevant authorities in accordance with statutory reporting obligations. We are obliged to report the information relevant for pharmacovigilance to authorities worldwide. This includes notifications in countries where the level of data protection is not equivalent to the EU. Some of the notifications in those countries are made by our subsidiaries or local distribution partners, who are involved in the data processing for this purpose.

The legal basis for this data processing is Art. 6 (1) c) GDPR in conjunction with the applicable laws on pharmacovigilance and medicines monitoring (e.g. § 63 c of the German Medicines Act (Arzneimittelgesetz); § 22 (1) c) German Data Protection Act (Bundesdatenschutzgesetz)).

Processing for the purpose of medicines monitoring (pharmacovigilance)

The patients themselves, a doctor or another third person (e.g. pharmacist or a member of the press) can report side effects or other medicines risks. We may receive the notification by telephone, mail, e-mail, oral communication or other means.

In the following, the processing of the received data and your rights concerning data protection is explained. For the purpose of pharmacovigilance, we are processing personal data such as:


Passing on your personal data

Your personal data will first be stored electronically in our safety database. When collecting and processing data, we cooperate with third-party providers (specialised service providers such as pharmacovigilance database operators). These service providers also have access to your personal data in order to support us in the data collection and evaluation and the fulfilment of the related reporting obligations.

We pass on the data to the following recipients (please note that patient data is never passed on with the patient's name):

As the reporting person, you are free to provide us with your contact details. In individual cases, we will disclose the name, profession (e.g. doctor), address, e-mail and telephone number of the reporting person to the extent that this data is available to us. This makes it possible for the authorities to contact the reporting person directly.

We have obligated our service providers and cooperation partners to use your personal data only for the provision of the contractual services and compliance with pharmacovigilance obligations and to treat them as confidential.

If the data is passed on to subsidiaries, partnering companies and service providers in non-EU countries, we will contractually work towards ensuring that the EU data protection level is maintained in these cases as well.

Duration of data storage

We will only store your personal data for as long as this is necessary to fulfil the purpose for which it was collected or to fulfil statutory or official requirements. As notifications of medicines risks are important for the public health, they are kept for at least 10 years after the medicines no longer have marketing authorisation in any country. However, the records must be retained longer, if required by law.

Your rights

Regarding your rights, we kindly refer to the corresponding explanations in the preceding general section "Your Rights". However, since pharmacovigilance data are processed on the basis of legal obligations, please note that applicable laws may prevent us from fulfilling requests to delete such data or from restricting their processing.


back

 


If you participate in the conduct of a study of Dr. Falk Pharma GmbH

Purposes and legal basis of the processing of your data

As a research-based company, Dr. Falk Pharma GmbH also conducts clinical trials and non-interventional studies (both referred to jointly as "studies"). As an essential feature of every study, personal data needs to be processed. This especially includes personal data of the patients and healthy subjects who participate in such studies. In addition, for the proper preparation and conduct of a study, we must also process data from a large number of other persons and sometimes report it to authorities and public bodies (such as ethics committees).

The patients and healthy subjects participating in the study receive data protection information and declarations of consent specially prepared for the study. Therefore, this very data protection information is not addressed to patients and healthy subjects but to the following groups of persons:

This data protection information is intended for you because we process personal data about you and the protection of your data and your information is very important to us.

Here we explain how we process your personal data (e.g. collect, use, store and transfer). We process all personal data about you in accordance with applicable laws.

The personal data we process may come either directly from you, from our contractual or business partners (i.e. the entity for which you work), from third parties (e.g. medical institutions) or from publicly available sources (e.g. PubMed, ClinicalTrials.gov, congress or university websites) who, with your consent, disclose or pass on such personal data to us. We collect various types of personal data about you, for example:

If you wish to provide us with personal data about other persons (e.g. your employees and colleagues), you must inform them accordingly. You are welcome to provide them with a copy of this privacy statement (either directly or through your employer).

Legal basis

We will only process your personal data if we have a legal basis for doing so. When carrying out a study with medicines, different legal bases come into consideration depending on the group of persons and the processing procedure. Due to the complexity of studies and the diversity of the required interactions and data processing activities, the processing of personal data of one group of persons may sometimes be based on several legal bases.

Against this background, we have outlined some of the legal basis that are applicable for the processing of your personal data here:

Please note that when processing your personal data on the latter basis ("legitimate interests"), we always try to maintain the balance between our legitimate interests and your privacy and only process the data that is absolutely necessary.

Purposes of the data processing

In the event of studies, data processing is carried out for various purposes. Examples of such purposes are:


Passing on your personal data

Your personal data will first be stored electronically. When collecting and processing data, we cooperate with third-party providers (specialised service providers such as database operators). These service providers also have access to your personal data in order to support us in data collection and evaluation and the related reporting obligations.

We pass on the data to the following recipients (please note that data is never passed on with the patient’s name):

We have obligated our service providers and cooperation partners to use your data only for the provision of the contractual services and performance of contractual or statutory obligations and to treat them as confidential. If the data is passed on to subsidiaries and partner companies as well as service providers in non-EU countries, we will contractually work towards ensuring that the EU data protection level is also observed in these cases.

Duration of data storage

We will only store your personal data for as long as this is necessary to fulfil the purpose for which it was collected or to fulfil legal or official requirements.

In the case of data processing based on contracts, the retention period corresponds to the term of your (or of the contract concluded by you) contract with us, plus the period until the legal claims arising from this contract finally expire, unless mandatory statutory or regulatory regulations (e.g., tax laws) require a longer retention period. After expiry of this period, your personal data will be removed from our active systems.

Your rights

Regarding your rights, we kindly refer to the corresponding remarks in the previous general section "Your Rights" at the top of this page. However, since the processing of data in clinical studies is sometimes subject to legal obligations, please note that the applicable laws may prevent us from fulfilling requests to delete such data or from restricting its processing.

back


If you are our business partner

Purposes of the processing of your data

In this section of the data protection information, we explain the data processing and procedures we use to process personal data of our customers, suppliers, service providers and other business partners and the personal data of their employees and representatives (collectively, the "Business Partners").

This data protection information is addressed to you

In addition, we refer to our other data protection information on this website in connection with the special services of our company and activities described there.

Personal data is processed for the following purposes:


Data categories


We collect and process the following categories of personal data about you that is collected from you or by authorized third parties (e.g. your supervisors, publicly available sources) in connection with our business relationship. This data may include:


Passing on your personal data

Each passing on of your data is subject to a special assessment. We may share your information with the following categories of recipients:

Your data will only be passed on to such persons and only to the extent necessary to fulfil the underlying purpose. With regard to other aspects of passing on your personal data, we also refer to the explanations in the above "General Information" in this data protection information.

Legal basis for data processing

The legal basis for the processing is Art. 6 (1) b) GDPR, if the processing of your personal data is necessary for the performance of a contract or for conducting pre-contractual measures.

As legal basis for the processing, we rely on Art. 6 (1) f) GDPR if the processing is based on legitimate interests (e.g. data processing with associated companies for administrative purposes, data submission to authorities during inspections and inquiries, data processing to ensure IT security or assertion of legal claims).

We may also use Art. 6 (1) c) GDPR as a legal basis if the data processing is necessary for the fulfilment of legal obligations (e.g. fulfilment of notification, disclosure and reporting obligations).

We refer to Art. 6 (1) a) GDPR as the legal basis if the data subject concerned has given us his/her consent to the intended processing of his/her personal data.

If we do not receive information about a person directly from that person, we assume that the Business Partner for whom that person is employed will provide such employee with the necessary data protection information in accordance with Art. 13 GDPR. This includes the specific processing of your personal data based on your capacity as an employee of the respective company or organisation.

Duration of data storage and your rights

With regard to the duration of the storage of your personal data and your rights, we refer to the above explanations in the general part of this data protection information.

back