DATA PRIVACY POLICY
1. INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA
(1) In the following we inform you about the collection of personal data when using our website. Personal data are all data that can be related to you personally, e.g. name, address, email addresses, user behavior.
(2) Responsible body according to Art. 4 Para. 7 General Data Protection Regulation (GDPR) is:
RICHTER BIOLOGICS GMBH
Dengelsberg
24796 Bovenau
Tel.: +49 4331 1230 101Fax: +49 4331 1230 100
info@richterbiologics.eu
Headquarters / Office:
Suhrenkamp 59
22335 Hamburg
Telefon: +49 40 55290-801Fax: +49 40 55290-888
info@richterbiologics.eu
(3) When you contact us by e-mail, the data you provide (your e-mail address, possibly your name and telephone number) will be saved by us in order to answer your questions. We delete the data that arises in this context after storage is no longer required, or we restrict processing if there are statutory retention requirements.
(4) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes.
2. YOUR RIGHTS
(1) You have the following rights with regard to your personal data:
– right to information,
– right to correction or deletion,
– right to restriction of processing,
– right to object to processing,
– right to withdraw consent to processing if you have given your consent
– right to data portability.
(2) You also have the right to complain to a data protection supervisory authority (see below) about the processing of your personal data.
3. COLLECTION OF PERSONAL DATA WHEN YOU VISIT OUR WEBSITE
(1) If you only use the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
– IP address
– the date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)- content of the request (specific page)
– Access status / HTTP status code- Amount of data transferred in each case
– Website from which the request came
– browser
– Operating system and its interface
– Language and version of the browser software.
The storage period is 14 days. The legal basis is Art. 6 Para. 1 f GDPR; Our legitimate interest is to ensure the stability and security of our systems.
Further informations: https://www.mittwald.de/faq/service-informationen
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which certain information flows to the place that sets the cookie.
(3) Use of cookies:
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
– Transient cookies (see b)
– Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These save a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie. You can delete cookies at any time in the security settings of your browser.
d) You can configure your browser settings according to your wishes and z. B. reject the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of this website.
e) We use cookies in order to be able to identify you for subsequent visits. Otherwise you would have to log in again for each visit.
We use a consent manager (cookie notice banner) to provide legally compliant information and to query your preferences.This serves to comply with the legal obligations to provide evidence, such as B. the storage of the consent or, if you do not consent, the non-consent.
Use of Borlabs Consent Manager
We use Borlabs. We use the “Borlabs” function to inform you about the use of cookies on our website and enable you to make a decision about their use.If you give your consent to the use of cookies, the following data is automatically logged:
– The anonymized IP number of the user;
– the date and time of consent;
– User agent of the end-user’s browser;
– The URL of the provider;
– An anonymous, random and encrypted key.
– The permitted cookies of the user (cookie status), which serves as proof of consent.
The encrypted key and the cookie status are stored on the user’s terminal device using a cookie in order to establish the corresponding cookie status for future page views. This cookie is automatically deleted after 12 months.The legal basis for using the Consent Manager is Article 6 Paragraph 1 f GDPR (weighing of interests) in conjunction with Article 6 Paragraph 1 c GDPR (obligation to provide evidence).
Borlabs offers further information under this link: https://de.borlabs.io/kbtopic/borlabs-cookie/
Consent history:
4. CONTACT FORM
5. INTEGRATION OF SERVICES AND SOCIAL MEDIA
We use websites in social networks to communicate with customers, interested parties and users who are active there and to be able to inform them about us. It is possible that user data is also processed outside of the European Union. The US is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. There could be risks for the user because z. B. the enforceability of own rights can be difficult. Furthermore, user data may be processed for analysis purposes. In this way, profiles can be created from user behavior and the interests of the user derived from it. These profiles can be used to e.g. B. To place advertisements inside and outside the platforms that are likely to meet the interests of the users. For these purposes, cookies may be stored on the user’s computer, through which the usage behavior, the interests of the user and / or the length of stay are saved. In the case of requests for information and the assertion of user rights, we point out that these can be most effectively asserted with the respective providers. Only the providers have access to the relevant user data and can take appropriate measures directly and provide specific information. For a detailed description of the respective processing, we refer to the following information on the respective providers. LinkedIN We have integrated a link to the LinkedIn network platform on our website.The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. Details on how they handle your personal data can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy. Matomo We use the “Matomo” software (www.matomo.org) on this website if you have given us your consent to do so on the banner. The website operator uses the open source tool “Matomo” from InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand for statistical analysis. Matomo is deactivated when you visit our website. Matomo stores cookies on your device. These are text files that are saved on your computer and that enable the website operator to analyze the use of his website. For this purpose, the information obtained by the cookie about usage is transferred to the website operator’s server and saved so that usage behavior can be evaluated. Your IP address will be anonymized immediately. The website operator would like to further improve the website and adapt it even more to the needs of the users. The following information is collected and stored on the server of our website host Mittwald:- IP address of the calling system of the user
- the website accessed
- the website from which the user came to the accessed website (referrer),
- the URL with the anonymized IP address is saved
- the sub-pages that are accessed from the accessed website
- the length of time spent on the website- the frequency with which the website is accessed.
6. APPLICATIONS
You can use our applicant management tool provided by d.vinci HR-Systems GmbH to apply directly to us online for an advertised vacancy or on your own initiative (as of February 16, 2026). If you send us an application, we process the associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Art. 6 Abs. 1 lit. b) DSGVO (contract initiation) and – if you have given consent – Art. 6 Abs. 1 lit. a) DSGVO. Consent may be withdrawn at any time. Within our company, your personal data is only shared with persons involved in processing your application. If the application is successful, the data you have provided will be stored in our data processing systems for the purpose of carrying out the employment relationship on the basis of Art. 6 Abs. 1 lit. b) DSGVO. If special categories of personal data pursuant to Art. 9 DSGVO are processed (e.g. health data), the legal basis is § 26 Abs. 3 BDSG bzw. Art. 9 Abs. 2 lit. b) DSGVO in conjunction with Art. 6 Abs. 1 lit. b) DSGVOWe process your data using the applicant management tool provided by d.vinci HR-Systems GmbH. After receiving your application, it is reviewed by the individuals responsible for recruitment. Suitable applications are then forwarded internally to the department managers responsible for the respective open position. The next steps are then coordinated. Within the company, only those persons who need access to your data for the proper execution of our application process have access to it. The works councils at the respective locations may access the application data within the scope of their statutory duties. Furthermore, the data may be passed on to the representatives for severely disabled persons if you have indicated that you have a severe disability.
If we are unable to offer you a position, if you decline a job offer, or if you withdraw your application, we reserve the right to store the data you have submitted based on our legitimate interests (Art. 6 Abs. 1 lit. f) DSGVO) for up to 6 months from the end of the application process (rejection or withdrawal). The data will then be deleted and the physical application documents destroyed. The data is stored primarily for evidence purposes in the event of a legal dispute. If it is apparent that the data will be required after the six-month period has expired (e.g., due to an impending or pending legal dispute), deletion will only take place once the purpose for further storage no longer applies. Data may also be stored for longer if you have given your consent (Art. 6 Abs. 1 lit. a) DSGVO) or if statutory retention obligations prevent deletion.
If we do not offer you a position, there is the possibility of adding you to our talent pool. If you are added to the talent pool, all documents and information from your application will be transferred to the talent pool so that we can contact you if a suitable vacancy arises. You will only be added to the talent pool with your explicit consent (Art. 6 Abs. 1 lit. a) DSGVO). Providing consent is voluntary and unrelated to the ongoing application process. You may withdraw your consent at any time. In this case, the data in the talent pool will be permanently deleted unless legal reasons require retention.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. It is technically impossible to completely protect data from access by third parties. Alternatively, you can access our secure application platform via the embedded software tools on our websites. The data processing notices for this platform are provided for each position we offer.
Supplementary Information on the Processing of Personal Data Not Collected from the Data Subject (Art. 14 GDPR)
If we process personal data during the application process that we have not received directly from you, the following additional information applies: Data categories that we may process in this context include information about you that is publicly available on the internet or can be researched via social media platforms (e.g., from professional networks such as LinkedIn or XING). Furthermore, it may be data about previous employment relationships or data about you that is transmitted to us by employees as part of our employee referral program. The legal basis for this data processing is Art. 6 Abs. 1 lit. f) DSGVO, whereby our interest lies in identifying the most suitable applicants for the respective positions. If we process personal data about you that we have not collected from you directly, we will inform you separately about the source of the personal data unless you already have this information. For all other information required under Art. 14 DSGVO, please refer to the information provided in this privacy policy.
7. DATA SECURITY
We safeguard our website and other systems by employing appropriate technical and administrative measures against the loss, destruction, access, alteration or dissemination of your data by unauthorised persons. But despite regular monitoring, complete protection against all threats is not possible. Our website uses the industry standard SSL (secure sockets layer) encryption. This ensures the confidentiality of your personal information over the Internet. You can tell if a transmission is encrypted by the closed lock symbol in your browser’s address bar. We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is technically not possible.8. SHARING OF DATA
We will share your personal data with third parties only – if you have expressly consented to this pursuant to point (a) of Article 6(1)(a) GDPR; – if the data are being shared to fulfil contractual obligations pursuant to point (b) of Article 6(1) GDPR; – if we are legally required to share the data within the meaning of point (c) of Article 6(1) GDPR; – if sharing the data is in the public interest within the meaning of point (e) of Article 6(1) GDPR; – if sharing the data is necessary within the meaning of point (f) of Article 6(1) GDPR to protect our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests which require protection of personal data.9. DATA CATEGORIES
We process the following categories of data: master data (such as company, contact person if appl., address), communications data, contract data, accounts receivable data, if applicable payment and default information. See the above information for more on this. Processor We use IT service providers who work exclusively on our behalf and subject to instructions (order processing) to provide the service offered, e.g. hosting this website or operating our IT. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly Third-party recipients In order to satisfactorily handle your issue, we may have to send your personal data to third-party recipients. Third-party recipients may be companies in the Gedeon Richter Group, our suppliers, shipping and logistics partners, trading partners and service providers.10. PERIOD FOR STORING PERSONAL DATA
Your data will be stored by us as long as needed for the corresponding underlying reasons for the processing. Furthermore, we will store data only if we are legally obligated to do so, e.g. by a records retention requirement under law.11. INFORMATION ABOUT THE RIGHT TO OBJECT
An objection to the processing of personal data concerning you, on the basis of point (e) of Article 6(1) (data product in the public interest) or of point (f) (data processing to safeguard legitimate interests on the basis of the weighing the interests) is possible at any time pursuant to Article 21 GDPR. If there is an objection, the personal data will no longer be processed unless compelling legitimate grounds for the processing have been demonstrated which override the interests, rights and freedoms of the data subject or the processing serves the establishment, exercise or defence of legal claims. Please address your objection to the responsible body named under point 1.12. INFORMATION ABOUT THE RIGHT TO WITHDRAW CONSENT
If you have given us consent to process personal data, you can withdraw this consent at any time. Naturally, this also applies to consent given to us before 25 May 2018 (before the GDPR went into force). The withdrawal of consent is valid only the future. The legality of the processing is not removed by a withdrawal of consent. Please address your objection to the responsible body named under point 1.13. CURRENTNESS
This data protection statement is dated 25 May 2018. It is the current, valid version of our data protection statement. Please note, however, that it may become necessary to revise this data protection policy from time to time due to actual or statutory changes.