Privacy Policy
For us, Complex Pharmaceuticals GmbH, Storchengasse 1, 1150 Vienna (“Complex Pharma”, “we”, “us”), the protection of your personal data is an important concern. Accordingly, compliance with applicable data protection law – particularly the General Data Protection Regulation (“GDPR”), the Austrian Data Protection Act (“DSG”), and the Austrian Telecommunications Act (“TKG”) – is a matter of course for us.
This privacy policy informs you about the type, scope, and purposes of the collection and processing of your personal data in connection with your visit to and use of our website.
1. Contact details of the controller and the Data Protection Officer
a) Controller
The controller for data processing within the meaning of the General Data Protection Regulation (GDPR) is:
Name: Complex Pharmaceuticals GmbH
Adress: Storchengasse 1, 1150 Vienna
Phone: +43 1 208 01 34
Email: office@complex-pharma.com
b) Data Protection Officer
For all enquiries relating to data protection and to exercise your rights as a data subject (see Section 7), you may contact our Data Protection Officer at any time. You can reach them at:
EMail: dpo@complex-pharma.com
Post: Address as above, with the addition of “For the attention of the Data Protection Officer”
2. What are personal data?
Personal data are all information relating to an identified or identifiable natural person – that is, a person whose identity is determined or can be determined. This includes, for example, name, date of birth, email address, social security number, IP address, etc.
3. Data processing on and in connection to our website
a) General enquiries
If you contact us using the contact details above or the contact information on our website https://complex-pharma.com, we will process your personal data (name, email, phone number, postal address, as well as your enquiry and any document, images, and materials contained therein) for the purpose of processing and responding to your enquiry.
The legal basis for this processing is the performance of our (pre-)contractual obligations pursuant to Article 6(1)(b) GDPR and our legitimate interests pursuant to Article 6(1)(f) GDPR in the prompt handling of your enquiry and the response to any follow-up questions.
We store your personal data in connection with contact enquiries for a period of six months in order to be able to respond appropriately to follow-up questions. A longer retention period will only apply if a business relationship is subsequently established, due to statutory retention obligations, or for the assertion and defence of our legal claims.
b) Reporting of Adverse Drug Reactions
Via our website, you have the option to report adverse drug reactions (side effects). In this case, we process the personal data you provide insofar as this is necessary for the documentation, fulfilment of our pharmacovigilance obligations, and reporting of the adverse drug reactions to the competent authority.
Contact to report adverse drug reactions:
24/7 Hotline: +43 676 4299112
E-Mail: pv@complex-pharma.com
If you are the reporter, this particularly concerns your name and contact details, your profession, and your relationship to the individual who experienced the adverse drug reaction.
If you are the individual who experienced the adverse drug reaction (the patient), we process, in particular, information about your health status, demographic data such as date of birth, age group, weight, height, and sex, data on your ethnic origin (if relevant for the medicinal product’s effect), as well as information on the medicinal product suspected of causing the adverse reaction (including dosage, indication, and concomitant medications), and relevant details of your medical history.
To the extent that we are obliged to do so under statutory pharmacovigilance obligations, in particular Section 75g of the Austrian Medicinal Products Act (AMG) and the Pharmacovigilance Regulation, or by regulatory requirements, we will immediately transmit the information contained in your report (including personal data, where necessary) to the competent authority. The competent authority in Austria is the Federal Office for Safety in Health Care (BASG).”
The legal basis for processing this data is, on the one hand, the fulfilment of our legal obligations pursuant to Article 6(1)(c) GDPR (for reporters) and Article 9(2)(i) GDPR (for patients) arising from our pharmacovigilance duties under Directive 2001/83/EC establishing a Community code for medicinal products for human use, as well as Implementing Regulation (EU) No 520/2012 for the performance of pharmacovigilance activities. In the case of reports of serious adverse events and product defects (medical devices), our monitoring and reporting obligations are governed by Regulation (EU) 2017/745 on medical devices. In addition, the processing of data is based on grounds of public interest in the area of public health to ensure high quality and safety standards for medicinal products and medical devices pursuant to Article 6(1)(e) and Article 9(2)(i) GDPR.
We store data from adverse drug reaction reports in accordance with Article 12 of Implementing Regulation (EU) No 520/2012 for a minimum of 10 years after the expiry of the respective product’s marketing authorisation. Personal data are only stored to the extent strictly necessary to fulfil our pharmacovigilance obligations. Names and contact details of patients are anonymised once no immediate follow-up questions are expected.
c) Usage data
When you visit our website, we automatically process the following data:
- IP-address
- data about your device
- Referrer-URL
- Name and version of your web browser
- Session-ID
- Log files
- Date and time of the website visit
All of this data is transmitted by your web browser when you access our website. We process this data solely for the provision of the website, for data security purposes, and to enhance technically-driven user-friendliness. The processing of data is therefore based on our legitimate interests pursuant to Article 6(1)(f) GDPR for the provision and logging of system usage and the analysis of server logs for problem-solving.
We store log data and log files for a period of 90 days to maintain our IT infrastructure and IT security. A longer retention period of up to 180 days is applied only to detect potential hacking attempts in the system.
d) Cookies
Cookies are small text files that are stored on the visitor’s device. Domain-specific information is written into these text files, which can be read again at a later time.
Cookies allow us to store essential data to provide our services or to make the use of the website more user-friendly and convenient. Some cookies remain on your device until you delete them or they expire (“persistent cookies”). Other cookies are deleted after you leave the website (“session cookies”).
Some cookies may only be set based on your voluntary consent. Other cookies may be set without your consent, as they are strictly necessary to provide our services. We generally distinguish the following types of cookies:
- Technically necessary cookies: These cookies are used to display the website to you and to ensure uninterrupted use. The processing of data is necessary for the purposes of data security and abuse prevention and is based on our legitimate interests pursuant to Article 6(1)(f) GDPR in conjunction with Section 165(3) of the Austrian Telecommunications Act (TKG).
- Preference cookies: These cookies allow a website to remember certain information that affects the appearance or behaviour of the website (e.g., language and regional settings). The processing of data is based solely on your explicit consent pursuant to Article 6(1)(a) GDPR.
- Analytics cookies: These cookies are used to determine and monitor the number of visitors and how visitors behave on our website. They also enable us to improve the functionality of our website. The processing of data is based solely on your explicit consent pursuant to Article 6(1)(a) GDPR.
- Marketing-Cookies: These cookies are used to track visitors across websites. This allows the user to be shown advertisements that are relevant and engaging for them. The processing of data is based solely on your explicit consent pursuant to Article 6(1)(a) GDPR.
We use the following cookies on our website:
| Cookie | Klassifikation | Speicherdauer | Zweck |
| XSRF-TOKEN – complex-pharma.com | technically necessary cookies | 2 hours | This cookie increases the security of visitors while browsing by preventing cross-site request forgery. |
| complex-pharma_session complex-pharma.com | technically necessary cookies | session | This cookie stores the session for logging in to the content management system (backend). |
| _ga_* .complex-pharma.com | analytics cookies | 1 year/ 1 month/ 4 days | This cookie enables the storage and counting of page views. |
| _ga_ .complex-pharma.com | analytics cookies | 1 year/ 1 month/ 4 days | This cookie allows Google Analytics to recognise returning users on our website and to combine data from previous visits. |
| NID | analytics cookies | 6 months | This cookie allows Google Maps to store user settings and user information. |
Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland). This allows us to optimise our website, as well as user-friendliness and advertising measures. When you interact with our website, Google Analytics collects the following data in particular: IP address, technical information such as browser, internet provider, device and screen resolution, the source of your visit, your behaviour on our website, and a randomly generated user ID. The recorded data is stored together with the randomly generated user ID, which allows the evaluation of pseudonymised user profiles. This data processing is carried out only subject to your explicit consent pursuant to Article 6(1)(a) GDPR in conjunction with Section 165(3) of the Austrian Telecommunications Act (TKG).
For further information, visit: https://support.google.com/analytics/answer/6004245?hl=de
Google Maps
We use Google Maps, among other services, to provide information about our company location. For this purpose, we have visualised our location on the Google Maps digital map. If you use this feature, your IP address is transmitted to Google. However, the Google Maps maps are only loaded after you have given your explicit consent to set the corresponding analytics cookie pursuant to Article 6(1)(a) GDPR in conjunction with Section 165(3) of the Austrian Telecommunications Act (TKG).
A complete list of the cookies we use on our website can also be found in the cookie banner. The cookie banner appears automatically when you first visit our website. In addition, you can access the cookie banner via the floating cookie icon at the bottom left corner of the page.
We use the cookie banner to obtain your consent to the storage of certain cookies on your device or the use of certain technologies, and to document this consent in accordance with data protection law.
You can change your individual consent at any time, for example via the floating cookie icon in the bottom left corner of our website. There, you can click “Accept all” or “Reject” to accept or reject all cookies requiring consent. You can also customise your settings by clicking on “Settings,” adjusting the sliders as desired, and then clicking the “Save” button to save your preferences.
4. Retention period
We generally store your personal data only for as long as we need it to fulfil the purposes described above. Once your data is no longer required, it will be deleted from our systems or irreversibly anonymised so that you can no longer be identified. In addition, we may retain your personal data if there are indications that the data is necessary for asserting or defending our legal claims. The retention of data is subject to statutory limitation periods (in particular, Sections 1484 et seq. of the Austrian Civil Code – ABGB). Further information on storage periods can be found in the respective processing activities.
5. Recipients of personal data
We treat your personal data with the utmost confidentiality and deliberately keep the circle of recipients small (“need-to-know principle”).
Your personal data is only transferred on a case-by-case basis and to the extent necessary to the following recipients, who act as independent controllers:
- Courts, authorities and other public institutions, where required by law (e.g., drug and health authorities; data protection authority; tax authorities; state courts);
- external third parties based on our legitimate interests in asserting, enforcing, and defending our legal claims (legal representatives and insurers, auditors, other advisors).
In addition we use external service providers, such as IT service providers, who may have access to your personal data. This is necessary in order to provide the services they have been commissioned to perform. These external service providers act as processors and are obliged to maintain confidentiality pursuant to Article 28(3)(b) GDPR, processing your personal data solely on our behalf, based on our instructions, and for the purpose of delivering the commissioned services.
In the event that personal data is transferred to recipients in third countries outside the EU, and no adequacy decision by the European Commission pursuant to Article 45 GDPR exists for the respective third country, the transfer will be carried out on the basis of appropriate safeguards (e.g., standard contractual clauses) pursuant to Article 46 GDPR, or, where applicable, on the basis of your explicit consent for specific purposes pursuant to Article 49(1)(a) GDPR, after we have informed you of the specific risks associated with the relevant data transfer to the third country.
6. Data security
Data security is a fundamental priority for us. We have implemented appropriate technical and organisational security measures pursuant to Article 32 GDPR to ensure the confidentiality and security of your personal data.
7. Rights of data subjects
As a data subject, you are entitled to the following rights:
- Right of access (Article 15 GDPR) to the data we process about you,
- Right of rectification (Article 16 GDPR) of inaccurate data,
- Right to erasure (Article 17 GDPR),
- Right to restriction of processing (Article 18 GDPR),
- Right to data portability (Article 20 GDPR) of the data you have provided, in a structured, commonly used, and machine-readable format,
- Right to withdraw consent (Article 7(3) GDPR),
- Right to object (Article 21 GDPR), if there are grounds arising from your particular situation.
In addition, you have the right to lodge a complaint with the competent supervisory authority. In Austria, this is:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Austria
Email: dsb@dsb.gv.at
Webseite: www.dsb.gv.at
Before filing a complaint, or if you have any questions or concerns regarding the processing of your personal data, you are welcome to contact us at office@complex-pharma.com We are always happy to assist you.
In the event of any discrepancies between the German and English versions of this privacy policy, the German version shall prevail.