Privacy Policy

We appreciate your visit to our website and your interest in our company and range of services. Saidia Pharma Services Germany GmbH (hereinafter: “Saidia,” “we,” or “us”) places great importance on the protection of personal data. All our activities are carried out in compliance with applicable legal provisions for the protection of personal data and data security.

This Privacy Policy is intended to help you make informed decisions when you use our website or contact us. Below you will find information about what personal data we process, how it is used and what rights and choices you have regarding your data. By visiting our website or otherwise providing us with your data, you consent to the practices described in this Privacy Policy. Please read this Privacy Policy before using Saidia's website or otherwise providing us with your personal data.

1. Controller

This privacy policy applies to data processing by:

Saidia Pharma Services Germany GmbH
Reimerstwiete 11
20457 Hamburg
Germany

E info@saidiapharma.com
T +49 (0) 40 3750 3204

2. Whose Personal Data Do We Process?

We process personal data from

• Visitors to our website as well as
• Persons who contact us in writing or by telephone (e.g. applicants or interested parties).

3. How Do We Collect Personal Data?

We collect personal data

• Via our website, or
• when you contact us (e.g. by email, by telephone or via LinkedIn)

4. What Personal Data Do We Process and for What Purpose?

a) When you visit the website
When you use our website, certain information is automatically stored temporarily as so-called server log files with the help of cookies. In particular, the following data may be processed: IP address, date/time of access, data volume, source/referrer, browser type and version, browser plug-in type and version. The aforementioned data is processed for the following purposes:

• Ensuring a smooth connection of the website,
• Ensuring a comfortable use of our website,
• Evaluation of system security and stability, and  
• For other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR based on a legitimate interest.

b) Information that you provide to us by contact request
You can contact us by email, telephone or LinkedIn with questions of any kind, and you may provide us with personal data, e.g. name, address or other contact details. We use information that you voluntarily provide to us in this context in the following ways, depending on the occasion and purpose:

• Answering your inquiry
• Provision of information on our range of services
• Evaluation of system security and stability, and  
• For contract processing

Your data will only be used to the extent necessary for the reason and purpose for which you contacted us. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of a legitimate interest or Art. 6 para. 1 lit. b GDPR on the basis of contract initiation.

5. How Long Do We Store Your Data?

We retain your personal data only as long as necessary for the respective purpose. If information is used for multiple purposes, we retain it until the expiration of the longest retention period, after which it is irreversibly anonymized or securely deleted.

Only in a few exceptional cases may your data be stored beyond this, for example if storage is necessary in connection with the enforcement of or defense against legal claims in favor of Saidia.

6. When Do We Share Your Data With Third Parties?

We will only share your personal information with third parties if:

• You have given your express consent to this (pursuant to Art. 6 (1) a GDPR),
• this is legally permissible and necessary for the processing of contractual relationships with you (pursuant to Art. 6 para. 1 lit. b GDPR)
  
• there is a legal obligation (Art. 6 (1) lit. c GDPR), or
• we have a legitimate interest in the disclosure of the data (pursuant to Art. 6 para. 1 lit. f GDPR).

Data is not transferred for other purposes.

7. How Do We Protect Your Data?

• SSL encryption (https://) protects your data during transmission.
• Technical and organizational measures prevent manipulation, loss or unauthorized access.
• Security measures are regularly adapted to technological developments.

8. What Rights Do You Have?

According to the GDPR, you have the following data subject rights:

• Information about your personal data processed by us (pursuant to Art. 15 GDPR).
• Correction of incorrect or completion of your personal data stored by us (pursuant to Art. 16 GDPR).
• Deletion of your personal data stored by us (in accordance with Art. 17 GDPR), provided that there are no statutory retention obligations or overriding legitimate reasons to the contrary.
• Restriction of the processing of your personal data (according to Art. 18 GDPR), if we are not yet allowed to delete your data due to legal obligations.
• Data portability, provided that you have consented to the data processing or have concluded a contract with us (pursuant to Art. 20 GDPR).
• Object to the processing of your data by us (in accordance with Art. 21 GDPR).
• Revocation of consent given to us once (pursuant to Art. 7 (3) GDPR).
• Lodging a complaint with a supervisory authority (pursuant to Art. 77 GDPR). You can contact the competent supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

To exercise your rights, simply send an e-mail to data-protection@saidiapharma.com. We will check each request, confirming your identity, and usually respond within one month. In exceptional cases (e.g. complex requests), this period may be extended. If data has already been deleted, anonymized or is no longer available due to legal requirements, we may not be able to comply with your request. In this case, we will inform you of the reasons to the extent permitted by law.

9. Personal Data of Applicants

We process applicant data exclusively as part of the application process. This includes job title, educational information, professional qualifications, professional experience, publications and academic activities, professional networks, programs and activities.

During the application process, Saidia may process further personal data that is necessary for the performance of a contract. This includes identification number, tax status, bank details, details of any known disability and accessibility needs in the workplace. Your personal data will be deleted within one year unless you have expressly given us your consent to store your data for longer or a contract has been concluded.

10. Processing of Personal Data as a Processor

We sometimes process personal data on behalf of our customers in accordance with instructions. The processing takes place within the framework of a concluded data processing agreement (DPA), which ensures that all data protection regulations are complied with. The privacy policy of the respective customer applies, which is also binding for Saidia as the processor.

11. Cookies

We use cookies on our website. For more information, please see our Cookie Statement.

12. Use of Google Analytics

We only use Google Analytics with your explicit consent. The analysis service of Google LLC enables us to statistically evaluate the behavior of our users. This enables us to constantly improve the user-friendliness of our website and to target our content for marketing purposes.

Google Analytics uses IP shortening (IP masking). This means that your IP address is truncated by Google before it is processed, so that it cannot be directly linked to you personally. Only in exceptional cases will the full IP address be transmitted to the USA and shortened there. According to Google, the IP address transmitted by your browser will not be merged with other Google data. During your visit, events such as page views, click paths and interactions are recorded, as well as technical information such as browser data and referrer URLs.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Details on cookies and how to withdraw consent can be found in our cookie statement.

The data collected by Google Analytics and linked to cookies is automatically deleted after 2 months in accordance with our settings. The cookies set by Google have a maximum lifespan of 13 months (1 year and 1 month). At the end of this period, the cookies are automatically deleted.Google is certified in accordance with the "EU-US Data Privacy Framework", which is intended to ensure European data protection standards for data processing in the USA. Further information on Google's data protection practices can be found in the terms of use for Google Analytics and in Google's privacy policy.

13. Use of Google Maps

In order to display geographical information to our visitors, we integrate the Google Maps API of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google) on this website. When using Google Maps, it is necessary to process your IP address. This information is usually transmitted to a Google server in the USA and stored there. We have no influence on the type and scope of further processing by Google. Further information can be found in Google's privacy policy.

Google is certified according to the "EU-US Data Privacy Framework" (DPF). This means that Google undertakes to comply with European data protection standards even when processing data in the USA. The use of Google Maps is based on Art. 6 para. 1 lit. f GDPR (legitimate interest).

14. Social Media Plugin (LinkedIn)

We use a LinkedIn button on our website that leads directly to our company profile on LinkedIn. This is intended to increase our reach and facilitate interaction with interested parties, customers and partners.

The LinkedIn button is integrated as a simple HTML link and does not use cookies as long as it is not clicked. Only when you click on it will your data such as your IP address and the URL of the page accessed be transmitted to LinkedIn. LinkedIn can set cookies on your device and record your user behavior, regardless of whether you have a LinkedIn account or not. Users who are logged in can be assigned directly to their profile. LinkedIn Ireland Unlimited Company is responsible for this data processing. Details on processing and your rights can be found in LinkedIn's privacy policy.

The legal basis for the use of the plugin is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR.

15. Hosting of the Website

Our website is hosted by Webflow, Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter referred to as Webflow). When you visit our website, Webflow collects technical data such as your IP address. Further information can be found in Webflow 's privacy policy.

We have concluded a data processing agreement (DPA) with Webflow, which ensures that your data is processed in accordance with our instructions and in compliance with the GDPR. Webflow is certified in accordance with the "EU-US Data Privacy Framework" (DPF) and thus undertakes to comply with European data protection standards even when processing data in the USA. Webflow is used on the basis of legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

16. Links to Other Websites

On our website, we provide links to other websites that may be of interest to you. Please note that these websites may have their own privacy policies, which you should read. Saidia is not responsible for the content of these linked websites.

17. Amendment of Our Data Protection Policy

We reserve the right to update this privacy policy on a regular basis. Changes apply from the date of publication on our website. Your data will be processed in accordance with the version valid at the time of collection.

Last updated: September 2025.