Last updated: March 2023
We, Bionorica SE, are not only committed to protecting your health but also to protecting your data and therefore your privacy. This Privacy Policy is designed to inform you regarding
The (data) “controller”, as defined in the GDPR (General Data Protection Regulation), is:
Bionorica SE
Kerschensteinerstr. 11-15
92318 Neumarkt, Germany
Telephone: +49 (0) 9181 231-90
Fax: +49 (0) 9181 231-265
E-mail: info@bionorica.de
You can contact our company data protection officer by email at datenschutz@bionorica.de or by post at the above address to "The Data Protection Officer".
This Privacy Policy applies to the use of the (video) conferencing solution "Microsoft Teams" in its desktop, mobile and browser variants. In doing so, we use "Microsoft Teams" to conduct our usual office communication, internal and external telephone and video conferences, job interviews, webinars and/or other online meetings (hereinafter: online meetings). "Microsoft Teams" is a service provided by Microsoft Corporation, which is based in Ireland.
Note: If you call up the "Microsoft Teams" website, the provider of "Microsoft Teams" is responsible for data processing. However, accessing the website is only necessary to download the software for the use of "Microsoft Teams". If you do not wish to or cannot use the "Microsoft Teams" app, you can also use "Microsoft Teams" via your browser. The service will then also be provided via the "Microsoft Teams" website.
We reserve the right to change this Privacy Policy at any time with effect for the future. The current version is available on our website. Please visit our website regularly to consult the applicable data protection provisions.
We process personal data that we receive in the course of our online meetings using "Microsoft Teams". The scope of the data also depends on the data you provide before or during participation in an online meeting.
The personal data we process includes in particular:
In order to participate in an online meeting or to enter the meeting room, you must provide at least a user name for the respective online meeting. You are, of course, also free to enter "Guest" or "Anonymous", for example.
We process personal data in accordance with the provisions of the European General Data Protection Regulation (EU GDPR) and the German Federal Data Protection Act (BDSG) on the following legal bases:
The processing of data takes place within the framework of concluded contracts (e.g. employee contracts, customer contracts) for the implementation of pre-contractual measures, which take place at the request of third parties (e.g. applicants, initiation of business contact), or for the implementation of all activities necessary for the operation and/or administration of a pharmaceutical company (e.g. marketing discussions, training courses).
Where necessary, we process personal data beyond the actual fulfilment of the contract to protect our legitimate interests. Our legitimate interest in data processing is to conduct modern communication options via online meetings, to inform participants and to collaborate with them effectively and efficiently (e.g. discussions on specialist topics, conducting business activities). In the interests of our employees, business partners and other third parties, we have implemented "Microsoft Teams" in a data protection-friendly manner and refrain from collecting and storing data that is not necessary.
Insofar as you have given us consent to process personal data for specific purposes (e.g. recording of an online meeting), the legality of this processing is based on your consent.
Consent that has been given can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into effect. Please note that the revocation of consent does not affect the lawfulness of the processing carried out up to the point of the revocation.
The revocation of consent can be made free of charge and informally to our contact details mentioned under section 1. In the case of a revocation by telephone, we may ask you to provide additional proof of your identity by another means.
The video conferencing function of "Microsoft Teams" allows us to offer you participation in our online meetings via video and/or audio. In principle, there will be no recording of the event.
In exceptional cases, recording may take place exclusively on the basis of your voluntary consent given in advance. For such exceptional cases, detailed information on the planned processing of the data (including storage period and recipient group) is provided in advance.
In principle, we do not use fully automated decision-making pursuant to Article 22 of the GDPR to conduct online meetings via "Microsoft Teams”. If we use these procedures in individual cases, we will inform you about this separately if this is required by law.
Online meetings - like face-to-face meetings - are used to share information with third parties. Personal data is primarily transmitted to the other participants when using online meetings.
In addition, those offices and departments within Bionorica SE that require your data to fulfil their duties, e.g. the IT department in the event of malfunctions, will receive access to your data.
Service providers used by us and carefully selected and controlled may also receive data for these purposes, but in doing so they are obliged to comply with the data protection requirements that also apply to us within the framework of so-called commissioned processing. These can be, for example, companies in the IT services and telecommunications sectors.
The provider of "Microsoft Teams" necessarily obtains knowledge of the above-mentioned data insofar as this is provided for in the context of our commissioned data processing agreement with Microsoft. A transfer to other recipients outside Bionorica SE only takes place if there is a legal basis (e.g. legal obligation, consent, legitimate interest, etc.).
"Microsoft Teams" is part of Microsoft Office 365 and a service offered by a European subsidiary of Microsoft Corporation based in the USA. Data processing with Office 365 is based on the Microsoft EU Data Boundary on servers in data centres in the European Union in Ireland and the Netherlands.
However, we cannot completely exclude the possibility that Microsoft Corporation or US security authorities may have access to the circumstances and content of communications via Microsoft Teams. Microsoft Corporation may also have access to the data in the context of remote maintenance. For this access purpose, we have implemented the "Customer Lock Box" functionality in Office 365. Each access requested in the context of remote maintenance is thereby checked by us in each individual case. If authorised by us, such access may also be provided by Microsoft affiliates from outside the European Union. However, where data may also be processed by Microsoft outside the EU, we take appropriate and reasonable steps to ensure an adequate level of data protection, for example by entering into so-called EU standard contractual clauses.
Microsoft reserves the right to process usage data for its own legitimate business purposes. We have no influence on this data processing by Microsoft. To the extent that "Microsoft Teams" processes personal data in connection with legitimate business purposes, Microsoft is the independent data controller for those data processing activities and, as such, is responsible for compliance with all applicable data protection regulations. If you require information about Microsoft's processing, please refer to the relevant Microsoft statement or contact Microsoft directly. Information on this can be found here:
https://privacy.microsoft.com/en-us/privacystatement
https://learn.microsoft.com/en-us/microsoftteams/teams-privacy
We process your personal data only as long as it is necessary for the fulfilment of the processing purposes described above. If the data is no longer necessary for the fulfilment of the processing purposes described above, it shall be deleted unless its further processing - for a limited period of time - is necessary for the following purposes:
The following processing operations are stored for an explicitly defined period of time:
As a data subject, you have the right to access pursuant to Article 15 GDPR. In the case of a request that is not made in writing, we may ask you to provide supplementary proof of your identity by another means. You also have the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR and the right to data portability under Article 20 GDPR. With respect to the right to access and the right to erasure, the limitations set forth in Sections 34 and 35 BDSG apply. You also have the right to lodge a complaint with a responsible data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).
You also have the right to object under Article 21 GDPR and you may object to the processing of personal data on the basis of Article 6 para. 1 lit. e or f GDPR at any time without giving reasons.
Gender-neutral wording: For reasons of better readability, we use the generic masculine in our texts. However, all genders are always addressed.