1. General

The security and strictly confidential treatment of personal data is very important to PharmGenetix GmbH. PharmGenetix GmbH always processes personal data in line with the applicable data protection provisions (EU General Data Protection Regulation (GDPR) [Datenschutzgrundverordnung (DSGVO)], Austrian Telecommunications Act [TKG] 2003). By means of the following provisions we want to inform you about the processing of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR) of the European Union, in particular in compliance with the duties to provide information (Art. 12 to 14 GDPR) regarding the processing and transmission of such data, and with the rights of data subjects under data protection law (Art. 15 to 22 and Art. 34 GDPR). Personal data means all information by which a person can be identified directly or indirectly. For the protection of personal data PharmGenetix GmbH exclusively uses the most recent security standards and will process your personal data in line with the statutory data protection requirements applicable from time to time for the purposes stated below.

2. Controller

The controller of your personal data is

PharmGenetix GmbH, Porzellangasse 33a/III/19, A-1090 Vienna, Austria

Phone: +43 (0) 501015

Fax: +43 (0) 501015-50

E-Mail: datasecurity@pharmgenetix.com

Website: www.pharmgenetix.com

3. Data Protection Officer

You may contact our data protection officer by email to datasecurity@pharmgenetix.com or by mail to:

PharmGenetix GmbH

Data Protection Officer

Porzellangasse 33a/III/19

A-1090 Vienna, Austria

4. Purpose of collection of data

The purpose of collecting data is processing of the order, optimizing and personalizing of the website, error analysis of the website, contacting and selling products and/or services, if applicable.

5.General information on data processing

PharmGenetix GmbH needs to store personal data to perform a contract and to provide our services. Personal data will only be collected and used upon the customer’s consent and/or in cases where prior obtaining of consent is impossible for factual reasons and the processing of the data is permitted by statutory provisions.

5.1 Legal bases for processing your data:

  • Data will be processed on the basis of the statutory provisions of Section 96 (3) TKG and Art. 6 (1) (a) (consent) and/or (f) (legitimate interest) of the GDPR.
  • Art. 6 (1) (a) of the Data Protection Regulation (GDPR) of the EU is the legal basis in cases where PharmGenetix GmbH obtains the data subject’s consent to process operations regarding personal data.
  • Art. 6 (1) (b) GDPR is the legal basis for processing personal data concerning the party which is necessary to perform a contract. This also applies to processing operations necessary for implementing pre-contractual measures.
  • Art. 6 (1) (c) GDPR is the legal basis in cases where processing of personal data is necessary for fulfilment of a legal obligation to which PharmGenetix GmbH is subject.
  • Art. 6 (1) (d) GDPR is the legal basis in cases where processing of personal data is necessary to protect a vital interest of the data subject or another natural person.
  • Art. 6 (1) (f) GDPR is the legal basis for data processing where processing is necessary for safeguarding the legitimate interests of PharmGenetix GmbH or a third party and where the interests or fundamental rights or freedoms of the data subject do not prevail over such interests.

5.2 Legitimate interests may include but are not limited to:

  • answering enquiries;
  • implementing direct marketing measures;
  • providing services and/or information intended for you;
  • processing and transmitting personal data for internal and/or administrative purposes;
  • operation, administration and technical support;
  • prevention of and uncovering fraud cases and criminal offences;
  • protection against defaults in payment when obtaining credit reports or, in the case of enquiries, regarding deliveries or services and/or
  • ensuring the security of networks and data to the extent that such interests are in line with the law applicable from time to time and the rights and freedoms of the data subject.

5.3 Categories of recipients

PharmGenetix GmbH processes personal data for performing contracts, for administration and billing, for contacting purposes, as well as for the sale of products and services, if applicable. Data subjects may withdraw their consent to the processing of personal data at any time.

5.4 Disclosure and Forwarding of Data

Within PharmGenetix GmbH only those offices and/or staff will receive personal data who need the same for processing and for fulfilling relevant purposes.

If data subjects advise personal data to PharmGenetix GmbH, such personal data shall only be forwarded to third persons if this is necessary for performing the contractual relationship or if another legal ground legitimizes such forwarding. PharmGenetix GmbH carefully chooses the processors it uses for certain services. Appropriate technical and structural measures are taken to ensure that personal data is processed in line with obligations under data protection law and that the rights of data subjects are safeguarded.

Data will only be forwarded to other third parties on the basis of a valid legal ground and for predefined purposes.

6. Collection of data on the website

In principle, you may visit the website of PharmGenetix GmbH without providing any personal data. When visiting websites some general data and information will be recorded as a standard procedure and stored in the log files of the server. This includes, inter alia, the date and the time of the visit, the user’s IP address, the browser type, the user’s internet service provider and the website from which a user is redirected to the website of PharmGenetix GmbH and/or the website to which the user is forwarded.

The legal basis for the temporary storage of data and log files and/or cookies and for the processing of personal data by using cookies which are technically necessary is Art. 6 (1) (f) GDPR, and the above stated legitimate interests. The legal basis for processing personal data by means of using cookies for analytical purposes is Art. 6 (1) (a) GDPR, provided that the user has given his/her consent thereto.

The temporary storage of the IP address by the system is necessary for transmission of the website to the user’s computer. For that purpose the user’s IP address must be stored for the duration of the session.

Storing log files is done to ensure the website’s functionality. In addition, such data helps to ensure optimal use of the website and security of the IT systems. The data will be erased as soon as it is no longer required for achieving the purpose of its collection, i.e. in the case of provision of the website as soon as the relevant session is terminated. If, due to concrete indications there is a reasonable suspicion of unlawful use or a specific attack on the website of PharmGenetix GmbH, PharmGenetix GmbH reserves the right to check the data and to process the same for the purpose of clearing up such attacks and unlawful use and for prosecution.

6.1 Use of cookies

PharmGenetix GmbH uses cookies to make the website more user-friendly. Cookies are text files which are stored on the user’s computer system in or by the internet browser. Cookies are used to clearly identify the browser at the next visit of the website and are necessary for some elements of this website to work properly. This includes, inter alia, language settings and log-in information.

On this website PharmGenetix GmbH also uses cookies which analyze the browsing habits of users in a pseudonymized form and improve the website’s user-friendliness. This includes analyzing the frequency of site visits, search terms and also the use of website functions; however, this will not allow identification of the user. Cookies are used both for recognition of language settings and search terms and for improving the website’s quality and contents. By using cookies PharmGenetix GmbH can learn more about the use of the website and the interest in information and products offered. When visiting the website the user will be informed about the fact that cookies are used for the purpose of preparing analyses. As part of this, consent to storing and processing personal data and cookies which are used in this regard will be obtained. Thus, users of this website have full control over the use of cookies. Users may deactivate or restrict the transmission of cookies in their internet browser settings and delete cookies that have been stored already. The functionality of the website may be restricted as a result of deactivating cookies.

This website may use active Java Script contents and fonts of external providers, such as Google. The transmission of you IP address may also be deactivated in your browser settings and may restrict the functionality of the website. Some websites bind content of third parties (e.g. YouTube videos, Google Maps maps, images, texts, RSS feeds, etc.) which requires transmission of the user’s IP address to the providers of the relevant content. In such cases, PharmGenetix GmbH has no influence on use of the user data and tracking pixel by the relevant provider or, in particular, on whether the data is used for other purposes; thus, PharmGenetix GmbH makes reference to the relevant data protection information. Users may manage those settings in their browser; deactivation may restrict the functionality of the website.

6.2 Google Analytics

Some websites use the functions of Google Analytics, a service of Google Inc. (“Google”), for their web analyses. Google Analytics uses cookies to enable an analysis of the use of the website. The legal basis for processing personal data of users is Art. 6 (1) (f) GDPR. The data collected will be stored on the servers of Google, which are normally situated in the USA. In the case of an anonymization of the user’s IP address, it will be truncated; only in exceptional cases will the entire IP address initially be firstly transmitted to a server in the USA and truncated there. In such cases, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

The IP address will not be merged with other Google data. Google evaluates the information from the website use analysis to prepare reports on website activities and to render other services to the website operator. PharmGenetix GmbH uses the data of Google Analytics to analyze use of the website and to make improvements (user-friendliness of the website, acceptance of offers) on the basis of statistics. Users may restrict the storage of cookies in the browser settings; this may, however, affect the website’s functionality. For more information on Google contact Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Data protection policy: http://www.google.de/intl/de/policies/privacy

6.3 Google Maps

On its website PharmGenetix GmbH also uses interactive maps provided by Google Maps. When you visit the website, Google will receive the information that a user has retrieved the relevant sub-page of the website and the related personal data (IP address, time of the request, transmitted data volume, language and browser version, website from which the request is made, etc.) This will happen irrespective of whether Google provides a user account via which you are logged in and also if there is no user account. If you are logged into Google, your data will be directly allocated to your account, unless you have logged out beforehand. The data will be used by Google to prepare customized advertising and information. In this regard, users have a right to objection, which must, however, be directed to Google directly. For more information please contact the provider directly: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Data protection policy: http://www.google.de/intl/de/policies/privacy

6.4 World4You Internet Services GmbH

PharmGenetix GmbH uses the Austria-based webhosting provider World4You Internet Services GmbH as its server for the generally available website. World4You Internet Services GmbH serves as the server for the email traffic and the website of PharmGenetix GmbH. More information on the data protection statement of World4You Internet Services GmbH may be obtained from the provider directly: World4You Internet Services GmbH, Hafenstrasse 47-51, 4020 Linz, Austria or online at https://www.world4you.com/de/unternehmen/datenschutzerklaerung.html

6.5 MailChimp

Some websites use the functions of MailChimp, a service of The Rocket Science Group, LLC. MailChimp uses cookies to enable an analysis of the use of the website. The legal basis for processing personal data of users is Art. 6 (1) (f) GDPR. The data collected will be stored on servers, which are normally situated in the USA. For this purpose, MailChimp has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

MailChimp analyzes the information of the website use analysis to prepare reports on website activities and to render other services to the website operator. PharmGenetix GmbH uses the data of MailChimp to analyze use of the website and to make improvements (user-friendliness of the website, acceptance of offers) on the basis of statistics. Users may restrict the storage of cookies in the browser settings; this may, however, affect the website’s functionality.

PharmGenetix GmbH also uses other services provided by MailChimp, such as sending of newsletters, integration of contact forms, subscription to blog entries, etc. The following personal data will be recorded for such purposes: name, email address, phone number. In connection with the form for ordering an analytics box the following personal data will be recorded via the contact form: name, address, email address, phone number.

For more information please contact the provider directly: The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE – Suite 5000, Atlanta, GA 30308, USA and online at https://mailchimp.com/about/security/ and https://mailchimp.com/legal/privacy/.

6.6 HubSpot

Some websites use functions of HubSpot, Inc. HubSpot, Inc. uses cookies for analyzing use of the website. The legal basis for processing personal data of users is Art. 6 (1) (f) GDPR. The data collected will be stored on servers, which are normally situated in the USA. For those purposes, HubSpot, Inc. has subjected to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

HubSpot, Inc. evaluates information from the website use analysis to prepare reports on website activities and to render other services to the website operator. PharmGenetix GmbH uses the data of HubSpot, Inc. to analyze use of the website and to make improvements (user-friendliness of the website, acceptance of offers) on the basis of statistics. Users may restrict the storage of cookies in the browser settings; this may, however, affect the website’s functionality.

PharmGenetix GmbH uses other services provided by HubSpot, Inc., such as sending of newsletters, integration of contact forms, subscription to blog entries, etc. The following personal data will be recorded for such purposes: name, email address, phone number. In connection with the form for ordering an analytics box the following personal data will be recorded via the contact form: name, address, email address, phone number.

For more information please contact the provider directly: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA, and online at https://legal.hubspot.com/de/privacy-policy und https://legal.hubspot.com/de/datenschutz

6.7 Contact form and email contact

The website of PharmGenetix GmbH includes contact forms which may be used for establishing contact electronically and for ordering. Provided that the user agrees and with reference to the Data Protection Policy the data entered by the user will be transmitted to PharmGenetix GmbH and stored. This data includes the name, email address, and relevant content of the text field.

In the case that contact is established by email, all information disclosed by the user in his/her email to PharmGenetix GmbH will be stored. In addition, the IP address, date, and time of the message will be recorded upon dispatch of the message.

Users may establish contact with staff of PharmGenetix GmbH also by email. In that case, the personal data of the user transmitted with the email message will be stored. The data will exclusively be used for communication purposes and not disclosed to third parties.

6.8 The legal basis for personal data processing is:

  • After a user has subscribed to the newsletter and given consent to processing, Art. 6 (1) (a) GDPR shall be understood as the legal basis.
  • The basis for processing data that is transmitted by an email message is Art. 6 (1) (f) GDPR and the legitimate interests stated above.
  • If the purpose of the email contact is conclusion of a contract, Art. 6 (1) (b) GDPR shall be an additional legal basis for the processing of personal data.

Personal data from the “Contact” entry mask will be used for processing the contact request. When contact is established by email there is a legitimate interest that is necessary for processing the data. Other personal data sent with the email message is required for the security of the IT systems.

The data will be erased as soon as the relevant conversation with the user has ended and/or the matter has been finally cleared up, or where the data is no longer required for fulfilling the purpose of collection of the same. Users may withdraw their consent to processing of personal data at any time. Users may also object to the storage of their personal data by email, which will lead to termination of the conversation.

Transmitting data via the internet involves a certain risk. Encrypted communication via GPG encryption is possible. If users want their email messages to be encrypted, they are asked to explicitly state their request, as email messages are usually sent in an unencrypted form due to the fact the email encryption is not very common at the moment.

7. Storage periods

To the extent necessary, PharmGenetix GmbH will process personal data for the duration of the business relationship and thereafter in compliance with the statutory retention and documentation duties, which are, inter alia, contained in the Austrian Business Code [UGB] and the Austrian Fiscal Code [BAO] or serve the purpose of establishing, exercising or defending legal claims. In addition, the storage period will depend on the statutory periods of limitation, which, e.g., according to the Austrian Civil Code [ABGB], are generally 30 years; in certain cases they may, however, only be three (3) years.

The data will also be blocked or erased if and when a storage period prescribed by the said statutory provisions expires, unless continued storage of the data is required for conclusion or performance of a contract.

Instead of erasing data it may also be anonymized. In that case, the data protection law obligation to erase data does not apply, as any reference to a person will be removed irretrievably and no reference to a person can be restored.

8. Access to and provision of data

In the course of the business relationship personal data must be provided which is necessary for establishing and executing the business relationship or which PharmGenetix GmbH is required to collect by law. If such data is not provided, PharmGenetix GmbH may refuse to conclude a contract or execute an order or discontinue to perform an existing contract and thus terminate the same.

9. Rights of the data subject

In principle, data subjects have the following rights:

9.1 Right to access

The data subject shall have the right to receive a confirmation as to whether or not personal data concerning him or her is being processed, and, where that is the case, that person has access to the personal data and the information stated in detail in Art. 15 GDPR (such as the purposes of the processing, or the categories of personal data concerned).

9.2 Right to rectification

The data subject shall have the right to have his or her data rectified if it is inaccurate, incorrect and/or incomplete. This also includes completion by means of providing statements or notifications.

9.3 Right to erasure

The data subject shall have the right to erasure of personal data concerning him or her without undue delay where one of the grounds stated in detail in Art. 17 GDPR applies: for example, the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; the personal data is processed unlawfully or on the basis of a statement of consent if and when the data subject withdraws the same. If you do not want us to collect any of your data or contact you ever again, your relevant contact data will be stored in a blacklist.

However, data subjects shall have no right to erasure if the exceptions stated in Art. 17 (3) GDPR are applicable, for example where the processing is necessary for compliance with a legal obligation under Union or Austrian law (e.g. statutory retention duties) or for the establishment, exercise or defence of legal claims.

9.4 Right to restriction of processing

The data subject shall have the right to obtain restriction of processing of his or her data where one of the requirements stated in Art. 18 GDPR applies.

9.5 Right to object

Pursuant to Art. 21 (2) GDPR the data subject shall have the right to object at any time to processing of personal data concerning him or her where the processing of personal data

  • is done for the purposes pursued by PharmGenetix GmbH’s legitimate interests. PharmGenetix GmbH will not process such data if the data subject has an overriding interest requiring protection;
  • is done for direct marketing purposes. This may be objected to at any time with no obligation to state reasons;
  • is carried out by means of automated decision-making. This may be objected to at any time with no obligation to state reasons.

9.6 Right to data portability

The data subject shall have the right to receive the personal data concerning him or her (as restricted by Art.  20 GDPR) in a structured, commonly used, electronic and machine-readable format if PharmGenetix GmbH processes such data based on a given and revocable consent or for performance of a contract and where such processing is carried out by automated means.

The data subject shall also have the right to have such data transmitted directly (where technically feasible) to another controller advised by him.

9.7 Possibility to lodge a complaint

If the data subject is of the opinion that the processing of his or her data has violated data protection law or that his or her rights under data protection law have been infringed in any other way, he or she has the right to another administrative or judicial remedy. Complaints may be lodged directly with the Data Protection Officer of PharmGenetix GmbH: datenschutz@pharmgenetix.com or by mail (see above). The data subject may also lodge his or her complaint with the relevant supervisory authority in the Member State where he or she stays, works or where the alleged violation or infringement took place. In Austria this is the Data Protection Authority [Datenschutzbehörde].

Österreichische Datenschutzbehörde
Wickenburggasse 8
1080 Vienna, Austria
Telefon: +43 1 52 152-0
E-Mail: dsb@dsb.gv.at

10. Questions and remarks

Pursuant to the data protection provisions data subjects have a right of access to their stored data. In principle, such access is free of charge. Upon contacting PharmGenetix GmbH, completion, alteration, or erasure of personal data is possible at any time. Exercising such rights requires a clear identification of the data subject. Identification can be made in writing by sending a copy of the passport or national identity card to PharmGenetix GmbH, Porzellangasse 33a/III/19, A-1090 Vienna, Austria, phone: +43 (0) 501015, email: datenschutz@pharmgenetix.com.

We reserve the right to amend our Data Protection Policy, where necessary, and to publish it on www.pharmgenetix.com. Please check this site regularly. The updated policy will enter into force upon publication subject to the applicable statutory provisions. If we have already recorded data concerning you which is affected by the amendment and/or is subject to a statutory duty to provide information, we will, in addition, inform you about major amendments to our Data Protection Policy.