Privacy Policy Symbiont International GmbH

Protecting your data and safeguarding your privacy is important to us. Below we explain which data we process, when we process it, for what purpose, and on which legal basis.

In accordance with our legal obligations under the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telemedia Act (TMG), this privacy policy is intended to provide you with a clear understanding of the functioning of our services and how the protection of your personal data is ensured.

1. Controller

The controller within the meaning of Article 4(7) GDPR for the processing of personal data is:

Symbiont International GmbH
Wetzlarer Str. 41–43, 35630 Ehringshausen
Managing Directors: Andreas Hubert, Jürgen Schaubel
Local Court of Wetzlar Commercial Register: HRB Wetzlar 6342
VAT ID: DE 112633759
Phone: +49 6443 8333-0
Fax: +49 6443 8333-155

2. Data Protection Contact

If you have any questions regarding the processing of your personal data or your rights in connection with data protection, please contact:

Symbiont International GmbH
– Legal Department and Data Protection –
Wetzlarer Straße 41–43
35630 Ehringshausen
Germany

You can reach our Data Protection Officer at:
E-mail: DSB-pism-medical [at] intersoft-consulting.de (DSB-pism-medical[at]intersoft-consulting[dot]de)

3. What Personal Data Is

Personal data, according to Article 4(1) GDPR, means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, customer number, location data, online identifier, or other specific characteristics.

Within the GDPR, such a person is referred to as a “data subject.” Further information can be found in Article 4(1) GDPR.

4. Data when Visiting this Site

4.1 Hosting and Log Files

When you access our website, our web server automatically collects data and information from your device and stores it in server log files. These data, transmitted by your browser, include:

• Timestamp of the page request to the web server
• URL of the accessed webpage
• Browser type and version
• Operating system used, as transmitted by your browser
• IP address of your computer, masked so the last octet is anonymized

The purpose of this processing is to ensure the accessibility of our site from your device and to enable optimal display. We also use these data to optimize the website and ensure system security. These data are not evaluated for marketing purposes.

Legal basis: Article 6(1)(f) GDPR (legitimate interest).
We have a legitimate interest in providing a browser-optimized website and enabling server-device communication. Processing your IP address is necessary for this.

Storage: Data are stored for 10 days; older logs are automatically overwritten.

Recipient:
Platform.sh GmbH
Marienstr. 90
50825 Cologne, Germany
Privacy policy: https://platform.sh/privacy-policy/

You have the right to object at any time using the contact details provided above.

4.2 Content Delivery Network (CDN)

To optimize delivery, we use Fastly’s CDN service. Fastly operates servers worldwide, ensuring rapid and secure provision of our site. Technically, data flows between your browser and our website through Fastly’s network, enabling website speed and filtering of malicious traffic. Fastly may use cookies and recognition technologies only as described.

Legal basis: Article 6(1)(f) GDPR (legitimate interest in fast, reliable, and secure website delivery).
Recipient:
Fastly, Inc., 475 Brannan St. #300, San Francisco, CA 94107, USA
Fastly, Inc. is EU-U.S. DPF certified. Privacy info: https://www.fastly.com/privacy

You have the right to object at any time using our contact data.

4.3 Cookies

Our website uses cookies (small text files) stored on your device to make the site more comfortable to use, e.g., by saving settings or recognizing devices. Cookies enable us to provide a user-friendly, tailored online offer. We use both our own and third-party cookies.

You can configure, restrict, block, or delete cookies via your browser settings or through the pop-up window that appears at the bottom of the page. We differentiate between:

• Technically necessary cookies: Required for technical website functionality. Used per Article 6(1)© GDPR.
• Analytics cookies: Measure website reach and serve optimization, per Article 6(1)(a) GDPR.
• Marketing cookies (currently not implemented): Used for serving interest-based ads. Only used with your consent, per Article 6(1)(a) GDPR.

5. Our Services on This Site

5.1 Contact Form

Our website offers a contact form. If you use this form, the following will be processed:

• Salutation
• Full name
• (If applicable) company affiliation
• Contact details (telephone, e-mail)
• Customer category
• Information entered in the “Message” field
• IP address and time of submission

Mandatory fields are required to process your request. The purpose is to process your inquiry and make contact.
Legal basis: Article 6(1)(b) GDPR

Collecting additional data aims to prevent misuse, based on our legitimate interest (Article 6(1)(f) GDPR). Data is deleted when no longer necessary. The recipient of the data is our mail host, operating under a data processing agreement.

5.2 Contacting Us

You may contact us via post, telephone, fax, or e-mail. We respond as appropriate and may process the following, depending on contact method:

• Postal: name, address, date/time, submitted content
• Telephone: phone number, possibly name, e-mail, call time, details
• Fax: fax/sender ID, content
• E-mail: e-mail address, time, message content and attachments

Purpose: Responding to your inquiry.
Legal basis: Article 6(1)(f) GDPR

Data processed as long as necessary for handling the request. Recipients include:

• Mail Host (Microsoft Azure): Data processing under agreement.
  • Microsoft Ireland Operations Limited
  • South County Business Park, Leopardstown, Dublin 18, Ireland
  • https://privacy.microsoft.com/en-us/privacystatement
• CRM (HubSpot): Used for efficient follow-up.
  • HubSpot Ireland Limited, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland
  • https://legal.hubspot.com/privacy-policy

6. Integrated Services on This Site

6.1 Google Services

We use services from Google Ireland Limited, which may collect and process personal data, possibly transferred to servers in third countries. Google is EU-U.S. DPF certified. See: https://www.privacyshield.gov/list and https://policies.google.com/privacy/frameworks

Google may process:

• Log data (IP address)
• Location data
• Unique application numbers
• Cookies and similar technologies

If logged into Google, data may be linked to your account. Prevent this by logging out or adjusting settings.
Google’s privacy statement: https://policies.google.com/privacy
Privacy controls: https://safety.google/

Google Ads (Conversion Tracking)

When clicking Google ads, a cookie is set for analysis (valid for 30 days, unique per user, tracks ad interactions).
Legal basis: Article 6(1)(a) GDPR (your consent).
Opt out anytime via contact data.

Privacy: https://policies.google.com/privacy
Settings: https://safety.google/

Google Analytics

Google Analytics uses cookies (“web beacons”) for analytical purposes.
Processed data: online IDs (cookie IDs), IPs, device IDs.
IP anonymization enabled.
Processing agreement per Article 28 GDPR in place.
Google Analytics privacy: https://support.google.com/analytics/answer/6004245
Settings: https://safety.google/

Legal basis: Article 6(1)(a) GDPR (your consent).
Subprocessors: https://privacy.google.com/businesses/subprocessors/

Opt out anytime via contact data.

Google Tag Manager

Used for integrating/organizing third-party tags and services.
Processed: online IDs, IPs
Agreement per Article 28 GDPR.
Tags follow your cookie/tracking preferences.

Legal basis: Article 6(1)(a) GDPR (your consent).

More: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

YouTube Integration

We embed YouTube videos, which are delivered via iFrame. YouTube/Google may collect/process data (including IPs; possible third-country transfer).
Purpose: Providing in-page videos.
Legal basis: Article 6(1)(f) GDPR (our legitimate interest in service, performance).
YouTube/Google privacy: www.google.com/policies/privacy
Privacy controls: https://safety.google/

6.2 Facebook Services

Facebook Pixel is integrated via Google Tag Manager for ad tracking (“Facebook Custom Audience” etc.). Data such as browser info, page visits, and anonymized user IDs may be processed.
More: https://www.facebook.com/business/help/651294705016616

Custom Audiences: Allow us to target and optimize ads on Facebook.
More: https://developers.facebook.com/docs/marketing-api/audiences-api/websit…

Facebook Conversations: Enables chat via Facebook Messenger and is integrated with HubSpot CRM.

Transfers to servers in the USA or other countries may occur.
Facebook is EU-U.S. DPF certified: https://www.privacyshield.gov/list

Legal basis: Article 6(1)(a) GDPR (your consent).
Privacy statement: https://en-gb.facebook.com/about/privacy/

Contact:

• USA/Canada: Facebook, Inc., 1601 Willow Road, Menlo Park, CA 94025
• Rest of the world: Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland

Facebook Fan Page Insights:
We receive anonymized statistics from Facebook; individual users cannot be identified.
Joint controllers: Facebook Ireland Ltd and Symbiont International GmbH.
Primary responsibility/safeguards under joint controller contract: https://www.facebook.com/legal/terms/page_controller_addendum

Legal basis: Article 6(1)(f) GDPR (legitimate interest in analytics and optimization).

Data subject rights (see below) may be exercised with either party.

7. General Information on Data Provision

Providing personal data is neither required by law nor contract, nor for contract formation. However, if you do not provide data, you may not be able to use our services or use them only in a limited way.

8. Social Networks and External Links

We operate other social media presences accessible via buttons on our site. By visiting them, personal data may be transferred to network providers, possibly outside the EU.
U.S. services certified under the EU-U.S. DPF comply with EU standards: https://www.privacyshield.gov/Program-Overview

Social network providers may process additional data (e.g., device and browser info) and, if logged in, associate activity with your account.
For purpose, scope, and your rights, consult each provider’s privacy notice.

Our website also contains links to external websites, where we have no influence on the data processing.

9. Data Security

We protect our website and systems through technical and organizational measures against loss, destruction, unauthorized access, modification, or distribution of your data by unauthorized persons. Full protection against all risks, despite regular checks, is not possible.

10. Withdrawal of Consent

You have the right to withdraw previously given consent at any time with future effect. Revocation does not affect the lawfulness of processing prior to withdrawal.

11. Data Subject Rights

You have the following rights under GDPR:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to objection (Art. 21 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18f GDPR)
• Right to data portability (Art. 20 GDPR)

If you wish to exercise these rights, please contact DSB-pism-medical [at] intersoft-consulting.de (DSB-pism-medical[at]intersoft-consulting[dot]de).
Note: We may need to confirm your identity before processing such requests.

Symbiont International GmbH