Data protection declaration
Note: This is a translation of the German language data protection declaration. This translation is made for convenience purposes only. The sole legal binding document is the text in the German language.
1. Information about the collection of personal data
(1) In the following we inform about the collection of personal data when using our website. Personal data are all data that are personally identifiable to you, e.g. name, address, e-mail addresses, user behavior.
(2) The person responsible pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is
BRAIN Biotech AG
Darmstädter Straße 34 – 36
64673 Zwingenberg
Germany
(see our imprint).
You can reach our data protection officer at privacy@brain-biotech.com or at our postal address with the addition “data protection officer”.
(3) If you contact us via one of our functional e-mail addresses, the data you provide (your e-mail address, possibly your name and telephone number) will be stored by us in order to answer your questions.
If the data provided by you is private contact data, we will delete this data in connection with your request as soon as it is no longer required to be stored, if it does not conflict with corresponding legal storage regulations or if we lawfully process your data for other purposes on the basis of your request.
(4) Insofar as we wish to use contracted service providers for individual functions of our offer or to use your data for advertising purposes, you will find detailed information about the respective processes below. We also specify the criteria for the storage period.
2. Your rights
(1) You have the following rights towards us with regard to personal data concerning you:
- right of information,
- right of correction or deletion,
- right of limitation of processing,
- right of opposition to the processing,
- right of data transferability.
(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
3. General information on the legal basis for data processing on this website
(1) If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a DSGVO or Art. 9 (2) lit. a DSGVO, if special categories of data are processed according to Art. 9 (1) DSGVO.
(2) In the event of express consent to the transfer of personal data to third countries, data processing will also be carried out on the basis of Art. 49 (1) a DSGVO.
(3) If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. The consent can be revoked at any time.
(4) If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b DSGVO.
(5) Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c DSGVO.
(6) The data processing may also be based on our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO. Information about the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.
4. Collection of personal data when you visit our website
(1) In the case of purely informational use of our website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 para. 1 cl. 1 lit. f GDPR):
- IP address
- date and time of the request
- time zone difference to Greenwich Mean Time (GMT)
- content of website accessed
- access status/HTTP status code
- the amount of data transferred in each case
- website from which you acess our website
- browser
- operating system and its interface
- language and version of the browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to the place that sets the cookie (here by us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
(3) Use of cookies:
This website uses different types of cookies, which depend on the functions used on our website.
a) essential cookies
These cookies are necessary for the technically correct implementation of functions, since any other technical implementation without cookies (currently not possible. These cookies are stored on your terminal device only for the duration of your visit to our website.
b) functional cookies
Functional cookies are used to improve and increase the usability of our website, e.g. by saving your settings so that you do not have to re-enter them each time. These are, for example, language switches which retain the selected language and save it for the duration of your visit to our website. Functional cookies are stored on your terminal device for the duration of your visit to our website.
c) transient cookies
These cookies are only stored on your computer for the duration of the use of your Internet browser and are automatically deleted when you close the browser. These cookies include, for example, session cookies, which contain a session ID, which are necessary for the allocation of requests from your browser to the shared session and serve to recognize your computer when you return to our website. Session cookies are deleted when you log out, close the tab or browser.
d) persistent cookies
Persistent cookies are stored for a certain period of time on your end device. They are used, for example, to save certain settings that you have made for our website for a defined period of time (so-called consistent cookies) so that you do not have to make these settings each time you visit our website. The duration depends on the cookie itself. However, you can delete these cookies at any time via the security settings of your browser.
(4) Depending on the visited or used function of our website different cookies are used.
• essential cookies
| Cookie name | Provider | Purpose |
|---|---|---|
| cookieconsent_status | brain-biotech.com | saves the settings made with regard to cookie use of our website (e.g. tracking) |
• cookies for marketing, analytics & visitor statistics
| Cookie name | Provider | Purpose |
|---|---|---|
| TS01050ea6 | IRpages2.eqs.co | Supports search funktion within investor relation news |
| IRpages2_Session | IRpages2.eqs.com | Stores session IDun till session ends |
| NID | google.com | Contains unique Google ID to store settings & other information |
• cookies for investor relations
| Cookie-Name | Provider | Zweck |
|---|---|---|
| iframesswitch | bfrank.avira.com | Savest he activation of the stock chart by the website visito for later visits |
(5) You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.
(6) Our website is hosted by the website provider Host Europe GmbH, c/o WeWork, Friesenplatz 4, 50672 Cologne, Germany. All data collected during your visit to our website is processed and stored exclusively on servers within the European Union (Germany, France). We have concluded an order processing agreement with Host Europe in accordance with the GDPR regarding the processing of your personal data, which ensures that your data is processed by Host Europe exclusively in accordance with our instructions and the GDPR. The privacy policy of Host Europe can be viewed here:
https://www.hosteurope.de/
According to Host Europe, the transfer of data to the USA and other third countries takes place on the basis of the standard contractual clauses of the EU Commission or comparable guarantees according to Art. 46 GDPR. Details can be found in the above-mentioned privacy policy of Host Europe as well as in the documents on data protection that can be viewed on the website of Host Europe.
Host Europe may collect, process and store the data mentioned under point 4 (1) & (4) when you visit our website, whereby the data mentioned under point 4 (4) will only be processed if you allow us to do so or make it available to us. (according to Art. 6 para. 1 lit. a GDPR).
(7) In the case of our annual report, we use the services of the provider RYZE digital GmbH, Mombacher Str. 4, 55122 Mainz, which hosts the annual report on its servers via RYZE Digital VRM Corporate Solutions GmbH, Erich-Dombrowski-Straße 2, 55127 Mainz. We have concluded an order processing contract with RYZE digital GmbH for the processing of personal data in accordance with the EU GDPR.
When you visit our annual report website, log and tracking data is processed. These are
- Browser type and browser version
- Operating system used
- Website from which the visitor comes (referrer URL)
- Host name of the accessing computer
- Date and time of the server request
- IP address (anonymized)
All data collected when forwarding to the annual report via our website
is stored on RYZE digital servers located in Germany. Further
information can be found in the privacy policy of RYZE digital and its
subsidiary RYZE digital VRM Corporate Solutions:
https://www.ryze-digital.de/de/datenschutzhinweise/ ;
https://vrm-digital-communications.de/datenschutz/ .
5. Further functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you must generally provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly.
(3) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
(4) This privacy policy only applies to the website of BRAIN Biotech AG. However, our website also contains links to third-party websites and applications that may be of interest to you. We are not responsible for the collection, processing and use of your data within the framework of websites or applications that are not operated by us, nor for their content.
6. Publications Investor Relations (IR-newsletter) and press releases (EQS-Manager)
(1) With your consent, you can subscribe to our investor relations publications (IR newsletter) and/or the press releases of our company, whereby you will receive all relevant investor relations information and publications as well as press releases of BRAIN Biotech AG by e-mail.
(2) For both subscriptions we use the Double-Opt-In procedure. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the desired content (IR Newsletter or press releases). If you do not verify your registration within 24 hours, your information will be blocked and automatically deleted after one month. This procedure serves to prevent the misuse of foreign e-mail addresses for registration purposes.
In addition, we store your IP address and the time of registration as well as the confirmation of the IR newsletter or press releases. The purpose of this procedure is to provide evidence of your registration and, if necessary, to clarify any possible misuse of your personal data.
We may store deleted e-mail addresses for up to 3 years on the basis of our legitimate interest before they are deleted in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time. In case of obligations to permanently observe contradictions, we reserve the right to store the e-mail address in a blacklist for this purpose alone.
(3) Your e-mail address is the only mandatory information for sending the newsletter or press releases. After your confirmation we will save your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 cl. 1 lit. a GDPR. Your data will be stored by us in accordance with the request for the IR Newsletter.
(4) We use the EQS Manager program for both our IR newsletter and press releases. In addition, we also use this program to send investor relations announcements that we are obliged to send due to other laws, ordinances and regulations (e.g. ad hoc announcements). All data is stored exclusively on the servers of the responsible person located in Germany.
(5) You can revoke your consent to receive the IR newsletter and/or press releases at any time and unsubscribe from receiving the corresponding information. You can revoke your consent by clicking on the link provided in each of the corresponding e-mails sent or by sending an e-mail to privacy@brain-biotech.com. Your data will then be deleted within 1 week of unsubscribing the corresponding information channel.
(6) In both cases (IR newsletter ans press release e-mails), there is no tracking of user behaviour.
7. Company newsletter (Brevo, former Sendinblue)
(1) You can also register on our website for our company newsletter (news blog) by giving us your consent to send the newsletter to you. As a result, you will receive information, news and news about the company by mail to the e-mail address you have provided.
(2) We also use the double opt-in procedure for our company newsletter, in which you receive a confirmation e-mail from us to your specified e-mail address after your registration, in which you confirm the registration. If you do not confirm this within 24 hours, your information will be blocked and deleted after one month to prevent misuse of third-party e-mail addresses for registration purposes. Furthermore, your used IP address, the time of registration as well as the confirmation on our part will be saved to prove the registration and if necessary to clarify a possible misuse of your personal data.
Unsubscribed e-mail addresses may be stored by us for up to 3 years on the basis of our legitimate interest before they are deleted in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a blacklist for this purpose alone.
(3) The only mandatory information for sending the newsletter or publications is your e-mail address. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO. Your data will be stored by us in accordance with the requested information channel (news blog).
(4) For our company newsletter, we use the provider Sendinblue, Köpenicker Str. 126, 10179 Berlin, Germany. In accordance with the requirements of the GDPR, we have concluded an order processing agreement (AVV) with this provider regarding the processing of your personal data. Your data will be stored in our Brevo / Sendinblue account on the servers of Sendinblue GmbH. Their server locations are in Germany and France, where your data is stored.
Further information regarding the processing of your personal data by Sendinblue can be found in the data protection regulations of Sendinblue:
https://www.brevo.com/security/
https://www.brevo.com/en/legal/privacypolicy/
(5) You can revoke your consent to receive the company newsletter (news blog) at any time and unsubscribe from receiving the corresponding information. You can declare the revocation by clicking on the link provided in each of the corresponding e-mails sent or by e-mail to privacy@brain-biotech.com. Your data will then be deleted within 1 week after unsubscribing from the corresponding information channel.
(6) In the case of our company newsletter, no tracking of user behavior takes place.
8. Social plugins, links to social networks and content sharing options
(1) This website uses a link to the X service. This function is offered by X Corp, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA795. When a user uses this link, the browser establishes a direct connection with the X servers. The content of the link (which is linked to the BRAIN Biotech AG account) is transmitted by X directly to the user's browser. We therefore have no influence on the scope of the data that X collects with the help of this plugin and inform users according to our level of knowledge. To the best of our knowledge, only the user's IP address and the URL of the respective website are transmitted when the link is accessed. Further information on this can be found in X's privacy policy at https://twitter.com/en/privacy.
(2) Plugins from YouTube are used on our website to improve the presentation of our website. This is a video portal operated by YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA 94066, USA - hereinafter referred to as "YouTube". YouTube itself is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA - hereinafter referred to as "Google". Through Google's certification under the EU-US Privacy Shield - https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active - Google, and thus also its subsidiary YouTube, guarantees that the data protection regulations of the EU are also complied with when processing data in the USA.
The integration of videos on our website takes place on the legal basis of Art. 6 para. 1 sentence 1 lit. f) GDPR, the legitimate interest here lies in the quality improvement and extended provision of information on our website as part of our public relations work.
When integrating YouTube or videos from the platform, we use the "extended data protection mode" function in order to be able to display the videos. According to YouTube, this function ensures that data is only transmitted to YouTube's servers after the video has been started. Without this function, a connection to the YouTube servers in the USA is already established when you visit our website with an embedded YouTube video.
The connection to the YouTube servers is necessary in order to be able to display the respective video on our website via your internet browser. In the course of this, YouTube will record and process at least your IP address, date and time as well as the website you visited. In addition, a connection to Google's "DoubleClick" advertising network is established.
If you are logged in to YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out before visiting our website or make the appropriate settings in your YouTube account.
For the purpose of functionality and analysis of user behavior, YouTube permanently stores cookies on your end device via your Internet browser. If you do not agree to this processing, you have the option of preventing the storage of cookies by changing the settings in your internet browser. You can find more information on this under point 4 above in this privacy policy.
Google provides further information on the collection and use of data as well as your rights and protection options in this regard in the data protection information available at https://policies.google.com/privacy.
(3) As part of the Threads information service, we use the technical platform and services of Meta Platforms Inc, 1 Meta Way, Menlo Park, CA 94025, USA.
The data collected about you when you use the service is processed by Meta Platforms, Inc. and may be transferred to countries outside the European Union. This includes your IP address, the application used, information about the device you are using (including device ID and application ID), information about websites accessed, your location and your mobile phone provider.
This data is assigned to the data of your Threads account or your Threads profile. We have no influence on the type and scope of the data processed by Threads, the type of processing and use or the disclosure of this data to third parties. Information about which data is processed by Threads and for what purposes it is used can be found in Threads' supplementary privacy policy (https://help.instagram.com/769983657850450/?helpref=uf_share) and the privacy policy of Meta Platforms Inc. (https://privacycenter.instagram.com/policy) as well as the possibility to view your own data at Meta Platform Inc. (https://privacycenter.instagram.com/guide/collection/). You also have the option of requesting information via the Meta Platforms Inc. data protection form or the archive requests: https://www.facebook.com/help/contact/1650115808681298
(4) By integrating the icons of social networks such as X, Threads, Xing and LinkedIn, we only refer to these networks with an external link. In some cases, the link refers to a share functionality of the respective network. This means that you can share our website with other users directly via the social network page associated with the sharing button.
As the provider of the above mentioned services, we do not collect or process any other data from your use of these services
9. Use of web fonts
Our website uses so-called web fonts to uniformly display fonts. These are loaded using JavaScript codes.
The use of these web fonts represents a legitimate interest of our company in the sense of a consistent and appealing presentation of our online offer according to art. 6 para. 1 f of the GDPR.
If your browser does not support web fonts or blocks JavaScript, a standard font is used by your computer.
The individual web font services used on our website are listed below.
(1) Adobe Typekit
Our website uses fonts from Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe), which are provided by the Adobe Typekit service on the website.
When you visit our website, your browser loads the required web fonts into your browser cache to display them in the correct way. This is done by connecting your browser to the Adobe servers in the USA.
Your IP address and your visit to our website will be transmitted to Adobe for this purpose. Adobe states that it does not use cookies when providing the fonts.
Adobe is certified under the EU-US Privacy Shield. This is an agreement between the European Union (EU) and the United States of America (USA) to ensure compliance with European data protection standards. For more information, see:
https://www.adobe.com/de/privacy/eudatatransfers.html
For more information about Adobe privacy and the use of Adobe Typekit, please see the following links:
https://www.adobe.com/de/privacy/policy.html
https://www.adobe.com/de/privacy/policies/typekit.html
(2) Fonts.com / Monotype
Our website uses fonts provided by Monotype Imaging Inc, 600 Unicorn Park Drive, Woburn, MA 01801, USA (Monotype) through the Fonts.com service on the website.
When you visit our website, your browser loads the required web fonts into your browser cache to display them correctly. This is done by connecting your browser to Monotype’s servers in the USA.
This tells Monotype that your IP address has been used to access our website (date and time of your visit). Monotype and Fonts.com do not use cookies when providing the fonts.
Additional data is also collected using Monotype’s Web Font Tracking Tool. These are in detail:
- Web Font Project Number (anonymized)
- URL of the licensed website (including customer ID)
- referring URL
The transmission of this data serves the logging of the use and/or the call of the corresponding web page, the counting of the calls (counter) and the prevention of the abuse of the counter. These data are stored in the form of log files and deleted after 30 days, so that the corresponding data can no longer be processed.
For more information, please see Fonts.com’s privacy policy and Monotype’s privacy policy, which can be found at the following links:
https://www.fonts.com/info/legal
https://www.monotype.com/legal/privacy-policy/
https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy/
10. Integration of further external web services and processing of data outside the EU
On our website we use active content from external providers, so-called web services. By calling up our website, these external providers may receive personal information about your visit to our website. It is possible that data may be processed outside the EU. You can prevent this by installing an appropriate browser plugin or by deactivating the execution of scripts in your browser. This may result in functional restrictions on websites that you visit.
We use the following external web services:
On our website a web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter Google) is loaded. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Google. The legal basis for data processing is Art. 6 para. 1 lit. f DSGVO. The legitimate interest consists in an error-free function of the website. Further information on the handling of the transferred data can be found in Google's privacy policy: https://policies.google.com/privacy
You can prevent the collection and processing of your data by Google by deactivating the execution of script code in your browser or by installing a script blocker in your browser.
- Gstatic
On our website a web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter Gstatic) is loaded. We use this data to ensure the full functionality of our website. In this context your browser may transmit personal data to Gstatic. Legal basis for the data processing is art. 6 para. 1 lit. f DSGVO. The legitimate interest consists in a faultless function of the website. Further information about the handling of the transferred data can be found in the privacy policy of Gstatic: https://policies.google.com/privacy
You can prevent the collection as well as the processing of your data by Gstatic by deactivating the execution of script code in your browser or by installing a script blocker in your browser.
- Gstatic Fonts
On our website a web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter Gstatic Fonts) is loaded. We use this data to ensure the full functionality of our website. In this context your browser may transmit personal data to Gstatic Fonts. Legal basis for the data processing is art. 6 para. 1 lit. f DSGVO. The legitimate interest consists in an error-free function of the website. Further information about the handling of the transferred data can be found in the privacy policy of Gstatic Fonts: https://policies.google.com/privacy
You can prevent the collection as well as the processing of your data by Gstatic Fonts by deactivating the execution of script code in your browser or by installing a script blocker in your browser.
- Google reCaptcha
On our website a web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter Google reCaptcha) is loaded. We use this data to ensure the full functionality of our website. In this context, your browser may transfer personal data to Google reCaptcha. The legal basis for data processing is Art. 6 para. 1 lit. f DSGVO. The legitimate interest consists in an error-free function of the website. Further information about the handling of the transferred data can be found in the privacy policy of Google reCaptcha: https://policies.google.com/privacy
You can prevent the collection and processing of your data by Google reCaptcha by deactivating the execution of script code in your browser or by installing a script blocker in your browser.
- Gstatic reCaptcha
On our website a web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter Gstatic reCaptcha) is loaded. We use this data to ensure the full functionality of our website. In this context your browser may transmit personal data to Gstatic reCaptcha. Legal basis for the data processing is art. 6 para. 1 lit. f DSGVO. The legitimate interest consists in an error free function of the website. Further information about the handling of the transferred data can be found in the privacy policy of Gstatic reCaptcha: https://policies.google.com/privacy
You can prevent the collection and processing of your data by Gstatic reCaptcha by deactivating the execution of script code in your browser or by installing a script blocker in your browser.
11. Data protection information in the recruitment process
(1) Applicants are subject to our separate privacy policy fort he recruitment process, which you can view under https://www.brain-biotech.com/data-protection-statement-in-the-recruitment-process.
12. Information about contradiction or revocation against the processing of your data
(1) If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation influences the permissibility of processing your personal data after you have given it to us.
(2) If we base the processing of your personal data on the weighing of interests, you may object to the processing. This is the case if processing is not necessary in particular to fulfil a contract with you, which is described by us in the following description of the functions. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done so far. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue processing.
(3) Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising contradiction by e-mail (privacy@brain-biotech.com) or by post under the following contact data:
BRAIN Biotech AG
Data Protection Officer
Darmstädter Straße 34-36
64673 Zwingenberg.
Germany
13. concluding provisions
(1) We reserve the right to adapt this data protection statement at any time with effect fort he future so that it always complies with the current legal requirements or in the ordert o reflect changes or similar