Regulatory UpdateJul 12, 2026 · 20:418 min readBy Daniel Herrmann
Validating Electronic Batch Records: Control Vendor Changes
Electronic batch record validation: connect vendor access, audit trails, change control and batch decisions into inspection-ready evidence.
Electronic batch record validation covers more than screens, calculations and signatures. The evidence must also show that retrospective changes are authorised, captured in the native audit trail, assessed through the quality system and independently reviewed before a batch decision. This is especially important for interventions by software suppliers and support teams.
Why a support ticket is not a controlled change record
An electronic batch record brings together the data, decisions and accountability of a manufacturing process. A change made after record completion is therefore particularly sensitive. It may affect user attribution, process parameters, timestamps, material quantities, calculations or release information.
An FDA warning letter to Intas Pharmaceuticals dated 30 March 2026 illustrates the risk. According to the letter, a QA employee instructed a software vendor to change data in a completed electronic batch record. One change replaced an employee identifier. The change appeared neither in the audit trail nor in the electronic batch record and was not managed through the quality system.
The warning letter addresses that specific recipient and set of facts. It is not a new general rule. The case does show how existing CGMP requirements can be applied to vendor interventions: a support activity that changes a regulated record remains a regulated data change.
For system owners, the distinction is clear. A ticket can document the request, communication and technical work. It does not automatically replace a deviation, change control, audit trail, impact assessment or quality oversight.
What the regulatory framework expects from electronic batch records
21 CFR 211.188 requires complete information on the production and control of each batch. It also requires identification of people performing, supervising or checking significant steps. 21 CFR 211.68 requires appropriate controls over automated and electronic systems and controls over authorised changes.
EU GMP Annex 11 adds several relevant control layers for European GMP organisations:
Responsibilities of external suppliers must be clearly defined in formal agreements.
GMP-relevant changes and deletions should be captured in a system-generated audit trail based on risk.
System and configuration changes must be controlled under a defined procedure.
The validated state should be evaluated periodically.
Access must be restricted to authorised persons and changes to access authorisations recorded.
Where electronic batch release is used, the system must clearly identify and record the releasing person.
These expectations do not form one standard “EBR protocol”. They create a control system across technology, procedures, roles and review. GxP system validation should demonstrate that these elements work together for the intended process.
Support ticket or quality change: the critical distinction
Question
Support ticket
Controlled GxP change
Primary purpose
Resolve a technical request
Protect record and product integrity
Approval
Service or IT owner
Defined business and quality roles
Change scope
Technical description
Old and new value, reason, affected records and batches
A ticket remains a useful part of the evidence chain. The weakness arises when it is the only evidence chain. Business rationale, independent approval and evidence in the affected system are then often missing.
Six controls for inspection-ready vendor changes
1. Define modifiable EBR objects and lifecycle states
The team should establish which data a supplier can technically change and at which lifecycle stage. A draft, an active batch record and a completed record need different controls.
The inventory should cover user attribution, timestamps, process parameters, material values, calculations, comments, signatures and status transitions. For every object, define whether correction is permitted, who approves it and how the original value is preserved.
2. Make vendor access individual and time-bound
Shared support accounts prevent reliable attribution. Remote access should be assigned to a named person, an approved purpose and a limited time window.
Privileged rights are enabled only for the required duration. Start, end, actions and the responsible internal escort are logged. The supplier should not perform the change, verification and quality decision as one combined role.
3. Enforce changes in the native audit trail
Even a detailed ticket does not compensate for a missing EBR audit trail. For GMP-relevant changes, the system should capture the identity, time, affected value, old and new value, and reason for change.
Validation should challenge the negative path as well. Can an administrator, supplier or database script alter the record without creating a visible audit-trail entry? If this is technically possible, the organisation needs a documented risk assessment, effective prevention and, where necessary, an architectural change.
4. Open the quality record before the production change
A change to a completed batch record is more than maintenance. Before execution, the organisation should determine whether a deviation, change control or defined correction procedure applies.
The quality record describes the reason, scope, approval, affected data and planned verification. Urgent corrections need a predefined emergency path. Urgency should not mean reconstructing the documentation after the event.
5. Assess record, batch and product impact independently
A small data correction may affect downstream decisions. The assessment should therefore extend beyond the changed field. It should establish at least:
which records and batches are affected;
whether calculations, signatures or status decisions depend on the value;
whether release or distribution has already occurred;
whether comparable changes occurred in other records;
whether a deviation, investigation or CAPA requires a wider scope.
The person requesting or technically implementing the change should not be the sole decision-maker on its impact.
6. Correlate communications, audit trails and quality records periodically
A periodic review should not examine audit-trail events in isolation. It should also correlate support communications, remote-access logs and quality records.
This reveals three common gaps: a ticket without a system event, a system event without an approved quality record, or vendor communication outside the defined channel. Review can focus by risk on critical systems, privileged activity and completed batch records.
Validation tests for vendor changes in an EBR
Standard tests of data entry and workflow are not enough. Vendor interventions require targeted challenge scenarios:
Change after record completion: The system blocks the action or routes it through an approved correction workflow.
Privileged support access: A named supplier identity is activated, monitored and removed again.
Audit-trail completeness: Old and new values, person, time and reason are available in an intelligible form.
Direct database action: An unintended change path is prevented or detected by independent controls.
Impact verification: Dependent calculations, signatures, reports and disposition status are correctly reassessed.
Review and export: QA can assemble the record, audit trail and linked quality record for an inspection.
Acceptance criteria should be set before execution. A retrospective screenshot proves only the final state. It does not prove how the change occurred or who approved it.
A focused 30-day review
The first review does not need to become a large programme. A risk-based assessment can begin in four steps:
Week 1: Select one critical EBR application. Inventory roles, supplier access and technically modifiable data objects.
Week 2: Compile recent changes to completed records from tickets, emails and remote-access logs.
Week 3: Reconcile these events against audit trails, deviations, change controls and disposition decisions.
Week 4: Prioritise gaps by record, batch and product impact. Define CAPA, technical hardening and regression tests.
For GxP inspection readiness, this review provides a defensible scope. It demonstrates whether the change chain is reconstructable, not merely whether documents exist.
Frequently asked questions
May a software supplier correct a completed electronic batch record?
Not through an informal database or support intervention. A permissible correction needs a defined process, authorised roles, preservation of the original information, a traceable audit trail, quality oversight and assessment of potential batch or product impact.
Is an audit-trail entry sufficient approval for a change?
No. The audit trail records the system event. It does not replace the business rationale, quality approval, impact assessment or verification. Both evidence sets must be linked and reviewable together.
Which supplier activities should QA review regularly?
Priority should go to privileged access, changes to completed records, direct database activity, changes to audit-trail or time settings, and support cases that may affect disposition decisions.
Daniel Herrmann Consulting supports pharmaceutical, biotech and medical-device organisations with CSV, GxP system validation, data integrity and inspection readiness.
Can your team fully reconstruct supplier access, EBR changes and batch decisions?
In a focused review, we connect technical change paths, the audit trail and the quality process into inspection-ready evidence.
VAT identification number pursuant to § 27a German VAT Act (UStG): DE328451232
Consumer dispute resolution (VSBG)
In accordance with § 36 VSBG: we are neither willing nor obliged to participate in dispute resolution proceedings before a consumer arbitration board.
Liability for content
We are responsible for our own content on these pages under the general laws. Under Articles 4 to 8 of Regulation (EU) 2022/2065 (Digital Services Act, DSA), as a service provider we are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate unlawful activity.
Note: The §§ 7–10 of the previous Telemedia Act (TMG) on the liability for digital services have not been transferred to the German Digital Services Act (DDG). Liability for digital services is now primarily regulated by Regulation (EU) 2022/2065 (DSA), in particular Articles 4–8 — referenced above. The §§ 7–10 DDG cover other subjects (limited responsibility under DSA Articles 4–8 + Wi-Fi access, blocking claims under copyright law, lists of audiovisual-media-service and video-sharing-platform providers, and information-request rights of the competent authorities under state law).
Copyright
The content and works on these pages created by the site operator are subject to German copyright law. Reproduction, processing, distribution and any kind of exploitation outside the limits of copyright require the written consent of the respective author.
Privacy Policy
1. At a glance
The following information gives a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.
2. Controller
The controller responsible for data processing on this website pursuant to Art. 4 (7) GDPR is:
Daniel Herrmann Consulting Daniel Herrmann (sole proprietor) Enzweilerweg 3a · 66709 Weiskirchen · Germany Phone: +49 170 7878065 Email: info@daniel-herrmann.io
A data protection officer has not been appointed; the controller is your point of contact for all data protection matters.
3. Server logs
When you visit this website, the hosting provider automatically collects technical information in server log files: IP address (anonymised after 7 days), date and time of access, page accessed, referrer, user agent. Legal basis: Art. 6 (1) (f) GDPR — legitimate interest in technically reliable operation. Retention: 7 days, then automatic deletion. No merger with other data sources.
4. Contact
If you contact us via form, email or phone, we store the information you provide (name, email, company, message content) to process the enquiry and for follow-up questions. Legal basis: Art. 6 (1) (b) GDPR (pre-contractual measures) and Art. 6 (1) (f) GDPR (legitimate interest in answering enquiries). Retention: deletion as soon as the enquiry has been finally processed, at the latest after 12 months, unless statutory retention obligations apply. Data is not shared with third parties.
5. Lead magnets (PDF downloads)
To request our practical guides (e.g. Strategy Guide, Compliance-Gap Analysis, Execution Playbook) we ask for your email address and, optionally, your name and company. The data is stored solely to provide the requested material and for documentation of consent. Legal basis: Art. 6 (1) (a) GDPR (consent). Retention: until your withdrawal, at most 24 months. The newsletter subscription is offered as a separate, opt-in checkbox on the lead-magnet form (no coupling — you can request the material without subscribing). No marketing emails are sent without separate consent.
5a. Newsletter (Double-Opt-In)
If you sign up for our newsletter, we use the double-opt-in procedure: after entering your email and name you receive a confirmation email with a verification link. Only after you click the link do we activate the subscription and document your consent. Data: email, name, consent timestamp, confirmation IP. Purpose: sending the monthly dhc newsletter with practice insights, plus documentation of the consent process (Art. 7 (1) GDPR). Legal basis: Art. 6 (1) (a) GDPR (consent), § 7 (2) Nr. 3 UWG. Retention: for as long as your subscription is active; consent logs retained for 3 years after the end of the subscription as evidence in the event of complaints. Withdrawal: every newsletter contains a one-click unsubscribe link in the footer. Alternatively a short email to info@daniel-herrmann.io is sufficient. Processor: the newsletter is sent via our hosting provider's SMTP infrastructure; we currently do not use a third-party email-marketing tool. As soon as we transition to a dedicated newsletter-tool (e.g. Brevo), we will update this section and conclude an additional data-processing agreement.
5c. Link-click tracking in our emails
To understand which content in our lead-magnet emails and newsletter issues is actually useful, we route outbound links through an internal redirect endpoint (`/t/`). Each link in each send gets an aggregate click counter — but we do NOT store an identifier of the individual recipient, NO IP address and NO user agent. The data we keep is comparable to anonymous server logs (e.g.: ‘link X in send Y was clicked 42 times in total’). It does not allow us to infer who clicked. Therefore no separate consent or cookie banner is required (recital 26 GDPR — anonymous data, no personal-data processing per Art. 4 (1) GDPR). Legal basis for the redirect itself: Art. 6 (1) (f) GDPR (legitimate interest in measuring content effectiveness for our own communications). Legal pages (Impressum, Datenschutz) and the unsubscribe link are NEVER routed through the redirect, so the click behaviour on legally relevant links is never measured.
5b. Retention overview & justifications
A consolidated view of all retention periods with the rationale behind each one — the principle: minimal storage, clear purpose, documented basis.
Data categoryRetentionJustification
Server logs7 daysSufficient for technical fault analysis & security forensics — Art. 6 (1) (f) GDPR. IP anonymisation kicks in immediately on log close.
Contact enquiries12 monthsB2B sales cycle in pharma typically runs 6–9 months. 12 months covers follow-ups without unnecessary stockpiling. Statutory retention (e.g. § 257 HGB) only applies once a contract is concluded.
Lead magnetsup to 24 monthsUntil withdrawal of consent; 24-month cap covers documentation of consent (Art. 7 GDPR) and re-engagement cycle. Withdrawal at any time, deletion within 7 days of request.
Newsletter subscriptionactive subscription + 3 yrs consent logEmail + name only as long as the subscription is active. Consent log (timestamp + IP) retained 3 years to cover statutory limitation period (§ 195 BGB) for complaints under § 7 UWG.
Cookies (incl. analytics)30 min – 14 monthsPer-tool detailed in 6.9. GA4 capped at 14 months (the GA4 minimum, shorter possible only via property reset); all other tools below or equal to industry standard.
Cookiebot consent12 monthsMaximum window the EDPB considers reasonable for repeat-consent requests. After 12 months a fresh banner appears.
6. Cookies, analytics & tracking
This website uses analytics and tracking tools that go beyond pure reach measurement and create usage profiles. Personal data may be processed (in particular IP address, device and browser information, behaviour data) and transferred to third countries (including the USA). Legal basis is your consent pursuant to § 25 (1) TTDSG and Art. 6 (1) (a) GDPR. The consent is granted on first visit via our cookie banner and can be withdrawn at any time with effect for the future — see section 6.10 below. Withdrawal is as simple as granting consent (Art. 7 (3) GDPR); the lawfulness of processing carried out on the basis of consent prior to withdrawal remains unaffected.
6.0 Consent management (Cookiebot)
Provider: Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (a Usercentrics company) — EU-based. Purpose: Cookiebot is the consent management platform (CMP) we use to document your consent in line with § 25 TTDSG and Art. 7 GDPR and to block analytics / tracking tools until you opt in. Data: Cookiebot stores a ‘CookieConsent’ cookie containing your consent state (categories, timestamp, anonymous identifier) and a server-side consent log. Retention: up to 12 months from the moment consent is given; renewed on each new visit after expiry. Legal basis: the processing of consent itself rests on Art. 6 (1) (c) GDPR (legal obligation to document consent). Third-country transfer: primary processing in the EU; sub-processors may include service providers outside the EEA under EU Standard Contractual Clauses. Data processing agreement: concluded with Cybot A/S. More info:Cookiebot Privacy Policy.
6.1 Google Analytics 4
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, USA). Purpose: Tracking tool that goes beyond pure reach measurement. Google uses the collected data for the operation of GA4 and partly for its own purposes (no commissioned processing in the narrow sense for these purposes). Data: pseudonymous identifiers (client ID), IP address (shortened on EU server, see below), page views, dwell time, scroll depth, click events, device and browser information, approximate location (country / region from IP). Retention: up to 14 months for event-level data, then automatic deletion. IP shortening: The IP address is shortened on an EU server before being forwarded to the USA (‘_anonymizeIp’ equivalent in GA4 is active by default). Third-country transfer: data is processed on servers in the USA. Safeguards: EU Standard Contractual Clauses and the EU-US Data Privacy Framework (Adequacy Decision of 10 July 2023). Note that the supervisory authorities point out that the legal certainty gained may only be temporary; previous adequacy regimes (Safe Harbor, Privacy Shield) were invalidated by the CJEU. Data processing agreement: concluded with Google Ireland Ltd. More info:Google Privacy Policy, Browser opt-out.
6.2 Microsoft Clarity
Provider: Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (parent: Microsoft Corporation, USA). Purpose: Session recordings and heatmaps to improve usability. Note: session recordings are a particularly intensive form of processing — they can capture sensitive content even though input fields are masked by default. We have configured the strictest masking level (‘Strict’) for all form fields. Data: mouse movements, clicks, scroll behaviour, page views, device and browser information, shortened IP address, country. Retention: up to 12 months from the last recorded session. Third-country transfer: Microsoft is a US group; data may be processed on servers in the USA. Safeguards: EU Standard Contractual Clauses and the EU-US Data Privacy Framework. The reservations noted above for GA4 apply analogously. Data processing agreement: Microsoft Online Services DPA concluded. More info:Microsoft Privacy Statement.
6.3 Leadfeeder (Dealfront)
Provider: Dealfront Germany GmbH (Leadfeeder), Markgrafenstraße 36, 10117 Berlin, Germany — EU-based provider. Purpose: B2B identification of visiting companies based on commercially licensed IP-address databases (e.g. RIPE, ARIN, public corporate IP ranges). We use this to inform our sales outreach. The aim is identification of the company, not of an individual user. Important note from a data protection perspective: IP addresses can constitute personal data, particularly when combined with other data. We therefore treat Leadfeeder processing as relevant under GDPR. Data: IP address, page views, timestamp, dwell time, referrer. Data sources: Dealfront enriches IP data with publicly available company information and licensed B2B databases. Retention: up to 12 months on visit level; aggregated reports may be retained longer. Third-country transfer: Dealfront operates primarily on EU infrastructure; sub-processors may include US service providers under EU Standard Contractual Clauses. Data processing agreement: concluded with Dealfront Germany GmbH. More info:Dealfront Privacy Policy.
6.4 Google Ads
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent: Google LLC, USA). Purpose: We use Google Ads conversion tracking and (where activated) remarketing to measure the success of advertising campaigns and to address visitors with relevant ads. Data: pseudonymous click ID (gclid), conversion event, conversion timestamp, device and browser information. Cookies used include `_gcl_au` (conversion linker) and `test_cookie` (doubleclick.net technical test cookie). Retention: `_gcl_au` up to 90 days, conversion logs in the Google Ads account according to Google retention settings. Third-country transfer: data is processed on Google servers including the USA. Safeguards: EU Standard Contractual Clauses and the EU-US Data Privacy Framework. Data processing agreement: concluded with Google Ireland Ltd. More info:Google Privacy Policy, Ad personalisation settings.
6.5 LinkedIn Insight Tag
Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (parent: LinkedIn Corporation, USA). Purpose: The LinkedIn Insight Tag enables campaign measurement, audience analytics and (where activated) retargeting for LinkedIn ad campaigns. Data: IP address (truncated), timestamp, page URL, device characteristics, LinkedIn member ID where the visitor has been logged in to LinkedIn. Cookies used include `bcookie`, `lidc`, `bscookie`. Retention: up to 6 months for direct identifiers; aggregated campaign reports may be retained longer. Third-country transfer: data is processed on LinkedIn servers including the USA. Safeguards: EU Standard Contractual Clauses and the EU-US Data Privacy Framework. Data processing agreement: concluded with LinkedIn Ireland Unlimited Company. More info:LinkedIn Privacy Policy, LinkedIn opt-out.
6.5a Meta Pixel (Facebook Pixel)
Provider: Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland (parent: Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA). Purpose: The Meta Pixel (also ‘Facebook Pixel’) enables reach measurement, conversion tracking and (where activated) retargeting for advertising campaigns on Facebook and Instagram. It lets us measure the effectiveness of our ads and show relevant advertising to visitors. Data: pseudonymous identifiers, IP address, device and browser information, referrer URL, triggered events (e.g. page view). Cookies used include `_fbp` (first-party cookie used to recognise the browser) and `_fbc` (click identifier derived from the `fbclid` URL parameter). If the visitor was logged in to Facebook / Instagram at the time of the visit, Meta can attribute the visit to the respective account. Joint controllership: for the collection and transmission of the data to Meta there is joint controllership within the meaning of Art. 26 GDPR between us and Meta; we have concluded Meta’s controller addendum for this. Meta is solely responsible for any subsequent processing of the data for its own purposes. Retention: `_fbp` up to 90 days; on the event level according to the retention settings in the Meta Events Manager. Third-country transfer: data is processed on Meta servers including the USA. Safeguards: EU Standard Contractual Clauses and the EU-US Data Privacy Framework (Adequacy Decision of 10 July 2023). The reservations noted above for GA4 apply analogously. Legal basis: your consent pursuant to § 25 (1) TTDSG and Art. 6 (1) (a) GDPR. The pixel is only loaded after you have given consent via our Cookiebot banner. More info:Meta Privacy Policy, Meta ad settings.
6.6 Google Tag Manager
Provider: Google Ireland Limited (see 6.1). Purpose: Google Tag Manager (GTM) is a tag-management system that loads other tracking tags (e.g. Google Analytics, Google Ads, LinkedIn Insight Tag) on this website. GTM itself does not set any cookies and does not collect personal data per se; it only orchestrates the tags loaded after consent. Data: technical request data (IP address, timestamp, user agent) is briefly seen by Google’s GTM-loader server. No persistent identifier is set by GTM itself. Third-country transfer: the GTM loader is hosted on Google infrastructure including the USA. Safeguards as in 6.1. Note: we have configured GTM so that no measurement tag fires before you have given consent via our Cookiebot banner. More info:Google Privacy Policy.
6.7 Cloudflare (CDN & bot management)
Provider: Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA, with EU representative Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich. Purpose: Cloudflare is used by our hosting provider as a Content Delivery Network (CDN) and security layer. The ‘__cf_bm’ cookie is set by Cloudflare’s bot-management to distinguish humans from automated traffic and to mitigate DDoS attacks and content scraping in real time. Why we consider this technically necessary: Without bot-mitigation our website would be vulnerable to credential-stuffing, scraping and DDoS attacks that compromise availability, integrity and the security of the personal data we process (e.g. lead-magnet form submissions, newsletter signups). Bot-mitigation is therefore a technical security measure within the meaning of Art. 32 GDPR (security of processing). Cloudflare itself classifies ‘__cf_bm’ as ‘strictly necessary’ (Cloudflare cookie documentation). Replacing Cloudflare bot-management would weaken the security of personal data on this site. Data: IP address, request headers, technical fingerprint of the request. No persistent identifier across sites. Retention: ‘__cf_bm’ cookie expires after at most 30 minutes of inactivity. Aggregated security logs at Cloudflare are retained briefly under Cloudflare’s standard retention. Legal basis: § 25 (2) Nr. 2 TTDSG (technically required to operate the requested service) and Art. 6 (1) (f) GDPR (overriding legitimate interest in a secure, available website). Third-country transfer: Cloudflare is a US group; data may be processed on servers in the USA. Safeguards: EU Standard Contractual Clauses and the EU-US Data Privacy Framework (Adequacy Decision of 10 July 2023). Please note that the legal certainty of the framework may be limited; the General Court of the EU has annulment proceedings pending (case T-553/23). Data processing agreement: concluded as part of the hosting contract. More info:Cloudflare Privacy Policy.
6.8 Google Search Console
Provider: Google Ireland Limited (see 6.1). Purpose: Google Search Console (GSC) lets us monitor how the site performs in Google’s search results — indexing status, search queries that lead to the site, click-through rates, technical crawl errors. Cookies / tracking on visitors: GSC itself sets no cookies on visitors of this website and runs no client-side script. The site ownership is verified by a static HTML meta tag and / or a DNS TXT record. Data: aggregated search analytics from Google’s side (search queries, impressions, clicks); these are not directly linked to individual visitors. The data is made available to us only in aggregated form. Legal basis: Art. 6 (1) (f) GDPR — legitimate interest in monitoring the site’s search visibility. Third-country transfer: the aggregated reporting is generated on Google infrastructure including the USA. Safeguards as in 6.1. More info:Google Privacy Policy.
6.9 Cookie storage durations
Session cookies are deleted when the browser is closed. Permanent cookies have the following maximum lifetimes: Google Analytics 4 — up to 14 months (data retention shortened to 14 months in GA4 settings); Microsoft Clarity — up to 12 months; Google Ads (`_gcl_au`) — up to 90 days; Meta Pixel (`_fbp`) — up to 90 days; LinkedIn (`bcookie`) — up to 6 months; Cloudflare (`__cf_bm`) — at most 30 minutes of inactivity; Leadfeeder — typically session-based, not stored on the device; CookieConsent (Cookiebot) — up to 12 months from the moment consent is given.
6.10 Withdrawal of consent
You can withdraw your consent at any time with effect for the future — withdrawal is as easy as granting consent:
1. Open cookie settings: click the ‘Cookie settings’ link in the footer to re-open the banner and adjust your choice (this controls all of GA4, Clarity, Google Ads, LinkedIn, Meta Pixel and Leadfeeder). 2. By email: send a short message to info@daniel-herrmann.io — we will block the relevant tools for you. 3. Per tool: for Google Analytics the official browser opt-out is available; for Google Ads under Ad personalisation settings; for LinkedIn under LinkedIn opt-out; for the Meta Pixel under Meta ad settings. Microsoft Clarity and Leadfeeder are controlled exclusively via our cookie banner.
The lawfulness of processing carried out on the basis of consent prior to withdrawal remains unaffected (Art. 7 (3) GDPR).
7. Web fonts
This website loads Google Fonts. Connection data (in particular the IP address) is transmitted to Google. Provider: Google Ireland Limited (see section 6.1). Legal basis: Art. 6 (1) (f) GDPR — legitimate interest in a consistent typographic presentation. As an alternative, fonts are also held in a local fallback so that font loading can fail safely without breaking the layout.
8. Technical and organisational measures (TOM)
To protect your data we implement appropriate technical and organisational measures pursuant to Art. 32 GDPR — among them: TLS encryption (HTTPS) for the entire site, encrypted database connections, server hosting in the EU (Kinsta / GCP Frankfurt), restricted admin access via individual accounts with strong passwords and 2FA, regular automatic backups, role-based access controls, a documented record of processing activities pursuant to Art. 30 GDPR, and data minimisation at the application level. We continuously review and update these measures.
9. Your rights
Under the GDPR you have the following rights:
Right of access (Art. 15 GDPR) — information about which of your personal data we process.
Right to rectification (Art. 16 GDPR) — correction of inaccurate data.
Right to erasure (Art. 17 GDPR) — deletion of your data where the legal conditions are met.
Right to restriction of processing (Art. 18 GDPR).
Right to data portability (Art. 20 GDPR) — receipt of your data in a structured, common, machine-readable format.
Right to object (Art. 21 GDPR) — to processing based on legitimate interest, including for direct marketing. See highlighted box below.
Right to withdraw consent (Art. 7 (3) GDPR) — at any time with effect for the future, see section 6.10.
Right to lodge a complaint (Art. 77 GDPR) — with a supervisory authority, in particular in the EU member state of your residence, your workplace or the location of the alleged infringement. Competent supervisory authority for our office location: Independent Data Protection Centre Saarland (Unabhängiges Datenschutzzentrum Saarland), Fritz-Dobisch-Straße 12, 66111 Saarbrücken.
Requests regarding these rights are to be directed to: info@daniel-herrmann.io. We will respond within the statutory period (usually one month).
10. Currency of this Privacy Policy
Last updated: 29 June 2026. We reserve the right to adapt this policy so that it always meets current legal requirements. The current version is always retrievable from this website.
Callback
When should we call you back?
Tell us when fits you and what it's about — we'll call back within the next business day.
Got it. We'll call you back.
You'll receive a confirmation email shortly. Daniel calls back within one business day.
Free material by email
Your material is on the way.
Enter your name and email — we send the material directly to your inbox, with a short personal note from Daniel.
Thanks — check your inbox.
We just sent the material to your email. If it doesn't arrive within a few minutes, please check your spam folder.
Once a month · CSV practice
CSV insights from real Pharma projects.
What you get next: the GAMP 5 2nd Edition impact, what the FDA CSA Final Guidance means for your validation strategy, and the 8-week CSV sprint we deliver in 60+ projects. Unsubscribe anytime in one click.
Almost done.
Confirm your email via the link we just sent to your inbox. After confirmation we'll send the latest newsletter issue right away.
We use your data exclusively for the newsletter. No sharing with third parties. Privacy policy.