Privacy Policy for the Website of Pharmaplan (TTP Group)
Preamble
Table of contents
I. Identity and contact details of the data controller
II. Contact details of the data protection officer
III. Website and log files
IV. Use of Cookies
V. Contact via Email
VI. Contact form
VII. Application sent via Email and application form
VIII. Corporate profiles in career-oriented networks
IX. Hosting
X. Plugins
XI. Rights of the data subject
I. Identity and contact details of the data controller
The controller’s data protection officer is::
TTP Group
Bahnhofstraße 15
83022 Rosenheim
Germany
+49 8031 282000
info@ttp-group.eu
https://www.ttp-group.eu
II. Contact details of the data protection officer
The controller’s data protection officer is:
DataCo GmbH
Dachauer Str. 65
80335 Munich
Germany
+49 89 7400 45840
www.dataguard.com
III. Website and log files
a. Description and scope of data processing
Whenever you visit our website, our system automatically collects data and information from the visitor’s computer system.
The following data is collected:
Browser type and version used
The user’s operating system
The user’s internet service provider
The IP address of the user
Date and time of access
Web pages from which the user’s system accessed our website
This data is stored in the log files of our system. This data is not stored together with other personal data of the user.
b. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our IT systems. In this context, the data is not analysed for marketing purposes.
This also constitutes our legitimate interest in data processing as per Art. 6 (1) clause 1(f) GDPR.
c. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) (1) (f) GDPR.
d. Duration of storage
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the event that data is collected in order to make the website available, this is the case once each session has ended.
Should any data be stored in log files, this will be deleted within seven days at the latest. It may, however, be retained for a longer period. In that case, the IP addresses of the users are deleted or alienated to ensure that the calling client can no longer be traced back.
e. Right to objection and erasure
Collecting the data in order to make the website available, and saving this data in log files, is necessary in order to operate the website. The user is therefore not entitled to object to this.
IV. Use of cookies
a. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or the internet browser on the user’s computer system. When a user calls up a website, a cookie can be stored in the user’s operating system. This cookie contains a unique string of characters that allow the browser to be clearly identified the next time it calls up the website.
We use cookies to make our website more user-friendly. Some components of our website require that the calling browser be identified after going to a new page.
The language settings are stored and transmitted in the cookies.
In addition, this website uses cookies that allow us to analyse the user’s surfing behavior.
This allows the frequency of page views to be transmitted.
The user data collected in this way will be pseudonymized by means of technical precautions. It is therefore not possible to assign the data to the user accessing the site. The data is not stored together with the user’s other personal data.
b. Purpose of data processing
The purpose of implementing technically necessary cookies is to make it easier for users to use the websites. Some of our website features may be unavailable without the use of cookies. It must be possible to recognize the browser even after the user goes to a new page on the site.
We need cookies for applying language settings.
The user data collected by technical cookies are not used to create user profiles.
Analytical cookies are used to improve the quality of our website and its content., as well as let us determine how the site is used and how we can continuously optimize it.
c. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 (1) (1) (a) GDPR.
The legal basis for the processing of personal data using technical cookies is the legitimate interest, which is stipulated in Art. 6 (1) (1) (f) GDPR.
d. Duration of storage and possibility of objection and removal
Cookies are stored on the user’s device and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
If you use the Safari browser version 12.1 or higher, cookies will be automatically deleted after seven days. This also applies to opt-out cookies, which are used to prevent the use of tracking mechanisms.
V. Contact via Email
a. Description and scope of data processing
You can use our website to contact us using the e-mail address provided. In that case the personal data of the user transmitted with the email will be stored.
The data will be used exclusively to process your inquiry.
b. Purpose of data processing
If you contact us via email, this also constitutes the necessary legitimate interest in the processing of the data.
c. Legal basis for data processing
If the user has given consent, the legal basis for processing the data is Art. 6 (1)(a) GDPR.
The legal basis for the processing of data transmitted while sending an email is Art. 6 (1) (1) (f) GDPR. If the purpose of the email contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.
d. Duration of storage
The data will be erased once it is no longer necessary to achieve the purpose for which it was collected. For any personal data that were sent by email, this is the case when the respective conversation with the user has been completed. The conversation will be deemed terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.
Personal data that was additionally collected during the transmission procedure will be erased within seven days at the latest.
e. Right to objection and erasure
The user may withdraw their consent to the processing of personal data at any time. A user who has contacted us by email can object at any time to the storage of his or her personal data.
If you wish to exercise your right to withdraw consent, you can send an email to info@ttp-group.eu at any time and request this. All personal data stored within the course of establishing contact will be erased in that case.
VI. Contact form
a. Description and scope of data processing
This website has a contact form that can be used for establishing contact electronically. If a user accepts this option, the data entered in the contact form will be transmitted to us and stored.
The following data will also be stored when the message is sent:
Email address
Last name
First name
Address
Telephone / mobile phone number
IP address of the user’s device
Date and time of contact
Messages
Browser, pages transmission protocol
When you submit the form, we ask your consent to process your data, with a link to this Privacy Policy.
Alternatively, you can contact us via the email address provided. In that case the personal data of the user transmitted with the email will be stored.
These data will be used exclusively to respond to your inquiry.
b. Purpose of data processing
We only use personal data provided on contact forms to make the requested contact. If we do contact you by email, this also constitutes the necessary interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems
c. Legal basis for data processing
The legal basis for the processing of data when the user’s consent has been obtained is Art. (1) (1) (a) GDPR.
The legal basis for the processing of data transmitted while sending an email is Art. 6 (1) (1) (f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) (1) (b) GDPR.
d. Duration of storage
The data will be erased once it is no longer necessary to achieve the purpose for which it was collected. The persona data from the contact form’s input dialog and the data sent by email will be erased when the respective conversation with the user has been completed. The conversation is deemed completed when it can be inferred from the circumstances that the facts in question have been finally clarified.
Personal data that was additionally collected during the transmission procedure will be erased within seven days at the latest.
e. Right to objection and erasure
The user may withdraw their consent to the processing of personal data at any time. A user who has contacted us by email can object at any time to the storage of his or her personal data. In such a case, the conversation cannot be continued.
If you wish to exercise your right to withdraw consent, you can send an email to info@ttp-group.eu at any time and request this. All personal data stored within the course of establishing contact will be erased in that case.
VII. Application via Email and application form
a. Scope of personal data processing
This website has a contact form that can be used for sending electronic job applications. If an applicant uses this option, the data entered in this online application from will be transmitted to us and stored. These data include:
Title
First name
Last name
Email address
Salary expectations
Curriculum vitae
Certificates
Photo
Cover Letter
When you submit the form, we ask your consent to process your data, with a link to this Privacy Policy.
Alternatively, you can send us your application by email. In this case, we collect your email address and the information you provide in the email.
After sending your application, you will receive confirmation of receipt of your application documents from us by email.
Your data will not be disclosed to third parties. The data will be used exclusively for processing your application.
b. Purpose of data processing
We only use personal data provided in the application form to process your application. If you contact us by email, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the application form and to ensure the security of our information technology systems.
c. Legal basis for data processing
The legal basis for the processing of the data is the completion of the contractual relationship with you, Art. 6 (1) (1) (b) Alt. 1 GDPR and § 26 (1) (1) BDSG (Federal Act of Dataprotection).
d. Duration of storage
After completion of the application procedure, the data will be stored for up to six months. Your data will be erased after six months at the latest. In the event of a legal obligation, the data will be stored within the framework of the applicable provisions.
Personal data that was additionally collected during the transmission procedure will be erased within seven days at the latest.
e. Right to objection and erasure
The applicant may object to the processing of personal data at any time. If the applicant contacts us by email, he or she can object to the storage of his or her personal data at any time. In such a case, his/her application will no longer be considered.
Should the applicant wish to amend or erase his or her data subsequently, he or she can do this himself/herself through the application portal. All personal data stored during the submission electronic job applications will be deleted in this case.
VIII. Corporate profiles in career-oriented networks
a. Scope of data processing
We use corporate profiles on professionally oriented networks. We maintain a corporate presence on the following professionally oriented networks:
• LinkedIn: LinkedIn, Unlimited Company Wilton Place, Dublin 2, Irland
• XING: XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland
Our website provides information and offers users the possibility of communication.
The corporate profile is used for job applications, information, public relations, and active sourcing.
We do not have any information on the processing of your personal data by the companies jointly responsible for the corporate profile. Further information can be found in the privacy policy of:
• LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
• XING: https://privacy.xing.com/de/datenschutzerklaerung
If you carry out an action on our company profile (e.g. comments, contributions, likes etc.), you may make personal data (e.g. clear name or photo of your user profile) public.
b. Legal basis for data processing
The legal basis for the processing of your data in connection with the use of our corporate web profile is Art. 6 (1) (1) (f) GDPR.
c. Purpose of the data processing
Our corporate web profile is used to inform users about our services. All users are free to publish personal data by means of activities.
d. Duration of storage
We store your activities and personal data published via our corporate web profile until you withdraw your consent. In addition, we comply with the statutory retention periods.
e. Right to objection and erasure
You can object at any time to the processing of your personal data, which we collect while you use our company’s web profile and assert your data subject rights set forth in part IV of this Privacy Policy. In order to do so, please send us a plain email to the email address stated in this Privacy Policy.
You can find further information on the right to objection and erasure here:
• LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
• XING: https://privacy.xing.com/de/datenschutzerklaerung
In order to ensure appropriate safeguards for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by LinkedIn is based on appropriate safeguards pursuant to Art. 46 et seq. GDPR, in particular by concluding so-called standard data protection clauses pursuant to Art. 46 (2) c) GDPR.
IX. Hosting
The website is hosted on our own servers. Third parties do not have access to server log files.
The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The stored information is:
Browser type and version
Used operating system
Referrer URL
Hostname of the accessing computer
Time and date of the server request
IP address of the user’s device
This data will not be merged with other data sources. The data is collected on the basis of Art. 6 (1) (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website – and server log files are therefore recorded.
The server of the website is geographically located in Germany.
X. Verwendete Plugins
We use plugins for various purposes. The plugins used are listed below:
a. AddToAny
1) Scope of personal data processing
We use the sharing tool AddToAny. This allows you to share the content displayed with people from your environment. To do this, you can use the share function of “AddToAny”. Even while you are visiting our pages, the plugin establishes a direct connection between your browser and the AddToAny server. This communicates to AddToAny the fact that you have visited our site, based on your IP address. AddToAny anonymises the IP addresses. Cookies are used when using AddToAny. The generated data (e.g., time of use or browser language) is transferred to AddToAny and processed. AddToAny can track which other pages with AddToAny plugins and which social media services you visit using the cookie. However, we are not aware of the content of the data independently collected by AddToAny and its actual use by AddToAny. We also do not have access to this data. Further information on AddToAny collection and storage of data can be found at:
https://www.addtoany.com/terms
https://www.addtoany.com/privacy
2) Purpose of data processing
The use of social media buttons by means of AddToAny serves to increase user friendliness.
3) Legal basis for the processing of personal data
The legal basis for the processing of personal data is the user’s given consent in accordance with Art. 6 (1) (1) (a) GDPR.
4) Duration of storage
AddToAny stores server log data for 30 days or less and stores only aggregated usage data.
5) Right to withdrawal and erasure
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawal of consent does not affect the legality of processing carried out based on consent before its withdrawal.
You can prevent AddToAny from collecting and processing your data by using the DoNotTrack feature of a supporting browser, by deactivating the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser. Further information about data processing by AddToAny can be found at:
https://www.addtoany.com/terms and https://www.addtoany.com/privacy
b. Wordfence Security
1) Scope of personal data processing
Our website uses functions of Defiant Inc., 800 5th Ave., Suite 4100, Seattle, WA 98104, USA (Hereinafter referred to as Defiant). Wordfence Security secures our website and protects visitors from viruses and malware. When you visit a page with a plugin, a direct connection is established between your computer and the Defiant Server. In order to recognise whether the visitor is a human or a bot, the plug-in sets cookies. Additional personal data may be stored and evaluated, in particular device and browser information (in particular, IP address and operating system).
You can also evaluate the behaviour from the sent notifications (e.g., how often a page is called up). To protect against brute force and DDoS attacks or comment spam, IP addresses are stored on the Wordfence servers. IP addresses that are classified as acceptable are placed on a whitelist. Further information on the collection and storage of data by Defiant can be found here: https://www.wordfence.com/privacy-policy/
2) Purpose of data processing
The online presence uses the plug-in to protect against viruses and malware and to ward off attacks by computer criminals.
3) Legal basis for the processing of personal data
The legal basis for the processing of personal data is the user’s given consent in accordance with Art. 6 (1) (1) (a) GDPR.
4) Duration of storage
Your personal information will be stored for as long as is necessary to fulfill the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.
5) Right to withdrawal and erasure
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawal of consent does not affect the legality of processing carried out based on consent before its withdrawal .
You can prevent Wordfence Security from collecting and processing your personal data by preventing the storage of third-party cookies on your computer, by using the “Do Not Track” function of a supporting browser, by deactivating the execution of script code in your browser, or by installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You can find further information on objection and removal options against Wordfence Security at:
https://www.wordfence.com/privacy-policy
XI. Rights of the data subject
In accordance with the applicable data protection legislation, you have the following rights, particularly in accordance with the statutory requirements:
a. Right to information, rectification, erasure and restriction
You have the right to request information at any time about your personal data stored by us.
When we process or use your personal data, we will endeavor to ensure, by implementing appropriate measures, that your personal data are accurate and up-to-date for the purposes for which they were collected.
In the event that your personal data are incorrect or incomplete, you can request these data be rectified.
You also have the right to request the erasure or restriction of processing of your personal data if, for example, such processing no longer fulfills a legitimate business purpose in accordance with this Privacy Policy or applicable law, and statutory retention periods do not require its further storage
b. Right to data portability
You also have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or transmit these data to another controller.
c. Right to withdraw your granted consent
If you have agreed to the collection, processing and use of your personal data, you can withdraw your consent at any time with future effect, but the legitimacy of the processing carried out on the basis of the consent until withdrawal will not be affected.
d. Right to object
You have the right to object, on grounds related to your particular situation, at any time to processing of your personal data which is based on Art. 6(1)(e) or (f) GDPR. We will not process your personal data after an objection, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise, or defend legal claims (see Art. 21[1] GDPR, so-called ‘restricted right to object’). In that case, you must demonstrate reasons for the objection which are based on your particular situation.
In addition, you also have the right at any time to object to the processing of your personal data for the purposes of direct marketing, without stating reasons.
e. Exercise
To exercise your data privacy rights, you can contact us at any time using the contact details provided above. In that case, please state the name of the website concerned, and attach an according identification of yourself.
f. Right to lodge a complaint
You also have the right to lodge a complaint with the competent supervisory authority, if you believe that the processing of your personal data is not lawful.
This privacy policy has been created with the assistance of DataGuard.
