Data protection statement
Data protection is an important concern of TolerogenixX GmbH. Therefore, the processing of our customers' data is carried out exclusively in compliance with the applicable data protection regulations (e.g. DSGVO). We collect and process personal data if you provide us with this data (e.g. through contact requests, surveys, etc.) and we are entitled to collect, use and process it on the basis of a consent granted by you or on the basis of a legal provision. If we receive personal data from you from other companies, you will be informed of this as soon as possible, at the latest during the first contact. This data will also only be stored and processed on the basis of legal regulations.
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject").
We collect and process the following personal data on a voluntary basis via the contact form or in the context of your inquiries: Name, first name, e-mail address.
When conducting clinical studies, we process anonymized patient data. Anonymized data is information that cannot be related to an identified or identifiable natural person. The person is no longer identifiable. We do not process any personal data during purely informational use of the website, except for data that is technically collected automatically when the website is visited (see log data). We process the above-mentioned personal data for the following purposes:
- Communicating with you about products, services and projects, e.g. to process your inquiries;
- Scientific research;
- To conduct clinical studies;
- To plan, implement and manage the (contractual) business relationship between us and you, e.g. to process orders for products and services, to collect payments, for accounting, billing and debt collection purposes and to carry out deliveries, maintenance activities or repairs; - To prepare individualized quotations or cost estimates.
- Conducting customer surveys, marketing campaigns, market analysis, sweepstakes, contests or similar promotions and events;
- Provide a newsletter and advertising regarding new products
- Maintaining and protecting the security of our products and services and our websites by preventing and detecting security threats, fraudulent activity, or other criminal or harmful activity
- Compliance with legal requirements (e.g., tax and commercial retention obligations) or existing obligations to conduct compliance screenings (to prevent white-collar crime or money laundering)
- Settlement of legal disputes, enforcement of existing contracts and for the assertion, exercise and defense of legal claims.
The processing of personal data is necessary to achieve the above purposes, including the performance of the (contractual) business relationship with you. The legal basis for the data processing is - unless expressly stated otherwise - Article 6 (1) (b) and (f) of the General Data Protection Regulation or your expressly given consent pursuant to Article 6 (1) (a) of the General Data Protection Regulation. Insofar as the above data is to be further processed for a purpose other than the original purpose of collection, you will be informed of this prior to further processing. In this way, you have the opportunity to object to the processing of your data for another purpose.
Passing on of data
All data that you provide to us will be treated confidentially. We will neither sell your personal data to third parties nor market them in any other way.
As a matter of principle, your data will not be made available to third parties for use unless you have given your consent to this or we are legally entitled and/or obliged to pass on this data.
We will disclose personal data to courts, tax authorities, regulatory authorities to the extent legally permitted and necessary to comply with applicable law or to assert, exercise or defend legal claims. We take all measures to ensure appropriate and adequate safeguards to protect your personal data.
We transfer your personal data to our cloud provider for the above purposes.
Unless an explicit storage period is specified at the time of collection (e.g. as part of a declaration of consent), the personal data will be deleted insofar as it is no longer required to fulfill the purpose for which it was stored, unless legal retention obligations (e.g. retention obligations under commercial and tax law) prevent deletion.
We take technical and organizational security measures to protect the data we store and process in our company against manipulation, loss of confidentiality, destruction and against access by unauthorized persons. Our company's security measures are continuously improved in line with technological developments.
Data subject rights
Right to information, correction, deletion or restriction of the processing of your personal data, right to object and right to data portability
Upon request, we will inform you in writing, in accordance with applicable law, whether and which personal data we store in our company. If, despite our company's efforts to ensure data security and accuracy, incorrect information has been stored, we will correct it at your request.
You also have the right to request the restriction of the processing of personal data by our company.
In addition, you may request to receive the data you have provided to our company in a structured, common and machine-readable format. You may also object to the data processing of personal data by our company. You also have the right to request the deletion of your personal data, provided that this does not conflict with statutory retention periods. We delete the data if we no longer need it for the purpose for which we collected and processed it, or if you revoke the consent you have given and there is no other legal basis for the further processing of your data. In addition, we delete this data if the processing has been unlawful for reasons unknown to us or if you have objected to the processing and there are no overriding legitimate interests for the processing. Your data will also be deleted if we are legally obliged to do so. Our company has also implemented technical measures to notify all recipients of your data of your request for deletion or rectification. This applies only in the event that we have disclosed or made public such data. Deleted shall be all links, copies and replications of your personal data. We as the responsible body have no direct contact with the data subjects. The physicians in the clinical facilities providing the care, in which the clinical data required for the studies are collected, act on our behalf and are the patients' contact persons with regard to the exercise of the rights of the data subjects, such as the right to information or correction of the data.
If you have consented to the processing of your personal data, you have the right to revoke your consent at any time with effect for the future. The revocation of consent does not make the data processing unlawful for the past.
The transfer of data to our company is voluntary. However, this data is necessary for the further conclusion of the contract or to answer your inquiries. If you do not wish to disclose your data, the contract may not be concluded or your inquiries may not be answered. The provision of the data is necessary for the conclusion of the contract.
The contact details of the data protection officer of our company are:
- Data Protection Officer TolerogenixX GmbH firstname.lastname@example.org
- Data Protection Officer Klinik Heidelberg: email@example.com
- Data Protection Officer Klinik München: firstname.lastname@example.org
- Data Protection Officer Klinik Stuttgart: email@example.com
- Data Protection Officer Klinik Frankfurt: Datenschutz@kgu.de
You also have the right to complain to the competent supervisory authority about data processing by our company:
The data protection authority responsible for our company is:
The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg Lautenschlagerstrasse 20
Web address: www.baden-wuerttemberg.datenschutz.de
When you access our company's homepage, your Internet browser automatically transmits the following data (hereinafter referred to as "log data") to our company's web server for technical reasons, which our company records in log files:
- Date of access
- time of access
- URL of the referring website
- file accessed
- amount of data transferred
- browser type and version
- operating system
- IP address
- domain name of your Internet access provider
This is exclusively information which does not allow any conclusions to be drawn about the natural person. This information is technically necessary in order to correctly display the website content you have requested and is mandatory when using Internet services. The log data is evaluated purely for statistical purposes in order to optimize our company's Internet presence and the technology behind it and is subsequently deleted. When you visit this website, we collect and store your IP address.
This data is collected and stored for purely technical reasons, for example to eliminate malfunctions. There is no further use or evaluation of this data.
Like many other websites, our company also uses so-called "cookies". Cookies are small text files that are transferred from a website server to your hard drive. Through this, our company automatically receives certain data such as IP address, browser used, operating system about your computer as well as your connection to the Internet.
Facebook Custom Audience via the pixel procedure
Within our offer, the so-called "Facebook pixel" of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook") is used for these purposes due to our legitimate interests in the analysis, optimization and economic operation of our online offer. This allows the behavior of users to be tracked, e.g. after they have clicked on a Facebook advertisement. This procedure is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can additionally help to optimize future advertising measures. Within the scope of Facebook Custom Audience, we do not transmit any data records, in particular no email addresses of our users - neither encrypted nor unencrypted - to Facebook. The data collected as part of the pixel use are anonymous for us, do not offer us any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, according to the Facebook data usage policy (https://www.facebook.com/policy.php). You may allow Facebook and its partners to serve ads on and off Facebook. Furthermore, a cookie may be stored on your computer for these purposes. Current information on the General Data Protection Regulation (GDPR) can be found here:
If you wish to disable the use of Facebook Website Custom Audience, you can do so at
In addition, you have the option with us to select that you do not want tracking by the Facebook pixel in this browser (opt-out). To do so, please click here: Disable Facebook Pixel for this browser. An opt-out cookie will be set in your browser, which prevents the collection of your data during future visits to this website with your current browser.