We, Kyberg experts GmbH, Keltenring 8, 82041 Oberhaching, Germany (hereinafter KyExperts) thank you for visiting our homepage. We would like to inform you in detail about the use and possible processing of your personal data when using and visiting our website and when in contact with us.
For reasons of easier readability and user friendliness, we do not use male and female denominations at the same time. The use of the male form includes the female form.
1. Definitions of terms
KyExperts' data protection policy is based on the definitions used in the European Directives and European Regulations when the General Data Protection Regulation (GDPR) was adopted. Our data protection policy is intended to be easy to read and understand for both our customers and business partners and the public, which is why we shall explain in advance the definitions of terms used below in the text of the data protection policy.
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the data subject). The natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, shall be regarded as identifiable.
Data subject is any identifiable or identified natural person whose personal data are processed by the data controller.
Processing refers to any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Pseudonymization refers to the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
Controller (or the person responsible for data processing within the meaning of Art. 4 No. 7 GDPR) refers to a natural or legal person, authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor refers to a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Third party refers to any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons authorized to process personal data under the direct responsibility of the controller or processor.
Recipient refers to a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Health Data means personal data relating to the physical or mental health of a natural person, including the provision of health care services, which reveal information about that person's health status.
This data protection declaration informs you which personal data are processed by KyExperts as defined by Art. 4 No. 2 GDPR. We will also inform you about your right to choose / object and about your rights as a data subject with regard to your personal data pursuant to Art. 12 to 23 GDPR.
We process personal data in accordance with the currently applicable national and Union law and legal requirements, in particular in compliance with Art. 6 (1) GDPR and, in the case of sensitive data, Art. 9 GDPR, as well as in compliance with the transparency requirement under Art. 5 (1) GDPR and your rights under Art. 12 ff. GDPR.
In order to protect the rights and freedoms of the data subject affected by the processing of personal data, we have implemented appropriate technical and organisational measures to comply with the current legislation on data protection.
Kyberg Experts GmbH
Managing Director: Mr. Thomas Lix
Tel.: +49 (0) 89 613 809 0
Fax.: +49 (0) 89 613 809 2199
4. Data protection officer
You can contact our data protection officer at firstname.lastname@example.org or via our postal address with the addition "For the attention of the Data Protection Officer".
5. Your rights as a data subject under GDPR
a) Your rights: As a data subject you have the following rights vis-à-vis us as the responsible party with regard to the personal data concerning you:
aa) Right to information and transparent communication (Art. 12 GDPR)
bb) Right to information when personal data are collected from the data subject (Art. 13 GDPR) or not from the data subject (14 GDPR)
cc) Right of access Art. (15 GDPR)
dd) Right to rectification Art. (16, 19 GDPR) and/or to erasure (Art. 17, 19 GDPR)
ee) Right to restriction of processing (Art. 18 GDPR)
ff) Right to object (Art. 21, 22 GDPR)
gg) Right to data portability Art. 20 GDPR
b) Information, rectification, locking, erasure:
At your request as a data subject, KyExperts will inform you at any time and free of charge about your stored personal data in accordance with Art. 13f to 22 GDPR and inform you in accordance with Art. 15 GDPR about the processing, the origin, the recipients and the purpose of the data processing. Likewise, we will immediately correct any incorrect data concerning you in accordance with Art. 16 GDPR.
The personal data of data subjects will be deleted or locked as soon as the purpose of storage no longer applies. Storage may also take place if the European or national legislator has provided for this in Union regulations, laws or other provisions to which the controller is subject. The data shall also be locked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
Due to commercial and tax law requirements, we are obliged to store address, payment and order data of our business partners for a period of ten years. If this includes personal data, the legal basis for this is Art. 6 (1) (c) GDPR.
If we have collected your consent (Art. 6 1 a GDPR) and you withdraw it, we will immediately lock or delete the associated data.
You can assert your rights as a data subject against KyExperts at any time. Please contact the data protection officer at the specified contact addresses with your request.
c) Complaints: You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
You can contact the supervisory authority responsible for us at:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27, 91522 Ansbach, Germany
6. Withdrawal of consent or objection against the processing of your data
a) If you have given your consent to the processing of your data in accordance with Art. 6 (1) (a) GDPR, you may withdraw it at any time free of charge and without reason. This also applies to consents which you have given us prior to the application of the DS-GVO. Your withdrawal will only take effect in the future. It does not affect the lawfulness of the data processing until withdrawal. Please address your request to the data protection officer at the contact addresses provided.
b) Insofar as we base the processing of your personal data on the weighing of interests in accordance with Art. 6 (1) (f) GDPR, the processing is based on a legitimate interest of us or a third party. As a data subject, you have the right to object to the processing at any time, on grounds relating to your particular situation. If you object, your personal data will no longer be processed as of the objection, unless there are compelling legitimate grounds for the data processing that outweigh your interests, rights and fundamental freedoms, or if the data processing serves the assertion, exercise or defense of our legal claims. By stating the reasons for your objection, you make it easier for us to weigh up the interests. In the event of your justified objection, we will discontinue or adjust data processing in accordance with the facts of the case and delete any stored data. Please address your request to the data protection officer at the contact addresses provided.
c) We use your personal data for advertising purposes and for data analyses insofar as we are permitted to do so under GDPR, primarily under Art. 6 (1) (a, b or f) GDPR. You may object to the processing of your personal data for advertising and data analysis purposes in accordance with Art. 21 (2) GDPR at any time. In case you object to data processing for the purpose of direct marketing, we will no longer process your personal data for this purpose. Please address your request to the data protection officer at the contact addresses provided.
7. Access to personal data by employees
Within KyExperts only those employees have access to your data who need it to fulfil their contractual obligation or due to a legal obligation. The employees are bound to secrecy.
8. Data transmission or access by third parties
a) Business partners
Within the scope of our activities, we are also dependent on external assistance such as IT service providers for the provision and maintenance of our hardware and software, print service providers, debt collection or other service personnel. Due to this integration, personal data may become known to our external service providers. We therefore ensure that our partners are appropriately obligated to maintain confidentiality and data secrecy and limit their access to personal data to a minimum. Our service providers have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly. Other data recipients may be such entities for which you have expressly given us consent to transfer data at the time of data collection or to which we are required to transfer personal due to a legal obligation.
b) Processing of payment transactions and data transmission to Kyberg Pharma Vertriebs-GmbH
KyExperts informs the data subjects about their rights and obligations through the basic SEPA direct debit issuance form; they are also informed that Kyberg Pharma Vertriebs-GmbH will collect the claims for KyExperts GmbH within the order processing. With issuance of the basic SEPA direct debit by the data subject or the authorized representative of the company, Kyberg Pharma Vertriebs-GmbH is authorized to process the data. Kyberg Pharma Vertriebs-GmbH will only disclose personal data of the data subject to third parties if this is necessary for payment processing, e.g. passing on the customer data to the house bank or, if applicable, to a debt collection company. The processing of the data is based on Art. 6 (1 a, b or f) GDPR. Customer data is stored in accordance with the legally prescribed time limits.
9. Data processing for the fulfilment of reporting obligations (pharmacovigilance)
If we receive information or a notification in connection with the use of our medicinal products, we are obligated by law to record such notifications in a structured manner and to forward them to the competent organizations for pharmacovigilance.
Within the context of such notification, personal data of the reporting person and of the patients concerned are processed. The legal basis for this processing of personal data is the fulfilment of legal obligations related to the monitoring of medicinal products safety, i.e. Art. 6 (1) (c) and Article 9 (2) (i) GDPR in conjunction with EU Regulation 520/2012.
The data is transmitted exclusively to authorized organizations for clarification of the facts and fulfilment of the reporting obligations. Personal data will be stored for as long as the marketing authorization for the medicinal product exists and for a further 10 years after the authorization has expired.
10. Collection of personal data when you contact us
a) Contacting us
When you contact us by fax, post, e-mail or via a contact form on our website, the data provided by you (your e-mail address, your name and telephone number if applicable) will be processed by us in accordance with Art. 6 (1) (f) GDPR in order to answer your questions. We delete the data arising in this connection after the processing is no longer necessary or restrict the processing if there are legal storage obligations.
The input into the contact form and the transmission to us is done via SSL encryption to protect confidential data. You can recognize an encrypted connection by the fact that the address bar of the browser shows "https://" and by the lock symbol in the browser bar. As long as the encrypted connection exists, your information cannot be read by third parties.
b) We publish job advertisements with contact addresses on our website
This is how you can apply to us for a specific job advertisement, submit an unsolicited application or join our applicant pool. We process your application for advertised positions as a pre-contractual measure on the basis of § 26 BDSG in conjunction with. Art. 6 (1) (b) GDPR. If an employment contract is concluded, your application data will be included in the personnel records. Otherwise, your application data will be deleted after 6 months in accordance with the legal requirements. Consent to be included in the applicant pool can be revoked at any time by sending an e-mail to email@example.com. In this case, your application data will be deleted immediately.
11. Collection of personal data when you visit our website
a) Logfiles: During the purely informative visit/use of our website, i.e. if you do not register or otherwise provide us with information (e.g. contact form, e-mail), we shall only collect the personal data that your browser transmits to our server. If you view our website for information purposes, we shall collect the following data in accordance with Art. 6 (1) (f) GDPR, which is technically necessary for us to display our website to you and to ensure stability and security: IP-address; date and time of the request; time zone difference to Greenwich Mean Time (GMT); content of the request (specific page); access status/HTTP status code; volume of data transferred respectively; website from which the request originates; browser; operating system and its interface; language and version of the browser software. These data are not merged with other data sources. The log data is generally deleted after 7 days but can be kept longer in case of suspected misuse.
b) Cookies: In addition to the above data, cookies are stored on your computer when you use our website. The basis for this is your consent (Art. 6 1 a GDPR) or our legitimate interest (Art. 6 1 f GDPR).
Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which the entity that sets the cookie (in this case by us) receives certain information. Cookies cannot run programs or transmit viruses to your computer and will not do any harm. They serve to make the Internet offer generally more user-friendly and effective.
Our website uses session cookies, which are automatically deleted after you close your browser or log out. Session cookies store a so-called session ID with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognized when you return to our website.
You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. However, you may not be able to use all the features of this website.
12. Further functions and offers on our homepage
If you visit our website not only for information purposes but want to use other functions and offers on our website, such as the subscription to the newsletter, you must provide further personal data going beyond points 9 and 10, so that we can offer you our extended functions and offers. If we require further personal data from you, the fields for mandatory data are marked with an asterisk. All other fields are voluntary information from you which is not necessary to use the functions and offers offered by us. We collect the mandatory information in accordance with with Art. 6 (1) (b or f) GDPR.
13. Google Analytics
a) If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The legal basis for this data processing is your consent (Art. 6 1 a GDPR), which you can revoke at any time with effect for the future: Link
b) Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the individual cookies about your use of our website is generally transmitted to a Google server in the USA and stored there.
During your visit to the website, the following data is collected: the subpages you visit (your "click path"); website elements you visit, such as newsletter subscriptions or downloads; your user behaviour (e.g. clicks, dwell time, bounce rates); your approximate location (region); your IP address (in abbreviated form); technical information about your browser and the end devices you use (e.g. language setting, screen resolution); your Internet provider; the referrer URL (via which website/advertising medium you came to this website).
We use the "IP masking" function: Due to the activation of IP anonymization on this website, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. We would like to point out that the shortening of the IP address is an additional measure to protect users, but it does not result in the complete data processing being anonymized. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
c) Purposes: On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
d) The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as a processor. There is an order processing agreement with Google, which includes the EU's standard data protection clauses as the basis for data transfers to third countries. You can find out more details at: https://privacy.google.com/businesses/processorterms/.
A transfer of data to the USA cannot be ruled out. Google LLC, based in California, USA, may be able to access the data stored by Google. We would like to point out that the level of data protection in the USA does not correspond to the European level due to the laws applicable there. Your data may be accessed by US law enforcement agencies and intelligence services.
e) The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by not giving your consent to the cookie setting or by downloading and installing the browser add-on to disable Google Analytics HERE.
You can also prevent the storage of cookies by configuring your browser software accordingly. However, if you configure your browser to refuse all cookies, you may experience limitations in functionality on this and other websites.
14. Google Ads
a) We use the Google Ads to draw attention to our offers with the help of advertising media (so-called Google Ads) on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. In this way, we pursue the interest of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs. The legal basis for this data processing is your consent (Art. 6 1 a GDPR), which you can revoke at any time with effect for the future: Link
b) These advertisements are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as display of the ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie..
c) These cookies enable Google to recognize your internet browser. If a user visits certain pages of the website of an Ads customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked through the website of Ads customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.
d) Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Ads Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.
e) You can prevent participation in this tracking process in several ways
aa) by not giving your consent to marketing cookies
bb) by adjusting your browser software. In particular, the suppression of third-party cookies will result in you not receiving ads from third parties;
cc) by deactivating the cookies for conversion tracking: Set your browser to block cookies from the domain www.googleadservices.com (https://www.google.de/settings/ads). Please note that this setting will be deleted when you delete your cookies;
dd) by deactivating interest-based ads of advertisers, who are part oft he self-regulating campaign “about ads”. der Anbieter: http://www.aboutads.info/choices. Please note that this setting will be deleted when you delete your cookies;
ee) by permanent deactivation in your browsers under the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this site to their full extent.
f) The legal basis for processing of your personal data is your consent (Art. 6 1 a GDPR).
For more information on privacy see:
Or visit the NAI website (Network Advertising Initiative): http://www.networkadvertising.org
15. Google Maps
On this website we use Google Maps. This enables us to display interactive maps directly on the website and enables you to use the map function conveniently. Legal basis for this processing is our legitimate interest (Art. 6 1 f GDPR).
By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website and the IP address transmitted. This occurs regardless of whether Google provides a user account that you are logged in to or whether there is no user account. When you're logged in to Google, your information will be directly associated with your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website in line with requirements. Such evaluation is carried out in particular (even for users who are not logged in) in order to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
16. Third-party websites
Our website contains hyperlinks to and from third-party websites. The linked pages were checked by KyExperts for possible legal infringements at the time of linking. Illegal contents were not recognizable at the time of linking.
KyExperts has no influence on the content, design and data protection conditions of these third party websites. KyExperts does not assume any guarantee or responsibility for the correctness of the contents on these pages.
A permanent control of the linked pages cannot be carried out and is not reasonable for KyExperts without concrete evidence of an infringement. KyExperts will remove these links immediately upon becoming aware of any legal infringements on or through these third-party websites. Liability is possible at the earliest from the point in time at which a concrete violation of the law becomes known.