DATA PROTECTION

DATA PROTECTION INFORMATION AND HANDLING OF PERSONAL DATA

Information in connection with job applications

Information in connection with the reporting of side-effects, quality complaints and medical enquiries

Informationen for shareholders, proxies and guests at the annual general meeting of CO.DON AG

 

DATA PROTECTION AND THE USE OF OUR WEBSITE

We are pleased that you are visiting our website and thank you for your interest in our company and products, as well as the related information and services. The security and confidentiality of your personal data during your use of our website and our services are very important to us. CO.DON AG therefore complies strictly with the German Data Protection Act (BDSG) and the EU General Data Protection Regulation (EU GDPR).

The following statement of data protection policy serves to inform you about the type, scope and purposes of data collection and use in connection with our website www.codon.de.

Personal data is deemed to be information about the personal or objective circumstances of an identified or identifiable natural person. They include your name, address or telephone number, for example. By contrast, non-personal data is not directly connected with your true identity. They include, e.g. the number of visitors to a webpage.  

 

Data controller and contact in data protection matters

We are the controller of the data processing,

 

CO.DON AG
Warthestraße 21
14513 Teltow

 

We have appointed a data protection officer for our company. You can reach us and our data protection officer, Mr Jens Krügermann (kpp group GmbH), with all your questions about data protection as follows:

 

CO.DON AG
z. Hd. des Datenschutzbeauftragten
Ernst-Reuter-Platz 2
10587 Berlin
Telefon +49 30 240352300
Fax +49 30 240352309
E-Mail: datenschutz@codon.de

 

General remarks on data collection, processing and disclosure

Some of the data, particularly technical data (e.g. internet browser or operating system) are recorded automatically when you visit our website.

Your personal data are only recorded by us if you provide them actively and voluntarily, e.g. in the course of a registration, job application, email, form, request or order for information material, to perform a contract, a survey or in similar situations. 

CO.DON is entirely responsible for the processing and security of your personal data and for compliance with applicable data protection legislation.

Your data are not used for advertising or market research purposes without your explicit consent. Your personal data will not be disclosed to third parties unless they are affiliated companies, you have given your explicit consent or the data is required to provide the requested services or is otherwise allowed by  data protection legislation (including the processing by carefully selected and supervised processors on the basis of data processing by a processor as defined in the German Federal Data Protection Act).

 

Purpose of data use

Personal information we receive from you via the website is only used to provide you with our services. In addition, other data may be used to analyse how you use the website.

 

Data collection on our website

Web hosting

We use a provider of web hosting services to make our website available to you. Our website is hosted by ORICOM, Schrobsdorffstr. 5, 12623 Berlin. As a processor of data on our behalf within the meaning of Art. 28 GDPR, ORICOM can process all the data concerning users of our website that is generated in the course of their use and communication with us.

Personal data is transferred to the processor mentioned above on the basis of Art. 6(1)(f) GDPR. This category enables us to process personal data in pursuit of our “legitimate interests”. Our legitimate interest consists of using a service provider that specialises in hosting websites.

You can object to this data processing at any time to the extent that reasons exist why the personal data should not be transferred to this service provider. To do so, please send an email to datenschutz@codon.de.

 

Server logfiles

Our web hosting provider collects non-personal data every time our website is accessed and stores them in server logfiles. The following data may be collected in logfiles:

  • name of your internet service provider
  • anonymised IP address (the last two digits are not recorded)
  • referrer website
  • pages you visit on our website
  • what you click on and download on the individual pages
  • date and time of access
  • duration of visit
  • data volume transferred
  • browser type and version
  • user’s operating system

These server logfiles are used to track visitor preferences and optimise the website design. The anonymity of each user is maintained at all times.

 

Cookies

We use cookies. Cookies are small text files stored by the browser when you visit our website. They enable us to operate and optimise our website and simplify its use. Cookies do not contain viruses and cannot be used to execute programs on your devices.

 

Cookies used by us

We use what are known as session cookies, which store data for the technical management of the session in your browser and are deleted as soon as you have terminated the browser session. In addition, we use what are known as persistent cookies, which remain after the browser is closed. Whereas some cookies are technically necessary for the operation of our website, others are used to analyse your behaviour (marketing cookies) or to provide you with certain services on our website. Either of these may be third-party cookies. Analytical cookies help us to keep optimising our website and to improve your user experience.

Our separate data protection policy tells you about the technologies we deploy to analyse your use of our website.

To the extent that you consent to the use of cookies, the following cookies may be used on our website:

  • fe_typo_user - duration: session end; page: codon.de; use: system-critical. This is a standard session cookie from TYPO3.
  • cookieconsent_status - duration: session end (if rejected), 1 year (if approved); page: codon.de; use: system-critical. This cookie is set once a user has approved or rejected the use of cookies.
  • stockcodon - duration: session end; page: codon.de; use: the interface providing stock market data limits the number of data requests in a given period. This cookie makes it possible to show users the current figures at all times. System-critical for the continuous presentation of the current share price.
  • PHPSESSID - duration: session end; page: codon.de; use: system-critical. Cookie to record the beginning and end of a session on the server.
  • APISID, HSID, LOGIN_INFO, PREF, SAPISID, SID, SIDCC, SSID, VISITOR_INFO1_LIVE, YSC - duration: system-critical, 3 months, 6 months, 8 months, 24 months; page: youtube.de; use: presentation of third-party contents. Are set as soon as a YouTube video is embedded and/or played on our site. Enables the YouTube video to function correctly.

 

Notes on the legal situation

Before your data are processed by the use of cookies, your consent is required, which can be withdrawn at any time. No cookies will be set without your explicit consent to the processing of your data. If you consent to the use of cookies, your consent forms the legal basis for processing your data (Art. 6(1)(a) GDPR).

 

Withdrawal of consent and deactivation of cookies

You have the option of withdrawing your consent at any time. You can manage the cookies in your browser settings and deactivate individual cookies or all of them. You are advised that the use of our website and in particular its convenience depend on cookies and that some functions may no longer work if the cookies are disabled.

You can also withdraw your consent via our Cookie Settings.

 

Google Analytics

Our website uses the Google Analytics service, operated by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Analytics uses cookies. The information about your use of our website are recorded by the cookies and transferred to a server of Google LLC in the USA, where they are stored.

We only use Google Analytics with activated IP anonymisation. This means that your IP address is anonymised by shortening it, which makes it much more difficult to attribute it directly to you. The IP address is abbreviated within the member states of the European Union (EU) or other signatories of the treaty creating the European Economic Area (EEA). Only in exceptional cases is the full IP address sent to a server of Google LLC in the USA and abbreviated there. The IP address sent by your browser will not be merged with other Google data.

Google will use the information on our behalf to analyse the use of our website, to compile reports on website activities for us and to provide us with other services related to use of the website and the internet. Pseudonymous user profiles can be created from the processed data.

The cookies are only set when you give your consent. You can deactivate the cookies in your browser settings at any time. In addition, you can prevent the data generated by the cookies relating to your use of the website from being sent to and processed by Google by installing the following browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=de    

Alternatively you can withdraw your consent to processing by Google Analytics via our Cookie Settings.

Further information about Google Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de. Google LLC in the USA is certified for the US-European data protection agreement known as Privacy Shield, which ensures compliance with European data protection legislation. The current certificate can be inspected here: https://www.privacyshield.gov/list.

 

Newsletter

You have the opportunity of registering for our newsletter on our website. The newsletter provides you with regular information about the latest developments at CO.DON AG.

If you would like to receive the newsletter, we need your email address and information that enables us to verify that you are the owner of the email address provided and agree to receive the newsletter. Your preferred form of address, surname and academic title are voluntary disclosures and only used to personalise the newsletter.

We only send the newsletter on the basis of your consent (Art. 6(1)(a) GDPR). To ensure we send the newsletter with your consent, we use the double opt-in procedure. This means that once you have provided your email address, our service provider sends you a confirmation email, in which you click on a link to confirm your registration. Your address will only be put on the active mailing list when the confirmation is received.

The data collected in the newsletter registration are only used to send information about recent developments at CO.DON AG.

Our newsletter is sent on our behalf by the processor Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin (“Newsletter2Go”). This means that your data are transferred to Newsletter2Go GmbH. Newsletter2Go is not permitted to sell your data or to use for them for any purpose other than sending newsletters. Newsletter2Go is a German, certified provider, selected to meet the requirements of the General Data Protection Regulation and the German Federal Data Protection Act.

More information is available from:  www.newsletter2go.de/informationen-newsletter-empfaenger. Please also note the Data Protection Policy and General Terms and Conditions of Newsletter2Go.

You can withdraw your consent to the storage of data and the email address and its use to send the newsletter at any time with future effect via the “Unsubscribe” link in the newsletter or by sending a short email to newsletter@codon.de. If you withdraw your consent the data will be deleted.

 

Use of external services and social media

Interactive IR fact sheet

On our website we provide an IR fact sheet prepared for interested capital market participants by EQUI.TS GmbH, Am Schieferstein 3, 60435 Frankfurt am Main.

Information about the processing of personal data by EQUI.TS can be found in the Data Protection Policy of EQUI.TS GmbH at https://www.equits.com/kontakt.

 

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the plugin is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you start a YouTube video embedded in the page by clicking on it, the provider sets cookies that analyse what the user does and establish a connection with the YouTube server. The YouTube server is notified which of our pages you have visited. If you have logged in to your YouTube account, you enable YouTube to link your websurfing activities directly with your personal profile. You can prevent this by logging out of your YouTube account. Retrieving a YouTube video automatically establishes a connection to Google.

The legal basis for using YouTube is Art. 6(1)(f) General Data Protection Regulation. We have a legitimate interest in making our website attractive.

Further information about the use of user data, your rights, and settings to protect your privacy can be found in the Data Protection Policy of YouTube at https://policies.google.com/privacy. Google processes your data in the USA and is certified under the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

 

Social Media

We use various social media buttons on our website. The buttons appear as an icon, which is linked to the website of the corresponding social media provider. When you click on the button you are forwarded to the respective social network by means of the link. Some of the buttons also let you share contents from our website in social networks. When you click on a button, a link from the website you visited is also sent to enable it to be shared.

Your data is only sent to the provider when you have clicked and been forwarded to the respective website. If the icon is not clicked, no data is exchanged between you and the providers of social media.

We have installed buttons from the following social media providers. We have our own accounts at LinkedIn and YouTube where we provide information about us. More information on how user data are handled by the respective social networks can be found in their data protection policies.

 

LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

Youtube: https://policies.google.com/privacy

Facebook: https://de-de.facebook.com/privacy/explanation

Twitter: https://twitter.com/de/privacy

Xing: https://privacy.xing.com/de/datenschutzerklaerung

 

User rights 

You have a right to demand access to your personal data stored by CO.DON AG at any time.

In addition, you have a right to the rectification of incorrect data, to the restriction of processing of excessively processed data and to the erasure of personal data that have been processed illegitimately or stored for too long (unless they are subject to statutory retention periods or other reasons mentioned in Art. 17(3) GDPR). Furthermore, you have the right to transfer all the data you have provided to us in a common data format (right of data portability), to the extent that you have provided us with data in the context of a consent declaration or the performance of a contract.

If you also have a right to object to individual processing methods, you are notified when the individual methods are described.

To assert your rights you can contact us by post at the above address and by phone, email or fax.

You also have the right to complain to a data protection authority about our processing of your personal data.

 

Data security

We use all the necessary technical and organisational security measures to protect the data you provide and we manage from accidental or deliberate manipulation, loss, destruction and unauthorised access by third parties. The security measures are improved continuously in line with technological developments.

We use SSL encryption for security reasons and to protect the data you send us. You can recognise the encrypted connection by the padlock symbol in your browser’s search bar or by the “https://” in the website address (not always shown).

 

Updates to the data protection policy

We reserve the right to amend or supplement the data protection policy in line with statutory data protection provisions. Amendments will be published on the website. On request we will also send them to you by email.

 

Protection of personal data

For questions on this subject please consult our Privacy Policy.