DATA PROTECTION DECLARATION
Thank you for your confidence in us and your interest in working with us.
As part of our daily job we take the protection of your personal data very seriously. It is important to us that we protect your privacy and that of our business partners and clients. We therefore treat your personal data confidentially and in accordance with the applicable data-protection regulations of the General Data Protection Regulation (GDPR).
We process only data that we need for our services and carefully handle the information we have collected from you. We never make your data available to third parties for commercial purposes.
This document describes the different types of information we obtain from you, how we use this information, and how you can change and update it.
For the below mentioned forms of processing, Phortas is the Controller, unless otherwise mentioned. If you have questions regarding this declaration or about the privacy practices of Phortas or you wish to exercise you privacy rights under the GDPR, please contact us by email at or at:
52062, Aachen, Germany
Tel: +49 (0) 241 942 69 101
2. FORMS OF PROCESSING AND THEIR PURPOSES
When Phortas collects personal data directly from visitors to this site, job applicants, business partners, its customers and suppliers we act as a controller. As a controller we inform data subjects about the purpose for which we collect and use their personal data with this declaration.
2.1 Visitors of our website
We only use your data for the benefit of our services. This means that the purpose of the processing is always directly related to the assignment you provide. We do not use your data for (targeted) marketing. Your information will not be shared with third parties, other than to comply with accounting and other administrative obligations. These third parties have all been kept confidential and pledged themselves to keep your data confidential based on the agreement between them and us.
Data that is automatically collected by our website is processed with the aim of further improving our services. Where appropriate, Phortas can be requested, based on a legal obligation, to share your data in connection with governmental or government criminal investigation. In such a case, we are forced to share your data, but we will oppose this within the possibilities that the law offers us.
2.1.1 When using our contact form
We offer you the opportunity to contact us using the contact form provided on the website. A valid e-mail address is required so that we know who has sent the request and to allow us to respond. Supplementary information can be provided voluntarily. The data will be processed for the purpose of contacting you according to Art. 6 §1 of the GDPR on the basis of your voluntary consent. Your business contact information which is collected by the contact form is not used for any other purposes (i.e. promotional communication or targeted marketing).
2.2 Job Applicants and Freelance Consultants
Phortas provides consultancy services for the biotechnology, (bio) pharmaceutical and pharmaceutical industry. We receive CV’s that contain personal data from job applicants and freelance consultants. If you are rejected as a job applicant, we will delete your CV and personal data within 4 weeks. We may request your consent in order to preserve your application data for up to one year. For freelance consultants, we will keep your CV and personal data on file, with your consent, for a period of up to 5 years. We perform this processing under a legitimate interest of Phortas and in order to be able to enter into a possible contract with relevant freelance consultants.
2.3 Client and Suppliers Data
For management of clients, suppliers and its related contracts, we only collect names and professional personal data on the employees of our customers and suppliers. This information is not provided to any third party, except when necessary to perform our obligations under our contract with our customer or supplier.
3. THIRD PARTY PROCESSING
Except as described in this Declaration, Phortas will not give, sell, rent or loan any personal data to any third party. We may disclose such information under a legal requirement to do so or to exercise our legal rights (for example legal claims or to investigate, prevent, or take action regarding illegal activities).
The information stored in the cookie is specific to the device used during each individual session. However, this does not mean that we are aware of your identity.
The data processed by cookies is required for the mentioned purposes in order to protect our legitimate interests and those of third parties pursuant to Art. 6 §1 of the GDPR. Most browsers automatically accept cookies.
5. ANALYSIS TOOLS
5.1 Tracking tools
The tracking tools listed below are used by us and carried out on the basis of Art. 6 §1 of the GDPR. With the tracking tools used, we want to ensure that our website is designed to meet requirements and is continually optimized.
We use the tracking measures to statistically record the use of our website and to evaluate page visits for the purpose of optimizing our offer. These interests are considered justified and are in accordance with the before mentioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
5.1.1 Google Analytics
For the purpose of continuous optimization of our web-pages, we use Google Analytics, a web analysis service provided by Google Inc. ( (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”).
In this context, pseudonymised user profiles are created and cookies (see point 4) are used. The information generated by the cookie about your use of this website such as;
the operating system used
Host name of the accessing computer (IP address)
Time of the server request
are transferred to a Google server located in the U.S. and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages.
This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment to a specific individual is not possible (IP masking).
If you delete the cookies in this browser, you must set the opt-out cookie again. Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (
6. SOCIAL MEDIA PLUG-INS
We use social media plug-in of the social network LinkedIn on our website on the basis of Art. 6 §1 of the GDPR in order to raise the awareness of our company. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation must be guaranteed by the respective provider.
Our website uses social media plug-ins from LinkedIn to personalize their use.
When you access a page on our website that contains such a plug-in, your browser establishes a direct connection to LinkedIn. The content of the plug-in is transmitted directly from LinkedIn to your browser and integrated into the website. By integrating the plug-ins, LinkedIn receives the information that your browser contains the corresponding page of our website, even if you do not have a LinkedIn account or are not currently logged in to LinkedIn. This information (including your IP address) is transmitted directly from your browser to a LinkedIn server located in the U.S. and stored there.
If you are logged on to LinkedIn, LinkedIn can directly associate your visit to our website with your LinkedIn account.
LinkedIn may use this information for the purposes of advertising, market research and demand-oriented design of LinkedIn pages. Hereto, LinkedIn creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on LinkedIn, to inform other LinkedIn users about your activities on our website and to provide other services associated with the use of LinkedIn.
If you do not want LinkedIn to associate the information collected through our website with your account, you must log out of LinkedIn before visiting our website.
7. RIGHTS OF THE DATA SUBJECT
You have the right:
To request information about your personal data processed by us in accordance with Art. 15 of the GDPR;
In accordance with Art. 16 of the GDPR you can demand without delay the correction of incorrect or incomplete personal data stored by us;
In accordance with Art. 18 of the GDPR, to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing in accordance with Art. 21 of the GDPR;
In accordance with Art. 20 of the GDPR, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible;
To request the deletion of your personal data stored with us in accordance with Art. 17 of the GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
In accordance with Art. 7 § 3 of the GDPR, you can revoke your consent to us at any time. As a result, we will no longer process data based on this consent
To complain to a supervisory authority pursuant to Art. 77 of the GDPR.
8. DATA SECURITY
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties.
9. CHANGES TO THIS DATA PROTECTION DECLARATION
This data protection declaration is currently valid and effective as of May 2018.
Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to amend this data protection declaration. You can access and print the most current data protection declaration at any time on the website at