fertimed Pharma GmbH
Auf dem Farnkamp 11
Phone: +49 5130 928203
Telefax: +49 5130 5849597
Managing director: Frank Riemer
Types of data processed:
– Inventory data (e.g., names, addresses).
– Contact details (e.g., e-mail, telephone numbers).
– Content data (e.g., text input, photographs, videos).
– Usage data (e.g., websites visited, interest in content, access times).
– Meta/communication data (e.g., device information, IP addresses).
Categories of affected persons
Visitors and users of the online offer (hereinafter we refer to the data subjects collectively also as “users”).
Purpose of processing
– Providing the online offer, its functions and content.
– Respond to contact requests and communicate with users.
– Security measures.
– Range measurement/marketing
‘Personal Data’ means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); identifiable is a natural person who is directly or indirectly, directly or indirectly, directly or indirectly, by means of an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special characteristics. which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
‘Processing’ means any operation carried out with or without the aid of automated procedures or any series of operations relating to personal data. The term goes far and includes virtually every handling of data.
‘pseudonymisation’ means the processing of personal data in such a way that personal data can no longer be assigned to a specific data subject without the use of additional information, provided that such additional data may be information is kept separately and subject to technical and organisational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
‘profiling’ means any type of automated processing of personal data consisting in the use of such personal data to assess certain personal aspects relating to a natural person, in particular in order to to analyse or predict the performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of this natural person.
“Responsible” means the natural or legal person, authority, body or other body which decides, alone or jointly with others, on the purposes and means of the processing of personal data.
‘processor’ means a natural or legal person, authority, body or other body processing personal data on behalf of the controller.
Relevant legal bases
In accordance with Article 13 GDPR, we shall inform you of the legal bases of our data processing. Unless the legal basis is mentioned in the data protection declaration, the following applies: The legal basis for obtaining consents is Article 6(1) of the lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and the implementation of contractual measures as well as answering requests is Article 6(1) lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Art. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1) of the Lit. d GDPR as legal basis.
In accordance with Article 32 GDPR, we shall take account of the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probability and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, ensuring availability and availability. Separation. In addition, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data and a response to data threats. Furthermore, we already take into account the protection of personal data in the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technical design and by data protection-friendly presets (Art. 25 GDPR).
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal permission . e.g. if a transfer of the data to third parties, such as to payment service providers, in accordance with Art. b GDPR is required for the performance of the contract), you have agreed, have a legal obligation to do so or based on our legitimate interests (e.g. in the use of agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called “order processing contract”, this is done on the basis of Article 28 GDPR.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of the use of third-party services or disclosure or transmission of data to third parties, the this only if it is done in order to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorisations, we process or leave the data in a third country only if the special conditions of Art. 44 et seq. are met. GDPR. This means that the processing is carried out on the basis, for example, of special guarantees, such as the officially recognised determination of an EU-compliant level of data protection (e.g. for the USA by the “Privacy Shield”) or observance of officially recognised special contractual obligations (so-called “standard contractual clauses”).
Rights of data subjects
You have the right to request confirmation of whether the relevant data are being processed and for information about such data, as well as for further information and a copy of the data in accordance with Art. 15 GDPR.
You have to do so. Article 16 GDPR has the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
In accordance with Article 17 GDPR, you have the right to demand that data in question be deleted immediately, or alternatively to demand a restriction on the processing of the data in accordance with Article 18 GDPR.
You have the right to request that the data concerning you that you have provided to us be received in accordance with Article 20 GDPR and to request their transmission to other controllers.
They also have the right, in accordance with Article 77 GDPR, to lodge a complaint with the competent supervisory authority.
You have the right to revoke consents given in accordance with Art. 7 sec. 3 GDPR with effect for the future
Right to object
You may object to the future processing of the data concerning you in accordance with Art. 21 GDPR at any time. In particular, the opposition may be made against the processing for the purposes of direct marketing.
Cookies and right of objection in direct marketing
“Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping cart can be stored in an online shop or a login status. “permanent” or “persistent” are cookies that remain stored even after the browser is closed. For example, the login status can be saved if the users visit it after several days. Likewise, such a cookie may store the interests of users used for range measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than those responsible for the online offer (otherwise, if they are only their cookies, they are called “first-party cookies”).
If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Saved cookies can be deleted in the browser’s system settings. The exclusion of cookies may lead to functional limitations of this online offer.
Deletion of data
The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated in the context of this data protection declaration, the data stored by us will be deleted as soon as they are no longer necessary for their purpose and no legal retention obligations preclude deletion. Unless the data is deleted because it is necessary for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
In accordance with legal requirements in Germany, the storage takes place in particular for 10 years in accordance with Section 147 (1) AO, 257 (1) No. 1 and 4, paragraph 4 Of the German Commercial Code (Books, Records, Situation Reports, Booking Documents, Commercial Books, Relevant Documents for Taxation, etc.) and 6 years in accordance with Section 257 (1) No. 2 and 3, section 4 Of the German Commercial Code (Trade Letters).
In accordance with legal requirements in Austria, the storage takes place in particular for 7 J in accordance with Section 132 (1) BAO (accounting documents, documents/invoices, accounts, documents, business documents, business documents, statement of income and expenses, etc.), for 22 years in connection with immovable property and for 10 years in the case of documents relating to electronically provided services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU Member States and for which the Mini-One-Stop-Shop is claimed by Is.
In addition, we process
– Contract data (e.g., subject matter, duration, customer category).
– Payment data (e.g., bank details, payment history)
by our customers, prospects and business partners for the provision of contractual services, service and customer care, marketing, advertising and market research.
Health care services
We process the data of our patients and interested parties and other clients or contractual partners (uniformly referred to as “patients”) in accordance with Art. b) GDPR in order to provide them with our contractual or pre-contractual services. The data processed here, the nature, scope and purpose and necessity of its processing, are determined by the underlying contractual relationship. The processed data generally includes the inventory and master data of the patients (e.g., name, address, etc.), as well as the contact data (e.g., e-mail address, telephone, etc.), the contract data (e.g., services used, products acquired, costs, names, contact persons) and payment data (e.g., bank details, payment history, etc.).
In the context of our services, we can also process special categories of data in accordance with Art. 9 sec. 1 GDPR, in particular information on the health of patients, if necessary with reference to their sex life or sexual orientation. For this purpose, we will collect, if necessary, in accordance with Art. a., Art. 7, Art. a. GDPR an express consent of the patients and otherwise process the special categories of data for the purposes of health care on the basis of Art. 9 sec. 2 lit h. GDPR, Section 22 (1) No. 1 b. BDSG.
Where necessary for the performance of the contract or by law, we disclose or transmit the data of the patients in the context of communication with medical professionals, in the performance of the contract, or typically involved third parties, such as: e.g. laboratories, billing agencies or comparable service providers, if this serves the provision of our services in accordance with Art. 6 sec. 1 lit b. GDPR, is required by law in accordance with Art. 6 sec. 1 lit c. GDPR, our interests or those of the patients in an efficient and cost-effective health care serves as a legitimate interest in accordance with Article 6 (1) of the GDPR or is necessary in accordance with Art. 6 sec. 1 lit d. GDPR. in order to protect the vital interests of patients or another natural person or, within the framework of consent in accordance with Art. a., Art. 7 GDPR.
The deletion of the data takes place when the data is no longer necessary for the fulfilment of contractual or statutory duty of care as well as for dealing with any warranty and comparable obligations, whereby the need for the retention of the data is reviewed for three years; in addition, the statutory retention obligations apply.
We process the data of our contractual partners and interested parties as well as other clients, customers, clients, clients or contractual partners (uniformly referred to as “contractual partners”) in accordance with Art. b. GDPR in order to provide them with our contractual or pre-contractual services. The data processed here, the nature, scope and purpose and necessity of its processing, are determined by the underlying contractual relationship.
The processed data includes the master data of our contractual partners (e.g., names and addresses), contact data (e.g. e-mail addresses and telephone numbers) as well as contract data (e.g., services used, contract content, contractual communication, names contact persons) and payment data (e.g., bank details, payment history).
In principle, we do not process specific categories of personal data, unless these are components of commissioned or contractual processing.
We process data that are necessary for the establishment and fulfilment of the contractual services and indicate the necessity of their disclosure, unless this is evident to the contractual partners. Disclosure to external persons or companies is only made if it is required under a contract. When processing the data provided to us within the scope of an order, we act in accordance with the instructions of the client as well as the legal requirements.
As part of the use of our online services, we may store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as the interests of the users in the protection against misuse and other unauthorized use. In principle, this data will not be passed on to third parties, unless it is intended to pursue our claims in accordance with Art. f. GDPR is required or there is a legal obligation pursuant to Art. 6 sec. 1 lit. c. GDPR.
The deletion of the data takes place when the data are no longer necessary for the fulfilment of contractual or statutory duty of care as well as for the handling of any warranty and comparable obligations, whereby the need for the retention of the data reviewed every three years; in addition, the statutory retention obligations apply.
Administration, Financial Accounting, Office Organization, Contact Management
We process data within the scope of administrative tasks as well as the organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of the provision of our contractual services. The basis for processing is Article 6(1) lit. c. GDPR, Art. f. GDPR. The processing affects customers, prospects, business partners and website visitors. The purpose and our interest in processing lies in administration, financial accounting, office organization, archiving of data, i.e. tasks related to the maintenance of our business activities, the performance of our tasks and the provision of our services. The erasure of the data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.
We disclose or transmit data to the tax administration, consultants, such as tax consultants or auditors as well as other fee agencies and payment service providers.
Furthermore, based on our business interests, we store information about suppliers, organizers and other business partners, e.g. for later contact. In principle, we store this majority of company-related data permanently.
When contacting us (e.g. via contact form, e-mail, telephone or via social media), the user’s details for processing the contact request and processing it in accordance with Art. 6 sec. 1 lit. b) GDPR processed. Users’ information can be stored in a customer relationship management system or similar request organization.
We will delete the requests if they are no longer required. We check the necessity every two years; In addition, the statutory archiving obligations apply.
Hosting and email ingesting
The hosting services we use are used to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, e-mail, security, and technical maintenance services that we use for the purpose of operating this online offer.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in efficient and secure provision of this online offer in accordance with Art. f GDPR in art. 28 GDPR (conclusion of order processing contract).
Collection of access data and log files
We, or our hosting provider, collect on the basis of our legitimate interests within the meaning of Art. 6 sec. 1 lit. f. GDPR data on each access to the server on which this service is located (so-called server log files). The access data includes the name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting providers.
Logfile information is stored for security reasons (e.g. to investigate abuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidence purposes shall be excluded from deletion until the relevant incident has been finally clarified.
Google Universal Analytics
We use Google Analytics as “Universal Analytics” in the design. “Universal Analytics” means a method of Google Analytics in which the user analysis is based on a pseudonymous user ID and thus a pseudonymous profile of the user is created with information from the use of different devices (so-called ” cross-device tracking”).
Integration of third-party services and content
Within our online offer, we place content or service offers based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 sec. 1 lit. f. GDPR). third parties to include their content and services, such as videos or fonts (hereinafter referred to as “Content”).
This always presupposes that the third-party providers of this content perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” allow information on how to evaluate visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and, among other things, technical information about the browser and operating system, referring websites, visit time as well as further information on the use of our online offer as well as such information from other sources.
Adobe Typekit fonts
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 sec. 1 lit. f. GDPR), we use external “Typekit” fonts of the provider Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. Adobe is certified under the Privacy Shield Agreement and thereby provides a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TNo9AAG&status=Active).
Created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke