Privacy Policy

A. Privacy policy for our website

https://www.itm-radiopharma.com/service/privacy-policy/

Thank you for your interest in our company. Data protection is particularly important to the management of ITM Isotope Technologies Munich SE. In principle, it is possible to use the Internet pages of ITM Isotope Technologies Munich SE without entering any personal data. However, if an individual would like to use our company's specific services via our website, we may have to process personal data. If it is necessary, without legal basis, to process personal data, we generally gain the consent of the Data Subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of a Data Subject, will always be carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to ITM Isotope Technologies Munich SE. By means of this data protection declaration, our company informs the public about the nature, scope and purpose of the personal data we collect, use, and process. This data protection declaration also sets out the rights of the Data Subject.
As a processor, ITM Isotope Technologies Munich SE implemented numerous technical and organizational measures to ensure the most complete protection of the personal data processed via this website. However, web-based data transmissions can be vulnerable, meaning 100% protection cannot be guaranteed. For this reason, any user, or Data Subject, is free to transmit personal data to us by alternative methods, such as by telephone.

1. Definitions

The Data Protection Declaration of ITM Isotope Technologies Munich SE is based on the terminology used by the European Directive and Regulation provider in the adoption of the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understand both for the public and our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms in this privacy statement, among others:

Personal data
Personal data is all information relating to an identified or identifiable natural person (hereinafter referred to as the 'Data Subject'). An identifiable person is considered to be an individual who can be directly or indirectly identified, in particular by an assigned identifier such as a name, to an identification number, location data, an online identifier or to one or more special characteristics, which are an expression of the physical, physiological, genetic, psychological, economic, cultural, or social identity of this natural person.
Data Subject
The Data Subject is any identified or identifiable natural person whose personal data are processed by the processor.
Processing
Processing is any operation performed with or without the help of automated procedures or any such sequence of operations in connection with personal data such as collecting, capturing, organizing, filing, storing, adapting or altering, exporting, retrieving, using, disclosing by transmission, disseminating, or any other form of provision, synchronizing or linking, restricting, deleting, or destroying.
Limited processing
Limited processing is flagging up stored personal data with the aim of limiting its future processing.
Profiling
Profiling is any kind of automated processing of personal data, which consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects of the performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts, or location change of this natural person
Pseudonymization
Pseudonymization is processing personal data in a way that the personal data can no longer be assigned to a specific Data Subject without the addition of further information, provided that this additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not assigned to an identified or identifiable natural person.
The Responsible Party or Processor
The Responsible Party or Processor is the natural or legal person, authority, institution, or other body acting alone or jointly with others to decide on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or by the law of the Member States, the Responsible Party or their named specific criteria may be in accordance with Union law or the law of the Member States.
External Processor
An External Processor is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the Responsible Party.
Recipient
The Recipient is a natural or legal person, authority, institution, or other body that discloses personal data, regardless of whether it is a third party or not. However, authorities that may receive personal data under a specific investigation mandate under Union law or the law of the Member States shall not be considered a recipient.
Third-Party
A third-party is a natural or legal person, authority, institution or other body other than the Data Subject, the Responsible Party, the Processor or Data Subject, who is authorized to process the personal data under the direct responsibility of the Responsible Party or Processor.
Consent
Consent shall be given voluntarily by the Data Subject for this particular case, in an informed manner and by way of an unambiguously delivered statement of intent in the form of a declaration or any other clearly affirming act with which the Data Subject gives to understand that they are in agreement with the processing of their personal data.

2. Name and address of the Processor

The Responsible Party for the purposes of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other data privacy provisions is:

ITM Isotope Technologies Munich SE
Lichtenbergstr. 1
85748 Garching bei München
Germany
Tel.: +49 89 329 89 86 6000
Email: info@itm-radiopharma.com
Website: www.itm-radiopharma.com

3. Name and address of the Data Protection Officer

ITM Isotope Technologies Munich SE appointed Mr. Marcel Erntges as its Data Protection Officer. You can contact Mr. Erntges as follows:

Marcel Erntges
PRW Consulting GmbH
Leonrodstrasse 54
80636 Munich
Email: datenschutz@itm-radiopharma.com
Tel. +49 89 210977-70

4. Cookies

The websites of ITM Isotope Technologies Munich SE use cookies. Cookies are text files which are stored and saved via an Internet browser on a computer system.
Many Internet sites and servers use cookies. Many cookies contain a 'cookie ID'. A cookie ID is a unique identifier for the cookie. It consists of a number string through which websites and servers can be assigned to the specific web browser in which the cookie was stored. This allows the visited websites and servers to distinguish the individual browser of the Data Subject from other web browsers that contain other cookies. A specific web browser can be recognized and identified by its unique cookie ID.

All cookies on this site are essential, and the site won't work as expected without them. These cookies are set when you submit a form or login. Cookies that are not necessary for the provision of our website are only placed on your device with your consent. (Art. 6 para. 1 lit. a) GDPR).

Essential functions:
These providers are used to operate the website or certain functions thereof, for example to ensure security or to make an appointment with us. These providers are mandatory and cannot be deselected.

Name	Domain	Purpose of the processing	Expiry time
Tx_cookies-accepted	itm-radiopharma.com	This is used to track whether you have already made a choice about cookies,.	1 Year
tx_cookies-consent	itm-radiopharma.com	This is used to track whether you have already made a choice about cookies,.	1 Year
__Secure-typo3nonce_#	itm-radiopharma.com	A CSRF-like request-token handling has been introduced to mitigate potential cross-site requests on actions with side-effects. T	Session

External content:
The providers in this category are used to integrate external content into our website. Content from other services is integrated into this website to enable the use of certain functions (e.g. booking an appointment) or to improve the user experience (e.g. fonts and graphics).

Name	Domain	Purpose of the processing		Expiry time
_Secure-Rollout_Token	Youtube.com		The __Secure-ROLLOUT_TOKEN cookie is used by YouTube to manage the phased rollout of new features and updates.	180 days
VISITOR_PRIVACY_META	Youtube.com	This Cookie is used by YouTube to store your cookie consent choice for our Website.		90 days
VISITOR_INFO1_LIVE	Youtube.com	Tries to estimate the users' bandwidth on pages with integrated YouTube videos.		180 days
YSC	Youtube.com	Registers a unique ID to keep statistics of what videos from YouTube the user has seen.		Session

5. Creating log files

When you visit our website, we collect access data and store it in a log file. This access data also includes the IP address. The log file also stores the name of the website accessed, the file accessed, the date and time of access, the amount of data transferred and notification of successful access, the browser type and version, the operating system, the referrer URL (the previously visited page) and the requesting provider.

Personal data			IP-Address;
Purpose of the processing			We collect the log file data, including the IP address, in order to ensure a smooth connection setup of the website and to enable convenient use of our website by users. The log file is also used to evaluate system security and stability and for administrative purposes.
Interest in data processing			The log file data, including the IP address, is used solely for the technical and design optimization of the website and to secure our systems (e.g. in the event of an attack on our IT or a security incident). The data in the log file, including the IP address, cannot be used by us to establish a personal reference when our website is accessed.
	Webhoster		Purpose	Details
	IONOS SE		Hosting of the Website	Datenschutzerklärung - IONOS AGB

Data storage duration		The log files, i.e. the IP address contained therein, are stored for 3-6 months and then automatically deleted.
Legal Basis		Art. 6 Abs. 1 f) GDPR
Provision mandatory or required		The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of the website is not guaranteed or restricted.

6. Web-Analysis

So-called tracking and web analysis tools are used on our website. This describes the collection of access data on our website and the evaluation of the behavior of our visitors for the purpose of optimizing our offer. These tools can be used to investigate how and from where visitors come to our site, which areas of a website are visited particularly often and how often and for how long which subpages and categories are viewed. We can also determine which search terms and websites the user has entered and evaluate how many users visit our pages overall and which information or offers are most in demand. The aim is to be able to design our offers and our website in a user-friendly way with the help of the knowledge gained from this. Statistical analysis of the usage profiles allows us to derive statements about the functionality and success of our websites and functions, such as answers to questions about how often information pages on certain product groups were accessed or how many visitors clicked on certain offers. With the help of tracking tools, we can tailor our offering more specifically to our customers, visitors and interested parties.

Personal Data	IP-Address;
Purpose	Tracking tools can be used to evaluate the behavior of website visitors and analyze their interests. We create a pseudonymous user profile for this purpose.
Transmission	We do not pass on your data to third parties. However, in the area of web and user analysis, we work together with professional service providers who compile user statistics on our behalf. The basis of this contractual relationship is, among other things, the obligation of the providers to have taken special precautions to protect your data and to process all personal data only in accordance with our instructions (Art. 28 GDPR).

Provider	Purpose	Details
Piwik PRO GmbH	Website- Analysis	Privacy Policy - Piwik PRO

Duration

Further details about the providers, how web tracking works and information about the technologies used in these tracking tools, the storage period of the cookies used and information can be found under point 4 Cookies. You can also withdraw your consent at any time and change your cookie settings for our website.

Legal Basis

Art. 6 Abs. 1 a) GDPR

Provision prescribed or required

The provision of the aforementioned personal data is neither legally nor contractually required.

7. Plugins and embedded functions

We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may be, for example, graphics, videos or social media buttons and posts (hereinafter uniformly referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content or function. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources.

Provider

Service

Information

Google Inc.

Youtube

Datenschutzerklärung – Datenschutzerklärung & Nutzungsbedingungen – Google

Legal Basis	Art. 6 Abs. 1 a) GDPR
Please note that in the event of interaction via the aforementioned media, data may also be processed outside the European Union, whereby the providers have undertaken to comply with the data protection standards of the EU. If necessary, further data processing operations may be triggered by the aforementioned providers after the start of a content, over which we have no influence.
Furthermore, user data is generally processed for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and the resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

8. Data collection when you register with the ITM Portal

Personal Data	Which personal data are transmitted to the Processor is determined by the entry screen (Registration Healthcare Professionals, Customer Registration, etc.) used for registration and consisting of the required fields: name, first name, address, zip code, city, email, company, business area, user name, and password. All other information is voluntary.
Purpose	By volunteering personal data on registration, the Data Subject helps the Processor to provide the Data Subject with content or services which, due to the nature of it, only registered users can be offered. The Processor may arrange to transfer the data to one or more External Processors, such as a parcel delivery provider, who will also use them exclusively for internal use, like the Processor.
Duration	Until we cease to use the registration or we are requested by you to delete them (withdrawal of consent).
Legal Basis	Art. 6 Para. 1 a) GDPR
Provision prescribed or required	The provision of the personal data is neither legally nor contractually prescribed. However, registration cannot take place without it.

9. Newsletter

Personal Data	E-Mail
Purpose	We only send newsletters, emails and other electronic notifications (hereinafter “newsletter”) with the consent of the recipient or with legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the user's consent. Otherwise, our newsletters contain information about our services and us.
Duration	We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for erasure is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a block list solely for this purpose.
Legal Basis	Registration for our newsletter is always carried out in a so-called double opt-in procedure. This means that after registering you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with other people's e-mail addresses.
Provision prescribed or required	The provision of the aforementioned personal data is neither legally nor contractually required. However, it is not possible to send the newsletter without this information.

10 Contact via the website

Personal Data	First name, last name, email, message, subject
Purpose	The website of ITM Isotope Technologies Munich SE contains information on the basis of legal regulations, which enables fast electronic contact with our company as well as direct communication with us, under a generic email address. If a Data Subject contacts the Processor by email or via a contact form, the personal data transmitted by the Data Subject are automatically saved. This personal data, voluntarily provided by a Data Subject to the Processor, are stored for the purpose of processing or contacting the Data Subject. This personal data is not passed on to third-parties.
Duration	Duration of the processing and handling of the request or until we are requested to delete it.
Legal Basis	In principle, we do not require any personal data to respond to inquiries. The legal basis is Art. 6 para. 1 lit. a) GDPR. If you are already a customer or contractual partner, the data processing is based on Art. 6 para. 1 lit. b) GDPR.
Provision prescribed or required	The provision of the personal data is neither legally nor contractually prescribed. However, registration cannot take place without it.

11. Privacy Policy on the Use of Social Media Plugins

We operate websites on several online platforms and social networks in order to interact with potential or existing customers, exchange information with interested parties and users, or advertise offers and services.

We operate our websites in so-called joint responsibility (under data protection law) with the providers. We process data that you share or publish directly via the online platforms and networks (e.g. via comment and chat functions) as the controller in order to interact with you in this regard or to exchange information with you. As part of this interaction, we may also receive statistical data on the use of our “channels and fan pages” from the platform operators. This includes, for example, information about interactions, likes, comments or summarized information and statistics (e.g. IP address; origin of followers) that help us to learn about interactions with our site. The legal basis for data processing in our area of responsibility is Art. 6 para. 1 sentence 1 lit. f) GDPR.

However, the providers mentioned also process data under their own responsibility. We have no influence on data that is processed by the provider under its own responsibility in accordance with its own terms of use and data protection. We would like to point out that when you access the aforementioned providers, further data (e.g. from your usage and “surfing behavior”) may be collected and possibly transmitted to the provider. Please also note that in the event of interaction via the aforementioned media, data may also be processed outside the European Union. Furthermore, user data is generally processed for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and the resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. Further information on this can be found in the data protection information of the respective providers. If we have personal data about you in connection with the use of the online platforms and networks, please address your concerns to us. If you also wish to assert rights against a specific provider, please contact the respective provider.

Provider	Plattform	Information
Meta Inc.	Facebook	Meta Privacy Policy and Supplemental Meta Platforms Technologies Privacy Policy \| Quest-Hilfe \| Meta Store
Microsoft Inc.	LinkedIn	LinkedIn Datenschutzrichtlinie
New Work SE	Xing	Datenschutz bei XING
Google LCC	YouTube	Datenschutzerklärung – Datenschutzerklärung & Nutzungsbedingungen – Google
X Corp.	X	X Datenschutzrichtlinien

12. Security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third parties gaining knowledge of it. These are continuously adapted and reviewed in line with the current state of the art. To ensure the confidentiality and integrity of the data you enter on our website, this data is transmitted via “https” and Transport Layer Security (TLS).

13. Rights of the Data Subject

You have the right at any time to request confirmation of whether we are processing your personal information, and the right to know what that data is. You also have the right to correct, delete and limit data processing, as well as the right to appeal against the processing of personal data at any time, or to revoke your consent to data processing at any time, or to request data transfer. You also have the right to complain to a supervisory authority in the event of a breach of data protection.
All rights can be asserted to us by email at datenschutz@itm-radiopharma.com or via the contact given under "Responsible Party".

B. Privacy Notice for our customers

With this data protection notice, we inform you about the processing of your personal data by us and about the rights to which you are entitled.

Who is responsible for data protection?

The controller for the respective data processing depends in detail on the respective service and product descriptions and the associated contractual documents between the respective ITM company and you. [ITM-Group]

How do you contact our data protection officer?

E-Mail: datenschutz@itm-radiopharma.com

What data do we process and where does it come from?

We process personal data that we receive in connection with the initiation of a business relationship, from a trade fair, from an existing business relationship or data that is publicly available. In particular, the following data is processed: Master data, correspondence data (e.g. correspondence with you, customer support), billing data as well as advertising and sales data. As part of our cooperation with business partners, we process personal data of end data of end users and contact persons at customers, interested parties, sales partners suppliers and partners (each a “business partner”)

Contact information, such as first and last name, business address, business telephone number, business cell phone number and business email address,
organizational information, including position and company name
payment data, such as information required to process payment transactions or fraud prevention, including credit card information and card verification numbers card verification numbers,
other information whose processing is necessary in the context of a project or the execution a contractual relationship with us or which is voluntarily provided by business partners provided by business partners, e.g. in the context of orders placed, inquiries or project details,
Personal data obtained from publicly available sources (including company company or professional social networks and websites), information databases or from credit agencies and
Information that is legally required as part of compliance and export control screenings such as date of birth, nationality, place of residence, ID numbers, information on relevant legal proceedings and other legal disputes in which business partners are involved in.

We process personal data for the following purposes:

Communicating with business partners about products, services and projects, e.g. to process inquiries from the business partner or to provide technical information on products products,
Planning, implementation and administration of the (contractual) business relationship between the business partner and us, e.g. to process orders for products and services to process orders for products and services, to collect payments, for accounting and billing purposes and to carry out deliveries, maintenance activities or repairs,
to create a personal profile with business-related information about interactions between you and us with the aim of providing you and the company you work for with provide you and the company you work for with relevant information and suitable offers for services and products and to improve our personal communication with you,
carrying out market analyses, competitions, contests or similar promotions and events events,
contacting you for information and offers on our products and services and services and carrying out other marketing activities and customer
Maintaining and protecting the security of our products and services and our websites our websites, preventing and detecting security risks, fraudulent activity or other criminal fraudulent activities or other criminal or malicious acts, preventing actions,
Compliance with legal requirements, existing retention obligations, existing obligations to carry out compliance screenings as well as our guidelines and industry standards and settlement of legal disputes, enforcement of existing contracts and for the assertion, exercise and defense of legal claims.

What do we process your data for (purpose of processing) and on what legal basis?

a) Based on your consent to data processing (Art. 6 para. 1 lit. a GDPR)

If and to the extent that you have given your consent to the processing of personal data, the respective consent is the legal basis for the processing specified therein. This applies, for example, to the receipt of electronic customer information. You can revoke consent at any time with effect for the future.

b) For the fulfilment of contractual obligations (Art. 6 (1) (b) GDPR)

Your data will be processed for the purpose of initiating or executing our contracts with you or our contractual partners, i.e. for the provision of our services.

c) In the context of the balancing of interests (Art. 6 para. 1 lit. f GDPR)

Your data may also be used on the basis of a legitimate of interests to protect the interests of us or third parties. This is done, for example, for the purpose of further developing services or systems and products, ensuring IT security and IT operations, advertising, market and opinion research, asserting legal claims and defending in legal disputes, preventing and investigating crimes, as well as risk management and fraud prevention.

d) Due to legal requirements (Art. 6 para. 1 lit. c GDPR)

We are subject to various legal obligations that entail data processing. These include, for example, tax laws, as well as statutory accounting, the fulfilment of inquiries and requirements from national or foreign supervisory or law enforcement authorities, as well as the fulfilment of control and reporting obligations under tax law.

Who do we share the data with?

Within the company, we will only pass on your data to those departments of us that need it to fulfil contractual and legal obligations or to fulfil their respective tasks. In addition, external bodies will only receive your data without exception if they have been contractually bound by us to fulfil their obligations as processors (Art. 28 GDPR) and ensure that they process your data in accordance with our instructions or to bodies or persons for whom you have given us your consent to the transfer of data.

Do we transfer data to third countries?

If we transfer your personal data to a recipient who is not based in the European Economic in the European Economic Area, we will ensure that your data is adequately protected in protected in accordance with the General Data Protection Regulation. In this context we take the following measures, where required by law

We therefore only pass on your personal data to Group companies in such countries only if they have (i) concluded EU standard contractual clauses with us.

Further information on the measures implemented can be requested at: datenschutz@itm-radiopharma.com

How long do we store your data?

We will only store your personal data for as long as is necessary for the provision of the related contractual services. In addition to the duration of the actual business relationship, this also includes data processing in the context of the initiation and execution of contracts. In addition, we are subject to various retention and documentation obligations, which result, among other things, from the Commercial Code and tax regulations (Tax Code – AO). The retention or documentation periods specified there are five to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), can usually be three years, but in certain cases up to 30 years.

Is there an obligation to provide personal data?

In the context of our business relationship, you only have to provide the personal data that is necessary for the establishment, implementation and termination of a business relationship or that our contractual partners or we are legally obliged to collect. Otherwise, the conclusion of the contract or the execution of the contract is not possible.

To what extent is there automated decision-making in individual cases?

As a matter of principle, we do not use automated decision-making in accordance with Art. 22 GDPR to establish and carry out the business relationship. If we use these procedures in individual cases, we will inform you separately.

To what extent do we use your data for profiling?

We process your data partly automatically with the aim of evaluating certain personal aspects (so-called "profiling" in accordance with Art. 4 No. 4 GDPR). Profiling is used, for example, to determine potential interest of our contractual partners in our products and their services.

What data protection rights do you have?

Under the respective legal requirements, you have the right to request confirmation at any time as to whether we are processing personal data and the right to information about this personal data. In addition, you have the right to rectification, deletion and restriction of data processing, as well as the right to object to the processing of personal data at any time, or to revoke your consent to data processing at any time or to request data transfer. In addition, you have the right to complain to a supervisory authority in the event of data protection violations.

Separate reference to your right to object

Case-by-case right of objection

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (f) GDPR (data processing on the basis of a legitimate of interests). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR, which can be carried out, for example, for customer advice and customer support and for sales purposes. If you object, your personal data will no longer be processed, unless we demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to object to the processing of data for direct marketing purposes

We may also process your data for direct marketing within the framework of the legal provisions. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, without incurring any costs other than the transmission costs according to the basic tariffs. This also applies to profiling, insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made in any form. The contact details can be found under section 1.