Name and contact details of the controller
This data protection information applies to data processing by:
Stichting Katholieke Universiteit (RUMC)
Geert Grooteplein Noord 9
6525 EZ Nijmegen
- Customers of Serotonin and Beyond
- Potential customers with whom Serotonin and Beyond has contacted or wanted to contact
- Visitors to the website of Serotonin and Beyond
- Recipients of newsletters and commercial emails from Serotonin and Beyond
- Any person who contacts Serotonin and Beyond or whose personal data is processed by Serotonin and Beyond
Collection and storage of personal data and
the nature and purpose of their use
Personally provided information includes:
- Contact information and other personal information needed to enable collaboration with a consultant
- Contact details provided when you typed in contact forms or web forms
- Contact details disclosed during introductory talks, events, seminars, etc.
Personal information obtained from another source includes:
- Personal data available on public social media, such as LinkedIn
- Personal information to be found in the Chamber of Commerce
- Personal information found on the company’s websites
When visiting the website
When you visit our website www.serotonin-and-beyond-project.eu, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:
- IP address of the requesting computer,
- Date and time of access,
- the name and URL of the retrieved file,
- Website from which access is made (referrer URL),
- Browser and, if applicable, the operating system of your computer as well as the name of your access provider.
The above data will be processed by us for the following purposes:
- Ensuring a smooth connection of the website,
- Ensuring comfortable use of our website,
- evaluation of system security and stability as well as
- for other administrative purposes.
The legal basis for data processing is Art. 6 para. 1 sentence 1 letter f GDPR. Our legitimate interest follows from the above-mentioned purposes for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.
When registering for our newsletter
Provided that you have expressly consented in accordance with Art. 6 para. 1 sentence 1 letter a GDPR, we will use your e-mail address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address.
You can cancel your subscription at any time by sending an informal message (subject: cancellation) to:
(by post) Serotonin and Beyond
Stichting Katholieke Universiteit (RUMC)
Geert Grooteplein Noord 9
6525 EZ Nijmegen
(by e-mail) firstname.lastname@example.org
Use of your data
We use your personal data for various purposes. The following is a list:
For the implementation of an agreement in which you have commissioned us to provide innovation and financing advice from our consultants. If you place an order with a consultant, at least your contact details will be requested. Depending on the nature of the assignment, other personal data may also be required to process the assignment. In addition, the data is used to invoice the services provided.
- Compliance with legal obligations
- The collection of fees.
- Recruitment and selection (application)
- Maintaining contact with you
In order to carry out marketing campaigns more efficiently and to improve product and service information, your contact details are stored in EU CRM systems and can be used to send newsletters, updates, event and seminar invitations and to send you information you have requested from Serotonin and Beyond.
We think it is important to address you with relevant information. To do this, we combine and analyse the personal data we hold about you. On this basis, we determine which information and channels are relevant and which moments are most appropriate for providing information or contacting you. We do not process any specific personal data or confidential data in marketing campaigns. If we wish to create a personal, individual customer profile, we ask for your prior consent. If you wish to withdraw this consent later, this is always possible.
To analyse data, in the following we distinguish between interaction and behaviour data.
Interaction data: Personal data, which are obtained through the contact between you and Serotonin and Beyond. For example, about your use of our website or supported applications. This also applies to offline interactions, e.g. how often and when there is contact between Serotonin and Beyond and you.
Behavioural data: Personal data which Serotonin and Beyond processes about your behaviour, such as your preferences, opinions, wishes and needs. We can derive this data from your surfing behaviour on our website, from our newsletters or from your request for information. But also, through contact, incoming telephone calls and e-mail contact with our employees. We only collect and use information that we obtain by tracking cookies with your permission, which you can revoke at any time. See our cookie declaration.
To improve user statistics. The user statistics of the website allow us to get an image of the number of visitors, the duration of the visit, the parts viewed of the website and the click behavior. These are generic reports with no information about individuals. We use the information obtained to improve the website.
To ensure access control and enterprise security. If you visit our office, we will note your name on arrival. In addition, camera images may be taken outside the office, at reception and at the entrance to the meeting rooms. We do this to prevent unauthorised persons from entering the office in the event of an accident and to ensure that no unauthorised persons have access to the office. Camera recordings are generally destroyed after ten days.
Disclosure of data
Your personal data will not be transferred to third parties for purposes other than the ones listed below.
We will only share your personal information with third parties if:
- you have given your express consent in accordance with Art. 6 Para. 1 p. 1 letter a GDPR
- the disclosure pursuant to Art. 6 Para. 1 p. 1 letter f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- if there is a legal obligation to pass on the data pursuant to Art. 6 Para. 1 p. 1 letter c GDPR, and
- this is legally permissible and is required under Art. 6 Para. 1 p. 1 letter b GDPR for the processing of contractual relationships with you.
In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain fixed period. If you visit our site again to make use of our services, we will automatically recognise that you have already been to our site and what entries and settings you have made so that you do not have to enter them again.
The data processed by cookies is required for the above mentioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 Para. 1 S. 1 letter f GDPR.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.
The tracking measures listed below and used by us are carried out based on Art. 6 para. 1 sentence 1 letter f GDPR. With the tracking measures used, we want to ensure that our website is designed to meet the needs of our customers and is continuously optimised. On the other hand, we use the tracking measures to record the use of our website statistically and evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as justified in the sense of the regulation.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
For the purpose of designing and continuously optimising our pages to meet your needs, we use Google Analytics, a web analysis service of Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymised user profiles are created and cookies (see section 4) are used. The information generated by the cookie about your use of this website such as
- Browser type/version,
- Operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request,
are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and the design of these Internet pages in line with requirements. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are made anonymous, so that an assignment is not possible (IP masking).
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.
As an alternative to the browser add-on, especially in the case of browsers on mobile devices, you can also prevent Google Analytics from recording the data by clicking on this link. An opt-out cookie is set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found in the Google Analytics help.
Google Adwords Conversion Tracking
In order to record the use of our website statistically and to evaluate it for you for the purpose of optimizing our website, we also use Google Conversion Tracking. Google Adwords sets a cookie (see paragraph 4) on your computer if you have reached our website via a Google ad.
These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page.
Each Adwords customer receives a different cookie. Cookies cannot therefore be tracked through adwords customers’ websites. The information collected using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers will learn the total number of users who clicked on their ad and have been redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users.
Social Media Plug-ins
We use our website on the basis of Article 6(0). 1 p. 1 letter f GDPR social plug-ins of the social networks Facebook, Linkedin, Twitter, Vimeo, Xing and Youtube as well as Google Maps to make our company better known about this. The underlying commercial purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for the data protection-compliant operation is to be guaranteed by their respective providers. The integration of these plug-ins by us takes place by means of the so-called two-click method in order to protect visitors to our website in the best possible way.
On our website, social media plugins from Facebook are used to make their use more personal. For this we use the “LIKE” or “SHARE” button. It is an offer from Facebook.
When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated by it into the website.
By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can assign the visit to our website directly to your Facebook account. If you interact with the plugins, for example by pressing the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also posted to Facebook and displayed to your Facebook friends.
Facebook may use this information for the purpose of advertising, market research and the needs of the Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services related to the use of Facebook.
If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.
We use components of the LinkedIn network on our website. LinkedIn is a service of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you access our website that is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the LinkedIn component.
This process informs LinkedIn which specific page of our website is currently being visited. If you click on the LinkedIn “Recommend” button while you are logged into your LinkedIn account, you can link the contents of our pages to your LinkedIn profile. As a result, LinkedIn is able to associate the visit to our pages with your LinkedIn user account.
Plugins of the short message network of Twitter Inc. are on our website. (Twitter). You can recognize the Twitter plugins (tweet button) by the Twitter logo on our site. An overview of tweet buttons can be found here.
When you visit a page of our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. Twitter receives the information that you have visited our site with your IP address. If you click on the Twitter “tweet” button while you are logged into your Twitter account, you can link the contents of our pages to your Twitter profile. This allows Twitter to assign the visit to our pages to your user account. We would like to point out that we, as the provider of the pages, do not receive any knowledge of the content of the transmitted data as well as their use by Twitter.
If you do not want Twitter to be able to associate the visit to our pages, please log out of your Twitter account.
We use components from the supplier Vimeo on our website. Vimeo is a service of Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA. Every time you access our website that is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the Vimeo component. When you visit our site and are logged in to Vimeo, Vimeo recognizes which specific page you are visiting through the information collected by the component and assigns this information to your personal account at Vimeo. For example, if you click on the “Play” button or make comments, this information will be transmitted to your personal user account at Vimeo and stored there. In addition, the information that you have visited our site will be passed on to Vimeo. This happens regardless of whether you click/comment on the component, for example, or not.
We use components of the network XING.com on our website. These components are a service of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
Every time you access our website that is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the component of XING.
On our website we use components (videos) of youTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.
We use the option provided by YouTube – extended privacy mode. According to YouTube, in ” extended data protection mode” only data is transmitted to the YouTube server, in particular which of our websites you have visited when you watch the video. If you are logged in to YouTube at the same time, this information will be associated with your YouTube account. You can prevent this by logging out of your account before visiting our website.
When you visit a page that has an embedded video, you connect to the YouTube servers and display the content on the website by notifying your browser.
Further information on YouTube’s privacy is provided by Google at this link.
We use the component “Google Maps” of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter “Google”, on our website.
Every time the “Google Maps” component is accessed, Google sets a cookie to process user settings and data when viewing the page on which the Google Maps component is integrated. This cookie is usually not deleted by closing the browser, but expires after a certain time, unless it is deleted manually by you beforehand.
If you do not agree with this processing of your data, it is possible to deactivate the service of “Google Maps” and in this way prevent the transfer of data to Google. To do this, you need to disable the Java script function in your browser. However, we would like to point out that in this case you will not be able to use the “Google Maps” or only to a limited extent.
Publication of job advertisements / online job applications
Your application data will be collected and processed electronically by us for the purpose of processing the application process. If your application is followed by the conclusion of an employment contract, your transmitted data may be stored in your personnel file for the purpose of the usual organisational and administrative process in compliance with the relevant legal regulations.
The deletion of the data you have submitted will automatically take place two months after notification of the rejection if your job application is rejected. This does not apply if a longer storage is necessary due to legal requirements (e.g. the obligation to provide evidence under the General Equal Treatment Act) or if you have expressly consented to a longer storage in our database of interested parties.
You have the right to:
- in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of their data, if not collected from us, and the existence of automated decision-making, including profiling and, where applicable, meaningful information on its details;
- require the correction of inaccurate or complete your personal data stored by us without delay in accordance with Art. 16 GDPR;
- require the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary for the exercise of the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you require it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Article 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
- in accordance with Art. 3 GDPR to revoke your consent to us at any time. As a result, we may no longer continue the processing of data based on this consent for the future and
- to a regulatory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.
Legal basis of processing
We process personal data on the basis of one of the following legal reasons:
- Get permission
- based on a contract agreement or agreement prior to the conclusion of the contract
- legal obligation
- In connection with a legitimate interest.
A controller may only process personal data if this can be based on one of the restrictive legal reasons set out in the General Data Protection Regulation (GDPR). The four legal bases on which Serotonin and Beyond rely are:
If we have asked for your permission to process your personal data and you have granted this permission, you also have the right to revoke this consent.
Contract agreement or agreement before conclusion of the contract:
If you order us to provide innovation or financial advice services, we will process personal data if and to the extent necessary to carry out the order.
We will only provide personal information to the superiors of investigative authorities if this is required by law. In such cases, we will take reasonable steps to ensure that your personal information is protected as much as possible.
We may also process personal data if we have a legitimate interest in it and therefore do not disproportionately violate your privacy. For example, we use your contact information to invite you to seminars and events.
We may use service providers (processors) to process your personal data, which only process personal data in our order. We enter into a processing agreement with these processors that meets the requirements of the General Data Protection Regulation (GDPR).
For example, we work with service providers who offer Software as a Service (SaaS) solutions or hosting services. There are also ICT service providers that help us keep our systems safe and stable. We also use third-party services to send newsletters and commercial emails. These are examples of parties that can be referred to as processors under the General Data Protection Regulation (GDPR).
Right to object
If your personal data is based on legitimate interests in accordance with Article 6 sec. 1 p. 1 letter f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, insofar as there are reasons for doing so, which arise from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which we implement without specifying a specific situation.
If you wish to exercise your right of withdrawal or objection, please send an e-mail to Serotonin and Beyond