Data protection declaration for Pharmaserv.de
(as of August 2024)
I. Preliminary remark
Pharmaserv GmbH (“we”) is very pleased about your interest in our website (www.pharmaserv.de). We take data protection very seriously. We take your privacy very seriously and would like to use this data protection declaration to inform you about which personal data is processed when you visit our website, to what extent and for what purpose.
II. Name and contact details of the controller
Our designated data protection officer is:
Stephan Menzemer,
acting on behalf of GvW Graf von Westphalen GmbH
E-mail: dataprotection@infrareal.de
III. Name and contact details of the data protection officer
Our designated data protection officer is:
Stephan Menzemer,
acting on behalf of GvW Graf von Westphalen GmbH
E-mail: dataprotection@infrareal.de
IV. General information on data processing
1. Scope of processing
We process personal data of visitors to our website only to the extent necessary to provide a functional website and the content and services we provide there.
2. Legal basis
- Insofar as we obtain consent for the processing of your personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
- When processing personal data that is necessary for the performance of a contract to which you are a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to such processing that is necessary to carry out pre-contractual measures.
- Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
- If the processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
3. Storage period and deletion
Your personal data will be deleted as soon as they are no longer necessary for the purpose of processing.
Further storage may take place if this is provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. However, your personal data will then be blocked for other processing except for the purpose of storage. Deletion of this blocked data takes place when the storage period prescribed by the aforementioned standards expires.
Your data cannot be deleted or blocked if it is required for the establishment, exercise or defense of our legal claims.
4. Recipients of personal data
When processing personal data, we work with affiliated companies in our group as needed, e.g. for billing purposes. In such cases, we may transfer your personal data to affiliated companies in our group. In addition, IT service providers who work for us also receive your personal data.
V. Provision of the website and creation of log files
1. Description and extent of the processing
Every time you visit our website, our system automatically collects data and information from your device.
The following data is collected:
- Information about the browser type and version used
- The user's operating system
- The user's internet service provider
- The user's IP address
- Date and time of access
- Websites from which the user accesses our website
- Websites accessed by the user via our website
This data is stored in the log files of our system. This data is not stored together with your other personal data.
2. Legal basis
The legal basis for the processing of data and log files is our legitimate interests in accordance with Art. 6 para. 1 lit. f DSGVO.
3. Purpose
The temporary storage of your IP address by our system is necessary to enable the website to be delivered to your end device. To do this, your IP address must be stored for the duration of the session.
The storage in log files is done to ensure the functionality of our website. In addition, the data is used to optimize the website and to ensure the security of our IT systems.
The stated purposes represent our legitimate interest in accordance with Art. 6 para. 1 lit. f DSGVO.
4. Storage period
The data for accessing our website will be deleted when the respective browser session has ended.
Data in log files is deleted after seven days at the latest. It may be stored for a longer period. In this case, however, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing device.
VII. Contact via email
1. Description and extent of processing
You can contact us using the email address provided. In this case, we will process the personal data transmitted with your email.
Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians.
2. Legal basis
The legal basis for the processing of personal data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the purpose of the e-mail contact is to conclude a contract, Art. 6 para. 1 lit. b GDPR is also the legal basis.
3. Purpose
If you contact us by email, our legitimate interest in processing personal data lies in the processing of the contact.
4. Storage period
The personal data sent by email will be deleted when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
5. Right to object
If you contact us by email, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. Please send this information to info@pharmaserv.de. All personal data stored in the course of establishing contact will be deleted in this case.
VIII. Web analysis by Matomo
1. Description and scope of processing
We use the open-source software tool Matomo on our website to analyze the surfing behavior of our users. The software sets a cookie on your end device (for information on cookies, see VI. above). When individual pages of our website (i.e. a website) are accessed, the following data is stored:
- Parts of the IP address of your accessing end device
- The accessed website
- The website from which you accessed the website you accessed (referrer)
- The other websites that are accessed from the accessed website
- The time spent on the website
- The frequency of visits to the website
The software runs exclusively on our website's servers. Your personal data is only stored there. The data is not transmitted to third parties.
The software is configured in such a way that the IP addresses are not stored in full, but 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). This means that it is no longer possible to assign the abbreviated IP address to the accessing end device.
2. Legal basis
The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f DSGVO.
3. Purpose
The processing of your personal data enables us to analyze your surfing behavior. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also include our legitimate interest in accordance with. Art. 6 para. 1 lit. f DSGVO. The anonymization of the IP address sufficiently takes into account your interest in the protection of personal data.
4. Storage period
The data will be deleted after 6 months.
5. Right of objection
Cookies are stored on your end device and transmitted to our website by this device. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. However, if cookies are disabled for our website, it is possible that not all of our website's functions can be used to their full extent.
We offer you the option of opting out of the analysis process on our website. To do this, you must follow the corresponding link “Change consent” under point VI. This way, another cookie is set on your device that signals to our system not to store your data. If you delete this cookie from your end device in the meantime, you will need to set the opt-out cookie again.
You can find more information about the privacy settings of the Matomo software at the following link: https://matomo.org/privacy-policy/.
IX. Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables us to analyze your behavior as a website visitor. In doing so, we receive various usage data, such as page views, length of stay, operating systems used and origin of the user. This data is assigned to the respective user's device. It is not assigned to a user ID.
Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data sets and uses machine learning technologies for data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
This service is used on the basis of your consent in accordance with Art. 6 (1) point a GDPR and § 25 (1) TDDDG. Consent may be revoked at any time.
Data transfer to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.
Google is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every DPF-certified company is committed to complying with these data protection standards.
IP anonymization
We have activated the IP anonymization setting on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area before it is transmitted to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.
Browser Plugin
You can prevent Google from processing your data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. For more information about how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Contract data processing
We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.
X. Google Adwords
This website uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display ads in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted ads can be displayed based on the user data available on Google (e.g. location data and interests) (target group targeting). We as the website operator can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our ads and how many ads led to corresponding clicks.
This service is used on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG. This consent can be revoked at any time.
Data transmission to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Google is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is committed to complying with these data protection standards.
XI. Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies or carry out independent analyses. It is used only to manage and display the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.
Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f DSGVO. We, as the website operator, have a legitimate interest in the quick and easy integration and administration of various tools on our website.
Google is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF is committed to complying with these data protection standards.
XII. Embedding of YouTube videos
We have embedded videos in our online offering that are hosted on www.YouTube.com and can be played directly from our website. These are all embedded in what is known as “extended data protection mode”, which means that no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in the next paragraph be transmitted. We have no influence over this data transfer.
When you access the website with the video, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in Section V of this statement will be transmitted. This occurs regardless of whether you are logged in to a user account with Google, as the provider of YouTube, or whether you do not have a user account. If you are logged in to Google, your data will be directly associated with your account. If you do not want the viewing of a video to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as a user profile and uses it for the purposes of advertising, market research and/or the design of its website to meet user needs. Such an evaluation is carried out in particular (even for users who are not logged in) to provide advertising tailored to user needs and to inform other YouTube users about your activities on our website. You can object to the creation of such a user profile on YouTube.
Further information on the purpose and scope of processing by YouTube can be found in their privacy policy. This also provides further information about your rights and the settings options for protecting your privacy: https://www.google.de/intl/de/policies/privacy.
Data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Google is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States to ensure compliance with European data protection standards for data processing in the United States. Every DPF-certified company is committed to complying with these data protection standards.
XIII. Google Maps
We use the Google Maps service on our websites. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. The legal basis for the use of Google Maps is your consent in accordance with Section 25 (1) TDDDG and Art. 6 (1) point a GDPR.
When you visit our website, Google receives the information that you have accessed the respective sub-pages. In addition, the data mentioned in Section V of this declaration will be transmitted. This occurs regardless of whether Google provides a user account that you are logged in to or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not want this information to be associated with your Google profile, you must log out of your Google account before accessing the Google Maps map. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right.
For more information about the purpose and scope of data collection and processing by Google, please refer to the Google Privacy Policy. This policy also contains further information about your rights in this regard and the settings options for protecting your privacy: https://www.google.de/intl/de/policies/privacy.
XIV. References to third-party websites
The Pharmaserv GmbH websites contain links (so-called hyperlinks) to websites and internet services of third parties. Pharmaserv is not responsible for the data protection strategies and the content of these external websites. In the case of hyperlinks in third countries outside the EEA area, there is a risk that data (e.g. the IP address) will be read, e.g. by authorities in the USA.
XV. Your rights as a data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right of access (Art. 15 GDPR)
You have the fundamental right to obtain information about the matters specified in Art. 15 GDPR. You also have the right to request a copy of your personal data in accordance with Art. 15 (3) GDPR.
2. Right to rectification (Art. 16 GDPR)
You have the right to have incorrect personal data concerning you rectified.
3. Right to restriction of processing (Art. 18 GDPR)
You have the right to have the processing of your personal data restricted, i.e. to prevent further processing for the time being, if the conditions set out in Art. 18 GDPR are met.
4. Right to erasure (Art. 17 GDPR)
You have the right to request the erasure of your personal data if further processing is no longer necessary, the processing is unlawful or you have withdrawn your consent for the processing.
5. Right to data portability (Art. 20 GDPR)
Within the limits of Art. 20 GDPR, you have the right to receive your personal data in a machine-readable format in order to forward it or have it forwarded to another responsible party if necessary.
6. Right to object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
We will then no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
7. Right to withdraw the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
8. Right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with a supervisory authority. The following is responsible for us:
The Hessian Commissioner for Data Protection and Freedom of Information
P.O. Box 31 63
65021 Wiesbaden
Telephone: 06 11/140 80
Email: poststelle@datenschutz.hessen.de