Our website complies with the legal data protection regulations. In case of doubt, the data protection regulations in German language apply.
The collection and processing of your personal data is carried out in accordance with the applicable data protection regulations, in particular the Basic Data Protection Regulation (DSGVO).
1. Person responsible
is responsible for the collection, processing and use of your personal data in accordance with Art. 4 No. 7 DSGVO:
BeOne Hamburg GmbH
Harburger Schloßstraße 30,
Phone +49 40-794166-00
If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions, either as a whole or for individual measures, you can address your objection to the management or the data protection officer:
BeOne Hamburg GmbH
Data protection officer
Harburger Schloßstraße 30,
Phone +49 40-794166-00
You have the possibility to get in contact with us by mail. The sender is automatically the e-mail address that is linked to your e-mail program. If personal data is used, this data may be stored for contacting you in order to reply to your message.
If you contact us (via contact form / e-mail/ letter), we process your data to process the enquiry and in the event that follow-up questions arise. We use personal data only in a business context.
If the data processing is carried out to carry out pre-contractual measures which are carried out in response to your enquiry or, if you are already our customer, to carry out the contract, the legal basis for this data processing is Art. 6 Para. 1 S. 1 b) DSGVO.
We only process further personal data if you give your consent (Art. 6 para. 1 p. 1 a) DSGVO) or if we have a legitimate interest in processing your data (Art. 6 para. 1 p. 1 f) DSGVO). A legitimate interest lies, for example, in replying to your e-mail
2.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.2. Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
2.3 Processing of personal data
Processing is any operation or set of operations, performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.4 Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, conduct, location or change of location.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.
2.7. Controller or data controller
Controller or data controller shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or by the law of the Member States, provision may be made for the controller or for the specific criteria for his or her designation in accordance with Union law or the law of the Member States.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party. However, authorities which may receive personal data in the course of a specific investigation, in accordance with Union or national law, shall not be considered as recipients.
2.10. Third parties
Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
Consent shall mean any freely given specific and informed expression of the data subject’s will in an informed and unequivocal manner, in the form of a declaration or other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.
3.1 Google Analytics
This is also our legitimate interest according to Art. 6 para. 1 sentence 1 f) DSGVO.
We have activated IP anonymisation on this website (anonymizeIp). However, this will cause your IP address to be shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with further services related to website and internet use.
You can also prevent the transfer of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link:
As an alternative to the browser plugin or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you will have to click this link again): Disable Google Analytics
4. Note on handling applicant data
After entering and transmitting your data, it is transferred directly to our servers via an encrypted connection. To protect your personal data held by us from unauthorized access and misuse, we have taken extensive, state-of-the-art technical and organizational measures. Our security procedures are regularly reviewed and adapted to technological progress.
Your personal data provided to us in the context of an application will be treated in strict confidence and will only be processed or used by us for the purpose of processing your application.
We will delete your data after six months from the date of the decision about the job assignment, unless you assert a legal claim against the decision (in this case, the deletion will take place after the conclusion of the procedure concerning your claim).
The data will be processed to check your application prospects and to select an applicant, if necessary also for legal prosecution.
Should you be considered for a later job assignment, we will only delete your data after two years from the start of storage if you give us your consent. You can revoke this consent later with effect for the future. Such a revocation will mean that you will have to resubmit your data for the later job posting if you wish to apply again. You will not suffer any other disadvantages (in particular in the selection of the applicant) as a result of this revocation.
The legal basis for data processing is § 26 BDSG 2018.
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. We use these data exclusively for sending the requested information.
The processing of the data entered in the newsletter registration form is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the e-mail address as well as its use for sending the newsletter at any time, e.g. via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
This website uses SendinBlue to send newsletters. The provider is SendinBlue SAS, 55 rue d’Amsterdam, 75008 Paris, France. SendinBlue is a service that allows you to organise and analyse the sending of newsletters. The information you enter to subscribe to the newsletter (e.g. e-mail address) is stored on SendinBlue’s servers.
Our newsletters sent with SendinBlue enable us to analyse the behaviour of the newsletter recipients. This can include an analysis of how many recipients opened the newsletter message and how often each link in the newsletter was clicked. All links in the e-mail are so-called tracking links, which allow your clicks to be counted.
If you don’t want SendinBlue to analyse your newsletter, you must unsubscribe. To do this, we provide a link in every newsletter message. Furthermore, you can also withdraw your consent at any time with future effect by sending an e-mail to the address given in our imprint.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of SendinBlue after you unsubscribe from the newsletter. This does not affect data stored by us for other purposes.
6. Use of services
6.1 Google Maps
To make it easier for you to find our location we use Google Maps, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Please read here how Google complies with data protection regulations also with regard to transmission to the USA:
We use Google Maps on the basis of Art. 6 para. 1. p. 1 f) DSGVO. Our legitimate interest is to improve the offer on our website and to provide you with better customer service.
As soon as this service is called up on our site, a connection is established with Google, which transmits your IP address to Google. If you are already logged in to Google, information about the search can be assigned to your user account. Please log out of Google before to prevent this.
YouTube is a video portal of YouTube LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter only referred to as “YouTube”.
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is responsible for the processing of data for users who have their habitual residence in the European Union.
Please read here how Google complies with data protection regulations also with regard to transmission to the USA:
We use YouTube on the basis of Art. 6 para. 1. p. 1 f) DSGVO. Our legitimate interest is to improve the offer on our website.
In order to protect your data, the function “Extended data protection” has been activated. A connection to YouTube is only established once the video has been clicked on. At least the IP address is transmitted to YouTube.
If you are already logged in to YouTube, the connection information is associated with your account. Please log out of YouTube first to prevent this from happening.
7. social media
We maintain publicly accessible profiles in social networks. You can find the social networks we use in detail below.
Social networks such as Xing, LinkedIn, etc. can usually analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. LikeButtons or advertising banners). By visiting our social media sites, numerous data protection-relevant processing procedures are triggered. In detail:
If you are logged in to your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-related advertising can be displayed to you both inside and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or were logged in.
7.1 Legal basis
Our social media appearances are designed to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal bases, which must be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a DSGVO).
7.2 Person responsible and assertion of rights
If you visit one of our social media sites (e.g. Xing), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can basically assert your rights (information, correction, deletion, restriction of processing, data transferability and complaint) both against us and against the operator of the respective social media portal (e.g. against Xing).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our possibilities depend largely on the corporate policy of the respective provider.
This website uses links to our presence on social media sites. The data protection and liability regulations of the respective providers apply to these presences, which you can access as described below.
7.3 Social networks in detail
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We have a profile with Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA; https://instagram.com/about/legal/privacy/. Instagram uses advertising cookies.
Translated with www.DeepL.com/Translator (free version)
8. Storage duration
Unless specifically stated, we only store personal data for as long as it is necessary to fulfil the purposes pursued.
In some cases the legislator provides for the retention of personal data, for example in tax or commercial law. In these cases, the data will only be stored by us for these legal purposes, but will not be processed in any other way and will be deleted after expiry of the legal retention period.
9. Your rights
Under applicable laws, you have various rights regarding your personal information. If you wish to exercise these rights, please send your request by e-mail or by post, clearly identifying yourself, to the address mentioned in point 1.
Below you will find an overview of your rights.
9.1 Rights to confirmation and information
You have the right to receive confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to request information from us free of charge about the personal data stored about you and about the purpose of processing.
9.2 Right of rectification
You have the right to ask us to correct and, if necessary, complete personal data concerning you.
9.3 Right of cancellation
Pursuant to Art. 17 para. 1 DSGVO, you have the right to demand that we delete personal data relating to you without delay, and we are obliged to delete personal data without delay if one of the following reasons applies:
The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
You revoke your consent on which the processing was based in accordance with Art. 6Abs. 1 1 a) DSGVO or Art. 9 Abs. 2 a) DSGVO, and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21(1) FADP and there are no legitimate reasons for the processing, or you object to the processing pursuant to Art. 21(2) FADP.
The personal data were processed unlawfully.
The deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which we are subject.
The personal data was collected in relation to information society services offered in accordance with Art. 8Abs. 1 DSGVO.
9.4 Right to limit processing
You have the right to demand that we restrict processing if one of the following conditions is met:
the accuracy of the personal data is disputed by you, for a period of time which allows us to verify the accuracy of the personal data
the processing is unlawful and you refused to delete the personal data and instead requested the restriction of the use of the personal data
we no longer need the personal data for the purposes of the processing, but you need the data to assert, exercise or defend legal claims; or
you have lodged an objection to the processing in accordance with Art. 21Abs. 1 DSGVO, as long as it has not yet been established whether the legitimate reasons of our company outweigh yours.
9.5 Right to data transferability
You have the right to receive, transmit or have us transmit personal data relating to you in machine-readable form.
When exercising your right to data transferability in accordance with paragraph 1, you have the right to request that the personal data be transferred directly from us to another responsible party, insofar as this is technically feasible.
9.6 Right of objection
You have the right to object to the lawful processing of your personal data by us if this is justified by your particular situation and if our interests in the processing do not outweigh the processing.
9.7 Right to revoke a data protection consent
You have the right to revoke your consent to process personal data at any time.
9.8 Right of appeal to a supervisory authority
You have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of employment or place of suspected infringement, if you consider that the processing of personal data concerning you is unlawful.
10. Transfer of data to third parties, no data transfer to non-EU countries
As a matter of principle, we only use your personal data within our company.
If and to the extent that we involve third parties in the fulfilment of contracts (such as logistics service providers), they will only receive personal data to the extent that the transmission is necessary for the corresponding service.
In the event that we outsource certain parts of the data processing (“contract processing”), we contractually oblige contract processors to use personal data only in accordance with the requirements of the data protection laws and to ensure the protection of the rights of the data subject.
Data transmission to bodies or persons outside the EU outside the case mentioned in this declaration in section 4 does not take place and is not planned.
11. Data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
To protect your data, we maintain technical and organisational security measures in accordance with Art. 32 DSGVO, which we continually adapt to the state of the art.
We also do not guarantee that our offer is available at certain times; disturbances, interruptions or failures cannot be excluded. The servers used by us are regularly and carefully secured.
We reserve the right to adapt this data protection declaration from time to time so that it always meets current legal requirements or to implement changes to our services in the data protection declaration.