This privacy policy informs you as a user of our website and our offers about the nature, scope and purpose of the collection and use of personal data.

We expressly point out that data transmission on the Internet (e.g. when communicating via e-mail) has security gaps and cannot be completely protected from access by third parties.

 This privacy policy is currently valid and has the status February 2021. Due to the further development of our website and offers or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. The current data protection declaration can be accessed and printed by you at any time on our website under https://www.ursapharm.de/datenschutz/.  

1.1 Responsible for data processing

The data controller is:

URSAPHARM Arzneimittel GmbH

Industriestraße 35

66129 SaarbrückenGermany

Phone: +49 (0) 6805/9292-0

Fax: +49 (0) 6805/9292-88

E-mail: datenschutz@ursapharm.de

1.2 Data protection officer

Data Protection Officer 

URSAPHARM Arzneimittel GmbH

Industriestraße 35

66129 Saarbrücken

E-Mail: datenschutz@ursapharm.de

1.3 Disclosure of data to third parties and third party providers

We comply with the legal requirements. Data is only passed on to third parties within the scope of the statutory provisions.

General information

2.1 Integration of third-party services and content

We may use third-party services within our website to, for example, integrate external media, perform analyses, etc. This is always done on a legal basis, such as on the basis of our legitimate interests (e.g. our interest in the analysis, optimization and economical operation of our website) within the meaning of Art. 6 sec. 1 lit. f GDPR or - if this is necessary in individual cases - on the basis of your previously given consent pursuant to Article 6 sec. 1 lit. a GDPR.

Such services generally require that the third-party providers perceive the IP address of the users, since they could not send the corresponding content to the browser without the IP address. The IP address is required for the presentation of such content. We try to only use services whose respective providers only use the IP address for the delivery of the content. Some providers also use so-called “pixel tags” (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, among other things, technical information about the browser and operating system, referring websites, visiting time and other information on the use of our online offer, as well as being linked to such information from other sources.

For more information on which services are actually used on this site and how data is processed within their framework, as well as the relevant legal basis, please refer to the explanations on the respective services in the further course of this data protection declaration.

2.2 Types of data processed

On our website, we collect and process inventory data (e.g. names, addresses), contact data (e.g. e-mail addresses, telephone numbers, fax numbers, postal address), usage data (e.g. websites visited, links clicked, interest in content, access times, access locations), content data (e.g. comments, text entries, photos, videos) and measurement and communication data (e.g. device information, browser information, IP addresses).

2.3 Categories of data subjects

The persons affected by the processing of personal data are all visitors and users of our website.  

2.4 Purpose of processing

We collect and process the personal data of users of our website in order to communicate with and inform them (e.g., contact and other inquiries), to perform statistics, reach measurement and analysis (e.g., with marketing and analysis tools), so that we can better design and optimize content and functions, to technically manage and optimize the website and to close security gaps.

2.5 Legal bases for the processing of personal data

We only process personal data if we have a legal basis to do so. In the following, we will identify the legal bases in question individually in the context of the respective data processing operations. In general, we are always entitled to process personal data, if the person concerned has given its consent (see Art. 6 sec. 1 lit. a, Art. 7 GDPR) if we are obliged to fulfil contractual or pre-contractual obligations (see Art. 6 sec. 1 lit. b GDPR) if we have to fulfil other legal obligations (see Art. 6 sec. 1 lit. c GDPR) or if we safeguard our legitimate interests (see Art. Art. 6 sec. 1 lit. f GDPR).

2.6 Recipients of personal data

We may transfer personal data to processors or other third parties (e.g. hosting agencies, etc.) with whom we cooperate. We are entitled to do this if the data subject has consented to this (see Art. 6 sec. 1 lit. a, Art. 7 DSGVO), if we thereby fulfill contractual or pre-contractual obligations (see Art. 6 sec. 1 lit. b DSGVO), if we thereby fulfill a legal obligation (see Art. 6 sec. 1 lit. c DSGVO) or if we safeguard our legitimate interests (see Art. 6 sec. 1 lit. f DSGVO). We conclude a so-called data processing agreement with data processors in accordance with Art. 28 DSGVO, according to which they also undertake to comply with the rules of data protection.

2.7 Hosting

This website is hosted on the servers of domainfactory GmbH.  The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this website. In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of all users of this website. The legal basis for the use of hosting services is the protection of our legitimate interests in the analysis, optimization and the economic and secure operation of our website (see Art. 6 sec. 1 lit. f DSGVO). We have concluded corresponding data processing contracts with our hosting providers.

2.8 Access Data / Server-Logfiles

Based on our legitimate interest under Art. 6 sec. 1 lit. f GDPR, we collect data about every access to our website (so-called web server log files). The data processed includes IP address, time of retrieval, type of request, protocol, HTTP status, referer, browser type and version, operating system, and the message of successful retrieval. The data are used for statistical evaluations for the purpose of operation, safety and optimization of the offer. The data will be stored for security reasons (e.g. for the investigation of abuse cases) for a period of 7 days.   The IP address is stored anonymously only. If a longer retention is required for evidence purposes, these will be deleted after the final clarification of the matter.

2.9 Cookies

Furthermore, when you use our website, cookies may be stored on your computer. Cookies are small text files that make it possible to store specific information related to the device on the user's access device (PC, smartphone, other devices). They serve the user-friendliness of websites (e.g. storage of login data), the collection of statistical data of the use of the website and for analysis in order to improve the website. Cookies cannot run programs or transmit viruses to your computer.

You can prevent the storage of all or only certain cookies by setting your browser accordingly in the security settings. Cookies that have already been saved can be deleted in the browser. In these cases, however, the use of the website may be restricted.

This website may use the following types of cookies:

• Transient (temporary) cookies

• Persistent (permanent) cookies

Transient cookies are automatically deleted when you close or log out of the browser. This includes, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the common session. This allows your computer to be recognized when you return to our website.

Persistent cookies are automatically deleted after a predetermined duration, which may vary depending on the cookie. You can delete the cookies in your browser's security settings at any time.

Both types of cookies may come from us (then "first-party cookies") or from third-party providers ("third-party cookies"). 

Such cookies, which enable the safe functioning of the website in the first place and such cookies, which only record the general usage behavior statistically (e.g. access to the website at all and the time of access), without merging user data across websites, without using external servers or services and without establishing traceability, we use on the basis of our legitimate interest in a secure and functional provision of the website as well as for statistical purposes to optimize our website in accordance with Article 6 sec. 1 lit. f GDPR.

The use of other cookies is based exclusively on your previously given consent in accordance with Art. 6 sec. 1 lit. a GDPR. Such cookies are usually used to optimize our offer as well as to develop and optimize individual marketing measures. You can give your consents for the cookies and tools in question voluntarily when you first visit our website. You can change your decision at any time on our website.

Deactivation/opposition to cookies:

In general, you can object to the use of cookies for range measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Furthermore, the storage of cookies can be prevented by setting this in the security settings of your browser. However, you may then not be able to use all the functions of this website.

These options apply to all cookies listed below that we use for this website.

2.10 eTracker

We use the service etracker Analytics of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Imprint: https://www.etracker.com/impressum/  (hereinafter referred to as "etracker"). Here you can find FAQ from etracker regarding the GDPR:  https://www.etracker.com/docs/faq/eu-dsgvo/. The privacy policy of etracker can be found here:  https://www.etracker.com/datenschutz/. We have concluded a corresponding data processing contract with etracker.  

We use etracker Analytics on the basis of our legitimate interest under Art. 6 sec. 1 p. 1 lit. f GDPR, in this case in the interest to evaluate our website and improve it for you as a user. As standard, etracker Analytics does not use cookies, but records the visiting behavior (using purely technical parameters, such as the abbreviated address or the browser used) within a session (visit to the website) by means of cookieless session tracking. A hash value (combination of characters from which the original data cannot be derived) is generated by means of a fingerprinting procedure from purely technical data (such as the abbreviated IP address or the browser used), to which the date of the page call is added, in order to make a conclusion on the identity of the user even less likely. This value is automatically deleted every 24 hours. Within 24 hours, this fingerprint allows to analyze user behavior.

You can object to the data processing here at any time:

We offer you a free service on this website under the name "Pharmacy Finder". 
Technically, the pharmacy finder is implemented based on the service Google Maps. This allows us to display interactive maps directly on the website and allows you to use the map function comfortably; including searching and displaying pharmacy locations.
It is the interactive map service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, imprint: https://www.google.de/intl/de/contact/impressum.html. The parent company of this Irish-based company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). Google's privacy policy is available here:  https://policies.google.com/privacy?hl=de. 
 
We integrate Google Maps via Google API on our website (the acronym API stands for application programming interface). This is a program interface that allows us to integrate third-party services on our website, the privacy policy regarding the Google API service can be found here: https://developers.google.com/terms/api-services-user-data-policy).
In principle, we only use Google Maps if you have given us your express consent via our Consent tool. The  integration of Google Maps on our website and the associated data processing is based on your consent within the meaning  of  Art. 6 sec. 1 lit. a GDPR. The transfer of your data to a third country from our website is in the present case within the meaning of Artt. 44 ff. GDPR justified by your consent, this follows from Art. 49 sec. 1 lit. a GDPR. 

Hinweis: With your consent, your data will then be transferred not only to Ireland but also to the USA and thus to an unsafe third country. There currently are no EU adequacy decision or any other appropriate guarantees for the US. The protection of your data cannot be guaranteed in the destination country USA. There is currently no equivalent level of data protection in the US. Therefore, the transmission is associated with corresponding risks. In particular, there are no guarantees regarding the failure of access to your transferred data by public authorities. For example it cannot be ruled out that US authorities may access your data on the basis of Section 702 of the Foreign Intelligence Surveillance Act (FISA; a law that governs the United States' foreign intelligence and counter-espionage services). In this context, we expressly point out that you, as an EU citizen, do not have an effective legal protection against the processing of your data by US authorities on the basis of FISA. If you give your consent, you do so in the knowledge of these risks, which you consciously accept as a result. You can revoke your consent at any time by means of the cookie settings within this privacy policy, in which you only accept essential cookies.

If you have given your consent and then call up the sub-page on which Google Maps is implemented, Google will receive the information about this call-up and a transfer of the personal data mentioned in this data protection declaration will take place in the case of purely informational use of the website to Google. This transfer is used to create a user profile by Google and takes place regardless of whether you have a Google account. However, if an account is available and if you are logged into the account when you access the sub-page on which Google Maps is implemented, this data will be assigned. This data is stored by Google and used for advertising and/or market research purposes, such as the provision of tailored advertising. If you do not want the data to be assigned to your google profile, you must log out before visiting the website with the Maps service.

If you wish to prevent the processing described above by Google Maps and the associated transfer of data to the USA, please do not give your consent or do not visit the subpage containing the "Pharmacy Finder" and/or log out of your Google Account before visiting the site (see above).

Further information on the purpose and scope of the data collection and its processing, as well as the possibility of objecting, can be found here:

Datenschutzerklärung der Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: https://www.google.com/policies/privacy/ , 

Opt-Out: https://www.google.com/settings/ads/.

We maintain online presences within various so-called social media platforms. You can either reach our presences via search engines, via the platforms themselves or follow the links on our website. We would like to point out that on these platforms your data is partly processed by us and partly by the platform operators, which can sometimes also happen outside the european union. For the details of the processing, the risks and legal bases etc., please compare the data protection declarations linked below for the respective presences.

3.1 Instagram-Profil

Our data protection declaration as well as the information about the subject responsible (imprint) for our Instagram profile can be found here: Privacy Instagram | Imprint

3.2 Facebook-FanPage

Our data protection declaration as well as the information about the subject responsible (imprint) for our Facebook-FanPage can be found here: Privacy Facebook | Imprint

When contacting us (e.g. via contact form, e-mail or via our Facebook account), your details will be processed in accordance with Art. 6 lit.b GDPR in order to process the request and in the event that follow-up questions arise. Your data will be deleted as soon as we have fully processed your request.

We also point out the following: As a pharmaceutical company, we are legally obliged to report requests that describe drug and medical device safety-related events, to document them and, if necessary, to report them to the competent authorities. This notification may also include personal information, such as your name, place of residence, health claims or the like, if you have disclosed it explicitly and voluntarily to us. In order to obtain further information, it may be necessary for URSAPHARM to contact you. The legal basis for this data processing is Art. 6 sec.1 lit. c GDPR together with Section 3 MPSV or Section 63 c AMG. Furthermore, for reasons of pharmacovigilance, we are obliged in this case to store your data for at least 5 years for testing purposes in accordance with the legal requirements. After the end of the legal periods, your data will be deleted or anonymized.

We offer you a newsletter on our website (either permanently or, if applicable, only as part of trade fair, promotion or sweepstake promotions) to inform you about current topics (exclusive sweepstakes, product offers, general information, news, promotion and trade fair promotions, etc.).

You can register to receive the newsletter by entering your title, e-mail address and last name in our registration form on the website or in our registration form for the sweepstakes, so that we can verify the accuracy of your data. Your e-mail address will be activated for the distribution of our newsletter by means of a so-called opt-in procedure. After registration, you will receive a confirmation e-mail from us in which you must click on a link contained therein in order to finally register your address effectively.

The newsletter will be sent approximately six times a year to the e-mail address you have provided. We process your data on the basis of your consent (Art. 6 sec. 1 lit. a DSGVO) exclusively for sending the newsletter and delete it immediately after unsubscribing from our newsletter. When you confirm the link in the double opt-in email, the date and time of registration are also stored on the basis of our legitimate interest (i.e. to provide proof of registration; Art. 6 sec. 1 lit. f DSGVO) are stored.

We send our newsletter via the provider CleverReach (CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede). For this purpose, the data you provide is stored and transmitted to CleverReach in encrypted form. You can find more information about data security at CleverReach here:  https://www.cleverreach.com/de/datensicherheit/  

If you no longer wish to receive our newsletter, you can unsubscribe via the unsubscribe function contained in each newsletter or via the unsubscribe form contained on our website or by means of a link contained in the newsletter or by other communication to us.

We sometimes host sweepstakes / competitions that we promote on our website and/or on our social media presences and to which you can register via a corresponding subpage on our website.

In this respect we cooperate with external agencies for the event. The details of the associated data processing can be found in the competition conditions. This includes the indication of the agency, which cooperates with us in the respective case and processes the data of the participants accordingly for the processing of the competition. The data will therefore be passed on to these agencies. Otherwise, no transfer will take place.

Participation in a competition usually requires the registration of participants with personal data, typically a title, first name, name and e-mail address. The data processing is carried out on the basis of Art. 6 sec.1 lit. b GDPR or – if necessary – on the basis of your consent in accordance with Art. 6 sec.1 lit. a GDPR. The respective terms and conditions apply.

The winners will be published anonymously (i.e. first name, abbreviated last name, shortened place of residence) on our website. The data will be used solely for the purpose of the competition and will be deleted, with the exception of the winning data, after the winners have been determined. The winners' data will also be processed for winning notification and for the dispatch of the winnings and then deleted. Only with your express consent will it be used beyond this purpose, e.g. for sending the newsletter.

We have committed the respective agencies that act in accordance with our instructions to comply with the data protection laws, also and in particular in the sense of the foregoing, and have concluded corresponding data processing contracts with them.

You can request information about the data stored about you at any time free of charge at the above address. In addition, under certain conditions, you may request the correction or deletion of your stored personal data. Furthermore, you may have the right to restrict the processing of your data as well as a right to the publication or transfer of the data provided by you in a structured, common and machine-readable format. If the processing of your personal data is based on your consent, there is also the right to revoke the consent at any time. This does not affect the legality of the processing carried out on the basis of consent until the revocation.

Right to object

You have the right to object at any time to the processing of your personal data, which is based on Article 6 sec. 1 lit. f) GDPR. In particular, an objection may be made to the processing for direct marketing purposes.

You can also contact the above-mentioned data protection officer or a data protection supervisory authority with a complaint.

The supervisory authority responsible for us is:

Unabhängiges Datenschutzzentrum Saarland

Die Landesbeauftragte für Datenschutz und Informationsfreiheit

Fritz-Dobisch-Straße 12

66111 Saarbrücken

Telephone: (0681) 94781-0

Telefax: (0681) 94781-29

E-mail: poststelledatenschutz.saarland.de