1. Privacy Policy

We appreciate your visit on our Facebook fan page https://www.facebook.com/HYLO.Augengesundheit/ (hereinafter also called "Page") and the associated interest in our company. With the aim of providing you with the highest possible level of transparency, we will inform you below about the nature, scope and purpose of the collection, processing and storage of personal data that accrues in the context of the use of our Facebook fan page. The General Data Protection Regulation (hereinafter referred to as the "GDPR") can be accessed here as a complete document. Of course, there is no obligation for you to provide us with personal data, but we would like to point out that this may be necessary for certain functions of our Facebook fan page and that you will not be able to use these functions in this case or only with restrictions. When you visit our Facebook fan page (even if you do not have a Facebook profile yourself), personal data is collected, processed, used and stored not only by us, but also by Facebook itself. This is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, Imprint:  https://www.facebook.com/terms. The parent company of this Irish-based company is: Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA (hereinafter referred to as "Facebook"). Since not all individual data processing operations as well as their scope are known by us in detail, we refer to the data policy of Facebook, which can be accessed here, for certain points within this data protection declaration.


In addition, we expressly point out that your data may be transferred not only to Ireland but also to the USA and thus to an unsafe third country. There are currently no EU adequacy decision or any other appropriate guarantees for the US. The protection of your data cannot be guaranteed in the destination country USA. There is currently no equivalent level of data protection in the US. Therefore, the data transfer is associated with corresponding risks. In particular, there are no guarantees regarding the failure of access to your transmitted data by public authorities. For example: it cannot be ruled out that US authorities may access your data on the basis of Section 702 of the Foreign Intelligence Surveillance Act (FISA; a law that governs the United States' foreign intelligence and counter-espionage services). In this context, we expressly point out that you, as an EU citizen, do not have an effective legal protection against the processing of your data by US authorities on the basis of FISA. If you still use our Facebook fan page, you do so in the knowledge of these risks, which you consciously accept as a result.

1.1 Definition of terms

The following terms that we use within our privacy policy are defined within Article 4 GDPR. This is only an extract from Article 4 GDPR. All definitions can be viewed in the GDPR (available here).


  • Personal data (Art. 4 no. 1 GDPR)
Personal means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


  • Processing (Art. 4 no. 2 GDPR)
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


  • Pseudonymisation (Art. 4 No. 5 GDPR)
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.


  • Controller (Art. 4 no. 7 GDPR)
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.


  • Processor (Art. 4 No. 8 GDPR)
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.


  • Third party (Article 4 No. 10 GDPR)
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.


  • Consent (Art. 4 No. 11 GDPR)
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


  • Enterprise (Art. 4 No. 18 GDPR)
Enterprise means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.


1.2 Jointly responsible (Art. 4 no. 7 GDPR) in accordance with Article 26 GDPR

URSAPHARM Arzneimittel GmbH 

Industriestraße 35 

66129 Saarbrücken 

Phone: + 49 (0) 68 05 92 92-0 

Fax: + 49 (0) 68 05 92 92-88 

E-Mail: info(at)ursapharm.de 

Internet:

www.ursapharm.de

Our complete imprint can be found here: ULR or an anchor to imprint


Facebook Ireland Ltd., 

4 Grand Canal Square, Grand Canal Harbour, 

Dublin 2 Ireland, 

Imprint: https://www.facebook.com/terms

The parent company of this Irish-based company is: Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA.


The basis of the data processing is an agreement between us and Facebook in accordance with Art. 26 sec. 1 and 2 GDPR. You find it under the following link:   https://www.facebook.com/legal/terms/page_controller_addendum. Pursuant to Article 26(3) GDPR, you may exercise your rights against both us and Facebook in accordance with this Privacy Policy.


1.3 Data protection supervisor

URSAPHARM Arzneimittel GmbH
z. Hd. of the Data Protection Supervisor
Industriestraße 35, 
66129 Saarbrücken 


You can reach our Data Protection Officer at the e-mail address datenschutz@ursapharm.de  or by post at our aforementioned  address.

Facebook

You can contact Facebook's data protection officer using the following form: https://www.facebook.com/help/contact/540977946302970


1.5 Storage of data / deletion of data

Within the processing as described in our privacy policy, we always inform you of the corresponding storage period or the times of deletion or blocking of the data. If no explicit storage period is defined, the data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies.
Storage can take place beyond the defined times if statutory regulations to which we are subject (e.g. Section 147 Tax Code (Abgabenordnung), Section 247 Commercial Code (Handelsgesetzbuch)) provide for a different storage period. After the storage period, the personal data will be deleted or blocked, unless further storage is required by us due to a legal basis. In addition, storage beyond the specified time is possible in the event of a (threatening) dispute with you or any other legal procedure. With regard to Facebook's data storage or deletion, we refer to Facebook's data policy, which you can access under the following link https://www.facebook.com/policy.php,  as well as Facebook's cookie policy, which you can reach under the following link:  https://www.facebook.com/policies/cookies/.


1.6 Collection of personal data

In the following, we will inform you about the collection of personal data (such as name, e-mail address, address or user behaviour).

2.6.1 Exclusively informational use of our Facebook fan page (without log-in)

You can always access our Facebook fan page even if you do not have a Facebook profile or are not logged into it when you are access our fan page, whereby some functions (such as the Messenger) cannot be used here. We do not collect any data from you in this case. However, we would like to point out that data is collected by Facebook. At least the personal data that your browser transmits to the Facebook server will be collected. 

This is usually data that is technically required to provide you with the site for viewing while ensuring a secure and stable display. To our knowledge, this means at least the following information, that results from a logfile line:

  • Internet protocol address (IP address)
  • Time and date of access
  • Time zone difference from Greenwich Mean Time (GMT)
  • The concretely accessed page
  • Access Status / Hypertext Transfer Protocol (http)
  • Amount of data that has been transferred in each case
  • Website from which access to our fan page takes place (referrer URL)
  • Used internet browser (incl. language and version)
  • Operating system used

For more information, we refer to Facebook's data policy, which you can access under the following link https://www.facebook.com/policy.php. In addition, when you visit our fan page by Facebook, so-called cookies are stored on your used device, which enables Facebook to create user profiles through your preferences and interests, so that you can see targeted advertisements (both inside and outside of Facebook).

For more information, see Facebook's cookie policy, which can be accessed under the following link: https://www.facebook.com/policies/cookies/. We would like to point out that you can prevent the storage of cookies at any time by setting your browser appropriately. Further information in this context we have compiled with regard to the most common browsers below, yet we point out that this may limit the functionality of our Facebook fan page. 


1.6.2 Exclusively informational use of our Facebook fan page (with log-in)

If you visit our Facebook fan page while being logged into your Facebook profile, further personal data will be collected by Facebook in addition to the data mentioned in clause 6.1. For more information, see Facebook's Privacy Policy, which can be accessed here: https://www.facebook.com/policy.php.


1.6.3 Use of special features of our Facebook fan page

  • Contact: If you contact us via Facebook Messenger, we will receive the appropriate information. Contact details voluntarily provided by you (e.g. e-mail address or telephone number) will be stored and processed by us in order to process your request. This is done on the basis of our legitimate interest under Art. 6 sec. 1 lit. f GDPR. 

We also point out the following::
As a pharmaceutical company, we are legally obliged to report requests that describe drug and medical device safety-related events, to document them and, if necessary, to report them to the competent authorities. This notification may also include personal information, such as your name, place of residence, health claims or the like, if you have disclosed it explicitly and voluntarily to us. In order to obtain further information, it may be necessary for URSAPHARM to contact you. The legal basis for this data processing is Art. 6 sec.1 lit. c GDPR together with Section 3 MPSV or Section 63 c AMG. Furthermore, for reasons of pharmacovigilance, we are obliged in this case to store your data for at least 5 years for testing purposes in accordance with the legal requirements. After the end of the legal periods, your data will be deleted or anonymized.

    • Commentary on a post

      If you make a comment under a post written by us, we will also receive information. We do not receive any further information or personal data, except those that are publicly available within your profile.

        • "Like-Me Button"

          If you mark a post with a "Like Me" button or one of the available emojis, we will also receive information. We do not receive any further information or personal data, except those that are publicly available within your profile.

          1.7 Facebook Insights

          By means of Facebook Insights (for more information on Facebook Insights, please visit: https://www.facebook.com/business/pages/manage#page_insights and the following link  https://www.facebook.com/help/pages/insights)to provide us with anonymous statistics via our Facebook fan page. This is, for example, information about page subscriptions, likes, post coverage and post interactions, page views, page previews, actions on our site, videos, stories, people, news. For individual statistics, we can parameterise, e.g. by demographic data. We use these statistics to optimize our fan page and make it more suitable for demand. We do not have access to the usage data collected by Facebook for the production of these statistics by means of cookies. The legal basis for the processing of this data is our legitimate interest under Art. 6 sec. 1 lit. f) GDPR to achieve an improvement of the user experience of our Fanpage visitors in accordance with target groups.

          1.8 Facebook Ads

          We run ads on Facebook. In order to be able to use our advertising as targeted as possible, we define target groups by means of Custom Audiences (further information:https://www.facebook.com/business/help/744354708981227?id=2469097953376494)
          For this purpose, we only use the sources that Facebook provides to us. Information from other sources or even from customer lists or offline contacts are not used by us in any case.
          Furthermore, we are able to create a specific target group based on the Audience Insights of Facebook (further information: https://www.facebook.com/business/insights/tools/audience-insights)  by parameterizing demographic data collected via Facebook.
          We do not have access to the usage data collected by Facebook for the production of these statistics by means of cookies. We use these tools to tailor our advertising to your needs. The legal basis for the processing of this data is our legitimate interest under Art. 6 sec. 1 lit. f) GDPR to supply a demand-oriented and effective advertising. The following page allows you to set ad settings on Facebook and thus not allow certain ads:  https://www.facebook.com/ads/preferences/. We are able to display the perfomance of our advertisements through the Ad Center. Among other things, we receive information about the estimated reach (number of people who have viewed our ad at least once), the post interactions (total number of actions performed by persons in connection with our ads) and the link clicks (number of clicks on links within our ad). Within the Ad Manager, we receive additional detailed information so that we can break down our various campaigns using various anonymous metrics (including demographic data) to obtain information on results, reach, or impressions.


          1.9 Sweepstakes/Competitions

          We create sweepstakes/competitions for our Facebook fans. For each one, we provide terms of use that are in accordance with Facebook's guidelines (https://www.facebook.com/policies/pages_groups_events/.
           
          If participation is made by a private message via Facebook Messenger, contact details provided by you (e.g e-mail address or telephone number) are stored by us on the basis of our legitimate interest in accordance with Art. 6 sec. 1 lit. f GDPR to conduct our competition. As soon as the competition is completed, this data will be deleted immediately. The winner will also be informed of his winnings via Facebook Messenger. Name and profile will not be published.


          1.10 Your rights

          Right to information under Art. 15 sec. 1 GDPR
          You have the right to request confirmation from us as to whether you personal data is processed by us. If this is the case, you have a right to information about these personal data, in addition to the right to information about processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your personal data has been disclosed or will be disclosed in the future (in particular for recipients in third countries or international organisations), the storage period or the duration of storage.  Criteria for determining the retention period, the existence of a right of rectification or erasure of the personal data concerning you or the right to restrict the processing on our part, as well as the existence of a right of objection to such processing, the existence of a right of appeal to a supervisory authority, all available information on the origin of the data (in the event that it was not collected by us), the existence of automated decision-making, including profiling and, where applicable, meaningful information on the logic involved, such processing.

          Right to rectification under Article 16 GDPR
          You have the right to request from us without delay the correction of inaccurate personal data as well as the completion of incomplete personal data concerning you.

          Right to erasure ("right to be forgotten") under Article 17(1) GDPR

          You have the right to request that we delete the personal data concerning you immediately. However, under Article 17(3) GDPR, that right does not exist where processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest in the field of public health, for archival purposes in the public interest or for the assertion, exercise or defence of legal claims.


          • Right to restrict processing under Article 18(1) GDPR

          You have the right to request from us to restrict the processing of your personal data if you dispute the accuracy of your personal data (the restriction applies to the duration that allows us to verify the accuracy), the processing of your personal data is unlawful and you refuse it to be deleted, we no longer need your personal data for the processing purposes, however, you need them to assert, exercise or defend legal claims or you have objected to the processing under Article 21(1) GDPR (the restriction applies for the duration, as long as it is not established whether our legitimate reasons outweigh yours).

          • Right to data portability under Article 20 GDPR

          You have the right to receive the personal data concerning you from us in a structured, common and machine-readable format, as well as to make a transfer to another controller without hindrance on our part (or to request a direct transfer from us to another controller, if technically possible) if the processing by us was based on a consent or a contract or was carried out by automated procedures.

          • Right to revoke consents given in accordance with Art. 7 sec. 3 GDPR

          You have the right to revoke a given consent to us at any time with effect for the future, so that the data processing, which was carried out on the basis of your consent, can no longer be continued for the future, but the legality of the processing carried out up to your revocation is not affected by this.

          • Right to appeal under Article 77 GDPR

          Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or the place of the alleged infringement. For more information, please visit: https://www.bfdi.bund.de/DE/Datenschutz/Ueberblick/MeineRechte/Artikel/BeschwerdeBeiDatenschutzbehoereden.html

          In addition to the aforementioned rights, you also have the right to object at any time against the processing of your personal data, which takes place on the basis of the performance of a task that takes place in the public interest or in the exercise of official authority (Art. 6 sec. 1 p. 1 lit. e GDPR) or to safeguard legitimate interests on our part (Art. 6 sec. 1 p. 1 lit. f GDPR), provided that there are grounds for this which arise from your particular situation. In the event of an objection, no further processing of your personal data will be carried out unless we can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or unless the processing serves to assert, exercise or defend legal claims. In the case of the processing of your personal data for the purpose of direct marketing or profiling, if there is a connection to direct marketing, you have a general right to object, without the need for reasons arising from your particular situation. In the event of an objection, we shall immediately stop processing the personal data for these purposes. 
          To exercise your right of withdrawal or objection, please send an e-mail to: datenschutz@ursapharm.de  or contact Facebook's data protection officer using the following form:
          https://www.facebook.com/help/contact/540977946302970