Medicinal cannabis
The patient in focus Endocannabinoid system
Information
HCPs

HCPs:

Pharmacists Avextra THC/CBD-Schnelltest Doctors

Topics

Studies Indications Extracts and Dronabinol R&D

Service:

Literature Events Media Center Dokumentation und Antragsstellung
About Avextra
Studies Quality, Made in Germany
Team Careers
Media
Investor Relations Press Releases
Products
Contact
Language
Deutsch English Italiano

Data protection

Thank you for your interest in our website and our services. With this privacy policy, we inform you about the how and why we process personal data when you visit our website https://avextra.com/ and its subdomains (hereinafter only „website“) and your rights as a data subject. We also inform you about how we process your data when we add you to our contact and customer database and when you use our profiles on social networks. With this privacy policy we are at the same time fulfilling our obligation under Article 13 of the General Data Protection Regulation (GDPR).

I. The Controller

The controller of the data processing is

Avextra Pharma GmbH

legally represented by the managing directors: Dr. Bernhard Babel, David Reckeweg-Lecompte
Kurfürstendamm 195
10707 Berlin

E-mail: info@avextra.com

We have appointed a data protection officer who can also be contacted under the postal contact details and under the following email address:

datenschutz@avextra.com

II. Processing of personal data

1. Visiting our Site

Purposes: In principle, you can use our website without having to provide personal data to us. However, when you use the website, some technical data is collected that can legally be qualified as personal data (esp. your IP address). Additionally, we store certain data in so-called log files. A log file consists of

  • Browser type/version,
  • operating system used,
  • Referrer URL (the previously visited page),
  • host name of the accessing computer (IP address),
  • time of the server request,
  • the URL you visited.

The processing of your IP address during the connection is done so that we can provide you with our website. The log files are stored to ensure the security and integrity of our systems, the technical administration of the network infrastructure and the optimisation of our website, as well as for internal statistical purposes. The IP address is only evaluated in the event of attacks on our network infrastructure.

Recipients: The processing of the aforementioned data is carried out on our instructions by our website hoster STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany („STRATO“). We have concluded a data processing agreement with STRATO in accordance with Art. 28 GDPR.

Legal basis: The processing is based on Art. 6 para. 1 lit. f) GDPR. Our legitimate interest here lies in the aforementioned purposes.

Storage period: Our log files are stored for 30 days and then deleted.

2. Using the Contact Form

Purposes: You can enter your personal data on our website to contact us. Your data will only be stored for as long as it is necessary to process your request.

Recipients: The processing of the aforementioned data is carried out on our instructions by our website hoster STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany as well as our e-mail provider Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. We have concluded a data processing agreement with both in accordance with Art. 28 GDPR.

Legal basis: The legal basis is Art. 6 Para. 1 lit. f GDPR, insofar as the processing of your enquiry is for the purpose of explaining our services and our company. If your enquiry is made in preparation for or in context with the conclusion or performance of a contract, the legal basis is Art. 6 para. 1 lit. b GDPR.

Storage period: We delete the data as soon as we have processed your enquiry. Insofar as it is not a one-off enquiry, but a business contact arises as a result and/or we include you in our contact database, we retain the data for as long as there is active communication between us. If there is no contact for a period longer than 3 years, we will delete your information.

3. Contacting us via Email

Purpose: You can contact us via the e-mail address available on our website. In the course of our communication, we process at least your e-mail address and furthermore all information that you send us with your message. The processing of your personal data when you send an e-mail is carried out exclusively in order to respond to your enquiry.

Recipients: The processing is carried out on our instructions by our e-mail provider Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. We have concluded a data processing agreement with Microsoft in accordance with Art. 28 GDPR.

Legal basis: The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the aforementioned purpose.

Storage period: We delete the data processed for this purpose as soon as we have processed your request. Insofar as it is not a one-off enquiry, but a business contact arises as a result and/or we include you in our contact database, we retain the data for as long as there is active communication between us. If there is no contact for a period longer than 3 years, we will delete your information.

4. Accessing Medical and Product Information

Purpose: We provide a login area on our website for healthcare professionals to access medical and product information about our products.

To provide the login area, we use the login service of DocCheck Community GmbH, Vogelsanger Straße 66, D-50823 Cologne („DocCheck“), which provides us with the certainty that you belong to the group of persons authorised to use the service. This requires a separate registration and a user account with DocCheck. When you use the login, DocCheck receives the information that you would like to log in to our site.

We receive the following information:

  • DocCheck’s confirmation as to whether you are authorised to access the area.
  • In addition, we receive anonymised information about your professional group, country, language or specialist area.

We do not receive any other information, e.g. your DocCheck user name or your DocCheck password or your civil identity.

We use this information to provide you with access, to analyse the use of our site for market research purposes and to improve our products and services.

For more information on how DocCheck processes your data, please visit. https://more.doccheck.com/de/privacy.

Recipient: When you use the login, the information that you would like to log in to our site is transmitted from your device to DocCheck.

Legal basis: The legal basis is Art. 6 para. 1 lit. f) GDPR, whereby our legitimate interest is to be able to offer you the service.

Storage period: We do not store any personal data in this context.

5. Assisting with Applications for Cost Coverage by Health Insurance Funds.

Purpose: We can support you, when you are planning to submit an application for the assumption of costs of our products by the health insurance companies. You have to visit a access restricted area on our Site, log in and enter the information required for the application. We will provide you with a completed application which you can submit to the respective health insurance company. For this purpose, we work together with Copeia GmbH, Schloßstrasse 20, 51429 Bergisch Gladbach as joint responsible parties. You can find more detailed information on the joint responsibility in the data protection declaration of Copeia at https://copeia.de/private/avextra/datenschutz.

To provide the login area, we also use the login service DocCheck, for which you can find more detailed information under point 3.

Recipient: When you use the log in, the information that you would like to log in to our site is transmitted from your end device to DocCheck.

Legal basis: The legal basis is Art. 6 para. 1 lit. f) GDPR, whereby our legitimate interest is to be able to offer you the service.

Storage period: We do not store any personal data in connection with the application.

6. Customer Relationship Management

Purposes: We keep a record of interested parties and relevant contacts from the health sector, in particular doctors and other medical professionals to keep in touch with you and to be able to provide information about our products and services, whether in person at your premises or by telephone or email. In addition, we may need to make contact in order to comply with our legal obligations for reasons of medical product safety or pharmacovigilance.

Specifically, and in detail, this may be done in the following cases: to send information relevant to medicines safety, to contact you in case of reported adverse reactions or other questions, to plan and carry out future interactions and to send you information material. In addition, we process the data for our complaints management.

We process your contact details as well as your professional group, information about your professional interests and our contractual relationships as well as our interaction history, including the contact persons we have spoken to and individual professional conversation contents.

We collect most of the data directly from you. Only contact details and data on your professional status may also be collected initially via publicly available sources.

Recipient: We use Salesforce, a product of the salesforce.com Germany GmbH, to manage our contacts. In doing so, Salesforce acts as our instruction-bound processor and we have concluded an order processing contract with Salesforce. Within the scope of the services, Salesforce may also transfer data to third countries outside the EU. In these cases, Salesforce has either provided for Binding Corporate Rules or concluded standard contractual clauses of the European Commission.

Legal basis: The processing is based on the following legal bases:

  • Consent: If you have given us consent, e.g. to contact you by phone and email, this is the legal basis for the processing purposes described in it. (Art. 6 para. 1 lit. a) GDPR).
  • Legitimate interest: Based on our legitimate interest, we process data when, for example, we collect contact details from public sources, plan field visits, or analyse and evaluate the effectiveness of advertising campaigns and the impact of our marketing).
  • Compliance with legal obligations: We also process the above data to comply with legal obligations in the context of medicines safety and pharmacovigilance pursuant to Art. 6para. 1 lit. c) GDPR.

Right of revocation: You can revoke your consent at any time with effect for the future via one of the contact addresses known to you, but preferably via the Avextra Pharma Service Centre (+49 6251 8265-280 or kundenservice@avextra.com, or Avextra Pharma GmbH, Service Centre, Berliner Ring 24, 64625 Bensheim).

Storage period: If the processing is based on consent, we will process your data until you revoke this consent. However, we will retain the data relating to your opt-in for a further 3 years after revocation for verification purposes and to be able to defend ourselves against any legal claims. Otherwise, we will delete your data if there has been no contact between us for more than 3 years.

7. Cooperation and Joint Controllership in Distribution

Purposes: In certain regions we cooperate with other partner companies for sales purposes. In these cases, we receive your contact information from our cooperation partners to visit you and to inform you about our products and services and those of our partner companies.

In these cases, we are joint controller with the partner companies for the transmission of the data and visiting you. The partner companies are responsible for the collection and transmission of the personal data to us, and we are responsible for getting in contact with you personally. You can assert your rights as a data subject both against us and against the cooperation partner known to you. We and the partner company are separately responsible for all further processing (i.e. in particular any contact outside the visit and the maintenance of the customer databases).

Partner companies: We currently work with the following partner companies:

  • Canopy Growth Germany GmbH, Lanzstraße 20, 68789 St. Leon-Rot

Legal basis: The processing is based on your consent where our partner company has obtained such consent and otherwise on our legitimate interest and the legitimate interest of our partner company in being able to present our products to you.

Storage period: If our processing of your data is based on consent, we will process your data until you withdraw this consent. However, we will retain the data relating to your opt-in for 3 years after its withdrawal for verification purposes and to be able to defend ourselves against any legal claims. Otherwise, we will delete your data if there has been no contact between us for more than 3 years.

8. Visiting our Social Media Profiles

We maintain profiles on social media networks. Our social media accounts complement our website and offer you the opportunity to interact with us on the networks. Once you access our social media profiles on the social networks, the terms and conditions and data processing policies of the respective social network operators apply. The data collected about you when using the services is processed by the networks and may also be transferred to or processed in countries outside the European Union where there is no adequate level of protection for the processing of personal data.

We have no influence on the data processing in the social networks, since we, like you, are users of the network.

Further information, especially what data is processed by the social networks and for what purposes the data is used can be found in the privacy policy of the respective network listed below. We use the following social networks:

a) XING

Our page can be accessed at: https://www.xing.com/pages/avextra

The operator of the network is: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

Privacy policy of the network: https://privacy.xing.com/de/datenschutzerklaerung

b) LinkedIn

Our site can be accessed at: https://de.linkedin.com/company/avextra-ag

The operator of the network is: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland.

Privacy policy of the network: www.linkedin.com/legal/privacy-policy Datenschutzerklärung:

c) Processing on Social Networks and Joint Control

Purposes: We process personal data as a (separate) data controller when you send us requests via the social media profiles. We process this data to respond to your requests.

In addition, we are joint controllers with the following networks and for the following processing operations (Art. 26 GDPR).

  • As part of visiting our profile on the LinkedIn network, the network collects aggregated statistics („Insights Data“) created from certain events logged by their servers when you interact with our profiles and related content. We receive these aggregated and anonymous statistics from the network about our profile usage. We are generally not able to attribute the data to specific users. To a certain extent, we can determine the criteria according to which the network creates these statistics for us. We use these statistics to make our profiles more interesting and informative for you.

For more information on this data processing, please refer to the Joint Controller Agreement at: https://legal.linkedin.com/pages-joint-controller-addendum. Otherwise, the network is solely responsible for the processing of your data.

Legal basis: The processing is based on our legitimate interest in doing so (Art. 6 para. 1 lit. f GDPR). The interest lies in the respective purpose.

Storage period: We do not store any personal data ourselves within the scope of joint responsibility. With regard to contact requests outside the network, the information provided above on contacting us applies accordingly.

9. Job Application

Purposes: If you wish to work with us, you can apply for vacancies or on your initiative. We will then process your information to assess your application and decide whether we can offer you a job.

Recipients: Your application will be viewed and assessed internally by the competent persons.

Legal basis: The legal basis for processing is Section 26 para .1 BDSG.

Storage period: We process your data for the above-mentioned purposes until a decision is made about your employment. We then retain your data for a period of 6 months for the purpose of defending against any legal claims.

III. Storage of and/or Access to Information on Terminal Equipment

When you use our site, information may be stored on your terminal equipment or we may access information already stored on it if this is absolutely necessary for providing our service (Section 25 para. 2 TTDSG). Otherwise, we will only store information on your terminal equipment or access such information if you have given us your prior informed consent.

Cookie settings:

You can change your cookie settings by clicking on the cookie icon at the bottom right of the page.

In the following, we describe in more detail the services we use for statistical purposes on the basis of consent:

1. Google Tag Manager

Purpose: We use „Google Tag Manager“ on our website, a service provided by Google Ireland Limited. The Google Tag Manager enables us to manage website tags via an interface. The Google Tag Manager tool that implements the tags is a cookie-less domain and does not itself collect any personal data. Google Tag Manager provides for the triggering of other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Legal basis: Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TTDSG.

Storage period: No personal data is stored.

2. Google Analytics

Purpose: If you have given us your consent to the use of cookies for analysis purposes, this website uses Google Analytics 4.

Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We use the User ID function. With the help of the User ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse user behaviour across devices.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. During your website visit, your user behaviour is recorded in the form of „events“. Events can be:

  • Page views
  • First visit to the website
  • Start of session
  • Your „click path“, interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • file downloads
  • ads seen / clicked on
  • language settings

Google also records:

  • Your approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/advertising medium you came to this website)

On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity. The reports provided by Google Analytics are used to analyse the performance of our website.

To the extent that data is processed outside the EU/EEA, to establish an adequate level of data protection, we have also entered into the applicable European Union SCCs with Google as part of our order processing agreement.

Recipient: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google may use sub-processors who process data outside the EU/EEA, where there may not be a level of data protection equivalent to the European standard.

Legal basis: The legal basis is your consent in accordance with § 25 Para. I S. 1, 2 TTDSG, Art.6 Para.1 S.1 lit. a) GDPR.

Right of withdrawal: You can withdraw your consent at any time with effect for the future by using the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Storage period: The data sent by us and linked to cookies are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

IV. General Information on Categories of Recipients and Storage Period

Unless explicitly stated otherwise in this data protection information, only persons within our company will have access to your personal data. Furthermore, these persons must be responsible for processing the requests and have appropriate access to the IT system. In addition, we only use external service providers, apart from those explicitly mentioned, insofar as we cannot or cannot reasonably perform services ourselves. Data is only transferred to third countries if we inform you in this data protection declaration that your data will be passed on.

As a matter of principle, we only process data for as long as it is required for the respective purpose. If the data is then no longer processed for any other purpose, we generally delete it immediately.

V. Data subject rights

The General Data Protection Regulation guarantees you certain rights that you can assert against us – insofar as the legal requirements are met.

Art. 15 GDPR – Right of access by the data subject:

You have the right to request confirmation from us as to whether personal data relating to you is being processed and, if so, what that data is and the circumstances under which it is being processed.

Art. 16 GDPR – Right to rectification:

You have the right to demand that we correct any inaccurate personal data relating to you without undue delay. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data – also by means of a supplementary statement.

Art. 17 GDPR – Right to erasure:

You have the right to demand that we delete personal data concerning you without delay.

Art. 18 GDPR – Right to restriction of processing:

You have the right to demand that we restrict processing.

Art. 20 GDPR – Right to data portability:

You have the right, in the case of processing based on consent or for the performance of a contract, to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and to transfer this data to another controller without hindrance from us, or to have the data transferred directly to the other controller, insofar as this is technically feasible.

Art. 21 GDPR – Right to object:

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is necessary for a legitimate interest on our part or for the performance of a task carried out in the public interest, or which is carried out in the exercise of official authority.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

Insofar as we process your personal data for the purpose of direct marketing, you have the right to object to the processing at any time. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Art. 77 GDPR in conjunction with § 19 BDSG – right to lodge a complain with a supervisory authority:

You have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates applicable law.

Right to Withdraw a consent

You can revoke a given consent at any time with effect for the future via one of the contact addresses known to you, but preferably via the Avextra Pharma Service Centre (+49 6251 8265-280 or kundenservice@avextra.com, or Avextra Pharma GmbH, Service Centre, Berliner Ring 24, 64625 Bensheim).

VI. Obligation to provide data

You have no contractual or legal obligation to provide us with personal data. However, without the data you provide, we may not be able to offer you all of our services.

VII. Existence of automated decision-making (including profiling)

When visiting our website, you will not, at any time, be subject to automated decision-making that would have legal effect in relation to you or otherwise adversely affect you in relation to the processing of personal data.

VIII. Changes to this Privacy Policy

We will occasionally adapt and change this Privacy Policy. We will notify you of changes by posting the updated version here or by other appropriate means.

January 2024

EN
DE IT EN