Sec. 1 - Information on the collection of personal data
(1) In the following, we inform you about the collection of personal data when using our website. Personal data is all data that personally relates to you, e.g. your name, address, email addresses, user behaviour, etc.
(2) The controller according to Art. 4 (7) EU General Data Protection Regulation (GDPR) is
Dr. August Wolff GmbH & Co. KG Arzneimittel
You can contact our data protection officer at firstname.lastname@example.org or using our postal address with the prefix 'data protection officer'.
(3) When you contact us by email or through a contact form, the information you provide (your email address, and if applicable, your name and telephone number) will be stored by us to answer your questions. We delete the data that arises in this context after the storage is no longer required, or we limit the processing if statutory retention requirements apply.
(4) If we rely on commissioned service providers for individual functions of our offerings or would like to use your data for advertising purposes, we will inform you in detail about the respective processes. Here, we will also state the specified criteria for the storage duration.
Sec. 2 - Your rights
(1) You have the following rights vis-à-vis us with respect to your personal data:
- Right to information,
- Right to rectification or erasure,
- Right to restriction of the processing,
- Right to object to the processing,
- Right to data portability.
(2) You also have the right to complain to the data protection supervisory authority about us processing your personal data.
Sec. 3 - Collection of personal data when visiting our website
(1) In the case of a merely informative use of the website, i.e. if you do not register or otherwise provide us with information, we will only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and ensure stability and security (legal basis Art. 6 (1) sentence 1, lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the requirement (specific page)
- Access status / HTTP status code
- Each transmitted amount of data
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned by the browser you are using and through which the body that sets the cookie (here by us) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make Internet offerings more user-friendly and effective overall.
a) This website uses the following types of cookies, the scope and operation of which are explained below:
- Transient cookies (see b)
- Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised again when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a predefined period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
d) You can configure your browser setting according to your wishes and e.g. decline the acceptance of third-party cookies or all cookies. Please note that you may not be able to use all features of this site.
Sec. 4 - Other features and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do this, you will generally need to provide other personal data that we use to provide the service and to which the aforementioned data processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly inspected.
(3) Furthermore, we may disclose your personal data to third parties if participation in promotions, competitions, contract conclusions or similar services are offered by us together with partners. Further information can be found by entering your personal data or below in the description of the offering.
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we inform you about the consequences of this circumstance in the description of the offer.
Sec. 5 - Objection or revocation of the right to process your data
(1) If you have given your consent to the processing of your data, you can revoke it at any time. Such revocation will affect the admissibility of the processing of your personal data after you have submitted it to us.
(2) If we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if, in particular, the processing is not required to fulfil a contract with you, which we describe in each case in the following description of the functions. Upon the exercise of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling legitimate reasons for why we will continue the processing.
(3) Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising via the following contact details: email@example.com.
Sec. 6 - Use of our webshop
(1) If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide the personal data we need for the processing of your order. Mandatory information necessary for the execution of the contracts is marked separately. Further details are voluntary. We process the data provided by you to process your order. For this purpose we pass on your payment data to our bank. The legal basis for this is Art. 6 (1), sentence 1, lit. b GDPR.
You can voluntarily create a customer account, so that we can save your data for later purchases. If you create an account under 'My Account', the data you provide will be revocably stored. You can always delete all other data, including your user account, in the customer area.
We may also process the data you provide to inform you of other interesting products from our portfolio or to send you emails with technical information.
(2) Due to commercial and tax regulations, we are obliged to store your address, payment and order data for a period of ten years. However, we restrict the processing after [two years], i.e. your data will only be used to comply with legal obligations.
(3) In order to prevent unauthorised access to your personal data by third parties, in particular financial data, the order process is encrypted using TLS/SSL technology.
Sec. 7 - Use of our partner portal
(1) If you wish to use our partner portal, you must register by providing your email address, a password you have chosen and your chosen username. There is no obligation to use your real name, a pseudonymous use is possible. We use the so-called double-opt-in process for registration, i.e. your registration is only completed if you have previously confirmed your registration via a confirmation email sent to you for this purpose by clicking on the link contained therein. If your confirmation is not received within [24 hours], your registration will be automatically deleted from our database. The specification of the aforementioned data is mandatory. You can voluntarily provide all other information by using our portal.
(2) When you use our portal, we store your data required for the fulfilment of the contract, including details of the payment method, until you ultimately delete your access. Furthermore, we will store the data provided voluntarily by you for the time of your use of the portal, unless you delete it beforehand. All information can be managed and changed in the protected customer area. The legal basis is Art. 6 (1), sentence 1, lit. f GDPR.
(3) If you use the portal, your data may be made available to other participants of the portal in accordance with the contractual service. Unregistered members will not receive information about you. Your [username and photo] will be visible to all registered members, regardless of whether you have approved this. On the other hand, your entire profile with the data you have released is visible to all members who have confirmed you as a personal contact. If you make content accessible to your personal contacts that you do not send by private message, this content will be visible to third parties as far as your personal contact has issued the approval. If you post articles in public groups, they will be visible to all registered members of the portal.
(4) The connection is encrypted using TLS technology in order to prevent unauthorised access to your personal data by third parties, in particular financial data.
Sec. 8 - Newsletter
(1) With your consent, you can subscribe to our newsletter, which informs you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
(2) To register for our newsletter, we use the so-called double opt-in process. This means that after you have registered, we will send you an email to the email address specified in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the process is to prove your registration and, if necessary, to inform you about any possible misuse of your personal data.
(3) The only requirement for sending the newsletter is your email address. The specification of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we store your email address for the purpose of sending the newsletter. The legal basis is Art. 6 (1), sentence 1, lit. a GDPR.
(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each newsletter email, by email to firstname.lastname@example.org or by sending a message to the contact details provided in the Imprint.
(5) We point out that we analyse your user behaviour when sending the newsletter. For this analysis, the emails sent include so-called web beacons or tracking pixels that are one-pixel image files stored on our website. For the analyses, we link the data mentioned in Sec. 3 and the web beacons with your email address and an individual ID.
With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on and deduce your personal interests therefrom. We link this data with actions you have taken on our website .
Also, such tracking is not possible if you have turned off image viewing as default in your email program. In this case, the newsletter will not be displayed completely and you may not be able to use all the features. If you manually enable the images to be viewed, the above tracking takes place.
Sec. 9 - Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service from Google Inc. ('Google'). Google Analytics uses so-called 'cookies', text files that are stored on your computer and enable the analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the US and stored there. In the case of the activation of IP anonymisation on this website, your IP address is shortened beforehand by Google within the member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to continue providing other services related to the website and internet use for the website operator.
(2) Your IP address transmitted by your browser within Google Analytics will not be merged with other data from Google.
(3) You may refuse the saving of cookies via a setting in your browser software. We would point out, however, that you may not be able to use all features of this website in this case. You can also prevent the recording of data generated by the cookie about your use of the website (including your IP address) by Google as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the extension '_anonymizeIp ()'. Through this, IP addresses are further processed in shortened form. A personal reference can be excluded. Insofar as the data collected about you is assigned a personal reference, it will be immediately excluded and the personal data will be deleted immediately.
(5) We use Google Analytics to analyse and regularly improve the use of our website. With these statistics we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the US, Google is subject to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 (1), sentence 1, lit. f GDPR.
(6) Third-party service provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and the data protection statement: http://www.google.de/intl/de/policies/privacy.
[(7) This website also uses Google Analytics for a cross-device analysis of visitor flows conducted using a user ID. You can disable the cross-device analysis of your use in your customer account under 'My Data', 'Personal Data'.]
Sec. 10 - Inclusion of Google Maps
(1) On this website we use the offerings of Google Maps. This allows us to show you interactive maps directly on the website and allow you to conveniently use the map feature.
(2) By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under Sec. 3 of this Statement will be transmitted. This happens regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish to associate with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or needs-based design of its website. Such an analysis is carried out in particular (even for non-logged-in users) for the provision of needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles. To exercise such right, you must contact Google.
(3) For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the data protection statements of these providers. There you will also find further information about your relevant rights and settings options for the protection of your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Sec. 11 - Inclusion of YouTube videos
(1) We have included YouTube videos in our online offerings, which are stored on http://www.YouTube.com and are directly playable from our website. [These are all included in the 'extended data protection mode', i.e. you do not transfer data about yourself as a user to YouTube if you do not play the videos. The data mentioned in paragraph 2 is only transmitted when you play the videos. We have no influence on this data transfer.]
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under Sec. 3 of this Statement will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish to associate with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and/or needs-based design of its website. Such an analysis is carried out in particular (even for non-logged-in users) for the provision of needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles. To exercise this right, you must contact YouTube.
(3) Further information on the purpose and extent of the data collection and its processing by YouTube can be found in the Data Protection Statement. There you will also find further information about your rights and settings options for the protection of your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Sec. 12 - Use of social media plug-ins
(1) For privacy reasons, we do not use direct plug-ins from social networks on our websites. Instead, we use the so-called "Shariff" solution. With the help of Shariff you can decide for yourself if and when data is transmitted to the operators of the respective social networks. As a rule, when you visit our websites, no data will be transmitted automatically to social networks. Only when you actively click on the respective button does your internet browser connect to the servers of the respective social network, ie by clicking on the respective button (eg "Tell a friend", "Share" or "Share with friends") , you agree that your Internet browser connects to the servers of the respective social network and transmits usage data to the respective operator of the social network.
(2) The plug-in provider stores the data collected about you as a usage profile and uses it for purposes of advertising, market research and/or needs-based website design. Such an analysis is carried out in particular (also for non-logged-in users) for the presentation of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, whereby you must contact the respective plug-in provider to exercise it. Through the plug-ins, we enable you to interact with the social networks and other users, so that we can improve our offerings and make them more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 (1), sentence 1, lit. f GDPR.
(3) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected from us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend logging out regularly after using a social network, but especially before activating the button, as this will prevent you from being assigned to your profile with the plug-in provider.
Sec. 13 - Google Adwords Conversion
In addition to AdWords conversion, we use the Google remarketing app. A process is used here, which we would like to clarify to you again. This application allows you to see our ads after visiting our website as you continue to use the Internet. This is done by means of cookies stored in your browser, through which your usage behaviour when visiting various websites is recorded and evaluated by Google. This is how Google determines your previous visit to our website. A merger of the data collected during the remarketing with your personal data, which is possibly stored by Google, does not occur according to Google. In particular, according to Google, pseudonymisation is used in remarketing.
Sec. 14 - Google Remarketing
(1) We use the offer of Google AdWords to draw attention to our attractive offerings with the help of advertising materials (so-called Google AdWords) on external websites. We can determine how successful the individual advertising measures are by assessing the data of the advertising campaigns. We do this in pursuit of our interest in showing you advertisements that may be of interest to you, to make our website more interesting, and to achieve a fair calculation of advertising costs.
(2) These advertising materials are supplied by Google via so-called 'ad servers'. To do this, we use ad server cookies, which measure certain performance metrics such as the display of ads or user clicks. If you access our website through a Google ad, Google AdWords will store a cookie on your PC. These cookies usually lose their validity after 30 days and are not intended to identify you personally. This cookie will typically store the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (indicator that the user does not want to be addressed anymore) as analysis values.
(3) These cookies allow Google to recognise your Internet browser. If a user visits certain pages of an AdWords customer's website and the cookie stored on their computer has not expired, Google and the customer will be able to detect that the user clicked on the ad and was redirected to that page. Each AdWords customer is assigned a different cookie. Cookies cannot be tracked here via the websites of AdWords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data on the use of the advertising material, and in particular we cannot identify the users on the basis of this information.
(4) Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no control over the extent and the further use of the data, which is collected through the use of this tool by Google, and inform you therefore according to our knowledge level: By incorporating AdWords conversion, Google receives the information that you have accessed the corresponding part of our website or have clicked on one of our ads. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or are not logged in, there is a chance that the provider will find and store your IP address.
(5) You can prevent the participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular, the suppression of third-party cookies will prevent you from receiving any third party advertisements; b) by deactivating cookies for conversion tracking by setting your browser so that cookies from the domain 'www.googleadservices.com' are blocked, https://www.google.de/settings/ads, whereby this setting will be deleted if you delete your cookies; c) by deactivating the interest-based advertisements of the providers that are part of the 'About Ads' self-regulation campaign via the link http://www.aboutads.info/choices, whereby this setting will be deleted when you delete your cookies; d) by permanently deactivating them in the browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plug-in. We point out that in this case you may not be able to use all the features of these offerings in full.
(6) The legal basis for the processing of your data is Art. 6 (1), sentence 1, lit. f GDPR. For more information about data protection at Google, see http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Sec. 15 - DoubleClick by Google
(2) Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no control over the extent and the further use of the data, which is collected through the use of this tool by Google, and inform you therefore according to our knowledge level: By incorporating DoubleClick, Google receives the information that you have accessed the corresponding part of our website or have clicked on one of our ads. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or are not logged in, there is a chance that the provider will find and store your IP address.
(3) You can prevent the participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular, the suppression of third-party cookies will prevent you from receiving any third party advertisements; b) by deactivating cookies for conversion tracking by setting your browser so that cookies from the domain 'www.googleadservices.com' are blocked, https://www.google.de/settings/ads, whereby this setting will be deleted if you delete your cookies; c) by deactivating the interest-based advertisements of the providers that are part of the 'About Ads' self-regulation campaign via the link http://www.aboutads.info/choices, whereby this setting will be deleted when you delete your cookies; d) by permanently deactivating them in the browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plug-in. We point out that in this case you may not be able to use all the features of these offerings in full.
(4) The legal basis for the processing of your data is Art. 6 (1), sentence 1, lit. f GDPR. For more information about DoubleClick by Google, see https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, as well as about general data protection at Google: https://www.google. de/intl/de/policies/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.