The protection of personal data and the responsible handling of information you entrust to us are an important and particular concern to us. medac GmbH (medac) processes personal data only in accordance with the legal regulations. These are in particular the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
With this data protection declaration we inform you about medac as the controller for data protection (see 1.) and how, to what extent and for what purposes we process personal data.
- when using our website (see 2.),
- when applying for a job in our career portal (see 3.)
- when concluding contracts with us (see 4.),
- when registering for newsletters (see 5.) and
- when participating in events (see 6.).
- Drug safety and reporting of side effects (see 7.).
Principles applicable to these processing operations and your rights (see 7.).
1. Controller and Data Protection Officer
Responsible person in terms of data protection law: medac GmbH, Theaterstraße 6 22880 Wedel (Imprint)
Data Protection Officer: medac GmbH, Dr. Anna-Kristina Roschek, Theaterstraße 6, 22880 Wedel, Phone +49 (0)4103 - 8006-0
2. Website: Processing of your personal data
The processing of personal data to the extent described under section 2.1. is necessary in order to use the website.
2.1 Data processing to enable the use of the website
When you visit our website, we collect the necessary data to enable you to use it (usage data). This includes your IP address and data on the start, end and subject of your use of the website and the technical information transmitted by your browser (e.g. browser type, operating system and previously visited website). This data is used to ensure a smooth connection, to evaluate system security and stability and for other administrative purposes in our legitimate interest (Article 6, Paragraph 1, letter f BDSG)
When you visit our website, information may be stored on your computer in the form of a cookie. Cookies are small text files that are sent from a web server to your browser and stored on your computer's hard drive. This makes it possible for you to be recognized when you return to the website. In this way we can ensure better functionality of the site or carry out web analysis (see section 2.3.).
There are various types of cookies. A distinction must be made between cookies placed by the website operator when you visit a website (also known as "first party cookies") and cookies placed by third parties (also known as "third party cookies"). We solely have technical control over the first mentioned cookies. On the other hand, there are cookies that are only stored on your computer during your visit to our website (also known as "session cookies") and cookies that are stored for a longer period of time.
Most browsers are set to accept cookies automatically. You can deactivate the storage of cookies in your browser and can delete them from your hard disk at any time. We would like to point out that the use of our offers on the website without cookies is only possible to a limited extent.
However, you can also adjust your browser to only prevent the setting of certain cookies (e.g. cookies from third parties), for example if you wish to prevent web tracking. You can find more information on this in the help function of your browser. You can find further information on cookies from third-party providers that are set or processed when you visit our website in Section 2.3. and in the data protection declarations of the mentioned provider.
The following cookies are set when you visit our website:
Queries the version of the internet browser used by the user to display a message about outdated browsers.
|_ga||Statistics||2 years||Google Tag Manager by Google
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Used by Google Analytics to limit the request rate
|_gid||Statistics||24 hours||Google Tag Manager by Google
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Allows checking on every page whether the user is logged in to DocCheck.
This cookie is used to identify a session and store preferences based on a random number key. It does not store user data that can be used to identify individual users.
2.3. Pseudonymous user profiles for advertising and market research (web tracking and web analytics)
We use web tracking systems for advertising, market research and to make your use of our website as pleasant as possible. Data about the use of our website is stored in pseudonymous user profiles (your IP address is anonymized). This enables us to further develop our website and to tailor the content even better to your needs. The pseudonymous user profiles are not merged with personal data.
You can object to the creation of pseudonymous user profiles. To do this, you can prevent cookies from being set in your browser (see Section 2.2.). On the other hand, you can install a plugin in your browser to protect your privacy, which offers the possibility to prevent tracking - e.g. AdBlock, Ghostery or NoScript (please note the data protection information of the respective plugin provider).
Hereinafter, the tracking technologies used on our website (which may include cookies in particular, see Section 2.2.) and the provider - who processes usage data in pseudonymous profiles for the respective purposes - are listed. In addition, the link to the provider's data protection declaration is provided and we explain to you how you can switch web tracking off or on by the service providers with effect for the future. Generally, a special cookie is stored on your terminal device to prevent the provider from collecting usage data from your terminal devices in the future; please note that you may have to place this cookie again if you delete cookies from your computer.
2.4 Google Analytics
You can prevent the storage of cookies by making the appropriate settings in your browser software and rejecting them (see section 2.2.) or using a privacy plug-in (see section 2.3.). You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en).
Alternatively, you can prevent the collection by Google Analytics by setting a so-called "opt-out cookie" on your computer. Use the following link to do this: Set Opt-Out-Cookie
For more information about privacy at Google Analytics, please visit: https://www.google.de/intl/de/policies/.
2.5 Google Tag Manager
2.6 Data Processing When You Use Other Features of the Website
In general, the provision of personal data is not necessary for the use of our website. With the exception of the cases described in section 2, data collection and processing will only take place if you voluntarily provide us with your data. If you do not provide us with any other personal data, you may not be able to use the functions described in this section. Otherwise there will be no consequences for you.
We process your personal data if you use the following functions:
2.6.1. Contact form
When you contact us via the contact form, we store your details (your name, e-mail address, telephone number if necessary, and the text of your request) and process them in order to process your request.
As far as it is necessary in order to answer your request or your request is directed towards this, we may transfer your details to another company of the Medac group (e.g. if your request relates to a contract or a customer relationship with another company of the Medac group or its products). The legal basis for this data processing is - depending on the subject of your request - the admissibility of the processing within the framework of contract initiation, a contract or our legitimate interest in providing a contact form for general requests (Art. 6 Para. 1 lit. a or f GDPR).
2.6.2 Areas reserved for professional visitors
Professional visitors of our website (doctors, pharmacists and members of certain other health care professions) can access closed areas of our online offer of they have previously registered accordingly. This registration is done via DocCheck. With the password that you receive, you gain access to the closed areas of our website.
DocCheck password protection
DocCheck uses so-called "cookies" - text files that are stored in the user's browser - to facilitate the use of the services. The information generated by these cookies is only transferred to DocCheck servers and is not shared with the website operator or any other third party. There is no data transfer to countries outside the EU.
Allows a single sign-on for all DocCheck logins.
Lifetime = 1 session
Serves to provide suitable content on the basis of pseudonymised identification data (e.g. occupation, country, language).
Lifetime = 1 year
As part of the use of DocCheck password protection, DocCheck collects the so-called log data (IP address, access date, access time, referrer URL, information on hardware and software used such as browser features, device information such as resolution) of the user, starting from the website of the information provider which integrates the login into the website via "embed" or iFrame. This data is not used to draw conclusions about the person, but serve to ensure the correct display of the website or iFrame content and/or the security of the DocCheck services.
We expressly point out that DocCheck is another service provider to whom Medac passes you on within the scope of the registration form provided on its website. Medac has no influence on the collection, processing and use of your data by DocCheck. Please inform yourself on the DocCheck pages about the measures taken there to protect your personal data: http://info.doccheck.com/de/privacy/
2.7 Google Maps
On some of our pages there is a plugin which shows map sections of Google Maps. Google Maps is provided by Google LLC. (Hereinafter: "Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For this purpose, a connection is established between your browser and Google's servers - as if you were visiting the Google search engine's website. Google is responsible for its own data processing. Tracking by Google on our website does not take place.
3. Career portal
As part of online applications, we collect personal data about you. This particularly includes your personal data with contact information as well as a description of your education, work experience and skills. In addition, you have the option of providing us with electronically stored documents such as certificates or letters. You have the option of creating an online applicant profile so that you do not have to enter your data more than once in the case of multiple applications. This information will only be used by the respective human resource managers of Medac and exclusively within the scope of the application procedure and for the purpose of processing your application. If your application remains unsuccessful, this data will be deleted six months after completion of the application process, unless you have expressly agreed to a longer storage period. The legal basis for the processing in order to make a decision on the establishment of an employment relationship is Article 88 GDPR in conjunction with Paragraph 26 BDSG.
4. Conclusion and implementation of contracts
In order to conclude or execute contracts with you, we process personal data relating to you as far as it is necessary for the execution of the contract with you. For this purpose the provision of your personal data is necessary. You are not obliged to provide your personal data, but if you do not provide it, the establishment and implementation of the contractual relationship may not be possible or only possible to a limited extent. Otherwise there will be no consequences for you. The legal basis for this is Article 6 Paragraph 1 letter b GDPR.
5. Registration for newsletter
If you register for our newsletter or for information about products, developments and events at Medac, we process your personal data in order to provide you with the corresponding information. This requires the provision of your personal data. You are not obliged to provide your personal data, but if you do not, we may not be able to provide you with the information you request. Otherwise there will be no consequences for you. The legal basis for this is Article 6 Paragraph 1 letter a GDPR.
6. Participation in events
If you register to participate in a medac event or if medac supports your participation in a third party event, we will process your personal data as far as it is necessary for the execution of the event and your participation. This requires the provision of your personal data. You are not obliged to provide your personal data, but if you do not provide it, your participation in the event may not be possible or only possible to a limited extent, or medac may not be able to support you or only to a limited extent. The legal basis for this is Article 6 Paragraph 1 letter b GDPR and Article 6 Paragraph 1 letter a GDPR.
7. Drug safety and reports of side effects
When you make a drug safety or a report on side effects, we collect personal data related to the report, such as personal information about you and your circumstances, your state of health, the medicines you are taking, and any side effect you have experienced. You are under no obligation to provide your personal information, but if you do not provide it, it may not be possible to include it and take it into account. The legal basis for the processing of your personal data is Article 6 Paragraph 1 letter c GDPR in conjunction with Paragraph 63 b German Drug Law (Arzneimittelgesetz AMG).
8. General information on data processing by medac Transmission to third parties
We only pass on the personal data described here if it is necessary for the provision of our service or if it is required by law. Within the scope of the purposes mentioned here, personal data will be forwarded to service providers who work for us and support us in particular in the provision of services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound by further contractual data protection requirements. In particular, this includes an obligation as a processor according to Article 28 GDPR.
Otherwise, we will only transfer personal data to other recipients if we have a legal permit to do so or you have given your prior consent. You may revoke any consent you may have given at any time with effect for the future. We will only pass on your data to government agencies within the framework of legal obligations or on the basis of an official order or court decision and only to the extent that this is permissible under data protection law.
9. Transmission to countries outside the EU
As far as necessary for our purposes, we may also transmit your data to recipients outside the EU. This is particularly the case if we have to transfer this data to recipients in countries as part of contract processing or due to statutory regulations. Otherwise, we only transfer data to third countries if it is ensured that the recipient of the data has implemented an appropriate level of data protection within the meaning of Art. 45 GDPR or suitable guarantees within the meaning of Article 46 Paragraph 2 and Paragraph 3 GDPR and no other interests worthy of protection speak against the data transfer. We use the standard contractual clauses of the EU Commission on the transfer of personal data to third countries to ensure an adequate level of protection for the recipient of the data, unless the EU Commission has issued a decision on adequacy within the meaning of Article 45 (1) GDPR.
10. Data security
medac has taken the necessary technical and organisational measures to protect the personal data provided by you from loss, destruction, manipulation and unauthorized access. To protect the personal data of our users, we use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) transmission. You can recognize this by the fact that an "s" is attached to the address component http:// ("https://") or a green, closed padlock symbol is displayed in the browser. By clicking on the symbol you will receive information about the SSL certificate used. SSL encryption guarantees the secure and complete transmission of your data.
We will delete your personal data as soon as it is no longer required for the aforementioned purposes of processing, or if in the event of an objection there are no compelling reasons on the part of Medac worthy of protection or if in the event of a revocation there is no other legal basis for processing. In certain cases, e.g. if there is a legal storage obligation, your personal data will initially be blocked and deleted at the end of the storage period.
12. Your rights
Data protection law grants you a number of rights with regard to data relating to your person (so-called data subject rights). In general these are
- the right to request information about the personal data we have stored about you,
- the right to rectify inaccurate data,
- the right to delete data that may no longer be stored,
- the right to restrict the processing in certain cases,
- the right to object to the processing if it is based on legitimate interests and if they assert justified contrary interests in their situation (Art. 21 para. 1 GDPR)
- the right to object to processing for the purposes of direct marketing (Article 21(2) GDPR),
- the right to data transfer, i.e. the right to transfer data that you have provided to you or to a third party in electronic form, and
- the right to revoke any consent given with effect for the future.
Whether and to what extent these rights exist in the individual case and which conditions apply, is determined by the law, i.e. by the GDPR and the BDSG. You also have the right to complain to the responsible data protection authority. However, if you have any questions or complaints regarding data protection at Medac, we recommend that you first contact our data protection officer (see section 1).
13. No automated case- by – case decision
We do not use your personal data for automated case-by-case decisions according to Article 22 Paragraph 1 GDPR.
14. Amendments to the data protection declaration
Status: April 2019