Data protection declaration

Note: This is a translation of the German language data protection declaration. This translation is made for convenience purposes only. The sole legal binding document is the text in the German language.

1 Information about the collection of personal data

(1) In the following we inform about the collection of personal data when using our website. Personal data are all data that are personally identifiable to you, e.g. name, address, e-mail addresses, user behavior.

(2) The person responsible pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is

BRAIN Biotech AG
Darmstädter Straße 34 – 36
64673 Zwingenberg
Germany
(see our imprint).

You can reach our data protection officer at privacy@brain-biotech.com or at our postal address with the addition “data protection officer”.

(3) If you contact us via one of our functional e-mail addresses, the data you provide (your e-mail address, possibly your name and telephone number) will be stored by us in order to answer your questions.

If the data provided by you is private contact data, we will delete this data in connection with your request as soon as it is no longer required to be stored, if it does not conflict with corresponding legal storage regulations or if we lawfully process your data for other purposes on the basis of your request.

(4) Insofar as we wish to use contracted service providers for individual functions of our offer or to use your data for advertising purposes, you will find detailed information about the respective processes below. We also specify the criteria for the storage period.

2 Your rights

(1) You have the following rights towards us with regard to personal data concerning you:

  • right of information,
  • right of correction or deletion,
  • right of limitation of processing,
  • right of opposition to the processing,
  • right of data transferability.

(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

3 Collection of personal data when you visit our website

(1) In the case of purely informational use of our website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 para. 1 cl. 1 lit. f GDPR):

  • IP address
  • date and time of the request
  • time zone difference to Greenwich Mean Time (GMT)
  • content of website accessed
  • access status/HTTP status code
  • the amount of data transferred in each case
  • website from which you acess our website
  • browser
  • operating system and its interface
  • language and version of the browser software.

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to the place that sets the cookie (here by us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

(3) Use of cookies:

This website uses different types of cookies, which depend on the functions used on our website.

a) essential cookies

These cookies are necessary for the technically correct implementation of functions, since any other technical implementation without cookies (currently not possible. These cookies are stored on your terminal device only for the duration of your visit to our website.

b) functional cookies

Functional cookies are used to improve and increase the usability of our website, e.g. by saving your settings so that you do not have to re-enter them each time. These are, for example, language switches which retain the selected language and save it for the duration of your visit to our website. Functional cookies are stored on your terminal device for the duration of your visit to our website.

c) transient cookies

These cookies are only stored on your computer for the duration of the use of your Internet browser and are automatically deleted when you close the browser. These cookies include, for example, session cookies, which contain a session ID, which are necessary for the allocation of requests from your browser to the shared session and serve to recognize your computer when you return to our website. Session cookies are deleted when you log out, close the tab or browser.

d) persistent cookies

Persistent cookies are stored for a certain period of time on your end device. They are used, for example, to save certain settings that you have made for our website for a defined period of time (so-called consistent cookies) so that you do not have to make these settings each time you visit our website. The duration depends on the cookie itself. However, you can delete these cookies at any time via the security settings of your browser.

(4) Depending on the visited or used function of our website different cookies are used.

• essential cookies

Cookie name Provider Purpose
cookieconsent_status brain-biotech.com saves the settings made with regard to cookie use of our website (e.g. tracking)

• cookies for marketing, analytics & visitor statistics

Cookie name Provider Purpose
_pk_id# brain-biotech.com Saves anonymous statistics about the user's visits to the website such as the number of visits, average time spent on the website and which pages were read
_pk_ses# brain-biotech.com Used by the Piwik Analytics Platform to track visitor page views during the session
TS01050ea6 IRpages2.eqs.co Supports search funktion within investor relation news
IRpages2_Session IRpages2.eqs.com Stores session IDun till session ends
NID google.com Contains unique Google ID to store settings & other information


(5) You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.


4 Use of Matomo (formerly PIWIK)

(1) This website uses the open source web analytics service Matomo to analyze and regularly improve the use of our website. The processing of your collected personal data (see point 4 (4)) serves the sole purpose of analyzing the usage behavior of visitors to our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user.

(2) For this evaluation, cookies (compare point 3) are stored on your computer and thus enable us to analyze the use of our website. Matomo does not collect any data without your consent via our cookie content banner of our website or your subsequently given consent (in point 4 (5)). The legal basis for the processing of your personal data therefore results from Art. 6 para. 1 cl. 1 lit. a GDPR.

(3) We use Matomo with the setting "AnonymizeIP". Your IP address will be processed in a shortened form, so that a direct personal reference can be excluded. Furthermore, the IP address transmitted by your browser via Matomo is not linked to other data collected by us.

(4) If you agree to use the web analysis service, the following data will be collected when you call up individual pages of our website:

  • the first 6 bytes of your IP address (anonymized IP)
  • the call of our website
  • the website from which you have reached our website (referrer)
  • the subpages that are accessed from our website
  • the time spent on our website
  • the frequency of visiting our website

The data collected on the use of our website are transmitted to a server in France, from where we can retrieve the data. The data is stored on the server for 180 days and then automatically deleted. Statistics generated from this data and the data on which they are based are not deleted.

(5) You can change your settings for the use of the web analysis service Matomo in our privacy policy at any time. For this purpose you can set or remove the check mark for the use of Matomo in the following field.

If you subsequently allow or forbid the use of the content, a content cookie (see point 3 (3) d) and point 3 (4) of this data protection declaration) will be stored on your terminal device via your Internet browser in any case, which contains your last decision and thus enables or prevents the analysis.

Please note, however, that you will have to make the corresponding setting again if you delete the cookies stored on your terminal device or if the duration of storage of the content cookie has expired.

(6) The program Matomo (formerly Piwik) is an open source project. Information of the third party provider on data protection can be found at https://matomo.org/docs/privacy

5 Further functions and offers of our website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you must generally provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly.

(3) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.

(4) This privacy policy only applies to the website of BRAIN Biotech AG. However, our website also contains links to third-party websites and applications that may be of interest to you. We are not responsible for the collection, processing and use of your data within the framework of websites or applications that are not operated by us, nor for their content.

6 Publications Investor Relations (IR-newsletter) and press releases (EQS-Manager)

(1) With your consent, you can subscribe to our investor relations publications (IR newsletter) and/or the press releases of our company, whereby you will receive all relevant investor relations information and publications as well as press releases of BRAIN Biotech AG by e-mail.

(2) For both subscriptions we use the Double-Opt-In procedure. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the desired content (IR Newsletter or press releases). If you do not verify your registration within 24 hours, your information will be blocked and automatically deleted after one month. This procedure serves to prevent the misuse of foreign e-mail addresses for registration purposes.

In addition, we store your IP address and the time of registration as well as the confirmation of the IR newsletter or press releases. The purpose of this procedure is to provide evidence of your registration and, if necessary, to clarify any possible misuse of your personal data.

We may store deleted e-mail addresses for up to 3 years on the basis of our legitimate interest before they are deleted in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time. In case of obligations to permanently observe contradictions, we reserve the right to store the e-mail address in a blacklist for this purpose alone.

(3) Your e-mail address is the only mandatory information for sending the newsletter or press releases. After your confirmation we will save your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 cl. 1 lit. a GDPR. Your data will be stored by us in accordance with the request for the IR Newsletter.

(4) We use the EQS Manager program for both our IR newsletter and press releases. In addition, we also use this program to send investor relations announcements that we are obliged to send due to other laws, ordinances and regulations (e.g. ad hoc announcements). All data is stored exclusively on the servers of the responsible person located in Germany.

(5) You can revoke your consent to receive the IR newsletter and/or press releases at any time and unsubscribe from receiving the corresponding information. You can revoke your consent by clicking on the link provided in each of the corresponding e-mails sent or by sending an e-mail to privacy@brain-biotech.com. Your data will then be deleted within 1 week of unsubscribing the corresponding information channel.

(6) In both cases (IR newsletter ans press release e-mails), there is no tracking of user behaviour.

7 Company newsletter (MailChimp)

(1) You can also register on our website for our company newsletter (news blog) by giving us your consent to send the newsletter to you. In this way you will receive information, news and updates about the company by e-mail to the e-mail address you have provided.

(2) We also use the double opt-in procedure for our company newsletter, in which you will receive a confirmation e-mail from us to your specified e-mail address after your registration, in which you confirm your registration. If you do not confirm this within 24 hours, your information will be blocked and deleted after one month in order to prevent misuse of third-party e-mail addresses for registration purposes. In addition, your IP address, the time of registration and the confirmation from us will be stored by us as proof of registration and, if necessary, to clarify a possible misuse of your personal data.

Unsubscribed e-mail addresses can be stored by us for up to 3 years on the basis of our legitimate interest before they are deleted in order to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time. In case of obligations to permanently observe contradictions, we reserve the right to store the e-mail address in a blacklist for this purpose alone.

(3) Your e-mail address is the only compulsory information for sending the newsletter or publications. After your confirmation we will save your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 cl. 1 lit. a GDPR. Your data will be stored by us according to the requested information channel (news blog).

In the case of our company newsletter, this takes place in the MailChimp account of the person responsible. The data itself is physically stored on the servers of the provider of MailChimp (The Rocket Science Group, LLC.). Further information about the processing of your data by MailChimp can be found in the privacy policy of MailChimp (https://mailchimp.com/legal/privacy/ ).

(4) You can revoke your consent to receive the company newsletter (news blog) at any time and unsubscribe from receiving the corresponding information. You can revoke your consent by clicking on the link provided in each of the corresponding e-mails or by sending an e-mail to privacy@brain-biotech.com. Your data will then be deleted within 1 week of unsubscribing the corresponding information channel.

(5) In the case of our company newsletter, there is no tracking of user behavior.

8 Social plugins, links to social networks and content sharing options

(1) This website uses the timeline (plugin) of the Twitter service. This feature is provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

By accessing the part(s) of this website containing the timeline, the browser establishes a direct connection with the servers of Twitter. The content of the Twitter timeline is transmitted by Twitter directly to the user’s browser. Therefore we do not have an influence on the amount of data that Twitter collects with the help of this plugin and inform the users according to our knowledge. According to our knowledge only the IP address of the user and the URL of the respective website when visiting the timeline are transmitted. Further information can be found in the privacy policy of Twitter at http://twitter.com/privacy

(2) Plugins from YouTube are used on our website to improve the presentation of our Internet presence. This is a video portal whose operator is YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA 94066, USA - hereinafter only referred to as "YouTube".

YouTube itself is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA - hereinafter only referred to as "Google".

By certifying Google according to the EU-US Privacy Shield -https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active - Google and its subsidiary YouTube guarantee that the data protection regulations of the EU are also observed when processing data in the USA.

The integration of videos on our website takes place on the legal basis of Art. 6 para. 1 cl. 1 lit. f GDPR, the legitimate interest of which lies in the improvement of quality as well as the extended provision of information on our website as part of public relations work.

When integrating YouTube or videos from the platform, we use the "extended data protection mode" function in order to be able to display the videos. According to YouTube, this function means that data is only transferred to YouTube's servers after the displayed video has started. Without this function, a connection to the YouTube servers in the USA is established when you visit our website with an embedded YouTube video.

The connection to YouTube's servers is necessary in order to be able to display the respective video on our website via your Internet browser. YouTube will collect and process at least your IP address, date and time, and the web page you visited. In addition, a connection to Google's DoubleClick advertising network will be established.

If you are logged in to YouTube at the same time, YouTube assigns the connection information to your YouTube account. If you wish to prevent this, you must either log out before visiting our website or make the appropriate settings in your YouTube account.

YouTube permanently stores cookies on your terminal device via your Internet browser for the purpose of functionality and analysis of user behaviour. If you do not agree with the processing, you have the option of preventing the cookies from being saved by making a setting in your Internet browser. You will find more detailed information on this under point 3 above in this data protection declaration.

Further information on the collection and use of data as well as your rights and protection options in this regard is available from Google in the data protection information available at https://policies.google.com/privacy

9 Use of web fonts

Our website uses so-called web fonts to uniformly display fonts. These are loaded using JavaScript codes.
The use of these web fonts represents a legitimate interest of our company in the sense of a consistent and appealing presentation of our online offer according to art. 6 para. 1 f of the GDPR.
If your browser does not support web fonts or blocks JavaScript, a standard font is used by your computer.
The individual web font services used on our website are listed below.

(1) Adobe Typekit

Our website uses fonts from Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe), which are provided by the Adobe Typekit service on the website.
When you visit our website, your browser loads the required web fonts into your browser cache to display them in the correct way. This is done by connecting your browser to the Adobe servers in the USA.
Your IP address and your visit to our website will be transmitted to Adobe for this purpose. Adobe states that it does not use cookies when providing the fonts.

Adobe is certified under the EU-US Privacy Shield. This is an agreement between the European Union (EU) and the United States of America (USA) to ensure compliance with European data protection standards. For more information, see:
https://www.adobe.com/de/privacy/eudatatransfers.html

For more information about Adobe privacy and the use of Adobe Typekit, please see the following links:
https://www.adobe.com/de/privacy/policy.html
https://www.adobe.com/de/privacy/policies/typekit.html

(2) Fonts.com / Monotype

Our website uses fonts provided by Monotype Imaging Inc, 600 Unicorn Park Drive, Woburn, MA 01801, USA (Monotype) through the Fonts.com service on the website.
When you visit our website, your browser loads the required web fonts into your browser cache to display them correctly. This is done by connecting your browser to Monotype’s servers in the USA.
This tells Monotype that your IP address has been used to access our website (date and time of your visit). Monotype and Fonts.com do not use cookies when providing the fonts.

Additional data is also collected using Monotype’s Web Font Tracking Tool. These are in detail:

  • Web Font Project Number (anonymized)
  • URL of the licensed website (including customer ID)
  • referring URL

The transmission of this data serves the logging of the use and/or the call of the corresponding web page, the counting of the calls (counter) and the prevention of the abuse of the counter. These data are stored in the form of log files and deleted after 30 days, so that the corresponding data can no longer be processed.

For more information, please see Fonts.com’s privacy policy and Monotype’s privacy policy, which can be found at the following links:
https://www.fonts.com/info/legal
https://www.monotype.com/legal/privacy-policy/
https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy/

10. Integration of further external web services and processing of data outside the EU

On our website we use active content from external providers, so-called web services. By calling up our website, these external providers may receive personal information about your visit to our website. It is possible that data may be processed outside the EU. You can prevent this by installing an appropriate browser plugin or by deactivating the execution of scripts in your browser. This may result in functional restrictions on websites that you visit.

We use the following external web services:

  • Google

On our website a web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter Google) is loaded. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Google. The legal basis for data processing is Art. 6 para. 1 lit. f DSGVO. The legitimate interest consists in an error-free function of the website. Further information on the handling of the transferred data can be found in Google's privacy policy: https://policies.google.com/privacy

You can prevent the collection and processing of your data by Google by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

  • Gstatic

On our website a web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter Gstatic) is loaded. We use this data to ensure the full functionality of our website. In this context your browser may transmit personal data to Gstatic. Legal basis for the data processing is art. 6 para. 1 lit. f DSGVO. The legitimate interest consists in a faultless function of the website. Further information about the handling of the transferred data can be found in the privacy policy of Gstatic: https://policies.google.com/privacy

You can prevent the collection as well as the processing of your data by Gstatic by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

  • Gstatic Fonts

On our website a web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter Gstatic Fonts) is loaded. We use this data to ensure the full functionality of our website. In this context your browser may transmit personal data to Gstatic Fonts. Legal basis for the data processing is art. 6 para. 1 lit. f DSGVO. The legitimate interest consists in an error-free function of the website. Further information about the handling of the transferred data can be found in the privacy policy of Gstatic Fonts: https://policies.google.com/privacy

You can prevent the collection as well as the processing of your data by Gstatic Fonts by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

  • Google reCaptcha

On our website a web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter Google reCaptcha) is loaded. We use this data to ensure the full functionality of our website. In this context, your browser may transfer personal data to Google reCaptcha. The legal basis for data processing is Art. 6 para. 1 lit. f DSGVO. The legitimate interest consists in an error-free function of the website. Further information about the handling of the transferred data can be found in the privacy policy of Google reCaptcha: https://policies.google.com/privacy

You can prevent the collection and processing of your data by Google reCaptcha by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

  • Gstatic reCaptcha

On our website a web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter Gstatic reCaptcha) is loaded. We use this data to ensure the full functionality of our website. In this context your browser may transmit personal data to Gstatic reCaptcha. Legal basis for the data processing is art. 6 para. 1 lit. f DSGVO. The legitimate interest consists in an error free function of the website. Further information about the handling of the transferred data can be found in the privacy policy of Gstatic reCaptcha: https://policies.google.com/privacy

You can prevent the collection and processing of your data by Gstatic reCaptcha by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

11 Data protection information in the recruitment process

(1) We process the applicant data only for the purpose and within the framework of the application procedure in accordance with the legal requirements. The processing of the applicant data is carried out to fulfil our (pre)contractual obligations within the scope of the application procedure within the meaning of Art. 6 para. 1 cl. 1 lit. b GDPR as well as Art. 6 para. 1 cl. 1 lit. f. GDPR insofar as data processing becomes necessary for us, e.g. within the framework of legal proceedings (in Germany, § 26 BDSG additionally applies).

(2) The application procedure requires that applicants provide us with the applicant data. Necessary applicant data are personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with additional information.

(3) By submitting their application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this data protection declaration.

(4) Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPG are voluntarily disclosed within the scope of the application procedure, their processing shall also be carried out in accordance with Art. 9 para. 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants as part of the application procedure, their processing is additionally carried out in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data if these are necessary for the exercise of a profession).

(5) Applicants can send their applications by post or by e-mail to hr@brain-biotech.com. Please note, however, that e-mails are generally not sent in encrypted form and that applicants themselves must ensure that they are encrypted. Therefore, we cannot assume any responsibility for the transmission path of the application between the sender and the reception on our server. If the applicant has any doubts about the security of the transmission of the application documents by e-mail, we recommend sending the application documents by post.

(6) The data provided by the candidates can be further processed by us in the case of a successful employment relationship. Otherwise, if the application for a job offer is not successful, the candidates’ data will be deleted. Candidates’ data will also be deleted if an application is withdrawn, which the candidates are entitled to do at any time.

(7) Subject to justified revocation by the applicants, the data will be deleted after a period of six months for applications to specific job advertisements, beginning at the time of rejection, so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act.

Unsolicited applications will be kept for a period of 12 months from the date of receipt due to operational and organizational reasons and will be deleted at the end of this period.

In the case of applications for an apprenticeship place in the company, the applicant data will be deleted, subject to justified revocation by the applicants, after a period of six months in the case of applications, beginning at the time of rejection, so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act. This period can be extended to twelve months from the date of cancellation with the written permission of the applicant.

If you have been accepted for a position as part of the application procedure, the data from the applicant data system will be transferred to our personnel information system and deleted 10 years after termination of employment.

Invoices for any reimbursement of travel expenses will be archived in accordance with the provisions of tax law.

12 Information about contradiction or revocation against the processing of your data

(1) If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation influences the permissibility of processing your personal data after you have given it to us.

(2) If we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the following description of the functions. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done so far. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.

(3) Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising contradiction by e-mail (privacy@brain-biotech.com) or by post under the following contact data:


BRAIN Biotech AG
Data Protection Officer
Darmstädter Straße 34 – 36
64673 Zwingenberg.
Germany

Share this page