Data Privacy

General and Legal Basis

Thank you for your interest in the Rockfish Bio AG website. The issue of data protection and confidentiality is a topic we take very seriously and we follow the applicable national and European data protection regulations.

The EU General Data Protection Regulation, the Data Protection Act 2000 and the Data Protection Amendment Act 2018 stipulate the right to protection of personal data. We process your data exclusively on the basis of legal regulations (GDPR, DSG 2018, TKG 2003).

With this statement on data protection measures, we would therefore like to provide you with information on the kind of data which we – that is, Rockfish Bio AG (hereinafter referred to as “Rockfish Bio”) – may wish to save and how we use such data.

Should you object to the acquisition, processing or utilization of your data by Rockfish Bio in keeping with the stipulations of these data-protection provisions, whether entirely or for individual measures, you can send your objection per e-mail, by fax or by letter again using the mentioned contact options.

Provision of the Website and Creation of Log Files
Description and Scope of Data Processin

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

  • Information about the browser type and the version used
  • The user's operating system
  • The user's Internet service provider
  • The user's IP address
  • Date and time of access
  • Websites that are accessed by the user's system via our website

A storage of this data together with other personal data of the user does not take place.

Legal Basis for Data Processing

The legal basis for the temporary storage of the data is Art 6 para 1 lit f GDPR (legitimate interests).

In the context of the operation of our websites we use external service provider who, in the course of their activities, can gain access to your personal data if they need the data to fulfill their respective performance including the purpose of processing the contract or for invoicing, for marketing or if you have previously consented to this (“Service Provider”). When processing orders, for example, the service companies used by us (transport companies, logistics companies, banks) are sent the data they require for processing and concluding orders. The data passed on to our service providers in this context may only be used by them for fulfilling their duties. This Service Provider has committed himself to comply with the applicable data protection regulations. Contract were concluded in accordance with Art 28 GDPR.

Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. To do this, the user's IP address must remain stored for the duration of the session.

The log files are saved to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

Duration of Storage, Objection and Removal Option

The data from the log files will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

Data Protection and Security

All our staff and all third parties involved in data processing are subject to commitments under the Federal Act concerning the Protection of Personal Data (DSG 2000, EU General Data Protection Regulation, DSG 2018) and are obliged to confidentiality in the use of personal data. Our data protection measures are continually updated, reflecting technical developments.

Rockfish Bio uses technical and organizational security measures to protect the stored personal data against accidental or intentional manipulation, loss or destruction and against access by unauthorized persons.

Duration of Storage, Objection and Removal Option

The data from the log files will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

Contact Form

Contact Form
Description and Scope of Data Processing
Your data, including personal data, from our contact form will be sent to us for processing your request via mail server, further processed and stored by us or our Service Provider. These data will not be collected or shared without your consent. Without this data we cannot process your requests.

Legal Basis for Data Processing
The data processing takes place on the basis of the legal regulations of the § 96 para 3 TKG as well as of Art 6 para 1 lit a GDPR (consent).

Purpose of Data Processing
If you contact us by email, the necessary legitimate interest also lies in the processing of the data.

Duration of Storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

Email Contact
Description and Scope of Data Processing
It is possible to contact us via the email addresses provided on the website and in the web shop. In this case, the user's personal data transmitted with the email will be saved. In this context, the data is not passed on to third parties. The data will be used for any conversations.

Legal Basis for Data Processing
The legal basis for processing the data is Art 6 para 1 lit a GDPR (consent). The legal basis for the processing of data transmitted in the course of sending an email is Art 6 para 1 lit f GDPR (legitimate interests).

LinkedIn Privacy Policy
On our website we use social plugins from the social media network LinkedIn, of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Social plugins can be feeds, content sharing or a link to our LinkedIn page. Social plugins are clearly marked with the well-known LinkedIn logo and for example allow sharing interesting content directly via our website. Moreover, LinkedIn Ireland Unlimited Company Wilton Place in Dublin is responsible for data processing in the European Economic Area and Switzerland.

By embedding these plugins, data can be sent to, as well as stored and processed by LinkedIn. In this privacy policy we want to inform you what data this is, how the network uses this data and how you can manage or prevent data retention.

What data are stored by LinkedIn?
LinkedIn stores no personal data due to the mere integration of social plugins. LinkedIn calls the data generated by plugins passive impressions. However, if you click on a social plugin to e.g. share our content, the platform stores personal data as so-called “active impressions”. This happens regardless of whether you have a LinkedIn account or not. If you are logged in, the collected data will be assigned to your account.

When you interact with our plugins, your browser establishes a direct connection to LinkedIn’s servers. Through that, the company logs various usage data. These may include your IP address, login data, device information or information about your internet or cellular provider. If you use LinkedIn services via your smartphone, your location may also be identified (after you have given permission). Moreover, LinkedIn can share these data with third-party advertisers in “hashed” form. Hashing means that a data set is transformed into a character string. This allows data to be encrypted, which prevents persons from getting identified.

How long and where are the data stored?
In general, LinkedIn retains your personal data for as long as the company considers it necessary for providing its services. However, LinkedIn deletes your personal data when you delete your account. In some exceptional cases, LinkedIn keeps some summarised and anonymised data, even account deletions. As soon as you delete your account, it may take up to a day until other people can no longer see your data. LinkedIn generally deletes the data within 30 days. However, LinkedIn retains data if it is necessary for legal reasons. Also, data that can no longer be assigned to any person remains stored even after the account is closed. The data are stored on various servers in America and presumably also in Europe.

How can I delete my data or prevent data retention?
You have the right to access and delete your personal data at any time. In your LinkedIn account you can manage, change and delete your data. Moreover, you can request a copy of your personal data from LinkedIn.

How to access account data in your LinkedIn profile:
In LinkedIn, click on your profile icon and select the “Settings & Privacy” section. Now click on “Privacy” and then on the section “How LinkedIn uses your data on”. Then, click “Change” in the row with “Manage your data and activity”. There you can instantly view selected data on your web activity and your account history.

In your browser you also have the option of preventing data processing by LinkedIn. As mentioned above, LinkedIn stores most data via cookies that are placed in your browser.

You can generally set your browser to always notify you when a cookie is about to be set. Then you can always decide individually whether you want to allow the cookie or not.

At you can find out more about data processing of the social media network LinkedIn.

Your Rights
If personal data is processed by you, you are the affected person within the meaning of the GDPR and you are entitled to the rights described below.

You have the right to receive free information from us at any time as well as confirmation of personal data stored about you and a copy of this data.

You have the right to rectification and / or completion if the personal data you process is incorrect or incomplete.

Restriction of Processing
You have the right to request the restriction of processing if one of the following conditions is met:

The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information.
The processing is unlawful, you refuse the deletion of personal data and instead require the restriction of the use of personal data.
We no longer need your personal information for processing purposes, but you need it to assert, exercise or defend your rights.
You have objection to the processing according to Art 21 para 1 GDPR and it is not yet clear whether our legitimate reasons prevail over yours.
You have the right to have your personal data deleted without delay, if any of the following is true and if processing is not required:

The personal data has been collected for such purposes or otherwise processed for which they are no longer necessary.
They revoke their consent on which the processing was based and lack any other legal basis for the processing.
You object to the processing in accordance with Art 21 para 1 GDPR, and there are no legitimate reasons for the processing, or you object to the processing in accordance with Art 21 para 2 GDPR.
The personal data were processed unlawfully.
The deletion of personal data is required to fulfill a legal obligation under EU or national law to which we are subject.
Data Portability
You have the right to receive personally identifiable information you provide us in a structured, common and machine-readable format. You also have the right to transfer this data to another person without hindrance. In exercising this right, you also have the right to obtain that personal data relating to you are transmitted directly by us to another person responsible, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

You have the right to object at any time to the processing of personal data relating to you which is "only" based on legitimate interests of us or third parties (Article 6 para 1 lit f GDPR). In the event of an objection, we will no longer process personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.

Revocation of Consent
You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Right to File a Complaint
You also have the right to file a complaint with the Austrian Data Protection Authority (Barichgasse 40-42, 1030 Vienna, e-mail:

Please contact us regarding your rights under or write to us: Rockfish Bio AG, Vienna, Austria.

Basically, we do not process data of people aged below 14. By submitting your consent, you confirm that you have reached the age of 14 or that the consent of your legal representative has been obtained.

Changes to this Privacy Policy
We may need to update this policy from time to time. We will do our best to notify you about significant changes by placing a prominent notice on our site.

If you have any problems, questions or suggestions, please feel to contact us:

Corporate Privacy Officer at Rockfish Bio AG

Otto Kanzler, CEO

Vienna, Austria


© Rockfish Bio AG, Vienna, Austria | Last Update: 24th Nov 2021


Supported by:


Rockfish Bio AG

Reichsratsstrasse 15/15
1010 Wien

FN 569591 i, HG Wien
UID/VAT: ATU77556949