NIDDA HEALTHCARE GMBH PRIVACY POLICY
This Privacy Policy was last updated in October 2023.
OUR COMMITMENT TO PRIVACY
Your privacy is important to Nidda Healthcare GmbH and our affiliates (together, ‘our’, ‘us’, ‘we’, ‘company’ or ‘Nidda Healthcare’).
This Privacy Policy describes how we gather and use personal data for visitors of, and existing or potential investors (‘Investors’) who access, the Nidda Healthcare Investor website. ‘Personal data’ as used in this Privacy Policy shall have the meaning given to it (or any equivalent term) under applicable data protection laws but shall generally mean any information that can be used to identify you as an individual. This Privacy Policy does not apply to any processing of personal data by or on behalf of Nidda Healthcare that is covered by a more specific privacy policy. Please read this Privacy Policy carefully.
Nidda Healthcare Holding GmbH and all Nidda group companies (including Nidda Healthcare GmbH, Nidda Healthcare Holding GmbH and Nidda BondCo GmbH) will each be a controller of any personal data collected by us. If you have any questions regarding our use of your personal data, or this Privacy Policy, please contact ir@stada.de.
We rely on various legal bases under applicable data protection legislation in order to process your personal data, including our legitimate interests, contractual necessity and as required by law. See section “Why we use your personal data” below, for further information. We use the personal data we collect to operate our business and provide you with the services (including Investor services) and products we offer and perform essential business operations.
The types of personal data that we collect are set forth in the section “Information you provide to us” below. We do not collect any special categories of personal data about you (which includes details about your health and genetic and biometric data, information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, and trade union membership), nor information about criminal convictions and offences.
If we require your personal data due to a legal requirement or obligation or in order to perform a contract with you, we will make you aware of this at the time we collect your personal data, and the possible consequences of you failing to provide this personal data (e.g., we may require your passport details to verify your identity for the purposes of anti-money laundering regulations) and failure to provide this personal data means that we cannot provide our services or products to you. In this case, we may have to cancel a service or investment you have with us but we will notify you if this is the case at the time.
You do not need to take any action as a result of this Privacy Policy, but you do have certain rights as described below in the section headed “Your rights”.
HOW WE OBTAIN YOUR PERSONAL DATA
Information you provide to us
We collect your personal data when you decide to interact with us and we only collect personal data necessary to carry out our business for the purposes set out below. You may provide us with personal data via the “Contact” details on the website including by email, post and telephone, or via the “Investor Login” page (‘Investor Portal’). The personal data we collect about you may include your name, name of your employer, address, title, username, job title, position, telephone number and email address, passport information, and financial information. We may also collect personal data about you through automated technology, such as cookies or other online identifiers. See section “Cookies” below, for further information.
Information provided by third parties or publicly available sources
We may also collect personal data from placement agents that we engage to market our applicable services.
WHY WE USE YOUR PERSONAL DATA
To the extent that you provide us with, or we otherwise collect, any personal data, through or in connection with this website, we may use such personal data for the below purposes and may process your personal data on more than one legal basis depending on the specific purpose:
Purpose |
Legal Basis |
To provide you with the services or products you have requested. |
Contractual necessity (derived from our contract with you as an Investor) and/or legitimate interest (to operate our business) |
To register you as an Investor and in order to provide access to the Investor Portal. |
Consent (collected via the Investor registration link), legitimate interest (to provide information about Nidda Healthcare GmbH for potential investors to use in order to make informed investment decisions) and legal obligation (to ensure we are able to provide Investors with information required under law) |
To verify your status as existing or legitimate potential Investor in order to provide access to the Investor Portal. |
Contractual necessity (derived from our contract with you as an Investor), legal requirement (to comply with applicable legal or regulatory obligations on us including in respect of KYC and AML) and/or legitimate interest (to operate our business) |
To keep a record of your relationship with us. |
Legitimate interest (to operate our business) |
To conduct due diligence activities in connection with an actual or prospective corporate transaction or investment with respect to which we are party to. |
Legitimate interest (to operate our business) |
Fraud and abuse prevention. |
Legal requirement and/or legitimate interest (to operate our business) |
Litigation management and conducting internal audits and investigations. |
Legal requirement and/or legitimate interest (to operate our business) |
To administer and protect our business and this website. |
Legitimate interest (to operate our business) |
To respond to your contact requests via email, post or telephone. |
Legitimate interest (to operate our business) |
Note that we may process your personal data on more than one legal basis depending on the specific purpose for which we are using your personal data.
No automated decision making, including profiling, is used when processing your personal data.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
We may also monitor communications, where required to do so, to comply with regulatory rules and practices and, where permitted to do so, to protect our respective businesses and the security of our respective systems.
DISCLOSURE AND TRANSFER OF PERSONAL DATA
Although we do our best to protect your personal data, we cannot guarantee the security of any information or data transmitted to or through our website; any transmission of information or data by you to or through this site is at your sole risk.
Your personal data will be shared with and processed by our affiliates and certain service providers as necessary to fulfil the purposes set out in this Privacy Policy, including consultants, agents, contractors and data hosting providers and in some instances, placements agents and other fund administrators. We make sure anyone who provides a service to, or for us, enters into an agreement with us and meets our standards for data security. We may also share your personal data with regulatory authorities. To the extent your personal data is transferred to countries outside of the European Economic Area, such transfers will only be made in accordance with applicable data privacy laws. For further information about the safeguards used, please contact compliance@stada.com.
We reserve the right to disclose your personal data as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator, national security, for the purposes of public importance or any other legal or investigatory process involving us. Should we, or any of our affiliated entities, be the subject of a takeover, divestment or acquisition we may disclose your personal data to the new owner of the relevant business and their advisors.
SECURITY AND RETENTION OF PERSONAL DATA
We are committed to protecting the personal data you entrust to us. We adopt robust and appropriate technologies and policies, so the personal data we have about you is protected to the extent possible from unauthorized access and improper use. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will keep your personal data only for as long as is reasonably necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required by law. We will not keep more personal data than we need for those purposes. For further information about how long we will keep your personal data, please contact compliance@stada.com.
CAPACITY
This site is only intended for individuals who are at least 13 years of age. We do not knowingly encourage or solicit visitors to this site who are under the age of 13 or knowingly collect personal data from anyone under the age of 13 without parental consent. If we learn we have collected or received personal data from an individual under the age of 13, we will delete that personal data.
COOKIES
Information regarding how you access this website (e.g., browser type, access times, and Internet Protocol (IP) address) and your hardware and software is automatically collected through the use of cookies (a small text file placed on your hard drive) or other technologies or tools. This information is used to improve website performance and for our business purposes. Where cookies are not necessary for us to provide the products or services you have requested or for the functioning of this site, we will ask you to consent to their use. You may opt-in to accept cookies automatically by changing the settings on your browser. If you opt-out of certain cookies, you may not be able to access certain parts of this site. On the website and Investor Portal we use the cookies listed below.
You may wish to visit www.aboutcookies.org, which contains comprehensive information about types of cookies, how they are used, and how you manage your cookie preferences.
YOUR RIGHTS
You have the right to access the personal data we hold about you, and there are a number of ways you can control the way in which and what personal data we store and process about you. To exercise these rights and controls, please contact compliance@stada.com.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
NOTIFICATION OF CHANGES
We reserve the right to amend this Privacy Policy from time to time by updating this Privacy Policy. If we decide to change our Privacy Policy, we will post those changes so our users are always aware of what personal data we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to collect personal data or use any collected personal data in a manner different from that stated at the time it was collected, we will notify applicable visitors and Investors. We will use your personal data only in accordance with the Privacy Policy under which such personal data was collected.
CONTACT US
If you have any questions or concerns about this Privacy Policy, please contact ir@stada.de.
COMPLAINTS
Furthermore, you have the right to complain to the data protection supervisory authority regarding our processing of your personal data. The relevant supervisory authority responsible for us is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
Telefon: +49 611 1408 – 0
E-Mail: poststelle@datenschutz.hessen.de