Effective as of May 25, 2018
We take your privacy very seriously and will process your personal data in compliance with applicable data protection laws. Personal data within the meaning of this Policy are any information that may be related to you, i.e., your name, address, email address, IP address, and user behavior.
1. Controller and data protection officer
(1) The controllers within the meaning of Art. 4 para. 7 of the General Data Protection Regulation (hereinafter "GDPR") and the service provider within the meaning of § 13 of the German Telemedia Act (hereinafter "TMG") is:
Profil Institut für Stoffwechselforschung GmbHHellersbergstraße 941460 NeussProfil Mainz GmbH Co. KGMalakoff-PassageRheinstraße 4 C, Eingang Templerstraße55116 Mainz
(2) The data protection officer can be reached at:
Profil Institut für Stoffwechselforschung GmbHData Protection OfficerHellersbergstraße 941460 NeussEmail: email@example.com
3. Categories of personal data that are processed
(1) If you visit or use our website for information purposes only, i.e., if you do not register or otherwise transmit information to us, we will only collect personal data that are transmitted to our server by your browser. If you wish to view our website, we will collect the following data, which we need for technical reasons to show our website to you and to ensure stability and security:
- your IP address- the date, time, and duration of your visit,- the content requested (specific page),- the access status/http-status code,- the data volume transmitted,- the website from which the request is received,- your browser, and- your operating system.
Those data will be used exclusively for internal statistical purposes.
(2) In addition to the aforementioned data, temporary or persistent cookies will be stored on your computer when you use our website. Cookies are small text files that are assigned to your browser on your hard drive and that transmit certain information to the party that has placed the cookie. Cookies can execute no programs or transmit any viruses to your computer. Their purpose is to make the website as a whole more user-friendly and effective.
(4) Most browsers are configured by default to accept cookies. However, you can block cookies in your browser at any time or select settings in your browser to receive a notification as soon as a cookie is transmitted. Please note, however, that if you do so, you may not be able to use all features of this website.
(5) This stored information will be stored separately from any additional data you may have provided to us. In particular, data from cookies will not be linked to any other of your data.
4. Additional features and services of our website
(1) In addition to purely informational use of our website we offer various services that you may use if you are interested. To use those services you will generally have to provide additional personal data, which we will then use to provide the service you have selected.
(2) If you contact us by email or through a contact form, you will have to provide your email address. We also offer you the opportunity to contact our experts directly by using a contact form. Again, you will have to provide your email address. In addition, you will be required to choose whether or not receive a Newsletter.
(3) If you contact us by using the call function, you may request a return phone call. To do so, you must leave your first and last name as well as your telephone number. Those data will be stored by us in order to respond to your inquiry.
(4) In addition, you may schedule a meeting with us on our website. For this purpose you must provide your first and last name, the name of your company, your position, and your email address.
(5) On our website you may schedule a free consultation with our experts. To do so, you must provide your first and last name, your email address, the name of your company, your position, and your telephone number.
(6) We further provide you with an opportunity to determine whether Profil is able to provide support for your study. For this purpose we offer a test for study recruitment. To use this service, you must provide your first and last name, your email address, the name of your company, and details of your planned study (e.g., number of participants, type of study).
(7) On our website you may register for our online tool, the Insulin Steady-State Simulator. Our insulin simulator allows you to monitor insulin levels when ingesting various insulin products. To use this tool, you must provide your email address and your position.
(8) On our website you can download our conference poster. To do so, you must provide your email address. You must also choose whether or not you wish to receive our Newsletter. After you have provided the required information, you will be transferred directly to the appropriate page for downloading.
5. Google Universal Analytics with IP anonymization
(2) The IP address transmitted by your browser in connection with Google Universal Analytics will not be merged with any other data of Google.
(3) Beyond the cookie settings of your browser you can also prevent Google from tracking data generated by the cookie about your use of the website (including your IP address) as well as from processing such data by downloading and installing the browser plug-in that is available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) Please note that on this website Google Universal Analytics has been extended by the code "ga('set', 'anonymizeIp', true);" to guarantee anonymous tracking of IP addresses (so-called IP masking). As a result, IP addresses are processed in truncated form ruling out any possibility of associating an IP address directly with a particular person.
(5) We use Google Analytics in order to be able to analyze and continuously improve use of our website. The statistical data generated by Google Analytics allow us to improve our products and services and to make them more interesting to you as a user. For exceptional cases in which personal data are transferred to the United States Google has committed to comply with the EU-US Privacy Shield.
6. Use of 2-click solution for social media plug-ins of Twitter and LinkedIn
(2) We neither have control over collected data or data processing procedures of plugin providers nor do we know the full extent to which data are collected, for what purposes data are processed, or for how long data are stored by plugin providers. We also have no information about the erasure of collected data by plugin providers.
(3) Plug-in providers store such data as user profiles and use them for advertising and market research purposes and/or for designing their websites in conformity with user preferences. Such an analysis is made in particular (whether or not users are logged in) to show advertising in conformity with user preferences and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such a user profile. To exercise this right, you must contact the appropriate plugin provider. Through plugins we provide you with the opportunity to interact with social networks and other users, allowing us to improve our products and services and make them more interesting to you as the user.
(4) Data will be transferred whether or not you have an account with a plugin provider or are logged in with a plugin provider. If you are logged in with a plugin provider, your data will be directly associated with your account with the plugin provider. If you click on the button and, e.g., link the page, the plugin provider will store that information in your user account as well and share that information publicly with your contacts. We recommend that you always log out from a social network after use, in particular however before you activate the button, as this will allow you to avoid association with your profile at the plugin provider.
(5) Additional information about the purpose and extent of data collection and processing by plugin providers is available in the data privacy policies of the various providers shown below. There, you will also find additional information about your rights and setting options to protect your privacy:
- Twitter Inc., 1355 Market St., Suite 900, San Francisco, California 94103, U.S.A.; LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, U.S.A.; http://www.linkedin.com/legal/privacy-policy.
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, U.S.A.; http://www.linkedin.com/legal/privacy-policy
7. Integration of Google Maps
(1) We use Google Maps on this website. This allows us to show you interactive maps directly on the website and provide you with convenient use of the map function.
8. Newsletter (Profil World)
(1) You may consent to receive and subscribe to our Newsletter (Profil World), which provides information about current offers that may be of interest to you. The advertised products and services are specified in the declaration of consent.
(2) For subscription to our Newsletter we use the so-called double opt-in method. This means that after you have registered, we will send a confirmation e-mail to the e-mail address you have provided, asking you to confirm that you wish to receive the Newsletter. If you do not confirm your registration, your information will be immediately blocked and deleted after one month. In addition, we will store your IP addresses and the times of registration and confirmation. The purpose of using this method is to document your registration and to be able to investigate any potential misuse of your personal data
(3) The only information you must provide to receive our Newsletter is your email address. Additional, specifically identified data may be provided on a voluntary basis and will be used by us to contact you directly. Following your confirmation, we will store your email address to send you our Newsletter.
(4) You may revoke your consent to receive the Newsletter and unsubscribe at any time. To revoke your consent, you may click on the link provided in each Newsletter email or send us a message by mail, telephone, or telefax to the contact data shown in the Legal Notice
9. Job newsletter
(1) You may consent to receive and subscribe to our Job Newsletter, which provides information about current job openings.
(2) For the registration for our Job Newsletter we use the so-called double opt-in method. This means that after you have registered we will send you an email to the specified email address in which we will ask you to confirm that you wish to receive the Job Newsletter. If you do not confirm your registration, your information will be immediately blocked and deleted after one month. In addition, we will store your IP addresses and the times of registration and confirmation. The purpose of using this method is to document your registration and to be able to investigate any potential misuse of your personal data.
(3) The only required information for receiving the Job Newsletter is your email address. Additional, specifically identified data may be provided on a voluntary basis and will be used by us to contact you directly. Following your confirmation, we will store your email address to send you our Job Newsletter.
(4) You may revoke your consent to receive the Job Newsletter at any time and unsubscribe from the Job Newsletter. To revoke your consent, you may click on the link made available in each Newsletter email or send us a message by mail, telephone, or telefax to the contact data shown in the Legal Notice.
10. Use of Our Blog
(1) We use our blog to publish various articles on topics related to diabetes. You may leave public comments on our blog. Your comments will be published below the article along with your specified username. You may also use a pseudonym instead of your actual name. The only required information is your user name and email address, all other information is voluntary. If you leave a comment, we will also store your IP address, which will be deleted after one week. Storage of your IP address is necessary for us to be able to defend against liability for any publication of unlawful content. We need your email address in order to contact you if a third party should complain that your comment is unlawful. Comments are not reviewed prior to publication. We reserve the right to delete comments if third parties complain that such comments are unlawful.
(2) When leaving a comment, you can check a box for our email notification service. If you do so, you will be notified if other users leave a comment in response to your own comment. For this service we use the so-called double opt-in method, i.e., you will receive an email in which you must confirm that you are the owner of that email address and wish to receive notifications. You may cancel notifications at any time by clicking on the link included in the email. Your personal data, including your email address, the time you register for the service, and your IP address will be stored by us until you cancel notifications.
11. Blog Updates
(1) You may consent to receive and subscribe to monthly updates to our blog, which provides you with current information about topics related to diabetes.
(2) For the registration for updates we use the so-called double opt-in method. This means that after you have registered we will send you an email asking you to confirm that you wish to receive updates. If you do not confirm your registration, your information will be immediately blocked and deleted after one month. In addition, we will store your IP addresses and the times of registration and confirmation. The purpose of using this method is to document your registration and to be able to investigate any potential misuse of your personal data.
(3) The only required information for receiving Diabetes Blog Updates is your email address. Additional, specifically identified data may be provided on a voluntary basis and will be used by us to contact you directly. Following your confirmation, we will store your email address to send you our Updates.
(4) You may revoke your consent to receive Diabetes Blog Updates and unsubscribe from Updates at any time. To revoke your consent, you may click on the link made available in each update email or send us a message by mail, telephone, or telefax to the contact data shown in the Legal Notice.
12. SurveyMonkey feedback service
(1) This website uses the feedback service of SurveyMonkey Europe UC. Feedback results allow an internal analysis to improve our services. When using the feedback service, your personal data (for details see section 3 above) as well as the personal data provided by you will also be transferred to SurveyMonkey Inc. and processed and stored on a server in the United States.
(2) Additional information about the provider: SurveyMonkey Europe UC, 2nd floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland, and SurveyMonkey Inc., 1 Curiosity Way, San Mateo, CA 94403, U.S.A. SurveyMonkey Inc. has committed to comply with the EU-US Privacy Shield. Data transfers between SurveyMonkey Europe UC and SurveyMonkey Inc. are subject to EU standard data protection clauses within the meaning of Art. 46 para. 2 let. c) of the GDPR. You will find additional information about data privacy at: https://www.surveymonkey.de/mp/legal/privacy-policy/.
(1) On our website we offer webinars on various topics. A webinar is similar to an actual seminar and takes place on the Internet with software support. You may participate in a webinar if you have registered on our website. To register, you must provide your first and last name, your email address, and, where applicable, additional personal data.
(2) During and after a webinar statistical data will be transferred to Profil GmbH. If you participate in a webinar, ask or answer a question during a webinar, we will, in addition to your registration data, receive information about the duration of your participation, your interest in the webinar, and the question you asked or answered, which we will use for servicing customers or improving user experience in the future.
(3) The connection between you and the organizer of the webinar will be encrypted. No audio or video information transmitted during a session will be recorded by us. By clicking on "Participate" you confirm that you too will make no recordings or screenshots of the session.
(4) You may terminate a session at any time by closing the browser window or terminating the program. If your contact partner terminates a session, your participation in the session will also be automatically terminated.
14. Perfect Audience
On our website we use the retargeting tool "Perfect Audience" of Marin Software Inc., 123 Mission Street, 25th floor, San Francisco, CA 94105, U.S.A ("Perfect Audience"). For this purpose we have integrated the Perfect Audience pixel into our website, which allows us to track statistical, pseudonymous data about your visit and your use of our website. Based on this information Perfect Audience allows us to show you interest-based, relevant offers on websites of our partners. In this connection no information allowing inferences as to your identity will be transferred to partner websites. Rather, on the basis of information stored in a cookie, only ads for services for which you have expressed interest on our website will be shown. No user profiles will be merged with any other data about you. You may block cookies by selecting the appropriate settings in your browser software. In the alternative, you may object to this form of retargeting by placing an opt-out cookie at the following link, which will remain on your device until you delete the cookie: http://www.perfectaudience.com/privacy/.
15. Integration of videos using WISTIA
16. Integration of Google reCAPTCHA
(1) To protect your inquiries by online contact form, we use the service "reCAPTCHA" of Google. The purpose of the query is to distinguish information entered by humans from misuse by web robots (bots). The query includes sending the IP address and possibly additional data needed by Google for its reCAPTCHA service to Google. For this purpose data you enter will be transmitted to Google, where it will be processed further.
17. Categories of recipients of personal data
(1) For some of the aforementioned processes and services we have carefully selected third-party service providers in conformity with applicable data protection law. Such third-party service providers are bound by our instructions and are audited by us on a regular basis. They will not transfer your data to third parties.
(2) In terms of transferring data to other recipients, we will transfer information about you only if we are required to do so by law, if you have consented, or if we otherwise have the right to transfer your data. Provided that these requirements are satisfied, we may transfer personal data, for example, to the following recipients:
- Government agencies and institutions (e.g., tax authorities, criminal investigation authorities), if there is a legal or regulatory obligation.
- Other companies or comparable institutions to whom we transfer your personal data for the purpose of our business relationship with you.
18. Purposes for which personal data are processed, and legal bases of data processing
We will process your personal data in compliance with applicable data protection laws. Data processing is lawful if the following conditions are satisfied:
- Consent (Article 6 paragraph 1a) of the GDPR:
Processing of your personal data is lawful if you have consented to processing for specific purposes (e.g., processing of your inquiry, use of data for marketing purposes). Your consent may be revoked at any time with effect for the future. This also applies to the revocation of consents you gave us before the GDPR took effect, i.e., prior to May 25, 2018.
- Contractual obligations (Article 6 paragraph 1b) of the GDPR:
We process personal data in order to comply with our contractual obligations or to perform pre-contractual measures upon request. The purposes of data processing depend primarily on your inquiry.
- Legal requirements (Article 6 paragraph 1c) of the GDPR:
Profil Institut für Stoffwechselforschung GmbH is subject to various legal obligations, including the following:
- recordkeeping obligations under the German Commercial Code (HGB) and the German Tax Code (AO).
- audit and reporting obligations under tax law.
- Legitimate interests (Article 6 paragraph 1f) of the GDPR:
To the extent necessary, we will process your data beyond the actual performance of the agreement with you to protect our rightful interests or those of third parties. For example, we may process your data:
- to assert legal claims or defend legal actions,
- to guarantee IT security and IT operation,
- to analyze and improve use of our website, or
- to use social media plugins.
19. Intent to transfer personal data to a third country or international organization
(1) Personal data will be actively transmitted to third countries only if this is expressly disclosed in connection with the aforementioned services.
(2) In connection with operating the website your personal data will be transferred to a third country outside the EEA, namely the United States, and stored there on a server. Specifically, this data transfer will be based on a data processing agreement in the form of EU standard data protection clauses between Profil GmbH and the service provider Hubspot Inc., 25 First Street, 2nd floor, Cambridge, MA 02141, U.S.A. Hubspot Inc. has committed to comply with the EU-US Privacy Shield (https://www.privacyshield.gov/welcome).
20. Criteria for determining the duration for which personal data will be stored
(1) Data will be stored in compliance with applicable data processing laws and in conformity with legal recordkeeping obligations. We will process and use data only for the purposes for which you have authorized us to process your data, and we will store data for as long as they are needed for those purposes.
(2) If and when data are no longer needed for their purpose or for compliance with legal obligations, they will generally be erased unless continued processing of such data – for a limited time period and, where applicable, on a restricted basis – is necessary for any of the following purposes:
- Compliance with recordkeeping obligations under commercial or tax law: noteworthy are the German Commercial Code (HGB) and the German Tax Code (AO). These statutes provide for recordkeeping and/or documentation periods of up to 10 years.
- Preservation of evidence in connection with statute of limitations provisions: under §§ 195 et seq. of the German Civil Code (BGB) the standard limitation period is three years, but may be up to 30 years under special circumstances.
21. Your data privacy rights
(1) Every data subject has a right to information under Article 15 of the GDPR, a right to rectification under Article 16 of the GDPR, a right to erasure under Article 17 of the GDPR, a right to restricted data processing under Article 18 of the GDPR, a right of revocation under Article 21 of the GDPR, and a right to data portability under Article 20 of the GDPR. The right to information and the right to erasure are subject to the limitations of §§ 34 and 35 of the Federal Data Protection Act (BDSG). In addition, every data subject has a right to lodge a complaint with a competent data protection supervisory authority (Article 77 of the GDPR in conjunction with § 19 of the Federal Data Protection Act (BDSG)).
(2) Your consent to the processing of personal data by us may be revoked at any time with effect for the future, as is the case for consents that were given to us before the General Data Protection Regulation took effect, i.e., prior to May 25, 2018.
(3) You have a right to object at any time to the processing of your personal data based on Article 6 paragraph 1 e) of the GDPR (data processing in the public interest) or Article 6 paragraph 1 f) of the GDPR (data processing on the basis of a legitimate interest) if the reasons for the objection involve special personal circumstances; this also applies to profiling within the meaning of Art. 4 no. 4 of the GDPR on the basis of that provision.
In some cases your personal data will be processed for direct advertising purposes. You have the right to object to processing of your personal data for direct advertising purposes at any time; the same applies to profiling related to such direct advertising.
If you object to processing of your personal data for direct advertising purposes, your personal data will no longer be processed for such purposes.
If you object, we will no longer process your personal data unless we can show that there are compelling, protected reasons for processing your data that outweigh your interests, rights, and freedoms, and unless your data are processed to assert, exercise, or defend legal rights or claims.
Objections may be made informally and, if possible, should be addressed as follows:
Profil Institut für Stoffwechselforschung GmbHData Protection OfficerHellersbergstraße 941460 NeussE-Mail: firstname.lastname@example.org
22. Obligation to make available personal data and potential consequences of failing to make available personal data
In connection with using our services you must make available personal data which are necessary for achieving the purpose for which they are collected or which we are required to collect by law. Without those data, we will generally be unable to enter into or perform a contract with you.
23. Data Security
Your data will be transferred to us in encrypted form (TLS technology). Our website is protected from damage, destruction, and unauthorized access by technical safeguards. Nonetheless, data transfers on the Internet may be subject to security gaps. As a result, protection from unauthorized access by third parties cannot be guaranteed 100% despite such safeguards.