Data Controller

emovis GmbH
Wilmersdorfer Str. 79
10629 Berlin

Registered with the registration number HRB 80561 B at registration court Berlin-Charlottenburg

Data protection officer

We have appointed a privacy officer to verify compliance with this privacy policy. You always have the right to lodge a complaint with a supervisory authority. The Berlin Commissioner for Data Protection and Freedom of Information (www datenschutz-berlin.de) is the data protection supervisory authority for emovis.

You can reach our data protection officer by post at the above-mentioned address of emovis GmbH or by mail (DS-Compliance@emovis.de).

What personal information we collect

Personally identifiable information is any information about you that identifies you, such as your name, contact details, date of birth, payment details, and information about your access to our website.

We may collect personal information about you when you participate in a clinical trial with us, use our Web site, contact us through a supplier or customer relationship, or contact us directly.

Specifically, we can collect the following types of data:

a) name, address, e-mail address, telephone number, as well as payment details;

b) additional study related information, including your name, ethnicity, date of birth, gender and other health information;

c) information about your use of our website and / or app;

d) the communication that you exchange or send us via letters, e-mail, chat services, calls and social media.

Personal information about your physical or mental health, the alleged committing or conviction of criminal offenses is referred to as "sensitive" personal information under applicable privacy laws. We will only process such data if you have expressly given your consent or processing is required (for example, because you are participating in a clinical trial), or you have deliberately published it.

For what, why and how long we use your personal information

Your data can be used for the following purposes:

a) Participation in Clinical Trials: We use the information you provide to us to conduct the clinical trial properly. If necessary, we process your data beyond completing your request to ensure IT security and IT operations. The legal basis for these processing operations is Article 6 (1b) and Article 6 (1f) of the GDPR

b) Verification of Payment Details: We use your payment information for accounting, clearing and auditing purposes;

c) Administrative or legal purposes: We use your data for statistical and marketing analyses, system tests, customer surveys, maintenance and development, or for handling disputes or claims;

d) Security, Health, Administration: We may also share your information with government agencies or regulators to comply with legal requirements. In this case, the legal provisions in conjunction with Art. 6 (1c) GDPR;

e) Communication with the Administration: We use your data to manage our communications with you as a customer;

f) Marketing: We will contact you from time to time via email with information about new clinical trials or related topics. However, you can decide if you want to receive such information or not. In addition, in any email you receive from us, you can decide whether you wish to receive direct marketing material from us and, if not, unsubscribe from the offer.

We will process your personal data only if we have a legal basis to do so. The legal basis is based on the purposes for which we have collected and must use your personal information.

In most cases, we need your personal information so that you can participate in a clinical trial at our trial site.

Furthermore, we may process your personal information for one or more of the following reasons:

• To comply with a legal obligation (e.g. GCP / Good Clinical Practice);

• You have given us your consent to the use of your personal data (e.g. for marketing purposes);

• To protect your essential interests or those of another person (e.g. in the case of a medical emergency);

• It is in our legitimate interest of operating an investigator’s site for clinical trials (e.g. for administrative purposes).

We will not retain your data for longer than is necessary for the purpose for which it is processed. To determine the appropriate retention period, we take into account the amount, nature and sensitivity of your personal information, the purpose for which we process your personal information and whether we can achieve this purpose by other means.

We must also take into account the periods for which we may need to retain your personal information in order to comply with our legal obligations (e.g. 25 years to comply with the EU Regulation 536/2014 relevant for clinical research) or to handle complaints and inquiries, as well as to protect our legal rights in the event of a claim.

If we no longer need your personal information, we will irretrievably delete or destroy it. We will also consider whether and how we can minimize the personal information we use over time and whether we can anonymize your personal information so that it no longer associates with you or allows you to be identified. In this case, we may use this information without prior notice to you.

Security of your personal data

We adhere to strict safety regulations when storing, transferring or protecting your personal data against accidental loss, destruction or damage.

We may share your information with trusted third parties for the purposes outlined in this privacy statement. We require all third parties to use the appropriate technical and operational measures in accordance with German and European data protection regulations in order to protect your personal data.

International data transfer

emovis will generally not transfer any personal data to areas where the European General Data Protection Regulation does not apply. If, in exceptional cases, e.g., to verify the qualification of its personnel to sponsors in countries outside the European Union, emovis obviously will observe Articles 44 et seq. GDPR.

Transfer of your personal data

We may disclose your personal information to the following third parties for purposes described in this Privacy Policy:

(a) government authorities, law enforcement agencies and supervisory authorities to comply with legal requirements;

b) Trustworthy third parties who provide ancillary services in accordance with Art. 6 para. 2 and Art. 28 GDPR, which we use to manage our business, such as: For example, call centers supporting our customers, cloud services, data and shredding service providers, and email marketing service providers who help our marketing team conduct customer surveys and provide targeted marketing campaigns;

c) banks that handle payment transactions with you or ensure the security of our payment transaction;

d) legal advisors and other professional advisors, courts and law enforcement agencies to enforce our rights in connection with our contract with you;

e) Social media: You may be able to access third-party social media services through our website or before opening our website. When you sign in to your social media account, we will receive the personally identifiable information you choose to provide to us through these social media services in accordance with their privacy preferences in order to improve and personalize the use of our website. We may also use social media plug-ins on our website. Therefore, your data is also available to your social media provider and may be published on your social media profile where it can be viewed by other users on your network. For more information about common practice, see the privacy policy of each social media provider.

On our website we offer you links to various social networks.

a) Twitter

On our pages, links are incorporated into the Twitter short message network (Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA). The references can be recognized by the Twitter logo on our pages. If these references are followed, your browser connects directly to the Twitter server. This allows Twitter to associate your visit to our pages with your user account. We point out that we as the provider of the pages are not aware of the content of the transmitted data and their use by Twitter. For more information, see the Twitter Privacy Policy at twitter.com/privacy. If you do not want Twitter to associate your visit to our pages with your Twitter account, please log out of your Twitter account.

b) Google+

Our pages contain links to the Google+ external social network (Google Inc., 1600 Amphitheater Parkway, Mountain View, CA94043, USA). The references can be recognized by the google + logo on our pages. If these references are followed, your browser connects directly to Google's servers. This redirects the information that you have visited our pages to Google. If you log in to Google+ using your personal account while visiting our website, Google+ may associate the page visit with this account. The purpose and scope of the data collection by Google+, as well as the further processing and use of your data there, can be found in the privacy policy of Google+ www.google.com/intl/de/policies/privacy/. If you do not want Google to associate your visit to our pages with your Google + user account, please log out of your Google + user account.

c) Facebook

Our pages contain links to the external social network "Facebook" (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA). The references are indicated in the framework of our Internet appearance by the Facebook Logo. If these references are followed, your browser connects directly to the Facebook servers. If you follow the links while visiting our website and are logged in to Facebook via your personal user account, the information that you have visited our website will be forwarded to Facebook. Facebook can assign the visit of the website to your account. This information is transmitted to Facebook and stored there. The functions assigned to the references of Facebook, in particular the transmission of information and user data, are not activated by visiting our website, but only by clicking on the corresponding links. For more information on the purpose and scope of data collection by Facebook, further processing and use of your data, as well as your related rights and settings options for the protection of your privacy, please refer to the privacy policy of Facebook: de-de.facebook.com/privacy/explanation.php. If you do not wish Facebook to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

Hints for the use of the Facebook Fanpage

By using our Facebook fan page or other Facebook pages, your IP address and other information, which are available as cookies on your PC or mobile phone, are captured and processed by Facebook Ltd.. We have no influence on that. More detailed information about the data guidelines of Facebook Ltd. Get it here: www.facebook.com/full_data_use_policy. You use our and other Facebook pages at your own risk. Please consider carefully which personal data you want to communicate via Facebook, for example by commenting on a post or writing a direct message. As an alternative, you can also contact us via our contact options on the homepage www.studien-in-berlin.de. The essential aspects of the agreement on joint controllership of Facebook and emovis GmbH according to Art. 26 of the GDPR can be found at www.facebook.com/legal/terms/page_controller_addendum.

Cookies and website tracking

Cookies are used on this website so that we can optimize our service for you and offer you certain useful functions. This may include cookies from media and advertising partners, which are stored on your computer when you visit our website. Information on the privacy and cookie policy of our partners can be found on their website.

Cookies are small text files that are stored on your computer's hard disk via your web browser. This allows us to recognize your browser and track visitors to our website to better understand which products and services are best for you. A cookie contains your contact information and information that we can use to identify your computer as you navigate our website. Most web browsers accept cookies automatically, but you can also change these browser settings by accepting, rejecting and deleting cookies. In the "Help" area of ​​the toolbar, most browsers tell you how to prevent new cookies from being accepted, how the browser notifies you about receiving a new cookie, or how to disable cookies in general. If you change these settings, you will find that certain features do not work as intended. The cookies we use do not detect data stored on your computer.

For more information about cookies and how to prevent cookies from being posted, visit the following website: en.wikipedia.org/wiki/HTTP_cookie.

We record our customers' usage patterns of our website using the open source software Matomo (formerly PIWIK) so that we can further develop the design and layout of our websites. You can contradict this recording at the bottom of this page.

Your right to privacy

Under certain circumstances, you have the following rights:

• Request information about whether we have stored personally identifiable information about you and, if so, which data and why we have stored and used.

• Request information about your personal data (commonly known as "the data subject's right to information"). This will allow you to request a copy of the personal information we have about you and to verify that we are lawfully processing it.

• Request the correction of the personal information we have stored about you. This will allow you to correct incomplete or incorrect data that we have stored about you.

• request the deletion of your personal data. This allows you to request that we delete or remove personal information if there is no cogent reason to process it further. You also have the right to request us to delete or remove your personal information if you have exercised your right to object to the processing (see below).

• Object to the processing of your personal data if we (or third parties) invoke a legitimate interest and if, for a specific reason, you wish to exercise your right to object to the processing in your specific situation. You also have the right to object if we use your personal information for direct marketing.

• Request the restriction of the processing of your personal data. This will give you the opportunity to ask us to suspend the processing of personal information about you, for example, if you want us to determine the accuracy of the data or the reason for the processing.

• Request the transmission of your personal information in electronic and structured form to you or to another party (generally known as the right to "data portability"). This will give you the opportunity to receive your information from us in an electronically usable format and to transmit your information to another party in an electronically usable format.

• revoke your consent. In certain circumstances, if you have given us permission to collect, process and transfer your personal information for a particular purpose, you have the right to revoke your consent for that particular purpose at any time in the future. Once we receive notification that you have revoked your consent, we will no longer process your data for the purpose or purposes to which you originally consented unless we have another legitimate and legal basis for doing so.

In addition, you have a right to object to the processing of your personal data.

You have the right to lodge a complaint with a data protection supervisory authority.

We may need to ask you for more specific information to confirm your identity and to assure your right to access the information (or to exercise some of your rights). This is another appropriate security measure to ensure that personal information is not shared with unauthorized persons.

Download data

In the event that we allow you to retrieve (download) files and information from our Internet pages, you as a user are liable for any dangers regarding the proper and functional transfer, use and storage. Liability for damage through the use of files and information, also indirectly, is excluded. The liability for intent and gross negligence remains unaffected.

Data provision

The provision of your data is not required by law or contract. You are not obligated to provide the personal data. However, if your data is not provided, it may perhaps not be possible to process your request.

Changes to the privacy policy

From time to time it may become necessary, for example due to further developments of our website or legal changes, to change this privacy policy. We therefore reserve the right to amend the privacy policy at any time with future effect.

27.01.2021