Data Protection Declaration

Data Protection Declaration of Pharmaserv GmbH, version dated 1 October 2019

I. Name and address of data controller

The controller within the meaning of the GDPR, the national data protection laws of the member states and all other data protection regulations is:

Pharmaserv GmbH
Emil-von-Behring-Straße 76
35041 Marburg
Germany
Tel.: +49 6421 39-14
E-mail: info@pharmaserv.de
Website: www.pharmaserv.de

II. Name and address of the data protection officer

The controller’s data protection officer is:

Stephan Menzemer,
acting on behalf of GvW Graf von Westphalen GmbH

dataprotection@infrareal.de

Postal contact details (if required for your documents):
Stephan Menzemer
GvW Graf von Westphalen
Ulmenstraße 23-25
D-60325 Frankfurt am Main

III. General information on data processing

1. Scope of the processing of personal data
In principle, we only collect and utilise the user’s personal data insofar as this is necessary to provide a functional website, to display our content and to render our services. As a rule, the user’s personal data is only collected and utilised with their consent. Exceptions apply in cases where the user's prior consent cannot be obtained for valid reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data
The legal basis for obtaining the data subject’s consent to the processing of their personal data is Art. 6(1)(a) General Data Protection Regulation (GDPR).
The legal basis for the processing of personal data when the processing is necessary for the performance of a contract to which the data subject is party is Art. 6(1)(b). This also applies to processing which is necessary to take steps prior to entering into a contract.
The legal basis for the processing of personal data which is necessary for compliance with a legal obligation to which our company is subject is Art. 6(1)(c) GDPR.
The legal basis for the processing of personal data in cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person is Art. 6(1)(d) GDPR.
The legal basis for the processing of personal data in cases where the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and these interests are not overridden by the interests or fundamental rights and freedoms of the data subject is Art. 6(1)(f) GDPR.

3. Data erasure and storage period
The data subject’s personal data will be erased or blocked as soon as the purpose for which it was saved no longer applies. The data subject's personal data may also be stored if the European or national legislator specifies this on the basis of EU directives, laws or other regulations to which the controller is subject. The data will also be blocked or erased when a storage period prescribed in the above-mentioned norms expires insofar as the data does not have to be stored for a longer period in order to conclude or fulfil a contract or to establish, exercise or defend legal claims.
We have the right to refrain from erasing personal data if statutory retention obligations exist or the storage of this data is permitted by law.

4. Transmission of personal data to third parties
Section VII applies to the transmission of personal data when credit card payments are made in our Pharmaserv shop at www.pharmaserv-shop.de/.
We process your personal data in cooperation with companies affiliated with our corporation if this is required for purposes such as invoicing. We are permitted to transmit your personal data to the companies affiliated with our corporation in such cases.

IV. Provision of the website and creation of log files

1. Description and scope of data processing
Whenever our website is accessed, our system automatically records data and information from the system of the accessing computer.
The data collected encompasses information on

  1. The browser type and version used
  2. The user’s operating system
  3. The user’s internet service provider
  4. The user’s IP address
  5. Date and time of access
  6. Websites from which the user's system accessed our website
  7. Websites accessed from the user’s system via our website

The data is also stored in our system's log files. This data is not stored together with any of the user's other personal data.

2. Legal basis for the data processing
The legal basis for the temporary storage of the data and log files is Art. 6(1)(f) GDPR.

3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary in order to transmit the website to the user's computer. The user’s IP address has to be stored for the duration of the session. The data is stored in log files in order to safeguard the functionality of the website. The data also enables us to optimise the website and to safeguard the security of our information technology systems. This data is not evaluated for marketing purposes.
These purposes also comprise our legitimate interest in the processing of the data as set out in Art. 6(1)(f) GDPR.

4. Storage period
The data will be erased as soon as it is no longer required for the purpose for which it was collected. If the data was collected in order to make the website available, this is the case once the respective session ends.
If the data has been stored in log files, this is the case after a maximum of seven days. It is possible to store the data for longer periods. In this case, the user’s IP addresses will be erased or disguised so that the accessing client can no longer be identified.

5. Right to object and right to rectification
The collection of data for the purpose of making the website available and the storage of data in log files is essential for the operation of the website. The user is therefore not entitled to object to this.

V. Use of cookies


VI. Contact form and email contact

1. Description and scope of data processing
Our website contains a contact form and/or a "telephone service" form, both of which can be used to contact us electronically. Should a user make use of this facility, the data entered into the entry mask will be transmitted to us in encrypted form. The data will no longer be stored on the website after it has been transmitted by e-mail to the data controller. This data includes the following:

  1. Query/subject
  2. Company
  3. Function
  4. First name
  5. Surname
  6. Street, house no.
  7. Postcode
  8. Town or city
  9. E-mail address
  10. Telephone number
  11. Message

In order to process the data, your consent will be obtained during the sending process and reference will be made to this data protection declaration.
You may also contact us using the e-mail address provided. In this case, we will store the personal data transmitted with your e-mail.
Your data will not be transmitted to any third party during this process. Your data will only be used to process the correspondence.

Persons under 18 should not send us any personal data without the consent of their parents or guardians.

2. Legal basis for the data processing
Provided the user's consent has been obtained, the legal basis for the processing of the data is Art. 6(1)(a) GDPR.
The legal basis for the processing of data which is transmitted when sending an email is Art. 6(1)(f) GDPR. If contact was made by e-mail for the purpose of concluding a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR.

3. Purpose of the data processing
We process the personal data entered into the entry mask solely for the purpose of processing the correspondence you have initiated. If you contacted us by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data transmitted during the sending process is processed in order to prevent misuse of the contact form and to safeguard the security of our information technology systems.

4. Storage period
The data will be erased as soon as it is no longer required for the purpose for which it was collected. For the personal data from the entry mask in the contact form and the personal data which was sent by email, this is the case when the respective correspondence with the user has come to an end. The correspondence is understood to have come to an end if it is clear from the circumstances that the matter at hand has been conclusively clarified.  
The additional personal data collected during the sending process will be erased after a maximum of seven days.

5. Right to object and right to rectification
The user may withdraw their consent to the processing of their personal data at any time. Should the user contact us by email, they can object to the storage of their personal data at any time. If they choose to exercise this right, it will no longer be possible to continue the correspondence. Please send the requisite information to info(at)pharmaserv.de. In these circumstances, all the personal data that was stored during the correspondence will be erased.

VII. Web analysis by Matomo (formerly Piwik)

1. Scope of the processing of personal data
We use the open software tool Matomo (formerly Piwik) on our website in order to analyse the surfing behaviour of our users. The software installs a cookie on the user's computer (see section V above in relation to cookies). The following data is stored when individual pages on our website are accessed:

  1. Two bytes of the IP address of the user’s accessing system
  2. The web page accessed
  3. The website from which the user was directed to the web page (referrer)
  4. The sub pages which were accessed from the web page
  5. The duration of the visit to the web page
  6. The frequency with which the website was accessed.

The software runs exclusively on our website servers. This is the only place where the user's personal data is stored. The data is not transmitted to any third party.
The software is configured in such a way that the IP addresses are not saved in full; instead, 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). This means that the shortened IP address can no longer be associated with the accessing computer.

2. Legal basis for the processing of personal data
The legal basis for the processing of the user's personal data is Art. 6(1)(f) GDPR.

3. Purpose of the data processing
The processing of the user's personal data enables us to analyse their surfing behaviour. Evaluating the data collected enables us to compile information concerning the use of individual website components. This helps us to continue improving our website and make it more user-friendly. These purposes also constitute our legitimate interest in the processing of the data in accordance with Art. 6(1)(f) GDPR. Anonymising the IP address gives due consideration to the user's interest in the protection of their personal data.

4. Storage period
The data will be erased as soon as it is no longer required for our records.  
For us, this will be the case after a period of 6 months.

5. Right to object and right to rectification
Cookies are stored on the user’s computer, from where they are transmitted to our website. As the user, you therefore have full control of the use of cookies. You can deactivate or restrict the transmission of cookies by changing your web browser settings. Cookies which have already been stored can be deleted at any time. This can also be effected automatically. If cookies are deactivated for our website, it may no longer be possible to use all its functions in full.
On our website, we offer our users the option of opting out of the analysis procedure. To do this, please click on the corresponding link in the legal notice. This will install another cookie on your computer that will instruct our system not to store your data. Should you delete this opt-out cookie from your system, you will have to reinstall it.
You can find further information concerning the privacy settings of the Matomo software at the following link: matomo.org/docs/privacy/.

VIII. Use of Google Analytics with anonymisation function

Our website uses functions provided by the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. (https://about.google/intl/en/)

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and facilitate analysis of your website use. The information generated by the cookies regarding your use of our website (e.g. your IP address and when, where and how often you access our web pages) is usually transmitted to a Google server in the USA and stored there.

In order to ensure that your IP address cannot be linked to a specific person, it is shortened immediately after collection (e.g. by erasing the last 8 bit); this causes it to be anonymised. The anonymisation applies to all European Union member states and other states that are party to the treaty on the European Economic Area. Further information about IP anonymisation and Google's use of your data is available at https://support.google.com/analytics/answer/2763052

Browser add-on
You can prevent the storage of cookies by configuring your browser settings accordingly. However, please note that if you do so, you may not be able to use all the functions on this website in full. You can also prevent the data regarding your website use (incl. your IP address) generated by the cookies from being collected and processed by Google by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout

Objection to the collection of data
You can prevent Google Analytics from collecting your data by clicking on the link above. This will install an opt-out cookie which will prevent your data from being collected on future visits to this website.

Further information on data protection in connection with Google Analytics is available on the Google Analytics help page at the following link: https://support.google.com/analytics/answer/6004245?hl=de

IX. Google Adwords conversion tracking

We use conversion tracking to collect statistics regarding the use of our website in order to optimise our website for our users. If you access our website through a Google advertisement, Google Adwords will install a cookie on your computer for this purpose. These cookies become invalid after 30 days and are not used to identify you personally. If the user visits certain pages on the Adwords client's website and the cookie has not yet expired, Google and the client can see that the user has clicked on the advertisement and was forwarded to this page.

Each Adwords client receives a different cookie. It is therefore impossible to track cookies through the websites of Adwords clients. The information obtained with the help of the conversion cookie is used to generate conversion statistics for Adwords clients who have decided to use conversion tracking. The Adwords clients receive information on the total number of users who have clicked on their advertisement and were forwarded to a web page containing a conversion tracking tag. However, they do not receive any information with which the user can be personally identified.

If you do not wish to take part in the tracking process, you can also refuse permission for the necessary cookie to be installed, for example by configuring your browser settings in such a way that the automatic installation of cookies is generally deactivated. You can also deactivate conversion tracking cookies by configuring your browser to block cookies from the domain “www.googleadservice.com”. Google’s conversion tracking privacy notice can be accessed at the following link: https://services.google.com/sitestats/de.html

X. Embedded YouTube videos

We have embedded YouTube videos into our website which are stored at www.YouTube.com and can be played directly on our website. These are all embedded in “privacy-enhanced mode”, i.e. so that none of your user data is transmitted to YouTube if you do not play the videos. The data specified in the next paragraph is only transmitted when you play the videos. We have no influence over the transmission of this data.

When you visit the website, YouTube receives the information that you have accessed the corresponding sub page on our website. The data specified in section III of this Declaration is also transmitted. This happens regardless of whether you are logged into a YouTube user account or have no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish this data to be assigned to your YouTube profile, you must log out before activating the button. YouTube will store your data in the form of usage profiles and use it for the purpose of advertising, market research and/or the demand-oriented display of its website. Your data (even if you are not logged in) is used in particular to display demand-oriented advertising and to inform other social network users of your activities on our website. You have the right to object to the generation of these user profiles and must contact YouTube if you wish to exercise it.

Further information on the scope and purpose of the collection and processing of data by YouTube is provided in the privacy policy. Here you will also receive further information on your rights and the ways in which you can adjust your settings in order to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework

XI. Google Maps

This website uses the product Google Maps, which is provided by Google Inc. By using this website, you are declaring your agreement to the capture, processing and use of automatically collected data by Google Inc., its representatives and third parties.

The terms and conditions of use of Google Maps can be found under "Google Maps Additional Terms of Service".

XII. References to external Internet pages

The Internet pages of Pharmaserv GmbH contain references (so-called hyperlinks) to Internet pages and offers of third parties. Pharmaserv is not responsible for the data protection strategies or the content of these third-party websites. In the case of hyperlinks to third countries outside the EEA, there is a risk that data (e.g. the IP address) may be read, e.g. by authorities in the USA.

XIII. Rights of the data subject

If your personal data is processed, you are a data subject as defined in the GDPR and have the following rights vis-à-vis the data controller:

1. Right of information
You can request confirmation from the data controller as to whether we are processing your personal data.
If this is the case, you can request the following information from the data controller:

  1. the purposes for which your personal data is being processed;
  2. the categories of personal data which are being processed;
  3. the recipients and/or categories of recipients to whom your personal data has been disclosed or will be disclosed in the future;
  4. the period for which your personal data will be stored or, if no specific information can be given, the criteria according to which the storage period will be determined;
  5. the existence of a right to have your personal data rectified or erased, a right to have the controller restrict the processing of your data and the right to object to such processing;
  6. the existence of a right to complain to a supervisory authority;
  7. all available information concerning the origin of the data in cases where the personal data was not collected from the data subject;
  8. the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organisation. In this respect, you can request to be informed of the appropriate safeguards in connection with the transfer as prescribed in Art. 46 GDPR.

2. Right to rectification
You have the right to have the controller rectify or complete your personal data insofar as the personal data being processed is incorrect or incomplete. The controller must make any such adjustments immediately.

3. Right to restriction of processing
You have the right to request restriction of the processing of your personal data if the conditions set out below are met:

  1. if you contest the accuracy of your personal data for a period enabling the controller to verify its accuracy;
  2. if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  3. the controller no longer requires the personal data for processing but you require the data in order to assert, exercise or defend legal claims, or
  4. if you have objected to the processing in accordance with Art. 21(1) GDPR and it is not yet clear whether legitimate reasons on the part of the controller outweigh your reasons.

If the processing of your personal data has been restricted, this data – with the exception of the storage thereof – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a member state.
If the processing of data has been restricted in accordance with the conditions set out above, you shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure
a) Erasure obligation
You have the right to have the data controller erase your personal data without undue delay and the controller shall be obliged to do so where one of the following grounds applies:

  1. Your personal data is no longer required for the purposes for which it was collected or otherwise processed.
  2. You withdraw the consent on which the processing in accordance with Article 6(1)(a) or Art. 9(2)(a) GDPR was based and there is no other legal basis for the processing.
  3. You object to the processing in accordance with Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Art. 21(2) GDPR.
  4. Your personal data has been processed unlawfully.
  5. The erasure of your personal data is necessary in order to fulfil a legal obligation under EU law or the law of the member states to which the controller is subject.
  6. Your personal data was collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

b) Information to third parties
Should the controller have made your personal data public and should the controller be obliged to erase it pursuant to Article 17(1) GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure of any links to, or copy or replication of, your personal data.

c) Exceptions
No right to erasure exists if the processing is necessary

  1. to exercise the right to freedom of opinion and information;
  2. for compliance with a legal obligation which requires processing by Union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9(2) as well as Article 9(3) GDPR;
  4. to assert, exercise or defend legal claims.

5. Right to be informed
If you have exercised the right to rectification, erasure or restriction of processing vis-a-vis the controller, the controller is obliged to communicate this rectification or erasure of or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves to be impossible or involves disproportionate effort.
You have the right to request the controller to furnish you with information on these recipients.

6. Right to data portability
You have the right to receive the personal data which you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was provided, insofar as

  1. the processing is based on your consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or based on a contract pursuant to Art. 6(1)(b) GDPR and
  2. the processing takes place with the assistance of automated procedures.

Furthermore, when exercising this right, you have the right to make sure that the controller transmits your personal data directly to another controller, should this be technically possible. The freedoms and rights of other persons may not be adversely affected as a result.
The right to data portability does not apply to the processing of personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object
For reasons connected to your specific situation, you have the right to submit an objection at any time to the processing of your personal data which takes place under Article 6 Paragraph 1 Letter e) or f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing is required for the establishment, exercise or defence of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes; these include profiling insofar as it is related to such direct marketing.
Should you object to the processing of your data for the purpose of direct marketing, your personal data will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw your declaration of consent under data protection laws
You have the right to withdraw your declaration of consent under data protection laws at any time. The withdrawal of your consent will not affect the lawfulness of any processing that took place before you withdrew your consent.

9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision which is based solely on automated processing, including profiling, which has a legal effect on you or significantly impacts you in similar ways. This does not apply if the decision

  1. is necessary in order to conclude or fulfil a contract between yourself and the data controller,
  2. is permitted under the law of the EU or the member states to which the controller is subject and these legal regulations contain reasonable measures for safeguarding your rights, freedoms and your legitimate interests, or
  3. is made with your express consent.

However, these decisions may not relate to special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) applies and reasonable steps were taken to protect your rights, freedoms and legitimate interests.
In relation to the cases named in (1) and (3), the controller will take reasonable measures to safeguard your rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express a point of view and to contest the decision.

10. Right to complain to a supervisory authority
Regardless of other legal remedies under administrative law or before a court, you have the right to complain to a supervisory authority, in particular in the member state of your place of residence, place of work or location of the alleged breach, should you be of the opinion that the processing of your personal data breaches the GDPR.
The supervisory authority with which the complaint was filed will inform the complainant of the status and results of the complaint, including the possibility of recourse to the courts as described in Art. 78 GDPR.

Phone

Give us a call: +49 (0) 64 21 39 - 14

 

E-mail

Contact us by E-mail

Pharmaserv YouTube channel

You will find our latest videos on our YouTube channel .