Data protection declaration of Pharmaserv GmbH, as of 25 May 2018

I. Name and address of the responsible body

The responsible body in accordance with the GDPR and other national data protection laws of the Member States and other provisions under data protection laws is:

Pharmaserv GmbH
Emil-von-Behring-Straße 76
35041 Marburg
Germany
Tel.: +49 6421 39-14
E-mail: info@pharmaserv.de
Website:www.pharmaserv.de

The data protection declaration applies to the following websites:

www.pharmaserv.de
www.jobs.pharmaserv.de
www.pharmaserv-shop.de
www.pharmaserv-logistics.de
www.pharmaserv-logistics.com/
www.rechenzentrum-hessen.de/
www.was-ist-gmp.de/
www.werkfeuerwehr-behring.de/
www.behringwerke.de
www.behringwerke.com/
www.behringwerke-erleben.de
energiedaten.pharmaserv.de/idspecto/

II. Name and address of the data protection officer

The data protection officer of the responsible body is:

Jörg SchalowInfrareal GmbHIm Schwarzenborn 435041 MarburgDeutschlandTel.: +49 6421 39-3690E-Mail: joerg.schalow@infrareal.deWebsite: www.pharmaserv.de

III. General information concerning data processing

1. Scope of the processing of personal data
We generally gather and use personal data of our users only to the extent that is necessary to provide a functional website, as well as functional content and services. The gathering and processing of personal data of our users generally takes place only with the consent of the user. An exception applies in such cases where the prior obtaining of consent is not possible for actual reasons and the processing of the data is permitted under statutory regulations.

2. Legal basis for the processing of personal data
Should we obtain the consent of the affected person for the processing of personal data, Article 6 Paragraph 1 Letter a) GDPR forms the legal basis of this.
When processing personal data which is necessary to fulfil a contract where the contracting party is the affected person, Article 6 Paragraph 1 Letter b) GDPR forms the legal basis of this. This also applies to processing procedures which are necessary to carry out pre-contractual measures.
Should processing of personal data be necessary in order to fulfil a legal obligation to which our company is subject, Article 6 Paragraph 1 Letter c) GDPR forms the legal basis of this.
In case that vital interests of the affected person or of another natural person make the processing of personal data necessary, Article 6 Paragraph 1 Letter d) GDPR forms the legal basis of this.
Should the processing be necessary in order to safeguard a legitimate interest of our company or of a third party and should the interests, basic rights and basic freedoms of the affected persons not outweigh our legitimate interest referred to above, Article 6 Paragraph 1 Letter f) GDPR forms the legal basis for the processing.

3. Data deletion and saving period

The personal data of the affected person will be deleted or blocked once the purpose of the saving no longer applies. Saving can also take place if this was prescribed by the European or national legislator in EU ordinances, laws or other regulations to which the responsible body is subjected. Blocking or deletion of the data also takes place if saving period prescribed by the named norms expires, unless it is necessary to continue saving the data in order to conclude a contract, to perform a contract or in order to assert, exercise or defend legal claims.
We are permitted to not delete personal data should statutory retention obligations exist or should the saving of the personal data be permitted by law.

IV. Provision of the website and creation of logfiles

1. Description and scope of the data processingWhen our Internet site is accessed, our system automatically records data and information from the system of the accessing computer.

In such a case, the following data is gathered:

  1. Information concerning the browser type and version used
  2. The operating system of the user
  3. The Internet service provider of the user
  4. The IP address of the user
  5. Date and time of the access
  6. Websites from which the system of the user accessed our Internet site
  7. Websites accessed from the system of the user via our website

The data will also be saved in the logfiles of our system. No saving of this data together with other personal data of the user takes place/

2. Legal basis for the data processing
The legal basis for the temporary saving of the data and logfiles is Article 6 Paragraph 1 Letter f) GDPR.

3. Purpose of the data processing
The temporary saving of the IP address by the system is necessary in order to enable the delivery of the website to the computer of the user. For this purpose, the IP address of the user needs to remain saved for the duration of the session.
The saving in logfiles takes place in order to ensure the functionality of the website. In addition, the data enables us to optimise the website and to ensure the security of our technical information systems. No evaluation of the data for marketing purposes takes place during this process.
These purposes are also covered by our legitimate interest in data processing in accordance with Article 6 Paragraph 1 Letter f) GDPR.

4. Duration of the saving
The data will be deleted when it is no longer necessary in order to attain the purpose for which it was gathered. In case of the recording of the data in order to provide the website, this is the case once the respective session has ended.
In case of saving of the data in logfiles, this is the case after a maximum of seven days. It is possible for saving to take place beyond the above. In this case, the IP addresses of the user will be deleted or disguised, so that it is no longer to identify the accessing client.

5. Option to raise an objection and correction
The recording of the data in order to provide the website and the saving of the data in logfiles are absolutely necessary in order to operate the website. As a result, the user does not have the option to raise an objection.

V. Use of cookies

a) Description and scope of the data processing
Our website uses cookies. Cookies are text files which are saved in the Internet browser or by the Internet browser in the computer system of the user. Should a user access a website, a cookie can be saved in the operating system of the user. This cookie contain a characteristic letter sequence which enables a clear identification of the browser next time the website is accessed.

We use cookies in order to make our website more user friendly. Certain elements of our Internet site make it necessary to also be able to identify the accessing browser when a different page is visited.
In this case, the following data is saved and transferred in the cookies:

Cookie

Content

Comment

fe_typo_user

Session ID

Is deleted at the end of the session

displayCookieConsenst

Content of the cookie declaration read (yes, no)

 

Piwik ignore

Response to the opt out question in the legal notice

Should a visitor decide against the statistical evaluation of his or her user access by Piwik, this cookie will be set.

In the cookies of the Pharmaserv shop at www.pharmaserv-shop.de, the following data is saved and transferred:

Cookie

Content

Comment

SESSIDPharmaServDe

Shop-Session ID

All other information relating to the customer or his or her shopping basket will only be saved on the server. The cookie is necessary in order to save the shopping basket and to identify the customer after a login.

cookieconsent_status

Content of the cookie declaration read (yes, no)

 

is_logged_in

Only contains the value true (logged in)

Is required in order to display further information in the shop for the customer after a login.

We also use cookies on our website which enable an analysis of the surfing behaviour of the users. (See section VIII web analysis by means of Matomo, previously Piwik).
The user data gathered in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the accessing user. The data is not saved together with other personal data of the users.
When accessing our website, the users are informed of the use of cookies for analysis purposes via an info banner and are referred to this data protection declaration. During this process, a notice as to how the saving of cookies can be prevented in the browser settings is provided.
When accessing our website, the user is informed of the use of cookies for analysis purposes and his or her consent to the processing of the personal data used in this process is obtained. During this process, a reference is also made to this data protection declaration.

b) Legal basis for the data processing
The legal basis for the processing of personal data using technically necessary cookies is Article 6 Paragraph 1 Letter f) GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Article 6 Paragraph 1 Letter a) GDPR, provided that the consent of the user is present in this respect.

c) Purpose of the data processing
The purpose of the use of technically necessary cookies is to simplify the use of websites for the users. Certain functions of our Internet site cannot be provided without the use of cookies. For these functions, it is necessary for the browser to be recognised again after a change to the pages visited.

The user data which is gathered by the technically necessary cookies will not be used in order to create user profiles. We use cookies as stated in Point V a.
The use of analysis cookies takes place in order to improve the quality of our website and its contents. By means of the analysis cookies, we are informed as to how the website is being used and as a result, we are able to constantly optimise our services.
These purposes are also underlined by our legitimate interest in processing the personal data in accordance with Article 6 Paragraph 1 Letter f GDPR.

d) Duration of the saving, option to object and correction
Cookies are saved on the computer of the user and transferred to our website from this. Therefore as the user, you also have full control concerning the use of cookies. By means of changing the settings in your Internet browser, you can deactivate or restrict the transfer of cookies. Any cookies which have already been saved can be deleted at any time. This can also take place automatically. Should cookies be deactivated for our website, it may be the case that certain functions of the website may no longer be able to be fully used.

VI Registration with the PHARMASERV shop at www.pharmaserv-shop.de/

1. Description and scope of the data processingIt is possible to register with the Pharmaserv shop via our website. Should a user make use of this option, the data inputted into the entry mask will be transferred to us in encrypted form. Following the transfer, the data will be sent to the relevant department by email and saved in the backend of the shop software. For example, this data includes:

  1. Title
  2. Company
  3. Tax number (is not saved by the shop)
  4. Commercial register number (is not saved by the shop)
  5. First name
  6. Surname
  7. Road, number
  8. Postcode
  9. Town or city
  10. Email address
  11. Telephone number

Alternatively, it is possible to make contact via the email address which has been provided. In such a case, the personal data which is transferred by email will be saved.
No data is passed on to third parties during this process. The data is only used in order to process the registration.

Persons under 18 should not send any personal data to us without the agreement of their parents or guardians.

2. Legal basis for the data processing
The legal basis for the processing of the data is Article 6 Paragraph 1 Letter a) GDPR, provided that the consent of the user is present.

The legal basis for the processing of the data which is transferred by email is Article 6 Paragraph 1 Letter f) GDPR. Should the purpose of the email contact be the conclusion of a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Letter b) GDPR.

3. Purpose of the data processing
The processing of the personal data from the entry mask enables us to process the registration. A registration of the user is necessary for certain contents and services to be displayed on our website. In case of making contact by email, the necessary legitimate interest is also the processing of the data here.

The purpose of the other personal data which is processed during the sending process is the prevention of misuse of the registration function and ensuring the security of our technical information systems.

4. Duration of the saving
The data will be deleted once it is no longer required in order to attain the purpose for which it was gathered. For the personal data from the registration process, this will be the case when the conversation with the user has come to an end. The conversation is at an end when it can be determined from the circumstances that the customer is fully and finally no longer using the shop.

Following the conclusion of a contract, it may be necessary to save personal data of the contracting partner, in order to comply with contractual or statutory obligations.
The additional personal data which is gathered during the sending process will be deleted after a maximum of seven days.

5. Option to raise an objection and correction
At all times, the user has the option of revoking his or her consent to the processing of the personal data. Should the user get in touch with us by means of registration, he or she can object to the saving of his or her personal data at any time. In such a case, the conversation cannot be continued.
Please send this information to info@pharmaserv.de. In such a case, all personal data which was saved during the registration process will be deleted.

VII Contact form and email contact

1. Description and scope of the data processing
Out Internet site contains a contact form and/or a "telephone service" form, which can both be used in order to get in touch with us electronically. Should a user make use of this facility, the data inputted in the entry mask will be transferred to us in encrypted form. Following the transfer to the responsible body by email, the data will no longer be saved on the website. For example, this data includes:

  1. Topic
  2. Company
  3. Function
  4. First name
  5. Surname
  6. Road, number
  7. Postcode
  8. Town or city
  9. Email address
  10. Telephone number
  11. Message

For the processing of the data, your consent will be obtained during the sending process and reference will be made to this data protection declaration.

Alternatively, it is possible to get in touch via the provided email address. In such a case, the personal data of the user which has been transferred with the email will be saved.
No forwarding of the data to third parties takes place during this process. The data will only be used in order to process the conversation.

Persons under 18 should not send us any personal data without the consent of their parents or guardians.

2. Legal basis for the data processing
The legal basis for the processing of the data is Article 6 Paragraph 1 Letter a) GDPR, provided that the consent of the user is present.

The legal basis for the processing of the data which is transferred during the sending of an email is Article 6 Paragraph 1 Letter f) GDPR. Should the purpose of the email contact be the conclusion of a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Letter b) GDPR.

3. Purpose of the data processing
The processing of the personal data from the entry mask merely enables us to process the contact initiation. In case of contact initiation by email, this also represents the necessary legitimate interest in the processing of the data.
The purpose of the other personal data processed during the sending process is to prevent misuse of the contact form and to ensure the security of our technical information systems.

4. Duration of the saving
The data will be deleted, once it is no longer necessary in order to attain the purpose for which it was gathered. For the personal data from the entry mask of the contact form and for the personal data which was sent by email, this is the case if the respective conversation with the user has come to an end. The conversation is at any end if it is clear from the circumstances that the matter at hand has been fully and finally clarified.
The additional personal data which is gathered during the sending process will be deleted after a maximum of seven days.

5. Option to raise an objection and correction
At all times, the user has the option to revoke his or her consent to the processing of the personal data. Should the user get in touch with us by email, he or she can object to the saving of his or her personal data at any time. In such a case, the conversation cannot be continued.
Please send this information to info@pharmaserv.de. All personal data which was saved in the course of the contact initiation will be deleted in such a case.

VIII Web analysis by Matomo (formerly Piwik)

1. Scope of the processing of personal data
We use the open software tool Matomo (formerly Piwik) on our website in order to analyse the surfing behaviour of our users. The software sets a cookie on the computer of the user (see point V above in relation to cookies). Should individual pages of our website be accessed, the following data will be saved:

  1. Two bytes of the IP address of the accessing system of the user
  2. The website accessed
  3. The website from which the user was directed to the website (referrer)
  4. The sub pages which were accessed from the website
  5. The duration of the visit to the website
  6. The frequency of the accessing of the website

Thereby the software runs exclusively on the servers of our website. Personal data of the users is only saved there. No passing on of the data to third parties takes place.
The software is set in such a way that the IP addresses are not saved in full, rather 2 bytes of the IP address are masked (for example 192.168.xxx.xxx). In this way, it is not possible to assign the shortened IP address to the accessing computer.
The following cookies are used:

Cookie

Content

Comment

_pk_id

_pk_ses

_pk_ref

These cookies are set by Matomo.

The analysis tool runs on the web server of Pharmaserv GmbH, where the Matomo data is also saved. No data is passed on to third parties.

2. Legal basis for the processing of personal data
The legal basis for the processing of the personal data of the users is Article 6 Paragraph 1 Letter f) GDPR.

3. Purpose of the data processing
The processing of the personal data of the users enables us to analyse the surfing behaviour of our users. By means of the evaluation of the data which is acquired, we are in the position of being able to compile information concerning the use of the individual components of our website. This helps us to constantly improve our website and its user friendliness. These purposes also represent our legitimate interest in the processing of the data in accordance with Article 6 Paragraph 1 Letter f) GDPR. By means of the anonymisation of the IP address, the interest of the user in the protection of his or her personal data is sufficiently safeguarded.

4. Duration of the saving
The data will be deleted, once it is no longer required for our recording purposes.

In our case, this is so after 6 months.

5. Option to raise an objection and correction
Cookies are saved on the computer of the user and transferred from this to our website. Therefore, as the user you have full control concerning the use of cookies. By means of altering the settings in your Internet browser, you can deactivate or restrict the transfer of cookies. Cookies which have already been saved can be deleted at any time. This can also take place automatically. Should cookies be deactivated for our website, it is possible that some functions of the website may not be able to be used in full.
On our website, we offer our users the option of opting out of the analysis procedure. In order to do this, you need to follow the corresponding link in the legal notice. In this way, an additional cookie is set in your system, which instructs our system not to save the data of the user. Should the user delete the corresponding cookie from his or her own system in the meantime, he or she needs to reset the opt out cookie.
You can find further information concerning the private sphere settings of the Matomo software via the following link: https://matomo.org/docs/privacy/.

IX Google Maps

This website uses the product Google Maps, which is provided by Google Inc. By means of your use of this website, you are declaring your agreement to the recording, processing and use of automatically gathered data by Google Inc., its representatives and also third parties.
The terms and conditions of use of Google Maps can be found under "terms and conditions of use of Google Maps".

X Google Web Font

This site uses so-called web fonts provided by Google in order to display fonts in a unified manner. When accessing a page, your browser loads the required web fonts into its browser cache, in order to correctly display texts and fonts. Should your browser not support Web Fonts, a standard font will be used by your computer.
You can find further information relating to Google Web Fonts at https://developers.google.com/fonts/faq and in the data protection declaration of Google: https://www.google.com/policies/privacy/

XI Rights of the affected person

Should personal data relating to you be processed, you are an affected person as defined under the GDPR and you have the following rights in relation to the responsible body:

1. Right of informationYou can request confirmation from the responsible body whether personal data which relates to you is processed by us.Should such processing be taking place, you can request the following information from the responsible body:

  1. The purposes for which the personal data is being processed;
  2. The categories of personal data which are being processed;
  3. The recipients and/or categories of recipients in relation to whom the personal data concerned was disclosed or will be disclosed in the future;
  4. The planned duration of the saving of the personal data relating to you or, should it not be possible to provide concrete information in this respect, criteria for determining the duration of the saving of the personal data;
  5. The existence of the right to correction or deletion of the personal data relating to you, the right to restriction of processing by the responsible body or the right to object to this processing;
  6. The existence of the right to complain to a supervisory authority;
  7. All available information concerning the origin of the data, should the personal data not be gathered from the affected person;
  8. The existence of automated decision making, including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and, at least in these cases, comprehensive information concerning the involved logic and the breadth and intended effects of such processing for the affected person.

You have the right to request information as to whether personal data relating to you is being transferred to a third country or to an international organisation. In this respect, you can request to be informed of the suitable guarantees in connection with the transfer as prescribed under Article 46 GDPR.

2. Right to correction
You have the right to correction and/or completion in relation to the responsible body, should the personal data relating to you which is being processed be incorrect or incomplete. The responsible body must carry out the correction immediately.

3. Right to restriction of the processing
Under the requirements below, you can request the restriction to the processing of the personal data relating to you:

  1. Should you dispute the correctness of the personal data relating to you for a period of time which enables the responsible body to check the correctness of the personal data;
  2. Should the processing be unlawful and should you reject the deletion of the personal data and instead request that the use of the personal data be restricted;
  3. The responsible body no longer requires the personal data for the purpose of the processing, however you require the data in order to assert, exercise or defend legal claims or
  4. If you have raised an objection to the processing in accordance with Article 21 Paragraph 1 GDPR and it is not yet clear whether legitimate reasons on the part of the responsible body outweigh your reasons.

Should the processing of the personal data relating to you be restricted, then apart from its saving, this data may only be processed with your consent or in order to bring, exercise or defend legal claims, to protect the rights of another natural or legal person, or for reasons connected to an important public interest of the EU or a Member State.
Should the restriction of the processing in accordance with the requirements above be limited, you will be notified by the responsible body before the restriction is lifted.

4. Right to deletion a) Deletion obligationYou can request that the responsible body immediately deletes the personal data relating to you and the responsible body is obliged to immediately delete this data if one of the following reasons is present:

  1. The personal data relating to you is no longer required for the purposes for which it was gathered or otherwise processed.
  2. You revoke you consent on which the processing in accordance with Article 6 Paragraph 1 Letter a) or Article 9 Paragraph 2 Letter a) GDPR was based and no other legal basis for the processing is present.
  3. You raise an objection to the processing in accordance with Article 21 Paragraph 1 GDPR and there are no legitimate reasons for the processing which take priority or you raise an objection to the processing in accordance with Article 21 paragraph 2 GDPR.
  4. The personal data relating to you has been processed unlawfully.
  5. The deletion of the personal data relating to you is necessary in order to fulfil a legal obligation under EU law or the law of the Member States to which the responsible body is subject.
  6. The personal data relating to you was gathered in relation to the services of the information company which are offered in accordance with Article 8 Paragraph 1 GDPR.

b) Information to third parties
Should the responsible body have made the personal data relating to you public and should it be obliged to delete this in accordance with Article 17 Paragraph 1 GDPR, taking the available technology and implementation costs into account, it shall take reasonable measures, also of a technical nature in order to inform the responsible bodies who process the personal data that you as an affected person have requested from them the deletion of all links to the said personal data or the deletion of copies or reproductions of the said personal data.

c) Exceptions
The right of deletion does not exist, should the processing be necessary

  1. In order to exercise the right of freedom of opinion and information;
  2. In order to fulfil a legal obligation which requires the processing in accordance with EU law or of the Member States to which the responsible body is subject or in order to fulfil a task which is in the public interest or takes place in the exercising of public power which has been assigned to the responsible body;
  3. For reasons connected to the public interest in the area of public health in accordance with Article 9 Paragraph 2 Letter h) and Article 9 Paragraph 3 GDPR;
  4. In order to assert, exercise or defend legal claims.

5. Right to be informed
Should you have claimed the right of correction, deletion or restriction to the processing against the responsible body, it is obliged to inform all recipients to whom the personal data relating to you was disclosed of this correction or deletion of the data or restriction of the processing, unless this is shown to be impossible or would lead to disproportionately high expense.

In relation to the responsible body, you have the right to be informed of these recipients.

6. Right of data transferability
You have the right to receive the personal data which you have provided to the responsible body in a structured, current and machine-readable format. In addition, you have the right to transfer this data to another responsible body without hindrance by the responsible body to whom the personal data was provided, should:

  1. The processing be based on consent in accordance with Article 6 Paragraph 1 Letter a) GDPR or Article 9 Paragraph 2 Letter a) GDPR or based on a contract in accordance with Article 6 Paragraph 1 Letter b) GDPR and
  2. The processing takes place with the assistance of automated procedures.

Furthermore, when exercising this right you have the right to make sure that the personal data relating to you is transferred directly to another responsible body by a responsible body, should this be technically possible. Freedoms and rights of other persons may not be impaired as a result.
The right of data transferability does not apply to processing of personal data which is necessary in order to carry out a task which is in the public interest or takes place in the course of exercising of official powers which have been assigned to the responsible body.

7. Right of objection
For reasons connected to your specific situation, you have the right to submit an objection at any time to the processing of the personal data relating to you which takes place under Article 6 Paragraph 1 Letter e) or f) GDPR; this also applies to profiling based on these provisions.

The responsible body will no longer process the personal data relating to you, unless it can provide proof of mandatory protectable reasons for the processing which outweigh your interests, rights and freedoms or the processing serves the purpose of asserting, exercising or defending legal claims.Should the personal data relating to you be processed in order to carry out direct advertising, you have the right to raise an objection to the processing of the personal data relating to you for the purpose of such advertising at any time; this also applies to the processing, should it be connected to the direct advertising.Should you object to the processing for the purpose of direct advertising, the personal data relating to you will no longer be processed for these purposes.You have the option of exercising your right of objection by means of automated procedures in relation to the use of services of the information company where technical specifications are used, regardless of Directive 2002/58/EC.

8. Right to revoke the declaration of consent under data protection laws
You have the right to revoke your declaration of consent under data protection laws at any time. By means of the revocation of the consent, the lawfulness of the processing which took place prior to the issuing of the revocation will not be affected.

9. Automated decision making in individual cases, including profilingYou have the right not to be subject to a decision which is based solely on automated processing, including profiling, which has a legal effect on you or significantly impacts you in similar ways. This does not apply if the decision:

  1. Is necessary in order to conclude or fulfil a contract between yourself and the responsible body;
  2. Is permitted under legal regulations of the EU or the Member States to which the responsible body is subject and these legal regulations contain reasonable measures for safeguarding your rights and freedoms, as well as your legitimate interests or
  3. Takes place with your express consent.

However, these decisions may not relate to special categories of personal data in accordance with Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 Letter a) or Letter g) applies and reasonable measures for the protection of the rights and freedoms, as well as your legitimate interests were taken.
In relation to the cases named in (1) and (3), the responsible body will take reasonable measures in order to safeguard the rights and freedoms, as well as your legitimate interests, whereby as a minimum this includes the right to have a person of the responsible body intervene, to set out one's own opinion and to contest the decision.

10. Right to complain to a supervisory authorityRegardless of other legal remedies under administrative law or before a court, you have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, place of work or location of the alleged breach, should you be of the opinion that the processing of the personal data relating to you breaches the GDPR.The supervisory authority to whom the complaint was filed will inform the complainant of the status and results of the complaint, including the possibility of recourse to the courts in accordance with Article 78 GDPR.