Data Protection Declaration

Data Protection Declaration of Pharmaserv GmbH, version dated 1 October 2019

I. Name and address of data controller

The controller within the meaning of the GDPR, the national data protection laws of the member states and all other data protection regulations is:

Pharmaserv GmbH
Emil-von-Behring-Straße 76
35041 Marburg
Germany
Tel.: +49 6421 39-14
E-mail: info(at)pharmaserv.de
Website: www.pharmaserv.de

The data protection declaration applies to the following websites:
www.pharmaserv.de
www.jobs.pharmaserv.de
www.pharmaserv-shop.de
www.pharmaserv-logistics.de
www.pharmaserv-logistics.com
www.rechenzentrum-hessen.de
www.was-ist-gmp.de
www.werkfeuerwehr-behring.de
www.behringwerke.de
www.behringwerke.com
www.behringwerke-erleben.de
energiedaten.pharmaserv.de/idspecto/

II. Name and address of the data protection officer

The controller’s data protection officer is:

Jörg Schalow
Infrareal GmbH
Im Schwarzenborn 4
35041 Marburg
Germany
Tel.: +49 6421 39-3690
E-mail: joerg.schalow(at)infrareal.de 
Website: www.pharmaserv.de

III. General information on data processing

1. Scope of the processing of personal data
In principle, we only collect and utilise the user’s personal data insofar as this is necessary to provide a functional website, to display our content and to render our services. As a rule, the user’s personal data is only collected and utilised with their consent. Exceptions apply in cases where the user's prior consent cannot be obtained for valid reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data
The legal basis for obtaining the data subject’s consent to the processing of their personal data is Art. 6(1)(a) General Data Protection Regulation (GDPR).
The legal basis for the processing of personal data when the processing is necessary for the performance of a contract to which the data subject is party is Art. 6(1)(b). This also applies to processing which is necessary to take steps prior to entering into a contract.
The legal basis for the processing of personal data which is necessary for compliance with a legal obligation to which our company is subject is Art. 6(1)(c) GDPR.
The legal basis for the processing of personal data in cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person is Art. 6(1)(d) GDPR.
The legal basis for the processing of personal data in cases where the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and these interests are not overridden by the interests or fundamental rights and freedoms of the data subject is Art. 6(1)(f) GDPR.

3. Data erasure and storage period
The data subject’s personal data will be erased or blocked as soon as the purpose for which it was saved no longer applies. The data subject's personal data may also be stored if the European or national legislator specifies this on the basis of EU directives, laws or other regulations to which the controller is subject. The data will also be blocked or erased when a storage period prescribed in the above-mentioned norms expires insofar as the data does not have to be stored for a longer period in order to conclude or fulfil a contract or to establish, exercise or defend legal claims.
We have the right to refrain from erasing personal data if statutory retention obligations exist or the storage of this data is permitted by law.

4. Transmission of personal data to third parties
Section VII applies to the transmission of personal data when credit card payments are made in our Pharmaserv shop at www.pharmaserv-shop.de/.
We process your personal data in cooperation with companies affiliated with our corporation if this is required for purposes such as invoicing. We are permitted to transmit your personal data to the companies affiliated with our corporation in such cases.

IV. Provision of the website and creation of log files

1. Description and scope of data processing
Whenever our website is accessed, our system automatically records data and information from the system of the accessing computer.
The data collected encompasses information on

  1. The browser type and version used
  2. The user’s operating system
  3. The user’s internet service provider
  4. The user’s IP address
  5. Date and time of access
  6. Websites from which the user's system accessed our website
  7. Websites accessed from the user’s system via our website

The data is also stored in our system's log files. This data is not stored together with any of the user's other personal data.

2. Legal basis for the data processing
The legal basis for the temporary storage of the data and log files is Art. 6(1)(f) GDPR.

3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary in order to transmit the website to the user's computer. The user’s IP address has to be stored for the duration of the session. The data is stored in log files in order to safeguard the functionality of the website. The data also enables us to optimise the website and to safeguard the security of our information technology systems. This data is not evaluated for marketing purposes.
These purposes also comprise our legitimate interest in the processing of the data as set out in Art. 6(1)(f) GDPR.

4. Storage period
The data will be erased as soon as it is no longer required for the purpose for which it was collected. If the data was collected in order to make the website available, this is the case once the respective session ends.
If the data has been stored in log files, this is the case after a maximum of seven days. It is possible to store the data for longer periods. In this case, the user’s IP addresses will be erased or disguised so that the accessing client can no longer be identified.

5. Right to object and right to rectification
The collection of data for the purpose of making the website available and the storage of data in log files is essential for the operation of the website. The user is therefore not entitled to object to this.

V. Use of cookies

1. Description and scope of data processing
Our website uses cookies. Cookies are text files which are saved either in the web browser or by the web browser in the user's computer system. When a user accesses a website, a cookie can be stored in their operating system. This cookie contains a characteristic letter sequence which facilitates clear identification of the browser the next time the website is accessed.
We use cookies in order to make our website more user-friendly. Certain elements of our website also make it necessary for the accessing browser to be identified when a different page is visited.
In this case, the following data is stored and transmitted in the cookies:

Cookie Content Remark
fe_typo_user Session ID Is deleted at the end of the session
displayCookieConsenst Content of the cookie declaration read (yes, no)  
Piwik ignore Response to opt-out query in legal notice This cookie is installed if a visitor decides against the statistical evaluation of their user access by Piwik.

The following data is stored and transmitted in the cookies of the Pharmaserv shop at www.pharmaserv-shop.de:

Cookie Content Remark
__csrf-token-1   Needed to determine whether requests made in the shop are sent by the respective user or are cross-site request forgeries. This is a security device.
session-1 Shop session ID Identification of your session; this cookie is necessary to identify the user
x-ua-device Mobile / desktop Information about the type of device the visitor is using; this cookie is necessary to ensure that the correct front end is delivered to the user.
x-cache-context-hash   Specifies which content is displayed from the cache
nocache   Specifies which information may not be displayed from the cache (e.g. prices)

Our website also uses cookies which facilitate analysis of user surfing behaviour (cf. Section VIII. Web analysis using Matomo, previously Piwik).
The user data collected in this way is pseudonymised by means of technical measures. This means the data can no longer be assigned to the accessing user. The data is not stored together with the user's other personal data.
When accessing our website, an info banner informs users that cookies are being used for analytical purposes; users are also referred to this data protection declaration. Information is also provided as to how the user can change their browser settings in order to prevent the storage of cookies.
When accessing our website, the user is informed that cookies are being used for analytical purposes and their consent is obtained to the processing of the personal data used in this context. A reference is also made to this data protection declaration.

2. Legal basis for the data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6(1)(f) GDPR.
In cases where the user's consent has been obtained, the legal basis for the processing of personal data using cookies for analytical purposes is Art. 6(1)(a) GDPR.

3. Purpose of the data processing
Technically necessary cookies are required to simplify the use of the website for the user. Certain functions on our website cannot be provided without the use of cookies. For these, it is essential that the browser is recognised after the user clicks on another page.
The user data collected by technically necessary cookies is not used to create user profiles. We use cookies as described in section V. a.
Analytical cookies are used to improve the quality of our website and its contents. The analytical cookies furnish us with information on how the website is being used, thus enabling us to continue optimising it.
These purposes also constitute our legitimate interest in processing the user’s personal data in accordance with Art. 6(1)(f) GDPR.

4. Storage duration, right to object and right to rectification
Cookies are stored on the user’s computer, from where they are transmitted to our website. As the user, you therefore have full control of the use of cookies. You can deactivate or restrict the transmission of cookies by changing your web browser settings. Cookies which have already been stored can be deleted at any time. This can also be effected automatically. If cookies are deactivated for our website, it may no longer be possible to use all its functions in full.

VI. Registration with the PHARMASERV shop at www.pharmaserv-shop.de/

1. Description and scope of the data processing
It is possible to register with the Pharmaserv shop via our website. Should a user make use of this option, the data entered into the entry mask will be transmitted to us in encrypted form. Following the transmission, the data will be sent to the relevant department by e-mail and saved in the back end of the shop software. This data includes the following:

  1. Title
  2. Company
  3. Tax number
  4. First name
  5. Surname
  6. Street, house no.
  7. Postcode
  8. Town or city
  9. E-mail address
  10. Telephone number

Alternatively, we can be contacted at the e-mail address provided. In this case, the personal data transmitted with the e-mail will be stored.
No data will be transmitted to third parties in this situation. The data will only be used in order to process your registration.

Persons under 18 should not send us any personal data without the consent of their parents or guardians.

2. Legal basis for the data processing
Provided the user’s consent has been obtained, the legal basis for the processing of the data is Art. 6(1)(a) GDPR.
The legal basis for the processing of data transmitted when sending an email is Art. 6(1)(f) GDPR. If the e-mail was sent for the purpose of concluding a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR.

3. Purpose of the data processing
We process the personal data provided in the entry mask in order to process your registration. User registration is necessary for the display of certain content and services on our website. If contact is made by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during transmission serves the purpose of preventing abuse of the registration function and safeguarding the security of our information technology systems.

4. Storage period
The data will be erased as soon as it is no longer required for the purpose for which it was collected. With regard to the personal data collected during the registration process, this will be the case when the correspondence with the user is at an end. The correspondence is understood to be at an end when it can be determined from the circumstances that the customer is no longer using the shop.  
Following the conclusion of a contract, it may be necessary to save the contracting partner’s personal data in order to comply with contractual or statutory obligations.
The additional personal data collected during the sending process will be erased after a maximum of seven days.

5. Right to object and right to rectification
The user may withdraw their consent to the processing of their personal data at any time. If the user makes contact with us by registering on our website, they can object to the storage of their personal data at any time. If they choose to exercise this right, it will no longer be possible to continue the correspondence. Please send the requisite information to info@pharmaserv.de. In this situation, all the personal data stored during the registration process will be erased.

VII. Credit card payment in the PHARMASERV shop at www.pharmaserv-shop.de/

We have integrated the secupay credit card component provided by secupay AG (hereinafter “secupay”), Goethestr. 6, 01896 Pulsnitz, Germany, into our website. secupay is a payment institution within the meaning of the Payment Services Supervision Act (ZAG) and is registered with the Federal Financial Supervisory Authority (BaFin), Graurheindorfer Str. 108, 53117 Bonn, Germany (registration number: 126737). secupay can be used to make non-cash payments for products and services in the internet.

If you as the data subject select the “Credit card” payment option while placing an order in our Pharmaserv shop, your data will be automatically transmitted to secupay. By selecting this payment option, you consent to your personal data being transmitted for the purpose of completing the payment.

When making a payment using secupay, you as the purchaser send your payment data to secupay, which then performs a technical check of the probability of default. We as the online dealer then receive an automated message from secupay notifying us that the payment transaction has been effected.

The personal data exchanged with secupay consists of your first name, surname, address, e-mail address, IP address, telephone number and any other data required to execute the payment transaction. This data is transmitted for the purpose of executing the payment transaction and preventing fraud. We will also transmit other personal data to secupay if we have a legitimate interest in the transmission. In certain circumstances, secupay may transmit the personal data exchanged by secupay and ourselves to credit information agencies. This transmission serves the purpose of checking the customer's identity and credit standing.

secupay may transmit the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed by a contract processor.

You as the data subject can withdraw your consent to secupay's processing of your personal data at any time. This withdrawal will not encompass personal data that has to be processed, used or transmitted in order to execute (contractual) payments.

secupay’s data protection provisions can be accessed at secupay.com/en/privacy-policy.

VIII. Contact form and email contact

1. Description and scope of data processing
Our website contains a contact form and/or a "telephone service" form, both of which can be used to contact us electronically. Should a user make use of this facility, the data entered into the entry mask will be transmitted to us in encrypted form. The data will no longer be stored on the website after it has been transmitted by e-mail to the data controller. This data includes the following:

  1. Query/subject
  2. Company
  3. Function
  4. First name
  5. Surname
  6. Street, house no.
  7. Postcode
  8. Town or city
  9. E-mail address
  10. Telephone number
  11. Message

In order to process the data, your consent will be obtained during the sending process and reference will be made to this data protection declaration.
You may also contact us using the e-mail address provided. In this case, we will store the personal data transmitted with your e-mail.
Your data will not be transmitted to any third party during this process. Your data will only be used to process the correspondence.

Persons under 18 should not send us any personal data without the consent of their parents or guardians.

2. Legal basis for the data processing
Provided the user's consent has been obtained, the legal basis for the processing of the data is Art. 6(1)(a) GDPR.
The legal basis for the processing of data which is transmitted when sending an email is Art. 6(1)(f) GDPR. If contact was made by e-mail for the purpose of concluding a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR.

3. Purpose of the data processing
We process the personal data entered into the entry mask solely for the purpose of processing the correspondence you have initiated. If you contacted us by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data transmitted during the sending process is processed in order to prevent misuse of the contact form and to safeguard the security of our information technology systems.

4. Storage period
The data will be erased as soon as it is no longer required for the purpose for which it was collected. For the personal data from the entry mask in the contact form and the personal data which was sent by email, this is the case when the respective correspondence with the user has come to an end. The correspondence is understood to have come to an end if it is clear from the circumstances that the matter at hand has been conclusively clarified.  
The additional personal data collected during the sending process will be erased after a maximum of seven days.

5. Right to object and right to rectification
The user may withdraw their consent to the processing of their personal data at any time. Should the user contact us by email, they can object to the storage of their personal data at any time. If they choose to exercise this right, it will no longer be possible to continue the correspondence. Please send the requisite information to info(at)pharmaserv.de. In these circumstances, all the personal data that was stored during the correspondence will be erased.

IX. Web analysis by Matomo (formerly Piwik)

1. Scope of the processing of personal data
We use the open software tool Matomo (formerly Piwik) on our website in order to analyse the surfing behaviour of our users. The software installs a cookie on the user's computer (see section V above in relation to cookies). The following data is stored when individual pages on our website are accessed:

  1. Two bytes of the IP address of the user’s accessing system
  2. The web page accessed
  3. The website from which the user was directed to the web page (referrer)
  4. The sub pages which were accessed from the web page
  5. The duration of the visit to the web page
  6. The frequency with which the website was accessed.

The software runs exclusively on our website servers. This is the only place where the user's personal data is stored. The data is not transmitted to any third party.
The software is configured in such a way that the IP addresses are not saved in full; instead, 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). This means that the shortened IP address can no longer be associated with the accessing computer.
The following cookies are used:

Cookie Content Remark
_pk_id
_pk_ses
_pk_ref
These cookies are installed by Matomo The analytical tool runs on Pharmaserv GmbH’s web server, where the Matomo data is also stored. Data is not transmitted to any third parties.

 

2. Legal basis for the processing of personal data
The legal basis for the processing of the user's personal data is Art. 6(1)(f) GDPR.

3. Purpose of the data processing
The processing of the user's personal data enables us to analyse their surfing behaviour. Evaluating the data collected enables us to compile information concerning the use of individual website components. This helps us to continue improving our website and make it more user-friendly. These purposes also constitute our legitimate interest in the processing of the data in accordance with Art. 6(1)(f) GDPR. Anonymising the IP address gives due consideration to the user's interest in the protection of their personal data.

4. Storage period
The data will be erased as soon as it is no longer required for our records.  
For us, this will be the case after a period of 6 months.

5. Right to object and right to rectification
Cookies are stored on the user’s computer, from where they are transmitted to our website. As the user, you therefore have full control of the use of cookies. You can deactivate or restrict the transmission of cookies by changing your web browser settings. Cookies which have already been stored can be deleted at any time. This can also be effected automatically. If cookies are deactivated for our website, it may no longer be possible to use all its functions in full.
On our website, we offer our users the option of opting out of the analysis procedure. To do this, please click on the corresponding link in the legal notice. This will install another cookie on your computer that will instruct our system not to store your data. Should you delete this opt-out cookie from your system, you will have to reinstall it.
You can find further information concerning the privacy settings of the Matomo software at the following link: matomo.org/docs/privacy/.

X. Use of Google Analytics with anonymisation function

Our website uses functions provided by the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. (https://about.google/intl/en/)

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and facilitate analysis of your website use. The information generated by the cookies regarding your use of our website (e.g. your IP address and when, where and how often you access our web pages) is usually transmitted to a Google server in the USA and stored there.

In order to ensure that your IP address cannot be linked to a specific person, it is shortened immediately after collection (e.g. by erasing the last 8 bit); this causes it to be anonymised. The anonymisation applies to all European Union member states and other states that are party to the treaty on the European Economic Area. Further information about IP anonymisation and Google's use of your data is available at https://support.google.com/analytics/answer/2763052

Browser add-on
You can prevent the storage of cookies by configuring your browser settings accordingly. However, please note that if you do so, you may not be able to use all the functions on this website in full. You can also prevent the data regarding your website use (incl. your IP address) generated by the cookies from being collected and processed by Google by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout

Objection to the collection of data
You can prevent Google Analytics from collecting your data by clicking on the link above. This will install an opt-out cookie which will prevent your data from being collected on future visits to this website.

Further information on data protection in connection with Google Analytics is available on the Google Analytics help page at the following link: https://support.google.com/analytics/answer/6004245?hl=de

XI. Google Adwords conversion tracking

We use conversion tracking to collect statistics regarding the use of our website in order to optimise our website for our users. If you access our website through a Google advertisement, Google Adwords will install a cookie on your computer for this purpose. These cookies become invalid after 30 days and are not used to identify you personally. If the user visits certain pages on the Adwords client's website and the cookie has not yet expired, Google and the client can see that the user has clicked on the advertisement and was forwarded to this page.

Each Adwords client receives a different cookie. It is therefore impossible to track cookies through the websites of Adwords clients. The information obtained with the help of the conversion cookie is used to generate conversion statistics for Adwords clients who have decided to use conversion tracking. The Adwords clients receive information on the total number of users who have clicked on their advertisement and were forwarded to a web page containing a conversion tracking tag. However, they do not receive any information with which the user can be personally identified.

If you do not wish to take part in the tracking process, you can also refuse permission for the necessary cookie to be installed, for example by configuring your browser settings in such a way that the automatic installation of cookies is generally deactivated. You can also deactivate conversion tracking cookies by configuring your browser to block cookies from the domain “www.googleadservice.com”. Google’s conversion tracking privacy notice can be accessed at the following link: https://services.google.com/sitestats/de.html

XII. Embedded YouTube videos

We have embedded YouTube videos into our website which are stored at www.YouTube.com and can be played directly on our website. These are all embedded in “privacy-enhanced mode”, i.e. so that none of your user data is transmitted to YouTube if you do not play the videos. The data specified in the next paragraph is only transmitted when you play the videos. We have no influence over the transmission of this data.

When you visit the website, YouTube receives the information that you have accessed the corresponding sub page on our website. The data specified in section III of this Declaration is also transmitted. This happens regardless of whether you are logged into a YouTube user account or have no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish this data to be assigned to your YouTube profile, you must log out before activating the button. YouTube will store your data in the form of usage profiles and use it for the purpose of advertising, market research and/or the demand-oriented display of its website. Your data (even if you are not logged in) is used in particular to display demand-oriented advertising and to inform other social network users of your activities on our website. You have the right to object to the generation of these user profiles and must contact YouTube if you wish to exercise it.

Further information on the scope and purpose of the collection and processing of data by YouTube is provided in the privacy policy. Here you will also receive further information on your rights and the ways in which you can adjust your settings in order to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework

XIII. Google Maps

This website uses the product Google Maps, which is provided by Google Inc. By using this website, you are declaring your agreement to the capture, processing and use of automatically collected data by Google Inc., its representatives and third parties.
The terms and conditions of use of Google Maps can be found under "Google Maps Additional Terms of Service".

XIV. Google Web Font

This site uses so-called web fonts provided by Google in order to facilitate the standardised display of fonts. When accessing a page, your browser loads the required web fonts into its browser cache so that the texts and fonts are displayed correctly. Should your browser not support Web Fonts, your computer will use a standard font instead.
You can find further information relating to Google Web Fonts at developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/

XV. Rights of the data subject

If your personal data is processed, you are a data subject as defined in the GDPR and have the following rights vis-à-vis the data controller:

1. Right of information
You can request confirmation from the data controller as to whether we are processing your personal data.
If this is the case, you can request the following information from the data controller:

  1. the purposes for which your personal data is being processed;
  2. the categories of personal data which are being processed;
  3. the recipients and/or categories of recipients to whom your personal data has been disclosed or will be disclosed in the future;
  4. the period for which your personal data will be stored or, if no specific information can be given, the criteria according to which the storage period will be determined;
  5. the existence of a right to have your personal data rectified or erased, a right to have the controller restrict the processing of your data and the right to object to such processing;
  6. the existence of a right to complain to a supervisory authority;
  7. all available information concerning the origin of the data in cases where the personal data was not collected from the data subject;
  8. the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organisation. In this respect, you can request to be informed of the appropriate safeguards in connection with the transfer as prescribed in Art. 46 GDPR.

2. Right to rectification
You have the right to have the controller rectify or complete your personal data insofar as the personal data being processed is incorrect or incomplete. The controller must make any such adjustments immediately.

3. Right to restriction of processing
You have the right to request restriction of the processing of your personal data if the conditions set out below are met:

  1. if you contest the accuracy of your personal data for a period enabling the controller to verify its accuracy;
  2. if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  3. the controller no longer requires the personal data for processing but you require the data in order to assert, exercise or defend legal claims, or
  4. if you have objected to the processing in accordance with Art. 21(1) GDPR and it is not yet clear whether legitimate reasons on the part of the controller outweigh your reasons.

If the processing of your personal data has been restricted, this data – with the exception of the storage thereof – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a member state.
If the processing of data has been restricted in accordance with the conditions set out above, you shall be informed by the controller before the restriction of processing is lifted.

4. Right to erasure
a) Erasure obligation
You have the right to have the data controller erase your personal data without undue delay and the controller shall be obliged to do so where one of the following grounds applies:

  1. Your personal data is no longer required for the purposes for which it was collected or otherwise processed.
  2. You withdraw the consent on which the processing in accordance with Article 6(1)(a) or Art. 9(2)(a) GDPR was based and there is no other legal basis for the processing.
  3. You object to the processing in accordance with Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Art. 21(2) GDPR.
  4. Your personal data has been processed unlawfully.
  5. The erasure of your personal data is necessary in order to fulfil a legal obligation under EU law or the law of the member states to which the controller is subject.
  6. Your personal data was collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

b) Information to third parties
Should the controller have made your personal data public and should the controller be obliged to erase it pursuant to Article 17(1) GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure of any links to, or copy or replication of, your personal data.

c) Exceptions
No right to erasure exists if the processing is necessary

  1. to exercise the right to freedom of opinion and information;
  2. for compliance with a legal obligation which requires processing by Union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9(2) as well as Article 9(3) GDPR;
  4. to assert, exercise or defend legal claims.

5. Right to be informed
If you have exercised the right to rectification, erasure or restriction of processing vis-a-vis the controller, the controller is obliged to communicate this rectification or erasure of or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves to be impossible or involves disproportionate effort.
You have the right to request the controller to furnish you with information on these recipients.

6. Right to data portability
You have the right to receive the personal data which you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was provided, insofar as

  1. the processing is based on your consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or based on a contract pursuant to Art. 6(1)(b) GDPR and
  2. the processing takes place with the assistance of automated procedures.

Furthermore, when exercising this right, you have the right to make sure that the controller transmits your personal data directly to another controller, should this be technically possible. The freedoms and rights of other persons may not be adversely affected as a result.
The right to data portability does not apply to the processing of personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object
For reasons connected to your specific situation, you have the right to submit an objection at any time to the processing of your personal data which takes place under Article 6 Paragraph 1 Letter e) or f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing is required for the establishment, exercise or defence of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes; these include profiling insofar as it is related to such direct marketing.
Should you object to the processing of your data for the purpose of direct marketing, your personal data will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdraw your declaration of consent under data protection laws
You have the right to withdraw your declaration of consent under data protection laws at any time. The withdrawal of your consent will not affect the lawfulness of any processing that took place before you withdrew your consent.

9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision which is based solely on automated processing, including profiling, which has a legal effect on you or significantly impacts you in similar ways. This does not apply if the decision

  1. is necessary in order to conclude or fulfil a contract between yourself and the data controller,
  2. is permitted under the law of the EU or the member states to which the controller is subject and these legal regulations contain reasonable measures for safeguarding your rights, freedoms and your legitimate interests, or
  3. is made with your express consent.

However, these decisions may not relate to special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) applies and reasonable steps were taken to protect your rights, freedoms and legitimate interests.
In relation to the cases named in (1) and (3), the controller will take reasonable measures to safeguard your rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express a point of view and to contest the decision.

10. Right to complain to a supervisory authority
Regardless of other legal remedies under administrative law or before a court, you have the right to complain to a supervisory authority, in particular in the member state of your place of residence, place of work or location of the alleged breach, should you be of the opinion that the processing of your personal data breaches the GDPR.
The supervisory authority with which the complaint was filed will inform the complainant of the status and results of the complaint, including the possibility of recourse to the courts as described in Art. 78 GDPR.

Phone

Give us a call: +49 (0) 64 21 39 - 14

 

Kontakt per E-Mail

Contact us by E-mail

Pharmaserv YouTube channel

You will find our latest videos on our YouTube channel .