Data Privacy Statement
We are delighted that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you about which of your personal data we collect when you visit our website and for what purposes it is used. Personal data refers to individual details about the personal or factual circumstances of an identified or identifiable natural person (data subject), e.g. name, address, email addresses, user behaviour. This is therefore data that we can use to identify you. In addition, you will also find occasional information here about data processing procedures outside this website (e.g. video conferences or newsletters).
Responsible for data processing
Responsible
For the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
bene pharmaChem GmbH & Co. KG
Bayerwaldstr. 7-9
82538 Geretsried
Telephone: +49 (0)8171 98 25 -0
Email: info@bene-pharmachem.de
Data Protection Officer
exkulpa gmbh
Waldfeuchterstr. 266
52525 Heinsberg
Telephone: 02452 / 99 33 11
Email datenschutz@bene-pharmachem.de
General information
In addition to the data that you actively provide to us on this page (e.g. via our contact form), we collect some technical data. This so-called metadata is automatically transmitted from your computer to our servers as soon as you enter our website (including browser, operating system or timestamp). We use this data to ensure that our website is displayed correctly. In addition, we may collect data via integrated third-party providers (e.g. for external media such as map services or analysis tools). We will explain the individual purposes and legal bases in the course of this privacy policy.
Storage period
Unless a separate storage period is specified in this privacy policy, we will store your personal data for as long as the purpose of data processing exists. If you contact us with a legitimate request for deletion or revoke your consent, we will delete your data. Statutory retention obligations remain unaffected.
Legal basis for data processing
If you have consented to data processing, your personal data will be processed on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR if special categories of data are processed in accordance with Art. 9 (1) GDPR. If you have expressly consented to the transfer of personal data to third countries, the data will also be processed in accordance with Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g. through device fingerprinting), data processing will also take place on the basis of Section 25(1) TDDDG. Your consent can be revoked at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data in accordance with Art. 6 (1) lit. b GDPR. In addition, we process your data if this is necessary to fulfil a legal obligation, on the basis of Art. 6 (1) lit. c GDPR. Data processing may also take place on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. In the following sections of this privacy policy, you will be informed about the respective legal basis in individual cases.
Note on data transfer to third countries and US companies without DPF certification
Please note that we use tools from companies based in third countries or the US that are not covered by the EU-US Privacy Shield Framework (DPF) and where data protection is not guaranteed. When using these tools, your personal data may be transferred to these countries and processed there. Please note that in these third countries, a level of data protection comparable to that in the EU cannot be guaranteed.
We would like to clarify that the USA generally offers a level of data protection comparable to that of the EU. The transfer of data to the USA is permitted if the recipient has DPF certification or provides appropriate additional safeguards. Information about data transfers to third countries, including data recipients, can be found in our privacy policy.
Automated decision-making
Your personal data will not be processed for the purpose of automated decision-making.
Your rights
As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:
- Right of access: You have the right to request confirmation from us as to whether your personal data is being processed and, if so, to receive further information about the processing and copies of the data being processed (Art. 15 GDPR).
- Right to rectification: You have the right to request the immediate rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).
- Right to erasure: You have the right to request the immediate erasure of personal data concerning you if the legal requirements are met, in particular if the data is no longer necessary for the purposes pursued and the processing is unlawful (Art. 17 GDPR).
- Right to restriction of processing: You have the right to request that we restrict the processing of your personal data if the legal requirements are met, in particular if you dispute the accuracy of the data, the processing is unlawful and you refuse to have it erased (Art. 18 GDPR).
- Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided that this is technically feasible (Art. 20 GDPR).
- Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, if the processing is based on Art. 6(1)(e) or (f) GDPR (Art. 21 GDPR).
- Right to withdraw consent: You have the right to withdraw your consent to the processing of personal data at any time with effect for the future. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of your consent until withdrawal (Art. 7(3) GDPR).
Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR (Art. 77 GDPR).
Further data processing procedures
General information obligations
This information is intended for customers, interested parties, suppliers and employees. We process your personal data for the following purposes:
- To fulfil our contractual obligations to you (Art. 6(1)(b) GDPR).
- To perform pre-contractual obligations (Art. 6(1)(b) GDPR).
- To respond to enquiries (Art. 6(1)(b) GDPR).
- If you have given us your consent to process your personal data for specific purposes (e.g. to receive our newsletter), data processing will take place on the basis of your consent (Art. 6(1)(a) GDPR).
- To fulfil legal obligations to which our company is subject (Art. 6(1)(c) GDPR).
- Where necessary, we also process your data to protect our legitimate interests, in particular to assert legal claims and defend ourselves in legal disputes or to ensure IT security, to consult and exchange data with credit agencies to determine creditworthiness and default risks, for direct marketing and market research, provided you have not objected to the use of your data for this purpose, for measures relating to business management and the further development of services and products, for measures relating to product and sales optimisation, for measures relating to risk management, for the prevention or investigation of criminal offences (Art. 6(1)(f) GDPR).
Categories of recipients of personal data
Within our company, only those employees who absolutely need the data to perform their tasks have access to it (need-to-know principle). Individual processes and services are carried out by carefully selected service providers based within the EEA who are commissioned in accordance with data protection regulations. If service providers commissioned by us have access to personal data in the course of performing their services, data processing agreements have been concluded with them in accordance with Art. 28(3) GDPR.
Duration of data storage
The data we process is stored for the duration of the existence and execution of the contractual relationship and in compliance with statutory retention periods. These are, in particular, commercial and tax law retention obligations under the German Commercial Code (HGB) and the German Fiscal Code (AO). The regular retention and documentation periods are up to ten years. If no contractual relationship is established, we only process the data for as long as the specific purpose requires.
Cookies
Cookies are small text files that are stored by your browser on your device to store certain information during your use of the website. Cookies enable us to improve various aspects of our website and make your visit more convenient.
There are different types of cookies that serve different purposes. Temporary cookies, also known as session cookies, are only stored for the duration of your use of the website and are automatically deleted when you close your browser. Persistent cookies, on the other hand, remain stored on your device for a longer period of time and enable us to recognise you and your preferences when you visit the website again.
Cookies can also be divided into first-party cookies and third-party cookies. First-party cookies are set by our website, while third-party cookies are set by other websites or service providers whose content is integrated into our website, such as plugins or analysis tools.
Cookies are used for various purposes, for example to ensure the functionality of the website, to store user settings, to compile anonymous statistics on user behaviour or to display personalised content and advertising. The legal basis for the use of cookies varies depending on the purpose of the cookies. In some cases, the setting of cookies is based on your legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in order to make our website functional and user-friendly. As a website operator, we have a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of our services. If we obtain your consent for the use of cookies, processing is based on Art. 6 (1) lit. a GDPR in conjunction with § 25 (1) TDDDG. Your consent can be revoked at any time.
Data processing in detail
Below, we provide information about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data and the respective storage period. There is no automated decision-making in individual cases, including profiling.
Provision of the website
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the file accessed
- Website from which access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf for the purpose of providing the website in accordance with Art. 28 GDPR.
The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast and efficient provision of our online offering by a professional provider (Art. 6(1)(f) GDPR).
We use the following host:
SpaceNet AG
Joseph-Dollinger-Bogen 14
80807 Munich
Contact form
Type and scope of processing
When you send us enquiries (e.g. via the contact form, email or telephone), we store all the data contained therein (e.g. name, email address, subject of the enquiry, etc.). We need this data to process your enquiry and to be able to answer any follow-up questions. We will not pass on this data without your consent.
Purpose and legal basis
This data is processed on the basis of Art. 6 (1) (b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, the processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if you have given it beforehand.
Storage period
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for data storage no longer applies (e.g. after your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Contact form for applicants
Type and scope of processing
We collect and process the personal data of applicants. The relevant data processing may also be carried out electronically, for example when applicants send us their application documents by email or via a web form on our website. On our website, we offer you the option of sending us applications for advertised job vacancies by email.
Purpose and legal basis
We process the personal data of applicants in accordance with the legal requirements for the purpose of initiating an employment relationship (Art. 6 (1) (b) GDPR). You are not obliged to provide us with this data. However, without this data, we cannot carry out an application process with you.
If your application is successful, the data you submit will be stored in our data processing systems on the basis of Art. 6 (1) (b) GDPR and, if you provide us with special categories of personal data such as health information, on the basis of Art. 9 (2) (b) for the purpose of implementing the employment relationship.
We also use the professional networks LinkedIn and XING to contact potential applicants. The operators of these networks act as processors for us in accordance with our instructions. The legal basis for data processing when contacting potential applicants on our behalf is Article 6(1)(f) GDPR (our legitimate interests). If you send us your application as a result of such an approach, we will process your data for the purpose of initiating an employment relationship as described above on the basis of Art. 6 para. 1 lit. b GDPR.
Storage period
In the event of rejection, your data will be stored for a period of 6 months after the end of the application process. This is done to protect our legitimate interests in order to check whether we need the data to defend against any claims in connection with the application process. We are then obliged to delete or anonymise your data. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (e.g. proportion of female or male applicants, number of applications per period, etc.).
If it is apparent that further storage of the data is necessary after the expiry of the 6-month period to safeguard our legitimate interests (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies. The legal basis for this further data storage is our legitimate interests in asserting, exercising or defending civil law claims (Art. 6(1)(f) GDPR in conjunction with Section 24(1)(2) BDSG or, insofar as special categories of personal data are stored, Art. 9 (2) (f) GDPR in conjunction with § 24 (2) BDSG).
Inclusion in the applicant pool
As part of the application process, we offer applicants the opportunity to be included in our "talent pool" for a period of 24 months on the basis of consent within the meaning of Art. 6 (1) (a), Art. 9 (2) (a) GDPR. If you have provided special categories of personal data in your application, such as health information, your consent also extends to this data. You are not obliged to provide us with your application data for our talent pool. However, without this data, we cannot consider you for future vacancies unless you submit a new application.
Consent to the inclusion of application data in the talent pool is voluntary and can be revoked at any time for the future. Revocation of consent does not affect the lawfulness of data processing carried out on the basis of consent prior to revocation.
Your application documents will be deleted from the talent pool at the latest after the expiry of the storage period or in the event of revocation or acceptance of a job offer from one of the companies responsible for the talent pool.
If you receive an offer of employment from us during the application process and accept it, we or this company will store the personal data collected during the application process for the purpose of implementing the employment relationship. The legal basis for this data processing is Art. 6 (1) (b) GDPR or, if you provide us with special categories of personal data such as health information, Art. 9 (2) (b).
Video conferences
Data processing
We use online conferencing tools to communicate with our customers. The specific tools we use are listed below. When you communicate with us via video or audio conference, your personal data is collected and processed by us and the provider of the respective tool.
The tools collect the data you provide, including your email address and telephone number. They also process the duration of the conference, when you participated in the conference, the number of participants and other metadata.
In addition, the provider of the tool processes all technical data necessary to conduct the conference. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.
When you share content in this service, it is stored on the providers' servers. This includes cloud recordings, chat messages, voice messages, and photos and videos that you have shared while using this service.
Please note that we do not have full control over the data processing operations of the tools used. For more information on data processing by the conference tools, please refer to the privacy policies of the respective tools used.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6(1)(f) GDPR). If you have previously given your consent to data processing, the processing of your data will take place solely on the basis of Art. 6 (1) (a) GDPR; consent can be revoked at any time.
Storage period
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to its storage or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal retention periods remain unaffected.
We have no influence on the storage period of your data stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Services and tools used
Google Maps
Type and scope of data processing
This website uses Google Maps. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions, it is necessary to store your IP address. As a rule, the information is transferred to a Google server and stored at . The provider of this website has no influence on this data transfer. If Google Maps is activated, Google may use web fonts for the purpose of uniform font display. When you call up Google Maps, your browser loads the required fonts into your browser cache so that the fonts are displayed correctly.
Legal basis
The use of Google Maps is based on our legitimate interest in an appealing presentation of our online offerings and in making it easy to find the locations we specify (Art. 6 para. 1 lit. f GDPR). If consent has been requested, the data will be processed exclusively on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG. This consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission: https://business.safety.google/gdprcontrollerterms/sccs/ and https://business.safety.google/gdprcontrollerterms/.
Google's privacy policy can be found here: https://policies.google.com/privacy?hl=de.
The company is certified under the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards. Further information is available at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Google Fonts
Type and scope of data processing
This website uses web fonts provided by Google to ensure uniform font display. When you visit the site, your browser loads the required web fonts into your browser cache so that texts and fonts are displayed correctly. To do this, the browser you are using connects to Google's servers. Google thereby obtains knowledge of your IP address.
Legal basis
The use of Google web fonts is based on our legitimate interest in a uniform presentation of the typeface on our website (Art. 6 para. 1 lit. f GDPR). If corresponding consent has been requested (e.g. consent to the storage of cookies), the data will be processed exclusively on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG. This consent can be revoked at any time. If your browser does not support web fonts, a standard font from your computer will be used. Further information on Google Web Fonts can be found here: https://developers.google.com/fonts/faq. Google's privacy policy can be found here: https://policies.google.com/privacy?hl=de.
The company is certified under the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US . DPF certification requires companies to comply with these data protection standards. For more information, please visit: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Cloudflare Turnstile
Type and scope of processing
We have integrated components from Cloudflare Turnstile into our website. Cloudflare Turnstile is a service provided by Cloudflare, Inc. that enables us to distinguish whether requests originate from a natural person or are automated by a programme. When you access our website, you establish a connection to Cloudflare, Inc. servers, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. Cloudflare Turnstile also records the user's dwell time and mouse movements in order to distinguish automated requests from human ones. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Cloudflare Turnstile.
Purpose and legal basis
The use of Cloudflare Turnstile is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG
The company is certified under the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards when processing data in the United States. Certification under the DPF requires companies to comply with these data protection standards.
Storage period
We have no influence on the specific storage period of the processed data; this is determined by Cloudflare, Inc. Further information can be found in the privacy policy for Cloudflare Turnstile: https://www.cloudflare.com/privacypolicy/.
Matomo
Our website uses services and functions of the open source web analysis service Matomo (formerly Piwik) to analyse the user behaviour of our website visitors.
Type and scope of data processing
With the help of Matomo, we can determine, for example, at what times and from what location visitors viewed certain pages. We also collect and store data such as IP addresses, browsers used and operating systems. This information helps us to understand what actions you have taken on our website (e.g. clicked on certain pages, made purchases, etc.). Matomo uses technologies (such as cookies or fingerprinting systems) to recognise visitors when they return to our website. The information collected by Matomo about the use of this website is stored on our server. Your IP address is anonymised before it is stored.
Legal basis
The processing of personal data is based on Art. 6 (1) lit. f GDPR and §25 (1) TDDDG, as we have a legitimate interest in analysing website usage in order to optimise our online presence and offerings. If you have given your consent to data processing by Matomo on this website, the processing of your data is based on Art. 6 (1) lit. a GDPR and §25 (1) TDDDG. You can revoke your consent at any time.
IP anonymisation
When using Matomo on this website, we use a function that shortens your IP address before analysis. This means that it can no longer be clearly assigned to you.
Hosting
The data collected through the analysis is not passed on to third parties, as we host Matomo exclusively on our own servers.