Data Protection Policy

I. Data protection
policy and information obligations

We are pleased about your visit to our website and your interest in CuroGens, our products and our services. Transparency about data protection and data security of our website visitors, customers and contractual partners is an important concern for us. in all of our
business processes, we take the protection of your personal data very seriously.

This data protection policy informs you in accordance with Art. 12 et seq. GDPR on how your personal data is handled when you use our website. In particular, it explains what data we collect and what we use it for. It also tells you how and why this is done.
, always taking into account the applicable data protection provisions, in particular the EU General Data Protection Regulation (GDPR), the Swiss Federal Data Protection Act and other applicable national laws.

This data protection policy applies to all CuroGens companies mentioned below.

II. Responsible body

The responsible body is the CuroGens group company, which decides on the purposes and means of processing personal data in accordance with applicable law. This also includes the (mobile) applications to which this data protection policy refers. The responsible bodies are, therefore, the following:

CuroGens Inc. – US Headquarters

Address
14300 Clay Terrace Blvd.
Carmel, IN 46032
USA

CuroGens Germany GmbH

Address
Glockenstraße 10
54290 Trier
Germany

CuroGens Denmark

Address
Vestervang 2, 2.
8000 Aarhus C
Denmark

CuroGens Ghana Limited

Address
Asafoatse Afua Street, 22B.
West Airport
Accra
Ghana

Curogens Iberia SLU

Address
Carrer de Muntaner 239 penthouse
Barcelona, 08021
Spain

III. Data Protection Officer

Several data protection officers have been appointed for our group of companies.
For all other CuroGens companies:

mehrinformation@curogens.com

IV. Purpose and legal basis of the processing of personal data data

Some services on our website may require us to process personal data about you in order to provide our services. Of course, this is only done within the legal framework, insofar as this is necessary and you have given your consent in case of legal necessity. We care a lot about adhere to the principles of data reduction and data economics. a. Calling and visiting our website: server log files For the purposes of the technical provision of the website, it is necessary for us to process certain data automatically transmitted by your browser so that our website can be displayed on your browser, and you can use it. When you access our website, our web server automatically collects data in a server log file. They are the following: the type and version of the browser and the operating system used the website from which you access the domain name of the Internet service provider the IP address of your computer the pages you visit on our website, as well as the date and duration of your visit. The storage of the aforementioned access data is necessary for technical reasons to provide a functioning website and to ensure system security. This also applies to the storage of your IP address, without which you cannot visit our website. In theory, it would be possible to establish a personal reference. Furthermore, we process this data from server log files solely for statistical purposes and to optimize our website and improve user-friendliness. The legal basis for data processing is Art. 6 para. 1 phrase 1 lit. f GDPR. b. Contact Form If you contact us as a customer or as an employee of a customer through our online contact form, we will collect personal data to the extent that you provide it. The following required fields are default: First name Surname Company Name Job title Email We will only use your email address to process your request. Your data will then be deleted unless you have consented to its further processing and use. The legal basis for data processing is Art. 6 para. 1 phrase 1 lit. b GDPR in the case of an existing contractual relationship or art. 6 para. 1 phrase 1 lit. f GDPR in the case of other contact requests. C. Newsletter If you would like to receive our newsletter with information on current developments, studies and reports, and events and webinars, you can sign up for the newsletter. Therefore, we request as mandatory fields: Email address We only use your email address to register you for our newsletter, to send you the confirmation link and to subsequently send you the newsletter. If you no longer wish to receive our newsletter, you can withdraw your consent at any time. The legal basis for data processing is Art. 6 para. 1 phrase 1 lit. a GDPR. d. Download reports If you would like to receive up-to-date reports on technological, strategic or changing customer expectations, you can sign up for reports. The following required fields are predefined: Greeting First name Surname Company Name Country Email We only use your email address to register our reports, to send you the confirmation link and to subsequently send you the reports. If you no longer wish to receive reports, you may withdraw your consent at any time. The legal basis for data processing is Art. 6 para. 1 phrase 1 lit. a GDPR. and. download white papers If you want to receive the latest technical reports, you can sign up to receive them. The following required fields are predefined: First name Surname Company Name Country Email We will only use your email address to register you for white papers, to send you the confirmation link, and later to send you the white papers. If you no longer wish to receive technical documents, you can withdraw your consent at any time. The legal basis for data processing is Art. 6 para. 1 phrase 1 lit. a GDPR. F. Downloading publications about events If you missed one of our events but would like to receive postings afterwards, you can sign up to receive them. The following required fields are predefined: First name Surname Email We will only use your email address to sign you up for event postings, to send you the confirmation link, and to send postings to you later. if you do not you no longer wish to receive publications, you can withdraw your consent at any time. The legal basis for data processing is Art. 6 para. 1 phrase 1 lit. a GDPR. g. Account/orders for the CuroGens online store If you want to place an order in our online shop, you will need a customer account. The following mandatory fields have been predefined for registration: First name Surname Email Key code More information is required for orders: Address Country Phone number The legal basis for data processing is Art. 6 para. 1 phrase 1 lit. b GDPR. H. Applications If you are interested in us as an employer and wish to apply for a job with us, we collect various personal data that we need to review your application. The following required fields are predefined: Greeting First name Surname Key code user language Email Phone number Salary expectations possible start date how did you hear about us data release Approval We require the following documents: Presentation letter CV Other documents The legal basis for data processing is Art. 6 paraca 1 phrase 1 lit. b GDPR in conjunction with art. 26 para. 1 federal data Protection Act (BDSG, Germany). I. cookies

V. Recipients of the data

Access to your data is given within our group
to those offices that require them to comply with our contractual and legal obligations.
obligations Service providers and indirect agents used by us (for example, technicians
service providers, shipping companies, waste disposal companies) can also
receive data for these purposes. Depending on the circumstances, we order
these service providers within the framework of order processing. are then
subject to our instructions and may only process the data for strictly defined purposes
purposes In some cases, we also jointly define the purposes and means of the data.
treatment within the framework of co-responsibility.

In individual cases, we also pass on personal information
data to our legal and tax advisors, forcing these recipients to
keep special confidentiality and secrecy due to their professional status.

SAW. Transfer of data to third countries

As CuroGens, we treat your data
mainly in Switzerland or in an EU Member State. Personal data is
transferred between affiliated companies in Switzerland, the European Union,
the UK and Singapore. Only relevant departments and/or people
in our company they have access to the data to process your queries and requests.
For the aforementioned cookie-based tools/plug-ins and those mentioned
purposes, we also transfer the aforementioned data to third countries in the
on the basis of legal bases and measures to ensure an adequate level of
data protection mentioned there.

Potential risks may include non-enforceable data
rights of the subjects and a lower level of data protection. We minimize risk to the extent
as possible by entering into order processing contracts (if such contract
a relationship exists) and standard contractual clauses including
supplements required by the control authorities.

VII. Duration of data storage

We initially process and store your personal information
data for the duration for which the respective purpose of use requires
corresponding storage. Depending on the circumstances, this also includes the
deadlines for the initiation of a contract and the subsequent execution of the
contract. If a contractual relationship ends, the purposes of data processing will not
statutory retention periods no longer apply or expire, we will delete your data.
There is a great variety of terms for the conservation of data and documents,
resulting from the Commercial, Fiscal or Civil Code, for
example. Elimination periods range from a few days to 10 years, depending on
the circumstances.

VII. data security

To ensure proper security of your
data on our website and systems, we take the necessary technical and
organizational measures to protect your data from loss, destruction,
unauthorized access and manipulation. The measures we apply are continuous
developed in accordance with technological progress.

We use TLS encryption for our web forms. East
protects your entries in our web forms during transmission to our servers. You
You can recognize an encrypted connection by the fact that the address line of your
the browser changes from “http://” to “https://” and by the padlock
symbol in the line of your browser. However, we would like to point out that this
it does not represent complete protection against attackers.

IX. Your rights as an interested party

Under the GDPR, you have the right to
following legal rights of data subjects, provided that the prerequisites are met
met:

Right to information about your data stored by
us according to art. 15 GDPR,

Right to rectify inaccurate data in
in accordance with art. 16 GDPR,

Right to deletion of data stored by us
in accordance with art. 17 GDPR,

Right to limitation of data processing
stored by us in accordance with art. 18 GDPR,

Right to data portability in accordance with
Art. 20 GDPR,

Right of revocation at any time provided for in art. 7 (3)
GDPR any consent you have given us; this will result in us not being allowed
continue data processing based on this consent in the future.

Right to file a claim with a competent body
supervisory authority pursuant to art. 77 of the RGPD if you consider that
the processing of your personal data violates the provisions of the RGPD: you can
exercise their right to claim before the competent authority in any country or
state where our offices are located or in the country or state where you are located
lying.

Right of opposition

To the extent that the processing of your data is
made to protect legitimate interests, you have the right to object to
this processing at any time using the contact details provided if your
particular situation gives rise to reasons that prevent such data processing.
Then we will no longer process your data unless it is predominantly based on
our own legitimate interest or other legal basis. if you would like
exercise your right of opposition, send an email to the above email addresses of
our data protection officers.

X. Obligation to provide data

In principle, you are not required to provide
us with your personal data. However, if you do not do this, we will not be able to
to provide you with unrestricted access to our website or to respond to your
inquiries to us. Personal data that we absolutely do not need for the
the aforementioned processing purposes are marked accordingly as voluntary
information.

XI. Automated decision making/profiling

We do not use automated decision making or
profiling (an automated analysis of your personal circumstances).

XII. Updating and changing this privacy policy

Our data protection policy is regularly
reviewed and updated periodically to comply with the legal regulations on data protection
and applicable privacy laws.

Contact Us

We are here to help you. Fill out the form to receive information about products, updates, plans and questions.

One of our specialists will contact you shortly.

In accordance with the RGPD and the LOPDGDD, CUROGENS. will treat the data provided, in order to answer the questions and/or complaints raised through this form and provide the requested information. Provided that you previously authorize it, we will send information related to the services offered by CUROGENS. and the rest of the CUROGENS GROUP. You may exercise, if you wish, the rights of access, rectification, deletion, and others recognized in the aforementioned regulations. To obtain more information about how we are treating your data, access our privacy policy.

Still in doubt?

We are here to help you. Fill out the form to receive information about products, updates, plans and questions.

One of our specialists will contact you shortly.

In accordance with the RGPD and the LOPDGDD, CUROGENS. will treat the data provided, in order to answer the questions and/or complaints raised through this form and provide the requested information. Provided that you previously authorize it, we will send information related to the services offered by CUROGENS. and the rest of the CUROGENS GROUP. You may exercise, if you wish, the rights of access, rectification, deletion, and others recognized in the aforementioned regulations. To obtain more information about how we are treating your data, access our privacy policy.