Privacy Policy

Biologische Heilmittel Heel GmbH (hereinafter: “Heel,” “we” or “us”) is pleased that you are accessing information we have posted on the figshare platform under heel.figshare.com.

The platform figshare and related services are operated by figshare LLP, with registered address at 4 Crinan Street, London, United Kingdom, N1 9XW.

Heel uses the figshare platform to host its content (e.g., plain language summaries) and make it visible to you.

Heel and figshare LLP are separate controllers in the meaning of data privacy law. In general, figshare alone is the controller within the meaning of data privacy law for the processing of personal data on the figshare platform (in particular in connection with accessing the website, creating a private account, using the "follow”-function, using cookies, etc.). Only in a few areas does Heel act as a controller within the meaning of data privacy law.

In the following, Heel would like to provide to you information in the meaning of Article 13 of the General Data Protection Regulation (“GDPR”) where Heel processes your personal data as a controller.

Please note: This data privacy policy does not apply to data processing activities carried out by figshare LLP as a data controller. In this respect, we refer to the data privacy policy of figshare LLP, available at https://knowledge.figshare.com/privacy.

1. Name and contact information of the controller; data protection officer’s contact information

(1) The name and contact information of the controller, unless otherwise indicated:

Biologische Heilmittel Heel GmbH
Dr.-Reckeweg-Str. 2 - 4
76532 Baden-Baden, Germany
Email: info@heel.com

(2) Contact details of the Data Protection Officer:

Biologische Heilmittel Heel GmbH
Data Protection Officer
Dr.-Reckeweg-Str. 2 - 4
76532 Baden-Baden, Germany
Email: dataprotection@heel.com

2. Processing of personal data when using our website

2.1 Information on authors or other contributors to publications

(1) If we post content (e.g., plain language summaries) on the figshare platform, we may process personal data of the authors or other contributors involved in the publication. As a rule, this involves the following information:

  • name
  • basic professional information (e.g., job title, place of work/research/department)
  • research-biography information (e.g., publication and affiliation history)

(2) The legal basis for the processing of personal data is Section 26 Para. 1 (1) German Federal Data Protection Act if you are an employee of ours, otherwise Art. 6 Para. 1 (1) letter b) GDPR. Accordingly, we are permitted to process personal data if the processing is required for the fulfilment of a contract with you or for the performance of pre-contractual measures.

Where there is no contractual relationship with you, we base the processing of data on our overriding legitimate interests (Art. 6 Para. 1 (1) Letter f) of the GDPR. In this case, we process the data listed for the following purposes:

  • Identification of the author and other contributors
  • Enabling scientific discourse

(3) The personal data we collect will only be stored for as long as is necessary to achieve the purpose for which the data was collected.

2.2 Use of our contact options

(1) If you have any questions, you can contact us directly by e-mail or postal address.

Please note that data cannot always be transmitted securely on the internet. Protection cannot be guaranteed when exchanging data, especially in e-mail correspondence. Please do not send sensitive data (including health-related aspects) to us via e-mail.

Last name, first name and other data depending on the selected medium (e.g., address) are regularly processed when this is done.

(2) The legal basis for the processing of personal data is Art. 6 Para. 1 (1) Letter b) of the GDPR. According to it, we are allowed to process data if the processing is required for the fulfilment of a contract which you are party to or for the performance of pre-contractual measures. Otherwise, if you are not a customer of ours and no customer relationship is being formed, we base the data processing on our overriding legitimate interests (Art. 6 Para. 1 (1) Letter f) of the GDPR). We process the data listed for the following purposes:

  • Getting in touch
  • Responding to specific questions

(3) The personal data we collect will only be stored for as long as is necessary to achieve the purpose for which the data was collected. We may be obliged to store data beyond this due to retention duties under the provisions of fiscal and commercial law.

3. Recipient of the personal data; transfer to EU third countries

As a rule, your data will not be transferred to third parties unless explicitly described under this section.

For the hosting and administration of the admin accounts on the figshare platform, we use the service provider Digital Science & Research Solutions Inc. (“Digital Science”). Digital Science is based in the USA.

We have agreed with Digital Science that hosting (including backups) will be carried out exclusively in the European Union. However, insofar as support services from Digital Science have to be used in individual cases, we cannot exclude that Digital Science, its affiliates or sub-contractors or sub-service providers of Digital Science may also process data outside the European Union, including the USA.

According to the European Court of Justice, the level of data protection in the USA is not comparable to that in the European Union and the European Economic Area. Accordingly, there is said to be a particular risk that data can be processed by US authorities for control and monitoring purposes without adequate legal remedies.

As a general rule, when transferring data outside the European Union and the European Economic Area to a country for which an up-to-date adequacy decision is in place as assessed by the European Commission (see listing here), we base our actions on this adequacy decision (see Art. 45 of the GDPR). For a possible data transfer to other countries (including USA), we base the transfer on the Standard Contractual Clauses (see Art. 46 Para. 2 Letter c) of the GDPR).

As Digital Science is located in the US and may also use other sub-service providers in the US, we have concluded the Standard Contractual Clauses with Digital Science.

In some cases, we also use other external service providers to process personal data in the context of third-party processing as per Art. 28 of the GDPR (such as IT service providers). We have selected and commissioned them carefully, and they are bound by our instructions and inspected on a regular basis.

Your data will only be transferred to bodies such as supervisory authorities and law enforcement agencies within the scope of statutory provisions if doing so is necessary to prevent and detect fraud and other criminal offences or to ensure the security of our data processing systems. The legal basis for this is Art. 6 Para. 1 (1) Letter c) (fulfilment of legal obligations) and Letter f) of the GDPR (protection of legitimate interests).

If you have any further questions regarding the protection of a possible third country transfer, please do not hesitate to contact us using the contact details provided in section 1.

4. Your rights

(1) You have the following rights with respect to your personal data:

  • Right of access (Art. 15 of the GDPR)
    You can request information about whether we are processing personal data about you. If this is the case, you have a right of access to this personal data as well as to further information related to the processing (see Art. 15 of the GDPR). Please keep in mind that this right to information may be restricted or ruled out in certain cases.
  • Right to rectification (Art. 16 of the GDPR)
    In case personal data about you is incomplete or is not (or is no longer) accurate, you may request this data to be corrected and, if necessary, completed (see Art. 16 of the GDPR).
  • Right to deletion or restriction (Art. 17 and 18 of the GDPR)
    If the legal requirements are met, you can request the deletion of your personal data (see Art. 17 of the GDPR) or the restriction of the processing of this data (Art. 18 of the GDPR) if, for instance, the processing of this personal data is no longer necessary for the purposes for which we collected it.
  • Right to data portability (Art. 20 of the GDPR)
    Under certain conditions, you have the right to receive the personal data about you that you have provided to us in a specific format or to transfer this data to another data controller (see Art. 20 of the GDPR).

Certain legal requirements must be met in order for you to exercise your aforementioned rights, and in certain cases your rights may be limited due to legal exceptions, in particular those under Art. 17(3) and Art. 22(2) of the GDPR, or under national legislation.

(2) RIGHT TO OBJECTION (ART. 21 GDPR)

Moreover, you have the right to object to our processing of your personal data at any time (i) in the case of direct marketing or (ii) in other cases on grounds relating to your particular situation if we are processing your personal data to protect our legitimate interests on the basis of Article 6 Para. 1 (1) Letter f) of the GDPR (Article 21 Para. 1 and Para. 2 of the GDPR). Should you raise an objection, we will cease to process your personal data for the purpose of direct advertising in any case, and, in the case of data processing for other reasons, we will normally cease the processing unless we can demonstrate urgent reasons for the processing which are worthy of protection and override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

(3) You may file a complaint against our processing of your personal data with a data protection authority, in particular in the EU member state in which your habitual residence or place of work is located or if a breach of the applicable data protection laws is believed to have taken place (see Art. 77 of the GDPR).

(4) There is no automated decision-making including profiling as per Art. 22 Paragraphs 1 and 4 of the GDPR.

5. External links

Our offer contains links to external websites of third parties whose content we have no influence over. For that reason, we are also unable to assume any responsibility for this third-party content. The respective provider(s) or operator(s) of the websites in question assume(s) responsibility for the contents of the linked websites at all times. The linked sites were checked for possible legal violations at the time the links were made. No unlawful content could be detected at the time of linking.

However, continuous inspection of the contents of the linked pages without specific indications of a legal violation cannot reasonably be expected. Should we gain knowledge of any legal violations, we will remove the links in question without delay. If you notice that the contents of the external providers violate applicable law, please let us know. This data privacy policy only applies to the content on our websites.

6. Amendments to this data privacy policy

We will revise this data privacy policy from time to time to adapt it to the state-of-the-art or to revised legal frameworks.

Therefore, we recommend that you regularly inform yourself about changes to this webpage.

Status as of: 16.05.2022