Privacy Policy
Preamble
With the following privacy policy we would like to inform you which types of your personal data (hereinafter also abbreviated as “data”) we process for which purposes and in which scope. The privacy statement applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online services”).
The terms used are not gender-specific.
Last Update: 29. May 2026
Controller
Pediatric Research International GmbH
Freiheit 1
45128 Essen
Germany
Authorised Representatives: Katharina Waack-Buchholz
E-mail: mail@for-the-cure.com
Legal Notice: https://for-the-cure.com/imprint/
Overview of processing operations
The following table summarises the types of data processed, the purposes for which they are processed and the concerned data subjects.
Categories of Processed Data
- Inventory data (e.g. full name, contact information)
- Contact data (e.g. postal and email addresses, phone numbers)
- Content data (e.g. messages and contributions)
- Contract data (e.g. contract object, duration)
- Usage data (e.g. page views, click paths, duration of visit)
- Meta, communication and process data
- Log data
Categories of Data Subjects
- Service recipients and clients
- Prospective customers and business partners
- Communication partners
- Users of our website
- Third parties
Purposes of Processing
- Provision of contractual services and fulfillment of contractual obligations
- Communication and inquiry management
- Security measures
- Web analytics
- Provision of our online services and usability
- Public relations and informational purposes
- Business processes and management procedures
Relevant Legal Bases
Relevant legal bases according to the GDPR: In the following, you will find an overview of the legal bases of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions of your or our country of residence or domicile may apply.
- Consent (Article 6 (1) (a) GDPR) – The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Performance of a contract and prior requests (Article 6 (1) (b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Compliance with a legal obligation (Article 6 (1) (c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Legitimate Interests (Article 6 (1) (f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations apply to data protection in Germany. This includes in particular the Federal Data Protection Act (BDSG), which contains special provisions on the right to access, the right to erase, the right to object, the processing of special categories of personal data, and automated individual decision-making, including profiling.
Security Precautions
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, securing and separation of the data. In addition, we have established procedures to ensure that data subjects’ rights are respected, that data is erased, and that we are prepared to respond to data threats rapidly.
TLS/SSL Encryption (HTTPS): To protect the data of users transmitted via our online services from unauthorized access, we employ TLS/SSL encryption technology. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL.
Transmission of Personal Data
In the course of processing personal data, it may happen that this data is transmitted to or disclosed to other entities, companies, or individuals. Recipients of this data may include service providers tasked with IT duties or providers of services and content that are integrated into our website. In such cases, we observe the legal requirements and particularly conclude relevant contracts or agreements that serve to protect your data with the recipients of your data.
International Data Transfers
If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), this is always done in accordance with legal requirements.
For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), recognized as a secure legal framework by the EU Commission’s adequacy decision of July 10, 2023. Additionally, we have concluded Standard Contractual Clauses with the respective providers. For data transfers to other third countries, appropriate safeguards apply, particularly Standard Contractual Clauses or explicit consent.
Further information on third-country transfers and applicable adequacy decisions can be found at: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en
General Information on Data Retention and Deletion
We delete personal data as soon as the underlying consents are revoked or no further legal bases for processing exist. Exceptions apply where statutory obligations require longer retention.
The following general retention periods apply under German law:
- 10 years – Books, records, annual financial statements, inventories, management reports (§ 147 AO, § 257 HGB)
- 8 years – Accounting documents, invoices, booking receipts (§ 147 AO, § 257 HGB)
- 6 years – Other business documents, commercial letters (§ 147 AO, § 257 HGB)
- 3 years – Data required for warranty and compensation claims (§§ 195, 199 BGB)
Rights of Data Subjects
As a data subject, you are entitled to the following rights under the GDPR (Articles 15–21):
- Right to Object: You have the right to object at any time to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, including profiling. Where personal data are processed for direct marketing purposes, you have the right to object at any time.
- Right of withdrawal for consents: You have the right to revoke consents at any time.
- Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to receive a copy of this data.
- Right to rectification: You have the right to request the completion or rectification of incorrect data concerning you.
- Right to Erasure and Restriction of Processing: You have the right to demand that the relevant data be erased immediately or that processing be restricted.
- Right to data portability: You have the right to receive data concerning you in a structured, commonly used and machine-readable format.
- Complaint to the supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State where you habitually reside, your place of work, or the place of the alleged infringement.
To exercise any of these rights, please contact us at: mail@for-the-cure.com
Business Services
We process data of our contractual and business partners (e.g. pharmaceutical companies, research institutions, and other interested parties) within the context of contractual and comparable legal relationships, as well as pre-contractually, e.g. to answer inquiries.
We process this data to fulfill our contractual obligations and to protect our rights. We only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations.
- Processed data types: Inventory data; Contact data; Contract data; Payment data
- Data subjects: Service recipients and clients; Prospective customers; Business and contractual partners
- Purposes of processing: Provision of contractual services; Communication; Organizational and administrative procedures; Business processes and management
- Legal Basis: Performance of a contract (Article 6 (1) (b) GDPR); Compliance with a legal obligation (Article 6 (1) (c) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR)
Provision of Online Services and Web Hosting
We process user data in order to provide our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user’s browser or device.
- Processed data types: Log data; Usage data; Meta, communication and process data
- Data subjects: Users of our website
- Purposes of processing: Provision of our online services and usability; Information technology infrastructure; Security measures
- Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR)
Use of Cookies
Our website uses cookies to ensure basic functionality and to improve user experience. We distinguish between:
- Strictly necessary cookies – required for the website to function. No consent required.
- Analytics cookies – used to understand how visitors interact with our website. Only set with your explicit consent.
You can manage or withdraw your cookie preferences at any time via our cookie settings banner.
- Legal Basis: Consent (Article 6 (1) (a) GDPR) for non-essential cookies; Legitimate Interests (Article 6 (1) (f) GDPR) for strictly necessary cookies
Contact and Inquiry Management
When you contact us via our contact form, by email, or by phone, we process your data to handle and respond to your inquiry.
- Processed data types: Inventory data; Contact data; Content data; Meta, communication and process data
- Data subjects: Communication partners; Prospective customers
- Purposes of processing: Communication; Provision of contractual services; Business processes
- Retention: Inquiries are deleted after 3 years unless an ongoing business relationship exists or legal retention obligations apply.
- Legal Basis: Performance of a contract (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR)
Whitepaper Request
When you request our whitepaper, we collect your name, email address, and company name in order to process and fulfill your request. This data will not be used for marketing purposes without your explicit consent.
- Processed data types: Inventory data; Contact data
- Purposes of processing: Fulfillment of your request; Communication
- Legal Basis: Performance of a contract / pre-contractual measures (Article 6 (1) (b) GDPR); Consent (Article 6 (1) (a) GDPR)
Changes and Updates
We reserve the right to update this Privacy Policy from time to time to reflect changes in our data processing practices or applicable law. The current version is always available on this page. The date of the last update is indicated at the top of this document. We recommend that you review this policy regularly.
Contact
If you have any questions about this Privacy Policy or the processing of your personal data, please contact us:
Pediatric Research International GmbH
Freiheit 1
45128 Essen
Germany
E-mail: mail@for-the-cure.com
Cloudflare Turnstile
This website uses Cloudflare Turnstile, a service provided by Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA, to protect our contact forms from spam and abusive automated access.
Turnstile analyzes the behavior of website visitors based on various characteristics in order to distinguish automated bots from human users. In doing so, information such as IP address, browser information, and interaction behavior may be processed. This processing takes place on Cloudflare’s servers, which may also be located in the United States.
Data transfers to the United States are safeguarded on the basis of the European Commission’s Standard Contractual Clauses and Cloudflare’s certification under the EU-US Data Privacy Framework.
The legal basis for using this service is our legitimate interest in protecting our website against abusive automated access and spam in accordance with Art. 6(1)(f) GDPR.
For more information about Cloudflare Turnstile and Cloudflare’s privacy practices, please visit: https://www.cloudflare.com/privacypolicy/