Privacy Protection

Data Protection Declaration of

admedicum® Business for Patients GmbH & Co. KG (as of May 2018)

for the registration at PEGASUS Networking Events via

www.pegasus-networking.com.

We appreciate your interest PEGASUS Networking Events and in registering via www.pegasus-networking.com.. We understand that protecting your privacy when using our websites is important to you. Therefore, it is of utmost priority for us to comply with the legal regulations on data protection. It is also important for us that you as a registered user know at all times when and how we collect, store and use information about you.

In the following, we will inform you about the collection and other processing (e.g. storage, retrieval, modification, disclosure) of personal data when using our website. Personal data is all data that is personally relatable to you, e.g. your name, address, e-mail address, user behaviour.

Insofar as we process personal data as part of the use of our website or rely on contracted service providers for certain functions, offers or services of our website with regard to data processing or if we wish to use your data for advertising purposes, we provide you with detailed information on the respective processes below, in particular, which data will be processed. We also inform you of the intended storage duration or, at least, the specified criteria for storage duration as well as the relevant legal basis for the respective processing.

The most important first:

Your complete set of registration data can only be seen by admedicum^® Business for Patients GmbH & Co KG as the administrator of the registration platform. admedicum however will store your data on a server separate from the other data of the company. Your data will only be used for the organisation of PEGASUS Networking Events and -if you have opted in for that option- for information to you regarding PEGASUS news. E.g. you will not receive marketing communication from admedicum. Also, you data will not be shared with or transfered to any other party (as e.g. co-sponsors of PEGASUS.
Following login registered PEGASUS members can see your name, sector, function /title and organisation (but not your email) under the event(s) which you have registered for. Also you can see all registered people for the respective event. Wer delete past events at the latest 2 years after they have occurred.

I.Name and address of the Responsible Person

The Responsible Person within the framework of the EU General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:

admedicum^® Business for Patients GmbH & Co KG, represented by the Managing Partner Philipp von Gallwitz

Industriestr. 171, 50999 Cologne

Tel .: +49 2236 / 94733-60

Fax: +49 2236 / 94733-69

Email: info@admedicum.com

Website: www.admedicum.com

II.Collection and storage of personal data as well as the nature, purpose, legal basis and duration of their use

§ 1 When visiting the website

In the case of merely informative use of the website, i.e. if you do not register or otherwise provide us with information, we will only collect the personal access data in so-called server log files, which your browser transmits to our server. As part of the server log files, the following data is collected:

IP address

Date and time of the request

Time zone difference to Greenwich Mean Time (GMT)

Content of the requirement (concrete web page)

Access Status / HTTP status code

The transmitted amount of data

Website from which the request comes

Browser

Operating system and its interface

Language and version of the browser software.

These data are evaluated solely in order to ensure trouble-free operation of the website in terms of stability and security and to improve our offer and then discarded. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest is derived from the aforementioned purposes of data collection.

The data is also stored in the log files of our system. Not affected by this are the IP addresses of the user or other data that allow for the data to be assigned to a user. This data is not stored together with other personal data of the user.

The collection of data for the provision of the website and the storage of the data in log files is indispensable for the operation of the website. There is consequently no right to object on the part of the user.

The data will be deleted as soon as it is no longer required for the purpose of its collection. In the case data collected for providing the website, the data is deleted when the respective session is closed.

In addition, we use cookies and analytical services on our website. Further details can be found in section III of this Data Protection Declaration.

III.Use of cookies

§ 1 Scope of data processing

In order to make the visit to our website user-friendly and effective and to enable the use of certain functions, we use so-called cookies on various pages. Cookies are small text files that are saved on your device and which store certain settings and data used for exchange with our system via your browser. Through cookies, the body setting the cookies (in this case us) receives certain information. Cookies cannot execute programme files and cannot transmit viruses to your computer.

Cookies contain no personal data and can therefore not be directly assigned to a user. Please note that certain cookies are already set as soon as you enter our website.

This website uses the following types of cookies:

Required/Functional Cookies: These cookies are required to enable the operation of our website. They include e.g. cookies that allow you to log in to the customer area or to put something in the shopping cart.

Transient cookies: These cookies are automatically deleted when you close the browser. They include in particular the session cookies which store a so-called session ID that allows requests from your browser to be assigned to the common session. This will enable us to recognize your computer when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies: These cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete these cookies in the security settings of your browser at any time.

You can configure your browser settings according to your wishes and e.g. decline the acceptance of third-party cookies or of all cookies. Also, your browser can be configured to alert you each time a cookie is created. Please consult the user manual of your browser provider. Please note that if you refuse cookies, you may not be able to use all features of this website.

The legal basis for the use of cookies is Article 6 paragraph 1 sentence 1 lit. f DSGVO. Our legitimate interest is derived from the above purposes of making the offerings of our website more user-friendly and effective.

IV.Google Maps

On this website we use the offer of Google Maps. This allows us to show you interactive maps directly in the website and allows you to conveniently use the map feature.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This is done regardless of whether you are logged in to a Google user account, or whether a user account does not exist. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or tailor-made website design. Such an evaluation is done in particular (even for users who are not logged in) to provide adequate advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, and you have to execute this right directly towards Google.

For more information on the purpose and scope of data collection and its processing by the plug-in provider Google, please refer to the provider's Data Protection Declaration. There you will find further information on your rights and settings to protect your privacy:

http://www.google.com/intl/en/policies/privacy. Google processes your personal data also in the United States and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Third Party Information: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

V.Your rights

You have the following rights with respect to the processing of personal data relating to you through us:

Right to information, Art. 15 GDPR:

You are entitled to receive a confirmation from the Responsible Person on whether or not he processes your personal data.

If such processing is conducted, the Responsible Person is obliged to inform you about:

the purposes for which the personal data are processed;

the categories of personal data that are processed;

the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed, in particular regarding recipients in third countries or international organizations; in the latter cases you may ask to be informed about the appropriate guarantees in accordance with. Art. 46 GDPR related with the data transfer;

the planned duration of storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;

the existence of a right to rectification or deletion of personal data concerning you, a right to restriction of processing by the Responsible Person or a right to object to such processing;

the existence of a right of appeal to a supervisory authority;

all available information on the sources of the data in case the personal data were not collected from the data subject;

the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and impact of such processing on the data subject.

Right to rectification, Art. 16 GDPR:

You have a right to rectification and/or completion towards the Responsible Person, if the personal data processed about you is incorrect or incomplete. The Responsible Person has to make the correction without delay.

Right to cancellation, Art. 17 GDPR:

a) Duty of deletion

You may require the Responsible Person to delete your personal information without delay, and the Responsible Person is obliged comply with that request immediately if one of the following is true:

Your personal data are no longer required for the purposes for which they were collected or otherwise processed.

You revoke your consent to the processing pursuant to Art. 6 (1) lit. a or Art. (2) lit. a GDPR and there is no other legal basis for processing.

You object to the processing pursuant to Art. 21 (1) GDPR (see VI.) and there are no prioritized justifiable reasons for processing, or you object to the processing pursuant Art. 21 (2) GDPR.

Your personal data has been processed unlawfully.

The deletion of your personal data is required to fulfil a legal obligation under the law of the European Union or the law of the Member States to which the Responsible Person is subject.

Your personal data was collected in relation to services of the information society pursuant to Art. 8 (1) GDPR.

b) Information to third parties

If the Responsible Person has made the personal data concerning you public and is obliged to delete it pursuant to Article 17 (1) of the GDPR, he shall take appropriate measures, including technical means, taking into account available technology and implementation costs, to inform other Responsible Persons who process your personal data that you demanded deletion of the personal data concerning you as well as deletion of any links to such personal data or of copies or replications of such personal data.

c) Exceptions

The right to deletion is precluded if the processing is required

To exercise the right to freedom of expression and information;

In order to fulfil a legal obligation requiring data processing under the law of the European Union or of the Member States to which the Responsible Person is subject, or in order to perform a task of public interest or in the exercise of public authority delegated to the Responsible Person;

for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;

for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, insofar as the execution of the law referred to in subparagraph a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or

to assert, exercise or defend legal claims.

Right to restriction of processing, Art. 18 GDPR:

You may request the restriction of the processing of your personal data under the following conditions:

if you deny the accuracy of your personal data for a period of time that enables the Responsible Person to verify the accuracy of your personal information;

if the processing is unlawful and you object to the deletion of your personal data and instead demand the restriction of the use of your personal data;

if the Responsible Person no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or

if you have filed an objection to the processing pursuant to Art. 21 (1) GDPR (see VI.) and it is yet uncertain whether justifiable reasons of the Responsible Person prevail over your reasons.

If the processing of personal data concerning you has been restricted, this data may only be used – except for storage – with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

If you have gained a restriction of processing under the abovementioned conditions, you will be informed by the Responsible Person before the restriction is lifted.

Right to information, Art. 19 GDPR:

If you have executed the right to rectification, deletion or restriction of processing towards the Responsible Person, he is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or of the restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right towards the Responsible Person to be informed about these recipients.

Right to data portability, Art. 20 GDPR:

You have the right to receive the personal data you provided to the Responsible Person in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another Responsible Person without interference by the Responsible Person to whom the personal data were originally provided, if

the processing is based on a consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR, and

the processing is conducted using automated procedures.

In exercising this right, you are further entitled to demand that your personal data be transmitted directly from one Responsible Person to another, provided that this is technically feasible. Freedoms and rights of other persons may not be infringed.

Your right to cancellation remains unaffected.

The right to data portability does not apply to the processing of personal data required for the performance of a task in the public interest or in the exercise of official authority delegated to the Responsible Person.

Right to object, Art. 21 GDPR

You have an individual case-based right to object as well as a right to object to the processing of data for advertising purposes. For more information, see Section VI. of this Data Protection Declaration.

Right to revoke the declaration of consent regarding data protection laws

Any given consent to the processing of your personal data can be revoked at any time towards the Responsible Person. Please note that the revocation will be effective only for the future. The lawfulness of data processing on the basis of the consent prior to the revocation remains unaffected.

Automated decision on a case-by-case basis, including profiling, Art. 22 GDPR:

You have the right not to be subject to a decision based exclusively on automated processing - including profiling - which will have a legal effect on you or will significantly affect you in a similar manner. This does not apply if the decision

is required for the conclusion or performance of a contract between you and the Responsible Person,
is lawful under European Union or Member State legislation to which the Responsible Person is subject, and this legislation provides appropriate measures to protect your rights and freedoms as well as your legitimate interests or
is made with your express consent.

In cases (1) and (3), the Responsible Person takes appropriate measures to uphold the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the Responsible Person, to expressing your own point-of-view and the right to appeal the decision.

Moreover, decisions based solely on automated processing must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Article 9 (2) lit. a or g GDPR is applicable and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

Right to complain to a supervisory authority, Art. 77 GDPR:

You also have the right to complain to a supervisory authority for data protection about the processing of your personal data. Your complaint can be submitted to the supervisory authority in the Member State of your residence, of your place of work or of the place of the alleged infringement. The supervisory authority to which the complaint has been submitted will inform you as the complainant of the status and results of the complaint, including the possibility to pursue judicial remedy pursuant to Art. 78 GDPR.

VI.Right to object according to Art. 21 GDPR

Individual case-based right to object:

You have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data which is conducted on the grounds of Art. 6 (1) lit. e GDPR (data processing in the public interest) and Art. 6 (1) p. 1 lit. f GDPR (data processing in order to safeguard legitimate interests of the Responsible Person or a third party); this right also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the data is processed for the purposes of asserting, exercising or defending legal claims.

Right to object to the processing of data for advertising purposes

In individual cases, we process your personal data in order to conduct direct advertising. You have the right at any time to object to the processing of your personal data for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct advertising. If you object to the data processing for direct advertising purposes, we will no longer process your personal data for these purposes.

There are no formal requirements for submitting your objection in the aforementioned cases, it should be addressed by phone or possibly by email with the subject "Objection" to: