Privacy Notice

General Information

The following information provides a simple overview of what happens with your personal data when you visit this website. Personal data are all data with which you can be personally identified. For detailed information on data protection, please refer to our full privacy policy provided below this text.

Data collection on this website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. Their contact details can be found in the "Information on the responsible body" section of this privacy policy.

How do we collect your data?

Your data are collected in two ways: First, you provide them to us (for example by entering data into a contact form). Second, other data are collected automatically or after your consent when you visit the website by our IT-systems. These are primarily technical data (e.g., web browser, operating system, time of the page view). The collection of these data happens automatically as soon as you access the website.

What do we use your data for?

Part of the data is collected to ensure error-free provision of the website. Other data may be used for analysis of your user behaviour.

What rights do you have regarding your data?

You have the right at any time to obtain, free of charge, information about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction or deletion of these data. If you have given consent to the processing of data, you may revoke this consent at any time for the future. Additionally, you have the right, under certain circumstances, to request the restriction of processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For this and further questions concerning data protection, you may contact us at any time.

Amazon Web Services (AWS)

Provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter "AWS").

When you visit our website, your personal data are processed on the servers of AWS. In this process, personal data may also be transferred to the parent company of AWS in the United States. The data transfer to the USA is based on the EU Standard Contractual Clauses. Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/

Further information can be found in the AWS privacy statement: https://aws.amazon.com/de/privacy/?nc1=f_pr

The use of AWS is based on Art. 6(1)(f) GDPR. We have a legitimate interest in a reliable representation of our website. Where appropriate consent has been obtained, the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG ("Telekommunikations-Datenschutzgesetz"), insofar as the consent covers the storage of cookies or access to information in the user's device (e.g., device-fingerprinting). The consent may be revoked at any time.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards in data processing in the USA. Each company certified under the DPF undertakes to adhere to these privacy standards. More information can be obtained from the provider at: https://www.dataprivacyframework.gov/participant/5776

Processing on behalf (order processing)

We have concluded a contract for order processing (AVV) for the use of the aforementioned service. This is a data protection contract required under the law which ensures that the personal data of our website visitors are only processed under our instructions and in compliance with the GDPR.

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This privacy policy explains what data we collect and for what purpose we use it. It also explains how and why this happens.

We point out that data transmission over the Internet (e.g., when communicating by e-mail) can have security vulnerabilities. A complete protection of data from access by third parties is not possible.

Information on the responsible body

The responsible body for the data processing on this website is:

CLIDAI - Clinical Data Intelligence GmbH
Alfred-Nobel-Straße 9
86156 Augsburg

The responsible body is the natural or legal person which alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, e-mail addresses or similar).

Data protection officer

External Data Protection Officer of CLIDAI GmbH
c/o TÜV SÜD Akademie GmbH
Westendstraße 160
80339 Munich
E-mail: privacy@clidai.com

Storage period

Unless a specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing ceases. If you assert a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted, provided no other legitimate reasons for storage exist (e.g., statutory retention periods); in the latter case deletion will occur when those reasons cease to apply.

General notes on the legal bases of data processing on this website

If you have given consent to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data according to Art. 9(1) GDPR are processed. In the event of explicit consent for the transfer of personal data to third countries, the processing also takes place on the basis of Art. 49(1)(a) GDPR. If the processing of your data is necessary for the performance of a contract or for pre-contractual measures, we process on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if the processing is required to fulfil a legal obligation on our part on the basis of Art. 6(1)(c) GDPR. The data processing may also be based on our legitimate interest according to Art. 6(1)(f) GDPR. The relevant legal basis used in each individual case is explained in the following paragraphs of this privacy policy.

Recipients of personal data

Within our business activity we cooperate with various external bodies. Sometimes the disclosure of personal data to such external bodies is necessary. We only pass on personal data when it is required for contract fulfilment, we are legally obliged to do so (e.g., disclosure to tax authorities), we have a legitimate interest according to Art. 6(1)(f) GDPR in the disclosure, or another legal basis allows data disclosure. In the case of order processors we pass on data only on the basis of a contract for order processing. In the event of joint processing a contract on joint processing is concluded.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You may withdraw your consent at any time. The legality of the processing carried out up to the revocation remains unaffected.

Right to object in special cases and to direct marketing (Art. 21 GDPR)

If data processing is based on Art. 6(1)(e) or (f) GDPR you have the right at any time to object on grounds relating to your particular situation to the processing of your personal data; this also applies to profiling based on these provisions. The relevant legal basis on which processing is based can be found in this privacy policy.

If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims (objection under Art. 21(1) GDPR).

If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for these purposes; this also applies to profiling for direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection under Art. 21(2) GDPR).

Complaint to the supervisory authority

In case of violations of the GDPR, individuals have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged violation. This right exists without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to receive the personal data we process on the basis of your consent or in performance of a contract in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another responsible body, where technically feasible.

Right to access, rectification and deletion

You have at any time the right to obtain, free of charge, information about your stored personal data, their origin and recipient and the purpose of data processing and if applicable a right to rectification or deletion of these data. For this and further questions on personal data please contact us.

Right to restriction of processing

You have the right to request restriction of the processing of your personal data. You may contact us at any time. The right to restriction of processing exists in the following cases:

• If you dispute the accuracy of your personal data stored with us, we generally need time to verify this. During the verification period you have the right to request restriction of processing of your personal data.
• If the processing of your personal data has been unlawful, you may request restriction of data processing instead of deletion.
• If we no longer need your personal data, but you need them to assert, exercise or defend legal claims, you have the right to request restriction of processing instead of deletion.
• If you have objected under Art. 21(1) GDPR, a balancing of interests must be carried out; as long as it has not been determined whose interests prevail, you have the right to request restriction of processing of your personal data.

If you have restricted the processing of your personal data, these data – apart from their storage – may only be processed with your consent, to assert, exercise or defend legal claims, to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

SSL or TLS encryption

This site uses for security reasons and to protect the transmission of confidential content, such as orders or enquiries you send to us as site operator, an SSL- or TLS-encryption. You can recognise an encrypted connection by the change of the address line from "http://" to "https://" and the lock-symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot easily be read by third parties.

Objection to advertising e-mails

The use of contact data published under the imprint obligation for sending unsolicited advertising and information material is hereby expressly objected to. The website operators reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam e-mails.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

A merge of these data with other data sources is not carried out.

The collection of these data takes place on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of the website – to this end the server log files must be collected.

Enquiry via e-mail, telephone or fax

If you contact us via e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your enquiry. These data will not be passed on without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR, if your enquiry is related to the performance of a contract or pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; the consent may be revoked at any time.

The data you send us via contact enquiries will remain with us until you ask us to delete them, you withdraw your consent to their storage or the purpose for data storage ceases (for example after your enquiry has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

What happens when GA4 is used?

GA4 collects data about the behavior of website users (for example pages visited, duration, exit pages) via cookies and other identifiers. The cookies used are small text files stored on your device. When you visit our website, a cookie may be placed if you have given your consent (where required).

In the case of users in the European Economic Area (EEA), GA4 does not log or store individual IP addresses. For EU-based traffic, any IP-address data is dropped before logging.

GA4 provides controls that allow the disabling of Google Signals data collection in specific regions, and the disabling of granular location and device data for specific regions.

Legal basis & data transfers

The data processed via GA4 may be transferred to servers in the United States. Under the EU‑US Data Privacy Framework, the European Commission considers that the U.S. provides an adequate level of protection for such transfers — though you as operator must still ensure proper configuration and user consent.

Your rights

You can refuse or withdraw your consent at any time. You can also prevent cookies being set by configuring your browser accordingly; this may affect the functionality of our website.

How to opt-out / further information

You may disable the collection of data by GA4 by rejecting cookies in the cookie banner or via software settings (such as an opt-out add-on for your web browser).

Further information on GA4's data protection provisions is available at Google's help pages.