Privacy policy

Certara Germany GmbH (formerly know as BaseCase Management GmbH, hereinafter referred to as "BaseCase") processes data from visitors to its website and in the course of rendering its services. This Privacy Policy refers solely to the use of website (hereinafter referred to as "website").

You can print out this Privacy Policy or save it by using your browser’s usual functions.
Below we provide you with details about the way your personal data are processed:

A. Contact

The personal contact and so-called Controller for the processing of your personal data under the terms of the EU General Data Protection Regulation (GDPR) when you visit this website is

Certara Germany GmbH
Charlottenstr. 16,
10117 Berlin

Phone +49 30 2014 364 0
Fax +49 30 577 05 67 19

For all questions about matters of data protection in connection with the use of our website you can also contact our Data Protection Officer at any time. He can be reached under the above postal address and under the e-mail address given above (mark your communication: “FOA Data Protection Officer”).

B. What personal data is collected and for what purpose?

1. Calling up our website, access data

Every time our website is used, we collect the access data which your browser automatically transmits to make your visit to the website possible. The following data is collected automatically every time you access our website:

  • Date and time of access
  • Time zone and country of origin
  • Language of user
  • Name of the requested file
  • Access status (e.g., file transfer, file not found)
  • The internet browser & OS information
  • Device model and operating system
  • The IP address of the requesting device
  • Network information
  • Page visits, page duration, page frequency, and page navigation Files downloaded
  • Clicks on a Call To Action
  • Acquisition channel and source

Your IP address may be shortened so that no associations to your person are possible. The processing of these access data is necessary in order to make the visit to the website possible and to ensure the permanent functionality and security of our systems. The access data are in addition saved for the foregoing purposes in internal logfiles, in order to develop our website further with regard to the usage patterns of our visitors (e.g. if the proportion of mobile devices on which the pages are called up rises) and in order to administer our website in a general way. The legal basis is Art. 6, para. 1, lit. b GDPR.

2. Making contact

Please note that filling out mandatory fields on the website may be a form of data collection and that these fields are marked accordingly. Mandatory fields must be filled out before we can offer the desired service you require. All other information is voluntary and will be used solely to process your request, for statistical internal purposes or to improve our offer to you.

3. Newsletter

BaseCase shall, upon request, regularly inform its customers and their employees as well as other interested parties (the recipients) in its newsletter of improvements, extensions or changes to the services offered, and of general marketing information. Subscription to the newsletter requires that the recipient states his/her e-mail address. Should you confirm your e-mail address, we shall store your e-mail address, the time of registration and the IP address used for the registration for such time until you cancel the newsletter. This storage serves only the purpose of sending you the newsletter and being able to provide your registration. Every recipient can object to having the newsletter sent at any time by e-mail to Additionally, an opt-out link is integrated into the footer of every newsletter. You will not incur any costs – beyond the cost of your internet access – by subscribing to the newsletter or by objecting to having it sent. The legal basis is Article 6, para. 1, lit. a GDPR.

C. Cookies and similar technologies

1. Insertion of our own cookies

For a part of our service it is necessary for us to insert cookies. A cookie is a small text file which is saved by your browser on your device. Cookies are not inserted to execute programs or to load viruses into your computer. Instead the main purpose of cookies is to provide a product or service especially tailored to yourself and to make use of our services as time-saving as possible.

We use our own cookies in particular to note that information placed on our website has been displayed to you – so that on your next visit to the website it does not need to be displayed again.

In this way we wish to enable you to use our website in a convenient and individual way. These services are based on our foregoing legitimate interest, and the legal basis is Art. 6, para. 1, lit. f GDPR

We further use cookies and comparable technologies (e.g. web beacons) of partners for analytical and marketing purposes. This is described more precisely in the following sections.

2. Setting of cookies for analytical and marketing purposes

We use cookies and comparable technologies (e.g. web beacons) for the statistical collection and analysis of general usage patterns and for advertising purposes.
The legal basis for the data processing described in the following section is Art. 6, para. 1, lit. f GDPR, based on our legitimate interests in the needs-based design, continual optimisation of our website and advertisement for our products and services.

3. Google Analytics

This website uses Google Analytics, a web-analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies and similar technologies to analyse and improve our website on the basis of your usage pattern. The data accrued in this context may be transmitted by Google for analysis to a server in the USA and stored there. Should personal data be transmitted to the USA, Google has acceded to the EU-US Privacy Shield. Your IP address will be abbreviated prior to the analysis of usage statistics, however, so that no conclusions can be drawn about your identity. For this purpose, Google Analytics has been extended on our website to include the code “anonymizeIP”, in order to guarantee an anonymised capture of IP addresses.

Google will process the information so gained in order to evaluate your use of the website, to assemble reports on the website activities for the website operators, and to supply further services connected with website use and internet use.

As set out above, you can so configure your browser that it rejects cookies, or you can prevent the capture of the data generated by cookies and relating to your use of our websites (including your IP-address) and the processing of this data by Google by downloading and installing the browser add-on provided by Google. As an alternative to the browser-addon or if you browse our website from a mobile device, you can use this opt-out link. This will prevent the data collection of Google Analytics within this website (the opt-out link will only work in this browser and only for this domain). If you delete your cookies in this browser, you have to click on the link again.

You will find more detailed information on this matter in the Privacy Statement of Google Analytics.

4. Marketo

Our website uses Marketo, Inc. ("Marketo"), an inbound-marketing automation software. Marketo collects personal information about the users of BaseCase’s website in order to provide specific information and offers about BaseCase tailored to your interests. Marketo runs its analytics on first-party cookies. To avoid being included as part of the analytics report you need to clear cookies within the browser. You could also use a private browser like Chrome’s Incognito Mode or Firefox’s Private Browsing feature. In addition to the browser-level settings you can set an opt-out cookie, so you can remove yourself from all Marketo tracking.Should personal data be transmitted to the USA, Google and Marketo, Inc. have acceded to the EU-US Privacy Shield.

For more information about the technologies used by Marketo, Inc., please visit Marketo’s Privacy Policy.

D. Further transmission of data

We store personal data only for as long as is necessary to fulfil contractual or statutory duties for which the data were collected. We then erase the data immediately, unless we still need these data.

Data which we have collected are passed on if:

  • You have given an express declaration of consent for this, pursuant to Art. 6, para. 1, lit. a GDPR,
  • Further transmission is necessary, pursuant to Art. 6, para. 1, lit. f GDPR, for bringing, exercising or defending legal claims, and no reason exists to suppose that you have a predominant and properly protected interest in preventing your data from being passed on,
  • We have a legal duty to pass on your data pursuant to Art. 6, para. 1, lit. c GDPR, or
  • This is legally permissible and requisite, pursuant to Art. 6, para. 1, lit. b GDPR, for the handling of contracts with yourself or for the execution of precontractual actions which are being carried out at your request.

BaseCase's website is stored in the USA and the servers are operated by SoftLayer Technologies, Inc. 4849 Alpha Road, Dallas, TX 75244, USA (“SoftLayer”). BaseCase also has a branch office in New York (BaseCase, Inc., 41 East 11th Street, 11th Floor, New York, NY 10003, USA), which likewise has access to the data provided to BaseCase and likewise processes said data solely in accordance with this Privacy Policy.

A part of the data processing can be handled via service providers. Along with the service providers stated in this Privacy Policy, these may include in particular IT service providers which maintain our systems, and consultancy firms. Should we pass data on to our service providers, these data may only be used for performance of their tasks. We select and commission these service providers carefully. They are bound contractually to follow our instructions, have suitable technical and organisational measures for the protection of the rights of data subjects, and are monitored by ourselves on a regular basis.

Further transmission may also be made in connection with requests by government authorities, decisions of the courts and legal proceedings if it is necessary for prosecution or execution at law.

E. Duration of storage

We store personal data only for as long as is necessary to fulfil contractual or statutory duties for which the data were collected. We then erase the data immediately, unless we still need these data until expiry of the statutory period of limitation for purposes of evidence in civil claims or due to statutory duties of storage. If you would like a copy of our Records Retention Schedule, please contact us at the address above.

For purposes of evidence we must still store contact data for three years from the end of the year in which business relations with you end. Any claims will expire, under the normal statutory period of limitation, no earlier than at this time.

Thereafter we must also store some of your data for purposes of book-keeping. We have an obligation to do so under statutory duties of documentation which may arise under the German Commercial Code, the German Tax Code, the German Credit and Loans Act, and the German Money Laundering Act. The periods stipulated there for storage of documents are two to ten years.

F. Your rights

You have the right at any time to require us to provide information about the processing of your personal data (right of access). When providing you with this information we shall explain the data processing and supply an overview of the data relating to your person which are stored. Should data stored with us be inaccurate or no longer up-to-date, you enjoy the right to have these data corrected (right to rectification). You can also require the erasure of your data (right to erasure or right to be forgotten). Should the erasure exceptionally not be possible due to other legal regulations, the data processing will be restricted, so that in future they are only available for this statutory purpose. You can also have the processing of your data restricted, i.e. if you believe that the data which we have saved are not correct (right to restriction of processing). You also have the right of data portability, i.e. that we send you on request a digital copy of the personal data which you have provided (right to data portability).

To exercise your rights as set out here, you can communicate with the foregoing contact details at any time. This also applies should you wish to receive copies of guarantees for certification of an adequate data-protection level.

You also have the right to object to the data processing based on Art. 6, para., lit. e or f of the GDPR. Finally, you have the right to complain to the regulatory authority to which we are subject. You can exercise this right at a regulatory authority in the member country of your place of residence, of your workplace, or of the place of alleged breach. In Berlin where BaseCase is located the competent regulatory authority is: Data Protection and Freedom of Information Officer, Friedrichstrasse 219, 10969 Berlin.

G. Right of revocation and objection

Under Article 7, para. 3 of the GDPR you have the right at any time to withdraw to us any consent which has once been given. This will have as a consequence that in future we no longer continue the data processing based on this consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Insofar as we process your data on the basis of legitimate interests under Art. 6, para. 1, lit. f GDPR, you have the right under Art. 21 GDPR to object to the processing of your data and to mention grounds relating to your particular situation that in your opinion speak in favour of prevailing legitimate interests. Where personal data are processed for direct marketing purposes, you have a general right of objection which will also be implemented by us without your stating reasons.

If you wish to make use of your right to withdraw or object, a notification without set form to the contact details above will be sufficient.

H. Security Standard

BaseCase is aware of the fact that the data processed on this website are sensitive. We maintain up-to-date technical measures to ensure data security, particularly for the protection of your personal data against dangers during data transmissions and against cognizance by third parties. These are amended in each case to reflect the current state of technology. To secure the personal data which you have stated on our website, we use transport layer security (TLS), which encrypts the information which you have entered.

I. Amendments to Privacy Policy

We occasionally update this Privacy Policy, for instance when we revise our website or statutory or official regulations change.

Document version: 1.4
Release date: 2019-05-21