We take data protection seriously

The protection of your privacy when processing personal data is an important concern for us. By default, when you visit our website, our web servers store the IP of your Internet service provider, the website from which you are visiting us, the web pages you visit on our site, and the date and duration of your visit. This information is essential for the technical transmission of the websites and the secure operation of the server. A personalised evaluation of this data is not carried out.

If you send us data via the contact form, this data is stored on our servers during the data backup. We will only use your data to process your request. Your data will be kept strictly confidential. It will not be passed on to third parties.

Responsible party:

MEGGLE GmbH & Co. KG
Business Unit Excipients
Megglestrasse 6-12
83512 Wasserburg am Inn
Germany

T +49 8071 73-0
info.excipients@meggle.com

Personal data
Personal data is data about you. This includes your name, your address and your e-mail address. You also do not have to disclose any personal data to visit our website. In some cases, we may need your name and address, as well as further information to provide you with the service you require.

The same applies if we are supplying you with information material you have requested or if we are answering your enquiries. In these cases, we will always make you aware of this. In addition, we only store the data that you have sent us automatically or voluntarily.

When you use one of our services, we usually only collect the data necessary to provide you with our service. We may ask you for more information, but it is entirely up to you whether you provide it or not. Whenever we process personal data, we do so in order to provide you with our service or to pursue our commercial objectives.

Automatically stored data

Server log files
The provider of the pages automatically collects and stores information in what are known as server log files, which your browser automatically transmits to us. This information includes:

• The date and time of the request
• Name of the requested file
• Page from which the file was requested
• Access status (file transferred, file not found, etc.)
• Web browser and operating system used
• Full IP address of the requesting computer
• Volume of data transferred

This data is not merged with other data sources. The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website.    This data is stored by us for a short period of time for reasons relating to technical security and in particular to prevent attempted attacks on our web server. We cannot discern the identity of individual persons on the basis of this data. After seven days at the latest, the data is anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. The data is also processed for statistical purposes in anonymised form; it will not be compared with other data records or transferred to third parties, even in part. The number of page views is only displayed within the scope of our server statistics, which we publish every two years in our activity report.

Registration on the website
Visitors to the Meggle website have the option to register on the site by providing personal data if they want to receive documents and sample products. The following personal data is collected: company, name, position, address, phone number, e-mail address.

By registering on the controller’s website, the data subject also gives consent to having the date and time of their registration stored, along with the IP address assigned by their internet service provider (ISP). This data is stored because it is the only way to prevent our services being misused and can help with investigations where necessary if offences have been committed. In this sense, the data needs to be stored to protect the controller. This data will never be passed on to third parties unless there is a statutory requirement to do so or unless it is to aid law enforcement. If the data subject registers voluntarily and provides their personal data, it makes it easier for us to send them documents and sample products. Individuals who have registered have the option to alter the personal data they provided on registration or to have that data completely erased from the controller’s database at any time. By registering, you undertake to keep your personal login details confidential and not make them available to any unauthorised third parties. We can accept no liability for misused passwords unless we are responsible for that misuse.

Cookies
When you visit our websites, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on its hard drive. Only the Internet protocol address is stored here - personal data is not stored. This information, which is stored in the cookies, allows you to be automatically recognised the next time you visit our website, which makes it easier for you to use it. The legal basis for the use of cookies is the legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

Of course, you can also visit our website without accepting cookies. If you do not want your computer to be recognised the next time you visit our website, you can also refuse the use of cookies by changing the settings in your browser to "Reject cookies". The particular procedure can be found in the user manual of your respective browser. However, if you refuse to use cookies, there may be restrictions on the use of some areas of our website.

Information about the MEGGLE LinkedIn page
We use the technical platform and services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland for the information service offered.

We would like to point out that you use the LinkedIn page and its functions on your own responsibility. This applies in particular to the use of the interactive functions.
When you visit our LinkedIn page, LinkedIn collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as operators of the LinkedIn pages, with statistical information about the use of the LinkedIn page.

The data collected about you in this context is processed by LinkedIn and, if necessary, transferred to countries outside the European Union. Which information LinkedIn receives and how it is used is described in general terms by LinkedIn in its privacy policy. Here you will also find information about contact options for LinkedIn as well as the setting options for advertisements.

The privacy policy is available under the following link: https://www.linkedin.com/legal/privacy-policy

The shared responsibility agreement under Art. 26 GDPR (as of 8/21/2020) with LinkedIn is available at: https://legal.linkedin.com/pages-joint-controller-addendum

Independently, we process data when you contact us via contact forms (so-called LinkedIn Lead Generation Forms). Our legitimate interest for the use of the so-called Lead Gen Forms serves marketing purposes in the context of business initiation, new customer acquisition and customer retention. Lead Gen Forms are forms that enable the integration of contact forms on the company profile or as sponsored content. By using these Lead Gen Forms services, we offer interested parties a function with which they can provide us as users with their e-mail address or other user information.

If you are a member of the LinkedIn platform with a personal profile, LinkedIn can assign the access of the above-mentioned content and functions to your personal profile. Further information on data protection and the Lead Gen Ads of LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy and https://business.linkedin.com/de-de/marketing-solutions/native-advertising/lead-gen-ads respectively.

You can find the current version of this data privacy statement under the item "Contact" on our LinkedIn page.

MyFonts Counter
On this website we use MyFonts Counter, a web analysis service developed by MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA. In accordance with the licensing terms, page view tracking is carried out where the number of visits to the website is counted for statistical purposes and transferred to MyFonts. During this process, MyFonts only collects anonymised data. If necessary, the data is forwarded by activating Java script code in your browser. To completely prevent Java script code being run by MyFonts, you can install a Java script blocker (e.g. www.noscript.net) or deactivate the script using this opt-out. For further information on the MyFonts Counter, please see the data privacy notices of MyFonts at  http://www.myfonts.com/info/terms-and-conditions/#Privacy

Matomo (formerly PIWIK) (web analysis service)
We use the web analysis service Matomo on our website. Matomo uses cookies for this analysis. Cookies are small text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookies, such as the time, place and frequency of your website visit, including your IP address, is transferred to our PIWIK server and stored there. Your IP address is anonymised immediately during this process, so that you remain anonymous to us as a user. The information generated by the cookie regarding your use of this website will not be forwarded to third parties. You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that if you do so you may not be able to use all functions of our website to their full extent.

Reset cookie settings

Security
We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees as well as service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transferred. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our data privacy statements are constantly revised. Please make sure you have the latest version.

Rights of data subjects:
You have a right at any time to request information about, rectify, delete or restrict the processing of your stored data, a right to object to the processing as well as a right to data portability and to appeal in accordance with the conditions of the data protection law.

Right of information:
You can request information from us regarding whether and to what extent we are processing your data.

Right to rectification:
If we process any of your data that may be incomplete or incorrect, you can ask us to rectify or complete it at any time.

Right to deletion:
You can ask us to delete your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, e.g. if there are statutory retention obligations in place. Irrespective of whether you choose to exercise your right to have your data deleted, we will delete your data immediately and completely, unless there is a contractual or statutory retention obligation in force in this regard.

Right to restrict processing:
You can ask us to restrict the processing of your data if:
- you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
- the processing of the data is unlawful, but you refuse to have it deleted, and instead request a restriction of its use,
- we no longer require the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- you have lodged an objection to the processing of the data.

Right to data portability:
You can ask us to supply you with the data you have provided to us in a structured, standard and machine-readable format and to allow you to transfer this data to another responsible party without obstruction by us, if
- we are processing this data on the basis of your granted and revocable consent or to fulfil a contract between us, and
- this processing is carried out using automated procedures.
If it is technically feasible, you can ask us to transfer your data directly to another responsible party.

Right of objection: If we process your data for legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will no longer process your data unless we can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend your legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right of appeal: If you believe that we are in breach of German or European data protection laws when processing your data, please contact us in order to clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, which in this case would be the respective State Office for Data Protection Supervision. If you wish to assert any of these rights against us, please contact our Data Protection Officer. In case of doubt, we may request additional information to confirm your identity.

Changes to this data privacy statement
We reserve the right to change our data privacy statements should this prove necessary as a result of new technologies. Please make sure you have the latest version. If fundamental changes are made to this data privacy statement, we will publish them on our website.

With regard to data protection matters, all interested parties and visitors to our website can contact us at:

Mr. Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg

Tel.:  +49 (0)941 2986930
Fax:  +49 (0)941 29869316
E-mail: anfragen@projekt29.de
Internet: www.projekt29.de

Information requirements acc. to Art.13 GDPR

The protection of your personal data is of particular concern to us. We therefore process your personal data (in short "data") exclusively on the basis of legal provisions. With this data privacy statement, we want to inform you comprehensively about the processing of your data in our company and the data protection claims and rights you are entitled to, within the meaning of Article 13 of the European General Data Protection Regulation (EU GDPR).

1. Who is responsible for the data processing and who can you contact?

The responsible party is
MEGGLE GmbH & Co. KG
Business Unit Excipients
Megglestrasse 6-12
83512 Wasserburg am Inn
Germany

T +49 8071 73-0
info.excipients@meggle.com

The company Data Protection Officer is
Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg

T +49 941 298 693-0
anfragen@projekt29.de

2. What data is processed and from which sources does this data come from?
We process the data that we have received from you as part of the initiation or processing of contracts, on the basis of consents or as part of your application to us or within the scope of your workforce employed with us.

Personal data includes:
Your master/contact data, for customers and suppliers this includes e.g. first and last name, address, contact details (e-mail address, telephone number, fax), bank details.

For applicants and employees, this includes e.g. first and last name, address, contact details (e-mail address, telephone number, fax), date of birth, data from CVs and employer references, bank details, religious affiliation, pictures.

For business partners, this includes e.g. the name of their legal representatives, company, commercial register number, VAT lD no., company number, address, contact person contact details (e-mail address, telephone number, fax), bank details.

For visitors to our company, this includes the name and signature.

For journalists, this includes first and last name, e-mail address, fax number.

For competition participants, this includes first and last name, e-mail address.

In addition, we also process the following miscellaneous personal data:
- information on the type and content of contract data, order data, sales and document data, customer and supplier history as well as consulting documents,
- advertising and sales data,
- information from your electronic communications with us (e.g. IP address, log-in data),
- other data that we have received from you in the course of our business relationship (e.g. in customer meetings),
- data that we generate ourselves from master/contact data as well as other data, e.g. by means of customer requirement and customer potential analyses,
- the documentation of your declaration of consent for the receipt of e.g. newsletters.
- photographs taken during events.

3. For what purposes and on what legal basis is the data being processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, as amended:

• to fulfil (pre-)contractual obligations (Art. 6 para. 1 lit.b GDPR):
Your data is processed in order to process contracts online or in one of our branches in order to process the contracts for your workforce in our company. The data is processed in particular to initiate business transactions and to implement the contracts concluded with you.

• to fulfil legal obligations (Art. 6 para. 1 lit.c GDPR):
The processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. those that arise from the German Commercial Code or the German Tax Code.

• to safeguard legitimate interests (Art. 6 para. 1 lit.f GDPR):
With a view to balancing interests, data processing which goes beyond the actual fulfilment of the contract can be carried out in order to safeguard our legitimate interests or those of third parties. Data processing to safeguard legitimate interests is carried out, for example, in the following cases:

- Advertising or marketing (see no. 4),
- Measures to manage business and further develop services and products;
- To operate a group-wide customer database to improve customer service
- As part of legal proceedings
- Sending of information and press releases that do not boost sales.

• within the scope of your consent (Art. 6 para. 1 lit.a GDPR):
If you have given us consent to process your data, e.g. to send our newsletter, publish photos, competitions, etc.

4. Processing personal data for advertising purposes
You can object to the use of your personal data for advertising purposes at any time altogether or for individual measures, without incurring any costs other than the transmission costs that apply in accordance with the basic rates.

We are entitled to use the e-mail address you provided at the time the contract was concluded for direct marketing for our own goods or services of a similar nature under the legal preconditions of Section 7 (3) of the Unfair Competition Act (UWG). You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. If you do not wish to receive such recommendations by e-mail from us, you may object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs that apply in accordance with the basic rates. A written communication is sufficient for this purpose. Of course, every e-mail always includes an unsubscribe link.

5. Who receives my data?
If we use a service provider with a view to processing an order, we nevertheless remain responsible for the protection of your data. All order processors are contractually obliged to treat your data confidentially and to process it solely within the framework of the service provision. The order processors commissioned by us will receive your data if they need the data to perform their respective service. These include, for example, IT service providers, who we need to operate and maintain the security of our IT system, as well as advertising and address publishers for our own promotions. Your data is processed in our customer database. The customer database helps to increase the data quality of existing customer data (duplicate clean-ups, moved to new address/deceased identifier, correction of addresses), and allows enrichment with data from public sources. This data will be made available to the Group companies provided this is necessary for the execution of the contract. Customer data is stored on a company-specific basis and separately, whereby our parent company acts as a service provider for the individual participating companies. Authorities and courts as well as external auditors may be recipients of your data if there is a pertinent legal obligation in place in this regard or if this is necessary within the framework of legal proceedings. In addition, for the purpose of initiating and fulfilling the contract, insurance companies, banks, credit agencies and service providers may be recipients of your data.

6. How long will my data be stored for?
We process your data until the end of the business relationship or until the applicable statutory retention periods expire (e.g. those arising from the German Commercial Code, the German Tax Code, or The Working Time Act); furthermore, up to the termination of any legal disputes in which the data is required as evidence.

7. Will personal data be transferred to a third country?
In principle, we do not transmit any data to a third country. Data will only be transferred in individual cases on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate guarantees or your express consent.

8. What data protection rights do I have?
You have a right at any time to request information about, rectify, delete or restrict the processing of your stored data, a right to object to the processing as well as a right to data portability and to appeal in accordance with the conditions of the data protection law.

Right of information:
You can request information from us regarding whether and to what extent we are processing your data.

Right to rectification:
If we process any of your data that may be incomplete or incorrect, you can ask us to rectify or complete it at any time.

Right to deletion:
You can ask us to delete your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, e.g. if there are statutory retention obligations in place. Irrespective of whether you choose to exercise your right to have your data deleted, we will delete your data immediately and completely, unless there is a contractual or statutory retention obligation in force in this regard.

Right to restrict processing:
You can ask us to restrict the processing of your data if:
- you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
- the processing of the data is unlawful, but you refuse to have it deleted, and instead request a restriction of its use,
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- you have lodged an objection to the processing of the data.

Right to data portability:
You can ask us to supply you with the data you have provided to us in a structured, standard and machine-readable format and to allow you to transfer this data to another responsible party without obstruction by us, if
- we are processing this data on the basis of your granted and revocable consent or to fulfil a contract between us, and
- this processing is carried out using automated procedures.
If it is technically feasible, you can ask us to transfer your data directly to another responsible party.

Right of objection:
If we process your data for legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will no longer process your data unless we can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend your legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right of appeal:
If you believe that we are in breach of German or European data protection laws when processing your data, please contact us in order to clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, which in this case would be the respective State Office for Data Protection Supervision. If you wish to assert any of these rights against us, please contact our Data Protection Officer. In case of doubt, we may request additional information to confirm your identity.

9. Am I obliged to provide data?
The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will normally have to refuse to conclude the contract or will no longer be able to implement an existing contract and will consequently have to terminate it. However, you are not obliged to give consent to your data being processed with regard to data that is not relevant or legally required for the performance of the contract.