Data protection declaration
As a visitor to our website (hereinafter also referred to as “user”), we would like to inform you about the processing of personal data in the context of the usage of our websites. “Personal data” means any information relating to an identified or identifiable natural person ( hereinafter also referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
I. Name and address of the controller
The controller of these websites, according to the General Data Protection Regulation (GDPR), other national data protection laws of the Member States and other data protection provisions, is:
Paninkret Chem.- Pharm. Vertriebsgesellschaft mbH
Telefon: +49(0)4101 5565-0
Fax: +49(0)4101 5565-55
II. Address of the data protection officer
The data protection officer of the controller is:
Paninkret Chem.- Pharm. Vertriebsgesellschaft mbH -Datenschutzbeauftragter- Friedenstraße 14 25421 Pinneberg Telefon: +49(0)4101 5565-0 Fax: +49(0)4101 5565-55 Internet: www.paninkret.de E-Mail: datenschutz(at)paninkret.de
III. General information about data processing
1. Scope of the processing of personal data
In principle, we only process personal data of our users insofar as this is necessary in order to provide a functional website, as well as our content and services. Personal data are above all those data that allow for you to be personally identified.
2. General legal basis for the processing of personal data
Art.6 (1) (b) of the GDPR serves as legal basis for the processing of personal data, which is necessary for the performance of a contract to which the data subject is party. The same applies to the processing operations that are necessary in order to take steps prior to entering into a contract.
Art. 6 (1) (c) of the GDPR serves as legal basis insofar as a processing of personal data is necessary for compliance with a legal obligation to which our company is subject.
Art. 6 (1) (f) of the GDPR serves as legal basis for the processing if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Art. 6 (1) (a) of the GDPR serves as legal basis insofar as we seek the consent of the data subject for processing operations of personal data.
3. General data erasure and general storage period
As soon as the purpose of the storage ceases to exist, the personal data of the data subject are erased or blocked. Beyond that, storage is permissible and possible if this is provided for by the European or national legislator in Union law regulations, laws or other provisions to which the controller is subject. Data is also blocked or erased when a storage period stipulated by the above-mentioned norms expires, unless further storage of the data is necessary for the conclusion or performance of a contract.
To protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller), this website uses SSL / TLS encryption. An encrypted connection can be recognised by the character string “https://” and the lock symbol in your browser line.
IV. Provision of the website and log files
1. Description and scope of the data processing
With every visit to our website, even if you do not otherwise submit information, data and information is automatically collected by the computer system of the calling computer.
The following data, which are necessary for the technical operation of our website, are collected in the process:
- The operating system used by the calling computer/device
- Information about the browser version, supported browser technology, screen resolution, colour depth and language of the calling computer/device
- The internet service provider of the user
- Transmitted data volume
- Date and time at the time of access
- Websites via which the user arrives at our website (URL)
- Websites that are accessed by the system of the user via our website
- The sub-websites that are called up via an accessing system on our website
- The type and manufacturer of the device and browser used, e.g. “Apple iPhone 8 & Safari”
- The IP address of the calling computer/device
The data are stored in log files in our system. These data are not stored together with other personal data of the user.
Legal basis for the data processing
Art. 6 (1) (f) of the GDPR is the legal basis for the temporary storage of the data and the log files.
Purpose of data processing
It is necessary for the system to temporarily store the IP address in order to enable a delivery of the website to the user’s computer. To this end, the user’s IP address has to be stored for the duration of the session.
The storage in log files takes place in order to ensure the functionality of the website. In addition, the data are used to optimise the website and to ensure the security of our information technology systems. The data are not analysed for marketing purposes in this context.
These purposes also constitute our legitimate interest in the data processing pursuant to Art. 6 (1) (f) of the GDPR. Further interests are the stable and functional operation of this website, as well as achieving the objectives of protecting the confidentiality, integrity and availability of the data.
Duration of storage
The data are erased as soon as they are no longer necessary in order to fulfil the purpose of their collection. If the data is collected for the provision of the website, this is the case when the relevant session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In such a case, the IP addresses of the users are deleted or altered so that an association with the calling client is no longer possible.
Possibility of objection and erasure
The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
Description and scope of the data processing
On the one hand, we use so-called session cookies that are automatically deleted by your browser immediately after the end of the visit.
In the context of web analysis, on the other hand, we also use persistent cookies, which allow us to recognise your browser on your next visit, for instance in order to remember information that you provided during your last visit for your subsequent visit to our website.
The following data, inter alia, are saved and transmitted in the cookies: Visitor ID, language, screen resolution
In addition, we work with (advertising) partners, who help us optimise our internet offer for you and make it more interesting. For this purpose, cookies from partner companies are also saved on your hard disk when you visit our website (third-party cookies).
Insofar as we cooperate with such advertising partners, you will be informed hereinafter about the use of such cookies and the scope of the information collected in each case.
Legal basis for the data processing
Should personal data be processed through cookies that we implemented, the processing takes place either for the performance of the contract pursuant to Art. 6 (1) (b) of the GDPR, or pursuant to Art. 6 (1) (f) of the GDPR for the purpose of our legitimate interests in the best possible functionality of the website, as well as a client-friendly and effective design of the site visit.
Purpose of data processing
The user data collected by technically necessary cookies are not used for the creation of user profiles.
Analysis cookies are used for the purpose of improving the quality of our website and its content. Analysis cookies allow us to find out how the website it used and hence to optimise our offer continuously.
These purposes constitute our legitimate interest in the processing of personal data pursuant to Art. 6 (1) (f) of the GDPR.
Duration of storage, possibility of objection and erasure
The possibilities of managing cookie settings vary depending on the type of browser used. A description can usually be found in the help menu of every browser, which provides instructions on how to change your cookie settings. Below you can find a compilation of links to the individual browsers:
Even cookies that have already been stored can be deleted at any time. This can also be automated. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent. The transmission of possible flash cookies cannot be prevented through the browser settings, but by changing the settings of the Flash Player.
VI. Contact form and e-mail contact
Description and scope of data processing
On our website, you can use a contact form in order to contact us electronically. If a user chooses this option, the data entered into the input mask are transmitted to us and stored.
Which data are collected in the case of a contact form can be seen in the input mask of the respective contact form. Alternatively, contact can also be established via the e-mail address provided. In this case, the user’s personal data transmitted in the e-mail are stored.
There is no data transfer to third parties in this context. The data are used exclusively for the processing of the conversation.
Legal basis for the data processing Art. 6 (1) (f) of the GDPR is the legal basis for the processing of the data that are transmitted in the course of sending an e-mail. Art. 6 (1) (b) of the GDPR is an additional legal basis for the processing if the e-mail contact aims at concluding a contract.
Purpose of data processing
The processing of the personal data from the input mask serves the sole purpose of handling the established contact. In the case that contact is established via e-mail this also constitutes the necessary legitimate interest in the processing of the data.
Other personal data processed during the sending process serve the purpose of preventing a misuse of the contact form and ensuring the security of our information technology systems.
Duration of storage
The data are erased as soon as they are no longer necessary in order to fulfil the purpose of their collection. For the personal data from the input mask of the contact form and those sent via e-mail, this is the case when the respective contact with the user has ended and the erasure is not prevented by any statutory retention obligations. The contact has ended if it can be concluded from the circumstances that the issue in question has been resolved.
The additional personal data collected during the sending process are erased after a period of seven days at the latest.
Possibility of objection and erasure
If a user contacts us via e-mail, he can object to the storage of his personal data at any time. In such a case, the communication with you cannot be continued. All personal data that were stored in the course of the establishment of contact will be erased in this case.
VII. Applicant data
Insofar as you react to job postings on our website or send us an application for other reasons, we process those data that you send us in connection with your application, in order to review your suitability for the job (or for comparable positions that are currently open at our company) and to carry out the application procedure. After receipt of your application, your application data are reviewed by the responsible employees in the human resources department. Suitable applications are passed on internally to the people within the departments responsible for the respective open position. In principle, only those people who need it for the proper functioning of the application procedure have access to your data within the company.
The legal basis for the processing of your personal data in this application procedure is first and foremost § 26 of the BDSG (Federal Data Protection Act) in the version applicable as of 25.05.2018. Pursuant to this provision, the processing of the data is permissible, that is necessary in connection with the decision about establishing an employment relationship. After completion of the application procedure, a processing of data can take place if the requirements of Art. 6 of the GDPR are met, in particular for the purposes of legitimate interests pursuant to Art. 6 (1) (f) of the GDPR. In the case of legal proceedings under the AGG (General Act on Equal Treatment), for instance, our interest lies in the assertion of or the defence against claims.
In the case of a rejection, data of applicants are erased 3 months after completion of the application procedure.
In the event that you expressly consented to a further storage of your personal data, we will add your data to our pool of applicants. There the data will be erased after a period of two years.
Should your application be successful and should you have been awarded a job in the framework of the application procedure, we will transfer your data from the applicant data system to our human resources information system.
The data are processed exclusively in data centres in the Federal Republic of Germany.
VIII. Use of Youtube videos
Our website uses the embedding function of Youtube to display and play back videos from the provider “Youtube” Youtube belongs to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google LLC, which is based in the USA, is certified for the EU-US data protection agreement “Privacy Shield”, which ensures compliance with the level of data protection applicable in the EU.
According to “Youtube”, these data are used, inter alia, to create video statistics, optimise user-friendliness and prevent abusive acts. If you are logged in to Google, your data are associated with your account as soon as you click on a video. If you do not wish the association with your profile at YouTube, you need to log out before activating the button. Google stores your data, also for users that are not logged in, as usage profiles and evaluates them.
The legal basis of such an evaluation is, in particular, Art. 6 (1) (f) of the GDPR; the legitimate interest is the interest of Google in the placement of personalised advertisements, market research, and the needs-based design of its website.
Possibility of objection and erasure
You have the right to object to the creation of these user profiles. To exercise this right, you need to contact YouTube. Regardless of a playback of the embedded videos, a connection is established to the Google network “DoubleClick” with every visit to this website, which can initiate further data processing operations without our influence.
Further information about data protection at “YouTube” can be found in the data protection declaration of the provider, under:
IX. Rights of the data subject
Data subjects whose personal data are processed have the following rights vis-à-vis the above-mentioned controller with regard to the personal data that concern them.
Right of access
Upon your request, the controller will confirm whether personal data that concern you are processed by us.
If we do process data, you can request access to the following information from the controller:
(1) the categories of personal data that are processed;
(2) the purposes for which the personal data are processed;
(3) the receivers/categories of receivers whom the personal data have been disclosed to or will still be disclosed to;
(4) the planned duration of storage of the personal data concerning you, or at least, if specific information about this cannot be provided, the criteria for the definition of the storage duration;
(5) the existence of the right to correction or erasure of the personal data, the right to restriction of the processing by the controller, or the right to object against this processing;
(6) all available information about the origin of the data, if the personal data were not given by the data subject himself;
(7) the right to lodge a complaint with a supervisory authority;
(8) the existence of automated decision-making, including profiling (Art. 22 (1) and (4) of the GDPR) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
In addition, you have the right to obtain information about the extent to which the personal data concerning you are transmitted to a third country (or to an international organisation). In this context you can demand to be informed about the suitable safeguards pursuant to Art. 46 of the GDPR in connection with the transmission.
Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller, if the processed personal data concerning you are inaccurate or incomplete. The rectification is to be carried out without undue delay.
Right to restriction of processing
You can demand a restriction of processing of the personal data concerning you,
(1) if you contest the accuracy of the personal data concerning you, for a period that enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
(4) you have objected to processing pursuant to Article 21(1) of the GDPR and the verification whether the legitimate grounds of the controller override yours is still pending.
Where processing of the personal data concerning you has been restricted, these data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been obtained according to the above-mentioned requirements, you shall be informed by the controller before the restriction of processing is lifted.
Right to erasure
Obligation of erasure
You can demand that the controller erases the personal data concerning you without undue delay and the controller shall have the obligation to erase these data without undue delay where one of the following grounds applies:
(1) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) you withdraw your consent on which the processing was based according to Art. 6 (1) (a) or Art. 9 (2) (a) of the GDPR and there is no other legal ground for the processing.
(3) you object to the processing pursuant to Art. 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) of the GDPR.
(4) the personal data concerning you have been unlawfully processed.
(5) the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) the personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 (1) of the GDPR.
Information to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) of the GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data, that you as a data subject have requested the erasure by such controllers of any links to, or copies or replications of, those personal data.
The right to erasure does not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) as well as Article 9 (3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) of the GDPR, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
Right to information
If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right vis-à-vis the controller to be informed about these recipients.
Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to Art. 6 (1) (a) of the GDPR or Art. 9 (2) (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR; and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others shall not be adversely affected by this.
The right to data portability shall not apply to a processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (f) of the GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where the personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing
Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
Right to withdrawal of the data protection consent declaration
You have the right to withdraw your declaration of consent under data protection law at any time, with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and a data controller,
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, such decisions shall not be based on special categories of personal data referred to in Art. 9 (1) of the GDPR, unless point (a) or (g) of Art. 9 (2) of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.