Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with applicable personal data protection legislation, in particular the GDPR, which provide comprehensive information about the processing of your personal data by PHARMAPLANT Arznei- und Gewürzpflanzen Forschungs- und Saatzucht GmbH and your rights.
Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address and IP address.
Anonymous data is available if no personal reference to the individual/user can be made.
Responsible body and data protection officer
PHARMAPLANT Arznei- und Gewürzpflanzen Forschungs- und Saatzucht GmbH
Am Westbahnhof 4
Tel.: +49 3466 3256-10
Fax: +49 3466 3256-20
Contact info of the data protection officer
Your rights as a data subject
Your rights as a data subject are set out in Articles 15 - 22 EU-GDPR, and include:
- the right of access (Art. 15 EU-GDPR)
- the right to deletion (Art. 17 EU-GDPR)
- the right to rectification (Art. 16 EU-GDPR)
- the right to data portability (Art. 20 EU-GDPR)
- the right to restriction of data processing (Art. 18 EU-GDPR)
- the right to contradict a data processing (art. 21 EU-GDPR)
To exercise these rights, please contact firstname.lastname@example.org. The same applies if you have any questions regarding data processing in our company or when you intend to withdraw your consent. You also have a right of appeal to the relevant data protection supervisory authority.
Right to Contradiction
Concerning the right to contradiction, please consider the following:
If we should process your data for direct marketing purposes, you are entitled to contradiction against such processing anytime and without having to name any reason. That is also valid in case of a profiling if such is related to direct marketing.
If you declare to contradict a processing, we will terminate processing your data for such purposes. Notes of contradiction shall preferably be sent to email@example.com.
Should we process your data for reasons of prevailing interest, you are entitled to contradict such processing any time for reasons emerging from your specific situation. That is also valid for a profiling, if such is based on the underlying provisions.
We will then terminate processing your personal data, if not we can prove compelling reasons worth protection which we can base the processing on and which are outweighing your rights and freedoms or in case the processing is required to assert, implement or defend a legal claim.
Purposes and legal bases of data processing
The processing of your personal data complies with the provisions of the EU-GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Art. 6 EU-GDPR.
We use your data to initiate business, to fulfil contractual and legal obligations, to conduct the contractual relationship, to offer products and services and to consolidate customer relationships, which may include analyses for marketing purposes and direct marketing. (Answering contact requests).
Your consent also may constitute a legal basis for data processing. Whenever we should ask for your consent, we will inform you of the purposes of data processing and the right to withdraw your consent. If the consent also relates to the processing of special categories of personal data, we will explicitly notify you in the consent process.
Processing of special categories of personal data within the meaning of Art. 9 I EU-GDPR may only take place where necessary on the grounds of legal regulations and there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data.
Data transfers / Disclosure to third parties
We will only transfer your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the competent supervisory authorities or law enforcement authorities).
Data recipients / categories of recipients
Within our organisation, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data.
In certain cases, service providers assist our specialist departments to fulfil their tasks (please see also the section on data transfers to third parties above). The required data protection contracts have been concluded with all service providers.
Transfers of personal data to third countries
A transfer of data to other countries (outside the EU/ European Economic Area) shall only take place if required for a contractual relationship, by law or if you have provided your consent for such a transfer.
We will not transfer your personal data to service providers or group companies outside the EU/ EEA, if not you have provided your consent for such transfer and without having informed you hereon. Also in these cases, we have entered into the required data protection contracts.
Period of data storage
We store your data for as long as such is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This relates in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). The data will be routinely deleted after use unless a further period of retention is required.
We may also retain data if you have consented hereto or in the event of any legal disputes and we use the evidence within the statutory limitation period which may last for up to thirty years. The regular statutory limitation period lasts for three years.
Secure transfer of data
We implement the appropriate technical and organisational security measures to ensure the optimum protection of your data against accidental or intentional manipulation, loss, destruction or access by unauthorised parties. The measures are continuously reviewed in cooperation with security experts and adapted to current security standards.
The data exchange to and from our website is encrypted. We provide https as a transfer protocol for our website and always use current encryption. Concerning contact forms and job applications, our users are offered additional content encryption. It is solely us who can decrypt that data. You may use alternative communication channels (e.g. surface mail).
Obligation to provide data
A range of personal data is required to establish, implement and terminate the obligation and the fulfilment of contractual and legal obligations. The same applies to the use of our website and the various functions it provides. In some cases, legal regulations require data to be collected or made available.
Please note that it will not be possible to process your request or execute the underlying contractual obligation without the respectively required information.
Data categories, sources and origin of data
The data we process is defined by the relevant context: it depends on whether, for example, you enter a request into our contact form.
Please note that from time to time we may also provide information for specific processing situations separately where appropriate.
We may process the following data when you visit our website:
- Name of the Internet service provider
- Information on the website from which you visited us
- Web browser and operating system used
- The IP address allocated by your Internet service provider
- Files requested, volume of data transferred, downloads/file export
- Information on websites accessed on our site, including date and time
- Host name requested and status code
- For reasons of technical security (in particular concerning the prevention of attacks of our web server), this data is stored in accordance with Article 6 I 1 f EU-GDPR basing on our legitimate interest in operating our website technically safe and secure. Anonymization takes place no later than after seven days by abbreviating the IP address so that no reference is made to the user. The data which has been anonymized in the mentioned way, is then stored for another 60 days. Error-logs, which are used to log faulty access-attempts are deleted after seven days. The latter are containing the IP-address and depending on the fault also the website in addition to the error-notification itself.
Concerning a contact request, we may process the following data:
- Name, surname,
- Phone number
- Information on your wishes and interests
Concerning virtual conferences/ video conferencing systems, we may process the following data:
- Telephone number
- Information on your browser and operating system
- Any further data you may eventually provide through chat functions, conference rooms or further functions.
Contact form / Contact via email (Article 6 I 1 a, b EU-GDPR)
Our website offers a contact form which may be used for contacting us electronically. If you contact us via the contact form. We process the data you provide in this course to contacting you and to respond to your wishes and requests.
Here, we comply with the principle of data minimization, as you only have to provide the information we objectively require to contact you, which is your email address and the message itself. Your IP-address will also be processed for technical and legal reasons. All possible further data may be provided on a voluntary basis (e.g. for responding to your requests more personally).
If you contact us by email, we will process the personal information provided in the email solely for the purpose of processing your request. If you should not provide the data marked as mandatory, we unfortunately may not be able to answer your request.
Virtual conferences/ Online-conferencing systems (Article 6 I 1 a, b, f EU-GDPR)
The processing of personal data in the course of virtual conferences/ online conferencing systems may be executed concerning a contractual relationship (in initiation), Art. 6 I 1 b EU-GDPR, respectively basing on our legitimate interest in effectively communicating, Art. 6 I 1 f EU-GDPR. A recording will not take place without your previous consent having been declared, Art. 6 I 1 a EU-GDPR. Your data is stored in this regard until the purpose of processing does no longer apply, you are requesting your data to be deleted or if you revoke your consent, if not we are legally obliged to further processing your data. To the extent we are using MS Teams, a service of Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA, your data may be transferred to a server of Microsoft in the USA – if you should this not wish to happen, we are prepared to offering you alternative means of communication (e.g. a telephone call).
Automated decisions in individual cases
We do not use fully automated processing to take decisions.
Cookies (Art. 6 I 1 f EU-GDPR / Art. 6 I 1 a EU-GDPR in case of consent)
Our websites are using “cookies” for purposes of making it more user-friendly, effective and secure. Cookies are small text files that are placed on your device and stored by your browser (locally on your hard disk).
Most of the cookies we use are "session cookies", which will be automatically deleted after your visit. “Persistent cookies”, which are representing another category of cookies, are automatically deleted from your computer as soon as their individual period of validity has expired or upon deletion, which you may execute even beforehand of expiry.
Most web browsers automatically accept cookies. You may generally change your browser's settings to disable the automated accepting of cookie. Such, however, may influence the usability of our website in general or at least in regard of certain functions.
Additionally, we are using cookies which are allowing us to analyse how our users are browning our websites. That enables us to design our content according to our users´ interests. In Addition, cookies are enabling us to measure the effectiveness of a certain ad and to having it placed depending on, e.g., the respective user interests.
Cookies are stored on the users´ device and transferred to our website from this source. That enables you as a to fully control how cookies are used. By changing your browser-settings, you may deactivate or restrict the transfer of cookies. Moreover, you may delete cookies which have already been placed by changing the respective browser settings or by additional software. All current internet browsers are offering respective functions.
Please be aware, that deactivation cookies may lead to the effect that not all functions of our website may be used to the full extent any longer.
Links to other providers
Our website may contain links to the Internet sites of other parties. We may, however, not influence such content and do not accept any liability for such third-party content. The content of these pages is always within the sole responsibility of the third party offering the service or content.
All pages linked have been checked for potential legal violations and identifiable infringements before being linked. We are executing whatsoever legally required checks of content we are linking and will immediately respond to any notification on infringements by taking down the respective link(s).