Contact
Privacy Policy

Data Privacy Statement of Profil Institut für Stoffwechselforschung GmbH for the wbsite www.profil.com

 

Effective as of May 25, 2018

We take your privacy very seriously and will process your personal data in compliance with applicable data protection laws. Personal data within the meaning of this Policy are any information that may be related to you, i.e., your name, address, email address, IP address, and user behavior.

In accordance with national and European laws Profil has appointed a data protection officer who monitors the handling of such data and ensures compliance with applicable laws. The following Data Privacy Policy provides information about how we will process your personal data. We will also provide you with an overview of your data privacy rights. Which data will be processed and how such data will be used will primarily depend on the services used, requested, or contracted.

 

1. Controller and data protection officer

(1) The controllers within the meaning of Art. 4 para. 7 of the General Data Protection Regulation (hereinafter "GDPR") and the service provider within the meaning of § 13 of the German Telemedia Act (hereinafter "TMG") is:

Profil Institut für Stoffwechselforschung GmbH
Hellersbergstraße 9
41460 Neuss
 
Profil Mainz GmbH Co. KG
Malakoff-Passage
Rheinstraße 4 C, Eingang Templerstraße
55116 Mainz

 (2) The data protection officer can be reached at:

Profil Institut für Stoffwechselforschung GmbH
Data Protection Officer
Hellersbergstraße 9
41460 Neuss
Email: datenschutz@profil.com
2. Source of personal data
We will process personal data that we receive from you when your visit our website, when you contact us by email, or when you complete a contact form.

 

3. Categories of personal data that are processed

(1) If you visit or use our website for information purposes only, i.e., if you do not register or otherwise transmit information to us, we will only collect personal data that are transmitted to our server by your browser. If you wish to view our website, we will collect the following data, which we need for technical reasons to show our website to you and to ensure stability and security:

your IP address
- the date, time, and duration of your visit,
- the content requested (specific page),
- the access status/http-status code,
- the data volume transmitted,
- the website from which the request is received,
- your browser, and
- your operating system.

Those data will be used exclusively for internal statistical purposes.

(2) In addition to the aforementioned data, temporary or persistent cookies will be stored on your computer when you use our website. Cookies are small text files that are assigned to your browser on your hard drive and that transmit certain information to the party that has placed the cookie. Cookies can execute no programs or transmit any viruses to your computer. Their purpose is to make the website as a whole more user-friendly and effective.

(3) We use cookies to be able to recognize you the next time you visit our website, if you have created an account with us. Otherwise you will have to log in for each new visit.

(4) Most browsers are configured by default to accept cookies. However, you can block cookies in your browser at any time or select settings in your browser to receive a notification as soon as a cookie is transmitted. Please note, however, that if you do so, you may not be able to use all features of this website.

(5) This stored information will be stored separately from any additional data you may have provided to us. In particular, data from cookies will not be linked to any other of your data.

 

4. Additional features and services of our website

(1) In addition to purely informational use of our website we offer various services that you may use if you are interested. To use those services you will generally have to provide additional personal data, which we will then use to provide the service you have selected.

(2) If you contact us by email or through a contact form, you will have to provide your email address. We also offer you the opportunity to contact our experts directly by using a contact form. Again, you will have to provide your email address. In addition, you will be required to choose whether or not receive a Newsletter.

(3) If you contact us by using the call function, you may request a return phone call. To do so, you must leave your first and last name as well as your telephone number. Those data will be stored by us in order to respond to your inquiry.

(4) In addition, you may schedule a meeting with us on our website. For this purpose you must provide your first and last name, the name of your company, your position, and your email address.

(5) On our website you may schedule a free consultation with our experts. To do so, you must provide your first and last name, your email address, the name of your  company, your position, and your telephone number.

(6) We further provide you with an opportunity to determine whether Profil is able to provide support for your study. For this purpose we offer a test for study recruitment. To use this service, you must provide your first and last name, your email address, the name of your company, and details of your planned study (e.g., number of participants, type of study).

(7) On our website you may register for our online tool, the Insulin Steady-State Simulator. Our insulin simulator allows you to monitor insulin levels when ingesting various insulin products. To use this tool, you must provide your email address and your position.

(8) On our website you can download our conference poster. To do so, you must provide your email address. You must also choose whether or not you wish to receive our Newsletter. After you have provided the required information, you will be transferred directly to the appropriate page for downloading.

 

5. Google Universal Analytics with IP anonymization

(1) This website uses Google Universal Analytics with IP anonymization, a web analysis service of Google Inc. ("Google"). Google Universal Analytics uses cookies. Information about your use of this website generated by the cookie will generally be transferred to a Google server in the United States and stored there. By activating IP anonymization on this website your IP address will however be masked by Google within member states of the European Union or other signatory states to the Agreement on the European Economic Area before your data will be transferred to the United States. On behalf of the operator of this website Google will use such information to analyze your use of the website, to prepare reports about website activities, and to provide additional services related to website use and Internet use to the website operator.

(2) The IP address transmitted by your browser in connection with Google Universal Analytics will not be merged with any other data of Google.

(3) Beyond the cookie settings of your browser you can also prevent Google from tracking data generated by the cookie about your use of the website (including your IP address) as well as from processing such data by downloading and installing the browser plug-in that is available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

(4) Please note that on this website Google Universal Analytics has been extended by the code "ga('set', 'anonymizeIp', true);" to guarantee anonymous tracking of IP addresses (so-called IP masking). As a result, IP addresses are processed in truncated form ruling out any possibility of associating an IP address directly with a particular person.

(5) We use Google Analytics in order to be able to analyze and continuously improve use of our website. The statistical data generated by Google Analytics allow us to improve our products and services and to make them more interesting to you as a user. For exceptional cases in which personal data are transferred to the United States Google has committed to comply with the EU-US Privacy Shield.

(6) Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: http://google.com/analytics/terms/de.html, overview of data privacy: https://www.google.com/analytics/learn/privacy.html?hl=de, and data privacy policy: http://www.google.de/intl/de/policies/privacy.

 

6. Use of 2-click solution for social media plug-ins of Twitter and LinkedIn

(1) We currently use the following social media plug-ins: Twitter and LinkedIn. In this connection we use the so-called 2-click solution. This means that when you visit our website, as a general rule no personal data will initially be transferred to the providers of those plug-ins. The provider of the plug-in is identified on the box by the first letter or logo. The services are contacted or accessed from the server, so that instead of the visitor's IP address, only the server address will be transferred to Twitter and LinkedIn. Only if you click on the link in order to share content, will the plug-in provider receive information that you have accessed the corresponding page of our website. In addition, the data referenced in section 3 of this Data Privacy Policy will be transferred. By activating the plugin personal data will therefore be transmitted to providers in the United States and stored there. Because plugin providers collect data in particular by using cookies, we recommend that you delete all cookies in the security settings of your browser before clicking on the gray-shaded box.

(2) We neither have control over collected data or data processing procedures of plugin providers nor do we know the full extent to which data are collected, for what purposes data are processed, or for how long data are stored by plugin providers. We also have no information about the erasure of collected data by plugin providers.

(3) Plug-in providers store such data as user profiles and use them for advertising and market research purposes and/or for designing their websites in conformity with user preferences. Such an analysis is made in particular (whether or not users are logged in) to show advertising in conformity with user preferences and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such a user profile. To exercise this right, you must contact the appropriate plugin provider. Through plugins we provide you with the opportunity to interact with social networks and other users, allowing us to improve our products and services and make them more interesting to you as the user.

(4) Data will be transferred whether or not you have an account with a plugin provider or are logged in with a plugin provider. If you are logged in with a plugin provider, your data will be directly associated with your account with the plugin provider. If you click on the button and, e.g., link the page, the plugin provider will store that information in your user account as well and share that information publicly with your contacts. We recommend that you always log out from a social network after use, in particular however before you activate the button, as this will allow you to avoid association with your profile at the plugin provider.

(5) Additional information about the purpose and extent of data collection and processing by plugin providers is available in the data privacy policies of the various providers shown below. There, you will also find additional information about your rights and setting options to protect your privacy:

- Twitter Inc., 1355 Market St., Suite 900, San Francisco, California 94103, U.S.A.; LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, U.S.A.; http://www.linkedin.com/legal/privacy-policy.

- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, U.S.A.; http://www.linkedin.com/legal/privacy-policy

7. Integration of Google Maps

(1) We use Google Maps on this website. This allows us to show you interactive maps directly on the website and provide you with convenient use of the map function.

(2) When you visit the website, Google will receive information that you have accessed the corresponding page of our website. In addition, the data shown in section 3 of this Data Privacy Policy will be transmitted. This will happen whether or not Google makes available a user account through which you are logged in. If you are logged in with Google, your data will be associated directly with your account. If you do not wish data to be associated with your Google profile, you have to log out before clicking the button. Google stores such data as user profiles and uses them for advertising and market research purposes and/or for designing its website in conformity with user preferences. Such an analysis is made in particular (whether or not users are logged in) to show advertising in conformity with user preferences and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such a user profile. To exercise this right, you must contact Google.

(3) You will find additional information about the purpose and extent of data collection and processing by the plug-in provider in the data privacy policy of the provider. There, you will also find additional information about your rights and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy.  Google will process your personal data also in the United States and has committed to comply with the EU-US Privacy Shield.

 

8. Newsletter (Profil World)

(1) You may consent to receive and subscribe to our Newsletter (Profil World), which provides information about current offers that may be of interest to you. The advertised products and services are specified in the declaration of consent.

(2) For subscription to our Newsletter we use the so-called double opt-in method. This means that after you have registered, we will send a confirmation e-mail to the e-mail address you have provided, asking you to confirm that you wish to receive the Newsletter. If you do not confirm your registration, your information will be immediately blocked and deleted after one month. In addition, we will store your IP addresses and the times of registration and confirmation. The purpose of using this method is to document your registration and to be able to investigate any potential misuse of your personal data

(3) The only information you must provide to receive our Newsletter is your email address. Additional, specifically identified data may be provided on a voluntary basis and will be used by us to contact you directly. Following your confirmation, we will store your email address to send you our Newsletter.

(4) You may revoke your consent to receive the Newsletter and unsubscribe at any time. To revoke your consent, you may click on the link provided in each Newsletter email or send us a message by mail, telephone, or telefax to the contact data shown in the Legal Notice

 

9. Job newsletter

(1) You may consent to receive and subscribe to our Job Newsletter, which provides information about current job openings.

(2) For the registration for our Job Newsletter we use the so-called double opt-in method. This means that after you have registered we will send you an email to the specified email address in which we will ask you to confirm that you wish to receive the Job Newsletter. If you do not confirm your registration, your information will be immediately blocked and deleted after one month. In addition, we will store your IP addresses and the times of registration and confirmation. The purpose of using this method is to document your registration and to be able to investigate any potential misuse of your personal data.

(3) The only required information for receiving the Job Newsletter is your email address. Additional, specifically identified data may be provided on a voluntary basis and will be used by us to contact you directly. Following your confirmation, we will store your email address to send you our Job Newsletter.

(4) You may revoke your consent to receive the Job Newsletter at any time and unsubscribe from the Job Newsletter. To revoke your consent, you may click on the link made available in each Newsletter email or send us a message by mail, telephone, or telefax to the contact data shown in the Legal Notice.

 

10. Use of Our Blog

(1) We use our blog to publish various articles on topics related to diabetes. You may leave public comments on our blog. Your comments will be published below the article along with your specified username. You may also use a pseudonym instead of your actual name. The only required information is your user name and email address, all other information is voluntary. If you leave a comment, we will also store your IP address, which will be deleted after one week. Storage of your IP address is necessary for us to be able to defend against liability for any publication of unlawful content. We need your email address in order to contact you if a third party should complain that your comment is unlawful. Comments are not reviewed prior to publication. We reserve the right to delete comments if third parties complain that such comments are unlawful.

(2) When leaving a comment, you can check a box for our email notification service. If you do so, you will be notified if other users leave a comment in response to your own comment. For this service we use the so-called double opt-in method, i.e., you will receive an email in which you must confirm that you are the owner of that email address and wish to receive notifications. You may cancel notifications at any time by clicking on the link included in the email. Your personal data, including your email address, the time you register for the service, and your IP address will be stored by us until you cancel notifications.

 

11. Blog Updates

(1) You may consent to receive and subscribe to monthly updates to our blog, which provides you with current information about topics related to diabetes.

(2) For the registration for updates we use the so-called double opt-in method. This means that after you have registered we will send you an email asking you to  confirm that you wish to receive updates. If you do not confirm your registration, your information will be immediately blocked and deleted after one month. In addition, we will store your IP addresses and the times of registration and confirmation. The purpose of using this method is to document your registration and to be able to investigate any potential misuse of your personal data.

(3) The only required information for receiving Diabetes Blog Updates is your email address. Additional, specifically identified data may be provided on a voluntary basis and will be used by us to contact you directly. Following your confirmation, we will store your email address to send you our Updates.

(4) You may revoke your consent to receive Diabetes Blog Updates and unsubscribe from Updates at any time. To revoke your consent, you may click on the link made available in each update email or send us a message by mail, telephone, or telefax to the contact data shown in the Legal Notice.

 

12. SurveyMonkey feedback service

(1) This website uses the feedback service of SurveyMonkey Europe UC. Feedback results allow an internal analysis to improve our services. When using the feedback service, your personal data (for details see section 3 above) as well as the personal data provided by you will also be transferred to SurveyMonkey Inc. and processed and stored on a server in the United States.

(2) Additional information about the provider: SurveyMonkey Europe UC, 2nd floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland, and SurveyMonkey Inc., 1 Curiosity Way, San Mateo, CA 94403, U.S.A. SurveyMonkey Inc. has committed to comply with the EU-US Privacy Shield. Data transfers between SurveyMonkey Europe UC and SurveyMonkey Inc. are subject to EU standard data protection clauses within the meaning of Art. 46 para. 2 let. c) of the GDPR. You will find additional information about data privacy at: https://www.surveymonkey.de/mp/legal/privacy-policy/.

 

13. Webinars

(1) On our website we offer webinars on various topics. A webinar is similar to an actual seminar and takes place on the Internet with software support. You may participate in a webinar if you have registered on our website. To register, you must provide your first and last name, your email address, and, where applicable, additional personal data.

(2) During and after a webinar statistical data will be transferred to Profil GmbH. If you participate in a webinar, ask or answer a question during a webinar, we will, in addition to your registration data, receive information about the duration of your participation, your interest in the webinar, and the question you asked or answered, which we will use for servicing customers or improving user experience in the future.

(3) The connection between you and the organizer of the webinar will be encrypted. No audio or video information transmitted during a session will be recorded by us. By clicking on "Participate" you confirm that you too will make no recordings or screenshots of the session.

(4) You may terminate a session at any time by closing the browser window or terminating the program. If your contact partner terminates a session, your participation in the session will also be automatically terminated.

(5) For our online webinars we use software of GoToWebinar von LogMeIn Inc., 320 Summer Street, Boston MA, 02210. The party responsible for providing the service and for related data processing is LogMeIn Inc. The data privacy policy of LogMeIn is available at: https://www.logmeininc.com/de/legal/privacy. For contract-related webinars we will transfer your personal data (for details see section 3 above) as well as registration and customer data to LogMeIn Inc. LogMeIn Inc. has committed to comply with the EU-US Privacy Shield. You will find additional information at: https://www.logmeininc.com/de/legal/privacy-shield.

 

14. Perfect Audience

On our website we use the retargeting tool "Perfect Audience" of Marin Software Inc., 123 Mission Street, 25th floor, San Francisco, CA 94105, U.S.A ("Perfect Audience"). For this purpose we have integrated the Perfect Audience pixel into our website, which allows us to track statistical, pseudonymous data about your visit and your use of our website. Based on this information Perfect Audience allows us to show you interest-based, relevant offers on websites of our partners. In this connection no information allowing inferences as to your identity will be transferred to partner websites. Rather, on the basis of information stored in a cookie, only ads for services for which you have expressed interest on our website will be shown. No user profiles will be merged with any other data about you. You may block cookies by selecting the appropriate settings in your browser software. In the alternative, you may object to this form of retargeting by placing an opt-out cookie at the following link, which will remain on your device until you delete the cookie: http://www.perfectaudience.com/privacy/.

 

15. Integration of videos using WISTIA

(1) This website uses integrated content (videos) of the provider WISTIA. For this purpose WISTIA uses cookies (for details see section 3 of this Data Privacy Policy), which will be stored on your computer and allow an analysis of how you use our website. In connection with your use of our website, data, in particular your IP address and website activity, may be transferred to a server of WISTIA Inc. in the United States and stored there. You may block cookies by selecting the appropriate settings in your browser software. Please note that if you do so, you may no longer be able to fully use all features of this website. If you are a member of WISTIA and are logged into WISTIA, WISTIA will associate such information with your personal user account on the platform. You may prevent such association by logging out of your WISTIA user account before visiting our website.

(2) Additional information about the service provider and its data privacy policy is available at: https://wistia.com/privacy. WISTIA Inc. has committed to comply with the EU-US Privacy Shield.

 

16. Integration of Google reCAPTCHA

(1) To protect your inquiries by online contact form, we use the service "reCAPTCHA" of Google. The purpose of the query is to distinguish information entered by humans from misuse by web robots (bots). The query includes sending the IP address and possibly additional data needed by Google for its reCAPTCHA service to Google. For this purpose data you enter will be transmitted to Google, where it will be processed further.

(2) By using reCAPTCHA you agree that the recognition you have provided may be used for the digitalization of old works. If IP anonymization is activated on this website, your IP address will first be masked by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a server of Google in the United States and masked there. On behalf of the operator of this website Google will use this information to analyze your use of this service. The IP address transmitted by your browser to reCAPTCHA will not be merged with any other data of Google. Such data are subject to the different data privacy policy of Google. You can find additional information about Google's data privacy policy at: https://www.google.com/intl/de/policies/privacy/.

 

17. Categories of recipients of personal data

(1) For some of the aforementioned processes and services we have carefully selected third-party service providers in conformity with applicable data protection law. Such third-party service providers are bound by our instructions and are audited by us on a regular basis. They will not transfer your data to third parties.

(2) In terms of transferring data to other recipients, we will transfer information about you only if we are required to do so by law, if you have consented, or if we otherwise have the right to transfer your data. Provided that these requirements are satisfied, we may transfer personal data, for example, to the following recipients:

- Government agencies and institutions (e.g., tax authorities, criminal investigation authorities), if there is a legal or regulatory obligation.

- Other companies or comparable institutions to whom we transfer your personal data for the purpose of our business relationship with you.

18. Purposes for which personal data are processed, and legal bases of data processing

We will process your personal data in compliance with applicable data protection laws. Data processing is lawful if the following conditions are satisfied:

- Consent (Article 6 paragraph 1a) of the GDPR: 

Processing of your personal data is lawful if you have consented to processing for specific purposes (e.g., processing of your inquiry, use of data for marketing purposes). Your consent may be revoked at any time with effect for the future. This also applies to the revocation of consents you gave us before the GDPR took effect, i.e., prior to May 25, 2018.

- Contractual obligations (Article 6 paragraph 1b) of the GDPR:

We process personal data in order to comply with our contractual obligations or to perform pre-contractual measures upon request. The purposes of data processing depend primarily on your inquiry.

- Legal requirements (Article 6 paragraph 1c) of the GDPR:

Profil Institut für Stoffwechselforschung GmbH is subject to various legal obligations, including the following:

         - recordkeeping obligations under the German Commercial Code (HGB) and the German Tax Code (AO).

         - audit and reporting obligations under tax law.

- Legitimate interests (Article 6 paragraph 1f) of the GDPR:

To the extent necessary, we will process your data beyond the actual performance of the agreement with you to protect our rightful interests or those of third parties. For example, we may process your data:

         - to assert legal claims or defend legal actions,

         - to guarantee IT security and IT operation,

         - to analyze and improve use of our website, or

         - to use social media plugins.

19. Intent to transfer personal data to a third country or international organization

(1) Personal data will be actively transmitted to third countries only if this is expressly disclosed in connection with the aforementioned services.

(2) In connection with operating the website your personal data will be transferred to a third country outside the EEA, namely the United States, and stored there on a server. Specifically, this data transfer will be based on a data processing agreement in the form of EU standard data protection clauses between Profil GmbH and the service provider Hubspot Inc., 25 First Street, 2nd floor, Cambridge, MA 02141, U.S.A. Hubspot Inc.  has committed to comply with the EU-US Privacy Shield (https://www.privacyshield.gov/welcome).

 

20. Criteria for determining the duration for which personal data will be stored

(1) Data will be stored in compliance with applicable data processing laws and in conformity with legal recordkeeping obligations. We will process and use data only for the purposes for which you have authorized us to process your  data, and we will store data for as long as they are needed for those purposes.

(2) If and when data are no longer needed for their purpose or for compliance with legal obligations, they will generally be erased unless continued processing of such data – for a limited time period and, where applicable, on a restricted basis – is necessary for any of the following purposes:

- Compliance with recordkeeping obligations under commercial or tax law: noteworthy are the German Commercial Code (HGB) and the German Tax Code (AO). These statutes provide for recordkeeping and/or documentation periods of up to 10 years.

- Preservation of evidence in connection with statute of limitations provisions: under §§ 195 et seq. of the German Civil Code (BGB) the standard limitation period is three years, but may be up to 30 years under special circumstances.

21. Your data privacy rights

(1) Every data subject has a right to information under Article 15 of the GDPR, a right to rectification under Article 16 of the GDPR, a right to erasure under Article 17 of the GDPR, a right to restricted data processing under Article 18 of the GDPR, a right of revocation under Article 21 of the GDPR, and a right to data portability under Article 20 of the GDPR. The right to information and the right to erasure are subject to the limitations of §§ 34 and 35 of the Federal Data Protection Act (BDSG). In addition, every data subject has a right to lodge a complaint with a competent data protection supervisory authority (Article 77 of the GDPR in conjunction with § 19 of the Federal Data Protection Act (BDSG)).

(2) Your consent to the processing of personal data by us may be revoked at any time with effect for the future, as is the case for consents that were given to us before the General Data Protection Regulation took effect, i.e., prior to May 25, 2018.

(3) You have a right to object at any time to the processing of your personal data based on Article 6 paragraph 1 e) of the GDPR (data processing in the public interest) or Article 6 paragraph 1 f) of the GDPR (data processing on the basis of a legitimate interest) if the reasons for the objection involve special personal circumstances; this also applies to profiling within the meaning of Art. 4 no. 4 of the GDPR on the basis of that provision.

In some cases your personal data will be processed for direct advertising purposes. You have the right to object to processing of your personal data for direct advertising purposes at any time; the same applies to profiling related to such direct advertising.

If you object to processing of your personal data for direct advertising purposes, your personal data will no longer be processed for such purposes.

If you object, we will no longer process your personal data unless we can show that there are compelling, protected reasons for processing your data that outweigh your interests, rights, and freedoms, and unless your data are processed to assert, exercise, or defend legal rights or claims.

Objections may be made informally and, if possible, should be addressed as follows:

Profil Institut für Stoffwechselforschung GmbH
Data Protection Officer
Hellersbergstraße 9
41460 Neuss
E-Mail: dataprotection@profil.com

22. Obligation to make available personal data and potential consequences of failing to make available personal data

In connection with using our services you must make available personal data which are necessary for achieving the purpose  for which they are collected or which we are required to collect by law. Without those data, we will generally be unable to enter into or perform a contract with you.

 

23. Data Security

Your data will be transferred to us in encrypted form (TLS technology). Our website is protected from damage, destruction, and unauthorized access by technical safeguards. Nonetheless, data transfers on the Internet may be subject to security gaps. As a result, protection from unauthorized access by third parties cannot be guaranteed 100% despite such safeguards.

 

24. Changes to this Data Privacy Policy

We continuously develop and optimize our services. We may therefore add new functionalities. Should this have an impact on the way in which your personal data are processed, we will provide you with timely notice in our Data Privacy Policy.