Cookie settings
Change cookie settingsPrivacy statement
We are pleased you are visiting our website and that you are interested in our event. It is sometimes necessary for your personal data to be processed in order for you to use our online features and services.
We would therefore like to draw your attention to the following information in accordance with Article 13 of the General Data Protection Regulation (hereinafter “GDPR”). The aim is to provide you with an overview of the type and scope of data processing and your resulting rights.
Name and contact details of the organization responsible for data processing
Chiesi GmbH
Gasstraße 6
22761 Hamburg
Tel: +49 (0)40 897 24-0
Fax: +49 (0)40 897 24-212
E-Mail: info.de@chiesi.com
Contact details for our data protection provider
For all questions relating to the processing of your personal data and exercising your rights, please get in touch directly with our data protection office using the following contact details:
datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
E-Mail: office@datenschutz-nord.de
Web: www.datenschutz-nord-gruppe.de
Processing operations in detail
1. Websites
When using our websites, we generally only process personal data insofar as these are required to provide our websites and the features offered and to optimize our content.
You can find out in detail which types of processing this involves in the following information.
1.1 Logging of visits to the website
When accessing our websites, the following information is automatically sent from your browser to our web server for the purpose of delivering the requested content. We then record it in a log file for a period of seven days in order to be able to detect, limit and eliminate attacks on our websites.
- IP address
- Date and time of accessing
- Enquiry (method, file requested and log version)
- Name of the page accessed
- Status code for the web server response (e.g. successful)
- Amount of data transmitted
- Browser type and version
- Operating system
- Device used
- Referrer URL (the page visited previously)
We reserve the right to keep the log file for a longer period if there are elements that suggest unauthorized access.
The legal basis for this processing operation is our overriding legitimate interest in accordance with Article 6 paragraph 1(f) GDPR to ensure that our website works smoothly.
1.2 Storing information or accessing saved information
We use cookies on our websites to enable user navigation and the implementation of certain features. Small text files that contain a characteristic search string, and which enable the browser to be clearly identified when the website is accessed again, are stored on your device for the duration of the session or beyond, depending on the purpose. Some elements of our websites require the accessing browser to be identified even after moving to another page, which means it is essential that they are saved. The details of the necessary and optional cookies we use can be found in the table below.
Name | Provider | Purpose | Storage duration |
---|---|---|---|
gdpr_cookie_consent | www.weactcon.de | Storage of consent when entering the website | 1 year |
wentry_session | www.weactcon.de | Includes an anonymous user ID in order to assign multiple requests from a user from the same HTTP session. | Up to the end of the browser session |
_ga | googletagmanager.com | Unique ID for anonymous collection of visitor statistics. (Cookie only exists after consent to the performance cookies) |
2 years |
_ga_<container-id> | googletagmanager.com | Used to save the session status. (Cookie only exists after consent to the performance cookies) |
2 years |
The legal basis for storing information or accessing such information using cookies, if their use is required to provide the necessary features, is Section 25 Paragraph 2 of the Telecommunications and Telemedia Data Protection Act (TTDSG). If this process involves the processing of personal data, it is in addition to Article 6 paragraph 1(f) of the GDPR. The legitimate interest required in the latter case is based on the aforementioned purpose of being able to offer certain technical attributes on our websites. Furthermore, the grounds for saving or reading is your consent in accordance with Section 25 Paragraph 1 of the TTDSG in conjunction with Article 7 of the GDPR. With regard to the processing of personal data, Article 6 Paragraph 1(a) of the GDPR applies. You may withdraw from this at any time with effect for the future by amending your choices under “Change cookie settings”.
We would also like to point out that you can essentially set your browser so that you are informed about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time and prevent new cookies from being set using the appropriate browser setting. Please note that this may result in our websites not being displayed optimally and some features may not be technically available anymore.
1.3 Tag-Manager
The “Google Tag Manager” service of the provider Google Ireland Limited -Gordon House, Barrow Street, Dublin 4, Ireland - is integrated into our websites as part of order processing for the purposes of managing and triggering tags. This creates a connection with the provider's servers by calling up our pages with the consequence that the information described in more detail in Clause 1 is transmitted.
The legal basis for the data processing that takes place through the integration of the service into our websites is Article 6 Paragraph 1 Letter f of the GDPR. Our legitimate interest lies in the optimum design and best possible presentation of our pages.
1.4 Web analysis
Subject to your consent, we use the web analysis system "Google Analytics" of the provider Google Ireland Limited - Gordon House, Barrow Street, Dublin 4, Ireland - in the operating mode "Universal Analytics" for the needs-based design of our websites. By this means, data, sessions and interactions are recorded by means of the storage of cookies in order to analyse the activities across websites.
When tracking with Google Analytics, several different domains are recorded by Chiesi GmbH. The data is additionally directed into a common Google Analytics Property (cross domain tracking). Based on cross-domain tracking, Google Analytics can, for example, assign a user who visits several of these domains to a session. The prerequisite for cross-domain tracking is that the user agrees to the corresponding statistics cookies on both domains.
The information generated by the cookies about the use of our websites is generally transmitted to a server in the USA by the provider who processes the data on our behalf based on an order processing contract and stored there. We use the function 'anonymizeIP' (IP masking), so that your IP address is usually shortened by the service within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area.
As personal data in this target country do not enjoy adequate protection comparable to European data protection law, an appropriate level of data protection cannot be assumed at present. There is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to file legal remedies. Please note this if you decide to give your consent.
The legal basis for data processing is Section 25 Paragraph 1 of the TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz [Telecommunications and Telemedia Data Protection Act]) in conjunction with Article 7 of the GDPR.
You can revoke your consent at any time under “Change Cookie Settings” by adapting your selection.
1.4 Registration to participate in the event
You can acquire the right of access online to participate in the event by entering your data in the fields marked as mandatory on the registration form. We generally collect the following categories and types of data from your submission:
- Personal identification details (e.g. title, form of address, first name and surname)
- Contact details (address, e-mail address and telephone number)
- Operational details (name of the practice or employing institution)
- Evidence of discounted rates
- Billing and payment related data (e.g. financial institution, card number, billing details and discounts)
- Other information provided voluntarily
We process the above information for the purposes of executing the contract and administering your participation in the event.
The legal basis, in terms of the mandatory information on the registration form, is Article 6 paragraph 1(b) of the GDPR.
If you have also voluntarily provided us with supplementary content such as additional comments, the legal basis is your withdrawable consent in accordance with Article 6 Paragraph 1(a) and 7 of the GDPR.
The only organizations and persons who receive the information that you transmit to us in this context are those responsible in-house for the respective processing and externally, the service provider SÜDWEST PRESSE + Hapag-Lloyd Reisebüro GmbH & Co. KG. The latter supports us, subject to instructions, on the basis of an order processing contract, in the context of the organization and implementation of the event and the associated processes.
Any further transfer to third parties will only occur if you choose to pay by credit card. In this case, the billing information will be sent to your financial institution to process the payment.
1.5 Sending you information about similar events
We process your personal data, which we received when you registered for our event, including your first name and surname and your email address, for commercial communication in order to inform you about similar Chiesi events in the future. The legal basis for this is Article 6 Paragraph 1(f) of the GDPR in conjunction with Section 7 Paragraph 3 of the Act against Unfair Competition (UWG) and is in the interest of advertising.
You have the option to object to the processing of your personal data for the aforementioned purpose in the future, for example by clicking on the unsubscribe link included in every email, without incurring any costs other than the transmission costs according to the basic tariffs.
1.6 Newsletter registration
Regardless of whether you have signed up for an event, you have the option of registering on our website at any time to receive a newsletter by email. This is a means of sending you information about our events and invitations to take part in surveys.
To ensure proper registration, we use the so-called double opt-in procedure. This means that once you have registered, you will receive an email with a confirmation link, which you must also click to ultimately be included on the distribution list.
In addition to the data you provide via the registration form; for the purpose of verifying your consent, we also collect your IP address, date and time of registration / activation of the confirmation link in order to send our newsletter.
The legal basis for the processing of your personal data, in terms of the information you provide, is your consent in accordance with Article 6 paragraph 1(a) and Article 7 of the GDPR. You may withdraw this consent at any time with future effect. You can do so either by using the unsubscribe link included in each email or by sending a message via one of the contact methods mentioned above.
Furthermore, your registration information will be processed on the basis of Article 6 Paragraph 1(f) of the GDPR in the legitimate interest of being able to prove that consent has been properly obtained.
The only organizations and persons who receive the information that you transmit to us in this context are those responsible in-house for the respective processing and externally, the email marketing service provider, who supports us in accordance with instructions in the context of order processing based on a contract.
2. Event
2.1 Name tag
In order to make it easier for you to contact and network with the other participants during and after the event, subject to your consent, we will create a personalized name tag in the form of a QR code, based on the data collected from you when you registered. Your first name and surname, title if relevant as well as information about your practice or employing institution, and your email address and telephone number, if applicable, are presented in binary form on this tag. You may wear this at the event, but you are not obliged to do so. The legal basis for data processing is your consent in accordance with Article 6 Paragraph 1(a) of the GDPR.
2.2 Recordings
As part of the event, photos and video recordings will be taken and published on our own websites and company profiles on social media for the purpose of reporting on the event.
To this extent, data processing is carried out on the basis of Article 6 paragraph 1(f) of the General Data Protection Regulation in the legitimate interest of public relations.
If you do not want to be recorded as part of a larger group, you have the option of objecting to the processing described above directly on site or subsequently, in justified cases.
If Chiesi also intends to take individual photos of you, i.e. with you as the main subject, Chiesi will obtain your explicit consent to do so.
Data recipients
The only recipients of your data, which we collect from you via your use of our online services or as part of the implementation of the event, are in-house offices and persons as well as external service providers. The latter support us, subject to our instructions as part of order processing, based on a contract for operating our website and the associated processes. In addition to the service provider given in section 1.4, these are the web host and the marketing agency commissioned by us.
In principle, data will not be passed on to third parties unless explicitly stated elsewhere in this privacy statement.
Storage duration
We delete or anonymize your personal data once the purpose for the respective processing no longer applies, and provided that deletion does not conflict with any legal retention obligations or legitimate interests. The storage period may therefore vary depending on the process and purpose.
For example, due to commercial and tax law requirements, we retain your data, with regard to information relevant to accounting, for a period of 10 years. Certain communications content, which constitutes commercial letters, is held for a period of 6 years.
Data security
In order to protect your data as comprehensively as possible from unwanted access, we take technical and organizational measures, such as using state-of-the-art encryption procedures. Your information is therefore transmitted from your computer to our server and vice versa over the Internet using TLS encryption.
Your rights as a data subject
As a data subject, you have the right to request information about the processing of personal data relating to you (Article 15 of the GDPR). If the information processed is incorrect you may request it to be corrected (Article 16 of the GDPR). If the requirements are met, you also have the right to deletion (Article 17 of the GDPR) and to restriction of processing (Article 18 of the GDPR) as well as to data portability in accordance with Article 20 of the GDPR.
To the extent that your data are processed in accordance with Article 6 Paragraph 1(f) of the GDPR to protect our legitimate interests, you have the right to object to its processing at any time. You can do so by explaining your particular situation which renders the processing unreasonable. If your personal data are processed for the purposes of direct advertising, you can exercise your right to object without giving reasons.
If the data processing is based on your consent, you are entitled to withdraw this at any time with effect for the future, in accordance with Article 7 paragraph 3 of the GDPR.
Right to lodge a complaint with a supervisory authority
As a data subject, you also have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violate data protection regulations. The right to lodge a complaint can be asserted in particular with a supervisory authority in the member state of your place of residence or work, or the place of the alleged violation.