Data Protection

DATA PROTECTION

DATA PROTECTION DECLARATION

INTRODUCTION

Thank you for your confidence in us and your interest in working with us.

As part of our daily job we take the protection of your personal data very seriously. It is important to us that we protect your privacy and that of our business partners and clients. We therefore treat your personal data confidentially and in accordance with the applicable data-protection regulations of the General Data Protection Regulation (GDPR).

We process only data that we need for our services and carefully handle the information we have collected from you. We never make your data available to third parties for commercial purposes.

This document describes the different types of information we obtain from you, how we use this information, and how you can change and update it.

For the below mentioned forms of processing, Phortas is the Controller, unless otherwise mentioned. If you have questions regarding this declaration or about the privacy practices of Phortas or you wish to exercise you privacy rights under the GDPR, please contact us by email at info@phortas.com or at:

Phortas GmbH

Mariahilfstr. 16

52062, Aachen, Germany

Tel: +49 (0) 241 942 69 101

Email: info@phortas.com

2. FORMS OF PROCESSING AND THEIR PURPOSES

When Phortas collects personal data directly from visitors to this site, job applicants, business partners, its customers and suppliers we act as a controller. As a controller we inform data subjects about the purpose for which we collect and use their personal data with this declaration.

2.1 Visitors of our website

We only use your data for the benefit of our services. This means that the purpose of the processing is always directly related to the assignment you provide. We do not use your data for (targeted) marketing. Your information will not be shared with third parties, other than to comply with accounting and other administrative obligations. These third parties have all been kept confidential and pledged themselves to keep your data confidential based on the agreement between them and us.

Data that is automatically collected by our website is processed with the aim of further improving our services. Where appropriate, Phortas can be requested, based on a legal obligation, to share your data in connection with governmental or government criminal investigation. In such a case, we are forced to share your data, but we will oppose this within the possibilities that the law offers us.

2.1.1 When using our contact form

We offer you the opportunity to contact us using the contact form provided on the website. A valid e-mail address is required so that we know who has sent the request and to allow us to respond. Supplementary information can be provided voluntarily. The data will be processed for the purpose of contacting you according to Art. 6 §1 of the GDPR on the basis of your voluntary consent. Your business contact information which is collected by the contact form is not used for any other purposes (i.e. promotional communication or targeted marketing).

2.2 Job Applicants and Freelance Consultants

Phortas provides consultancy services for the biotechnology, (bio) pharmaceutical and pharmaceutical industry. We receive CV’s that contain personal data from job applicants and freelance consultants. If you are rejected as a job applicant, we will delete your CV and personal data within 4 weeks. We may request your consent in order to preserve your application data for up to one year. For freelance consultants, we will keep your CV and personal data on file, with your consent, for a period of up to 5 years. We perform this processing under a legitimate interest of Phortas and in order to be able to enter into a possible contract with relevant freelance consultants.

2.3 Client and Suppliers Data

For management of clients, suppliers and its related contracts, we only collect names and professional personal data on the employees of our customers and suppliers. This information is not provided to any third party, except when necessary to perform our obligations under our contract with our customer or supplier.

3. THIRD PARTY PROCESSING

Except as described in this Declaration, Phortas will not give, sell, rent or loan any personal data to any third party. We may disclose such information under a legal requirement to do so or to exercise our legal rights (for example legal claims or to investigate, prevent, or take action regarding illegal activities).

4. COOKIES

We use cookies on our website. These are files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site.

The information stored in the cookie is specific to the device used during each individual session. However, this does not mean that we are aware of your identity.

The use of cookies serves on the one hand to make your website visit more targeted, e.g. we use so-called session cookies to recognize that you have already visited individual pages of our website. These will be deleted automatically after leaving our site. In addition, we also use temporary cookies that are stored on your end device for a specified period of time to optimize website user-friendliness. If you revisit our site, the site will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to re-enter them.

We use cookies to statistically record the use of our website and to evaluate and continue optimization of our site (see Section 5). Cookies enable us to automatically recognize when you return to our site. These cookies are automatically deleted after a defined period of time.

The data processed by cookies is required for the mentioned purposes in order to protect our legitimate interests and those of third parties pursuant to Art. 6 §1 of the GDPR. Most browsers automatically accept cookies.

You can block the use of cookies directly in your browser configuration. However, by blocking the use of cookies you may not be able to access all parts of our website, or you may find that particular functionality is reduced or missing.

5. ANALYSIS TOOLS

5.1 Tracking tools

The tracking tools listed below are used by us and carried out on the basis of Art. 6 §1 of the GDPR. With the tracking tools used, we want to ensure that our website is designed to meet requirements and is continually optimized.

We use the tracking measures to statistically record the use of our website and to evaluate page visits for the purpose of optimizing our offer. These interests are considered justified and are in accordance with the before mentioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

5.1.1 Google Analytics

For the purpose of continuous optimization of our web-pages, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”).

In this context, pseudonymised user profiles are created and cookies (see point 4) are used. The information generated by the cookie about your use of this website such as;

Browser type/version
the operating system used
Referrer URL
Host name of the accessing computer (IP address)
Time of the server request

are transferred to a Google server located in the U.S. and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages.

This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment to a specific individual is not possible (IP masking).

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device.

If you delete the cookies in this browser, you must set the opt-out cookie again. Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).

6. SOCIAL MEDIA PLUG-INS

We use social media plug-in of the social network LinkedIn on our website on the basis of Art. 6 §1 of the GDPR in order to raise the awareness of our company. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation must be guaranteed by the respective provider.

6.1 LinkedIn

Our website uses social media plug-ins from LinkedIn to personalize their use.

When you access a page on our website that contains such a plug-in, your browser establishes a direct connection to LinkedIn. The content of the plug-in is transmitted directly from LinkedIn to your browser and integrated into the website. By integrating the plug-ins, LinkedIn receives the information that your browser contains the corresponding page of our website, even if you do not have a LinkedIn account or are not currently logged in to LinkedIn. This information (including your IP address) is transmitted directly from your browser to a LinkedIn server located in the U.S. and stored there.

If you are logged on to LinkedIn, LinkedIn can directly associate your visit to our website with your LinkedIn account.

LinkedIn may use this information for the purposes of advertising, market research and demand-oriented design of LinkedIn pages. Hereto, LinkedIn creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on LinkedIn, to inform other LinkedIn users about your activities on our website and to provide other services associated with the use of LinkedIn.

If you do not want LinkedIn to associate the information collected through our website with your account, you must log out of LinkedIn before visiting our website.

The purpose and scope of the data collection and the further processing and use of the data by LinkedIn as well as your rights and setting options for the protection of your privacy can be found in the Privacy policy https://www.linkedin.com/legal/privacy-policy) of LinkedIn.

7. RIGHTS OF THE DATA SUBJECT

You have the right:

To request information about your personal data processed by us in accordance with Art. 15 of the GDPR;
In accordance with Art. 16 of the GDPR you can demand without delay the correction of incorrect or incomplete personal data stored by us;
In accordance with Art. 18 of the GDPR, to restrict the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you refuse to delete the data and we no longer need the data, but if you need it to assert, exercise or defend legal claims or if you have filed an objection to the processing in accordance with Art. 21 of the GDPR;
In accordance with Art. 20 of the GDPR, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible;
To request the deletion of your personal data stored with us in accordance with Art. 17 of the GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
In accordance with Art. 7 § 3 of the GDPR, you can revoke your consent to us at any time. As a result, we will no longer process data based on this consent
To complain to a supervisory authority pursuant to Art. 77 of the GDPR.

8. DATA SECURITY

We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties.

9. CHANGES TO THIS DATA PROTECTION DECLARATION

This data protection declaration is currently valid and effective as of May 2018.

Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to amend this data protection declaration. You can access and print the most current data protection declaration at any time on the website at https://www.phortas.com/data-protection.