In India, Ahlcon is subject to data protection principles under the Information Technology Act, 2000 (“ the Act” ) and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (“SPDI Rules”) and this notice is intended to outline how we intend to keep secure the personal data of individuals (“data subjects”) and to ensure that the rights of the data subjects are protected. In this policy, we seek to inform data subjects of the type of and the purpose for which their personal data is collected and processed and the data subject’s right to access or refuse to provide such personal data.
1. Responsible controller
The operator of this website and the responsible controller in terms of data protection is:
Ahlcon Parenterals (India) Ltd.
(a B. Braun group company)
Plot no. 30 & 30/E, 2nd Floor,
Najafgarh Road Industrial Area,
New Delhi -110015.
2. General information on processing personal information
As an international company, we work together with external service providers. To the extent that processed data contains personal information, corresponding contractual agreements and organisational measures have been enacted according to applicable law which ensure the security of your personal data. Our external service providers are bound by our instructions and are regularly monitored.
As a general rule, our website can be used without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) are collected, this is always done, as far as possible, on a voluntary basis.
We would like to point out that data transmission on the internet (e.g. when communicating by e-mail) may involve gaps in security. We try to protect your data from unauthorised access by third parties by taking precautions such as pseudonymisation, data economy, observing deletion periods and taking into account the current state of technology. Despite these protective measures, however, we cannot completely rule out unlawful processing by third parties.
3. Data processing in the case of access from the Internet
When you visit our websites, our web servers save each access temporarily in a log file. The following data is captured and processed until automated deletion:
- Anonymised IP address of the requesting computer
- Date and time of access
- Time zone
- Access status/http status code
- Volume of data transferred in each case
- Operating system and its interface
- Identification data of the browser and operating system used
- Language and version of the browser software
- Name and URL of the retrieved data, content of the request
- Report whether the retrieval was successful
- Website from which the access takes place
- Name of your Internet service provider
When this website is used purely for informational purposes, Ahlcon only collects the personal data that is technically required in order to display and enable the use of the website (establishment of connection), for system securityand stability, for the technical administration of the network infrastructure and to optimise the website. The legal basis for this is a legitimate interest of B. Braun(Art. 6 (1) lit. f GDPR).
You may object to this data processing. If you object to the use of the data, please note that you may only be able to use our services to a limited extent.
4. Purpose of data processing
In accordance with the principle of data minimisation of the General Data Protection Regulation, we only process personal data on our website if it is necessary for the purpose you have requested, if we are obliged to do so due to legal regulations or a contract, if we have a legitimate interest and/or if you voluntarily provide the data to us.
When entering personal or business data (e.g. e-mail address, name, address), the disclosure of your data is performed on an explicitly voluntary basis.
We process your contact and business-relevant data based on statutory regulations in connection with existing or pending business relationships In addition, with your input, you declare your consent for the personal data entered to be processed for the purpose designated by you. We process the provided data only as long as required for the intended purpose and delete it after fulfilling the purpose or after expiration of the respective storage periods. Processing does not occur for any other purpose. If you object to the processing of your data, please note that you may only be able to use our services to a limited extent. In order to provide you with a comprehensive range of services, your data will be transmitted and used within the B. Braun Group.
The following are possible ways we may use the information:
Due to legal regulations:
- Execution of our General Terms and Conditions
- Management of our business
- Protection from or identification of possible fraudulent transactions
Due to contractual purposes:
- Payment processing for purchases and other services
- Processing of your application documents
Based on our legitimate interest:
- Determining the effectiveness of our advertising
- Development of new products and services
- Analysis of the use of our products, services and websites
- Knowledge of how you reached our website
- Website stability and security
Your consent to processing of your personal data can be revoked at any time with effect for the future. Your consent may be required in various cases:
- to receive newsletters
- sending of samples, bonuses, products and information
- signing up for prize competitions, programs or offers at your request
- delivery of other services that we have offered you
- surveys on our websites
- development and provision of advertising tailored to your interests
- making contact via our contact forms form
6. Term of storage
Your data is stored by Ahlcon for as long as required for certain purposes. Consequently, your data is deleted by Ahlcon if and when:
- the relevant legal basis for the processing of your personal data no longer exists,
- the purpose of processing your personal data no longer exists,
- you withdraw of your consent to the processing of your personal data,
- a legal obligation makes it necessary to erase them, or
- you have objected to the processing of your personal data,
unless storage periods stipulated by law apply. Ahlcon may only delete your data when these retention periods have expired.
This does not apply to data whose erasure would involve disproportionate effort. In cases like these, Ahlcon is deemed to have a legitimate interest within the meaning of Article 6 (1) lit. f GDPR in storing your data.
7. Automated decision-making
We do not use fully automated decision-making pursuant to Art. 22 GDPR to establish and implement the business relationship. Should we use these methods in individual cases, we will inform you thereof separately when required by law.
We use automated methods to process your data in part, with the objective of evaluating certain personal aspects (profiling). We use profiling to provide products that may interest you on a targeted basis, for example.
8. Obligation and purpose of providing personal data
Within the scope of our business relationship, you are required to provide the personal data that is necessary in order to commence and implement the relevant business relationship and fulfil the contractual obligations associated with it or that we are required by law to collect. Without this data, we will generally not be able to enter into the business relationship with you and fulfil the obligations that arise from it.
This website contains links to websites of third parties over whose content Ahlcon has no influence. After clicking on a link, you leave the sphere of responsibility of Ahlcon. Processing of data therefore no longer takes place within our influence.
10. Protection of minors
Children and persons under the age of 18 normally do not transmit personal data to us without the consent of their parents or legal guardians. We do not request personal data from minors and we assure that we do not knowingly collect personal data from minors, use it in any way or disclose it to third parties without authorisation.
11. Transmission of data via the Internet
The Internet is a globally open platform. Due to the Internet's inherent mode of operation and the systemic risks involved, any data transmissions are made at your own risk. For your security, we exclusively offer our services via encrypted transmission.
12. Transfers of data to third countries (non-EU countries)
We transfer your data to countries outside the European Union / European Economic Area (third countries) only to the extent that
- it is necessary in order to perform your orders,
- it is required by law or
- you have given us your consent.
To the extent that we transfer your data to a third country or an international organization, this takes place in accordance with the GDPR. Beyond that, we only transfer the strict minimum amount of data necessary, in line with the principle of data minimization.
In some cases, we use service providers whose corporate headquarters, parent company or sub-contractors are located in a third country. Your data is only transferred if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR), appropriate safeguards are provided (e.g. standard contractual clauses issued by the European Commission) and enforceable rights and effective remedies are available to you as a data subject. We have contractually regulated compliance with the GDPR and its requirements with the service providers.
Our websites also use so-called cookies. Cookies are small text files that are stored on your computer and saved by your browser. They do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offering more user-friendly, effective and secure. Some cookies (so-called "functional cookies", e.g. for language settings and ordering processes) are those that are absolutely necessary to ensure essential functions of the website. Without these, the website cannot be used as intended.
There are two different types of cookies:
Transient cookies: Most of the cookies we use are so-called "transient cookies", in particular "session cookies". These cookies are automatically deleted after the end of your visit. They enable us to recognise your browser when you return to our website within the same session.
Persistent cookies: Other cookies, so-called "persistent cookies", are only automatically deleted from your end device after a predefined period of time (which varies depending on the type of cookie).
14. Security measures
We have taken extensive precautions to protect the security of your data. Your data, which you have entered e.g. in HTML websites (contact forms) are transmitted in an encrypted form (SSL - Secure Socket Layer) via the public data network to Ahlcon.
This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as for example, the inquiries that you send to us as the website provider. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
15. Forwarding of data to third parties
Your personal data will not be forwarded to third parties (i.e. outside the B. Braun Group) unless you have given us your prior consent. Excluded from this provision is the forwarding to service partners, such as for example parcel service providers or freight forwarders, if the transmission is necessary for the order processing or delivery of the goods.
The logistics service providers receive the data required for delivery for their own use. We limit the transferred data to the necessary extent.
In addition, other service providers are involved, such as IT service providers or the hosting service provider for the website. These companies work for B. Braun Group within the framework of so-called processing on behalf of B. Braun Group and may only use personal data in accordance with our instructions. B. Braun has obligated these service providers to the General Data Protection Regulation and the Act as per contract and monitors these companies.
Further excluded is the transfer of data for the management of orders, the delivery of goods or services, and for accounting purposes within the B. Braun Group. To transfer the data, it may be stored in the cloud application salesforce.com, Inc. The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA ("Salesforce") (see section 15). Beyond this, no data is transferred to third parties without your consent.
In all these cases, the data is transferred in accordance with the applicable national and European data protection provisions; the scope of the data transferred is limited to the necessary minimum.
We acknowledge and confirm that we do not, in any way, sell any information or material you provide to us to any third-party. Any communication from our side will only be in connection with marketing purposes.
We have concluded a data processing contract with Adobe and fully implement the strict requirements of the German data protection authorities when using Adobe Analytics.
17. Use of Friendly Captcha
In order to protect contact forms on our website from spam and misuse, we use the "Friendly Captcha" service from Friendly Captcha GmbH (Germany). By using this service, it is possible to distinguish whether the corresponding input is of human origin or is abusive due to automated machine processing.
The tool prevents automated and abusive requests by so-called "bots". As part of this process, your IP address is captured by Friendly Captcha to send a cryptographic task to your device. This task is solved in the background and as soon as it is solved, a confirmation is sent by Friendly Captcha to the server that this is a natural person.
In this regard, Friendly Captcha processes and stores the following data:
- IP address of the requesting computer (anonymised via one-way hashing)
- Information about the browser and operating system used
- Anonymised counter per IP address to control the cryptographic tasks
- Website from which the access took place (referrer URL)
For more information on data processing, please visit the Friendly Captcha website: https://friendlycaptcha.com/de/legal/privacy-end-users/
18. Social media
B. Braun maintains its own sites on various social networks in order to enable an exchange with interested users or customers and to be able to inform these groups about the B. Braun product portfolio. B. Braun does not process any user data in social networks itself, and can only analyse and use the data that have been anonymised by Facebook, for example. In the process, user data may be transferred to countries outside the European Union. Furthermore, the user data collected is processed for marketing purposes, for example to define target groups and then display targeted advertising material to them on the respective social media platform. To make this possible, the social network/the relevant provider of the social network frequently stores cookies that contain the users’ online behaviour, interests and similar. User profiles on the respective platforms can also contain data that is stored irrespective of the end device. The legal basis for this kind of processing is the legitimate interest of B. Braun in functional and stable communication with users via the respective online presence.
The social media providers may request your consent to the relevant data processing. In this case, the legal basis for the data processing would be that specific consent. As a data subject affected by the processing, you can assert various rights against the controller. Please note, however, that as a basic principle, exercising these rights as a data subject makes the most sense if you do so directly with the platform provider. As a general rule, only the platform providers have direct access to the processed data and are the only ones who can take appropriate measures. Of course, we are at your disposal if you have any further questions in this regard.
In order to provide you with as much relevant information as possible regarding data processing in social networks, we also refer to the privacy policies of the individual platform providers:
19. (Social Media) Plugins
Third-party content may be used within the Ahlcon website (so-called plugins). These can appear in the form of YouTube videos, RSS feeds or graphics of other websites or also by social media buttons such as the Facebook share button.
If you are on a Ahlcon or a B. Braun website, on which content of third-parties is integrated, a connection will be set up with the respective social network under certain circumstances. This means that the content of the buttons can be transferred to your browser and integrated into the website by it. This means that the respective provider always receives the information that you have opened the Ahlcon or B. Braun website. It is irrelevant whether you are a member of a social network or not logged into such a network. Furthermore, irrespective of whether you actually interact with the embedded content, information is automatically collected by the social network. The following data may be transferred hereby: IP address, browser information and operating systems, screen resolution, installed browser plugins (e.g. Adobe Flash Player), origin of visitors (if you followed a link) and the URL of the current website.
If you are logged into one of the social networks while using the Ahlcon or B. Braun website, the information about your visit to the website will be linked to your member data and stored. If you are a member of a social network and do not wish this data to be transferred, you must log out of the social network before visiting the Ahlcon or B. Braun website.
Plugins of the social network Facebook, provider Meta Platforms Inc. (USA) are integrated on our websites. You can recognise the Facebook plugins by the Facebook logo on our website. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/.
When you visit our websites, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited our website with your IP address. Facebook can hereby allocate the visit to our website to your user account. We would like to point out that we, as the provider of the websites, have no knowledge of the content of the transferred data or the processing thereof by Facebook.
If you do not wish Facebook to associate the visit to our websites with your Facebook user account, please log out of your Facebook user account.
Functions of the Twitter service are integrated onto our websites. These functions are offered by Twitter Inc (USA). By using Twitter and the "Re-Tweet" function, the websites you visited are linked to your Twitter account and announced to other users. In this context, data is also transferred to Twitter. We would like to point out that we as the provider of the websites neither receive any knowledge of the content of the transferred data nor their use by Twitter.
You can change your Twitter privacy settings in your account settings at http://twitter.com/account/settings.
Our website uses functions of the LinkedIn network. The provider is LinkedIn Inc (USA). A connection to servers of LinkedIn will be set up with each call of one of our websites, which contains functions of LinkedIn.. LinkedIn is informed that you have visited our website with your IP address. If you click the LinkedIn "Recommend" button and are logged into your LinkedIn account, it is possible for LinkedIn to link your visit to our website with you and your user account. We would like to point out that we as the provider of the website neither have any knowledge of the content of the transferred data nor their use by LinkedIn.
Our website uses functions of the XING network. The provider is XING AG (Germany Each time you access one of our pages that contains XING functions, a connection is established to servers of XING. To our knowledge, processing of personal data does not take place in this process. In particular, no IP addresses are stored, nor is user behaviour analysed.
Our website uses plugins from the YouTube site operated by Google. The operator of the websites is YouTube LLC (USA). When you visit one of our websites fitted with a YouTube plugin, a connection to the YouTube servers is established. It communicates to the Youtube server which of our websites you visited. If you are logged into your YouTube account, you enable YouTube to link your behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
In order to show you interactive maps directly on the website and to make the comfortable use of the map function possible, we integrate Google Maps from the service provider Google LLC (USA) on our websites. In order to use these services, the IP address of the user is transferred to Google. The IP address is required for the display of this content, but is only used to deliver the content. Your location data will not be collected by Google without your consent (usually part of your device settings).
We use the sharing button of the messenger service WhatsApp from the provider Meta Platforms Inc (USA). The sharing buttons allow you to share a post or website using WhatsApp. The WhatsApp sharing button is merely a link to the provider WhatsApp. Therefore, no data flows to WhatsApp simply by calling up our website.
If you actively use the WhatsApp button, a direct connection is established between your browser and the WhatsApp server via the plugin. WhatsApp thereby receives the information that you have visited our website with your IP address. If you click on the WhatsApp button while you are logged into your WhatsApp account, you can share the content of our website via your WhatsApp profile. This enables WhatsApp to link your visit to our website with your WhatsApp profile. We would like to point out that we, as the provider of the website, neither have any knowledge of the content of the transferred data, nor their use by WhatsApp. If you do not want WhatsApp to be able to associate your visit to our website with your WhatsApp profile, please log out of your WhatsApp account beforehand.
20. Your rights as a data subject
You have the right to the following at any time:
- free information on the personal data, their origin and recipients and the purpose of processing,
- restriction of processing,
- erasure of these data,
- receipt of your personal data in a structured, commonly used and machine-readable format (right to data portability),
- withdrawal of your consent to the processing of your personal data,
- lodging a complaint with the competent authority under the Act.
Objection to the processing of your data based on legitimate interests
You also have the right to object to the processing of your personal data at any time if this is carried out by Ahlcon or B. Braun on the basis of a legitimate interest (pursuant to Art. 6 (1) lit. of GDPR and applicable provisions of IT Act and SPDI Rules). As a result, the processing of your data will be halted, unless Ahlcon or B. Braun can show that there are statutory provisions concerning this or that it has grounds to continue processing the data based on legitimate interests. This is the case, for example, if data is still required in order to be able to assert legal claims where applicable.
Objection to processing for direct marketing purposes
You can object to the processing of your personal data for the purposes of advertising and data analysis at any time ("advertising objection").
On this point and for further questions concerning personal data, you can contact us here or using the contact information under section “Your contacts for data protection matters.” Upon request, we will inform you in writing if and which personal information we process about you, in accordance with applicable law.
21. Your contacts for data privacy matters
Ahlcon Parenterals (India) Ltd.
(a B. Braun group company)
Plot no. 30 & 30/E, 2nd Floor,
Shivaji Marg, Najafgarh Road Industrial Area,
New Delhi -110015.
At your request, we will inform you in writing, in accordance with the applicable law, whether we have stored any of your personal data and, if so, which specific data.