Data Protection Policy

I. Data protection
policy and information obligations

We are pleased about your visit to our website and your interest in CuroGens, our products and our services. Transparency about data protection and data security of our website visitors, customers and contractual partners is an important concern for us. in all of our
business processes, we take the protection of your personal data very seriously.

This data protection policy informs you in accordance with Art. 12 et seq. GDPR on how your personal data is handled when you use our website. In particular, it explains what data we collect and what we use it for. It also tells you how and why this is done.
, always taking into account the applicable data protection provisions, in particular the EU General Data Protection Regulation (GDPR), the Swiss Federal Data Protection Act and other applicable national laws.

This data protection policy applies to all CuroGens companies mentioned below.

II. Responsible body

The responsible body is the CuroGens group company, which decides on the purposes and means of processing personal data in accordance with applicable law. This also includes the (mobile) applications to which this data protection policy refers. The responsible bodies are, therefore, the following:

CuroGens Inc. – US Headquarters

Address
14300 Clay Terrace Blvd.
Carmel, IN 46032
USA

CuroGens Germany GmbH

Address
Glockenstraße 10
54290 Trier
Germany

CuroGens Denmark

Address
Vestervang 2, 2.
8000 Aarhus C
Denmark

CuroGens Ghana Limited

Address
Asafoatse Afua Street, 22B.
West Airport
Accra
Ghana

Curogens Iberia SLU

Address
Carrer de Muntaner 239 penthouse
Barcelona, 08021
Spain

III. Data Protection Officer

Several data protection officers have been appointed for our group of companies.
For all other CuroGens companies:

mehrinformation@curogens.com

IV. Purpose and legal basis of the processing of personal data data

Some services on our website may require us to process personal data about you in order to provide our services. Of course, this is only done within the legal framework, insofar as this is necessary and you have given your consent in case of legal necessity. We care a lot about
adhere to the principles of data reduction and data economics.

a. Calling and visiting our website: server log files

For the purposes of the technical provision of
the website, it is necessary for us to process certain data automatically
transmitted by your browser so that our website can be displayed on your
browser, and you can use it. When you access our website, our web server
automatically collects data in a server log file. They are the following:

the type and version of the browser and the operating system used the website from which you access the domain name of the Internet service provider the IP address of your computer the pages you visit on our website, as well as the date and duration of your visit.

The storage of the aforementioned access data is necessary for technical reasons to provide a functioning website and to ensure system security. This also applies to the storage of your IP address, without which you cannot visit our website. In theory, it would be possible to establish a personal reference.

Furthermore, we process this data from server log files solely for statistical purposes and to optimize our website and improve user-friendliness.

The legal basis for data processing is Art. 6 para. 1 phrase 1 lit. f GDPR.

b. Contact Form

If you contact us as a customer or as an employee of a customer through our online contact form, we will collect personal data to the extent that you provide it. The following required fields are
default:

First name
Surname
Company Name
Job title
Email

We will only use your email address to process your request. Your data will then be deleted unless you have consented to its further processing and use.

The legal basis for data processing is Art. 6 para. 1 phrase 1 lit. b GDPR in the case of an existing contractual relationship or art. 6 para. 1 phrase 1 lit. f GDPR in the case of other contact requests.

 

C. Newsletter

If you would like to receive our newsletter with information on current developments, studies and reports, and events and webinars, you can sign up for the newsletter. Therefore, we request as mandatory fields:

Email address

We only use your email address to register you for our newsletter, to send you the confirmation link and to subsequently send you the newsletter. If you no longer wish to receive our newsletter, you can withdraw your consent at any time.

The legal basis for data processing is
Art. 6 para. 1 phrase 1 lit. a GDPR.

d. Download reports

If you would like to receive up-to-date reports on technological, strategic or changing customer expectations, you can sign up for reports. The following required fields are predefined:

Greeting
First name
Surname
Company Name
Country
Email

We only use your email address to register our reports, to send you the confirmation link and to subsequently send you the reports. If you no longer wish to receive reports, you may withdraw your consent at any time.

The legal basis for data processing is
Art. 6 para. 1 phrase 1 lit. a GDPR.

and. download white papers

If you want to receive the latest technical reports, you can sign up to receive them. The following required fields are predefined:

First name
Surname
Company Name
Country
Email

We will only use your email address to register you for white papers, to send you the confirmation link, and later to send you the white papers. If you no longer wish to receive technical documents, you can withdraw your consent at any time.

The legal basis for data processing is
Art. 6 para. 1 phrase 1 lit. a GDPR.

 

F. Downloading publications about events

If you missed one of our events but would like to receive postings afterwards, you can sign up to receive them. The following required fields are predefined:

First name
Surname
Email

We will only use your email address to sign you up for event postings, to send you the confirmation link, and to send postings to you later. if you do not
you no longer wish to receive publications, you can withdraw your consent at any time.

The legal basis for data processing is
Art. 6 para. 1 phrase 1 lit. a GDPR.

g. Account/orders for the CuroGens online store

If you want to place an order in our online shop, you will need a customer account. The following mandatory fields have been predefined for registration:

First name
Surname
Email
Key code
More information is required for orders:
Address
Country
Phone number

The legal basis for data processing is
Art. 6 para. 1 phrase 1 lit. b GDPR.

H. Applications

If you are interested in us as an employer and wish to apply for a job with us, we collect various personal data that we need to review your application. The following required fields are predefined:

Greeting
First name
Surname
Key code
user language
Email
Phone number
Salary expectations
possible start date
how did you hear about us
data release
Approval

We require the following documents:

Presentation letter
CV
Other documents

The legal basis for data processing is Art. 6
paraca 1 phrase 1 lit. b GDPR in conjunction with art. 26 para. 1 federal data
Protection Act (BDSG, Germany).

 

I. cookies

 

We use so-called cookies on our website.
Cookies are small text files that your web browser stores on your
computer or mobile device. Cookies do not cause any damage to your computer, they do not
they do not contain viruses and are automatically deleted once they expire. Some
cookies expire when your internet session ends; others are stored for a
maximum of 100 days.

Some of the cookies we use on our website come
from third parties that help us analyze the impact of our website content and
the interests of our visitors, measure the performance of our website or serve to
place advertisements and other content on our website or other websites. Within
framework of our website, we use our own cookies (only visible in the
domain you are visiting) and third-party cookies (visible on all domains and
regularly placed by third parties).

Of course you can also view our website
no cookies You can use your browser settings to prevent cookies
being stored on your computer. Existing cookies can also be deleted through the
browser settings. In this case, however, the functionality of our website may
be limited

The legal basis for data processing is Art. 6
paraca 1 phrase 1 lit. a GDPR for third-party cookies, which we set primarily to
marketing purposes and therefore we process personal data that is not necessary for
normal operation of the website. Another legal basis is art. 6 para. 1 phrase 1 lit.
f GDPR for cookies we place to protect our legitimate interests (technical
provisioning, optimization, ease of use, security).

We use the following cookies
tools/plugins on our website:

J. google analytics

This website uses Google Analytics and Google
Remarketing based on your consent given to us. These are services provided by
Google, Inc. (“Google”). Google uses “cookies”, which are text files placed on
your computer to help the website analyze how users use the site. the
information generated by the cookie about your use of the website (including
your IP address) will be transmitted to and stored by Google in the United States
states In the event that IP anonymization is activated, Google will truncate/anonymize
the last octet of the IP address for the Member States of the European Union such as
as well as for other contracting parties to the Agreement on the European Economic Union
Area. Only in exceptional cases is the full IP address transferred to a Google
server in the US and truncated there. On behalf of the website provider,
Google will use this information to evaluate your use of the website, compile
reporting on website activity for website operators and providing other services
related to website activity and internet usage to the website provider. Google
will never associate your IP address with other Google data. You can reject the
use of cookies by selecting the appropriate settings in your browser. Please
Please note, however, that if you do this, you may not be able to use all of the features.
of this website. In addition, you can prevent the collection and use of data
(cookies and IP address) by Google when downloading and installing the browser
plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about the conditions of use and
data protection, visit https://tools.google.com/dlpage/gaoptout?hl=en or
https://support.google.com/analytics/answer/6004245?hl=en or
https://support.google.com/adwordspolicy/answer/143465?hl=es. Note that
on this website, the Google Analytics and Google Remarketing code is
supplemented with “gat._anonymizeIp()” to ensure anonymity
collection of IP addresses (so-called IP masquerading).

The legal basis for data processing is Art. 49
paraca (1) phrase 1 lit. a GDPR. Standard contractual clauses to guarantee a
an adequate level of data protection has also been concluded.

 

k. Google Tag Manager

This website uses Google Tag Manager. East
The service allows us to manage website tags through an interface. Google Tool Manager
it only implements tags. This means that no cookies or personal data are used.
are collected regularly in the process. However, this may trigger other tags,
which in turn can collect data. However, Google Tag Manager does not access
these dates. If any deactivation has been made at the domain or cookie level, this
will remain in place for all tracking tags if implemented with Google
Tag Manager.

The legal basis for data processing is Art. 49
paraca (1) phrase 1 lit. a GDPR. Standard contractual clauses to guarantee a
an adequate level of data protection has also been concluded.

 

L. DoubleClick/Google Ads

This website uses DoubleClick or Google
Google ads tool. DoubleClick and Google Ads use cookies to serve ads
that are relevant to users, to improve campaign performance reporting, and to
prevent a user from seeing the same ads multiple times. Google uses a cookie ID
to record which ads are shown in which browser. In addition, DoubleClick uses
Cookie IDs to track interactions related to ad queries. you can prevent this
tracking in the following ways:

through an appropriate configuration of your browser, in
particular by deleting third-party cookies

turning off interaction tracking
cookies by configuring your browser to block cookies from the domain
“www.googleadservices.com”. (https://www.google.de/settings/ads).
Please note that these settings will be deleted when you delete your cookies.

turning off the interest-based feature
Provider ads via the link http://www.aboutads.info/choices.
These settings are also deleted when you permanently delete your cookies.
by disabling it in your Firefox, Internet Explorer or Google Chrome browsers
at the link http://www.google.com/settings/ads/plugin. you can find more
information about DoubleClick from Google at www.google.de/doubleclick or
support.google.com/adsense/answer/2839090. You can learn more about data protection
on Google in general at: www.google.de/intl/de/policies/privacy.

The legal basis for data processing is Art. 49
paraca 1 phrase 1 lit. a GDPR. Standard contractual clauses to guarantee a
an adequate level of data protection has also been concluded.

 

m. Click Dimensions

ClickDimensions is an online and offline site
marketing and sales tool to collect and store data and generate leads.
We use ClickDimensions forms on each of our product websites (in all countries
and in all languages), especially as the first point of contact and for
Download technical documents. Leads can be generated from this data and used by our
sales team. HubSpot can also record customer journeys with the help of cookies.
and IP addresses.

The collected data is stored by ClickDimensions
on servers in the USA. The data transfer is carried out in accordance with the
conditions of standard contractual clauses. ClickDimensions is committed to
handle all personal data received from the Member States of the European Union (EU) and
Switzerland in accordance with the applicable principles of the Standard
Contract Clauses.

The legal basis for data processing is Art. 49
paraca 1 phrase 1 lit. a GDPR.

 

n. Microsoft Bing Ads

This website uses Microsoft Bing Ads in the
based on the consent you have given us. We use Microsoft Bing Ads to
remarketing and completion tracking purposes. The service originates
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 – 6399, USA,
hereinafter referred to solely as “Microsoft”, using the so-called
Universal Event Tracking (UEN).

When you click on an advertisement published by us on
the Internet browser “Bing”, a tracking cookie
Microsoft stores the functionality on the end device over the Internet
browser. This tracking cookie loses its validity after 180 days and is not used.
for personal identification. If the cookie is still valid and a specific page
of our website is accessed at the same time, both Microsoft and we may
recognize that the website visitor has clicked on an advertisement published by us on
Bing and you have been redirected from there to our website.

Data collected with Microsoft tracking
Cookies are used to collect visit statistics, such as the number of accesses to
the advertisements we have placed on Bing, as well as on the Internet pages of our
website that was subsequently accessed. not personally possible
identify the website visitor on the basis of this data. Microsoft may be able
to track user behavior across multiple devices of a user through so-called
cross-device tracking, which allows Microsoft to display personalized advertising
across devices. The setting of cookies can be prevented through the browser settings or
by refusing consent.

If you have a Microsoft account, you can also
change the personalized advertising settings there under
http://choice.microsoft.com/de-de/opt-out.

In addition, Microsoft offers more
information about Bing Ads and about the collection and use of data, as well as about
your rights and options to protect your privacy under
https://help.bingads.microsoft.com/#apex/3/de/53056/2 as well as under
https://privacy.microsoft.com/de-de/privacystatement.

The legal basis for data processing is Art. 49
paraca 1 phrase 1 lit. a GDPR. Standard contractual clauses to guarantee a
an adequate level of data protection has also been concluded.

 

p. Youtube

This website uses YouTube on the basis of
consent you have given us. The service originates from YouTube, LLC, 901
Cherry Ave, San Bruno, CA 94066, USA

When you visit one of our pages that embeds
YouTube content, a connection to the YouTube servers is established. the
The YouTube server receives information about which of our pages you have visited.

If you are logged in to your YouTube account,
allows YouTube to associate your browsing behavior directly with your
personal profile. You can prevent this by logging out of your YouTube account.

More information on how your data is processed
In this sense, it can be found in YouTube’s privacy policy at:
https://www.google.de/intl/de/policies/privacy.

The legal basis for data processing is Art. 6
paraca 1 phrase 1 lit. a GDPR.

 

V. Recipients of the data

Access to your data is given within our group
to those offices that require them to comply with our contractual and legal obligations.
obligations Service providers and indirect agents used by us (for example, technicians
service providers, shipping companies, waste disposal companies) can also
receive data for these purposes. Depending on the circumstances, we order
these service providers within the framework of order processing. are then
subject to our instructions and may only process the data for strictly defined purposes
purposes In some cases, we also jointly define the purposes and means of the data.
treatment within the framework of co-responsibility.

In individual cases, we also pass on personal information
data to our legal and tax advisors, forcing these recipients to
keep special confidentiality and secrecy due to their professional status.

SAW. Transfer of data to third countries

As CuroGens, we treat your data
mainly in Switzerland or in an EU Member State. Personal data is
transferred between affiliated companies in Switzerland, the European Union,
the UK and Singapore. Only relevant departments and/or people
in our company they have access to the data to process your queries and requests.
For the aforementioned cookie-based tools/plug-ins and those mentioned
purposes, we also transfer the aforementioned data to third countries in the
on the basis of legal bases and measures to ensure an adequate level of
data protection mentioned there.

Potential risks may include non-enforceable data
rights of the subjects and a lower level of data protection. We minimize risk to the extent
as possible by entering into order processing contracts (if such contract
a relationship exists) and standard contractual clauses including
supplements required by the control authorities.

VII. Duration of data storage

We initially process and store your personal information
data for the duration for which the respective purpose of use requires
corresponding storage. Depending on the circumstances, this also includes the
deadlines for the initiation of a contract and the subsequent execution of the
contract. If a contractual relationship ends, the purposes of data processing will not
statutory retention periods no longer apply or expire, we will delete your data.
There is a great variety of terms for the conservation of data and documents,
resulting from the Commercial, Fiscal or Civil Code, for
example. Elimination periods range from a few days to 10 years, depending on
the circumstances.

VII. data security

To ensure proper security of your
data on our website and systems, we take the necessary technical and
organizational measures to protect your data from loss, destruction,
unauthorized access and manipulation. The measures we apply are continuous
developed in accordance with technological progress.

We use TLS encryption for our web forms. East
protects your entries in our web forms during transmission to our servers. You
You can recognize an encrypted connection by the fact that the address line of your
the browser changes from “http://” to “https://” and by the padlock
symbol in the line of your browser. However, we would like to point out that this
it does not represent complete protection against attackers.

IX. Your rights as an interested party

Under the GDPR, you have the right to
following legal rights of data subjects, provided that the prerequisites are met
met:

Right to information about your data stored by
us according to art. 15 GDPR,

Right to rectify inaccurate data in
in accordance with art. 16 GDPR,

Right to deletion of data stored by us
in accordance with art. 17 GDPR,

Right to limitation of data processing
stored by us in accordance with art. 18 GDPR,

Right to data portability in accordance with
Art. 20 GDPR,

Right of revocation at any time provided for in art. 7 (3)
GDPR any consent you have given us; this will result in us not being allowed
continue data processing based on this consent in the future.

Right to file a claim with a competent body
supervisory authority pursuant to art. 77 of the RGPD if you consider that
the processing of your personal data violates the provisions of the RGPD: you can
exercise their right to claim before the competent authority in any country or
state where our offices are located or in the country or state where you are located
lying.

Right of opposition

To the extent that the processing of your data is
made to protect legitimate interests, you have the right to object to
this processing at any time using the contact details provided if your
particular situation gives rise to reasons that prevent such data processing.
Then we will no longer process your data unless it is predominantly based on
our own legitimate interest or other legal basis. if you would like
exercise your right of opposition, send an email to the above email addresses of
our data protection officers.

X. Obligation to provide data

In principle, you are not required to provide
us with your personal data. However, if you do not do this, we will not be able to
to provide you with unrestricted access to our website or to respond to your
inquiries to us. Personal data that we absolutely do not need for the
the aforementioned processing purposes are marked accordingly as voluntary
information.

XI. Automated decision making/profiling

We do not use automated decision making or
profiling (an automated analysis of your personal circumstances).

XII. Updating and changing this privacy policy

Our data protection policy is regularly
reviewed and updated periodically to comply with the legal regulations on data protection
and applicable privacy laws.

Contact Us

We are here to help you. Fill out the form to receive information about products, updates, plans and questions.

One of our specialists will contact you shortly.

In accordance with the RGPD and the LOPDGDD, CUROGENS. will treat the data provided, in order to answer the questions and/or complaints raised through this form and provide the requested information. Provided that you previously authorize it, we will send information related to the services offered by CUROGENS. and the rest of the CUROGENS GROUP. You may exercise, if you wish, the rights of access, rectification, deletion, and others recognized in the aforementioned regulations. To obtain more information about how we are treating your data, access our privacy policy.

Still in doubt?

We are here to help you. Fill out the form to receive information about products, updates, plans and questions.

One of our specialists will contact you shortly.

In accordance with the RGPD and the LOPDGDD, CUROGENS. will treat the data provided, in order to answer the questions and/or complaints raised through this form and provide the requested information. Provided that you previously authorize it, we will send information related to the services offered by CUROGENS. and the rest of the CUROGENS GROUP. You may exercise, if you wish, the rights of access, rectification, deletion, and others recognized in the aforementioned regulations. To obtain more information about how we are treating your data, access our privacy policy.