Skip to content

Privacy Policy

We take data protection seriously!

 

The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers store the IP of your Internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of your visit as standard. This information is essential for the technical transmission of the web pages and secure server operation. There is no personalised analysis of this data.

If you send us data via the contact form, this data will be stored on our servers as part of the data backup process. Your data will only be used by us to process your enquiry. Your data will be treated as strictly confidential. It will not be passed on to third parties. Responsible person:

 

Leibniz Institute for Immunotherapy
Franz-Josef-Strauß-Allee 11
93053 Regensburg

Tel: 0941 944-38100
Fax: 0941 944-38103
Email: info@lit.eu
Web: https://lit.eu/

 

Personal data

Personal data is data about your person. This includes your name, your address and your e-mail address. You do not have to disclose any personal data in order to visit our website. In some cases, we need your name and address as well as other information in order to be able to offer you the desired service.

The same applies if we supply you with information material on request or if we answer your enquiries. In these cases, we will always point this out to you. Furthermore, we only store the data that you have transmitted to us automatically or voluntarily.

When you use one of our services, we generally only collect the data that is necessary to provide you with our service. We may ask you for further information, but this is voluntary. Whenever we process personal data, we do so in order to be able to offer you our service or to pursue our commercial objectives.

 

Contact us

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the data of the enquiring persons will be processed insofar as this is necessary to answer the contact enquiries and any requested measures.

The response to contact enquiries in the context of contractual or pre-contractual relationships is carried out to fulfil our contractual obligations or to respond to (pre)contractual enquiries and otherwise on the basis of the legitimate interests in responding to the enquiries.

 

  • Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. entries in online forms).
  • Affected persons: Communication partner.
  • Purposes of processing: Contact enquiries and communication.
  • Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 lit. b. GDPR), Legitimate interests (Art. 6 para. 1 lit. f. GDPR).

 

Automatically saved data

 

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

 

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Complete IP address of the requesting computer
  • Amount of data transferred

 

This data is not merged with other data sources. Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short time. It is not possible for us to identify individual persons from this data. After seven days at the latest, the data is anonymised by shortening the IP address at domain level so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymised form for statistical purposes; it is not compared with other databases or passed on to third parties, even in excerpts.

 

 

Cookies

Our Internet pages use so-called cookies. Cookies are small data packets that do not cause any damage to your computer. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or your web browser automatically deletes them.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies can be used to analyse user behaviour or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been obtained, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDSG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. You can find out which cookies and services are used on this website in this privacy policy.

 

You can change your settings for the use of cookies here at any time: Link to call up the consent banner again.

 

 

Adobe Fonts (Typekit)

On our website, we use fonts from the Adobe Fonts platform (formerly Typekit), provided by Adobe Systems Software Ireland Limited, Citywest Business Campus, Saggart, Dublin 24, Ireland.

When you access our website, your browser loads the required fonts directly from Adobe’s servers in order to display texts and fonts correctly. Your IP address is transmitted to Adobe in the process. According to Adobe, no cookies are set and no personal data is stored or analysed.

The use of Adobe Fonts is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Adobe may transfer data to third countries such as the USA. Adobe is certified under the EU-U.S. Data Privacy Framework. Further protective measures, such as standard contractual clauses in accordance with Art. 46 GDPR, are also part of the Adobe data protection structure.

Further information on data protection at Adobe can be found at: https://www.adobe.com/de/privacy/policies/adobe-fonts.html

 

 

Font Awesome

We use Font Awesome, a service provided by Fonticons, Inc, Bentonville, Arkansas, USA, on our website for the standardised display of symbols and icons. We integrate Font Awesome locally so that no connection to Fonticons’ servers in the USA is established when our website is accessed. Therefore, no personal data is transmitted to third parties and there is no tracking by this service.

If Font Awesome is integrated via a so-called Content Delivery Network (CDN) (e.g. via use.fontawesome.com), a connection to Fonticons’ servers in the USA is established when the page is loaded. Among other things, your IP address is transmitted. If you have given your consent via our cookie banner, data processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. If no consent is given, Font Awesome will not be loaded via CDN.

When used via CDN, a transfer of personal data to the USA cannot be ruled out. The provider undertakes to comply with standard contractual clauses (SCCs) in accordance with Art. 46 GDPR.

Further information can be found at: https://fontawesome.com/privacy

 

 

YouTube

This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

Furthermore, YouTube can store various cookies on your end device or use comparable technologies to recognise you (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent attempts at fraud.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further information on the handling of user data can be found in YouTube’s privacy policy at: https://policies.google.com/privacy?hl=de.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

 

 

WPML (WordPress Multilingual Plugin)

This website uses WPML, a plugin for displaying and managing multilingual content on WordPress websites. The provider is OnTheGoSystems Ltd, 22/F 3 Lockhart Road, Wanchai, Hong Kong. WPML uses cookies to memorise the language selected by the user and to deliver the corresponding content. No personal data is transmitted to third parties. Processing takes place exclusively locally on the website server.

The use of WPML is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in a user-friendly, linguistically customised presentation of our website.

Further information on data processing by WPML can be found at: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/

 

 

Security

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our data protection declarations are constantly being revised. Please ensure that you have the latest version.

 

Which data is processed and from which sources does this data originate?

We process the data that we have received from you in the context of contract initiation or processing, on the basis of consent or in the context of your application to us or in the context of your employment with us.

 

Personal data includes the following

Your master/contact data, for customers this includes e.g. first name and surname, address, contact details (e-mail address, telephone number, fax), bank details.

For applicants and employees, this includes, for example, first name and surname, address, contact details (e-mail address, telephone number, fax), date of birth, data from CV and references, bank details, religious affiliation, photographs.

For business partners, this includes, for example, the name of their legal representative, company, commercial register number, VAT number, company number, address, contact details (e-mail address, telephone number, fax), bank details.

For visitors to our company, this includes name and signature.

For journalists, this includes first and last name, e-mail address, fax number.

In addition, we also process the following other personal data:

 

  • Information on the type and content of contract data, order data, sales and document data, customer and supplier history and consulting documents,
  • Advertising and sales data,
  • Information from your electronic communication with us (e.g. IP address, log-in data),
  • other data that we have received from you in the course of our business relationship (e.g. in discussions with customers),
  • Data that we generate ourselves from master / contact data and other data, e.g. by means of customer demand and customer potential analyses,
  • the documentation of your declaration of consent for the receipt of e.g. newsletters.
  • Photographs taken as part of events.

 

 

For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 as amended:

 

for the fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):

Your data is processed for the purpose of contract processing or for the processing of contracts with your employees. The data is processed in particular when initiating business or executing contracts.

 

for the fulfilment of legal obligations (Art. 6 para. 1 lit.c GDPR):

The processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code or the German Fiscal Code.

 

to safeguard legitimate interests (Art. 6 para. 1 lit.f GDPR):

Based on a balancing of interests, data processing may take place beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Data processing to protect legitimate interests takes place in the following cases, for example:

  • Advertising or marketing
  • Measures for business management and further development of services and products;
  • Maintaining a group-wide customer database to improve customer service
  • in the context of legal prosecution
  • Sending of non-sales-promoting information and press releases.

 

within the scope of your consent (Art. 6 para. 1 lit. a GDPR):

If you have given us your consent to process your data, e.g. to send you our newsletter, to store your data beyond the eigl. purposes

 

Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either as a whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.

Subject to the legal requirements of Section 7 (3) UWG, we are authorised to use the email address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this. Of course, every e-mail always contains an unsubscribe link.

 

Who receives my data?

As a rule, personal data is processed by us as the controller. However, processing by transferring or disclosing personal data to third parties may be necessary in the course of carrying out our activities, in particular if one of the following reasons exists based on the stated legal basis:

  • It is necessary for the fulfilment of a contract with the data subject or the implementation of pre-contractual measures at their request (Art. 6 para. 1 lit. b GDPR).
  • The disclosure is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that the data subject has an overriding legitimate interest in the non-disclosure of their data (Art. 6 para. 1 lit. f GDPR).
  • There is a legal obligation to pass on the data (Art. 6 para. 1 lit. c GDPR).
  • We have a valid consent (Art. 6 para. 1 lit. a GDPR).

 

Categories of recipients in the context of our activities and operations may include in particular

  • Postal, telecommunications and transport service providers
  • Payment and financial service providers
  • Sales and business partners and other persons and companies involved in the provision of services
  • Authorities, courts, opposing parties, other parties involved

In addition, we point out in the individual processing operations if other recipients come into consideration.

 

 

How long will my data be stored?

We process your data until the termination of the business relationship or until the expiry of the applicable statutory retention periods (e.g. from the German Commercial Code, the German Fiscal Code or the Working Hours Act); in addition, until the termination of any legal disputes in which the data is required as evidence.

 

 

Is personal data transferred to a third country?

We use technologies from service providers on our website whose registered office and/or server locations may be located in third countries outside the EU or the EEA. If there is no adequacy decision by the EU Commission for this country, an adequate level of data protection must be ensured by means of other suitable guarantees.

Suitable guarantees in the form of contractually agreed standard contractual clauses of the EU Commission or binding internal data protection regulations (Binding Corporate Rules) are generally possible, but require a prior review by the contracting parties to determine whether an adequate level of protection can be guaranteed. According to the case law of the ECJ, it may be necessary to take additional protective measures.

We have generally agreed the standard data protection clauses issued by the EU Commission with the technology providers we use who process personal data in a third country. Where possible, we also agree additional guarantees to ensure that adequate data protection is guaranteed in third countries without an adequacy decision.

Notwithstanding this, it is possible that, despite all contractual and technical measures, the level of data protection in the third country does not correspond to that of the EU. In such cases, we will ask you, if necessary, for your consent to transfer your personal data to a third country as part of the cookie consent process in accordance with Art. 49 (1) (a) GDPR.

In particular, there is a risk that local authorities in the third country may not have sufficiently restricted access rights to your personal data from a European data protection perspective, that we as the data exporter or you as the data subject may not be aware of this and/or that you may not have sufficient legal remedies available to you to prevent this and/or to take action against such access.

The following countries in particular are currently categorised as third countries without an adequacy decision by the EU Commission (sample list):

  • China
  • Russia
  • Taiwan

You can find out to which third countries data is transferred by us in the data protection information for the respective tool and/or service used by us for consent management / Consent Manager Platform (CMP).

 

 

Order processing by service providers

In order to carry out our activities, we also use service providers bound by instructions as processors in accordance with Art. 28 GDPR, who are also considered recipients of the data within the meaning of data protection. A contract for order processing ensures in particular that the processing is carried out on the basis of our instructions, that sufficient guarantees exist for compliance with suitable technical and organisational measures and that the rights of data subjects are guaranteed.

We generally use service providers for the following processing purposes:

  • Hosting of our online offers/websites with providers (infrastructure and platform services, computing capacity, storage space and database services).
  • Care, maintenance and servicing of online offers/websites.
  • Implementation, care, maintenance and servicing of IT systems.
  • Document and information management.
  • Communication, contact and conference systems (e-mail, contacts, appointments, messenger, video conferencing, etc.).
  • File and data carrier destruction

 

 

How long will my data be stored?

We generally store personal data as long as it is necessary for the purposes of the corresponding processing, statutory or regulatory retention periods exist or we have a legitimate interest in the storage or the corresponding consent of the data subject.

We store certain data in accordance with the following rules for the duration specified in each case and delete or destroy it after the specified storage period has expired:

  • If the processing is based on your consent, we will delete the data concerned after your cancellation
  • If none of the following retention periods apply, we delete the data after the purpose of processing has expired
  • 3 years: Data and content relating to legal transactions (including their preparation) to the extent necessary for information and defence as well as for the assertion or defence of claims. This also includes data for marketing and customer support, unless they also fall under a category for a longer storage period.
  • 6 years: commercial letters received and sent (§ 257 para. 1 no. 2 and 3, para. 4 HGB)
  • 10 years: Documents relevant for taxation, accounting records, trading books (§§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB).
  • 30 years: Data that is stored due to special circumstances in our own or a third party’s interest, as there are corresponding limitation periods or special retention periods (e.g. enforcement order, special limitation periods).

 

 

What data protection rights do I have?

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

 

Right to information:

You can request information from us as to whether and to what extent we process your data.

 

Right to rectification:

If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

 

Right to cancellation:

You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.

Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there is no legal or statutory retention obligation to the contrary.

 

Right to restriction of processing:

You can request that we restrict the processing of your data if

  • you contest the accuracy of the data for a period of time that enables us to verify the accuracy of the data.
  • the processing of the data is unlawful, but you refuse to have it erased and instead request that the use of the data be restricted,
  • we no longer need the data for the intended purpose, but you still need this data for the assertion or defence of legal claims, or
  • you have objected to the processing of the data.

 

Right to data portability:

You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transmit this data to another controller without hindrance from us, provided that

  • we process this data on the basis of a consent given and revocable by you or for the fulfilment of a contract between us, and
  • this processing is carried out using automated procedures.

If technically feasible, you can request that we transfer your data directly to another controller.

 

Right of objection:

If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

 

Right of appeal:

If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

 

Am I obliged to provide data?

The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to fulfil an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant or legally required for the fulfilment of the contract.

 

Changes to this privacy policy

We reserve the right to change our privacy policy if this should be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce these on our website.

 

All interested parties and visitors to our website can contact us regarding data protection issues at:

 

Mr Christian Volkmer

Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg

 

Phone: 0941 2986930
Fax: 0941 29869316
E-mail: anfragen@projekt29.de
Internet: www.projekt29.de