Data protection
1. data protection
This data protection declaration informs you as a user of our website and our offers about the type, scope and purpose of the collection and use of personal data.
We expressly point out that data transmission on the Internet (e.g. communication by e-mail) is subject to security vulnerabilities and cannot be completely protected against access by third parties.
This data protection declaration is currently valid and has the status February 2021. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on our website at https://www.ursapharm.de/datenschutz/.
1.1 Person responsible for data processing
The data controller is:
URSAPHARM Arzneimittel Ges.m.b.H Austria.
Inkustrasse 1-7, Staircase 7, 2nd floor
3400 Klosterneuburg
Austria
Telephone: +43/02243/26006
Fax: +43/1/253 3033 9113
E-mail: info@ursapharm.at
Internet: www.ursapharm.at
& _________________________________________
URSAPHARM Arzneimittel GmbH Germany
Industriestrasse 35
66129 Saarbrücken
Germany
Phone: +49 (0) 6805/9292-0
Fax: +49 (0) 6805/9292-88
E-mail: datenschutz@ursapharm.de
1.2 Data Protection Officer
URSAPHARM Arzneimittel Ges.m.b.H
Inkustrasse 1-7, Staircase 7, 2nd floor
3400 Klosterneuburg
Austria
E-mail: datenschutz@ursapharm.de
1.3 Disclosure of data to third parties and third-party providers
We comply with the legal requirements.
Data is only passed on to third parties within the framework of legal regulations.
2. data processing on our website
General information
2.1 Integration of third-party services and content
We may use third-party services within our website, e.g. to integrate external media, to perform analyses, etc.. This is always done on the basis of a legal basis, such as on the basis of our legitimate interests (such as our interest in the analysis, optimisation and economic operation of our website) within the meaning of Art. 6 para. 1 lit. f DSGVO or - insofar as this is necessary in individual cases - on the basis of your previously given consent pursuant to Art. 6 para. 1 lit. a DSGVO.
Such services generally require that the third-party providers are aware of the IP address of the user, as they would not be able to send the corresponding content to the user's browser without the IP address. The IP address is therefore necessary for the display of such content. We endeavour to only use services whose respective providers only use the IP address to deliver the content. Some third-party providers also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources.
For more information on which services are actually used on this site and how data is processed within their scope, as well as the relevant legal basis, please refer to the explanations on the respective services in the further course of this data protection declaration.
2.2 Types of data processed
On our website, we collect and process inventory data (e.g. names, addresses), contact data (e.g. e-mail addresses, telephone numbers, fax numbers, postal address), usage data (e.g. websites visited, links clicked on, interest in content, access times, access locations), content data (e.g. comments, text entries, photos, videos) and meta and communication data (e.g. device information, browser information, IP addresses).
2.3 Categories of data subjects
The data subjects of the processing of personal data are all visitors and users of our website.
2.4 Purpose of the processing
We collect and process the personal data of users of our website in order to communicate with and inform them (e.g. contact and other enquiries), to carry out statistics, reach measurement and analysis (e.g. with marketing and analysis tools) so that we can better design and optimise content and functions, to technically manage and optimise the website and to close security gaps.
2.5 Legal processing for personal data
We only process personal data if we are entitled to do so on the basis of a legal basis. In the following, we will name these legal bases individually in the context of the respective processing operations. In general, we are always entitled to process personal data if the data subject has consented (see Art. 6 (1) (a), Art. 7 DSGVO), if we are obliged to fulfil contractual or pre-contractual obligations (see Art. 6 (1) (b) DSGVO), if we have to fulfil legal obligations (see Art. 6 (1) (c) DSGVO) or if we protect our legitimate interests (see Art. 6 (1) (f) DSGVO).
We may transfer personal data to order processors or other third parties (e.g. hosting agencies, etc.) with whom we work. We are entitled to do this if the data subject has consented to this (see Art. 6 para. 1 lit. a, Art. 7 DSGVO), if we thereby fulfil contractual or pre-contractual obligations (see Art. 6 para. 1 lit. b DSG-VO), if we thereby fulfil a legal obligation (see Art. 6 para. 1 lit. c DSGVO) or if we safeguard our legitimate interests (see Art. 6 para. 1 lit. f DSGVO). We conclude a so-called order processing agreement with order processors in accordance with Art. 28 DSGVO, according to which they also undertake to comply with data protection.
This website is hosted on the servers of Hetzner Online GmbH. The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this website. In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of all users of this website. The legal basis for the use of hosting services is the protection of our legitimate interests in the analysis, optimisation and economic and secure operation of our website (see Art. 6 para. 1 lit. f DSGVO). We have concluded corresponding order data processing contracts with our hosting providers.
Based on our legitimate interest according to Art. 6 (1) lit. f DSGVO, we collect data about every access to our website (so-called web server log files). The processed data includes IP address, time of access, type of request, protocol, HTTP status, referrer, browser type and version, operating system as well as the message about the successful access. The data is used for statistical evaluations for the purpose of the operation, security and optimisation of the offer. The data is stored for security reasons (e.g. for the clarification of cases of abuse) for a period of 7 days. The IP address is only stored anonymously. If longer storage is necessary for evidentiary purposes, they will be deleted after the final clarification of the matter.
2.6 Recipients of personal data
2.8 Access data / server log files
2.8 Access data / server log files
2.9 Cookies
Furthermore, cookies are stored on your computer when you use our website. Cookies are small text files that enable specific information related to the device to be stored on the user's access device (PC, smartphone, other end devices). They are used for the user-friendliness of websites (e.g. storage of login data), the collection of statistical data on website use and for analysis in order to improve the website. Cookies cannot execute programs or transmit viruses to your computer.
You can prevent the storage of all or only certain cookies by setting your browser accordingly in the security settings. Cookies that have already been stored can be deleted in the browser. In these cases, however, the use of the website may be restricted.
This website uses the following types of cookies:
-
Transient (temporary) cookies
-
Persistent (permanent) cookies
Transient cookies are automatically deleted when you close the browser or log out. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This means that your computer can be recognised when you return to our website.
Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
Both types of cookies can originate from us (then "first-party cookies") or from third-party providers ("third-party cookies").
We use such cookies that enable the website to function securely in the first place and such cookies that merely record general user behaviour statistically (e.g. access to the website in the first place and the time of access) without merging user data across websites, without using external servers or services and without creating traceability, on the basis of our legitimate interest in providing a secure and functional website and for statistical purposes to optimise our website in accordance with Art. 6 (1) lit. f DSGVO.
The use of other cookies takes place exclusively on the basis of your previously given consent in accordance with Art. 6 para. 1 lit. a DSGVO. Such cookies usually serve to optimise our offer and to develop and economically optimise individual marketing measures. You can give your consent to the cookies and tools in question voluntarily when you access our website for the first time. You can change your decision at any time on our website.
Deactivation/objection to cookies:
You can generally object to the use of cookies that serve range measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
Furthermore, the storage of cookies can be prevented by setting this in the security settings of your browser. However, it may then not be possible to use all the functions of this website.
These options apply to all of the following cookies that we use on this website
2.10 Google Analytics
We use the web tracking tool Google Analytics (https://marketingplatform.google.com/intl/en/about/analytics/) from the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, imprint: https://www.google.com/intl/en/contact/imprint.html.
The parent company of this Ireland-based company is: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google").
We only use Google Analytics when you have provided us with your explicit consent through our website's cookie settings (Consent Tool) (Art. 49(1)(a) GDPR). With your consent, your data will be transferred not only to Ireland but also to the United States, which is considered an insecure third country. Currently, there is neither an adequacy decision from the EU for the USA nor any other suitable guarantees in place. Data protection for your information cannot be ensured in the USA, as there is currently no data protection level equivalent to that of the EU. This means that data transfer involves certain risks, particularly with regard to the prevention of access to your transmitted data by governmental authorities. For instance, it cannot be ruled out that U.S. authorities may access your data under Section 702 of the Foreign Intelligence Surveillance Act (FISA), a law that regulates foreign intelligence and counterintelligence in the United States. In this context, we explicitly inform you that, as an EU citizen, you do not have an effective legal remedy against the processing of your data by U.S. authorities under FISA. By providing your consent, you acknowledge these risks and consciously accept them. You can withdraw your consent at any time through the cookie settings within this privacy policy by accepting only essential cookies.
Furthermore, we would like to inform you that you can prevent the storage of cookies at any time by adjusting your browser settings accordingly. We have compiled additional information regarding this matter for the most commonly used browsers below. However, please be aware that this may affect the functionality of our website.
-
Mozilla Firefox
-
Microsoft Edge
-
Google Chrome
-
Safari
In addition, you can download a browser add-on to deactivate Google Analytics by following this link: https://tools.google.com/dlpage/gaoptout?hl=en. By installing this add-on, you prevent Google from collecting and processing data captured by cookies. If you have given your consent and have not disabled cookie storage in your browser, Google Analytics analyzes your website usage through the use of cookies. In this regard, we have a corresponding data processing agreement in place with Google.
In general, the data generated by cookies is transmitted and stored on a Google server in the United States. We use Google Analytics with a code extension to ensure that your IP address is only processed in a truncated form, allowing for approximate location identification while preventing the identification of specific individuals. It is possible for Google to combine the IP address transmitted by your browser with other data from Google, such as data from your Google account.
Please note that data processing is primarily carried out by Google, and not all data is anonymized. Google can also link this data with other information they have about you, including your search history, personal accounts, usage data, and any other data they have collected.
You can access information about the privacy settings for your Google account here: https://safety.google/intl/en/privacy/privacy-controls/. With these privacy settings, you can decide which data is stored in your Google account. In some cases, the full (and therefore non-anonymized) IP address is transmitted to the United States and then truncated accordingly.
Google uses the data provided to evaluate website usage, providing us with access to relevant statistics (e.g., website activity). Google also uses this data for various purposes, including profiling. Both Google and government authorities have access to this data. We also use Google Analytics to analyze visitor flows across devices through a user ID. Additionally, Google can link usage data from different devices. To prevent cross-device tracking with Universal Analytics, it is necessary to perform the opt-out on all devices from which you access our website.
2.11 eTracker
We use the etracker Analytics service of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany, Imprint: https://www.etracker.com/impressum/ (hereinafter referred to as "etracker") on our website. Here you can find FAQs from etracker regarding the DSGVO: https://www.etracker.com/docs/faq/eu-dsgvo/. You can access etracker's data protection declaration here: www.etracker.com/datenschutz/. We have concluded a corresponding contract for order processing with the company etracker.
We use etracker Analytics on the basis of our legitimate interest according to Art. 6 para. 1 p. 1 lit. f DSGVO, in this case in the interest of evaluating our website and improving it for you as a user. As standard, etracker Analytics does not use cookies, but records visitor behaviour (using purely technical parameters, such as the shortened IP address or the browser used) within a session (website visit) by means of cookieless session tracking. In this process, a hash value (a combination of characters from which the original data cannot be derived) is generated from purely technical data (such as the shortened IP address or the browser used) by means of a fingerprinting procedure, to which the date of the day the page was accessed is also added in order to make it even less likely that the identity of the user can be deduced. This value is automatically deleted every 24 hours. Within the 24 hours, this fingerprint makes it possible to analyse user behaviour.
You can object to the data processing at any time here:http://www.etracker.de/privacy?et=V23Jbb.
On our website, we use the etracker Optimiser add-on from etracker in addition to etracker Analytics. This add-on enables A/B testing (further information on this: https://www.etracker.com/docs/bedienung/etracker-optimiser/testing-targeting/a-b-testing-smart-messages/), overlay messaging (further information on this: https://www.etracker.com/docs/videos/etracker-optimiser/smart-messages/), remarketing feed (further information on this:
https://www.etracker.com/docs/data-services/remarketing-feed/) and access to user profiles in real time.
3. use of social media
We maintain online presences within various so-called social media platforms. You can reach our presences either via search engines, via the platforms themselves or by following the links on our website. We would like to point out that on these platforms your data will be processed partly by us and partly by the platform operators, which may sometimes also take place outside the area of the European Union.
4. contacting
When contacting us (for example, via contact form, email or our Facebook account), your details will be processed for the purpose of processing the enquiry and in the event that follow-up questions arise, in accordance with Art. 6 lit. b DSGVO. Your data will be deleted as soon as we have fully processed your request.
We would also like to point out the following:
As a pharmaceutical company, we are legally obliged to collect and document enquiries that describe events relevant to the safety of medicinal products and medical devices and, if necessary, to report them to the competent authorities. This report may also include personal data, such as your name, place of residence, health-related information or similar, if you have disclosed this to us explicitly and voluntarily. In order to obtain further information, it may be necessary for URSAPHARM to contact you. The legal basis for this data processing is Art. 6 (1) c) DSGVO in conjunction with § 3 MPSV or § 63 c AMG. Furthermore, for reasons of pharmacovigilance, we are obliged in this case to store your data for at least 5 years for testing purposes in accordance with the legal requirements. After the end of the legal periods, your data will be deleted or anonymised.
5. Newsletters
We offer you a newsletter on our website (either permanently or, where applicable, only as part of trade fair, promotion or prize draw promotions) with which we inform you about current topics (exclusive prize draws, product offers, general information, news, promotion and trade fair promotions, etc.).
You can register to receive the newsletter by entering your title, e-mail address and surname in our registration form on the website or in our registration form for the competition so that we can check the accuracy of your data. Your e-mail address will be activated for the dispatch of our newsletter by means of a so-called opt-in procedure. After registering, you will receive a confirmation e-mail from us in which you must click on a link contained therein in order to finally effectively register your address.
The newsletter is sent approximately six times a year to the e-mail address you have provided. We process your data on the basis of your consent (Art. 6 para. 1 lit. a DSGVO) exclusively for the purpose of sending the newsletter and delete it immediately after you unsubscribe from our newsletter. When you confirm the link in the double opt-in email, the date and time of registration are also stored on the basis of our legitimate interest (i.e. as proof of registration; Art. 6 para. 1 lit. f DSGVO).
We send our newsletter via the provider CleverReach (CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede). For this purpose, the data you provide is transmitted to CleverReach in encrypted form and stored. You can find more information on data security at CleverReach here.
If you no longer wish to receive our newsletter, you can unsubscribe via the unsubscribe function contained in every newsletter or via the unsubscribe form contained on our website or by means of the link contained in the newsletter or by means of any other communication to us.
6. raffles
From time to time, we organise competitions which we advertise on our website and/or on our social media presences and for which you can register via a corresponding sub-page on our website.
In this respect, we work together with external agencies for the event. The details of the associated data processing can be found in the competition conditions. This also includes the name of the agency that cooperates with us in the respective case and processes the participants' data accordingly to handle the competition. Your data will therefore be passed on to these agencies. Otherwise, no data will be passed on.
Participation in a competition usually requires registration of the participants with personal data, typically title, first name, surname and e-mail address. The data processing is carried out on the basis of Art. 6 para. 1 lit. a DSGVO due to your consent given for this purpose. The respective conditions of participation apply.
The winners will be published anonymously (i.e. first name, shortened surname, shortened place of residence) on our website. The data will be used solely for the purpose of conducting the competition and, with the exception of the winner data, will be deleted after the winners have been determined. The winners' data will also be processed for the purpose of notifying the winners and sending the prizes, after which it will be deleted. Data will only be used beyond this purpose, e.g. for sending newsletters, with your express consent.
We have obligated the respective agencies, which are active according to our instructions, to comply with the data protection laws, also and in particular in the sense of the above, and have concluded corresponding order processing contracts with them.
7. data subject rights
You can request information about the data stored about you free of charge at any time at the above address. Furthermore, under certain conditions, you can request the correction or deletion of your stored personal data. Furthermore, you may have a right to restrict the processing of your data as well as a right to the return or transfer of the data provided by you in a structured, common and machine-readable format.
If the processing of your personal data is based on your consent, you also have the right to revoke your consent at any time. The lawfulness of the processing carried out on the basis of the consent until revocation is not affected by this.
Right of objection
You have the right to object at any time to the processing of your personal data based on Art. 6 (1) (f) DSGVO. In particular, you may object to processing for direct marketing purposes.
8. right of complaint
Furthermore, you have the option of contacting the above-mentioned data protection officer or a data protection supervisory authority with a complaint.
The supervisory authority responsible for us is:
Independent Data Protection Centre Saarland
The State Commissioner for Data Protection and Freedom of Information
Fritz-Dobisch-Strasse 12
66111 Saarbrücken
Telephone: (0681) 94781-0
Fax: (0681) 94781-29
9. data transfer to a third
country / outside the EU
If we transfer personal data to service providers outside the EU, we will only do so in accordance with Art. 44 et seq. of the GDPR. DSGVO, i.e. in principle only insofar as the third country has been confirmed by the EU Commission as having an adequate level of data protection or other adequate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place. Should we exceptionally deviate from this, we will always inform you accordingly in good time before the start of the processing and only start the processing after your prior, explicit, informed consent (Art. 49 para.1 lit.a DSGVO).