Data Privacy Policy for Website Users

Privacy Policy

This website (hereinafter "website") is provided by Biofrontera AG (hereinafter "us" or "we"). Further information on the provider of the website can be found in our imprint.

Processing of Personal Data

In the following, we would like to inform you about our handling of personal data, among other things, when using this website, but also beyond that. Unless otherwise described in the following sections, the legal basis for handling of your personal data follows from the necessity of handling for the provision of the functionalities requested by you on this website (Art. 6(1)(b) General Data Protection Regulation (hereinafter “GDPR”).

Using this Website

1. Opening of the Website

When you call up our website, your browser transmits certain data to our web server for technical reasons in order to provide you with the information you have called up. To enable you to visit the website, the following data is collected, stored for 10 days and used:

  • IP-address
  • Date and time of request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of request (specific page)
  • Operating system and its access status / http status code
  • Website that the request is coming from
  • Browser, language and version of browser software

Furthermore, in order to protect our legitimate interests, we store this data for the above-mentioned period of time in order to initiate a derivation to personal data in the event of unauthorized access or attempted access to our servers.

 

2. Tags, Tracker & Tools for Analyses

2.1 Which Cookies we use

We distinguish between two categories of cookies: (1) function-related cookies, without which the functionality of our website would be limited (ESSENTIAL) and (2) optional cookies for purposes of website analysis and marketing (MARKETING).

2.1.1 Function-related cookies (ESSENTIAL)

These technologies are required to enable the core functionality of the website. They are provided by:  Usercentrics Consent Management Plattform (a Consent Management Service).

Processing Company:

Usercentrics GmbH

Sendlinger Str. 7, 80331 Munich, Germany

 

DATA PROCESSING PURPOSES:

This list represents the purposes of data collection and processing. Consent is valid only for the purposes indicated. The collected data cannot be used or stored for any purpose other than those listed below.

  • Compliance with legal obligations
  • Storage of consent

TECHNOLOGIES USED

  • Accept cookies
  • Local storage

DATA COLLECTED:

This list includes all (personal) data collected by or through the use of this service:

  • Device Information
  • Browser information
  • Anonymized IP address
  • Opt-in and opt-out data
  • Date and time of the visit

LEGAL BASIS:

The following is the legal basis for the processing of personal data required by Art. 6 (1) GDPR.

  • Art. 6 Abs. 1 S. 1 lit. c GDPR

PLACE OF PROCESSING:

European Union (consent database is located in Belgium).

RETENTION PERIOD:

The retention period is the length of time that the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.

Consent data (consent given and consent revoked) is retained for three years. A data export takes place after termination of the contract.

DATARECIPIENT

  • Usercentrics GmbH

DATA PROTECTION OFFICER OF THE PROCESSING COMPANY:

Below you will find the e-mail address of the data protection officer of the processing company.

datenschutz@usercentrics.com

Click here to read the privacy policy of the data processor

https://usercentrics.com/privacy-policy/

HISTORY

  • yes

 

2.1.2 Optional Cookies (MARKETING)

Assuming your consent

We use optional cookies only with your prior consent (Art. 6(1)(a) GDPR). If you visit our website, a banner will appear on our website in which we ask for your consent to the use of optional cookies. If you give your consent, we will store a cookie on your computer.

How to prevent the use of cookies

Of course, you can also use our website entirely without cookies. You can configure the use of cookies in the settings of your browser at any time or deactivate them completely. However, this may lead to restrictions in the functions or user-friendliness of our offer. You can object to the use of optional cookies at any time by using the corresponding objection option.

MARKETING

These technologies are used by advertisers to serve ads that are relevant to your interests.

Google Analytics

This is a web analytics service.

PROCESSING COMPANY:

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

 

DATA PROCESSING PURPOSES:

This list represents the purposes of data collection and processing. Consent is valid only for the purposes indicated. The data collected cannot be used or stored for any purpose other than those listed below:

  • Analysis

TECHNOLOGIES USED:

  • Pixel-Tags
  • Cookies

DATA COLLECTED:

This list contains all (personal) data collected by or through the use of this service:

  • IP address
  • Date and time of visit
  • Usage data
  • Click path
  • App updates
  • Browser information
  • Device information
  • JavaScript support
  • Pages visited
  • Referrer URL
  • Downloads
  • Flash version
  • Location information
  • Purchase activity
  • Widget interactions

LEGAL BASIS:

The following is the legal basis for the processing of personal data required by Art. 6 (1) GDPR:

Art. 6 para. 1 s. 1 lit. a GDPR

PLACE OF PROCESSING:

European Union

RETENTION PERIOD:

The retention period is the length of time that the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.

The retention period depends on the type of data stored. Each customer can specify how long Google Analytics retains data before it is automatically deleted.

DATA RECIPIENT

  • Alphabet Inc.
  • Google LLC
  • Google Ireland Limited

DATA PROTECTION OFFICER OF THE PROCESSING COMPANY:

Under the following link you will find a contact form for questions on the subject of data protection at Google.

support.google.com/policies/contact/general_privacy_form

ONWARD TRANSFER TO THIRD COUNTRIES:

This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the United States, there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without any possible legal remedy available to you. This may be for various purposes, such as storage or processing.

Click here to read the privacy policy of the data processor

https://policies.google.com/privacy?hl=en

Click here to object on all domains of the processing company

https://safety.google/privacy/privacy-controls/

Click here to read the cookie policy of the data processor

https://policies.google.com/technologies/cookies?hl=en

HISTORY

  • no

Privacy policy for the use of Facebook plugins (Like button)

We use plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA on our pages. You can recognize these Facebook plugins by the Facebook logo or the "Like" button ("Like"). An overview of the Facebook plugins can be found here: developers.facebook.com/docs/plugins/. When you click the corresponding button, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of our pages on your Facebook profile. This allows Facebook to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook's privacy policy at https://www.facebook.com/policy.php

If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

 

3. Data Security

Our website is transmitted to you unencrypted when you access it with your browser. Nevertheless, we have taken technical and organizational measures to protect the server that provides our website and also hosts the log files described above from loss, destruction, access, alteration and distribution of the stored data by unauthorized persons.

 

4. Use of Contact Forms and Contact by E-Mail, Mail, or Telephone

You can contact us directly via contact forms provided on the website and / or e-mail addresses, postal addresses, or telephone numbers. In doing so, you have the opportunity to provide us with the following information in particular:

  • First and last name, title
  • Address
  • Contact details (e.g. e-mail address, telephone number)
  • Your message

We process the information you provide exclusively for the purpose of processing your specific request.

All personal data that you provide to us as part of the application process will be processed in accordance with the DSGVO; you can find detailed information on the handling of personal data as part of the application process at Careers - Biofrontera

 

5. External Services and Content on our Website

As a user of our website, you should note that links on this website may take you to other websites that are not operated by us but by third parties. Such links are either clearly marked or recognizable by a change in the address line of your browser. We are not responsible for compliance with data protection regulations or for the secure handling of your data on these websites operated by third parties.

For more information about the purpose and scope of the collection and processing of your data, please refer to the data protection notices of the respective providers responsible under data protection law for the services or content we integrate:

  • YouTube (videos)
  • DocCheck Medical Services GmbH
  • pressetext News Agency GmbH

 

6. Notes on Side Effects or Quality Complaints.

This website is not intended to be used to report complaints, adverse reactions, lack of drug efficacy, medication errors, gray market/counterfeit products, incorrect or off-label use, a quality complaint, and/or other issues related to the safety or quality of a Biofrontera product. If you wish to report complaints, adverse reactions, or quality complaints, please contact your healthcare provider (e.g. doctor or pharmacist), local health authority or use our hotline / email distribution list.

However, if you report adverse reactions or other issues related to the safety or quality of drugs, medical devices, or cosmetics, we are required by law to process your report. In the course of processing side effect reports or complaints, your personal data will be passed on to a service provider commissioned by Biofrontera. For this purpose, we or this service provider may also contact you to clarify questions. We may then need to report the notifications you make to the relevant health authorities, but we will only share your information in pseudonymous form, so no information that directly identifies you will be shared. We may also have to pass on these pseudonymous reports to our other Group companies and cooperation partners if they are in turn required to make reports to the health authorities responsible for them.

For more information on data protection and adverse event reporting, please see the Biofrontera Privacy Policy for Pharmacovigilance Data.

 

7. Transfer of Personal Data for Processing on our Behalf

We sometimes use specialized service providers to process your data. Our service providers are carefully selected and regularly monitored by us. They process personal data only on our behalf and strictly in accordance with our instructions on the basis of corresponding contracts for commissioned processing.

 

8. Processing of Personal Data Outside the EU / EEA

In some cases, your data is also processed in countries outside the European Union ("EU") or the European Economic Area ("EEA"), where a lower level of data protection could generally prevail than in Europe. In these cases, we ensure, e.g. via contractual agreements with our contractual partners, that a sufficient level of data protection for your data is guaranteed.

 

9. Information about your Rights

The following rights are available to you under applicable data protection laws:

  • Right to information about the data we hold about you;
  • Right to rectification, erasure or restriction of the processing of your personal data;
  • Right to object to processing which serves our legitimate interest, a public interest or profiling, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims;
  • Right to data portability;
  • Right to complain to a supervisory authority;
  • Consents given by you for the processing of your personal data can be revoked at any time with effect for the future.

If you wish to exercise your rights, please address your request to the contact person listed below.

 

10. Contact

For your privacy concerns, contact our data protection officers at the following address:

Privacy Officer
Biofrontera AG
Hemmelrather Weg 201, 51377 Leverkusen

 

11. Adaptation of the privacy policy

We reserve the right to update this Privacy Policy from time to time. Updates to this Privacy Policy will be published on our website. Changes will apply as of their publication on our website. We therefore recommend that you visit this page regularly to find out about any updates that may have been made.

Status: 17.11. 2021