Privacy Policy

1. Summary

The protection of your personal data is important to us. We treat your personal data confidentially and in accordance with the applicable statutory data protection regulations as well as this Privacy Policy.

This Privacy Policy is intended to inform you in a transparent and understandable manner about how data relating to you (“personal data” or hereinafter “your data”) is collected when you use our website. It also explains the purposes for which your data is processed and the rights to which you are entitled in this context.

This Privacy Policy generally uses the terms as defined in Article 4 of the General Data Protection Regulation (GDPR).

2. Who is the controller within the meaning of the GDPR?

The controller within the meaning of the GDPR is the natural or legal person who determines (alone or jointly with others) the purposes and means of the processing of personal data. In this case, the controller is:

Leo International Precision Health AG  
Am Klopferspitz 19 
82152 Planegg / Martinsried
Germany

Email: IR@liphag.com

3. How do we collect your data and for what purposes do we process it?

On the one hand, we collect your data when you provide it to us, for example by subscribing to a newsletter, sending us an email, or using a contact form. Other data, primarily technical data, is collected automatically by our IT systems when you visit the website. This serves to ensure error-free provision of the website. Other data may be used to analyze your user behavior. This website does not use cookies.

a. Data processing when visiting our website

When you access our website, it is technically necessary that the following data is transmitted by your internet browser to our web server:

  • Visited domain
  • Date and time of the request
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • IP address of the requesting device
  • Amount of data transferred

We collect this data during an active connection in order to ensure a smooth connection setup and convenient use of our website. In addition, the log files serve to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of the data or log files is Art. 6(1)(f) GDPR.

For reasons of technical security, to defend against attacks on our web server, this data may be stored by us for a short period of time. It is not possible for us to draw conclusions about individual people based on this data. After no later than seven days, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a link to an individual user. The data is not evaluated in any way other than for statistical purposes in anonymized form. This data is not merged with other data sources.

b. Contact by email

If you contact us by email, your details from the inquiry, including the contact data provided by you, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass this data on without your consent.

The processing of the data transmitted by email is therefore based on our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR and, where applicable, Art. 6(1)(b) GDPR if your inquiry aims at the conclusion of a contract.

The data you send us by email will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory statutory provisions, especially statutory retention periods, remain unaffected.

4. Involvement of persons other than the controller pursuant to Section 2  

As a matter of principle, your personal data will not be transferred to persons other than the controller within the meaning of the GDPR unless (1) you have given your explicit consent, (2) there is another legal basis for the transfer, or (3) otherwise described below.

a. External service providers

For the provision of our services, we may use external service providers who have been carefully selected and contractually engaged. Where required, data processing agreements pursuant to Art. 28 GDPR are concluded with these service providers. They are bound by our instructions and are regularly monitored by us. These service providers are responsible for web hosting, email delivery, and the maintenance and servicing of our IT systems. Such service providers are not considered “third parties” within the meaning of the GDPR and will not pass your data on to third parties.

5. Duration of storage of personal data

The duration of storage of your data can be found in the respective sections concerning the data. After expiry of the relevant period or once the storage purpose no longer applies, the corresponding data is routinely deleted. If data is required for the fulfillment or initiation of a contract or if we have a legitimate interest in continued storage, the data will be deleted once it is no longer required for these purposes or you have exercised your right of withdrawal or objection. In some cases, statutory retention periods (e.g., under commercial or tax law) may require longer storage.

6. Your rights

You have the right at any time to obtain free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request the rectification, restriction, or deletion of this data. You may also have the right to data portability. For this purpose and for further questions regarding data protection, you can contact us at any time at the address stated in Section 2. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

a. Right to withdraw consent

Pursuant to Art. 7(3) GDPR, you have the right to withdraw any consent you have given to the processing of your data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned immediately unless further processing can be based on another legal basis that does not require consent. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of the consent prior to withdrawal.

b. Right of object

If your personal data is processed by us based on legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right under Art. 21 GDPR to object to the processing of your personal data for reasons arising from your particular situation. If the objection concerns the processing of personal data for direct marketing purposes, you have a general right to object without the need to state a particular situation.

To exercise your right of withdrawal or objection, it is sufficient to send an email to the email address stated in Section 2.

c. Right of access, rectification, restriction, and erasure

Within the scope of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of data processing. You may also have the right to rectify incorrect data or completion of your data, as well as the right to erase your data or restrict processing. For this purpose and for further questions regarding personal data, you can contact us at any time at the address stated in Section 2.

d. Right to data portability

You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract, in a commonly used, machine-readable format, and to transmit it to yourself or to a third party. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

e. Right to lodge a complaint with the competent supervisory authority

In the event of violations of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection matters is the State Data Protection Commissioner of the federal state in which our company is based. A list of data protection authorities and their contact details can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html .

7. Changes to this privacy policy

We reserve the right to adapt or update this Privacy Policy as necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to current legal requirements and reflect changes to our services, e.g., when introducing new services. The current version applies to your visit.

Status of this Privacy Policy: July 2023