This app (hereinafter the “App“) is provided by Bayer Aktiengesellschaft | 2000 | Germany (hereinafter „us“ or „we“). For further information regarding the provider of the App, please refer to our imprint.
Handling of personal data
In the following we wish to provide you with information on how we handle your personal data when you use our App. Unless otherwise indicated in the following chapters, the legal basis for the handling of your personal data results from the fact that such handling is required to make available the functionalities of the App as requested by you, as well as to enable you to fulfill your contractual obligations as an employee or partner. (Art. 6(1)(b) General Data Protection Regulation).
Purpose of processing personal data in the COCO Application
We process personal data for enabling our commercial Salesforce and medical Representatives to provide data privacy information and collect consent from our customers and partners. For this reason, we provide log-in functionality and user interface to our internal and external field representatives.
Using our app
Accessing our app
In order to make available to you the services of our App, it will transfer the following information to us, every time you use our App:
- IP address
- Date and time of access
- Time zone difference to Greenwich Mean Time (GMT)
- Operating system information
- Status of access/HTTP status code
- Transferred volume of data
- Language settings, version of app
- Log-in credentials (username and password)
Moreover, to protect our legitimate interests, we will store such information for a limited period of time in order to be able to initiate a tracking of personal data in the event of actual or attempted unauthorized access to our servers (Art. 6(1)(f) General Data Protection Regulation).
Registration and login
In order to be able to use the services of our App, we will provide you with personal log-in credentials and a log in functionality that is based on our global managed Single-Sign-On (SSO) and information and access management systems. For this login procedure, we collect the following information about you:
- User name and password
We process this personal data in order to provide you with an access to the services of our App.
Third party login services/single sign on
As part of our contractal employee or partner relationship with you (Art. 6(1)(b) General Data Protection Regulation), we enable you to log in to our services by using the third party login service provider Microsoft Azure AD (hereinafter “Login-Service Provider”). In order to use this login service, you will be asked to login to the app via the Login-Service Provider’s service using your respective login credentials. By doing so, your profile will be connected to our service, which means that Login-Service Provider receives the information that you use our service and we automatically receive the following information about you:
- User name
We will use this information only to identify you during your logins. For further information on how Login-Service Provider’s service work and how the Login-Service Provider processes your personal data, please refer to your local HR department and the Login-Service Provider‘s Privacy Policy.
App analytics and online behavioral advertising
App analytics with Google
On our App we use an analytics service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). Google will analyze your use of our App on our behalf in order for us to be able to better understand how you use this App, which enables us to improve this App according to our customers’ interests. The information collected by Google in connection with your use of our App (e.g. content of our App visited by you, your language settings, your operating system, your screen resolution, etc.) will be transmitted to a server of Google in the US, where it will be stored and analyzed. The respective results will then be made available to us in anonymized form. Your usage data will not be connected to your full IP address during this process. We have activated on our App the IP anonymizing function offered by Google, which will delete the last 8 digits (type IPv4) or the last 80 bits (type IPv6) of your IP address after each data transfer to Google. Moreover, by concluding specific agreements with Google we ensure that an adequate level of data protection is maintained with respect to the processing of personal data by Google in the US. We only analyze your use of this App, if we have obtained your prior consent upon your first access to our App or if you make use of the switch above to turn app analytics on or off (Art. 6(1)(a) General Data Protection Regulation). You may withdraw your consent at any time by using the same switch above.
Recipients of personal data
Commissioned processing
For the processing of your personal data we will to some extent use specialized service contractors that process your data on our behalf (e.g. for IT-Support or cloud services). This includes in particular also:
Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Microsoft Azure AD Service manages Bayer-wide SSO capabilities for all Bayer employee and external partners single-sign-on, information and access management.
Tata Consultancy Services (TCS) Deutschland GmbH, Messeturm, 60308 Frankfurt am Main Germany, is our partner for IT support and operational services.
OneTrust Ltd. 82 St. John Street, Farringdon, London EC1M 4JN, United Kingdom is our consent management system provider for maintaining and collecting customer and partner digital marketing consents.
Such service contractors are carefully selected and regularly monitored by us. Based on respective data processing agreements, they will only process personal data in accordance with our instructions.
Affiliates
We may share your personal data with our affiliates from the Bayer Group, where necessary for the purposes described above.
Authorities and state institutions
We may share your personal data with law enforcement agencies or other authorities and state institutions if legally required or necessary for the purposes described above.
External lawyers
In order to support legal decisions and to pursue or defend against legal claims, we may share your personal data with external lawyers.
Prospective buyers in the context of Mergers & Acquisitions
We may share your personal data with a prospective buyer in case of an acquisition, merger or any other type of corporate or asset transition involving a change of ownership or control concerning us or our services.
Processing of personal data outside the EEA
Your personal data may be transferred to countries outside the European Economic Area, including such for which the European Commission has not issued an adequacy decision. If no adequacy decision exists for the respective country, we will ensure an adequate level of protection for your personal data by concluding so-called standard contractual clauses - adopted by the European Commission - with the recipient (to obtain a copy, please refer to the contact details below), or we will ask for your explicit consent to the transfer.
Information regarding your rights
The following rights are in general available to you according to applicable data privacy laws:
- Right of information about your personal data stored by us;
- Right to request the correction, deletion or restricted processing of your personal data;
- Right to object to a processing based on legitimate interest or public interest, unless we are able to proof that compelling, warranted reasons superseding your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
- Right to data portability;
- Right to file a complaint with a data protection authority;
- Where you have provided your consent to the processing of your personal data, you may at any time withdraw your consent with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the withdrawal.
Contact
For any questions you may have with respect to data privacy, or if you wish to exercise your rights, please address your request to our contact form or contact our company data protection officer at the following address:
Data Privacy Officer
Bayer AG
51368 Leverkusen, Germany
Amendment of privacy statement
We may update our Privacy Statement from time to time. Updates of our Privacy Statement will be published on our App. Any amendments become effective upon publication on our App. We therefore recommend that you regularly visit the site to keep yourself informed on possible updates.