Information on data protection

Thank you for visiting our website. The protection of your data has special priority for pharma mall Gesellschaft für Electronic Commerce GmbH. When we process personal data and there is no legal basis for it, we obtain the consent of the user.

We process personal data such as name, address, e-mail address or telephone number of the user taking the European General Data Protection Regulation (GDPR) and the applicable regional data protection legislation into account at all times. This data privacy statement gives users information on type, volume and purpose of the processing of personal data performed by our company. In addition, it informs users of their rights.

pharma mall Gesellschaft für Electronic Commerce GmbH as the entity responsible for data processing implemented extensive technical and organisational measures to allow the most comprehensive protection imaginable of the data processed via this website. Nevertheless, data transfer in the Internet can exhibit security flaws, so that complete protection is not possible. All users are therefore free to transmit personal data to us through other channels too.

pharma mall Gesellschaft für Electronic Commerce GmbH guarantees that the staff it employs to process personal data meet the prevailing standards of security and confidentiality.

 

 

  1. Definitions
    This data privacy statement uses terms defined when the General Data Protection Regulation (GDPR) was issued. To make it easier to read and understand, we will first explain the terms used:

1.1. Personal data
“Personal data” is the term used for all information which refers to an identified or identifiable natural person (referred to in the following as “user”). A natural person is considered as identifiable if they can be identified directly or indirectly by assigning them to an identifier such as a name, an identification number, position data, an online identification number or one or more special characteristics which are an expression of the physical, physiological, genetic, psychic, economic, cultural or social identity of this natural person.

1.2. Processing

Processing is any process or series of processes related to personal data, such as collection, entry, organisation, arrangement, storage, adjustment or alteration, reading, requesting, use, disclosure through transfer, distribution or any other kind of provision, alignment, combination, restriction, erasure or destruction.

1.3. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their processing in future.

1.4. Pseudonymisation
Pseudonymisation is the processing of personal data in a way ensuring that the personal data can no longer be matched up with a specific person without the help of additional information. This additional information must be stored separately and subjected to technical and organisational measures guaranteeing that the personal data cannot be matched up with an identified or identifiable natural person.

1.5. Party responsible
The party responsible is the natural or legal person, authority, institution or other entity which, alone or along with others, makes decisions on the processing of personal data.

1.6. Commissioned data processor
The commissioned data processor is a natural or legal person, an authority, an institution or another entity which processes personal data on behalf of the party responsible.

1.7. Recipient
The recipient is a natural or legal person, an authority or another entity to which personal data are disclosed, regardless of whether the recipient is a third party or not. However, authorities who may receive personal data in the context of an investigation order are not considered as recipients.

1.8. Third party
A third party is a natural or legal person, an authority, an institution or another entity in addition to the user, the party responsible, the commissioned data processor and the persons authorised to process the personal data under the direct responsibility of the party responsible or of the commissioned data processor.

1.9. Consent
Consent is any statement of intent issued voluntarily and unequivocally by the user in the form of an informed declaration or a similar unambiguous confirmatory act in which they give their consent to the processing of the personal data concerning them.

  1. Name and address of the entity responsible for processing
    The entity responsible according to the General Data Protection Regulation, other data protection legislation applicable in the member states of the European Union and other data protection provisions is as follows:

pharma mall Gesellschaft für Electronic Commerce GmbH

Westerwaldstr. 10-12

53757 Sankt Augustin

Germany
Tel.: +49-(0)2241-2543-0

E-mail: info@pharma-mall.de

Website: www.pharma-mall.de

3. Name and address of the data protection officer

The data protection officer of the entity responsible for processing is:
Data protection officer of pharma mall Gesellschaft für Electronic Commerce GmbH

Westerwaldstr. 10-12

53757 Sankt Augustin

Germany
Tel.: +49-(0)2241-2543-0

E-mail: dsb@pharma-mall.de

Website: www.pharma-mall.de

Users can contact our data protection officer at any time with questions and suggestions on data protection.

4. Cookies

The web pages of pharma mall Gesellschaft für Electronic Commerce GmbH use cookies. Cookies are text files saved on a computer system using an Internet browser.

Many cookies include a unique identifier – the so-called “cookie ID”. This cookie ID allows websites and servers visited to be matched up with the Internet browser used for accessing them and saving the cookie. This allows the websites visited to distinguish the Internet browser of the user from other Internet browsers, which also include other cookies: this means that a certain Internet browser, and possibly also the user that goes with it, can be recognised and identified.

The use of cookies allows pharma mall Gesellschaft für Electronic Commerce GmbH to optimise the display of information and offers on their website for the user. Cookies allow us to identify the users of our website. The purpose of this identification is to make our website easier to use. For example, we use so-called “session cookies” to indicate that users have already visited individual pages of our website. These session cookies are erased automatically after you exit our website. In addition, we optimise user-friendliness by also using temporary cookies which are saved on the terminal device of the users for a certain defined period. If a user visits our website again with the aim of using our services, the system automatically detects that the user has already visited our website, and it knows which entries and settings he or she made – thus ensuring that he or she does not have to enter them again.

We process the data with the help of cookies on the basis of our legitimate interests as described above (GDPR Article 6 (1) point (f)).

Users can permanently prevent the storing of cookies by our website at any time by making the relevant settings in their Internet browser. Cookies already stored can be erased at any time. If the user deactivates the cookies, he or she may not be able to use the functions of our website to the full.

5. Collection of general data and information

Every time a user or an automated system accesses our website, a certain amount of information is collected. This general information is saved in the log files of our web server. The data collected can include the browsers and versions used, the operating system used by the accessing system, the website from which an accessing system enters our website, the sub-websites addressed on our website, date and time of access to our website, an Internet protocol address (IP address), the Internet service provider of the accessing system and other similar information which can help to repel dangerous attacks on our systems.

When using this general information, pharma mall Gesellschaft für Electronic Commerce GmbH generally makes no inferences as to the user. The information is required in order to display the content of our website correctly and optimise the advertising for it, safeguard the permanent operability of our systems and the technology used on our website and provide the law enforcement authorities with the information necessary for criminal proceedings in the case of a cyber attack.

In addition, the information collected is evaluated statistically by pharma mall Gesellschaft für Electronic Commerce GmbH. This information is then analysed in order to increase data protection and data security and ensure the protection of the personal data we process. The log files are saved separately from the personal data entered by the user.

The legal basis for data processing is GDPR Article 6 (1) point (f). Our legitimate interest results from the data collection purposes listed above. The so-called ‘log files’ are erased regularly after one week.

6. Registration on our webseite

The user can register on our website by providing personal data. The personal data transferred to the party responsible stem from the entry mask used for registration in each case. The personal data entered by the user are collected and saved for registration purposes only. The verification of the valid license to run a pharmacy and the certificate of purchase for narcotics is carried out in order to verify the authorisation to purchase certain products only available in pharmacies and is required as proof of legitimation on the basis of legal provisions.

One of the legal foundations of processing is GDPR Article 6 (1) point (b) in the sense that the data there are necessary for signing and executing the user contract, and the other is GDPR Article 6 (1) point (c) in the sense that proof has to be given on the basis of legal regulations.

To safeguard the security and confidentiality of the personal data which pharma mall Gesellschaft für Electronic Commerce GmbH collects online, the registration process for the company is safeguarded by an SSL encryption. SSL (Secure Socket Layer) is a protocol allowing secure data transfer via the internet. The party responsible can have the data sent on to one or several commissioned processors who also use the personal data for internal purposes only. This usage is attributed to the party responsible.

When you register on the website, the system stores the IP address allotted by your Internet service provider as well as the date and time of registration. The storage of these data helps to prevent abuse of our services. The data can also help to clear up crimes. They are never sent on to third persons unless there is a legal obligation to do so or forwarding the data would be helpful for the purposes of prosecution.

The legal basis for this processing is GDPR Article 6 (1) point (f). Our legitimate interest in data processing results from the purposes described above.

When users register and provide personal data, the party responsible is able to provide them with content or services which are only offered to registered users. Only registered users are able to use the website to order products from the associated manufacturers. We hereby point out that ordering is only possible following the additional activation of this function by the manufacturer.

The services provided by pharma mall Gesellschaft für Electronic Commerce GmbH include the e-mail information service allowing important manufacturer information to be transferred to our registered users, for example “blue hand information”, “red hand information”, obligatory information approved by the German Federal Institute for Drugs and Medical Devices (BfArM), recall campaigns, delivery availabilities, risk of confusion or danger warnings (danger for life and limb). The e-mail information service does not contain any manufacturer advertising. We process the contact data submitted and any preferences specified.

The legal basis for this processing is GDPR Article 6 (1) point (b) in the sense that it regulates the execution of the user contract.

7. E-mail tracking

The e-mails of the information service of pharma mall Gesellschaft für Electronic Commerce GmbH contain so-called ‘counting pixels’. A counting pixel is a miniature icon which is embedded in e-mails sent in the HTML format to allow the log file to be recorded and analysed. This puts the company in a position to perform a statistical assessment of success or failure of online marketing campaigns. The embedded counting pixel allows pharma mall Gesellschaft für Electronic Commerce GmbH to detect whether, and if so when, an e-mail from a user was opened and which links in the e-mail he or she accessed.

The personal data collected in this way are stored and evaluated by pharma mall Gesellschaft für Electronic Commerce GmbH with the aim of optimising the information service and better adapting the content to the interests of the user in future. These personal data are not sent on to third parties. The legal basis is GDPR Article 6 (1) clause (1) point (f). The exclusively statistical evaluation also helps us to improve our services. As individual persons are not referred back to and data are not sent on to third parties, the interests of users are only affected to a minor degree and our interest in evaluation outweighs other interests.

  1. Contact options provided on the website
    The website of pharma mall Gesellschaft für Electronic Commerce GmbH contains an e-mail address, a fax number and a telephone number which allow you to contact our company and communicate directly with it.

Users can also communicate with us using the contact form provided on the website. We can only respond to your request if you provide a valid e-mail address and a name in addition to the actual message and the subject line.

If a user makes contact with the party responsible by e-mail or using a contact form, the personal data they transfer are stored automatically. Personal data of this kind which have been transferred to the party responsible on a voluntary basis are only stored for the purposes of processing or contacting the user. These personal data are not sent on to third parties.

Data processing for the purpose of contacting us is performed according to GDPR Article 6 (1) point (a) on the basis of the consent given by the user or according to GDPR Article 6 (1) point (b) in the sense that the reason for contacting us was a (pre-)contractual request directed towards us.

The personal data we process to allow use of the contact forms are erased after the request is processed unless – in the case of (pre)contractual requests – legal retainment periods exist or come into being as a result of processing the request.

  1. Chat widget
    pharma mall Gesellschaft für Electronic Commerce GmbH provides users with a chat function on the website of the party responsible. This allows users to communicate with the customer service employees of pharma mall Gesellschaft für Electronic Commerce GmbH.

If a user enters a comment in the chat published on this website, not only the comments left by this person are stored and published, but also the user name (pseudonym) he or she selects. The IP address allotted by the Internet service provider of the user is also logged. This storage of the IP address takes place for security reasons in case a comment entered by the user infringes the rights of third parties or the user posts illegal content. The personal data collected are not sent on to third parties unless this forwarding is prescribed or contributes to the legal defence of the party responsible for forwarding the data.

Data processing for the purpose of making contact with us is performed according to GDPR Article 6 (1) point (a) on the basis of the consent given by the user or according to GDPR Article 6 (1) point (b) if the subject of making contact is a (pre)contractual request directed towards us. The legal basis of any forwarding of data is GDPR Article 6 (1) point (f), and our legitimate interest in data processing results from the purposes described above.

The personal data we process to allow use of the chat function are erased after processing of the request unless – in the case of (pre)contractual requests – legal data retention obligations exist or come into being as a result of processing the request.

 

  1. Facebook
    Our website uses social plugins (plugins) of the Facebook social network. This service is operated by Facebook Inc. (Facebook), 1601 S. California Ave, Palo Alto, CA 94304, USA. The plugins used are indicated via one of the Facebook logos (white “f” on blue tile or “thumbs up” sign). You can view the list and the design of the Facebook social plugins under the following link: https://developers.facebook.com/docs/plugins/.

When a user visits one of our web pages and it contains a plugin of this kind, the user’s browser establishes a direct connection to the Facebook servers. Facebook directly transfers the contents of the plugin to your browser, which integrates it into the website. This means that we have no control over the volume of data which Facebook collects using this plugin and can only inform the users to the best of our knowledge: the integration of the plugin gives Facebook the information that a user has accessed the relevant page showing the range offered. If the user is logged in at Facebook, Facebook can match up this visit with the Facebook account of the user. If users interact with the plugins, for example by clicking the “like” button or posting a comment, their browser immediately transfers the relevant information to Facebook, where it is stored. If a user is not a member of Facebook, it is still possible for Facebook to find out their IP address and store it. According to Facebook, only anonymised IP addresses are stored in Germany.

Purpose and volume of data collection and the further processing and use of the data by Facebook along with the relevant rights and setting options for the protection of the privacy of the users are described in the Facebook data privacy information: https://www.facebook.com/about/privacy/.
If a user is a member of Facebook and does not want Facebook to collect data via this website and match it up with the member data stored for them in Facebook, they have to log out before accessing the website.
Other settings and objections concerning the use of data for advertising purposes are possible within the Facebook profile settings:

https://www.facebook.com/settings?tab=ads or via the website http://www.youronlinechoices.com/. The settings are independent of specific platforms, i.e. they are taken over for all devices such as desktop computers or mobile devices.

  1. XING
    The “XING Share Button” is used on this website. When you access the site, your browser establishes a short-term connection to servers of XING SE (“XING”), Dammtorstraße 30, 20354 Hamburg, via which the “XING Share Button“ services (and in particular the calculation and display of the counter value) are provided. XING does not store any personal data about you when you access this website. In particular, XING does not store any IP addresses. Neither does it analyse your user behaviour by using cookies in connection with the “XING Share Button”. The latest data protection information on the “XING Share Button“ as well as additional information is available under the following link: https://privacy.xing.com/de/datenschutzerklaerung
  2. LinkedIn
    The “LinkedIn Share Button” is used on this website. When you access this Internet page, your browser establishes a short-term connection to servers of LinkedIn Corporation (“LinkedIn”) at LinkedIn Headquarters, 2029 Stierlin Ct. Ste. 200 Mountain View, CA 94043, via which the “LinkedIn Share Button“ functions (and in particular the calculation and display of the counter value) are provided. LinkedIn does not store any personal data about you when you access this website. In particular, LinkedIn does not store any IP addresses. Neither does it analyse your user behaviour by using cookies in connection with the “LinkedIn Share Button”.

The latest data protection information on the “LinkedIn Share Button“ as well as additional information is available under the following link: https://www.linkedin.com/legal/privacy-policy

13. Rights of the user

You have the following rights:

  • To request, according to Article 15 of the GDPR, information on the personal data of yours which we process. You can in particular ask for information on the purpose of processing, the category to which the personal data belong, the categories of recipients for which your data are or were revealed, the planned retention period, the existence of a right to correction, erasure, restriction of processing or of your right to object or complain. You can also ask for information on the source your data if they were not collected by us and on the existence or no of automated decision-making including profiling as well as meaningful information on the details of this if necessary;

 

We are only permitted to refuse to give you information if it would reveal data which must be kept secret according to or following a legal regulation, in particular due to the overriding legitimate interests of a third party (Article 29 (1) clause (2) of the Federal Data Protection Act (BDSG)) and the public body responsible has notified us that revealing the data would endanger public safety or public order or would otherwise impair the well-being of the Federal Republic or of a Land within it (Article 34 (1) no. 1 of the Federal Data Protection Act (BDSG)) in connection with Article 33 (1) no. (2) point (b)). This also applies if the data are only stored because legal or statutory storage regulations do not allow them to be erased. It is also the case if the data only serve the purpose of safeguarding data or verifying data protection, providing information would require unjustified effort and processing for other purposes is ruled out due to the use of suitable technical or organisational measures (Article 34 (1) no. (2) of the Federal Data Protection Act (BDSG)).

 

  • To request, according to Article 16 of the GDPR, the immediate completion or correction of the personal data of yours which we store;
  • To request, according to Article 17 of the GDPR, the erasure of the personal data of yours which we store unless the processing is necessary in order to exercise the right to free speech and information or to fulfil a legal obligation, for reasons of public interest or in order to assert, exercise or defend legal claims;
  • To request, according to Article 18 of the GDPR, the restriction of the processing of your personal data if you contest the correctness of the data, if processing is illegal but you object to erasure and we no longer require the data, but you require them in order to assert, exercise or defend legal claims or have filed an objection to processing according to Article 21 GDPR;
  • To request, according to Article 20 of the GDPR, that the personal data you provided us with be sent to you in a structured, commonly used and machine-readable format or to request that the data be transferred to another responsible party.

According to Article 7 (3) of the GDPR, you can revoke the consent you gave us at any time. This means that we are not able to continue with data processing on the basis of this consent in future.

If your personal data are processed on the basis of legitimate interests according to GDPR Article 6 (1) point (f), Article 21 of the GDPR allows you to appeal against the processing of your personal data if the reasons for it stem from your own particular situation or your appeal is directed against direct advertising. In the latter case, you have a general right of appeal which we implement without specifying a particular situation.

If you wish to make use of your right of appeal, it is enough to send an e-mail to datenschutz@pharma-mall.de.

You also have a general right to complain to the data protection supervision authority responsible. The authority responsible in our case is

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2 - 4
40213 Düsseldorf

Tel.: 021138424-0
Fax: 0211/38424-10
E-mail: poststelle@ldi.nrw.de

 

14. Legal or contractual regulations for the supplying of personal data

We hereby notify you that the supplying of personal data is in part legally prescribed (for example by tax regulations) or can result from contractual arrangements (for example information on the contract partner). The conclusion of a contract can at times require a user to provide us with personal data which we then have to process. To conclude a contract, the user is obliged to provide us with personal data. If the user does not provide their personal data, it is not possible to conclude a contract with that person. Before providing personal data, the user can contact our data protection officer.

In individual cases, our data protection officer notifies the user as to whether the supplying of personal data is prescribed legally or contractually or is necessary in order to conclude the contract, whether the company is under obligation to provide the personal data and which consequences it would have if the personal data were not provided.

  1. Automated decision-making
    Our company does not use automatic decision-making or profiling.

 

As of: 15 October 2019

 

Download