Updated November 2021
1. Types of collected information
We may collect the following information about you:
2. Purposes of Data Processing
Based on our legitimate interest, and unless you have specifically limited usage of your personal data when providing it to CROMOS PHARMA, we will use your personal data in the scope not exceeding reasonably necessary for particular purpose, as follows:
No automated decision making (profiling, etc.) is being carried out by CROMOS PHARMA. We shall not use any source of the personal data other than information provided by the data subject directly or made available to the public in a legal manner.
Where CROMOS PHARMA collects personal data directly from individuals, it will explain the purposes for which it collects and uses personal data, the types of third parties to which CROMOS PHARMA discloses that information, and the choices and means, if any, CROMOS PHARMA offers Individuals options for limiting the use and disclosure of personal data about them. Notice will be provided in clear and conspicuous language. This explanation will be provided as soon as practicable and, in any event, before CROMOS PHARMA discloses the personal data or uses such information for a purpose materially different than that for which it was originally collected or processed. CROMOS PHARMA also will provide any additional information required by law for a specific context, product, or service. In general, with exceptions and other lawful bases that may be relevant for any specific product or service notice, CROMOS PHARMA processes personal data for its legitimate interests consistent with applicable law. Where an CROMOS PHARMA entity receives personal data from other entities, it will use such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal data relates.
CROMOS PHARMA may also use the personal data collected above to comply with our legal and regulatory obligations, policies and procedures, and for internal administrative purposes.
CROMOS PHARMA may offer individuals the opportunity, where practical and appropriate, to choose whether their personal data is (a) to be disclosed to a third party, or (b) to be used for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by the individual.
CROMOS PHARMA will not process sensitive personal data about individuals for purposes other than those for which the information was originally obtained or subsequently authorized by the individual unless the individual explicitly consents to the processing (“opt-in”), or as required or permitted, or where not prohibited by law or regulation.
In some cases, even if an individual opts-out of disclosures of their personal data, CROMOS PHARMA may still disclose such personal data (i) if required to do so by law, court order or legal process, (ii) in response to lawful requests by public authorities, including meet national security or law enforcement requirements, (iii) under the discovery process in litigation, (iv) to enforce CROMOS PHARMA policies or contracts, (v) to collect amounts owed to CROMOS PHARMA, (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity, or (vii) in the good faith believe that disclosure is otherwise necessary or advisable. CROMOS PHARMA also may transfer personal data when a material event concerning its business operation(s), assets or shares, such as purchase, disposal, merger, joint venture or acquisition, is proposed or occurs. In such an event, CROMOS PHARMA will endeavor to direct the transferee to use personal data in a manner that is consistent with this Policy. CROMOS PHARMA will provide individuals with reasonable mechanisms to exercise their choices to the extent required by applicable law.
5. Information regarding your rights
The following rights are in general available to you according to applicable data privacy laws:
If you wish to exercise your rights, please address your request to the contact form or to our company data protection office indicated below.
If you are a resident of California or Nevada in the United States, you may have additional rights regarding your personal data. More information may be found here.
6. Personal Data Retention Period
Your personal data will be retained for 5 years after the last contact, unless otherwise provided by the applicable legislation, or unless we have received your request for erasure of your personal data or restrictions of processing thereof in accordance with the applicable legislation.
We do not collect any contact information and we will never send you any direct communication.
You have the right to view, amend, or delete the personal data that we hold about you. To request access please contact firstname.lastname@example.org. We will provide the information free of charge and within one month, except in the event that the request is unfounded, excessive or repetitive, in which case we reserve the right to charge a proportionate administration fee or refuse.
8. Rectification of personal data
If any of the information we hold on you is inaccurate or incomplete, you may ask us to correct or complete it at any time.
9. Your right of erasure, or to be forgotten
You may request the deletion of any email we hold on you at any time.
Be aware that requesting deletion, unlike unsubscribing from specific emails, is total and irreversible. This means that we will also lose record of you having ever been on our systems, including any previous instructions you have given us opting out of specific email types. If you re-join our systems, by voluntarily providing your personal data, you will appear to us as a completely new data subject. This does not affect your other rights in any way.
To request deletion of your personal data, contact email@example.com using the email address we hold for you or otherwise proving your identity.
10. Using our Website
In the following we wish to provide you with information on how we handle your personal data when you use our Website. Unless otherwise indicated in the following chapters, the legal basis for the handling of your personal data results from the fact that such handling is required to make available the functionalities of the Website requested by you (Art. 6(1)(b) General Data Protection Regulation).
A. Accessing our Website
When access our Website, your browser will transfer certain data to our web server. This is done for technical reasons and required to make available to you the requested information. To facilitate your access to the Website, the following data are collected, briefly stored and used:
Moreover, to protect our legitimate interests, we will store such data for a limited period of time in order to be able to initiate a tracking of personal data in the event of actual or attempted unauthorized access to our servers (Art. 6(1)(f) General Data Protection Regulation).
B. Setting of cookies
a) What are cookies?
This Website uses so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser. They store certain information (e.g., your preferred language or site settings) which your browser may (depending on the lifespan of the cookie) retransmit to us upon your next visit to our Website.
b) What cookies do we use?
We differentiate between two categories of cookies: (1) functional cookies, without which the functionality of our Website would be reduced, and (2) optional cookies used for e.g. website analysis and marketing purposes. The following tables contain a detailed description of the optional cookies we use:
|Purpose and content||Lifespan|
|Website analysis and online behavioral advertising:
These cookies assign a randomly generated ID to your device, enabling us and the relevant vendor to recognize your device upon your next access.
For details see the respective chapter below.
6 monthsFor online behavioral advertising: determined by respective vendor
c) Subject to your consent
We only use optional cookies if we have obtained your prior consent (Art. 6(1)(a) General Data Protection Regulation). Upon your first access to our Website, a banner will appear, asking you to give us your consent to the setting of optional cookies. If your consent is given, we will place a cookie on your computer and the banner will not appear again as long as the cookie is active. After expiration of the cookie’s lifespan, or if you actively delete the cookie, the banner will reappear upon your next visit to our Website and again ask for your consent.
d) How to prevent the setting of cookies
C. Website Analysis and Online Behavioral Advertising
On our Website we use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
Google will analyze your use of our Website on our behalf. To this purpose we use, among others, the cookies described in more detail in the above table. The information collected by Google in connection with your use of our Website (e.g. the referring URL, our webpages visited by you, your browser type, your language settings, your operating system, your screen resolution) will be transmitted to a server of Google in the US, where it will be stored and analyzed. The respective results will then be made available to us in anonymized form. Your usage data will not be connected to your full IP address during this process. We have activated on our Website the IP anonymizing function offered by Google, which will delete the last 8 digits (type IPv4) or the last 80 bits (type IPv6) of your IP address. Moreover, by concluding specific agreements with Google we ensure that an adequate level of data protection is maintained with respect to the processing of personal data by Google in the US.
You may revoke your consent to the use of web analysis at any time, either by downloading and installing the provided Google Browser Plugin or by administrating your consents in the above table, in which case an opt-out cookie will be placed. Both options will prevent the application of web analysis only as long as you use the browser on which you installed the plugin and do not delete the opt-out cookie.
Online behavioral advertising with Facebook
This Website uses an online behavioral advertising service of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (using Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA as subprocessor) (“Facebook”).
Facebook will analyze your use of this Website. To this purpose, we use the cookies described in more detail in the above table. The information collected by Facebook in connection with your use of our Website will be transmitted to a server of Facebook in the US, where it will be stored and analyzed. These information include the referring URL, your browser type, your language settings, your operating system, your screen resolution and further information depending on the implemented pixel events (e.g. “purchase”: processes the type, ID and number of the selected item as well as payment information and currency; “search”: processes the search string, when you search for a product on our website; “view content”: processes the content ID, name, type, currency and value). We and our partner Facebook will use this information to better tailor our advertisements to you and your interests, to limit the number of times you are shown the same advertisement, to evaluate the efficiency of promotional campaigns, and to better comprehend the behavior of visitors after they have looked at a certain ad. When you visit your Facebook timeline or another websites of Facebook’s advertisement network (so called “Audience Network”), customized feeds tailored to your interests can be presented to you on the basis of the information collected on our Website.
By concluding specific agreements with Facebook Inc. we ensure that an adequate level of data protection is maintained with respect to the processing of personal data by Facebook Inc. in the US.
You may withdraw your consent to this transfer of information to Facebook for online behavioral advertising purposes at any time by administrating your consent in the above table, in which case an opt-out cookie will be placed. Please note that this will only prevent any transfer of information to Facebook as long as you do not delete the opt-out Cookie.
Online behavioral advertising with Google
This Website uses an online behavioral advertising service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google“).
Google will analyze your use of this Website. To this purpose, Google uses the cookies described in more detail in the above table. The information collected by Google in connection with your use of our Website (e.g. the referring URL, our webpages visited by you, your browser type, your language settings, your operating system, your screen resolution) will be transmitted to a server of Google in the US, where it will be stored and analyzed. We and our partner Google will use this information to better tailor our advertisements to you and your interests, to limit the number of times you are shown the same advertisement, to evaluate the efficiency of promotional campaigns, and to better comprehend the behavior of visitors after they have looked at a certain ad. When you visit another website of the so-called “Google Display Network”, customized pop-ups tailored to your interests can be presented to you on the basis of the information collected on our Website.
By concluding specific agreements with Google we ensure that an adequate level of data protection is maintained with respect to the processing of personal data by Google in the US. You may withdraw your consent to this transfer of information to Google for online behavioral advertising purposes at any time either by administrating your consents in the above table, in which case an opt-out cookie will be placed, or by downloading and installing the Google Browser Plugin offered by Google. Both options will prevent the use of online behavioral advertising services only as long as you use the browser on which you installed the plugin and do not delete the opt-out Cookie.
Google is responsible for processing your personal data which Google collects directly from our Website for online behavioral advertisement services. Since we have no control over personal data collected and processed by third parties, we are not in a position to provide binding information regarding the scope and purpose of such processing of your personal data. Thus, please visit Google’s information on data privacy to receive further information on how Google processes your personal data and for how long. At the time of preparation of this privacy statement, Google’s information was available on the Google Data Protection Guidelines for Advertising.
Online behavioral advertising with LinkedIn
The LinkedIn Insight Tag enables the collection of data regarding members’ visits to your website, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp. The IP addresses are truncated or (when used for reaching members across devices) hashed, and members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 180 days.
LinkedIn does not share the personal data with the website owner, it only provides reports (which do not identify you) about the website audience and ad performance. LinkedIn also provides retargeting for website visitors (up to 90 days after the visit), enabling the website owner to show personalized ads off its website by using this data, but without identifying the member. We also use data that does not identify you to improve ad relevance and reach members across devices. LinkedIn members can control the use of their personal data for advertising purposes through their account settings.
D. Use of contact forms
You can contact us directly via the contact forms available on our Website. In particular, you may provide us with the following information:
We collect, process, and use the information provided by you via the contact forms exclusively for the processing of your specific request.
E. Subscription to our newsletter
On our Website, you may subscribe to receive our newsletter. Based on your prior consent, we will collect and use the email address you indicate for providing you with the newsletter (Art. 6(1)(a) General Data Protection Regulation).If you wish to receive a customized newsletter, you may, on a voluntary basis, provide us with the following additional information:
For subscription to our newsletter we use the so-called double opt-in procedure. After you have subscribed to the newsletter on our Website, we will send you a message to the indicated email address asking for your confirmation. If you do not confirm your subscription, your subscription will automatically be deleted. In order to prevent any misuse of your personal data, we will log your subscription and confirmation, filing the IP address you use when subscribing, the time of your subscription and confirmation, the messages sent by us regarding your subscription, and the wording of your subscription and confirmation.
You may at any time with future effect revoke your consent to receive our newsletter. To declare that you wish to unsubscribe, you may use the respective link included in all newsletters, or refer to the contacts indicated below.
F. External services or content on our Website
We include third-party services and/or content on our Website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons.
The respective provider of the services or content may also process your data for own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for own purposes in such a way that either any communication for other purposes than to present their services or content on our Website is blocked, or communication only takes place once you have actively opted to use the respective service. However, since we have no control over data collected and processed by third parties, we are not in a position to provide binding information regarding the scope and purpose of such processing of your data.
For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context:
G. Use of Publication Order
On our Website, you may order/subscribe many of our publications. Based on your prior consent, we will collect and use the address details you indicate for providing you with the publication:
You are welcome to provide us with the following optional information:
H. User Surveys
Participation in the user surveys conducted from time to time on our website is voluntary. We use functional cookies to carry out the user surveys. The technical information recorded by the user survey is the same information that is recorded when users visit the website (see above). Your responses submitted during the user survey will not be linked to your personal data such as your IP address.
I. Job Matching Function
If you want to make use of the job matching functionality, we need additional application documents, such as your resume, certificates and/or a cover letter, which can be uploaded to the website. An automated algorithm compares the documents you provide with current vacancies at CROMOS PHARMA in order to be able to offer you career opportunities tailored to your needs. The document will be automatically deleted afterwards.
11. Transfer of data
Your personal data may be transferred for processing to the following third parties:
12. Processing of personal data outside the EU / the EEA
Your personal data will in part also be processed in countries outside the European Union (“EU”) or the European Economic Area (“EEA”), which may have a lower data protection level than European countries. In such cases, we will ensure that a sufficient level of protection is provided for your personal data, e.g. by concluding specific agreements with our contractual partners (copy available on request), or we will ask for your explicit consent to such processing.
Please note that as of July 16, 2020, we no longer rely on the EU-U.S. Privacy Shield to transfer data that originated in the EEA or the UK to the U.S. We may continue to rely on alternative data transfer mechanisms deemed appropriate by the relevant authorities to transfer data collected from the EEA and the UK to the U.S., such as standard contractual clauses.
13. California Privacy Addendum
CROMOS PHARMA is not a California-based business, but from time to time we collect the personal data of the California’s residents in the course of our business operations. CROMOS PHARMA is subject to the changes from CalOPPA, including the requirement to post the Do Not Track disclosure.
14. Data integrity and purpose limitation
CROMOS PHARMA endeavors to use personal data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. CROMOS PHARMA will take reasonable steps designed to ensure that only personal data that is relevant to its intended use, accurate, complete, current, and otherwise reliable in relation to the purposes for which the information was obtained is used by CROMOS PHARMA for as long as CROMOS PHARMA retains possession of such information. CROMOS PHARMA’s personnel have a responsibility to assist CROMOS PHARMA in maintaining accurate, complete, and current personal information. Where CROMOS PHARMA acts on behalf of another entity, CROMOS PHARMA endeavors only to process personal data that is relevant to the services it provides, and only for purposes compatible with those for which the personal data was collected; wherever possible, such Personal Information is non-identified. Where CROMOS PHARMA processes personal information as a CRO or otherwise acts under the direction of its customers, CROMOS PHARMA works with such customers so that the customers can provide a way for individuals to correct or update their personal data to the extent required by law.
15. Recourse, enforcement, and liability
CROMOS PHARMA encourages individuals covered by this Policy to raise questions about the processing of personal data about them by contacting CROMOS PHARMA through the contact information provided below. Any personnel that CROMOS PHARMA determines is in violation of this Policy will be subject to disciplinary action, in accordance with CROMOS PHARMA’s disciplinary procedures.
Any questions or concerns regarding the use or disclosure of personal data should also be directed to CROMOS PHARMA through the contact information given below. CROMOS PHARMA will undertake reasonable efforts to investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data in accordance with the principles contained in this Policy.
If you are an EU citizen and feel that CROMOS PHARMA is not abiding by the terms of this Policy, please contact CROMOS PHARMA at the contact information provided below. If any request remains unresolved, you may contact the national data protection authority for your EU Member State.
In circumstances in which CROMOS PHARMA obtained or maintains personal data as a CRO or other service provider, individuals may submit complaints concerning the processing of their personal data to the relevant client, in accordance with the client’s dispute resolution process. CROMOS PHARMA will participate in this process at the request of the client or the individual. CROMOS PHARMA will take steps to remedy any issues arising out of potential failure to comply with this Policy.
For any questions you may have with respect to data privacy, please use the provided contact form or contact our company data protection officer at the following address:
CROMOS PHARMA Data Protection Officer
CROMOS PHARMA Ireland Limited is designated as representative in the European Union for our non-European legal entities in accordance with Art. 27 GDPR. You may contact the representative at the following address:
Data Privacy Representative
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.