General information on data protection
1. Data protection information
1.1. Thank you for your interest in our company. Data protection is of a particularly high priority for the management of the ACS PharmaProtect GmbH. The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the EU General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to ACS PharmaProtect GmbH. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.
1.2. As the data controller, ACS PharmaProtect GmbH has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
2. Name and address of the data controller
The data controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the:
ACS PharmaProtect GmbH
Taubenstr. 20
10117 Berlin
Germany
Phone: +49 (0)30 4000 484 00
E-mail: info@pharmaprotect.de
Website: www.pharmaprotect.de
3. Name and address of the data protection officer
The data protection officer of the data controller is
peritux compliance GmbH
Data Protection Officer
Oststr. 11-13
50996 Cologne
Germany
Phone: +49 (0) 221 29236305
E-mail: datenschutz@peritux.com
Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
4. Origin of the personal data
We process personal data that we receive as part of our business relationship. We also process personal data that we have legitimately received from other third parties (e.g. credit agencies). We also process personal data that we have legitimately obtained from publicly accessible sources (e.g. commercial and association registers, press, media).
5. Protection of minors
Our services are generally aimed at adults. Persons under the age of 16 may not transmit any personal data to us without the consent of their parents or legal guardians.
6. Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorisations, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
7. External service providers (data processors)
7.1. Your data will be passed on to service partners, e.g. IT and software service providers for maintenance, hosting and support, in order to support us in providing our services.
7.2. Your personal data is processed by contracted service providers as part of order processing in accordance with Art. 28 GDPR.
8. Rights of the data subject
8.1. With regard to the personal data we have collected about you, you have the right to information at any time as to whether and what data we have stored about you, what the purpose of this storage is, where this data comes from, and whether and to whom this data is forwarded. You also have the right to data portability.
8.2. We endeavour to ensure that the personal data we store is factually correct and, if necessary, up to date. However, if we have stored incorrect personal data about you, you can request that we correct this data.
8.3. In exceptional cases, your data may be blocked instead of corrected or deleted if neither the accuracy nor the inaccuracy of the data can be determined, or if, for example, statutory retention periods prevent deletion.
8.4. If the storage of your data is unauthorised or if your data is no longer required for the fulfilment of a specific task, we will delete your data.
8.5. In individual cases, you can also object to the processing of your data if the processing is lawful. This is possible if, due to a particular personal situation, you have an interest in the data not being processed and this interest is to be categorised higher than our interest in the data processing.
8.6. If you have a corresponding request, please contact us using the contact details above. Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. All you need to do is send us an informal email (datenschutz@pharmaprotect.de). The legality of the data processing carried out until the revocation remains unaffected by the revocation.
8.7. In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.
9. Duration for which the personal data is stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. Once this period has expired, the corresponding data is routinely deleted, provided it is no longer required for the fulfilment or initiation of a contract.
10. Automated decision-making, implementation of profiling
In principle, we do not use exclusively automated decision-making within the meaning of Art. 22 GDPR to establish and conduct a business relationship.
11. Changes to the privacy policy
This privacy policy will be continuously adapted in the course of the further development of the internet or our offer. We will announce any changes on this website in good time. This website should be visited regularly to keep up to date with the current status of our data usage provisions.
Data protection on our website
12. Collection of general data and information
12.1. The website of ACS PharmaProtect GmbH collects a series of general data and information when a data subject or automated system calls up the website. This general data and information is stored in the server log files.
Server log files that your browser automatically transmits to us are
- IP address of the accessing device
- Date and time of access
- Name and URL of the retrieved file
- Referrer URL (the previously visited page)
- Browser and operating system used
- Host name of the accessing device
- Internet service provider of the accessing device
12.2. When using this general data and information, ACS PharmaProtect GmbH does not draw any conclusions about the data subject. Rather, this information is required in order to
(1) deliver the content of our website correctly,
(2) provide the content of our website,
(3) ensure the long-term functionality of our information technology systems and the technology of our website, and
(4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.
The server log file data is stored separately from other personal data provided.
12.3. The legal basis for the processing of this data is our legitimate interests, Art. 6 para. 1 lit. f. GDPR. Our legitimate interests are to ensure the technical presentation, stability and security of the website.
12.4. The above-mentioned data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after 14 days at the latest. Storage beyond this period is possible if there are indications of an illegal attack on our systems.
13. Hosting
13.1. The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offering.
13.2. We, or our hosting service provider, www.hosteruope.de, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on our behalf on the basis of our legitimate interests in the efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f GDPR. The data processing of our hosting service provider takes place within the framework of an order processing contract in accordance with Art. 28 GDPR.
14. Cookies
The Internet pages of the ACS PharmaProtect GmbH use cookies. Cookies are text files that are placed and stored on a computer system via an internet browser without causing any damage. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
14.1. The purpose of using technically necessary cookies is to ensure the stability and security of this website and to provide users with more user-friendly services that would not be possible without the use of cookies. This requires the browser to be recognised even after a page change. Analysis cookies are used for the purpose of improving the quality of the website and its content.
14.2. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified via the unique cookie ID. In particular, ACS uses session cookies with ID (PHPSESSID) on its website, which are technically necessary for the stability and security of the website.
14.3. Cookies can be used to optimise the information and offers on our website for the benefit of the user. As already mentioned, cookies enable us to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website because this is taken over by the website and the cookie stored on the user’s computer system.
14.4. The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programmes. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable. For more information on how to manage or delete cookies, please visit http://www.allaboutcookies.org/. You also have the option of revoking/personalising your cookie consent here. The legal basis for the processing of personal data using technically necessary cookies is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in making our website user-friendly and ensuring the stability and security of the website. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has given consent to this. Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in the context of this privacy policy and, if necessary, request your consent.
15. Contact via the website and by e-mail
15.1. The website of the ACS PharmaProtect GmbH contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purposes of processing or contacting the data subject.
15.2. The processing of this data, which is transmitted in the course of sending an enquiry, is carried out on the legal basis of Art. 6 para. 1 lit. f. GDPR. GDPR of our legitimate interests to answer your enquiry satisfactorily. If the enquiry is aimed at the fulfilment of an existing contract or the conclusion of a new contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b. for the initiation/fulfilment of a contract. The processing of this personal data serves us solely to process the contact. Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data sent by email, this is the case when the respective enquiry has been answered and the conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified and no contract has been concluded. Enquiries about the contractual relationship are stored for the duration of the existing contractual relationship/membership.
15.3. All personal data stored in the course of contacting us will be deleted in this case, provided that there are no legal retention periods to the contrary.
16. Data security on our website
To ensure the security of our website, we use a state-of-the-art SSL certificate that is currently valid. A website encrypted with SSL transmits personal data to the server in encrypted form so that it is impossible for third parties to intercept or read it. A certificate verifies our identity. Depending on your browser, you can recognise that a secure connection exists by the green address bar and/or the lock. By clicking on the lock or the green address bar, you can read our online proof of identity. By encrypting the transmission, you can be sure that the data you enter can only be read by us. You can recognise from the address bar that you are connected to our server and that it is not a third-party site.
17. Integration of Google Maps
17.1. On this website, ACS uses Google Maps to display interactive maps and to provide directions. For the European area, the company Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland is responsible for all Google services. By using Google Maps, information about the use of this website, including your IP address and the address entered as part of the route planner function, may be transmitted to Google.
17.2. When you visit a website of our Internet presence that contains Google Maps, Google receives the information that you have accessed the corresponding subpage of the ACS website. In addition, your browser establishes a direct connection with Google’s servers and transmits at least the following data: Date and time of the visit to the website in question, Internet address or URL of the website accessed, IP address, addresses provided as part of route planning. We have no influence on the further processing and use of the data by Google. The data is transmitted regardless of whether Google provides a user account via which you are logged in or whether no user account exists.
17.3. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button and delete existing cookies on your device.
17.4. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the customised design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
17.5. Further information on the purpose and scope of data collection and its processing by Google can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
17.6. The use of Google Maps is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device within the meaning of the TTDSG. Consent can be revoked at any time.
18. Integration of YouTube videos
18.1. ACS has integrated YouTube videos on its website to enhance the online offering, which are stored on www.YouTube.com and can be played directly from the ACS website. The YouTube channel is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA; Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland is responsible for all data processing in Europe.
18.2. The videos are all integrated in the so-called “extended data protection mode”, so that no data about you as a visitor to the ACS website is transmitted to YouTube if you do not play the videos.
18.3. However, if you play the video(s), cookies are set, a connection to the YouTube servers is established and the following data is transmitted. ACS has no influence on this data transfer. By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of the ACS website. In addition, YouTube may store various cookies on your end device or use comparable technologies to recognise you. At a minimum, data on device information, IP address, date and time of the request, referrer URL and videos viewed are transmitted. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent attempts at fraud. This takes place regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists.
18.4. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button and delete existing cookies on your device .
18.5. YouTube stores your data as user profiles and uses them for the purposes of advertising, market research and/or customising its website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
18.6. Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
18.7. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device within the meaning of the TTDSG. Consent can be revoked at any time.
19. Integration of Vimeo videos
19.1. We use the provider Vimeo, operated by Vimeo, Inc, 555 West 18th Street, New York, New York 10011 (“Vimeo”) for the integration of videos in our member area on our website.
19.2. When you access videos via Vimeo on our website, a connection is established to the Vimeo servers in the USA. As a result, certain information is transmitted to Vimeo, regardless of whether you have a Vimeo account or not. This can be, for example
- Your IP address
- Your browser information, e.g. language settings
- Your operating system
- Device information
- Cookie information about already set Vimeo cookies
- Information about the website from which you are accessing Vimeo.
If you are logged in to Vimeo as a registered member, further data may also be collected, as cookies may already have been set in your browser. In this case, your actions on our website will be directly linked to your Vimeo account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
19.3. In order to increase the protection of your data when you visit our website, the videos are integrated into our site in such a way that they can only be activated with your consent. This integration ensures that no connection is established with the social network’s servers when you access a page on our website that contains such videos. Only when you activate the videos will your browser establish a direct connection to the social network’s servers.
19.4. Insofar as Vimeo offers the use of certain additional functions, such as rating or sharing videos, these functions are offered exclusively by Vimeo and the respective third-party providers. You should check their privacy policies carefully before using the respective functions. We have no knowledge of the content of the data collected by Vimeo or third-party providers and have no influence on their use.
19.5. Vimeo processes personal data in the USA and relies, among other things, on the so-called standard contractual clauses of the European Commission, further information on this can be found at https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights in section “14.2 GDPR (EEA Users)”.
Vimeo may share your data with third parties. These are, for example, affiliated companies, business partners and advertising partners.
Further information on data processing and notes on data protection by Vimeo can be found at https://vimeo.com/privacy and the cookie policy at https://vimeo.com/cookie_policy.
19.6. We use Vimeo to be able to show you corresponding videos directly via our website. The legal basis for this is Art. 6 para. 1 lit. a GDPR, insofar as you have given us your consent. You can revoke this consent at any time with effect for the future. In this case, you will no longer be able to use the Vimeo service.
20. Livestream and commentary function (e.g. from events)
We use the technical platform Contentflow SaaS, operated by Contentflow Live GmbH i.G., Neuer Wall 1, 20354 Hamburg, for the transmission of live streams.
Log data of visitors to the streaming service is transmitted to the service provider. This data is used to statistically evaluate access and to provide and optimise the transmission of the stream. If you watch a live stream transmitted by us, the following data categories (so-called “log files”) will be processed by you: IP address of the requesting computer, name and URL of the retrieved file or website, website from which the access is made (referrer URL), browser used and, if applicable, the operating system of your computer. Without processing this data, the streamed content could not be displayed on your end device (PC, tablet, etc.). The data processing therefore takes place in order to provide you with the service you have requested. The data is stored by Contentflow Live GmbH i.G. for a period of 7 days. The purpose of this storage is to improve the security of the website and to identify so-called “brute force attacks” (= attempts to crack a password or user name).
With regard to the streamed videos, Contentflow Live GmbH i.G. determines the IP address of the viewers and also, where possible, the geolocalisation of the users. These access statistics are made available to ACS in anonymised form.
Events that we broadcast live will be labelled as such by us in advance. If you are a participant in a live event streamed by us, you will, therefore, be informed in advance about the broadcast and subsequent provision in the ACS members’ area. Speakers and presenters are primarily recorded. However, video and/or audio recordings of other participants may also be transmitted to the audience, especially if they make a contribution.
As a viewer of the live stream, you also have the opportunity to submit questions and comments on the event live during a stream broadcast via a chat or comment function. These questions are also transmitted to us via the streaming service provider. The use of this function is voluntary and is also possible under a pseudonym, but additional metadata is transmitted (e.g. the IP address of the accessing computer). Data processing in connection with live streaming and the chat/comment function takes place exclusively within the European Economic Area (EEA).
The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest arises from the need to make the entire event, including the questions asked and other contributions made, accessible to external viewers and to ensure efficient and secure communication. The legal basis for the image and sound recordings is Art. 6 para. 1 lit. a GDPR.
Further information on data processing by Contentflow Live GmbH i.G. can be found at https://contentflow.de/datenschutzerklaerung/
Data protection as our business partner
21. Contractual services with business partners
21.1. We process the data of our contractual partners and interested parties as well as clients, suppliers, service providers and customers in accordance with Art. 6 para. 1 lit. b. GDPR in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. The processed data includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. email addresses and telephone numbers) as well as contract data (e.g. services used, contract content, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history). We do not process special categories of personal data unless they are part of commissioned or contractual processing. We process data that is necessary for the establishment and fulfilment of contractual services and point out the necessity of its disclosure, unless this is evident to the contractual partners. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements.
21.2. As part of the use of our online services, we may store the IP address and the time of the respective user action. This data is stored on the basis of our legitimate interests in protecting users against misuse and other unauthorised use. This data is not passed on to third parties unless it is necessary to pursue our claims in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. GDPR.
21.3. The data is deleted when it is no longer required to fulfil contractual or statutory duties of care and to deal with any warranty and comparable obligations, whereby the necessity of retaining the data is reviewed every three years. Otherwise, the statutory retention obligations apply.
22. Categories of personal data
We process the following categories of personal data about you:
- Personnel master data (name, address and other contact details, date of birth),
- order and contract data (e.g. delivery order), if applicable,
- Payment data,
- Data from the fulfilment of our contractual obligations,
- Advertising and sales data,
- Documentation data (data from counselling and service calls) and comparable data.
23. Recipients of the data or categories of recipients
Within our company, access to your data is granted to those departments that require it to fulfil contractual and legal obligations.
24. Other service providers, partners and third parties
24.1. We may work with other partners if this is necessary to fulfil our service offerings or if we are legally obliged to disclose data. These may be the following partners or third parties:
- Credit institutions and payment service providers
- Credit agencies
- Disclosure to public authorities or by court order
- Advertising agencies
- Document shredding company, logistics
- Advice and consulting, auditor
- Insurances
- Law firms and competent jurisdiction
- Service company
24.2. We attach great importance to processing your data within the EU. However, we may use service providers who operate outside the EU. In these cases, we ensure that an adequate level of data protection is established before your personal data is transferred. This means that a level of data protection comparable to the standards within the EU is achieved via EU standard contracts or an EU adequacy decision.
25. Information services with Microsoft Dynamics Marketing 365
25.1. We use the Microsoft Dynamics 365 Marketing information service on our website, an offer from Microsoft Ireland Operations Limited, based in Ireland (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland), a subsidiary of Microsoft Corporation, USA (hereinafter referred to as “Microsoft”).
In principle, the following information services can be subscribed to at ACS:
- Telegram – technical information, e.g. in the event of system faults
- Newsletter – comprehensive information on several topics
- Mailings – brief information on individual topics, e.g. save the date for a webinar
25.2. The e-mail address you provide and your first name and surname are used to send the information service. The following can also be recorded by means of a tracking pixel: unique opening, length of stay, delivery, time of delivery, interaction, links clicked on. This information can be technically assigned to the individual newsletter recipients.
25.3. Subscription to our information services may be subject to a so-called double opt-in procedure. This means that after registering for our newsletter, you will receive an e-mail asking you to confirm your subscription. If you have already been created as a contact in our CRM system, you only need to confirm your subscription. Your registration for the newsletter will be logged in order to be able to prove that you have given your consent in accordance with the GDPR. This includes saving the date of consent. Changes to your data are also logged. The legal basis for sending the information service to your email address and analysing user behaviour when opening it is the consent given upon registration in accordance with Art. 6 para. 1 lit. a GDPR. The legal basis for logging the registration is our legal obligation to document it in accordance with Art. 6 c GDPR. Insofar as information is stored on Microsoft servers in the USA, the additional legal basis is Art. 45 GDPR, as the provider has joined the EU-US Data Privacy Framework for data transfers to the USA, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
25.4. You can revoke your consent at any time with effect for the future by clicking on the link at the end of the information service.
25.5. Further data protection information can be found in the Microsoft data protection declaration at https://privacy.microsoft.com/en-US/privacystatement.
25.6. Further information on the use of cookies in connection with the system can be found at https://docs.microsoft.com/en-US/dynamics365/marketing/cookies.
26. Teamviewer Remote Support
26.1. For remote support, we use the software of TeamViewer GmbH, Jahnstr. 30, 73037 Göppingen. For this purpose, we offer you the download of a TeamViewer software suitable for this purpose via a link provided by us. Using this software, we can connect to your PC or server in order to provide the support you have requested. The connection runs via TeamViewer GmbH servers.
26.2. By activating the download button, you can download the TeamViewer remote maintenance tool. After downloading the executable file, you have the option of having a support employee from our company connect to your computer and view your system. We only use the “see and show” function. Once Quick Support has been started, we will send a request to the person concerned asking whether the connection is authorised. The employees entrusted with remote maintenance are expressly obliged to observe data protection and confidentiality. You have been informed in writing of the consequences of a breach of data protection regulations.
26.3. ACS undertakes to delete the personal data received during the maintenance work as soon as it is no longer required for the maintenance work.
26.4. When remote services are provided, the employees see your screen, including all the information available on it. In your own interest, you should therefore close all programmes and displays that are not related to the remote support services. By authorising remote control (by providing your ID and password), you ensure that our support staff do not come into contact with personal data from your environment when providing remote services.
26.5. This data is collected, stored and processed solely for the purpose of providing remote support services. We do not link your data with other data, do not use it for other purposes and do not pass it on to third parties under any circumstances.
26.6. Insofar as we use service providers bound by instructions as part of the provision of services, their access to the data is also exclusively for the purpose of providing the service. We take technical and organisational measures to ensure compliance with data protection regulations and also oblige our external service providers to do the same.
26.7. Data is transferred via TeamViewer over the Internet. TeamViewer uses an encrypted connection for transmission. However, it can never be ruled out with absolute certainty that third parties can view and/or access the transmitted data without authorisation. We recommend that you consider this aspect when deciding whether to utilise remote support services.
26.8. The legal basis for the use of the TeamViewer software is Art. 6 para. 1 lit. b GDPR (performance of contract) in conjunction with your consent pursuant to Art. 6 para. 1 lit. a GDPR and the balancing of interests pursuant to Art. 6 para. 1 lit. f GDPR. You can cancel remote access at any time by closing the TeamViewer software.
26.9. Please note that you are responsible for downloading, installing and using the Teamviewer software.
26.10. TeamViewer is used in accordance with the TeamViewer privacy policy. For further information, please contact TeamViewer GmbH, Jahnstraße 30, 73037 Göppingen; data protection information: https://www.teamviewer.com/de/privacy-policy/; security information: https://www.teamviewer.com/de/security/
27. Routine erasure and blocking of personal data
27.1. The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the data controller is subject to.
27.2. If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
28. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject can contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.
Data protection in the application process
29. Applicant data
29.1. We process the data that you have sent us in connection with your application for the purpose of checking your suitability for the position and carrying out the application procedure. The processing of your personal application data serves to fill vacancies at ACS PharmaProtect GmbH. In addition, we may also have received data from third parties (e.g. job exchanges or personnel service providers).
29.2. The legal basis for the handling of your data is § 26 para. 1 i. V. m. Abs. 8 S. 2 BDSG (new). Furthermore, we may process personal data about you insofar as this is necessary for the defence of legal claims asserted against us in the application process. The legal basis for this is Article 6(1)(f) GDPR; the legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). If there is an employment relationship between you and us, we may, in accordance with Section 26 (1) BDSG (new), further process the personal data already received from you for the purposes of the employment relationship if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the representation of employees’ interests arising from a law or a collective agreement, a works or service agreement (collective agreement).
30. Recipients of your data
30.1. As part of the application process, we will forward your data to persons at ACS PharmaProtect GmbH who are involved in the selection process.
30.2. We also reserve the right to pass on your data to service providers who are bound by our instructions and whose activities support our provision of services for you on our behalf and in accordance with our instructions. These may be personnel service providers and IT service providers.
31. Storage duration
31.1. If your application for a specific position is rejected, we will delete your data after six months at the latest. This does not apply if statutory provisions prevent deletion or if further storage is necessary for the purpose of providing evidence.
In the case of an unsolicited application, the data will be deleted after twelve months at the latest, provided that no recruitment has taken place by then.
31.2. You can withdraw your consent to the processing of your applicant data at any time. In this case, we will delete your data.
32. General data protection information
In addition, the explanations in our general data protection information on this website apply.
Miscellaneous
33. Objection to advertising e-mails
We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.