Data protection

1. Contact details

Responsible for the processing of personal data on this website is:

Formycon AG (hereinafter “We”)
Fraunhoferstraße 15
82152 Planegg-Martinsried
Germany
T: + 49 89 864667 100
info@formycon.com

You can reach our data protection officer at

Formycon AG
Data Protection Officer
Fraunhoferstraße 15
82152 Planegg-Martinsried
Germany
datenschutz@formycon.com

2. General processes

When our website is accessed, our system automatically collects data and information from the accessing device. This includes the browser type, the operating system, the IP address, the date and time of access, the pages accessed, the previously visited website (referrer) and similar technical information. This data is processed for the delivery of the website, for system security and stability and for security purposes – for example in the event of a cyber-attack. No personal evaluation takes place; the data is analyzed statistically in anonymized form. The legal basis for processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in achieving the above-mentioned purposes.

The data is deleted after seven days at the latest. Since the collection of this data is essential for the operation of the website, there is no possibility of objection.

3. Contact, reporting side effects and newsletter

3.1 Contact requests

On our website, you have the option of contacting us – for example via a contact form provided, by email or by telephone. We process the data transmitted in this way exclusively for the purpose of processing your inquiry. The legal basis is our legitimate interest in responding to inquiries in accordance with Art. 6 para. 1 lit. f GDPR. The data will be deleted as soon as it is no longer required for the purposes of communication, unless statutory retention obligations prevent deletion.

3.2 Notifying side effects of our medicinal products

We offer you the opportunity to report any side effects you experience with our medicinal products via our dedicated e-mail address medinfo@formycon.com.

We will process the information you provide in the report in pseudonymized form to review the notification, to ask you any questions so required and, if necessary, to forward it to the competent pharmaceutical authority.

We are legally obliged to document and report side effects. In individual cases, it may be necessary for us to ask you questions about your side effects. If required by law, we enter the report in pseudonymized form in the authorities’ (EudraVigilanz) database provided for this purpose and in our own pharmacovigilance system (system for monitoring and analyzing side effects). We use the service provider Midas (Midas Pharma GmbH, Rheinstraße 49, 55218 Ingelheim, Germany) for this purpose. On our behalf, the data is stored at Midas in order to fulfil the legal obligations in connection with the provision and risk monitoring of medicinal products and to analyze side effects and minimize the risks of their occurrence as far as possible.

Our legal basis for processing your data when reporting side effects and queries is Art. 6 para. 1 lit. c GDPR (fulfillment of a legal obligation) and Art. 9 para. 2 lit. i GDPR (reasons of public interest in the area of public health).

We share information about side effects with recipients who may be involved in the processing, analysis and consideration of such side effects, such as private experts, quality assurance service providers, legal advisors, authorities, liability insurers, etc.

3.3 Contact in the context of existing customer relationships

In the context of ongoing customer relationships, we regularly contact our customers or their contact persons, for example to coordinate content, clarify open questions and changes to the contractual terms and conditions or to provide relevant information. The processing of personal data takes place for the execution of the contractual relationship in accordance with Art. 6 para. 1 lit. b GDPR or, if necessary, on the basis of our legitimate interest in efficient communication in accordance with Art. 6 para. 1 lit. f GDPR.

3.4 Newsletter

If you register for the newsletter on our website, we will use your email address to send you regular information about our offers and services. When registering, in addition to your name, salutation and email address, you can also enter a title, your company, your language and your affiliation (journalist, private investor, etc.). This additional information is used to personalize the newsletter.

We use the service provider EQS Group GmbH (Karlstraße 47, 80333 Munich, Germany) for this purpose. The data is stored by EQS on our behalf in order to send out regular company information (newsletters) in accordance with the registration approval.

We can also use the information about your company and your affiliation to evaluate which companies and groups of people are interested in our services and information. The legal basis for this is our legitimate interest in the evaluation of our information measures in accordance with Art. 6 para. 1 lit. f GDPR. As soon as you withdraw your consent for the newsletter, we will also delete this data.

Registration takes place using the double opt-in procedure. The legal basis for sending the newsletter is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future, e.g. via the unsubscribe link in the newsletter or by sending an email to the data protection officer appointed by us. After unsubscribing, your data collected for the newsletter will be deleted, unless there is another legal basis for further processing.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data.

This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

3.5 Promotional communication

If you have given us your consent to do so, we will use your contact details to inform you about our products, services or events. The processing takes place based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future, e.g. by sending a message to the above-mentioned contact details or via the unsubscribe link in the advertising emails.

3.6 Applications

If you apply to us via our application form, we will process the personal data you provide to carry out the application process. This includes, in particular, your contact details, CV, references and all other information that you provide to us as part of your application. The information marked as mandatory is required to process your application and consider it in the selection process.

The legal basis for the processing of your application data is § 26 BDSG and – if necessary – Art. 6 para. 1 lit. f GDPR (legitimate interest, e.g. for legal defense under the AGG).

If you are not hired, your data will be deleted no later than six months after completion of the application process, unless you have expressly consented to longer storage. If you are hired, your data will be transferred to your personnel file.

If you apply to us via our application form, we will process the personal data you provide to carry out the application process. This includes in particular your contact details, CV, references and all other information that you provide to us as part of your application. The information marked as mandatory is required in order to process your application and consider it in the selection process.

If you provide us with special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data such as information on status as a severely disabled person) as part of your application, the processing is carried out on the basis of § 26 para. 3 BDSG in conjunction with Art. 9 para. 2 lit. b GDPR in order to exercise rights under labor law and social protection and social law and to fulfill corresponding obligations.

In certain cases, the processing of special categories of personal data may also be based on Art. 9 para. 2 lit. h GDPR, e.g. if your information is required to assess your ability to work or if it is required in the context of occupational health examinations, recruitment examinations or to carry out health-related measures.

The legal basis for the remaining data is § 26 para. 3 BDSG (initiation of an employment relationship) and – if necessary – Art. 6 para. 1 lit. f GDPR (legitimate interest, e.g. for legal defense in proceedings under the AGG).

On our website, you have the option of applying using your accounts created with third-party providers. In this case, your data stored with these providers will be transmitted to us and used for the application.

Further information on data processing by third-party providers can be found in the providers’ privacy policies:

• https://www.finest-jobs.com/Datenschutz
• https://de.linkedin.com/legal/privacy-policy
• https://privacy.xing.com/de/datenschutzerklaerung

3.7 Job Alert

On our website, you have the option of subscribing to an e-mail list to be informed about job vacancies published by us.

To register for the job alert, we save your e-mail address and your details of the specific jobs that are of interest to you. You will then receive an e-mail to confirm the job alert. By clicking on the corresponding link, your job alert will become active and you will be informed about new vacancies according to your details.

By confirming the job alert, you consent to the processing of your data for the above-mentioned purposes. You can revoke your consent at any time with effect for the future by using the links provided for this purpose in the e-mails sent to you. Our legal basis for the processing of your data is your consent pursuant to Art. 6 para. 1 lit. a GDPR. As soon as you withdraw your consent, your data processed for the above purposes will be deleted.

4. Functions of the website

4.1 Operation and security of our systems

When you use our digital services, we process certain technical data to ensure the security, stability and functionality of our systems. This includes, for example, troubleshooting, maintenance, IT security measures or the hosting of our applications. This processing is carried out on the basis of our legitimate interest and – where relevant – to fulfill legal obligations.

The resulting technical log data is generally only stored for a short time and deleted or anonymized after 7 days at the latest, unless security-related tracking is required.

4.2 Share price overview

We include current share information on our website via a so-called “iframe”. This is a technical element that displays content from another website directly within our site – similar to a window through which you can view external content without leaving the page.

The embedded window is operated by Deutsche Börse AG, 60485 Frankfurt am Main, Germany. When the page in question is accessed, a connection to Deutsche Börse servers is established in order to display the content (e.g. share price, price development, market data). For technical reasons, your IP address and certain browser-related information required for the display may be processed.

The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the provision of up-to-date financial information to better inform our users. The processing of your data is only temporary. Your data will not be stored beyond the required technical logs.

Further information on data processing by Deutsche Börse AG can be found in its privacy policy at: https://www.deutsche-boerse.com/dbg-de/meta/datenschutz

5. Implemented Web services

We use various web services on our website to optimize the website and to present the information provided to you as well as possible.

5.1 Matomo

On our website, we use the Matomo service from the provider InnoCraft Ltd (7 Waterloo Quay, PO 625, 6140 Wellington, New Zealand) to analyze the use of our website and to continuously improve our online offering.

Matomo works on our website without cookies and without access to data from the user’s end device. The analysis is carried out entirely on the server side. In particular, the following information is processed IP address (filtered/anonymized), device and browser characteristics, pages viewed, length of visit and interactions.

The processing of personal data takes place on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis of user behavior to optimize our online offering.

Processing takes place exclusively on servers in the EU or in secure third countries for which an adequacy decision has been issued by the Commission. Data is not transferred to unsafe third countries.

The data is stored for 13 months and then deleted or anonymized. Further information can be found in Matomo’s privacy policy at https://matomo.org/privacy-policy/.

---

Opt-out complete; your visits to this website will not be recorded by the Web Analytics tool. Note that if you clear your cookies, delete the opt-out cookie, or if you change computers or Web browsers, you will need to perform the opt-out procedure again.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

You are not opted out. Uncheck this box to opt-out. You are currently opted out. Check this box to opt-in.

The tracking opt-out feature requires cookies to be enabled.

---

5.3 YouTube

We integrate videos on our website via the YouTube service in order to provide multimedia content and supplement our information offering. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When a page with an embedded YouTube video is accessed, a connection to Google’s servers is established. Personal data such as IP address, device and browser characteristics, location data and user behavior may be processed. YouTube also places cookies and similar technologies on your device; you can find more information on this in section 6. If you are logged in with a Google account at the time you access our website, Google can assign your visit to our website to this account.

Access to your end device and the reading of information is based on your consent (§ 25 para. 1 TDDDG), which you give via the “external media” category in our cookie banner. The associated processing of personal data is carried out on the basis of Art. 6 para. 1 lit. a GDPR. If no consent is given, the corresponding content will not be loaded. In this case, a placeholder with a hint text will be displayed instead. The content can only be activated after separate approval by clicking on the button. This approval constitutes your consent.

We only process your data temporarily to deliver the content. Google stores your personal data under its own responsibility for a potentially longer period of time and in accordance with its privacy policy: https://policies.google.com/privacy?hl=en-US

As part of the service, personal data may be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is certified under the EU-U.S. Data Privacy Framework. The EU Commission has established an adequate level of data protection for companies in the USA insofar as they are certified under the EU-U.S. Data Privacy Framework (Art. 45 GDPR). Transmission is therefore permitted without additional measures.

6. Cookies

Our website uses so-called cookies. These are small text files that can be stored and read by the browser used on the user’s end device. Cookies can either be stored only for the duration of a session and then automatically deleted (session cookies) or remain permanently on the end device (persistent cookies).

Insofar as cookies are essential for the technical operation and provision of our online services, they are used on the basis of § 25 para. 2 No. 2 TDDDG. We base the associated processing of personal data on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the functional, secure and user-friendly provision of our website.

If cookies are also used for analysis, statistical or marketing purposes, this is done on the basis of your consent in accordance with § 25 para 1 TDDDG. In these cases, personal data is processed on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.

You can use the following button to view your current cookie settings, access detailed information on the cookies used and manage your consent:

7. Recipients of the data

In order to fulfill our contractual and legal obligations and to provide our services, it may be necessary to disclose personal data to third parties. This applies in particular to authorities, offices, parties to proceedings (e.g. opponents, affected parties, parties involved), tax authorities, banks and insurance companies.

To support our operational processes, we also use external service providers to whom personal data may be transmitted as part of their activities. If these service providers process personal data on our behalf, this is done on the basis of an order processing contract in accordance with Art. 28 GDPR. The processing takes place exclusively within the EU or the EEA or in compliance with suitable guarantees within the meaning of Art. 44 et seq. GDPR.

8. Rights of data subjects

You have the following rights:

• Right to information: You can request information from us as to whether and which of your personal data we process (Art. 15 GDPR).
• Right to rectification: If data that we process about you is incorrect, you can inform us of this and have the right to have this data corrected (Art. 16 GDPR).
• Right to erasure / right to be forgotten: If personal data is no longer necessary for our processing purposes or the legal basis no longer applies due to another circumstance, then you have the right to have your personal data erased (Art. 17 GDPR).
• Right to restriction of processing: Under certain conditions, you can request that we restrict the processing of your data (Art. 18 GDPR).
• Right to portability: You can request a copy of your data from us in a commonly used, machine-readable format or that we provide the data directly to a provider of your choice (Art. 20 GDPR).
• Right to object: You can object to the processing if it is based on our legitimate interests (Art. 21 GDPR)
• Automated decisions: You have the right not to be subject exclusively to an automated decision (Art. 22 GDPR).
• Right to complain to a supervisory authority: You have the right to complain to a data protection supervisory authority about the processing of your personal data by us if you do not agree with the handling of your data. (Art. 77 GDPR)

To exercise your rights against us, you can contact our data protection officer at any time using the contact details given above.

 

Status: July 2025