working doctor photo

Privacy Policy

1. General matters

1.1 What constitutes personal data

Personal data means information that reveals, or is capable of revealing, the identity of the user. We adhere to the principle of data avoidance. The collection of personal data is avoided whenever possible.

1.2 Handling of personal data

Personal data will only be used for the purpose of establishing, formulating and performing a contract (Article 6(1) b GDPR). Beyond this, personal data will only be processed if we have received your consent (Article 6(1) a GDPR). Personal data will not be disclosed to third parties. Your personal data will only be processed within the EU unless otherwise stated below.

1.3 Usage data

When you visit the website, general technical information is collected. This includes the IP address used, time, duration of your visit, browser type and, where applicable, the originating site. These usage data are recorded in a log file for technical reasons and can be used and stored for statistical evaluation of this website. These usage data are not linked to your personal data.

1.4 Registration data

Registration is required for full use of the website’s functions. The registration data are collected from the information that you enter and are used for the specifically stated purpose in accordance with your consent (Art. 6(1) a GDPR).

1.5 Duration of storage

On completion of the purpose for which the data was collected, we will store your personal data only for as long as is required by statutory (in particular tax law‐related) regulations.

2. Your rights

2.1 Access

You may request confirmation from us as to whether personal data concerning you are being processed, and, where that is the case, you have a right to access to the personal data and to the additional information specified in Article 15 GDPR.

2.2 Right to rectification

You have the right to rectification of inaccurate personal data concerning you, and may have incomplete personal data completed in accordance with Article 16 GDPR.

2.3 Right to erasure

You have the right to obtain from us the erasure of personal data concerning you without undue delay. We have the obligation to erase these data without undue delay where one of the following grounds applies:

  • Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing of your data is based, and where there is no other legal ground for the processing.
  • Your data have been unlawfully processed.

The right to erasure does not apply to the extent that your personal data are required for the establishment, exercise or defence of our legal claims.

2.4 Right to restriction of processing

You have the right to obtain from us restriction of processing your personal data where

  • you contest the accuracy of the data and we therefore verify the accuracy,
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
  • we no longer need the data, but you require these for the establishment, exercise or defence of legal claims,
  • you have objected to the processing of your personal data pending verification of whether our legitimate grounds override your grounds.

2.5 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine‐readable format, and have the right to transmit those data to another controller without hindrance from us, provided that the processing is based on consent or on a contract and the processing is carried out by us by automated means.

2.6 Right to withdraw consent

Where the processing of your personal data is based on consent, you have the right to withdraw that consent at any time.

2.7 General matters and right to lodge a complaint

The exercise of your rights as outlined above shall be free of charge. You have the right directly to contact the supervisory authority with competence for us, the state data protection officer, in the event of complaints.

3. Data security

3.1 Data security

All data on our website are protected by technical and organisational measures against loss, destruction, access, modification and distribution.

3.2 Sessions and cookies

To operate the website, we may use cookies or server‐side sessions in which data can be stored. Cookies are files that are stored by a website on your hard drive in order to automatically recognise your computer the next time you visit the website and thereby tailor the use of the website to fit your needs. Some of the cookies used are deleted again at the end of the browser session. These are called session cookies. Other cookies remain on your device and allow your browser to be recognised during a later visit to our website (persistent cookies). You can configure your browser in such a way that you are informed when cookies are placed on your device and decide whether to accept them
on a case‐by‐case basis, or you can refuse to accept cookies for certain cases, or all cookies. Please note that you may not be able to use some features of this website if cookies are disabled. We ensure that no personal data are transferred from sessions or by cookies and that cookies are used only if it is technically necessary for the website. Thus the balancing of interests show that there are no overriding interests on your part (Article 6(1) f GDPR).

4. Comments

If you use the comment function on our website, the date and time of creation, your chosen pseudonym and also, temporarily, your IP address will be stored in addition to the comments themselves. This is done in order to enable us to defend our rights in the event of any unlawful content.

5. Third‐party services

5.1 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), and uses this web analytics service to collect and store data, from which usage profiles are created using pseudonyms. The usage profiles created in this way are used to evaluate visitor behaviour in order to tailor and improve the services presented on our website as required. Google Analytics uses “cookies”, which are small text files placed on your computer in order to analyse how you use the website. The information generated by the cookies about your use of this website is normally transferred to a Google server in the United States and stored there. If IP anonymisation is enabled on this website, your IP address will, however, be truncated by Google within member states of the European Union or other states that are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, for compiling reports on website activity and for providing other services relating to website activity and Internet usage to the website operator. Google will not associate the IP address transferred by your browser for the Google Analytics service to any other data held by Google. Furthermore, the user profiles managed under a pseudonym will not be combined with the personal data concerning the user without the user’s explicit and separately declared consent. Thus the balancing of interests show that there are no overriding interests on your part (Article 6(1) f GDPR). You can prevent the storage of cookies by making the appropriate settings in your browser software; please note, however, that you may then no longer be able to use all the functions of this website. You can also prevent the data generated by the cookie with regard to your usage of the website (including your IP address) from being sent to Google and processed by Google if you download and install the browser plug‐in available via the following link (https://tools.google.com/dlpage/gaoptout?hl=en‐GB).
You may view Google’s data protection policies at https://policies.google.com/privacy?hl=en&gl=de. More detailed information on terms of use and data protection can be found at http://www.google.com/analytics/terms/gb.html or at http://www.google.com/intl/en/analytics/privacyoverview.html. Please note that on this website, Google Analytics has been extended by the code “anonymizeIp” in order to ensure that IP addresses are collected anonymously (a process known as “IP masking”).

5.2 Google Web Fonts

We also use web fonts from Google in order to display a uniform font on our website for you. These are stored automatically in your browser cache when you visit one of our web pages in order to
enable the desired display. If your browser does not support the web fonts used, one of your computer’s default fonts may be used. In this case, none of the users’ interests are affected that override this technical requirement (Article 6(1) f GDPR). You can view Google’s privacy statement here: https://www.google.com/policies/privacy/ For more information about Google web fonts, visit https://developers.google.com/fonts/faq

5.3 Other tools

When you visit our website, your surfing behaviour may be statistically evaluated. This is done primarily by means of cookies and analytics programs. Your surfing behaviour will generally be analysed on an anonymous basis, so it cannot be traced back to you. You can object to this analysis or prevent it by avoiding the use of specific tools. You will find detailed information on this subject in this Privacy Statement.

You may object to this analysis. We will inform you about the ways in which you can object in this Privacy Statement.

6. Data protection officer

We have appointed a data protection officer for our company:

Ronja Baeker
Tilray Deutschland GmbH
Friedrichstraße 153A
10117 Berlin

Telephone: +49 (0) 30 629 33 050
Email: dataprivacy@tilray.com

Withdrawal of your consent to data processing:

Many data processing operations are only possible with your express consent. You may at any time withdraw consent that you have already given. An informal notification sent to us by email is sufficient. The legality of the data processing performed prior to the withdrawal shall remain unaffected by the withdrawal.

Right to object to the collection of data in special cases and to direct marketing (Article 21 GDPR)

If the data processing is based on point (e) or (f) of Article 6(1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, including profiling based on those provisions. The relevant legal basis on which processing is based can be found in this Privacy Statement. If you object, we will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (objection pursuant to Article 21(1) GDPR).

If your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will then no longer be processed for direct marketing purposes (objection pursuant to Article 21(2) GDPR).

Tilray Deutschland GmbH, 24 June 2020