Privacy Notice

In the following, we provide information about how we process your personal data and your rights under data protection regulations, in particular the European General Data Protection Regulation (GDPR).

This Privacy Notice explains the nature, scope, and purpose of the processing of personal data within our website (hereinafter referred to as "website"). The Privacy Notice applies regardless of the domains, platforms, and devices used (e.g., desktop, mobile, etc.).

Personal data within the meaning of the GDPR is all data that can be related to you personally, e.g., name, address, email addresses, user behavior. Which data is processed in detail and how it is used depends largely on the services you use.

We use various other terms in our Privacy Notice within the meaning of the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymization, controller, processor, recipient, third party, consent, supervisory authority, and international organization. You can find the corresponding definitions for these terms in Art. 4 GDPR.

1.     Who is responsible for data processing and who can I contact?

The controller is:

Hypergene GmbH
Alte Jakobstr. 83-84
10179 Berlin
Tel: +49 (0) 30 - 293 63 99 - 0
Fax: +49 (0) 30 - 293 63 99 – 50
Email: kontakt@hypergene.com

 

You can contact our Data Protection Officer at: 

mip Consult GmbH

Attorney Asmus Eggert

Wilhelm-Kabus-Straße 9

10829 Berlin

Tel: +49 (0) 30 - 2088999 - 0

datenschutz@blueant.de

www.sofortdatenschutz.de

 

2.     What sources and data do we use? 

We process personal data that we receive from you in the course of using our website and, if applicable, our business relationship.

When you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e., name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version, as well as type of browser software, notification of successful retrieval.

We also receive personal data if you contact us, for example, via the contact form, telephone, or email. Personal data in this context includes, for example, your name, address, email address, telephone number, and, if applicable, the data you send us in your message (hereinafter referred to as "contact data"). Depending on the nature of your inquiry, it may be necessary to provide additional data. Please note that when communicating by email, we cannot guarantee complete data security for this transmission method, so we recommend that you send information requiring a high level of confidentiality by post.

 

3.     Why do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for the following purposes and on the following legal bases:

3.1  Data processing based on your consent

If you have given us your consent to process personal data for specific purposes, in particular to contact you (e.g. via our web forms or by email to process and handle your enquiry), to send newsletters or for the purpose of advertising by telephone, e-mail, or SMS (direct advertising), the lawfulness of this processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.

Consent that has been given can be withdrawn at any time.

Please note that the withdrawal only applies to the future. Processing that took place before the withdrawal is therefore not affected. You may withdraw your consent at any time by contacting us using the contact details provided above.

3.2  Data processing for the performance of pre-contractual measures at the request of the data subject

When you contact us (e.g., via web form, telephone, or email), your personal data will be processed for the purpose of handling your request and its processing, Art. 6 (1) (b) GDPR.

3.3  Data processing for the fulfillment of legal obligations

To the extent that the processing of your personal data is necessary to fulfill a legal obligation to which we are subject, such processing is carried out on the basis of Art. 6 (1) (b) GDPR.

3.4  Processing to safeguard our legitimate interests or those of third parties

We may process your personal data to protect our legitimate interests or those of third parties. In particular, we pursue the following legitimate interests: 

•           Ensuring IT security, in particular the security of our website;

•           Improving the structure and content of our website;

•           Asserting legal claims and defending against legal disputes;

3.5  Direct advertising to existing customers

If you have provided us with your email address when purchasing goods or services, we may send you offers for similar goods or services from our range by email. In accordance with Section 7 (3) UWG (German Unfair Competition Act), we do not require your separate consent for this. Data processing for this purpose is based on our legitimate interest in personalized direct advertising in accordance with Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) UWG. If you initially objected to the use of your email address for this purpose, we will not contact you. You may object to the use of your email address for direct advertising at any time, effective for the future, for example by clicking the unsubscribe link at the end of our emails or by contacting us using the contact details provided above. Only basic transmission costs may apply. Upon objection, we will no longer use your email address for direct marketing purposes.

3.6  Conducting application procedures

When you contact us (via contact form or email) in connection with your application, we process your personal data in order to assess your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process, Art. 6 (1) (b) GDPR. Your application data will be reviewed by our Human Resources department upon receipt. Suitable applications may then be forwarded internally to the department managers responsible for the respective position, who will decide on the further course of action. Within the company, only those persons who need access to your data for the proper execution of the application process will have access to it.

For any data processing that is not strictly necessary for the application process, we will obtain your consent, in accordance with Art. 6 (1) (a) GDPR.

Further information can be found in our Privacy Notice for applicants.

3.7  Storage of data on your device or access to data stored on your device

We use cookies and similar technologies on our website. Some information is stored on your device because it is absolutely necessary to make our website available to you, § 25 (2) No. 2 TDDDG. Data processing is carried out to protect our legitimate interest in accordance with Art. 6 (1) (f) GDPR in ensuring the best possible functionality of the website.

When you visit our website for the first time, you will also be asked whether you consent to the setting of cookies that are not technically necessary and the use of similar technologies. Collection, storage, and any subsequent processing of such data will only take place with your express consent, Section 25 (1) TDDDG, Article 6 (1) (a) GDPR.

If personal data is processed via individual cookies or similar technologies, processing is generally carried out in accordance with Art. 6 (1) (f) GDPR to safeguard our legitimate interests (e.g., ensuring optimal website functionality and a user-friendly design of the site), or on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

Further information on the use of cookies and similar technologies can be found under "Cookies and similar technologies".

 

4.     Who receives my data?

Within our company, only those departments that require your data to fulfill our contractual and legal obligations have access to it.

We may also share data with processors engaged by us (Art. 28 GDPR) for the purposes described above. These are, for example, companies in the categories of IT services, logistics, printing services, telecommunications, consulting, and sales and marketing. If we pass on data to our service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They have been carefully selected and contractually bound to follow our instructions. They implement appropriate technical and organizational measures to protect the rights of data subjects, ensure an adequate level of data protection, and are regularly monitored by us.

Data is only disclosed to third parties who are not processors within the scope of the legal requirements. We only share user data with third parties if this is necessary, for example, based on Art. 6 (1) (b) GDPR for contractual purposes, based on Art. 6 (1) (f) GDPR to safeguard legitimate interests (such as the efficient and economic operation of our business), or if you have provided your consent.

When using the website for purely informational purposes, we do not pass on any data to third parties.

 

5.     How long will my data be stored?

5.1 Access data

For security reasons (e.g., to investigate misuse or fraud), log file information is stored for a maximum of 14 days and then deleted (see point 2 above). Data that must be retained for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

5.2 (Pre-)contractual measures

Where necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of a contract via contact form or email.

5.3 Applicant data

Applicant data will be deleted after 6 months in the event of rejection. If you have not been hired but your application is still of interest to us, we will retain your application for future job vacancies, provided we have your express written consent. The data will be deleted after two years at the latest or upon revocation of your consent. If we fill the advertised position with you, your data will be stored in our human resources management system.

5.4 Legal retention obligations

We are also subject to various storage and documentation obligations arising from, among other things, the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified therein for storage and documentation are six to ten years.

5.5 Limitation periods

Finally, the storage period is also assessed in accordance with the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can also be up to thirty years, with the regular limitation period being three years.

If you assert your rights as a data subject, we will store your request in this regard for three years until the expiry of the statutory limitation period in accordance with Section 31 (2) No. 1 OWiG, Section 41 (1) BDSG, Art. 83 (5) lit. b GDPR. This period may be extended if the statutory limitation period is extended due to interruptions of the limitation period (e.g., in the context of inquiries from supervisory authorities).

5.6 Additional storage periods

Information on further storage periods can be found in the following paragraphs.

 

6.     Is data transferred to a third country or to an international organization?

The data provided is processed within the European Union and in the USA. When transferring data to the USA, we ensure that the recipients are either certified under the EU-U.S. Data Privacy Framework or that we have entered into EU standard contractual clauses with recipients who are not certified. If we base the data transfer on the EU standard data protection clauses, we implement additional security measures to protect your data and to ensure an adequate level of protection for your personal data. You have the right to receive or review a copy of the EU standard contractual clauses. If necessary, we will obtain your express consent for the data transfer to the USA.

 

7.     What data protection rights do I have?

Every data subject has

·       the right of access under Art. 15 GDPR (i.e., you have the right to request information about your personal data stored by us at any time),

·       the right to rectification pursuant to Art. 16 GDPR (i.e., if your personal data is inaccurate or incomplete, you can request that it be corrected),

·       the right to erasure pursuant to Art. 17 GDPR and the right to restriction of processing pursuant to Art. 18 GDPR (i.e. you may have the right to request the erasure or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and legal retention obligations do not require further storage),

·       the right to data portability under Art. 20 GDPR (i.e., you may have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transmit those data to another controller without hindrance).

Furthermore, you can withdraw your consent, generally with effect for the future.

In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. We would appreciate it if you contact us first, so that we have the opportunity to address your concerns before you approach the supervisory authority.

In addition, we would like to point out your right to object under Art. 21 GDPR:

Information about your right to object under Art. 21 GDPR

You have the right, for reasons arising from your particular situation, object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (e) GDPR (data processing in the public interest) and Art. 6 (1) (f) GDPR (data processing based on a balancing of interests); This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. 

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Objections can be submitted to us in any form using the contact details provided above. No costs other than the transmission costs according to the basic rates will be incurred.

 

8.     To what extent is there automated decision-making in individual cases, including profiling?

When you access our website or contact us via form or email, we do not use fully automated decision-making in accordance with Article 22 GDPR. If we use such procedures in individual cases, we will inform you separately where required by law. We do not process your data automatically with the purpose of evaluating certain personal aspects (profiling).

 

9.     Am I obliged to provide data? 

When visiting our website, you must provide the personal data that is technically necessary for the use of our website or for IT security purposes. If you do not provide this data, you will not be able to use our website.

When contacting us via form or email, you only need to provide the personal data that is necessary to process your request. Otherwise, we will not be able to process your request.

If your request relates to concluding a contract or if the provision of data is necessary for initiating a contract, failure to provide the required data may result in our inability to provide the intended service.

 

10.  Cookies and similar technologies

We and the service providers we use process personal data on this website and use cookies and similar technologies, such as web storage or web beacons. These technologies can store information on your device or access information already stored on your device (so-called client-based tracking).

Cookies are stored in the browser on the user's device. They contain information that is stored about a visited page. The cookie is either sent to the browser by the web server or generated in the browser by a script (JavaScript). The web server can read this cookie information directly during subsequent visits to this page or transfer the cookie information to the server via a script on the website. When cookies are set, they usually collect and process certain user information on an individual basis, such as browser and location data and IP address values. Some of these cookies are essential for the functioning of our website, while others help us to improve our website by providing us with insights into how you use the website.

With web storage, information is stored locally in your browser's cache. The stored information is either automatically deleted after closing the browser window ("session storage") or remains in place so that it can be read again when you visit the website again ("local storage"), unless you delete your browser cache ("browser data").

Web beacons are 1×1 pixel graphics that are integrated in various ways into websites or emails (newsletters) and are also used to collect and evaluate user data.

You can individually prohibit the storage of cookies via your browser settings (you can find out how to set cookie handling on the browser's help page). Help with cookie management in the most common browsers can be found at the following pages:

·       Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen

·       Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

·       Google Chrome: https://support.google.com/accounts/answer/61416?hl=de

·       Opera: http://www.opera.com/de/help

·       Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=en_US

·       Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09.

Please note that disabling cookies may result in functional restrictions on this website.

We will inform you about the specific use of the above technologies and the scope of the information collected in each case in the following paragraphs.

 

11.  Services

Please enable Javascript to see the list of all declared cookies and similar techniques.

12.  Google Tag Manager

We use Google Tag Manager from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Tag Manager enables the integration of additional third-party services, such as Google Analytics. Google Tag Manager does not set any cookies itself, however Google receives your IP address. Google's servers are located in the USA.

Data processing is carried out on the basis of your express consent, in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with future effect via the consent settings in the footer of our website.

Further information on Google Tag Manager can be found in Google's Privacy Notice at https://www.google.de/intl/de/policies/privacy/.

 

13.  Salesforce

13.1  CRM

We use the customer relationship management (CRM) system Salesforce, from Salesforce Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA ("Salesforce"), to manage inquiries, prospect and customer data. This data is collected to maintain contact, process inquiries, follow up on prospects, and provide relevant information about our products and services. Processing is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in managing business relationships with prospects and customers and optimizing communication.

Further information can be found in Salesforce's Privacy Notice at https://www.salesforce.com/de/company/privacy/.

13.2  Newsletter

If you subscribe to our email newsletter, we will regularly send you information on project management and news, offers, and promotions from Blue Ant.

The only mandatory information required to send you the newsletter is your email address. We also ask you to provide your name so that we can address you personally in the newsletter. On the basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR, when you subscribe to the newsletter, we store your IP address as entered by your Internet service provider (ISP) as well as the date and time of registration, in order to be able to trace any possible misuse of your email address at a later date and to be able to verify the registration process in accordance with legal requirements.

Our email newsletters are sent via Salesforce. Salesforce processes the information provided during newsletter registration for the purpose of sending and statistically evaluating the newsletters on our behalf.

For statistical evaluation, the emails sent contain so-called web beacons. This allows us to determine whether a newsletter message has been opened and which links have been clicked on, if any. Technical information is also collected (e.g., the time of retrieval, the IP address, and browser and device information (e.g., the operating system). This data is used exclusively for the statistical analysis of newsletter campaigns and is not used to personalize the newsletter. If you wish to withdraw your consent to data processing for statistical evaluation purposes, you must unsubscribe from the newsletter.

Data collection is carried out in accordance with Section 25 (1) TDDDG, and subsequent data processing in accordance with Art. 6 (1) sentence 1 lit. a GDPR, provided that you have expressly consented to the delivery of our newsletter via the double opt-in procedure (DOI). This means that we will only send you an email newsletter once you have expressly confirmed that you consent to the newsletter being sent. We will then send you a confirmation email asking you to confirm that you wish to receive the newsletter in future by clicking on a corresponding link.

You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending us a message via our contact options listed above. Once you have unsubscribed, your email address will be immediately deleted from our newsletter distribution list.

Further information can be found in Salesforce's Privacy Notice at https://www.salesforce.com/de/company/privacy/.

 

14.  Webinars & Events

We offer webinars on project management using the video conferencing tool Zoom. The service is provided by Zoom Communications, Inc., 55 North Almaden Boulevard, 6th Floor, San Jose, California 95113, USA ("Zoom").

To participate, you will usually be required to provide your name, company, email address, and country. The specific information required is indicated on the respective registration form on our website. Once you have registered, you will receive a confirmation email with your login details and further information about the webinar.

If you provide your name or a user name, email address, or phone number when using Zoom, this data will be processed and stored by Zoom. Likewise, content that you upload during the video conference, such as photos or files, as well as chat messages and other communication content, will be stored by Zoom.

In addition, Zoom automatically collects certain technical data that is necessary for the provision of the service. This includes, in particular, the IP address, MAC address, device IDs, device type, operating system used, Zoom client, camera, microphone, and speaker type, and approximate location.

Zoom also processes information about how the service is used, such as whether participation is via desktop, smartphone, phone call, or VoIP, whether video transmission is enabled, or whether a password was used to join. In addition, metadata is recorded, such as the duration and time of the meeting or call, the meeting name, and the chat status.

When using the service, the data collected in this context is usually transmitted to a Zoom server in the USA. Zoom is certified under the EU–U.S. Data Privacy Framework (DPF). This ensures that an adequate level of data protection is in place for the transfer of personal data to the USA.

We process your data based on your consent, Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with future effect by contacting us at the above address. Participation in the webinar will then no longer be possible. For more information, please refer to Zoom's Privacy Notice at https://www.zoom.com/de/trust/privacy/privacy-statement/.

We store your personal data for the duration of the webinar and for a reasonable period thereafter in order to process any inquiries or questions in connection with the webinar and for internal evaluation of our webinars.

 

15.  Our social media presence

You can find us on social networks and platforms so that we can communicate with you there and inform you about our services.

Please note that when you use social media networks or platforms, your data may also be processed outside the European Union and that social network providers generally process data for market research and advertising purposes. Usage profiles can be created based on the usage behavior and resulting interests of users. These usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies and similar technologies may be stored on the user's device, in which the usage behavior and interests of the users are stored. Other data may also be stored in these usage profiles, especially if users are members of the respective platforms and are logged in to them.

We only link to our company profiles on the respective social networks on our website. Please note, however, that when you click on a link to social networks, data is transferred to their servers. If you are logged in to the respective social network with your username and password at that time, information is transferred there that you have visited our company profile on the respective social network from our website, and the respective provider may store this information in your user account.

We generally have no significant influence on the data processing of social networks. However, we receive statistics from the providers about the use and visits to our company profiles on social networks (e.g., information about the number of views, interactions such as likes and comments, and summarized demographic and other information or statistics). For more information about the data used by the providers, please refer to the providers' Privacy Notice linked below.

If we receive personal data from you via social networks (e.g., in the context of a message) and process this data exclusively ourselves, we are responsible for data processing. In this case, you are entitled to the rights mentioned above in this Privacy Notice. You can send us your requests regarding data processing in the context of our company profiles using the contact details above. Please carefully consider what personal data you share with us via social networks.

If the data you transmit via the social network is also or exclusively processed by the social network provider (insights data), the respective provider is also responsible for data processing within the meaning of the GDPR, in addition to us. In this respect, data processing is based on an agreement between joint controllers in accordance with Art. 26 GDPR.

If you wish to assert your rights in this regard against the social network provider, the easiest way to do so is to contact the respective provider directly. The provider knows both the details of the technical operation of the platform and the associated data processing, as well as the specific purposes of the data processing. The contact details can be found in the data protection information linked below. We will also be happy to assist you in asserting your rights as far as we are able.

The processing of users' personal data is generally based on your consent in accordance with Art. 6 (1) (a) GDPR. The legal basis is also Art. 6 (1) (b) GDPR if we receive and process your data in the context of a contract-related inquiry via our social media presence. The legal basis for linking and operating our company profiles on social networks, including receiving statistics on the use of our company profiles, is Art. 6 (1) (f) GDPR based on our legitimate interest in our corporate communications on the respective social networks.

For information about the respective processing and the respective options for objection, please refer to the Privacy Notice of the providers linked below:

·       LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland), social network for maintaining existing and establishing new business contacts – Privacy Notice: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, joint controller agreement: https://legal.linkedin.com/pages-joint-controller-addendum.

YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), video portal – data protection information: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated

;