Information on data protection
1 Scope of application
· www.pharma-mall.de (hereinafter also referred to as “websites”).
· Contact and communication: the processing of data in connection with inquiries or messages via the provided contact options.
· Account management and ongoing contractual relationships: the processing of data in the context of registration and administration of user accounts on these websites, which are related to existing contractual relationships and their processing.
· Application portal of pharma mall Gesellschaft für Electronic Commerce GmbH under the domains: pharma-mall-gmbh.jobs.personio.de, assets.cdn.personio.de (hereinafter also referred to as “career pages”)
· Implementation of the application process
· Page insights on Facebook.
For websites of other providers, which are referred to in this data protection declaration, for example via links, the corresponding data protection notices and declarations apply, which are stated there.
If links are stored in this data protection declaration, the date of the last call of the links is September 30, 2024.
Important note on translations of this data protection declaration:
Pharma Mall Gesellschaft für Electronic Commerce GmbH provides this data protection declaration in several languages on its websites. No liability is accepted for the translations, which have been provided voluntarily, i.e. only the German version is binding. In the event of discrepancies or inconsistencies between the different language versions, the German version takes precedence.
2 Responsibility for data processing
pharma mall Gesellschaft für Electronic Commerce GmbH (hereinafter also refferd as „pharma mall“, „we“)
Westerwaldstr. 10-12
53757 Sankt Augustin
Tel.: +49-(0)2241-2543-0
E-Mail: info[at]pharma-mall.de
3 Contact details of the data protection officer
pharma mall Gesellschaft für Electronic Commerce GmbH
Data protection officer
Westerwaldstr. 10-12
53757 Sankt Augustin
Phone: +49-(0)2241-2543-0
E-Mail: dsb[at]pharma-mall.de
4 Data processing on these websites
4.1 Provision & protocol files
Every time you access and use these web pages, we process the IP address, the user agent, timestamps with date and time, the request method, requested files, data volume, status code and store these accesses in the log files of our own web servers for control purposes. The legal basis is Art. 6 para. 1 lit. f) GDPR. The log files are automatically deleted after 7 days.
We process the same data when you use the pharma mall career pages. In this case, Personio GmbH & Co. KG, Seidlstraße 3, 80335 Munich, and Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg, receive your data. In principle, when you use these career pages, your data is routed to AWS data centers in the EU. Nevertheless, in this context, worldwide processing of personal data, including in the United States, cannot be ruled out, since Amazon Web Services, Inc. has its headquarters in the United States. Any possible transfer of personal data to the United States is carried out in accordance with Article 45 GDPR based on the Data Privacy Framework.
4.2 Use of cookies
Cookies are small files that are automatically created and stored in the web browser of the visitor's end device when they visit a website. These cookies can store information about preferred user settings, such as language preferences, regional settings, or display modes. In addition, cookies serve as a mechanism for load balancing, to distribute data traffic evenly across different servers and thus optimize the efficiency and availability of these websites. Likewise, the storage and transmission of certain cookies (so-called “XSRF tokens”) provide additional protection against unauthorized access and manipulation of requests. Furthermore, cookies can check the browser settings regarding cookies, note when the cookie banner is clicked away and help to maintain the current session, particularly in the context of the login process. The legal basis is Art. 6 para. 1 lit. f) GDPR. In the context of these websites, the following cookies are stored:
Name | Storage time | Pupose |
PMSHOPPOOL | Session | To maintain the current session |
language | 1 Year | For language selection on these web pages |
testIfCookiesEnabled | Session | Checks the browser settings regarding cookies |
acceptedCookieInfo | 1 Year | Notes that the cookie banner has been clicked away |
PMSESSIONID | Session | To maintain the current session, in particular for the login process |
In the context of the career pages, it is necessary to store a session cookie called “locale” in your device to maintain the current session. The legal basis for this is Art. 6 para. 1 lit. f) GDPR. If you configure your browser so that no cookies at all, including those that are technically necessary, are stored on your device, many of the career site functions will only be available to you to a limited extent or possibly not at all.
5 Making contact & how to communicate
If you contact Pharma Mall (e.g. by email, telephone, contact form) and provide personal data in the process, we will process the information you send to the extent necessary to respond to your contact request and any requested action. The legal basis is Art. 6 para. 1 lit. b) GDPR.
If your contact request is not necessary for the fulfillment of a contract with pharma mall or for the implementation of pre-contractual measures, Art. 6 para. 1 lit. f) GDPR is the legal basis for the processing of your data. The legitimate interest lies in the final processing of the received message.
The legal basis for the processing of your data is Art. 6 para. 1 lit. a) GDPR, if you have consented to the data processing.
Your message will be stored until the processing is completed. A longer storage only takes place if we are entitled or obliged to do so in individual cases.
For its social media recruiting, pharma mall operates pages on various networks, including XING and LinkedIn. You can contact pharma mall via www.xing.com, www.linkedin.com, www.facebook.com, www.instagram.com. In this case, New Work SE, Am Strandkai 1, 20457 Hamburg; LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; or Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, are responsible for processing your data, such as IP address, user agent, device information, surfing history, location, search queries and usage times. We will process your message, which you send via the respective platform, depending on the situation.
6 Account management and ongoing contractual agreements
To use the pharma mall webshop, you need to create and manage a personal account. During the registration process, we process the personal data that you submit on these web pages, which is collected by the respective input forms. The legal basis for this is Art. 6 para. 1 lit. b) GDPR. The request for the valid pharmacy operating license and the proof of purchase of narcotics serves as proof of the authority to purchase certain pharmacy-only products and is required as proof of legitimacy by law. The processing of this personal data is carried out in accordance with Art. 6 para. 1 lit. c) GDPR, without the provision of which it is not possible to conclude a user contract.
After you have registered on this website, we process the data mentioned in Section 4.1 for IT security reasons. The legal basis for this is Article 6 para. 1 lit f) GDPR.
If the information you provide is complete, we will check whether you meet the requirements for concluding a user agreement. If this is the case, you must then request the additional activation required for an order from the respective manufacturer in your account. In order to optimize the workflow and improve the user experience, we will automatically transfer all data provided by you during registration on these websites, including the pharmacy operating license and the proof of purchase for narcotics, to the respective manufacturer, based on our own legitimate interests and the legitimate interests of the respective manufacturer in accordance with Art. 6 para. 1 lit. f) GDPR. This transfer takes place either as soon as you request the activation of the relevant manufacturer shop, or independently of a request for activation, based on an agreement between pharma mall and the relevant manufacturer, in order to further accelerate the activation process.
During the ongoing contractual relationship, we will process your contact data in accordance with Art. para. 1 lit. b) GDPR to send you important manufacturer information as part of the provision of the e-mail information service. This information includes, among other things, 'Blue Hand' and 'Red Hand' information, approved mandatory information from the Federal Institute for Drugs and Medical Devices (BfArM), recalls, delivery availability, as well as risk of confusion or risk warnings (danger to life and limb). The email information service does not contain any advertising from pharma mall or the manufacturers and cannot be deactivated, as it is a service provided under the license agreement.
Finally, pharma mall will process your contact data on the basis of its legitimate interest in accordance with Art. 6 para. 1 lit. f) in order to send you event-related information. This may include, for example, information about newly activated manufacturer shops, new functionalities on these websites, but also changes to the terms and conditions or updates to the data protection information.
For the dispatch of the e-mail information service and the e-mails based on the legitimate interests of pharma mall, we use the systems of rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau. To measure accessibility, the e-mails contain so-called tracking pixels. Unless these tracking pixels are already blocked by your e-mail client's system, they enable log file analysis. The data collected by pharma mall using tracking pixels is processed exclusively in aggregated and statistical form to optimize the information service. The analysis options using tracking pixels are limited to recognizing what percentage of recipients have accessed an e-mail from the information service and whether important e-mails such as manufacturer warnings have been successfully delivered. The legal basis for this is Art. 6 para. 1 lit. f) GDPR. The data will be deleted 30 days after sending.
7 Application process
We process your application data to assess your suitability and qualifications for the position for which you are applying. The data we process depends on the data you provide (e.g. voluntary information about your repository on Github, personal profile on career networks such as LinkedIn, XING, etc.). We use your contact details exclusively to inform you about the progress of the application process. All other information in the application documents is used solely to determine your suitability for the vacancy. The legal basis is Art. 6 para. 1 lit. b) in conjunction with Art. 88 GDPR and § 26 BDSG.
If your application documents contain special categories of personal data, e.g. information about health or ethnic origin, we also base the processing on Art. 9 para. 2 lit b) GDPR, § 26 para. 3 sentence 1 BDSG.
Access to your application data is restricted to the responsible personnel managers and the IT administration of pharma mall.
Retention time
Your application data will be deleted in accordance with the requirements of the purpose of collection. If, following the application process, you are hired for an employment, training, internship or other work-related relationship, the data will initially be stored and transferred to the personnel file. Otherwise, your application process will end.
Application pool
If you give your consent in accordance with Art. 6 para. 1 lit. a) GDPR, we may include you in a subsequent selection procedure after rejecting your application. Your consent is voluntary and can be withdrawn at any time.
8 Page-Insights on Facebook / Instagram
We operate fan pages on Facebook and Instagram, for whose data processing in the context of “page insights” we are jointly responsible with Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland. All details on the delimitation of responsibilities and information on “page insights” or “Facebook insights” can be found in the following agreement: www.facebook.com/legal/terms/page_controller_addendum.
By using Page Insights, page administrators can obtain information about target groups, demographic characteristics, and statistics on post reactions, as explained at de.facebook.com/help/268680253165747.
When you visit www.facebook.com / www.instagram.com, the data you generate while using the service, including your IP address, user agent, device information, browsing history, location, search queries, preferred usage times, last login, likes and interests, is processed by the Meta Platforms group. Meta Platforms, Inc. is the initial recipient of the data and processes it for its own purposes. The data is also shared with third parties under the responsibility of Meta Platforms, Inc. for interest-based advertising tracking, data analysis, and automated profiling for personalized advertising.
If you are logged into Facebook/Instagram, a cookie with your identifier will be stored on your device. This enables Meta Platforms, Inc. to track the fact that you have visited a particular page and how you have used it. This also applies to all other services of Meta Platforms, Inc., such as WhatsApp and Facebook Connect. Through services embedded in websites, such as “Meta-Pixel”, Meta Platforms, Inc.
Meta Platforms, Inc. processes data globally and across the group. In doing so, data from the use of various services is automatically merged. The more services of Meta Platforms, Inc. are used, the more comprehensive and detailed the profiling is.
The Facebook and Instagram privacy policies can be found here: www.facebook.com/privacy/policy / help.instagram.com/519522125107875.
You have significant influence on the nature, extent and manner of data processing by the Meta Platforms group, e.g. by using ad and web tracking blockers, deleting cookies after the session, avoiding the use services like Facebook Connect, not posting private information on such platforms and by not allowing Meta Platforms, Inc. to have permanent access to your personal data (contact and calendar data, photos, location data, etc.).
The Meta Platforms group is an internationally operating software group. Taking into account the current assessment, the processing of personal data in the USA cannot be excluded in this context, since Meta Platforms, Inc. has its headquarters in the USA. A possible transfer of personal data to Meta Platforms, Inc. in the USA is carried out in accordance with Art. 45 GDPR based on the Data Privacy Framework.
9 Your rights
In accordance with Article 15 of the GDPR, you have the right to request information about your personal data that we process.
If incorrect personal data is processed, you have the right to correction in accordance with Article 16 of the GDPR.
If the legal requirements are met, you have the right to deletion or restriction of the processing of the data concerned (Art. 17 and Art. 18 GDPR).
Under the conditions of Art. 20 GDPR, you have the right to data portability.
You have the right to withdraw your consent at any time without affecting the legality of the processing carried out on the basis of the consent until the withdrawal.
According to Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.
According to Art. 77 para. 1 GDPR, you have the right to lodge a complaint. You can do this with the relevant supervisory authority: https://www.ldi.nrw.de/
As at: September 30, 2024