We, Kyberg experts GmbH, Am Keltenring 8, 82041 Oberhaching, Germany (hereinafter KyExperts) thank you for visiting our homepage. We would like to inform you in detail about the use and possible processing of your personal data when using and visiting our website.
For reasons of easier readability and user friendliness, we do not use male and female denominations at the same time. The use of the male form includes the female form.
We only collect personal data in accordance with Art. 6 I DS-GVO if we have received your express and voluntary consent in accordance with Art. 6 Ia DS-GVO prior to their collection, or if another provision of permission in accordance with Art. 6 DS-GVO exists. A transfer to third parties will only take place if we have expressly pointed this out to you when collecting the data and have received your consent or if we are required by law to do so (e.g. clarification of criminal offences).
1. Definitions of terms
KyExperts' data protection policy is based on the definitions used in the European Directives and European Regulations when the DS-GVO was adopted. Our data protection policy is intended to be easy to read and understand for both our customers and business partners and the public, which is why we shall explain in advance the definitions of terms used below in the text of the data protection policy.
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the data subject). The natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person, shall be regarded as identifiable.
Data subject is any identifiable or identified natural person whose personal data are processed by the data controller.
Processing refers to any operation or set of operations which is carried out with or without the aid of automated means relating to personal data, such as collection, recording, organization, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
Pseudonymization refers to the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
Person responsible (or the person responsible for data processing within the meaning of Art. 4 No. 7 DS-GVO) refers to a natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of the processing of personal data.
Processor refers to a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Third party refers to any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons authorized to process personal data under the direct responsibility of the controller or processor.
Recipient refers to a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data under a specific investigation mandate under EU or Member State law shall not be considered as recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.
Consent shall mean any voluntary and active expression by the data subject, in the specific case prior to processing, of his or her will, expressed in an informed and unequivocal manner in the form of a statement or other clearly affirmative act, indicating that he or she consents to the processing of his or her personal data.
Health data refers to personal data relating to the physical or mental health of a natural person, including the provision of health services, and providing information on that person's state of health.
This data protection declaration informs you which personal data are processed by KyExperts as defined by Art. 4 No. 2 DS-GVO.
We will also inform you about your right to choose / object and about your rights as a data subject with regard to your personal data pursuant to Art. 12 to 23 DS-GVO.
In order to protect the rights and freedoms of the natural person concerned affected by the processing of personal data, we have taken the necessary organizational and technically appropriate measures to comply with the current statutory provisions, including those on data protection pursuant to Art. 24 in conjunction with Art. 24 of the German Data Protection Act. Art 25 DS-GVO, the BDSG, the BayDSG and the TMG.
3. Responsible according to Art. 13 I a DS-GVO
Kyberg Experts GmbH
Tel.: +49 (0) 89 613 809 0
Fax.: +49 (0) 89 613 809 2199
Email: : email@example.com
Managing Director: Mr. Thomas Lix
4. Data protection officer in accordance with Art. 13 I b DS-GVO
You can reach our data protection officer at
or via our postal address with the addition "Data Protection Officer".
Kyberg experts GmbH
for the attention of the Data Protection Officer
Am Keltenring 8
5. Your rights as a data subject under the DS-GVO
a) Your rights: As a data subject, you have the following rights vis-à-vis us as the responsible party with regard to the personal data concerning you:
aa) Right to information and transparent communication Art. 12 DS-GVO
bb) Right to information in direct surveys Art. 13 DS-GVO and/or in surveys of non-affected persons pursuant to Art. 14 DS-GVO
cc) Right of access Art. 15 DS-GVO
dd) Right to rectification Art. 16,19 DS-GVO and/or deletion Art. 17,19 DS-GVO
ee) Right to limitation of processing Art. 18 DS-GVO
ff) Right to object to processing Art. 21, 22 DS-GVO
gg) Right to data transfer Art. 20 DS-GVO
b) Information, rectification, blocking, erasure:
We process personal data in accordance with the currently applicable national and Community laws and legal requirements, in particular Art. 6 I DS-GVO in conjunction with Art. 6 I DS-GVO. Art. 9 DS-GVO and taking into account the transparency requirement under Art. 5 I DS-GVO and your rights under Art. 12 ff DS-GVO.
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if the European or national legislator has provided for this in Union regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
At your request as a data subject, KyExperts will inform you at any time free of charge about your stored personal data in accordance with Art. 13f bis 22 DS-GVO and provide you with information in accordance with Art. 15 DS-GVO about the processing, the origin, the recipient and the purpose of the data processing, restrict, correct, delete, block the processing of personal data free of charge and/or transfer the data.
Please contact the data protection officer by e-mail with your request:
c) Complaints: You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
You can contact the supervisory authority responsible for us at:
Bayerisches Landesamt für Datenschutzaufsicht
vertreten durch den Präsidenten
Hausanschrift: Promenade 27 , 91522 Ansbach
Online at: https://www.lda.bayern.de/en/complaint.html
6. Objection or revocation against the processing of your data
a) If you have given your consent to the processing of your data in accordance with Art. 6 I 1 a DS-GVO, you may revoke it at any time free of charge and without reason. This also applies to consents which you have given us prior to the application of the DS-GVO. Your revocation will only take effect in the future. It does not affect the lawfulness of the data processing until revocation.
Please send your request to the data protection officer by email to:
b) Insofar as we base the processing of your personal data on the weighing of interests in accordance with Art. 6 I1f DS-GVO, the processing is not directly necessary for the fulfilment of a contract with you. In this case, however, the processing is carried out on the basis of a justified interest on our part or on the part of a third party. We have disclosed this justified interest in the processing of the data to you when collecting the data and have informed you of this. As a data subject, you can object to the processing at any time. Your objection to the processing of your personal data is justified if your interest in not processing your data pursuant to Art. 21 I DS-GVO outweighs our interest in processing your data. In order to carry out this balancing of interests, it is necessary that you explain to us your reasons for the objection in the objection, i.e. outline your interests or your fundamental rights or freedoms which you consider to be infringed by the processing. By stating the reasons for your objection, you will make it easier for us to weigh up your interests.
In the event of your justified objection, we will discontinue or adjust data processing according to the circumstances and, if necessary, delete stored data.
c) We shall use your personal data for advertising purposes and for data analyses only insofar as we have a legal basis for this in the DS-GVO, primarily in Art. 6 I S1a, b or f DS-GVO. You may of course object to the processing of your personal data for advertising and data analysis purposes in accordance with Art. 21 II i.V.m IV DS-GVO at any time.
d) Information about your right of objection according to Art. 21 DS-GVO
Objection for the individual case
As a data subject, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, unless the data processing is carried out in accordance with Art. 6 I S.1 e DS-GVO (public interest) and Art. 6 I S.1 f DS-GVO (balancing of interests).
If you file an objection, your personal data will no longer be processed after the objection, unless there are compelling legitimate reasons for the data processing which outweigh your interests, rights and fundamental freedoms or if the data processing serves the assertion, exercise or defense of legal claims.
Contradiction for direct advertising
In individual cases we shall process your personal data in order to carry out direct advertising. You have the right to object to this data processing at any time.
In the event that you object to data processing for the purpose of direct marketing, we will no longer process your personal data for this purpose.
Please send your objection to firstname.lastname@example.org or by post to:
Kyberg experts GmbH
Date Protection Officer
Am Keltenring 8
7. Access to personal data by employees
Within KyExperts only those employees have access to your data who need it to fulfil their contractual obligation or due to a legal obligation. The employees are bound to secrecy.
8. Data transmission or access by third parties
a) Within the scope of our activities, we are also dependent on external assistance such as IT service providers for the provision and maintenance of our hardware and software, print service providers, debt collection or other service personnel. Within the framework of this integration, our external service providers may also become aware of personal data. Therefore we oblige our external service providers to maintain secrecy and data secrecy and limit their access to personal data to a minimum. We also specify the fixed criteria for the storage period. The service providers have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly. Other data recipients may be such entities for which you have expressly given us your consent to the transfer of data at the time of data collection or to which we are authorized to transfer personal data on the basis of a weighing of interests.
b) Processing of payment transactions and data transmission to Kyberg Pharma Vertriebs-GmbH
KyExperts GmbH informs the persons concerned about their rights and obligations in the form for issuing the basic SEPA direct debit and that Kyberg Pharma Vertriebs-GmbH will collect the claims for KyExperts GmbH within the framework of order processing. With the granting of the basic SEPA direct debit by the person concerned, Kyberg Pharma Vertriebs-GmbH is authorized to process the data. Kyberg Pharma Vertriebs-GmbH will only pass on the personal data of the person concerned to third parties if this is necessary for payment processing, e.g. passing on the customer data to the house bank or, if applicable, to a debt collection company. The processing of the data takes place on the basis of Art. 6 I S. 1 a, b or f DS-GVO. Customer data will only be stored as long as this is required by law pursuant to Art. 17 III DS-GVO.
9. Data processing for the fulfilment of reporting obligations (pharmacovigilance)
If we receive information or a notification in connection with the use of our medicinal products, we are obligated by law to record such notifications in a structured manner and to forward them to the responsible organizations for drug monitoring.
Within the context of such notification, personal data of the person making the notification and of the patients concerned are processed. The legal basis for this processing of personal data is the fulfilment of legal obligations with regard to the monitoring of the safety of medicinal products, i.e. Article 6 (1) (c) and Article 9 (2) (i) DSGVO in conjunction with EU Regulation 520/2012.
The data is transmitted exclusively to authorized organizations for clarification of the facts and fulfillment of the reporting obligations. Personal data will be stored for as long as the marketing authorization for the medicinal product exists and for a further 10 years after the authorization has expired.
10. Collection of personal data when you contact us
a) Contacting us
When you contact us by fax, post, e-mail or via a contact form on our website, the data provided by you (your e-mail address, your name and telephone number if applicable) will be processed by us in accordance with Art. 6 I S.1 b DS-GVO in order to answer your questions. We delete the data arising in this connection after the processing is no longer necessary or restrict the processing if there are legal storage obligations.
The input into the contact form and the transmission to us takes place over a SSL coding for the protection of confidential data. You can recognize an encrypted connection by the fact that the address line of the browser shows "https://" and the lock symbol in the browser line. As long as the encrypted connection exists, your information cannot be read by third parties.
b) We publish job advertisements with contact addresses on our website:
In this way, you can apply to us for a specific job advertisement, submit an unsolicited application or join our applicant pool. You can revoke your consent to us to use your data in the application process or to include them in the applicant pool at any time by sending an e-mail to email@example.com . In this case, your application data will be deleted immediately unless it is required for the fulfilment of a contract or pre-contractual measures. Personal data will be deleted after 6 months in accordance with the legal requirements.
11. Collection of personal data when you visit our website
a) Logfiles: During the purely informative visit/use of our website, i.e. if you do not register or otherwise provide us with information (e.g. contact form, e-mail), we shall only collect the personal data that your browser transmits to our server. If you view our website for information purposes, we shall collect the following data in accordance with Art. 6 I S. 1 f DS-GVO, which is technically necessary for us to display our website to you and to ensure stability and security:
bb) The date and time of the request
cc) Time zone difference to Greenwich Mean Time (GMT)
dd)Content of the request (specific page)
ee) Access status/HTTP status code
ff) The volume of data transferred in each case
gg) The website from which the request originates
ii) The operating system and its interface
jj) The language and version of the browser software.
These data are not merged with other data sources. The log data are deleted after 7 days.
b) Cookies: In addition to the above data, cookies are stored on your computer when you use our website in accordance with Art. 6 I S1. f DS-GVO or Art. 6 I S. 1 b DS-GVO. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie (in this case by us). Cookies cannot run programs or transmit viruses to your computer and will not do any harm. They serve to make the Internet offer generally more user-friendly and effective.
Our website uses session cookies, which are automatically deleted after you close your browser or log out. Session cookies store a so-called session ID with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognized when you return to our website.
You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third-party cookies or all cookies. However, you may not be able to use all the features of this website.
12. Further functions and offers on our homepage
If you visit our website not only for information purposes but want to use other functions and offers on our website, such as the subscription to the newsletter, you must provide further personal data going beyond points 9 and 10, so that we can offer you our extended functions and offers. If we require further personal data from you, the fields for mandatory data are marked with an asterisk. All other fields are voluntary information from you which is not necessary to use the functions and offers offered by us. We collect the mandatory information in accordance with Art. 6 I S.1 b DS-GVO.
13. Google Analytics
a) Our website uses Google Analytics, a web analysis service provided by Google Inc. "("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site.
The information generated by the individual cookies about your use of our website is generally transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on our website, your IP address will be shortened by Google in advance within the Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google Analytics will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services to website operators in connection with website activity and internet usage.
b) The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
d) This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are further processed in a shortened form, that personal references can be ruled out and that personal data are deleted immediately.
e) We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained will enable us to improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Para. 1 S. 1 lit. f DS-GVO.
14. Google Maps
On this website we use the offer of Google Maps. This enables us to display interactive maps directly on the website and enables you to use the map function conveniently.
By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website and the IP address transmitted. This occurs regardless of whether Google provides a user account that you are logged in to or whether there is no user account. When you're logged in to Google, your information will be directly associated with your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website in line with requirements. Such evaluation is carried out in particular (even for users who are not logged in) in order to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
By using this website, you consent to the collection, processing and use by Google, one of its agents, or third parties of data that is automatically collected and entered by you.
15. Third-party websites
Our website contains hyperlinks to and from third-party websites. The linked pages were checked by KyExperts for possible legal infringements at the time of linking. Illegal contents were not recognizable at the time of linking.
KyExperts has no influence on the content, design and data protection conditions of these third party websites. KyExperts does not assume any guarantee or responsibility for the correctness of the contents on these pages.
A permanent control of the linked pages cannot be carried out and is not reasonable for KyExperts without concrete evidence of an infringement. KyExperts will remove these links immediately upon becoming aware of any legal infringements on or through these third-party websites. Liability is possible at the earliest from the point in time at which a concrete violation of the law becomes known.