Data protection statement
Note: This is a translation of the German language data protection declaration. This translation is made for convenience purposes only. The sole legal binding document is the text in the German language.
1) Information about the collection of personal data
(1) In the following we inform about the collection of personal data when using our website. Personal data are all data that are personally identifiable to you, e.g. name, address, e-mail addresses, user behavior.
(2) The person responsible pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is
B.R.A.I.N. Biotechnology Research and Information Network AG
Darmstädter Straße 34-36
(see our Impressum – Legal Notice).
You can reach our data protection officer at firstname.lastname@example.org or at our postal address with the addition “data protection officer”.
(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable your name and your telephone number) will be stored by us in order to answer your questions. We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.
(4) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.
2) Your rights
(1) You have the following rights towards us with regard to personal data concerning you:
- right of information,
- right of correction or deletion,
- right of limitation of processing,
- right of opposition to the processing,
- right of data transferability.
(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
3) Collection of personal data when you visit our website
(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):
- IP address
- date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- the amount of data transferred in each case
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to the place that sets the cookie (here by us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
a) This website uses the following types of cookies, the scope and functioning of which are explained below:
• Transient cookies (see b)
• Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
d) You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third party cookies or all cookies. Please note that you may not be able to use all functions of this website.
4) Further functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you must generally provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly.
(3) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
5) Use of Matomo (formerly PIWIK)
(1) This website uses the web analysis service Matomo to analyse and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. The legal basis for the processing of personal data is Art. 6 para. 1 sentence 1 lit. f GDPR.
(2) Cookies (more details in section 3) are stored on your computer for this evaluation. The information collected in this way is stored exclusively on a server in France. You can set the evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we point out that you may not be able to use this website in its entirety. The prevention of the storage of cookies is possible through the setting in your browser. To prevent Matomo from being used, uncheck the following box to activate the opt-out option:
(3) This website uses Matomo with the setting “AnonymizeIP”. This shortens the processing of IP addresses and prevents direct personal contact. The IP address transmitted by your browser using Matomo will not be merged with other data collected by us.
(4) The Piwik program is an open source project.
(5) For third-party privacy information, visit https://matomo.org/
6) Newsletter/ Information request / Use of Cleverreach & Mailchimp
(1) With your consent, you can subscribe to our two newsletters, with which we keep you up to date with news and information about us (company activities, events, company news and success stories) and our investor relations news (IR newsletter).
(2) We use the double opt-in procedure to subscribe to our newsletter. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your e-mail address. After your confirmation we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
(4) You can revoke your consent to the sending of the newsletter at any time and cancel the newsletter. You can cancel your subscription by clicking on the link provided in every newsletter e-mail or by sending an e-mail to email@example.com.
(5) We point out to you that we only evaluate the user behaviour when sending an IR-newsletter. In case of our company newsletter, there is no tracking of user behaviour.
For this analysis, the e-mails sent contain so-called web beacons or tracking pixels, which represent single-pixel image files stored on our website. The data is collected exclusively pseudonymised. During the evaluation we record whether such a newsletter has been viewed and which links have been clicked on, whereby there is no link to your data.
The information is stored for as long as you have subscribed to the IR-newsletter. Tracking of the newsletters viewed and the links clicked on is also not possible if you have deactivated the display of images in your e-mail program by default. In this case the newsletter will not be displayed completely and you may not be able to use all functions. If you display the images manually, the above tracking takes place.
7) Social plugins, links to social networks and content sharing options
(1) This website uses the timeline (plugin) of the Twitter service. This feature is provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.
By accessing the part(s) of this website containing the timeline, the browser establishes a direct connection with the servers of Twitter. The content of the Twitter timeline is transmitted by Twitter directly to the user’s browser. Therefore we do not have an influence on the amount of data that Twitter collects with the help of this plugin and inform the users according to our knowledge. According to our knowledge only the IP address of the user and the URL of the respective website when visiting the timeline are transmitted.
(2) Plugins from YouTube are used on our website to improve the presentation of our Internet presence. This is a video portal whose operator is YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA 94066, USA - hereinafter only referred to as "YouTube".
YouTube itself is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA - hereinafter only referred to as "Google".
By certifying Google according to the EU-US Privacy Shield – https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active – Google and its subsidiary YouTube guarantee that the data protection regulations of the EU are also observed when processing data in the USA.
The integration of videos on our website takes place on the legal basis of Art. 6 Para. 1 lit. f) DSGVO, the legitimate interest of which lies in the improvement of quality as well as the extended provision of information on our website as part of public relations work.
When integrating YouTube or videos from the platform, we use the "extended data protection mode" function in order to be able to display the videos. According to YouTube, this function means that data is only transferred to YouTube's servers after the displayed video has started. Without this function, a connection to the YouTube servers in the USA is established when you visit our website with an embedded YouTube video.
The connection to YouTube's servers is necessary in order to be able to display the respective video on our website via your Internet browser. YouTube will collect and process at least your IP address, date and time, and the web page you visited. In addition, a connection to Google's DoubleClick advertising network will be established.
If you are logged in to YouTube at the same time, YouTube assigns the connection information to your YouTube account. If you wish to prevent this, you must either log out before visiting our website or make the appropriate settings in your YouTube account.
YouTube permanently stores cookies on your terminal device via your Internet browser for the purpose of functionality and analysis of user behaviour. If you do not agree with the processing, you have the option of preventing the cookies from being saved by making a setting in your Internet browser. You will find more detailed information on this under point 3 paragraph (3) lit. d) above in this data protection declaration.
Further information on the collection and use of data as well as your rights and protection options in this regard is available from Google in the data protection information available at https://policies.google.com/privacy.
8) Use of web fonts
The use of these web fonts represents a legitimate interest of our company in the sense of a consistent and appealing presentation of our online offer according to art. 6 para. 1 f of the GDPR.
The individual web font services used on our website are listed below.
(1) Adobe Typekit
Our website uses fonts from Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe), which are provided by the Adobe Typekit service on the website.
When you visit our website, your browser loads the required web fonts into your browser cache to display them in the correct way. This is done by connecting your browser to the Adobe servers in the USA.
Adobe is certified under the EU-US Privacy Shield. This is an agreement between the European Union (EU) and the United States of America (USA) to ensure compliance with European data protection standards. For more information, see:
For more information about Adobe privacy and the use of Adobe Typekit, please see the following links:
Our website uses fonts provided by Monotype Imaging Inc, 600 Unicorn Park Drive, Woburn, MA 01801, USA (Monotype) through the Fonts.com service on the website.
When you visit our website, your browser loads the required web fonts into your browser cache to display them correctly. This is done by connecting your browser to Monotype’s servers in the USA.
Additional data is also collected using Monotype’s Web Font Tracking Tool. These are in detail:
- Web Font Project Number (anonymized)
- URL of the licensed website (including customer ID)
- referring URL
The transmission of this data serves the logging of the use and/or the call of the corresponding web page, the counting of the calls (counter) and the prevention of the abuse of the counter. These data are stored in the form of log files and deleted after 30 days, so that the corresponding data can no longer be processed.
9) Data protection information in the recruitment process
(1) We process the applicant data only for the purpose and within the framework of the application procedure in accordance with the legal requirements. The processing of the applicant data is carried out to fulfil our (pre)contractual obligations within the scope of the application procedure within the meaning of Art. 6 para. 1 letter b. DSGVO Art. 6 para. 1 lit. f. DSGVO insofar as data processing becomes necessary for us, e.g. within the framework of legal proceedings (in Germany, § 26 BDSG additionally applies).
(2) The application procedure requires that applicants provide us with the applicant data. Necessary applicant data are personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with additional information.
(3) By submitting their application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this data protection declaration.
(4) Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 DSGVO are voluntarily disclosed within the scope of the application procedure, their processing shall also be carried out in accordance with Art. 9 Para. 2 lit. b DSGVO (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 para. 1 DSGVO are requested from applicants as part of the application procedure, their processing is additionally carried out in accordance with Art. 9 para. 2 lit. a DSGVO (e.g. health data if these are necessary for the exercise of a profession).
(5) Applicants can send their applications by post or by e-mail to firstname.lastname@example.org. Please note, however, that e-mails are generally not sent in encrypted form and that applicants themselves must ensure that they are encrypted. Therefore, we cannot assume any responsibility for the transmission path of the application between the sender and the reception on our server. If the applicant has any doubts about the security of the transmission of the application documents by e-mail, we recommend sending the application documents by post.
(6) The data provided by the candidates can be further processed by us in the case of a successful employment relationship. Otherwise, if the application for a job offer is not successful, the candidates’ data will be deleted. Candidates’ data will also be deleted if an application is withdrawn, which the candidates are entitled to do at any time.
(7) Subject to justified revocation by the applicants, the data will be deleted after a period of six months for applications to specific job advertisements, beginning at the time of rejection, so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act.
Unsolicited applications will be kept for a period of 12 months from the date of receipt due to operational and organizational reasons and will be deleted at the end of this period.
In the case of applications for an apprenticeship place in the company, the applicant data will be deleted, subject to justified revocation by the applicants, after a period of six months in the case of applications, beginning at the time of rejection, so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act. This period can be extended to twelve months from the date of cancellation with the written permission of the applicant.
If you have been accepted for a position as part of the application procedure, the data from the applicant data system will be transferred to our personnel information system and deleted 10 years after termination of employment.
Invoices for any reimbursement of travel expenses will be archived in accordance with the provisions of tax law.
10) Objection or revocation against the processing of your data
(1) If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation influences the permissibility of processing your personal data after you have given it to us.
(2) If we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the following description of the functions. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done so far. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.
(3) Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising contradiction under the following contact data: email@example.com or under
B.R.A.I.N. Biotechnology Research and Information Network AG
Data Protection Officer
Darmstädter Straße 34-36