Privacy Policy



Responsible party for data processing

Controller of personal data within the meaning of the applicable data protection laws is

KliniKual GmbH
Homburger Hohl 6
60437 Frankfurt am Main
Germany

phone: +49 151 45 10 21 89

email: info@KliniKual.com

Represented by the Managing Directors
Anuja Kumar and Ketan Gupta

KliniKual GmbH is a professional provider of healthcare market research services across the globe.

We treat personal data confidentially and in accordance with the applicable legal data protection regulations and this privacy policy.

In the following, we inform you about the processing of personal data when using our website and in the business operations of our company.

The data processing is carried out in accordance with the principles for the processing of personal data according to Art. 5 EU GDPR.

You can reach our data protection officer at:

datenschutz@KliniKual.com

If you have any questions regarding data protection in our company, please do not hesitate to contact us at any time using the above contact details.

Purposes of processing

We are processing personal data for the following purposes:

  1. Providing our healthcare market research services including the initiation, processing and invoicing of orders according to Art. 6(1)(b) EU GDPR.

  2. Fulfillment of legal obligations, e.g. tax law according to Art. 6(1)(c) EU GDPR

  3. Operation of our website and provision of information on it, as well as ensuring and carrying out the processing of our business operations according to Art. 6(1)(f) EU GDPR.

If we are required to obtain your consent, the processing of personal data will be based on your consent according to Art. 6(1)(a) EU GDPR or, in the case of sensitive data, according to Art. 9(2)(a) EU GDPR.

We process your personal data solely for the purposes stated and retain this data only for as long as the respective purpose and legal regulations require.

We only process personal data that has been provided to us by parties interested in our services and our business or contractual partners in the context of order processing.

Categories of personal data processed

In the course of our business activities, we process the following categories of personal data:

  • Personal data that you provide to us as an interested party in our healthcare market research services or as a business client, e.g. your IP address when visiting our website, your contact details such as name, company function, area of activity, address, phone number, email, data about your interest in our services

  • Personal data within contractual agreements

  • Personal data required for the provision of our services

  • Personal data that we collect in the execution of orders

  • Personal data provided to us in the context of data protection inquiries by a person subject to data processing.

Storage period

Unless another storage period is specified within this privacy policy, your personal data will be stored on our systems until the purpose for data processing has expired.

If you make a legitimate request for deletion or if you revoke your consent to data processing, your personal data will be deleted unless we have other legally binding reasons for storing it.


Your rights

You have the following rights towards us as the data controller with regard to the personal data concerning you:

  1. Your right to revoke your consent

    If data processing takes place on the basis of your express consent, you may revoke this consent at any time (Art. 7(3) EU GDPR). The lawfulness of the data processing carried out until the time of revocation remains unaffected.

  2. Your right of objection according to Art. 21 EU GDPR

    IF THE DATA PROCESSING IS BASED ON ART. 6 (1)(E) OR (F) EU GDPR (PUBLIC OR LEGITIMATE INTEREST), YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION (ART. 21 EU GDPR).

    IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE REASONS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.

    IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEREAFTER NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING.

  3. Your right to information, correction and erasure (be forgotten)

    Within the framework of the applicable legal provisions (Art. 15, Art. 16 and Art. 17 EU GDPR), you have the right at any time to information free of charge about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correction or erasure of this data.

    For this purpose, you can contact us at any time using the above contact details.

  4. Your right to restriction of processing

    In accordance with Art. 18 EU GDPR, you have the right to request the restriction of the processing of your personal data.

    The right to restriction of processing exists if:

    • You dispute the accuracy of your personal data stored by us, for the duration of the review.
    • Yhe processing is unlawful and you request the restriction of data processing instead of erasure.
    • You still require the data to assert legal claims.
    • You have entered an objection pursuant to Art. 21(1) EU GDPR, as long as a balancing decision is made as to whether your or our interests prevail.

    If you have exercised your right to restriction of processing, your personal data may be processed, excluding storage, only with your consent or for the purpose of asserting legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

  5. Your right to data portability

    In accordance with Art. 20 EU GDPR, you have the right to have your personal data, which we have processed automatically on the basis of your consent or for the performance of a contract, handed over to you or to a third party in a common, machine-readable format.

  6. Your right to complain to the supervisory authority concerned

    In accordance with Art. 77 EU GDPR, you have the right to complain to a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the suspected data breach. The right to complain is without prejudice to other administrative or judicial remedies.


Data collection on our website Website hosting:

We are hosting our website at Hostinger, Europe

For our web hosting, we have limited the processing at Hostinger to the EU and have contractually agreed the EU data boundary accordingly.

We have a legitimate interest in ensuring that our website is presented as reliable as possible in accordance with Art. 6(1)(f) EU GDPR and, to this purpose, have concluded a data processing agreement including the EU Standard Contractual Clauses of the EU Commission (EU-SCCs) in the current version with the above-mentioned provider to ensure that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the EU GDPR.

  1. Cookies

    Our website uses so-called "cookies". Cookies are small text files that are stored in your browser. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device.

    Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

    As the website operator, we have a legitimate interest in storing necessary cookies for the technically flawless and optimized provision of our website. Insofar as your consent to the storage of cookies has been requested, the processing is carried out exclusively on the basis of this consent in accordance with Art. 6(1)(a) EU GDPR in conjunction with § 25(1) TTDSG. You can revoke your consent at any time.

    You can configure your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

    If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the framework of this data protection declaration and, if necessary, request your consent.

  2. Server log files

    The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

    These are:

    • browser type and browser version
    • operating system used
    • referrer URL
    • host name of the accessing computer
    • time of the server request
    • IP address

    This data is not merged with other data sources.

    The collection of this data is based on our legitimate interest in the technically flawless presentation of our website in accordance with Art. 6(1)(f) EU GDPR.

  3. Local provision of Google web fonts

    On our website, we use so-called web fonts provided by Google for the uniform display of text fonts. The Google fonts are installed locally only. When loading the website and the associated fonts, there is therefore no connection to Google servers.

Contacting us via our enquiry form or by email:

We offer you the opportunity to contact us on our website via the contact form or by email and submit an information request if you are interested in our healthcare market research services.

When using the contact form, you will be asked to enter your name, phone number, email address and your message to us. This data is transmitted to our email service (see Google Workspace) together with the content of your request. There is no transmission to other services or to third parties.

We store and use your personal data, which you transmit to us in the context of your contact request via the contact form or by email, exclusively to answer your request and, if necessary, for pre-contractual measures.

If your contact request is associated with a contract, the data processed in this context will be deleted after the terms of the contract, otherwise as soon as the storage is no longer necessary. Should legal retention periods exist, the processing will be restricted.


Data processing in the context of our business operations Google Workspace:

As part of our business operations, we use Google Workspace for email communication and video conferencing, among other things.

For this purpose, we have concluded a data processing agreement with Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, incorporating the current standard contractual clauses of the EU Commission (EU-SCC) and have contractually agreed to the processing of personal data exclusively within the EU.

Nevertheless, we would like to point out that it cannot be completely ruled out that personal data may be transferred to the USA or that US security authorities may gain access to it.

All data that you provide to us in the context of contacting us by email or in the context of a video conference, as well as your email and IP address and other data that is absolutely necessary for sending and receiving emails, will be stored on Google's servers in the European Economic Area.

The legal basis for this data processing is the fulfillment of a contract or the accomplishment of pre-contractual measures according to Art. 6(1)(b) EU GDPR or our legitimate interest in the proper internal performance and administration of our business operations according to Art. 6(1)(f) EU GDPR.

Your data will only be stored for as long as is necessary for the above-mentioned purpose. The stored data will be erased after the purpose of processing has ceased to apply and in accordance with the legal retention periods.

You can find Google's privacy policy and terms of use here: https://policies.google.com/privacy

You can view information on the IT security of Google Workspace here:https://workspace.google.com/intl/de/security/

Email communication

If you contact us by email, we process your name, your contact data including your email address, as well as the information you have otherwise provided. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration.

We use Gmail as our email provider. This is how we receive and send all emails in the course of communication with our clients and cooperation partners.


Video conferencing

We use the Google Meet service for video conferences. Through this service, we handle online communication with our clients as well as internal communication within our company.

In Google Meet, various data of the participants in the conversation are collected and stored. This includes IP addresses, email addresses and device names. In addition, conversation content such as transmitted files and chat histories are stored by Google.

Meetings with our clients via Google Meet are generally not recorded unless this is done for a legitimate purpose as well as on the basis of a separate agreement.


Our company profiles on business portals

Through our website, you can access our publicly accessible profile pages on business portals via individual links (buttons). In the following, we inform you about the data processing of the websites we use on professional networks.

The legal basis for operating these profile pages is our legitimate interest pursuant to Art. 6(1)(f) EU GDPR to present our company comprehensively on the web and to get in touch with other users, to interact with them and to answer requests.

We would like to point out that we have no influence on the data processing of these networks, in particular the analysis processes carried out by social networks, and that these processing operations may be based on different legal grounds to be specified by the social media operators (e.g. consent within the meaning of Art. 6(1)(a) EU GDPR).

In any case, please review the respective privacy policies of the individual providers!

Social networks can generally analyze your user behavior extensively when you visit their website or a website with integrated content such as like buttons or advertising banners. When visiting our business profiles, you may be subject to the following data processing:

If you are logged into your account on the corresponding platforms and visit our profile page there, the operator can assign this to your user account.

However, your personal data may also be collected via cookies or by processing your IP address if you are not logged in or do not have an account with the respective provider.

With this data, the operators create so-called user profiles in which your interests and actions that you perform on the web are stored in order to use your profile data for their own purposes, if they wish.

If you visit one of our profile pages, we may be joint controller of the data processing with the operator. Please refer to the information on the respective profile pages as described below.

If we are jointly responsible for data processing with the operator, you can generally exercise your rights (information, correction, erasure, restriction of processing, data portability and complaint) both against us and against the respective provider.

If you share, "like" or comment on our posts, we process this information about the interaction as well as your profile data. In addition, we may contact users directly if the information on their profile has caught our interest. In doing so, we process the available profile data.

The data collected directly by us via our profile pages, as well as personal data that you transmit to us as part of a contact request, are deleted from our systems as soon as the purpose for storing the data no longer applies, you request us to delete the data, or you revoke your consent to storage. Mandatory legal provisions such as retention periods remain unaffected.

We have no influence on the storage period of your data that is processed by the operators of professional networks for their own purposes. In this regard, please refer to the terms of use and data protection policies of the individual providers, as provided below.


LinkedIn:

We have a company profile on the LinkedIn platform, a service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

If you are interested in our healthcare market research services, you have the option of contacting us via our LinkedIn profile. In order to respond to your inquiry, we process your available profile data (e.g. job title, company name, industry, education, work experience, skills, contact details, photo) and the content of your message to us in accordance with this privacy policy.

We have concluded a data processing agreement with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, incorporating the current standard contractual clauses of the EU Commission (EU-SCCs).

For certain functions of our company profile page on LinkedIn, such as the analysis of profile visits, there is a joint controllership with LinkedIn for data processing pursuant to Art. 26 EU GDPR. Information about which data processing LinkedIn is responsible for can be found under the following link:

https://www.linkedin.com/legal/l/page-joint-controller-addendum

We would like to point out that we have no influence on further data processing by LinkedIn and that it cannot be ruled out that personal data will be transmitted to the USA or that US security authorities will gain access to it.

Information on the purpose and scope of data processing by LinkedIn as well as the related rights and setting options for protecting the privacy of users can be found in LinkedIn's privacy policy:

https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy


XING:

We have a company profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

If you are interested in our healthcare market research services, you have the option of contacting us via our Xing profile. In order to respond to your request, we process your available profile data (e.g. job title, company name, industry, education, work experience, skills, contact options, photo) as well as the content of your message to us in accordance with this privacy policy.

There is a joint controllership for data processing with XING in accordance with Art. 26 EU GDPR. Information on the purpose and scope of data processing by XING, as well as the related rights and settings options for protecting the privacy of users, can be found in XING's privacy policy:

https://privacy.xing.com/de/datenschutzerklaerung

Latest version of the privacy policy: 1.11.2022