Last update: April 2021
Dear Health Care Professionals,
With this privacy policy we would like to inform you about
The responsible body for data processing (data controller) in the sense given in the GDPR is:
Bionorica SE
Kerschensteinerstr. 11–15
92318 Neumarkt, Germany
Phone: +49 (0) 9181 231-90
Fax: +49 (0) 9181 231-265
E-mail: info@bionorica.de.
Our company data protection officer can be reached via email at datenschutz@bionorica.de or by post at the above address (please include the line ‘ATTENTION: Data Protection Officer’).
As parent company of the Bionorica group we pursuant of a consistent corporate controlling provide different services for our subsidiaries (e.g. cross-company IT-, communication- and database-systems, central HR or financial accounting services as similar activities at our headquarter in Neumarkt) and also process personal data in this context.
In terms of data protection law, this processing is carried out under the joint responsibility of Bionorica SE and the respective subsidiary in accordance with Art. 26 GDPR. The following key points apply to joint processing:
We would be happy to provide you with an extract from our "Agreement on the joint processing of personal data in accordance with Art. 26 GDPR". For this purpose, please also contact the above-mentioned contact.
In the context of our business relationship you only have to provide the personal data which are required for entering into and conducting a business relationship and for fulfilling the associated contractual obligations or which we are legally obligated to collect. Without these data we will usually not be able to conclude the contract with you or perform the contract.
We process personal data which we receive from our customers within the scope of our business relationships. We also process personal data which we permissibly acquire from publicly accessible sources (e.g. commercial register, press and/or internet) or which are permissibly communicated to us by other companies in the Bionorica Group or by other third parties (e.g. credit bureaus) – to the extent needed to provide our service.
The personal data which we process include in particular:
We process personal data in accordance with the provisions of the European General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG) according to the following legal bases:
Data are processed for performance of contracts concluded with our customers (e.g. sales contracts with pharmacies), for implementation of pre-contractual measures at the request of our customers or for carrying out of all activities necessary for operation and/or administration of a pharmaceutical company.
As far as necessary, we process personal data beyond the scope of performance of the contract for protecting our legitimate interests.
This particularly covers the following activities and processes:
If you granted us consent to process personal data for specific purposes, this processing is lawful based on this consent.
After granting your consent, you can withdraw it at any time. This also applies to the withdrawal of declarations of consent given to us before the GDPR came into effect. Please note that withdrawal of your consent does not affect the lawfulness of processing carried out up to the time of withdrawal.
You can withdraw consent free of charge by sending a formless statement to the contact given in Section 1. If you withdraw your consent by telephone, we may ask you to provide additional proof of your identity in another way.
Like every company, Bionorica SE has numerous legal obligations which make processing of personal data necessary. As examples, e.g., identification obligations for prevention of money laundering, comparison with legally prescribed sanctions lists or meeting of tax obligations and regulatory documentation requirements for medicinal products can be stated here.
We generally do not use fully automated decision-making according to Art. 22 GDPR for establishing and conducting the business relationship. If we employ these techniques in individual cases, we will inform you about this separately insofar as we are required to do so by law.
We utilize partially automated analysis tools in order to provide you with personalised information and advice about our products. This enables needs-based communication and advertising including market and opinion research.
Within Bionorica SE, those offices and departments requiring your data for the fulfilment of our contractual and legal obligations receive your data. Carefully selected and controlled service service providers employed by us may also receive data for these purposes, but within the scope of so-called contract data processing they are obligated to meet the data protection requirements that are also applicable to us. For example, companies in the fields of IT services, logistics, print services and telecommunications as well as consultancies and marketing agencies.
We only pass on data to recipients outside Bionorica if we have a legal basis (e.g. legal obligation, consent, legitimate interest). We may, e.g., exchange personal data (e.g. names, contact details and proof of qualifications of the study team) with the respective research cooperation partner during the conduct studies.
Data are only transferred to locations in countries outside the European Union (so-called third countries) if, in addition to general requirements for data transfer, there is also an adequacy decision (Art. 45 GDPR) or appropriate safeguards (Art. 46 GDPR) and, if necessary, additional measures are taken or the requirements of Art. 49 are fulfilled (for example, the corresponding consent).
We process your personal data only as long as necessary for fulfilment of our processing purposes described above. Once the data are no longer needed for fulfilment of the processing purposes described above, they are erased unless their further processing is necessary – for a limited period – for the following purposes:
As a data subject you have the right to access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, and the right to data portability according to Art. 20 GDPR. With respect to the right to access and the right to erasure, the limitations set forth in Sections 34 and 35 BDSG apply. You also have the right to lodge a complaint with a responsible data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).
Furthermore, you have the right to object under Art. 21 GDPR and you can object to the processing of personal data for advertising purposes including the analysis of customer data or the transmission to third parties for advertising purposes at any time without giving reasons.