Datenschutz – Privacy Policy
General information
ARC-Traicoa UG (haftungsbeschränkt) (hereinafter ‘ARC-Traicoa’) implements training for individuals and companies within the pharmaceutical sector and provides consultancy in the area of pharmacovigilance, quality management, clinical trials, medical writing, marketing applications, project & team management and support with safety database validation.
This Privacy Policy informs you about the nature, extent and purpose of the processing of personal data within the scope of data processing procedures and of ARC-Traicoa online services and the associated websites, features and content (hereinafter jointly ‘Online Service’ or ‘Website’). The Privacy Policy shall apply regardless of the domains, systems, platforms and devices (for example, desktop or mobile, apps, chat, etc.) used to provide the Online Service.
Collection of personal data and why it is collected
ARC-Traicoa collects, processes and uses personal data within the scope of data processing procedures and of its Online Service for the purpose of optimising its customer communication and services, providing training formats and enabling optimal access to products and services.
A change in the purpose of the advertising activities for professional training shall be permitted for the purpose of informing our customers/users about our services.
User personal data processed within the scope of its services shall include user-related data (such as name, company name and address of customers and prospective customers, and interest profiles) contract data (such as services used and payment information), usage data (such as web pages of our Online Service that have been visited and interest in our services) and content data (such as information provided in the contact form, booking process and chats).
The term ‘user’ shall include all categories of the data subjects. These shall include our commercial partners, customers, prospective customers and visitors of our Online Service.
Legal basis
We shall only process user personal data in accordance with the relevant provisions of the Privacy Policy. This means that user data shall only be processed if it is legally permissible, that is, in particular if the data processing is required for the provision of our contractual services (for example, processing orders) as well as our Online Service, or is required by law; if the user has given their consent; and for the purpose of our legitimate interests (that is, interest in the analysis, optimisation, economic operation and security of our Online Service as set in Art. 6 [1] lit. f of the EU General Data Protection Regulation [GDPR], in particular for audience reach measurement, the creation of profiles for advertising and marketing purposes, the collection of access data and the use of services of third-party providers).
We would like to indicate that the legal basis for consent shall be Art. 6 (1) lit. a and Art. 7 of the GDPR, the legal basis for processing for the fulfilment of our services and the implementation of contractual measures shall be Art. 6 (1) lit. b of the GDPR, the legal basis for processing to fulfil our legal obligations shall be Art. 6 (1) lit. c of the GDPR and the legal basis for processing to safeguard our legitimate interests shall be Art. 6 (1) lit. f of the GDPR.
Security measures
We shall apply organisational, contractual and technical security measures to the latest technological standards to ensure compliance with the provisions of data protection law and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorised parties.
The security measures are in the hands of the online service providers ‚teachable‘ and ‚edudip‘ as the company website of ARC-Traicoa is not used to collect and exchange directly data.
Data transfer and third-party providers
Data shall only be transferred to third parties within the scope of legal provisions. We shall only transfer user data to third parties if this is required for contractual purposes in accordance with Art. 6 (1) lit. b of the GDPR or if it is for the purpose of our legitimate interests in the economic and effective operation of our business in accordance with Art. 6 (1) lit. f of the GDPR, for example.
Insofar as we shall use subcontractors to provide our services, we shall resort to the appropriate legal measures and relevant technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal provisions. For the above purposes, we may transfer your data to the following companies:
edudip GmbH, Jülicher Strasse 306, 52070 Aachen, Germany
teachable Inc., 470 Park Avenue South, 6th Floor, New York New York 10016, USA
Insofar as content, tools or other resources shall be used by any other provider (hereinafter jointly ‘Third-party Provider’) within the scope of this Privacy Policy, and their named registered office is in a third country, it shall be assumed that data shall be transferred to the country in which the Third-party Provider has their registered office. A third country shall be understood as a country in which the GDPR is no directly applicable legislation, that is, in principle, any country outside the EU or the European Economic Area (EEA). Data shall be transferred to a third country if there is either an adequate level of data protection or user consent, or else if it is otherwise legally permissible.
In the broadest sense, shortened customer/participant personal data (first name, surname, position, company, location) is transferred to the other participants/speakers of the respective event in the form of a list of participants in the event documentation.
Processing user data
We process user-related data (such as user names, addresses and contact details), contract data (such as services used, names of contact persons and payment information) in order to fulfil our contractual obligations and services in accordance with Art. 6 (1) lit. b of the GDPR.
An user account shall provide users with further opportunities to make better use of our Online Service, for example, newsletter administration. Users shall be informed about the mandatory information required during registration. User accounts shall not be public and cannot be indexed by search engines. If users have terminated their account, their data in terms of the user account shall be deleted unless its storage is necessary for commercial or fiscal purposes in accordance with Art. 6 (1) lit. c of the GDPR. It shall be incumbent on the users to back up their data in the event of termination before expiry of the contract. We shall be entitled to irretrievably delete all user data stored during the term of the contract.
The IP address and the time of the respective user activity shall be stored during registration and re-registration as defined by teachable and edudip. The data shall be stored for the purpose of our legitimate interests as well as for the user’s protection against misuse and any other unauthorised use. In principle, this data shall not be transferred to third parties unless it is necessary in pursuance of our claims or there is a legal obligation in accordance with Art. 6 (1) lit. c of the GDPR.
We shall process usage data (such as web pages of our Online Service that have been visited and interest in our products) and content data (such as information provided in the contact form or the user profile) for advertising purposes in a user profile, for example, to display product information based on the services previously used by the user.
Contacting us
Each time the user contacts us, we shall process the information provided by the user for the purpose of processing the request in accordance with Art. 6 (1) lit. b of the GDPR.
The information provided by the user may be stored in our email system.
Access data and log files
We shall collect data every time the server on which this service resides is accessed (in server log files) for the purpose of our legitimate interests as set in Art. 6 (1) lit. f of the GDPR. Access data shall include the name of the visited web page, the filename, the date and time of the visit, the transmitted volume of data, notification of successful retrieval, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), the IP address and the requesting provider.
Log files shall be stored for security purposes (such as the clarification of misuse or fraud) for a period of no more than seven days and then deleted. Data that must be stored further for evidential purposes shall be excluded from deletion until the respective incident has been finally clarified.
Information about cookies
A cookie is a small piece of data that is transmitted from our web server or a third-party web server to the user’s browser and stored there for later retrieval. A cookie may be a small file or any other form of data storage that is downloaded to a computer or mobile device. The Online Service recognises a subsequent visit and the related visited pages in order to facilitate use of the pages and to personalise them.
We use the following cookies:
Session cookies, which are only stored for the duration of your current visit to our Online Service (for example, to enable storage of your login status or the booking feature, and consequently the use of our Online Service). Session cookies store a session ID—a randomly generated unique identification number. In addition, a cookie contains information about its origin and an expiry date. Such cookies cannot store any other data. Session cookies are deleted when you stop using our Online Service and log out or close your browser.
Persistent cookies, which are stored on devices even after the browser has been closed. Each subsequent visit to a web page re-enables them, making it possible to identify recurring visits.
Third-party Provider cookies, such as those stored by companies to analyse web pages in order to provide information about the number of visits to the Online Service and their duration.
Flash cookies, which are stored by web pages serving media content (such as video clips and movies). Adobe Flash software enables the faster download of services and the storage of information, for example, that the content was accessed from your device.
Social media cookies enable the sharing of our Online Service through social media channels such as LinkedIn. Detailed information is available in their respective guidelines.
Cookies and their settings
Cookies enable the efficient and personalised use of all features of our Online Service. Without cookies, some functionalities and services would not be available.
Most browsers provide various options for the protection of your privacy. Disabling cookies makes the storage of new cookies no longer possible: it does not prevent previously stored cookies on the device from working until they have all been deleted through the browser settings. The browser’s help feature or the device’s user manual specifically describe how to manage the cookie settings. In addition, a company-specific policy may regulate such settings.
Newsletter
The following information shall explain the content and the subscription, mailing and statistical evaluation procedures of our newsletter, as well as your right to opt out. By subscribing to our newsletter, you shall consent to receiving it and to the described procedures.
Content of the newsletter: We shall only send newsletters, emails and other electronic notifications containing advertising information (hereinafter ‘Newsletter’) with the consent of the recipient or if it is legally permissible. Insofar as the content of a Newsletter is specifically described in the subscription process, it shall be relevant for the user’s consent. In addition, Newsletters shall include information about our products, services, promotions and company.
Double opt-in and logging: A double opt-in process is used for subscription to our Newsletter, that is, when you subscribe, we shall send you an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one subscribes with someone else’s email address. Subscription to a Newsletter is logged, to serve as evidence of the subscription process in accordance with legal requirements. This shall include records of the subscription and confirmation times, as well as of the IP address. Changes to your data stored at the mailing service provider shall also be logged.
Our Newsletters are sent within the teachable system, teachable Inc., 470 Park Avenue South, 6th Floor, New York New York 10016, USA
The Service Provider’s privacy policy is available at https://teachable.com/privacy-policy
Cancellation/withdrawal: You may cancel the Newsletter via teachable, that is, withdraw your consent, at any time. Your consent for the delivery of the Newsletter by the Mailing Service Provider shall be withdrawn at the same time. It is not possible to withdraw separately from delivery by the Mailing Service Provider or from statistical evaluation. A link to cancel the Newsletter may be found at the end of each Newsletter.
Consent to being contacted by telephone
ARC-Traicoa normally will not use phone contact. All communication will be managed via email or via linkedin, teachable and edudip software. If a company wish video chat, it is also possible to send invites via the company system. Then the policies from the company apply.
Third-party services and content
We use the content and services of Third-party Providers, such as videos and fonts (hereinafter jointly ‘Content’), in our Online Service for the purpose of our legitimate interests (that is, interest in the analysis, optimisation and economic operation of our Online Service as set in Art. 6 [1] lit. f of the GDPR). This always implies that Third-party Providers of such content identify the user IP address, since they could otherwise not send the content to their browser. The IP address is required to serve this content. We make every effort to use only such content whose respective provider uses the IP address solely to deliver the content. Moreover, Third-party Providers may also use pixel tags (invisible graphics, also called ‘web beacons’) for statistical or marketing purposes. Information such as visitor traffic on the pages of this Website may be evaluated through the ‘pixel tags’. Moreover, the pseudonymous data may be stored in cookies on the user’s device, may include technical information about the browser and operating system, referring web pages, the time of the visit and other information related to the use of our Online Service, and may also be linked to such data from other sources.
The following list provides an overview of Third-party Providers and their content, together with links to their privacy policies, which contain further information on their processing of data and, as already mentioned in some cases, opt-out options:
Our Online Service uses features of the LinkedIn network, provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you visit our page that contains LinkedIn features, a connection to LinkedIn’s servers is established. LinkedIn will be informed that you have visited our web pages with your IP address. If you click on LinkedIn’s ‘recommend’ button and are logged in to your LinkedIn account, it is possible for LinkedIn to allocate your visit on our web page to you and your user account. We would like to indicate that we, the provider of the pages, are not informed about the content that is transferred and its use by LinkedIn. Privacy policy: https://www.linkedin.com/legal/privacy-policy; opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We use edudip, live webinar software provided by edudip GmbH, Jülicher Strasse 306, 52070 Aachen, Germany for providing live webinars and meetings.
The data privacy policy of edudip can be found here: https://www.edudip.com/de/datenschutz
Our Online Service (Website) is hosted by JIMDO GmbH, N4 13–14, 68161 Mannheim, Germany, an Internet service provider. For hosting purposes, log files and cookies are created and processed, and tracking data is stored.
Our online products (online training content, payments, distribution of newsletter) are implemented by teachable, teachable Inc., 470 Park Avenue South, 6th Floor, New York New York 10016, USA. The services include in particular payments, user management, webinar content and technical support. Privacy policy: https://teachable.com/privacy-policy
User rights
Users have the right, upon request and free of charge, to be informed about their personal data that we store.
In addition, users have the right to rectify incorrect data, to restrict its processing and to delete their personal data if applicable, to assert their rights to data portability and, in the event of the presumption of unlawful data processing, to file a complaint with the competent supervisory authority.
In principle, users may also revoke consent with future effect.
Deletion of data
The data we store shall be deleted as soon as it is no longer required for its intended purpose, provided that there are no legal obligations to retain it. Insofar as user data is not deleted because it is required for other and legally permissible purposes, its processing shall be restricted, that is, the data shall be blocked and not processed for any other purpose. For example, this shall apply to user data that must be retained for commercial or fiscal reasons.
Subject to legal guidelines, retention shall be for a period of six years in accordance with Section 257, Subsection 1 of the German Commercial Code (HGB – books of account, inventories, opening balance sheets, financial statements, commercial letters, posting documents, etc.) and for a period of 10 years in accordance with Section 147 Subsection 1 of the German Fiscal Code (AO – books, accounting records, financial reports, posting documents, commercial and business letters, tax-related documents, etc.).
The data shall be deleted entirely after no more than 30 years, the standard customer development cycle. Should a customer relationship exist or have existed, the personal customer data shall be pseudonymised and stored solely for the purpose of illustrating the customer company’s development history.
Right to revoke consent
You may revoke your declared consent at any time with future effect. You may revoke your consent by email to arc-traicoa@arc-traicoa or by post in German to:
ARC-Traicoa UG (haftsungsbeschränkt)
Römerstr. 9
88662 Überlingen
Germany
Right to access
You may request access to your data stored by ARC-Traicoa, and that it be rectified, deleted or blocked, at any time in German in the manners set above.
Changes to the Privacy Policy
We reserve the right to change the Privacy Policy in order to adapt it to changes in the legal situation, service and data processing. However, this shall only apply to explanatory notes on data processing. Insofar as user consent is required or elements of the Privacy Policy contain provisions for the contractual relationship with the user, the changes shall only apply with the user’s consent.
Users are asked to keep regularly informed about the content of the Privacy Policy.
Contact
For further information, suggestions and requests concerning the collection, processing and use of your data, please contact us at arc-traicoa@arc-traicoa.com.