Declaration on Data Protection
The data we use when you visit our websites is processed on dedicated Copeia servers hosted in Germany by gridscale. More information about gridscale is available at: https://gridscale.io/
To protect your data during transmission, we use encryption technologies corresponding to the current state of the art (e.g., TLS/SSL via HTTPS).
This Privacy Notice provides detailed information on what personal data we collect when you visit our website https://copeia.de/pep/en how we process it, and how we protect it. You will also learn about your rights under data protection law.
I. Who is the controller of this website?
The joint controllers pursuant to the General Data Protection Regulation (GDPR) are:
Copeia GmbH
Schloßstraße 20
51429 Bergisch Gladbach
Germany
E-Mail: datenschutz@copeia.de
Aurora Cannabis Enterprises Inc.
1700-409 Granville Street,
Vancouver, British Columbia, V6C, 1T2
Canada
Hereafter, Copeia GmbH and Aurora Cannabis Enterprises Inc are collectively referred to as the "Website Operator", "we" or "us".
For questions about this Privacy Notice or the protection of your data, you may contact Copeia's Data Protection Officer:
Data Protection Officer
Copeia GmbH
Schloßstraße 20
51429 Bergisch Gladbach
Germany
E-Mail: datenschutz@copeia.de
You may also contact the Partner at the address provided above. See Section IX below for more details.
II. What is this about?
When the Website Operator processes personal data, it means we collect, store, transmit, delete, or otherwise use that data. Personal data refers to information about a natural person who uses the website to learn about or interact with our services. The following provides an overview of what data is processed and for what purposes.
III. How do we process your data when you visit our website?
1. Data required to display the website and ensure security and stability
a) General Website Use
The following technical data is processed during your visit:
This processing is technically necessary to display the website and ensure its stability and security. We also use this data in anonymized form for statistical purposes and to improve the website. No personal usage profiles are created.
Legal basis: Art. 6(1)(f) GDPR – our legitimate interest lies in the provision of a functional and user-friendly website.
b) Use of Copeia PEP EN Platform
Use of the Physicians Experience Platform (PEP EN) at https://copeia.de/pep/en is restricted to healthcare professionals. Access requires prior registration and authentication via DocCheck Medical Services GmbH. The data you provide to DocCheck is subject to their own privacy policy and terms.
We do not store login credentials or IP addresses after a session ends.
Users may submit anonymous case reports (case studies) using an input form. These contain no personally identifiable patient data, only medical information necessary for categorizing the case (e.g., indication, symptoms, medications used). These data are anonymized, aggregated, and analyzed by Copeia. The results are shared exclusively with verified healthcare professionals.
Legal basis: Art. 6(1)(f) GDPR – our legitimate interest lies in providing a functional, secure, and professional platform to support individualized therapy.
2. Contacting Us
If you contact us (e.g., via email or phone), we process the personal data you provide, including:
These data are used to respond to your inquiry and any subsequent correspondence. Data may also be used to clarify legal issues in cases of misuse.
Legal basis: Art. 6(1)(b) GDPR (contract initiation or performance) and Art. 6(1)(f) GDPR (legitimate interest).
3. Cookies
We do not use cookies for analytics or advertising purposes.
Cookies are only used in limited cases, such as authentication for protected admin areas. Third-party services (e.g., YouTube embeds) may use their own cookies when activated.
4. Further Processing Purposes
We may process data for:
Legal basis: Art. 6(1)(f) GDPR
IV. Who receives your data?
We only disclose your personal data when:
Service providers (e.g., IT providers, hosting) may receive data under strict data protection requirements. Currently, the following subprocessors are authorized:
gridscale GmbH
Oskar-Jäger-Str. 173, 50825 Cologne, Germany
Role: Cloud hosting provider for the Copeia PEP EN platform
DocCheck Medical Services GmbH
Vogelsanger Str. 66, 50823 Cologne, Germany
Role: Authentication provider – handles all login credentials and account management exclusively
V. When do we delete your data?
Data is deleted as soon as it is no longer needed for the purpose it was collected. Usage data are anonymized immediately for statistical analysis. Contact information is deleted after resolving your inquiry unless longer retention is legally required.
VI. Do we transfer data to third countries?
In general, no. However, if you interact with embedded YouTube content, data may be transmitted to Google servers in the USA. Please consult Google's Privacy Policy for more details.
VII. What rights do you have?
You have the right to:
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).
To exercise your rights, contact:
Copeia GmbH
Data Protection Officer
Schloßstraße 20
51429 Bergisch Gladbach
Germany
E-Mail: datenschutz@copeia.de
VIII. Do we use automated decision-making or profiling?
No, we do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.
IX. Joint Controllership Information (Art. 26 GDPR)
Why joint controllership?
The PEP EN website is jointly operated by Copeia and Aurora to pursue distinct economic purposes. Copeia manages the IT systems and provides the platform, while Aurora contributes content and insights based on their global product knowledge. Both parties may evaluate anonymized statistical data.
Scope of joint responsibility:
What does this mean for you?
For questions or further information, contact us at:
datenschutz@copeia.de