Welcome to the data protection page of the intouch hcc GmbH. The protection of your personal data and fair and transparent data processing are issues that are certainly important to us.For customer For service provider
In the following document, we would like to provide you with all the information necessary for transparent data processing and to give you information about your rights in the field of data protection.
1 Who is responsible for data protection?
The following are responsible for data protection:
intouch hcc GmbH, Europaplatz 2, 10557 Berlin, Germany
2 How can you contact the data protection officer?
If you have any questions about the processing of your personal data within the intouch hcc GmbH, please do not hesitate to contact us directly by mail or e-mail – or you can contact our external data protection officer.
Frau Yvonne Varl
3 How is data processed on this website?
3.1 For what purposes and on what legal basis does the intouch hcc GmbH process personal data?
When you visit our websites, we may collect personal data from you. On our website, we process personal data in accordance with the following legal basis in particular:
– Provided that you have granted us your express consent (Art. 6 Para. 1 lit. a GDPR), e.g. when you subscribe to our newsletter.
– We also process data based on a legitimate interest from us or third parties (Art. 6 Para. 1 lit. f GDPR). This includes data processing for the optimization of our website and for fault analysis, or when you make contact with us via the other methods mentioned.
– When you use our career portal, we process the information that you have submitted to us for the preparation, and if applicable, execution of the application process (§ 26 Federal Data Protection Act).
3.2 You can read additional details relating to the type and aim of data processing here:
3.2.1 Usage data
When using the website for purely informative purposes, i.e. if you do not register or otherwise send data to us (e.g. via a contact form), we collect the following technical information (logfiles):
– the operating system of the end device you use to visit our website
– the browser (type, version and language settings)
– the volume of data accessed
– the current IP address of the end device you use to visit our website
– the data and time of access
– the URL of the previous website visited (referrer)
– the URL of the (sub) page accessed on our website
– the internet service provider for the accessing System
We need to obtain this data for technical purposes, in order to display our website to you and ensure stability and security. We (and our suppliers) generally do not know who is behind an IP address. We do not merge the above data with other data.
The legal basis is article 6 para. 1 p. 1 lit. f of the GDPR. As it is absolutely necessary to gather this data in order to present the website and to store logfiles for operating the webpages and preventing misuse, we have a significant legitimate interest in data processing.
3.2.2 Contact and scheduling appointments
You have the option to contact us using our email address, the various contact forms, our appointment scheduler or by telephone. Of course, we will only use the personal data communicated to us in this way for the specific purpose for which you have provided the data to us. Information that is required for use of the website is marked with as a mandatory field with an asterisk (*), all other information is provided on a voluntary basis.
We only send newsletters, emails and other electronic messages with promotional information (hereinafter referred to as simply “newsletters”) with your express consent. Our newsletters contain information relating to event invitations, insights & figures for pharmaceutical marketing, new marketing channels and healthcare start-ups, as well as videos, interviews and surveys.
If you want to order the newsletter from the intouch hcc GmbH and its mother and sister companies (ghg good healthcare GmbH, +49 med GmbH, patient+ GmbH – hereafter „good healthcare group“), in addition to your email address, we also need a confirmation that you agree to receive the newsletter. This information is only collected for the purpose of being able to send you the newsletter and being able to adapt the contents to suit your interests (personalized newsletter). The registrations to our newsletter are recorded in order to be able to prove that we are authorized to send the newsletter to you in accordance with the legal requirements. Your data is not passed on to third parties.
If you provide us with voluntary additional address data (e.g. telephone number or mobile phone number), we will only use this data for the purposes of telephone marketing/market research or marketing via SMS/MMS with your express consent.
The good healthcare group and its members, as well as their legal successors, have set themselves the objective of limiting the amount of promotional contact you receive and only contacting you in accordance with your communication preferences. To do so, the good healthcare group will save the communication channel preferences obtained from you (email, telephone, etc.) in an pseudonymised format, in order to optimize communication processes and contact you using your preferred channel of communication.
You can revoke your subscription to the newsletter and your consent to the storage of your data at any time without filling out a form (via telephone at +49 30 338 49 48 88, by writing to intouch hcc GmbH, Europaplatz 2, 10557 Berlin, Germany, by fax: +49 30 338 49 49 99 or by emailing to email@example.com). You can find a link to unsubscribe at the end of every Newsletter.
When you use the application portal on our careers page, we process your data to carry out the application process.
By sending your online application using the form provided on the career portal of the good healthcare group (https://job.goodhealthcare.com/), regardless of whether you accessed this form and then filled it out via a selected vacancy or via a speculative application, you agree to your data being saved, processed and transmitted for the direct application process. In addition, you ensure that the information you entered is true. If we want to save you in our pool of applicants after the application process, we will obtain your express consent before doing so. We also handle your data in accordance with the applicable data protection laws and regulations.
In the mandatory fields, we only collect information that is absolutely needed for the application process. Additional important information can be entered voluntarily in the voluntary fields. This means that we only store data that you have entered in the form yourself.
For the organization and execution of the application process, it can be necessary for us to pass your data on to companies affiliated with us within the good healthcare group as part of contract work. This of course only occurs within the framework of the legal possibilities.
Of course, you can revoke your consent at any time by sending a message to the contacts mentioned here. We provide information about our processing purposes in the corresponding areas on our websites. This information is not subject to subsequent changes. We only transfer data to third parties without your consent if we are legally obligated to do so.
The recorded data sets do not contain personal information. We do not connect them with any personal data you may provide.
3.2.6 Web analysis by Matomo
The website operator will use this information to evaluate your visitor behavior and compile reports on website activity. The website operator will not transfer data to third parties unless required by law. You can block the installation of cookies using an appropriate setting in your browser software. However, we advise you that, if you do so, you may not be able to use all the functions on the website to their full extent.
If your Internet browser supports “Do-Not-Track” technology and you have activated it, your visit will be automatically ignored. You can disable data collection by Matomo here.
3.2.7 Social media platforms
3.2.8 Use of social plugins
This website uses social plugins by the provider(s)
Facebook (operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
Twitter (operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
Pinterest (operator: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA)
Instagram (operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
XING (operator: New Work SE, Dammtorstraße 30 , 20354 Hamburg, Deutschland)
LInkedIN (operator: LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA)
These plugins normally gather standard data from you and transmit this data to the servers of the relevant provider. In order to protect your privacy, we have taken technical measures to ensure that your data cannot be gathered by the plugin providers without your consent. When accessing a page with an integrated plugin, these will be initially deactivated. The plugins will only be activated once you click on the relevant symbol and you thereby consent to your data being sent to the relevant provider. The legal basis for using the plugins is article 6 para. 1 lit. a and lit. f of the GDPR.
Once activated, these plugins also gather personal data, such as your IP address, and send this data to the providers’ servers, where it is stored. Furthermore, activated social plugins place a clearly-identifiable cookie when accessing the relevant website. This allows the providers to create a profile on your user behaviour. This also takes place even if you are not a member of the provider’s social network. If you are a member of the provider’s social network and you are logged into the social network during your visit to this website, the data and information regarding your visit to this website may be linked to your social network profile. We have no influence over the exact extent of the data gathered from you by the relevant provider. For more information on the extent, type and purpose for data processing and on your rights and settings options to protect your privacy, please consult the data privacy advice by the provider of the relevant social network. These can be accessed through the following addresses:
3.2.9 Embedding of services and contents from third parties
It can be the case that contents from third parties, such as videos from YouTube, map material from Google Maps, RSS feeds or graphics from other websites, are embedded in this website. This always requires that the providers of this content (hereinafter referred to as “third-party providers”) view the IP address of the user. Without the IP address, the third-party providers cannot send the contents to the browser of the relevant user. This means that the IP address is required to display this content. We strive to only use content from providers who only use the IP address to deliver the content. However, we do not have any influence on this if the third-party providers require the IP address for statistical purposes, for example. If this is known to us, we will make users aware of this.
4 Is data passed on to third parties?
In order for the intouch hcc GmbH to be able to process your data for the previously mentioned purposes, it can be necessary for other recipients (other companies within the good healthcare group, service providers or authorities) to be able to view and process your data.
4.1 Recipients within the good healthcare group
The good healthcare group is a network of independent companies which creates synergy effects. In certain cases, it can be necessary for us to process your data throughout the group. However, data is only processed within the good healthcare group when we are legally permitted to do so, for example, as part of contract work. You can find more information on the partners of the good healthcare group here:
4.2 External service providers (processors)
Your data is passed on to service provider partners, if these providers are commissioned by us and support the intouch hcc GmbH with their services. When you subscribe to our newsletter, for example, we have commissioned a service provider to send the mail.
Processing of your personal data by a commissioned service provider is performed as part of contract work in accordance with Art. 28 GDPR.
These service providers also receive access to personal information that is required to carry out the relevant service. These service providers are prohibited from passing on your personal information or using it for other purposes, in particular for their own advertising purposes.
If external providers should come into contact with your personal data, we have ensured through legal, technical and organizational measures, as well as regular checks, that these external providers also comply with the applicable data protection regulations.
Your personal data is not passed on to other companies for commercial purposes.
4.2.1 Other service providers, partners or third parties
The intouch hcc GmbH can work together with additional partners when this is required to carry out our range of services or when we are legally obligated to pass on data.
5 Will data be processed outside of the EU or the EEA and how will data protection be ensured?
Currently, your data is only processed in Germany or in countries within the EU or EEA.
If the good healthcare group commissions service providers outside of the EU or EEA (referred to as third countries) to process your personal data, then this will of course only be done if the required and appropriate level of data protection has already been established by these service providers.
6 How long is data stored for?
The personal data of the relevant person is deleted or blocked as soon as there is no longer a purpose for the data to be stored. In addition to this, data can be stored when this is stipulated by the European or national lawmaker in Union ordinances, laws or other provisions, which the responsible party is subject to. Data is also blocked or deleted when a data retention period prescribed by the specified standards expires – unless the data needs to be stored for longer for the purposes of concluding or fulfilling a contract.
The following data storage provisions apply for the use of data on our website:
– Applicant data is deleted after six months if no consent has been obtained for extended storage of the data; in such as case, the data is deleted after a maximum of one year.
– Contact inquiries are deleted after they are processed, provided that these are not subject to legal data retention periods and no consent for extended storage has been obtained.
7 Which rights do you have and how can you enforce these?
When the General Data Protection Regulation comes into force on 05/25/2018, you have the right to access your data (Art. 15 GDPR), the right to rectify incorrect data (Art. 16 GDPR), the right to erasure of your data (Art. 17 GDPR) and the right to block your data (Art. 18 GDPR) and restrict the processing of your data (Art. 18 GDPR). You also have the right to object to the processing of your data (Art. 21 GDPR), or to revoke your consent to the processing of your data (Art. 7 Para. 3 GDPR), the right to data portability (Art. 20 GDPR) and the right to lodge complaints with the responsible supervisory authority (Art. 57 Para. 1 lit. f GDPR).
You can enforce your rights at any time via telephone, post or email (+49 30 338 49 48 88, intouch hcc GmbH, Europaplatz 2, 10557 Berlin, Germany,firstname.lastname@example.org).