Data Protection

Information about data processing for this website in accordance with Article 13 of the EU General Data Protection Regulation (GDPR) in relation to the collection of personal data concerning the data subject

Privacy policy (Version: GDPR 2.0)

PHARMALOG - Institut für klinische Forschung GmbH [Institute for Clinical Research], is responsible for this website and, as a provider of a teleservice, is required to inform you at the beginning of your visit about the type, scope and purposes of the collection and use of personal data in precise, transparent, understandable and easily accessible form and in clear and simple language. This content must be available to you at all times.

We attach great importance to the safety of your data and compliance with data protection regulations. The processing of personal data is subject to the provisions of the currently applicable European and national laws.

The following privacy policy serves to show you how we handle your personal data and how you can contact us:

PHARMALOG – Institut für klinische Forschung GmbH
Oskar-Messter-Strasse 29
85737 Ismaning
Commercial Register No.: HRB 71741
Managing Directors:
Holger Stammer, Constanze Stammer, Dr. Jens Milde
Telephone: +49 5446370

Our data protection officer
Sven Lenz
Deutsche Datenschutzkanzlei – Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstrasse 50
87435 Kempten

If you have any questions relating to data protection or any other concerns relating to data protection regulations, please do not hesitate to contact us by sending an email to the following email address:

A. General information

For better comprehensibility, we do not differentiate between genders. For the purposes of equal treatment, terms used apply to all genders. Article 4 of the GDPR explains the meaning of the terms used, e.g., "personal data" or "processing".

The personal data of users processed within the scope of this website include
- usage data (e.g., pages visited on our website) and
- content data (e.g., entries in the online forms).

B. Specifics

Privacy policy
We guarantee that we process your data only in connection with the processing of your enquiries and for internal purposes as well as to provide services or content requested by you.

Data processing principles
We process your personal data only in compliance with the relevant data protection regulations for the following purposes and on the following legal basis:

- Provision of our contractual services, Article 6 (1) b) GDPR
- Processing is a legal requirement, Article 6 (1) c) GDPR
- You have given your consent, Article 6 (1) a) and Article 7 GDPR
- Pursuance of our legitimate interests, Article 6 (1) f) GDPR

Data transmission to third parties
No data is transferred to third parties.If we use subcontractors to provide our services, we take appropriate legal precautions as well as appropriate technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal regulations.

Transfer of data to a third country or international organisation
Third countries are countries in which the GDPR law is not directly applicable. In principle, this includes all countries outside the EU and the European Economic Area.

No data is transferred to a third country or an international organisation without a legal basis.

Storage duration of your personal data
We adhere to the principles of data economy and data avoidance. This means that we only store your data for as long as necessary to fulfil the aforementioned purposes or for as long as the various storage periods stipulated by the legislator. If the respective purpose becomes obsolete or after the expiry of the corresponding periods, your data will be blocked or deleted routinely and in accordance with the statutory provisions.

We have developed an internal company concept to ensure this procedure.

If you contact us via the website, you agree to electronic communication. When you contact us by electronic means, personal data is processed. The information you provide will only be stored for the purpose of processing your enquiry and for possible follow-up questions (processing for the performance of our services and implementation of contractual measures, Article 6 (1) b) GDPR). We use software for the maintenance of customer data (CRM system), in which we process personal data for the duration of the customer relationship (processing for the purpose of our legitimate interests, Article 6 (1) f) GDPR).

Please note that emails can be read or changed without authorisation and unnoticed during transmission. Please also note that we use software for filtering unsolicited emails (spam filter). The spam filter can reject emails that have been falsely identified as spam by certain features.

What are your rights?
a) The right of access
You have the right to obtain information about your stored data free of charge. Upon request, we will inform you in writing as to which personal data we have stored about you. This also includes the origin and recipients of your data as well as the purpose of data processing.

b) The right to rectification
If your data stored with us is incorrect, you have the right to have it corrected. You can request restricted processing, e.g. if you dispute the accuracy of your personal data.

c) The right to data blocking
You can also have your data blocked. To ensure that your data can be blocked at any time, these data must be kept in a block file for control purposes.

d) The right to erasure
You can request the deletion of your personal data, as far as no legal storage obligations exist. If such an obligation exists, we will block your data upon request. If the relevant legal requirements are met, we will delete your personal data even if you do not request it.

e) The right to data portabilityYou are entitled to ask us to provide the personal data transmitted to us in a format that permits the transmission to another location.

f) Right of appeal to a supervisory authority
You have the option to file a complaint with one of the data protection supervisory authorities.

Our competent data protection supervisory authority:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27, 91522 Ansbach, Germany
Telephone: +49 981 53-1300
Fax: +49 981 53-981300

You can open the complaint form via the following link:

A complaint can also be submitted to any data protection supervisory authority in the EU.

g) The right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) e) and f) GDPR, including profiling based on those provisions.

PHARMALOG – Institut für klinische Forschung GmbH shall no longer process your personal data unless it can provide compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where such processing is necessary for the assertion, exercise or defence of legal claims.

If personal data are processed for the purpose of direct advertising, you have the right to object to the processing of your personal data at any time for the purposes of such advertising; this also applies to profiling where connected to such direct advertising. In the event of such an objection, we will no longer process your personal data for the purposes of direct marketing. All you need to do is send us an email accordingly.

h) The right to withdraw
You are entitled at any time to withdraw your consent to the processing of your data with effect for the future without stating any reasons. You will not be at any disadvantage as a consequence of withdrawing your consent. All you need to do is send us an email accordingly.

However, such revocation does not affect the legality of the processing carried out up to that point on the legal basis of Article 6 (1) a) GDPR.

To assert your data subject rights, send an email to us at the following address:

Protection of your personal data
We take contractual, technical and organisational security measures in accordance with the state of the art in order to ensure that the data protection laws are observed and thus to protect the processed data against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.

The security measures include, in particular, the encrypted transfer of data between your browser and our servers.
A TLS encryption system is used for this purpose.

Your personal data are protected in the context of the following points (excerpt):
a) Protecting the confidentiality of your personal data
In order to protect the confidentiality of your data stored with us, we have taken various access and control measures.

b) Protecting the integrity of your personal data
In order to protect the integrity of your data stored with us, we have taken various transfer and input control measures.

c) Protecting the availability of your personal data
In order to protect the availability of your data stored with us, we have taken various order and availability control measures.

Our applied security measures are continuously improved in line with technological developments. Despite these precautions, and due to the uncertain nature of the Internet, we cannot guarantee the security of your data transmission to our website. Therefore, any data transmission by you is at your own risk.

Protection of adolescents
Personal information may only be made available to us by persons under the age of 16 with the express consent of their legal guardians. These data will be processed in accordance with this privacy policy.

Server log files
The provider of the pages collects and automatically stores information in so-called server log files that your browser transmits to us automatically.
These are:
• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server query
• IP address

These data are not combined with other data sources.

The legal basis for the data processing is, in accordance with Article. 6 (1) f) GDPR,
our legitimate interest.

Data processing within the framework of the job application process
On our website we offer job applicants the possibility of submitting applications to us in writing or by email.
Information required as part of the application process includes general personal information (name, address, telephone or electronic means of contact) and performance-specific documentation of qualifications required for a position. Where applicable, health-related information may also be required, which must be given special consideration under employment and social security law in the interest of the applicant's social protection.

When you send us your application documents, your data will be transmitted to us via the selected communication method and processed exclusively for the purpose of dealing with your application. We would like to draw your attention to the fact that an email application is voluntary and that transmission is not secure, as unauthorised persons can intercept emails and possibly use the contents for their own purposes.

The legal basis for the processing is Article 6 (1) b) GDPR in conjunction with Section 26 (1) of the German Federal Data Protection Act (BDSG), for the purposes of which the application process is considered to be the initiation of a contract of employment. Insofar as special categories of personal data within the meaning of Article 9 (1) GDPR (e.g., data concerning health such as information on severe disability) are requested from applicants as part of the application process, processing will be in accordance with Article 9 (2) b) GDPR, so that we can exercise the specific rights and carry out our obligations in the field of employment and social security law and social protection law.

Based on the above or alternatively the special categories of data may also be processed based on Article 9 (1) h) GDPR, if it is for the purpose of preventive or occupational medicine, for the assessment of the working capacity of the applicant, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.

If the applicant is not selected in the course of the evaluation described above or if an applicant withdraws his/her application prematurely, the data provided up to that point will be deleted after four months at the latest following appropriate notification. This period is defined on the basis of our legitimate interest in being able to answer any follow-up questions about the application and, if necessary, to comply with our obligations to provide evidence under the regulations on equal treatment of applicants.

In the event of a successful application, the data which have been provided will be processed further on the basis of Article 6 (1) b) GDPR in conjunction with Section 26 (1) of the German Federal Data Protection Act (BDSG) for the purpose of the implementation of the employment relationship.

In the application process you are also entitled to the data subject rights under Chapter III of the GDPR (e.g., right of access, right to erasure or rectification) as well as the the right to lodge a complaint with the competent supervisory authority.

Cookies are small text files that are stored locally in the cache of your Internet browser. Cookies enable, e.g., the recognition of the Internet browser. The files are used to help the browser navigate through the website and use all functions to their full extent.
We only use cookies that are of relevance for the system or are necessary.

Changes to our privacy policy
We reserve the right to amend our privacy policy at short notice so that it always comply with current legal requirements or to implement changes to our services. This may, for example, concern the introduction of new services. The new privacy policy will then apply for your next visit.