Privacy Policy

This privacy policy describes the processing of your personal data during or in connection with the use of the website („Website“).

Controller in the meaning of the General Data Protection Regulation (GDPR) is

DISCO Pharmaceuticals GmbH
Gottfried-Hagen-Straße 60-62, 51105 Köln

1. Purposes of processing and legal bases

1.1. Usage data

When using the Website, certain technical information (e.g. IP addresses, website/source from which you reached the Website, time and date, content displayed, amount of data transferred, language, browser software version used, operating system) is temporarily stored. If you use a mobile device to visit our Website, information such as the unique device identifier and configuration information such as screen resolution is processed as well.

We process this usage data to be able to display our Website to you, to enable its proper functioning and use and, if necessary, in the event of damage or violations of legal provisions, our terms of use and the rights of third parties, to investigate and enforce the violations and affected rights. The legal basis for this is our legitimate interest (Art. 6 para. 1 p. 1 lit. f) GDPR), which lies in displaying our Website, ensuring its proper functioning and detecting and pursuing violations.

1.2. Contacting us

When you contact us, we process the personal data you provide in order to respond to your inquiry. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. b) GDPR.

1.3. Cookies and similar technologies

Our Website uses cookies. Cookies are small encrypted text files that are stored in users’ browser directories. Cookies collect information and technical details about users’ navigation (e.g. IP address, pages visited, menu selections).

We use cookies that are technically necessary to offer our Website or certain content. The legal basis for the use of necessary cookies is § 25 para. 2 no. 2 TTDSG.

If you delete cookies, some functions of our Website may not be available to you or may be limited. Unless otherwise stated in this privacy policy, cookies will be stored for as long as necessary to fulfill the respective processing purposes.

1.4. IONOS Web Analytics

We use Web Analytics, an analysis tool from the German provider IONOS SE. Web Analytics does not use cookies but collects personal data such as the IP address and by this, the location via log files or pixels. The IP address is anonymized by IONOS immediately after collection. In addition, the previously visited website, the requested website or file, the browser type and version, the operating system and device type used, and the time of access are processed. The data will not be transferred to third parties and will be deleted after 8 weeks. The data is processed based on our legitimate interest (Art. 6 para. 1 sentence 1 lit. f) GDPR) in analyzing and optimizing the use and function of our Website.

1.5. Other purposes for which we process your personal data

We also process your personal data:

  • for the fulfillment of contracts and in the context of existing or new business relationships. We keep the necessary personal data (e.g. names and contact details) at least for the duration of our business relationship. Some data may be obtained from public sources and websites. The legal basis for this is Art. 6 para. 1 p. 1 lit. b) GDPR.
  • possibly for the conclusion of corporate transactions (e.g. restructuring, asset deals, mergers) or for the protection of our rights or property, enforcement of our terms of use and legal notices as well as the substantiation, exercise and defense of legal claims. The legal basis for this is Art. 6 para. 1 p. 1 lit. f) GDPR, i.e., our legitimate interest in the aforementioned operations.
  • to fulfill our legal obligations, court orders or other binding decisions. The legal basis is Art. 6 para. 1 p. 1 lit. c) GDPR.
  • with your consent (Art. 6 para. 1 p. 1 lit. a) GDPR) for other purposes, such as the subscription to a newsletter.

2. Recipients of personal data

We may use companies that process personal data on our behalf, for example for hosting, technical support of our Website, sending newsletters or for analysis and advertising purposes. These service providers process the data only on our behalf and on our instructions as processors (Art. 28 GDPR). For example, we use IONOS SE as a hosting service provider for our Website.

In addition, we may transmit personal data to third parties if this is required by law, if this is necessary for the assertion and defense of legal claims or if third parties provide certain services for us (e.g. lawyers, tax consultants).

3. Retention of personal data

Unless a specific data storage period is specified in this privacy policy, we will only process your personal data for as long as is necessary for the respective purposes or as long as there are statutory retention obligations. After the end of the respective processing purpose and the end of the retention obligations, your data will be routinely deleted, unless there is a need for further storage due to special reasons (for example, the assertion, exercise or defense of legal claims).

4. Your rights

You have the right to

  • request information about your personal data processed by us;
  • request deletion, rectification or restriction of the processing of your personal data;
  • receive personal data provided by you, which we process on the basis of your consent or for the fulfillment of a contract by automated means, in a structured, commonly used, machine-readable format and to transmit those data to another controller or, insofar as this is technically feasible, to have it transmitted directly by us to another controller;
  • revoke your consent to the processing of personal data at any time without this affecting the lawfulness of the processing until revocation;
  • object to the processing of your personal data processed on the basis of our legitimate interests at any time on grounds relating to your particular situation or, in the case of processing for direct marketing purposes, without providing any reasons;
  • lodge a complaint with a competent supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.

To exercise these rights, please contact the controller at the contact details provided above.