+49 (0)9441 68 60-0 info@syntacoll.de

Data Privacy Policy

We are very pleased about your interest in our company. Data protection is of particular importance for the management of Syntacoll GmbH.

Through this Data Privacy Policy, our company seeks to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, as a data subject, you will be informed about the rights to which you are entitled by means of this Data Privacy Policy.

The Data Privacy Policy applies to the Internet offer of the Syntacoll GmbH (www.syntacoll.de) and to the personal data collected via these Internet pages. For websites of other providers, to which e.g. links will refer, their local data privacy policies and notices apply.

The processing of your personal data always takes place in accordance with the General Data Protection Regulation (“GDPR”), the German Federal Data Protection Act (“BDSG”) and in accordance with the country-specific data protection regulations applicable to the Syntacoll GmbH. 

“Personal Data” is defined as any information relating to an identified or identifiable natural person. That is, all personal data that is related to you, such as name, address, email address or telephone number. “Processing” means, for example, the collection, recording, structuring, storage, use, dissemination or deletion of personal data.

Syntacoll GmbH, as the controller, has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security lapses, so that absolute protection cannot be guaranteed. For this reason, you and any data subject are free to submit personal data to us by alternative means, for example, by telephone.

For security reasons and to protect the transmission of confidential content, this site uses an SSL or 

TLS encryption such as orders or requests that you send to us as a site operator. An encrypted connection is indicated by the browser’s address bar changing from “http: //” to “https: //” and the lock icon in your browser bar. If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.

  1. Name and address of the controller

Controller within the meaning of General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions with data protection character is:

Syntacoll GmbH
Donaustraße 24
93342 Saal a.d. Donau
Phone: +49 9441 6860 0
Email: info@syntacoll.de
Website: www.syntacoll.de 

  1. Contact details of the data protection officer

All interested parties and visitors to our website can access our data protection officer in privacy matters at:

MTG Consulting GmbH
Ludwigstraße 4
93309 Kelheim
Email: datenschutz@mtg-group.de


  1. Collection of general data and information

The website of Syntacoll GmbH collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information are stored in the log files of the server. The following information may be recorded:

(1) used browser types and versions,

(2) the operating system used by the accessing system,

(3) the website, from which an accessing system comes to our website (so-called referrer URL),

(4) the sub-websites, which are accessed via an accessing system on our website,

(5) the date and time of access to the website,

(6) an Internet protocol address (IP address),

(7) the Internet service provider of the accessing system and

(8) other similar data and information used in the event of attacks on our information technology systems.

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

When using this general data and information, the Syntacoll GmbH does not draw any conclusions about the data subject. This information is rather needed for the following purposes: in order to 

(1) allow the visit to the site,

(2) deliver the contents of our website correctly,

(3) optimize the content of our website as well as the advertisement for it,

(4) ensure the permanent functioning of our information technology systems and the technology of our website as well, and

(5) provide law enforcement authorities with the information necessary for law enforcement in the event of cyber attack. 

This anonymously collected data and information are therefore statistically and further evaluated by Syntacoll GmbH with the aim of increasing data protection and data security in our company in order to ultimately ensure the best possible level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

The legal basis for the collection of the above-mentioned general data is Article 6 (1) sentence 1 lit. f GDPR, as the processing of this data is required to show you our website and to ensure the stability and security of the website. 


  1. Legal basis of processing

Article 6 (1) sentence 1 lit. a GDPR serves our company as a legal basis for processing operations where we obtain a voluntary consent from the data subject for a particular processing purpose. 

If the processing of personal data is necessary to fulfil a contract of which the data subject is a party, the processing is based on Article 6 (1) sentence 1 lit. b GDPR. This is the case, for example, for processing operations that are necessary for the supply of goods or the provision of any other service or consideration. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services.  

If our company is subject to a legal obligation that requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Article 6 (1) sentence 1 lit. c GDPR.  

In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Article 6 (1) sentence 1 lit. d GDPR.

The processing operations can be based on Article 6 (1) sentence1 lit. f GDPR. Processing is based on this legal basis if the processing is necessary to safeguard the legitimate interests of our company or a third party, provided the interests, fundamental rights and fundamental freedoms of the data subject do not prevail. Before proceeding with the processing, the existence of a legitimate interest is considered on a case-by-case basis, including the question of whether a data subject can reasonably foresee at the time of collection of the personal data and in view of the circumstances in which it occurs that there may be processing done for this purpose. 

  1. Recipients or categories of recipients of personal data

In general, personal data that you provide to us about you will only be processed by us as the controller. If, in the course of our processing, we disclose data to other persons and companies, such as web hosts, data processors or third parties, transmit them to them or otherwise grant access to the data, this is done on the basis of a legal permission (e. g. if a transmission of the data to third parties in accordance with Article 6 (1) sentence 1 lit. b GDPR is required to fulfil the contract), if the parties have given their consent, a legal obligation to do so, it is necessary to perform a task that is in the public interest or based on our legitimate interests.

Syntacoll GmbH transfers personal data to Innocoll Pharmaceuticals (Ireland). This will only be done to fulfil our (pre) contractual obligations and on the basis of legal obligations. So the data transfer is based on Article 6 (1) sentence 1 lit. b, c GDPR.

  1. Data transfer to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or data transfer to third parties, this will only be done to fulfil our (pre) contractual obligations, on the basis of your consent, or on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only pursuant to the special conditions of Article 44 et seq. GDPR. This means that the processing is based, e.g., on specific guarantees, such as the officially recognized adequate level of data protection (e.g. for the United Sate through the Privacy Shield) or in compliance with officially recognized special contractual obligations (so-called “Standard Contactual Clauses”).

Syntacoll GmbH transfers personal data to Innocoll Inc. (USA). This will only be done to fulfil our (pre) contractual obligations and on the basis of legal obligations. So the data transfer is based on Article 6 (1) sentence 1 lit. b, c GDPR. The adequacy of the level of data protection is ensured by the EU Standard Contractual Clauses.


  1. Retention period of personal data or criteria for determining the period

We as the controller only process and store the personal data of the data subject for the period required to achieve the purpose of storage or, if so required by the European legislator and regulatory body or any other lawgiving body as set forth in laws or regulations that apply to us as controller responsible for the processing of the data.

If the purpose of the data retention ceases to exist or if a storage period prescribed by the European legislator and / or regulatory body expires, in particular any statutory retention period, the personal data are routinely deleted in accordance with the legal requirements if they are no longer necessary for the purpose, fulfilment of entering into the contract.

The criterion for the duration of the storage of personal data is thus the applicable statutory retention period.


  1. Rights of the data subject

As far as your personal data are processed during the visit of our website, you are a “data subject” within the meaning of the GDPR and have the following rights. If you, as the data subject, wish to avail yourself of any of these rights, you can contact our data protection officer or any employee of the controller at any time.

 8a) Right of access by the data subject

  1. As a data subject, you can obtain confirmation from us as to whether or not personal data concerning you is being processed by us. If your personal data are processed by us, you have the right to access to such personal data and the following information:
  • the purposes for which your personal data is being processed;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been disclosed or will be disclosed, in particular to recipients in third countries or international organizations;
  • where possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria for determining that period;
  • the existence of a right to rectification or erasure of the personal data, or any restriction of processing of personal data concerning the data subject, or to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • where the personal data are not collected from the data subject, any available information on the source of the data;
  • the existence of an automated decision-making process including profiling according to Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

Furthermore, as the data subject, you have a right of access as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, you, the data subject, are also entitled to receive information about the appropriate guarantees in connection with the transfer.

We would like to point out that as the controller, we may require you as the person concerned, to clarify your request when we process a large amount of information from you. 

8b) Right to rectification 

As the data subject, you have the right to demand from us as the controller without delay the correction of incorrect personal data concerning you. Taking into account the purposes of the processing, you as the data subject also have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.

8c) Right to erasure (“right to be forgotten”)
You as the data subject have the right to obtain from the controller the erasure of personal data concerning you without undue delay and we as the controller have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data has been collected for such purposes or otherwise processed for which they are no longer necessary.
  • You revoke your consent, to which the processing pursuant to Article 6 (1) sentence 1 lit. a or Article 9 (2) lit. a GDPR and there is no other legal basis for processing. 
  • In accordance with Article 21 (1) GDPR, you object to the processing and there are no legitimate reasons for the processing.
  • In accordance with Article 21 (2) GDPR, you object to processing for the purpose of direct advertising.
  • The personal data have been processed unlawfully.
  • The deletion of personal data is required to fulfil a legal obligation to which the controller is subject.
  • The personal data have been collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

Where we, as the controller, have made your personal data concerning public and where we are obliged to erase them in accordance with the above-mentioned conditions, we shall take appropriate measures, including technical ones, to inform the controllers, who control the personal data, to inform them that you as the data subject have requested that they erase all links to such personal data or copies or replications of such personal data.

You are not entitled to these rights if the processing of your personal data is required  

  • to exercise the right to freedom of expression and information;
  • to fulfil a legal obligation;
  • to perform a task of public interest or in the exercise of public authority delegated to the controller;
  • for reasons of public interest in the field of public health pursuant to Article 9 (2) lit. h, i, (3) GDPR;
  • for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, to the extent that the above-mentioned law is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
  • to assert, exercise or defend legal claims.

 8d) Right to restriction of processing

As a data subject, you can request us as the controller to enforce the restriction of processing if one of the following conditions applies:

  • You deny the accuracy of the personal data concerning you and thus for a period that enables us, as the controller, to verify the accuracy of your personal data.
  • The processing is unlawful and you as the data subject refuse to delete the personal data and instead demand the restriction of the use of the personal data.
  • We, as the controller, need your personal data for processing purposes not longer, but you, as the data subject, need it to assert, exercise or defend your rights
  • You as the data subject have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of you as the data subject.

If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or of an EU Member State.

If the limitation of processing according to the above-mentioned prerequisites was restricted, you will be informed by the controller before the restriction is lifted.

8e) Right to data portability

You have the right to receive personal data concerning you that you provide to us as the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without restriction by the controller to which the personal data have been provided, where

  • the processing is based on a consent in accordance with Article 6 (1) sentence 1 lit. a GDPR or Article 9 (2) lit. a GDPR or on a contract pursuant to Article 6 (1) sentence 1 lit. b GDPR and
  • the processing is carried out by automated means.

In exercising this right, you also have the right to ensure that the personal data relating to you are transmitted directly from one controller to another controller, as far as this is technically feasible. Freedoms and rights of other persons may not be impaired.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

8f) Right to object in accordance with Article 21 GDPR

You have the right at any time, for reasons arising from your particular situation, to lodge an appeal against the processing of your personal data, which takes place pursuant to Article 6 (1) sentence 1 lit. e or f GDPR, including profiling based on those provisions. Profiling means the use of personal data to evaluate certain aspects relating to natural persons, in particular to analyse or predict aspects relating to work performance, economic condition, health, personal preferences of that natural person.

The controller will no longer process your personal data unless the controller can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.

Where the personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the option to raise your objection by telephone, by email, or by telefax or by regular mail sent to our postal address listed at the beginning of this Data Privacy Policy.

8g) Right to withdraw a data protection consent 

You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.


  1. Right to lodge a complaint with a supervisory authority

If our data protection officer cannot answer your request to your satisfaction or if you believe that the processing of your personal data violates the GDPR, you have the right to complain in any case, with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, always without  exclusion of any other administrative or judicial remedy. 

The “Bayerische Landesamt für Datenschutzaufsicht” (Bavarian State Office for Data Privacy Supervision) is the data protection supervisory authority responsible for our company based in Bavaria and can be reached at:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Telefax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de  

  1. Legal or contractual requirement for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We instruct you that the provision of personal data is in part required by law (such as tax regulations) or may result from contractual arrangements (such as details of the contractor).

Occasionally it may be necessary for a contract to be concluded that a data subject provides us with personal data that must subsequently be processed by us. For example, the data subject is required to provide us with personal data when our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the person concerned may not be concluded.

Prior to providing the data , the data subject can contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is required for the conclusion of the contract, if there is an obligation to provide the personal data and what would be the consequence of the non-provision of the personal data.


  1. Automated decisions in individual cases including profiling

You have the right not to be subjected to a decision based solely on automated decision-making
– including profiling – that will have legal effect or similarly impair you substantially in a similar manner. By law, exceptions to this right are provided for.

As a responsible company, we refrain from automatic decision-making or profiling.


  1. Data protection in applications and in the application process

We as the controller process personal data of applicants for the purpose of handling the application process. 

The processing of applicant data is based on Article 88 (1) GDPR in conjunction with Sec. 26 BDSG.

The processing can also be done electronically. This is particularly the case if an applicant submits the relevant application documents by electronic means, for example by email or via a web form located on the Syntacoll GmbH website, to us as the controller. 

As part of the selection process, the applications are viewed, if necessary, queries are made, invitations to interviews sent and collected in interviews in the recruitment of additional personal data in order to ultimately make a decision regarding the selection of candidates.

If the controller concludes a contract of employment with an applicant, the data transmitted will be processed for the purposes of the employment relationship and only in compliance with the law.

If there is no employment after the application process, the application documents will be deleted six months after the announcement of the rejection decision. The deletion period results from the application of Article17 (3) lit. b GDPR (exception to the fundamental obligation to delete if personal data processing is required to fulfil an obligation under German law or EU law) in conjunction with Sec. 15 (4) General Equal Treatment Act (AGG) and Sec. 61b (1) Labour Court Act (ArbGG) (Duty of storage under the burden of proof according to the General Equal Treatment Act).

  1. Cookies

The websites of Syntacoll GmbH use cookies. Cookies are text files that are set and stored on the computer system via an Internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual’s browser from other Internet browsers that contain other cookies. A particular Internet browser can be recognized and identified by the unique cookie ID.

We as the controller use cookies to save the language selection on the website. Provider of these cookies is Syntacoll GmbH as the operator of the website. Only Syntacoll GmbH has access to the personal data collected this way.

The legal basis for processing personal data using cookies is Article 6 (1) sentence 1 lit. f GDPR. By using cookies, we can provide you, as a user of this website, with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized in the sense of the user. Cookies allow us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies need not re-enter their credentials every time they visit the website because this is done by the website and the cookie stored on the user’s computer system. Another example is the cookie of a shopping cart in the online shop. The online shop remembers the items that a customer has placed in the virtual shopping cart via a cookie.

You as the data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting of the Internet browser that is used and thus permanently contradict the setting of cookies. Furthermore, cookies already set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. The transfer of Flash cookies cannot be prevented by setting the browser, but by changing the setting of the Flash Player. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.


  1. Google Maps

On this website we use the offer of Google Maps. This allows us to show you interactive maps directly in the website and allow you to conveniently use the map feature. 

Provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. To use the features of Google Maps, it is necessary to save your IP address. This information is usually transmitted to and stored by Google on servers in the United States. The provider of this page has no influence on this data transfer. 

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. This is done regardless of whether Google provides a user account that you are logged into, or if there is no user account. When logged into Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or tailor-made website design. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles, but you must bring this objection directly to the attention of Google.

The use of Google Maps serves to an appealing presentation of our online offers and facilitates that the places we specify on the website can be found. This purpose constitutes a legitimate interest within the meaning of Article 6 (1) sentence 1 lit. f GDPR.  

For more information about how to handle user data, please refer to the Privacy Policy of Google.


  1. Google Analytics

These websites are used by Google Analytics, a web analytics service provided by Google Inc. (“Google”). Information collected about your use of the website is, i.a. browser type and version, operating system used, referrer URL (previously visited page), IP address or date / time of the request.

Google Analytics uses so-called “cookies”, text files that are stored on your computer and that allow an analysis of the use of the websites by you. The information generated by the cookies about your use of these websites is usually transmitted to a Google server in the USA and stored there. Since IP anonymisation is activated on this website, your IP address will be shortened by Google within the member states of the European Union or the EEA (European Economic Area) and only transmitted anonymously. Only in exceptional cases will the full IP address be sent to a Google server in the USA and be shortened there. This transfer is based on the EU-US Privacy Shield Agreement.

On behalf of the operator of these websites, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website and internet usage to the website operator. 

These purposes also justify our legitimate interest lies in the data processing. The legal basis for the use of Google Analytics is Article 6 (1) sentence 1 lit. a and f GDPR. The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs will be deleted automatically after 14 months. The deletion of data whose retention period has expired is performed automatically once a month. 

You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to use all the functions of this website in full. 

You may also prevent the collection by Google of the data generated by the cookies and their use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link. The link is: http://tools.google.com/dlpage/gaoptout

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site:

Deactivate Google Analytics

For more information about how to handle user data on Google Analytics, please consult the Privacy Policy of Google.

  1. Social media links

Within our websites there are links to different social media. These are not social media plugins, just links to our offerings within these media. For example, there is a link to a Facebook account. These accounts are – like this website – also operated by Syntacoll GmbH. If you click on one of these links, your IP address will always be transmitted to the operators of different platforms. Should you use one of these services and you are also logged in with your specific account, you may be able to collect information about your surfing behaviour from the social media operator. The transfer of your IP address to the operators of the accessed websites is technically necessary and applies to all websites.


  1. Contact via the website

Due to legal regulations, the Syntacoll GmbH website contains information that enables quick electronic contact with our company as well as direct communication with us, which also includes a general address of the so-called electronic mail (email address). If you, as the data subject, contact us as the controller by email or via a contact form, the transmitted personal data will be stored automatically. Such personal data provided on a voluntary basis by the data subject to the controller is stored for the purpose of processing or contacting the data subject. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. There is no disclosure of this personal data to third parties.

Legal basis for processing the data is in case of the presence of the consent of the user Article 6 (1) sentence 1 lit. a GDPR. The legal basis for processing the data transmitted in the course of sending an email is Article 6 (1) sentence 1 lit. f GDPR. If the email contact aims to conclude a contract, then the additional legal basis for the processing is Article 6 (1) sentence 1 lit. b GDPR.

The data will be deleted as soon as it is no longer necessary to achieve the purpose of their collection. For the personal data provided via the input form of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been finally clarified. The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.


  1. Changes to this Data Privacy Policy

We reserve the right to change our Data Privacy Policies if necessary due to new technology. Please ensure that you have the latest version. If any fundamental changes are made to this Data Privacy Policy, we will post it on our website.



Version: November 2019