• Privacy statement

Privacy Policy

Greidenweis GmbH, a CHIRON Group SE company (hereinafter referred to as "Greidenweis GmbH") takes your legitimate data protection concerns very seriously and complies with the provisions of the German Data Protection Regulation (DSGVO), the German Telemedia Act and also, where applicable, the provisions of other applicable data protection regulations.

Greidenweis GmbH handles the data you provide carefully and conscientiously. Insofar as data of any kind is collected, processed or used, this is always done within the framework of the legal provisions or by means of coverage by your express consent.

The protection of privacy is of crucial importance for the future of internet-based business models and for the development of an internet-based economy. Greidenweis GmbH underscores its commitment to privacy protection with this privacy statement. In the following, you will learn how Greidenweis GmbH handles personal data on this website.

The responsible party according to Art. 4 (7) of the Basic Data Protection Regulation (DSGVO) is:

Greidenweis GmbH
Friedrich-List-Strasse 9
D-78549 Spaichingen
Phone: +49 (0) 74 24 / 95 76-0
E-mail: info.greidenweis@chiron-group.com

You can reach our data protection officer at:

Greidenweis GmbH
Data Protection Officer
E-Mail: dp@chiron-group.com

Global data protection standards

Our handling of personal data has been aligned with global principles and standards relating to transparency in the use of personal data, observance and granting of rights of choice, access regulations, rules on data integrity, data security, data sharing and monitoring the lawfulness of processing. Greidenweis GmbH complies in particular with the Basic Data Protection Regulation (DSGVO).

Consent

By using this website, you consent to the electronic storage and use of your data as described below. Changes to this privacy policy will always be posted on this page so that you are always aware of what data Greidenweis GmbH stores and how it is used.

Where required by applicable data protection law, we will also explicitly ask for your consent for the further processing of personal data collected on this website or provided by you.

Collection and processing of personal data

Greidenweis GmbH would like to be able to better understand your wishes and interests and offer you an optimal service. Therefore, Greidenweis GmbH collects and uses personal information in the manner described below and in accordance with applicable data protection laws.

When you visit our website, we collect your IP address and use cookies and other Internet technologies (hereinafter referred to as "automated tools" and "integrated web links") that can be used to obtain general information about visitors to our website and their interests. Below we explain which technologies are used and what kind of information is collected with them.

In addition, we collect and process data that you voluntarily provide to us, for example, when you register for events, subscribe to newsletters, participate in online surveys, join discussion groups or forums, or make purchases.

What data do we collect and why?

Greidenweis GmbH uses the data we collect to provide you with consistent personalized service. Greidenweis GmbH uses your data exclusively as described in this statement or at the time of collection. Any subsequent change in the purpose of use is subject to your express consent, unless the change is otherwise legitimized by applicable law.

We process your data for the following purposes, among others:

  • To maintain our relationship with you, for example, through our databases, in which we aggregate data about you from our various sources to get an overview of the cooperation; also, to improve and individualize our understanding of your preferences and our communication with you;
  • To process orders and deliver ordered services and products.
  • To perform tasks in preparation for or fulfillment of contracts;
  • To maintain records of business transactions;
  • To provide you with appropriate and up-to-date information our products and services;
  • to improve the quality of our products and services by adapting our offer to your specific needs;
  • to respond to your inquiries and provide you with efficient support;
  • to manage communication and collaboration with you
  • to track our activities (e.g., measure collaboration or sales, number of appointments/meetings, topics discussed, materials presented);
  • to invite you to events sponsored by us or used by us (e.g., presentations, conferences);
  • To manage our IT resources, including infrastructure management and business continuity;
  • to protect the company's economic interests and to ensure compliance and reporting (e.g., compliance with our policies and local regulatory requirements, taxes and deductions, adherence to internally established grant limits, management of alleged instances of misconduct or fraud, conducting audits and defending litigation);
  • For archiving and record keeping;
  • For processing job inquiries
  • For billing and accounting; and
  • Other purposes as may be required by law and regulation.
  • In certain cases, we are required by law to transfer data to a requesting government agency (institution or authority). The legal basis for the processing is Art. 6 para. 1 c DSGVO or § 24 para. 2 no. 1 BDSG.
  • In some cases, business partners require personal data of our customers. This usually takes place in the context of order fulfillment (e.g. in the case of complaints). This is expressly provided for by law. In this case, Greidenweis GmbH remains responsible for the protection of your data - if necessary, in addition to the order processor. The respective business partner works according to our instructions, which Greidenweis GmbH ensures through strict contractual regulations.
  • For the fulfillment of legal obligations to record, document and report to competent authorities.

IP addresses

IP addresses are used for malfunction analysis, website administration and to gather demographic information. We also use IP addresses and, where applicable, other information that you have provided to us on this website to learn which pages from our site are accessed and what topics interest our visitors. We use the knowledge gained to be able to offer you an optimized range of information on our products and services. As a matter of principle, Greidenweis GmbH only collects such data in anonymized form and will not link it to a registered user's profile without the user's consent. When visiting our website, only the domain name is recorded by default.

Greidenweis GmbH only collects data in connection with your visit to the Greidenweis website.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find his contact details in the section "Note on the responsible party" in this privacy policy.

Analysis tools and third-party tools

When visiting this website, your surfing behavior may be statistically analyzed. This is done primarily with so-called analysis programs.

Detailed information on these analysis programs can be found in the following data protection declaration.

Hosting of the website

We host the contents of our website with the following provider:

IONOS

The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter referred to as IONOS). When you visit our website, IONOS collects various log files including your IP addresses. For details, please refer to the privacy policy of IONOS: https://www.ionos.de/terms-gtc/terms-privacy.

The use of IONOS is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in ensuring that our website is presented as reliably as possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Storage period

Unless a more specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO if special categories of data are processed in accordance with Art. 9(1) DSGVO. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49 (1) a DSGVO. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. The consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b DSGVO. Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Art. 6 para. 1 lit. c DSGVO. Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Art. 6 para. 1 lit. f DSGVO. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct marketing (Art. 21 DSGVO).

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 ABS. 1 LIT. E OR F DSGVO, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21(1) DSGVO).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ARTICLE 21 (2) DSGVO).

 

Objection to advertising e-mails

We hereby object to the use of contact data published within the framework of the imprint obligation for the purpose of sending advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Cookies

  1. a) We use cookies on our website or websites. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablets, smartphone, etc.) when you visit our websites. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity. The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our websites. These are automatically deleted after you leave our site.
  2. b) In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain fixed period of time. If you visit our website again in order to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
  3. c) On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already been to our website when you visit it again. These cookies are automatically deleted after a defined period of time.
  4. d) The cookies process data and are necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) p. 1 lit. f) DSGVO.
  5. e) Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

 

Consent with Usercentrics

This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").

When you enter our website, the following personal data is transferred to Usercentrics:

- Your consent(s) or revocation of your consent(s).

- Your IP address

- Information about your browser

- Information about your terminal device

- Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent(s) given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c DSGVO.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version, operating system used.

Referrer URL, host name of the accessing computer

Time of the server request, IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be collected.

Contact form

If you send us inquiries via the contact form, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

Inquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests sent to us (Art. 6 (1) (f) DSGVO) or on your consent (Art. 6 (1) (a) DSGVO) if this has been requested; the consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

Analysis tools and advertising

Matomo

This website uses the open source web analysis service Matomo.

With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they came. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

IP anonymization

We use IP anonymization for the analysis with Matomo. In this case, your IP address is shortened before analysis so that it can no longer be clearly assigned to you.

Hosting

We host Matomo with the following third-party provider:

IONOS SE

Elgendorfer Str. 57

56410 Montabaur

Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only on a voluntary basis. For the handling of the newsletter, we use newsletter service providers, which are described below.

Newsletter via Sendinblue

This website uses Sendinblue to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Sendinblue is a service with which, among other things, the sending of newsletters can be organized and analyzed. The data you enter for the purpose of receiving the newsletter is stored on Sendinblue's servers in Germany.

Data analysis by Sendinblue

With the help of Sendinblue, it is possible for us to analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links, if any, were clicked. In this way, we can determine, among other things, which links were clicked on particularly often.

In addition, we can see whether certain previously defined actions were performed after opening/clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the newsletter.

Sendinblue also allows us to subdivide ("cluster") newsletter recipients based on various categories. In doing so, newsletter recipients can be subdivided by age, gender or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups.

If you do not want Sendinblue to analyze your newsletter, you must unsubscribe. For this purpose, we provide a corresponding link in every newsletter message.

For detailed information on the Sendinblue functions, please refer to the following link: https://de.sendinblue.com/newsletter-software/.

Legal basis

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage period

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

For more details, please refer to Sendinblue's privacy policy at: https://de.sendinblue.com/datenschutz-uebersicht/.

Order processing

We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

Handling of applicant data

We offer you the opportunity to apply to us (e.g. by e-mail, by post or via online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

Scope and purpose of data collection

When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent necessary to decide whether to establish an employment relationship. The legal basis for this is Section 26 BDSG under German law (initiation of an employment relationship), Art. 6 (1) lit. b DSGVO (general contract initiation) and - if you have given your consent - Art. 6 (1) lit. a DSGVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data you submitted will be stored in our data processing systems on the basis of Section 26 of the German Federal Data Protection Act (BDSG) and Article 6 (1) lit. b DSGVO for the purpose of implementing the employment relationship.

Retention period of the data

If we are unable to make you a job offer, if you reject a job offer or if you withdraw your application, we reserve the right to retain the data you have provided for us on the basis of our legitimate interests (Art. 6 (1) (f) DSGVO) for up to 6 months from the end of the application process (rejection or withdrawal of the application). Subsequently, the data will be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will not be deleted until the purpose for continued storage no longer applies.

Longer storage may also take place if you have given your corresponding consent (Art. 6 Para. 1 lit. a DSGVO) or if legal storage obligations prevent deletion.

Data subject rights

You have the right,

  1. a) to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction, processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, such as the existence of automatic decision-making, including profiling, and, if applicable, meaningful information about its details;
  2. b) pursuant to Art. 16 DSGVO, to demand the correction of incorrect or the completion of your personal data stored by us without undue delay;
  3. c) pursuant to Art. 17 DSGVO, to request the erasure of personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation on grounds of public interest, or for the assertion, exercise or defense of legal claims;
  4. d) according to Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO;
  5. e) pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  6. f) in accordance with Art. 7 (3) DSGVO, to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future; and
  7. g) complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the registered office of our company for this purpose.

The competent supervisory authority for data protection of CHIRON Group SE is:

The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.

P.O. Box 10 29 32, 70025 Stuttgart
Königstraße 10a, 70173 Stuttgart
Phone: +49 711 615541-0
Fax: +49 711 615541-15
E-mail: poststelle@lfdi.bwl.de
Internet: www.baden-wuerttemberg.datenschutz.de

For the assertion of the aforementioned rights as well as for questions regarding data protection, you can contact the person responsible in accordance with the aforementioned item 1 or send an appropriate e-mail to dp@chiron-group.com.

Right of objection

Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f) DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation. If you would like to exercise your right of revocation or objection, an e-mail to dp@chiron-group.com is sufficient.

Data security

  1. a) Within the website visit, we use the widespread SSL procedure (Secure Sockets Layer) in conjunction with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser. The data you enter in the form for registering with the job exchange is also only transmitted to us in encrypted form.
  2. b) We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Changes to this privacy policy

Due to current circumstances, such as a change in the relevant data protection regulations, we will update this privacy policy if necessary.

Status: 01.07.2023