Data protection declaration
Note: This is a translation of the German language data protection declaration. This translation is made for convenience purposes only. The sole legal binding document is the text in the German language.
1. Information about the collection of personal data
(1) In the following we inform about the collection of personal data when using our website. Personal data are all data that are personally identifiable to you, e.g. name, address, e-mail addresses, user behavior.
(2) The person responsible pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is
BRAIN Biotech AG
Darmstädter Straße 34 – 36
(see our imprint).
You can reach our data protection officer at firstname.lastname@example.org or at our postal address with the addition “data protection officer”.
(3) If you contact us via one of our functional e-mail addresses, the data you provide (your e-mail address, possibly your name and telephone number) will be stored by us in order to answer your questions.
If the data provided by you is private contact data, we will delete this data in connection with your request as soon as it is no longer required to be stored, if it does not conflict with corresponding legal storage regulations or if we lawfully process your data for other purposes on the basis of your request.
(4) Insofar as we wish to use contracted service providers for individual functions of our offer or to use your data for advertising purposes, you will find detailed information about the respective processes below. We also specify the criteria for the storage period.
2. Your rights
(1) You have the following rights towards us with regard to personal data concerning you:
- right of information,
- right of correction or deletion,
- right of limitation of processing,
- right of opposition to the processing,
- right of data transferability.
(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
3. General information on the legal basis for data processing on this website
(1) If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a DSGVO or Art. 9 (2) lit. a DSGVO, if special categories of data are processed according to Art. 9 (1) DSGVO.
(2) In the event of express consent to the transfer of personal data to third countries, data processing will also be carried out on the basis of Art. 49 (1) a DSGVO.
(3) If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. The consent can be revoked at any time.
(4) If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b DSGVO.
(5) Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c DSGVO.
4. Collection of personal data when you visit our website
(1) In the case of purely informational use of our website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 para. 1 cl. 1 lit. f GDPR):
- IP address
- date and time of the request
- time zone difference to Greenwich Mean Time (GMT)
- content of website accessed
- access status/HTTP status code
- the amount of data transferred in each case
- website from which you acess our website
- operating system and its interface
- language and version of the browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to the place that sets the cookie (here by us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
This website uses different types of cookies, which depend on the functions used on our website.
a) essential cookies
These cookies are necessary for the technically correct implementation of functions, since any other technical implementation without cookies (currently not possible. These cookies are stored on your terminal device only for the duration of your visit to our website.
b) functional cookies
Functional cookies are used to improve and increase the usability of our website, e.g. by saving your settings so that you do not have to re-enter them each time. These are, for example, language switches which retain the selected language and save it for the duration of your visit to our website. Functional cookies are stored on your terminal device for the duration of your visit to our website.
c) transient cookies
These cookies are only stored on your computer for the duration of the use of your Internet browser and are automatically deleted when you close the browser. These cookies include, for example, session cookies, which contain a session ID, which are necessary for the allocation of requests from your browser to the shared session and serve to recognize your computer when you return to our website. Session cookies are deleted when you log out, close the tab or browser.
d) persistent cookies
Persistent cookies are stored for a certain period of time on your end device. They are used, for example, to save certain settings that you have made for our website for a defined period of time (so-called consistent cookies) so that you do not have to make these settings each time you visit our website. The duration depends on the cookie itself. However, you can delete these cookies at any time via the security settings of your browser.
(4) Depending on the visited or used function of our website different cookies are used.
• essential cookies
|saves the settings made with regard to cookie use of our website (e.g. tracking)
• cookies for marketing, analytics & visitor statistics
|Supports search funktion within investor relation news
|Stores session IDun till session ends
|Contains unique Google ID to store settings & other information
• cookies for investor relations
|Savest he activation of the stock chart by the website visito for later visits
(5) You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.
Host Europe may collect, process and store the data mentioned under point 4 (1) & (4) when you visit our website, whereby the data mentioned under point 4 (4) will only be processed if you allow us to do so or make it available to us. (according to Art. 6 para. 1 lit. a GDPR).
(7) In the case of our annual report, we use the services of the provider RYZE digital GmbH, Mombacher Str. 4, 55122 Mainz, which hosts the annual report on its servers via RYZE Digital VRM Corporate Solutions GmbH, Erich-Dombrowski-Straße 2, 55127 Mainz. We have concluded an order processing contract with RYZE digital GmbH for the processing of personal data in accordance with the EU GDPR.
When you visit our annual report website, log and tracking data is processed. These are
- Browser type and browser version
- Operating system used
- Website from which the visitor comes (referrer URL)
- Host name of the accessing computer
- Date and time of the server request
- IP address (anonymized)
All data collected when forwarding to the annual report via our website
is stored on RYZE digital servers located in Germany. Further
subsidiary RYZE digital VRM Corporate Solutions:
5. Further functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you must generally provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly.
(3) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
6. Publications Investor Relations (IR-newsletter) and press releases (EQS-Manager)
(1) With your consent, you can subscribe to our investor relations publications (IR newsletter) and/or the press releases of our company, whereby you will receive all relevant investor relations information and publications as well as press releases of BRAIN Biotech AG by e-mail.
(2) For both subscriptions we use the Double-Opt-In procedure. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the desired content (IR Newsletter or press releases). If you do not verify your registration within 24 hours, your information will be blocked and automatically deleted after one month. This procedure serves to prevent the misuse of foreign e-mail addresses for registration purposes.
In addition, we store your IP address and the time of registration as well as the confirmation of the IR newsletter or press releases. The purpose of this procedure is to provide evidence of your registration and, if necessary, to clarify any possible misuse of your personal data.
We may store deleted e-mail addresses for up to 3 years on the basis of our legitimate interest before they are deleted in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time. In case of obligations to permanently observe contradictions, we reserve the right to store the e-mail address in a blacklist for this purpose alone.
(3) Your e-mail address is the only mandatory information for sending the newsletter or press releases. After your confirmation we will save your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 cl. 1 lit. a GDPR. Your data will be stored by us in accordance with the request for the IR Newsletter.
(4) We use the EQS Manager program for both our IR newsletter and press releases. In addition, we also use this program to send investor relations announcements that we are obliged to send due to other laws, ordinances and regulations (e.g. ad hoc announcements). All data is stored exclusively on the servers of the responsible person located in Germany.
(5) You can revoke your consent to receive the IR newsletter and/or press releases at any time and unsubscribe from receiving the corresponding information. You can revoke your consent by clicking on the link provided in each of the corresponding e-mails sent or by sending an e-mail to email@example.com. Your data will then be deleted within 1 week of unsubscribing the corresponding information channel.
(6) In both cases (IR newsletter ans press release e-mails), there is no tracking of user behaviour.
7. Company newsletter (Brevo, former Sendinblue)
(1) You can also register on our website for our company newsletter (news blog) by giving us your consent to send the newsletter to you. As a result, you will receive information, news and news about the company by mail to the e-mail address you have provided.
(2) We also use the double opt-in procedure for our company newsletter, in which you receive a confirmation e-mail from us to your specified e-mail address after your registration, in which you confirm the registration. If you do not confirm this within 24 hours, your information will be blocked and deleted after one month to prevent misuse of third-party e-mail addresses for registration purposes. Furthermore, your used IP address, the time of registration as well as the confirmation on our part will be saved to prove the registration and if necessary to clarify a possible misuse of your personal data.
Unsubscribed e-mail addresses may be stored by us for up to 3 years on the basis of our legitimate interest before they are deleted in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a blacklist for this purpose alone.
(3) The only mandatory information for sending the newsletter or publications is your e-mail address. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO. Your data will be stored by us in accordance with the requested information channel (news blog).
(4) For our company newsletter, we use the provider Sendinblue, Köpenicker Str. 126, 10179 Berlin, Germany. In accordance with the requirements of the GDPR, we have concluded an order processing agreement (AVV) with this provider regarding the processing of your personal data. Your data will be stored in our Brevo / Sendinblue account on the servers of Sendinblue GmbH. Their server locations are in Germany and France, where your data is stored.
Further information regarding the processing of your personal data by Sendinblue can be found in the data protection regulations of Sendinblue:
(5) You can revoke your consent to receive the company newsletter (news blog) at any time and unsubscribe from receiving the corresponding information. You can declare the revocation by clicking on the link provided in each of the corresponding e-mails sent or by e-mail to firstname.lastname@example.org. Your data will then be deleted within 1 week after unsubscribing from the corresponding information channel.
(6) In the case of our company newsletter, no tracking of user behavior takes place.
8. Social plugins, links to social networks and content sharing options
(2) Plugins from YouTube are used on our website to improve the presentation of our website. This is a video portal operated by YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA 94066, USA - hereinafter referred to as "YouTube". YouTube itself is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA - hereinafter referred to as "Google". Through Google's certification under the EU-US Privacy Shield - https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active - Google, and thus also its subsidiary YouTube, guarantees that the data protection regulations of the EU are also complied with when processing data in the USA.
The integration of videos on our website takes place on the legal basis of Art. 6 para. 1 sentence 1 lit. f) GDPR, the legitimate interest here lies in the quality improvement and extended provision of information on our website as part of our public relations work.
When integrating YouTube or videos from the platform, we use the "extended data protection mode" function in order to be able to display the videos. According to YouTube, this function ensures that data is only transmitted to YouTube's servers after the video has been started. Without this function, a connection to the YouTube servers in the USA is already established when you visit our website with an embedded YouTube video.
The connection to the YouTube servers is necessary in order to be able to display the respective video on our website via your internet browser. In the course of this, YouTube will record and process at least your IP address, date and time as well as the website you visited. In addition, a connection to Google's "DoubleClick" advertising network is established.
If you are logged in to YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out before visiting our website or make the appropriate settings in your YouTube account.
Google provides further information on the collection and use of data as well as your rights and protection options in this regard in the data protection information available at https://policies.google.com/privacy.
(3) As part of the Threads information service, we use the technical platform and services of Meta Platforms Inc, 1 Meta Way, Menlo Park, CA 94025, USA.
The data collected about you when you use the service is processed by Meta Platforms, Inc. and may be transferred to countries outside the European Union. This includes your IP address, the application used, information about the device you are using (including device ID and application ID), information about websites accessed, your location and your mobile phone provider.
(4) By integrating the icons of social networks such as X, Threads, Xing and LinkedIn, we only refer to these networks with an external link. In some cases, the link refers to a share functionality of the respective network. This means that you can share our website with other users directly via the social network page associated with the sharing button.
As the provider of the above mentioned services, we do not collect or process any other data from your use of these services
9. Use of web fonts
The use of these web fonts represents a legitimate interest of our company in the sense of a consistent and appealing presentation of our online offer according to art. 6 para. 1 f of the GDPR.
The individual web font services used on our website are listed below.
(1) Adobe Typekit
Our website uses fonts from Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe), which are provided by the Adobe Typekit service on the website.
When you visit our website, your browser loads the required web fonts into your browser cache to display them in the correct way. This is done by connecting your browser to the Adobe servers in the USA.
Adobe is certified under the EU-US Privacy Shield. This is an agreement between the European Union (EU) and the United States of America (USA) to ensure compliance with European data protection standards. For more information, see:
For more information about Adobe privacy and the use of Adobe Typekit, please see the following links:
(2) Fonts.com / Monotype
Our website uses fonts provided by Monotype Imaging Inc, 600 Unicorn Park Drive, Woburn, MA 01801, USA (Monotype) through the Fonts.com service on the website.
When you visit our website, your browser loads the required web fonts into your browser cache to display them correctly. This is done by connecting your browser to Monotype’s servers in the USA.
Additional data is also collected using Monotype’s Web Font Tracking Tool. These are in detail:
- Web Font Project Number (anonymized)
- URL of the licensed website (including customer ID)
- referring URL
The transmission of this data serves the logging of the use and/or the call of the corresponding web page, the counting of the calls (counter) and the prevention of the abuse of the counter. These data are stored in the form of log files and deleted after 30 days, so that the corresponding data can no longer be processed.
10. Integration of further external web services and processing of data outside the EU
On our website we use active content from external providers, so-called web services. By calling up our website, these external providers may receive personal information about your visit to our website. It is possible that data may be processed outside the EU. You can prevent this by installing an appropriate browser plugin or by deactivating the execution of scripts in your browser. This may result in functional restrictions on websites that you visit.
We use the following external web services:
You can prevent the collection and processing of your data by Google by deactivating the execution of script code in your browser or by installing a script blocker in your browser.
You can prevent the collection as well as the processing of your data by Gstatic by deactivating the execution of script code in your browser or by installing a script blocker in your browser.
- Gstatic Fonts
You can prevent the collection as well as the processing of your data by Gstatic Fonts by deactivating the execution of script code in your browser or by installing a script blocker in your browser.
- Google reCaptcha
You can prevent the collection and processing of your data by Google reCaptcha by deactivating the execution of script code in your browser or by installing a script blocker in your browser.
- Gstatic reCaptcha
You can prevent the collection and processing of your data by Gstatic reCaptcha by deactivating the execution of script code in your browser or by installing a script blocker in your browser.
11. Data protection information in the recruitment process
12. Information about contradiction or revocation against the processing of your data
(1) If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation influences the permissibility of processing your personal data after you have given it to us.
(2) If we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the following description of the functions. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done so far. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.
(3) Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising contradiction by e-mail (email@example.com) or by post under the following contact data:
BRAIN Biotech AG
Data Protection Officer
Darmstädter Straße 34-36
13. concluding provisions
(1) We reserve the right to adapt this data protection statement at any time with effect fort he future so that it always complies with the current legal requirements or in the ordert o reflect changes or similar