All personal data will be treated confidential. Our data privacy practice complies with the German Federal Data Protection Act, the “Bundesdatenschutzgesetz” (hereinafter referred to as “BDSG”), and the General Data Protection Regulation (hereinafter referred to as “GDPR”).
The following will inform you about the details regarding data privacy:
We will process personal data (mostly referred to as "data" hereinafter) only if necessary, or to provide a functional, user-friendly internet presence, including its content and the services it offers.
Under Art. 4 no. 2 of the EU Regulation 2016/679 (GDPR), "processing" means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
I. Information about us as the controller
II. Rights of the users and data subjects
III. Information about data processing
I. Information about us as the controller
1. For the purposes of data privacy law, the controller for this internet presence is:
ilapo Internationale Ludwigs-Arzneimittel GmbH & Co. KG
Friedenheimer Brücke 21
Telephone: +49 (0) 89 189 40 300
Fax: +49 (0) 89 189 40 300
2. We have appointed a company data protection officer. You can reach that officer as follows:
ilapo Internationale Ludwigs-Arzneimittel GmbH & Co. KG
Friedenheimer Brücke 21
Telephone: +49 (0) 89 189 40 300
Fax: +49 (0) 89 189 40 300
II. Rights of the users and data subjects
With a view to the data processing described in greater detail in the following, users and data subjects have the rights to
information of whether data concerning them is being processed by us, to information about that processed data, to further information about the data processing and to copies of the data (Art. 15 GDPR);
rectification or completion of incorrect or incomplete data (Art. 16 GDPR);
erasure of the data concerning them (Art. 17 GDPR), or in the alternative, insofar as further processing is necessary under Art. 17 ( 3) GDPR, to restriction of that processing based on Art. 18 GDPR;
receive the data concerning them, which they have provided, and to have those data transmitted to other providers or controllers (Art. 20 GDPR);
lodge a complaint with the supervisory authority if they believe that the data concerning them is being processed by the provider in breach of data protection provisions (Art. 77 GPDR). The supervisory authority responsible for us is the Bayerische Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision), Promenade 27 (Schloss), 91522 Ansbach, www.lda.bayern.de/de/index.html.
We are also obligated to inform all recipients to whom the provider discloses data about any rectification or erasure of data, or the restriction of its processing, which occur due to Articles 16, 17 (1), and 18 GDPR. However, we will not be obligated to do so if this notification is impossible or would entail a disproportionate effort. Without prejudice to this, the user has the right to information about these recipients.
Right of objection under Art. 21 (1 and 2) GDPR:
You may object at any time, for reasons arising from your particular situation, to the processing of your personal data under Art. 6 (1) (e or f) GDPR. After you lodge such an objection, we will not process your personal data unless we can prove compulsory reasons for doing so which are worth protecting and which override your interests, rights and freedoms, or if the processing helps to assert, exercise or defend against legal claims (Art. 21 (1) GDPR, "restricted right to object"). In this case, you must provide reasons for your objection which result from your particular situation. You may also object, without giving reasons, to your personal data being processed for direct advertising.
III. Information about data processing 1. Collection and processing of personal data
Whenever our internet site is accessed, our system automatically records data and information from the system of the accessing computer. These server log files are small files which log your inquiries and accesses of our internet presence. The following data will be logged:
Name of the visited internet presence
Date and time of access
Quantity of transmitted data
Reference from which you arrived at the internet presence (the "referrer URL")
Your browser type
Your operating system
Your IP address
These data do not normally allow us to identify you directly and will be processed to improve our internet presence services. The legal basis for processing your personal data is a legitimate interest (Art. 6 (1) (f) GDPR). We have a legitimate interest in presenting you with a internet presence optimized for your browser and facilitating communication between our server and your end device. Moreover, if the system is misused, we can process and use the information captured by the web server in cooperation with your internet provider, the local authorities, or both, to determine the perpetrator of that misuse. The legal basis for doing so is also a legitimate interest, Art. 6 (1) (f) GDPR. In this scenario, our legitimate interest is to protect the integrity of our system and those of our users.
aa. What are Cookies
Cookies and other technologies help us to make your visit to our internet presence more pleasant, efficient and meaningful.
Cookies are text information files that are sent by our web server to your computer and stored there when you visit the platform. Most browsers automatically accept cookies, but the cookies can be configured through the browser's setting function so that they do not accept them or indicate when a cookie is being sent. Cookies can be rejected or deleted at a later date. It is not necessary to accept our cookies in order to use the internet presence in general. However, there are certain areas and functions on the internet presence that you cannot use without cookies.
Instructions for deleting cookies in the most common browsers can be found in the following overview:
The cookies used by us on our internet presence can be divided into the following categories:
(1) Necessary Cookies
These cookies are necessary for the proper functioning of the internet presence; they allow you to navigate on our internet presence and use our features. An example of this is the reminder of recent actions (e.g. text entered) when you return to a page within the same session. This data does not allow us to identify you. If you do not accept these cookies, this may affect the performance of the internet presence or parts of it. The legal basis for the collection and processing of personal data is the fulfilment of our contractual obligations (Art. 6 (1) (b) GPDR) and the safeguarding of our legitimate interests, in particular the provision of the internet presence with its essential functions (Art. 6 (1) (f) GPDR).
(2) Preferences / Functional Cookies
These cookies allow our internet presence to remember the choices you have made (for example, your username, language, or region of residence) in order to provide you with a more personalized online experience. They can also allow users to view videos and interact with social tools such as blogs, chat rooms and forums. The information collected by these cookies may include personally identifiable information that you have disclosed, such as your username or profile picture. The legal basis for the collection and processing of personal data is to protect our legitimate interests, in particular to personalise the internet presence (e.g. by integrating videos and social tools) and to optimise and increase the attractiveness of our internet presence (Art. 6 (1) (f) GPDR).
(3) Statistics / Performance Cookies
These cookies help us understand how visitors interact with our site by providing information about which web pages or search terms users bring to our site, how long they typically stay on our sites, or how many pages they visit on average. We use this data to improve the content of our internet presence and to compile statistics for internal market analysis purposes on the individual use of the internet presence. This data does not allow us to directly identify you. All data collected by us is only processed in aggregated form. The legal basis for the collection and processing of personal data is the protection of our legitimate interests, which consist in particular in constantly optimising and improving the functions and attractiveness of our internet presence (Art. 6 (1) (f) GPDR).
(4) Marketing / Targeting Cookies
These cookies are used to provide content that is more relevant to you and your interests (direct marketing). They can be used to provide targeted advertising or to limit the frequency with which an advertisement is displayed to you. They also help us measure the effectiveness of advertising campaigns on our internet presence or third party internet presences. We may also use these cookies to remember which pages you have visited. The legal basis for the processing of personal data is your consent (Art. 6 (1) (a) GPDR). However, our internet presence does not currently use any marketing/targeting cookies. Should this be the case in the future, we will obtain your prior consent for the processing of your personal data through marketing / targeting cookies.
bb. Cookies and similar technologies used on our internet presence
(1) Google Analytics
On our internet presence, we use various services of Zoho. These services are provided by Zoho Corporation B.V. (Hoogoorddreef 15, 1101 BA Amsterdam, Niederlande), Zoho Corporation (4141 Hacienda Drive, Pleasanton, California 94588, USA) and Zoho Corporation Pvt. Ltd. (Estancia IT Park, Plot No. 140 & 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, Indien). Our direct contractual partner is Zoho Corporation B.V. in the Netherlands (hereinafter referred to as "Zoho") and is therefore fully subject to European data protection law.
(a) Zoho Chat
On our internet presence, we use Zoho Chat. Zoho Chat enables us to contact you, as well as you to contact us through a chat function placed at the edge of the browser when you visit our internet presence. To contact us through the chat function, all you need to do is enter your name, your e-mail address and your request. Further information (e.g. your telephone number) is voluntary. Legal basis for the processing of your personal data before activating the chat function is our legitimate interest (Art. 6 (1) (f) GPDR), which consist of proactively contacting you through the chat function. The processing of your personal data within the scope of the chat function is based on the fulfilment of the contract (Art. 6 (1) (b) GPDR) in order to process and respond to your request.
(b) Zoho SalesIQ
On our internet presence, we use the website analysis function Zoho SalesIQ. Zoho SalesIQ enables us to collect and analyse anonymous usage data when you visit our internet presence. For this purpose, Zoho automatically stores cookies on your computer, that collect information about how visitors use our internet presence, the website from which the user comes to our internet presence, the number of visits of each user and the duration of their stay on our internet presence. Zoho will use this information to evaluate the use of our internet presence and to create reports about the use of our internet presence. We store this data for statistical purposes only. The IP addresses are shortened by the last digits after the collection in order to guarantee anonymity of your data during the evaluation. The legal basis for the processing of your personal data within the framework of the use of our internet presence is our legitimate interests (Art. 6 (1) (f) GDPR), which consist in analysing and evaluating the economic operation of our internet presence for optimisation purposes.
(c) Zoho Campaigns
We use the email marketing software Zoho Campaigns to send our newsletter and evaluate it. When you register for our newsletter, your data is processed in our CRM system and then transferred to the newsletter tool Zoho Campaigns. On our behalf Zoho Campaigns uses this information to send our newsletter and for statistical analysis. For evaluation purposes, our newsletter emails contain web beacons or tracking pixels that allow Zoho to determine whether a newsletter has been opened and which links in it have been clicked on. Technical information is also collected (such as time of access, IP address, browser type and operating system). This information is used for statistical analysis of our newsletter campaigns. The results can be used by us to optimize our newsletter offer and to better adapt it to the interests of the recipients. Zoho Campaigns does not use the data of the newsletter recipients to contact them itself. The legal basis for the processing of your personal data in the context of the use of our newsletter is our legitimate interests (Art. 6 (1) (f) DSGVO), which consist in analysing and evaluating our newsletter campaigns for optimisation purposes. Opt-out: For the purpose of providing the services of Zoho, Zoho stores cookies on your computer via your internet browser.. If you do not agree with this, you have the possibility to prevent the storage of cookies in the settings of your internet browser. You can find more information above, under the heading "What are cookies".
Involved in the provisioning of the services is also the Zoho Corporation (4141 Hacienda Drive pleasanton, California 94588, USA). By being certified under the EU-US Privacy Shield (available under: www.privacyshield.gov/participant, Zoho Corporation guarantees that it complies with European data protection laws when processing data in the USA.
Further involved in the provisioning of the services is the Zoho Corporation Pvt. Ltd (Estancia IT Park, Plot No. 140 & 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, India). By having concludes a data processing agreement, incorporating the EU Standard Contract Clauses, Zoho Corporation Pvt. Ltd guarantees that it complies with European data protection laws when processing data in India.
cc. Contract execution (1) Identification using DocCheck
(2) Orders in the online shop
For the orders in our online shop to be placed and handled, your name, address, payment method and order data must be processed. The data transmitted from you to take advantage of our goods or services will be processed by us in order to process the contract, and are necessary to that extent. Contracts cannot be concluded or processed unless you provide your data. The legal basis for the processing of you personal data is the fulfilment of our contractual obligations (Article 6 (1) (b) GDPR). We will erase the data when the contract has been executed and the tax and commercial retention periods have expired. During contract execution, we will forward your data to the transport firm commissioned to deliver the merchandise, or to the financial service provider, provided such forwarding is necessary for goods delivery or payment purposes. The legal basis for transferring the data is the fulfilment of our contractual obligations, (Article 6 (1) (b) GDPR).
(3) Customer account / Registration function
If you open a customer account with us through our internet presence, we will collect and store the data you provide during registration (such as your name, address or email address) exclusively for pre-contractual services, contract execution, or customer services (for example, to give you an overview of your orders so far or offer you the "bookmark" function). At the same time, we store the IP address and date and time of your registration. Those data will not be forwarded to third parties. The legal basis for the processing of you personal data is the fulfilment of our contractual obligations (Article 6 (1) (b) GDPR).
(4) Contact questions / Contact options
If you wish to contact us by using the contact form, the chat function or email on our internet presence, the data you provide when doing so will be used to process your request and to get in contact with you. Providing that data is necessary to handle and answer your request; without those data, we cannot answer your request completely or at all. The use of the chat function requires the setting of cookies on your computer. You can find further information on this under the heading "Cookies used on our internet presence". The legal basis for the processing of you personal data is the fulfilment of our contractual obligations (Article 6 (1) (b) GDPR) as well as safeguarding our legitimate interests, which include, but are not limited to, contacting you and communicating with you about any concerns you have contacted us about (Article 6 (1) (f) GDPR).
If you have provided your consent, we also collect your name and email address when registering for our newsletter. We process this personal data in order to send you our newsletter. The legal basis for this is the consent provided by you (Art. 6 (1) (a) GDPR). We use the service provider Zoho Campaigns for sending our newsletters. More information on Campaigns is available in section 4.2. We use the so-called double opt-in procedure for the registration of our newsletter, i.e. once you have registered for the newsletter, we will first of all send you an email that includes a confirmation link. Only once you have clicked on the confirmation link and we have received the confirmation, will we activate the delivery of the newsletter. You may withdraw your consent at any time with future effect. You can declare such a withdrawal of consent at any time by following our withdrawal instructions that are included in each newsletter or by sending your withdrawal request to the contact details specified in section “Cookies and similar technologies used on our internet presence”.
(6) Online job applications / Publishing job ads
We give you the opportunity to apply for a job with us through our internet presence. As part of these digital applications, we will collect and process your applicant and application data electronically to handle the application process. The legal bases for this processing are the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR, Sec. 26 (1) (1) BDSG in conjunction with Art. 88 (1) GDPR). If an employment contract is concluded after the application procedure, we will store the data transmitted during your application in your personnel file, for the typical organization and administration processes, naturally under observance of further legal obligations. The legal bases for this processing are also Art. 6 (1) (b) GDPR, Sec. 26 (1) (1) BDSG in conjunction with Art. 88 (1) GDPR. If an application is rejected, we delete the transmitted data automatically two months after that rejection is announced. However, the data will not be deleted if they must be stored longer—for up to four months or until court proceedings have been concluded—due to statutory obligations such as the burden of proof obligations under the German General Equal Treatment Act (AGG). In this case, the legal bases are Art. 6 (1) (f) GDPR and Sec. 24 (1) (2) BDSG. Our legitimate interest lies in legal defense or enforcement. If you expressly agree to a longer storage period for your data (so you can be included in a database of applicants or interested parties, for example), the data will be processed further on the basis of that consent. The legal basis will then be Art. 6 (1) (a) GDPR. Naturally, you may withdraw your consent under Art. 7 (3) GDPR at any time, with effect for the future, by sending us a declaration to that effect.
2. Disclosure of personal data
We will not transfer or otherwise disseminate your personal data to third parties unless this is necessary for the performance of our services (legal basis: Art. 6 (1) (b) GDPR), you have consented to the transfer (legal basis: Art. 6 (1) (a) GDPR) or the transfer is permitted on the basis of statutory law. Within the framework of data protection regulations we are entitled to outsource the processing of your personal data in whole or in part to external service providers who act for us as processors in accordance with Art. 4 no. 8 GDPR. External service providers support us, for example, in the technical operation and support of the internet presence, data management, the provision and performance of services, marketing and website analysis. We also use a CRM system from Zoho Corporation B.V. (Hoogoorddreef 15, 1101 BA Amsterdam, The Netherlands) to organise our business contacts and to carry out our commercial activities, such as contract management with customers and suppliers. For this purpose, we store personal data on the systems of Zoho Corporation B.V. The service providers commissioned by us process your data exclusively in accordance with our instructions. We remain responsible for the protection of your data, which is ensured by strict contractual regulations, such as concluding data processing agreements, technical and organisational measures and supplementary controls by us. Personal data may also be processed in other ways and also disclosed to third parties if we are required to do so by law - e.g. by court order or to fulfil legal obligations (legal basis: Art. 6 (1) (c) GPDR) or to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to safeguard legitimate interests (legal basis: Art. 6 (1) (b) GPDR), such as to provide products and services.
3. Data trasfers to third countries
In general, our external service providers process your data within the European Union (EU) or the contracting states of the Agreement on the European Economic Area (EEA). However, in the event that your personal data is transferred to and processed by a service provider located in a third country, we will ensure the protection of your personal data by providing appropriate safeguards, such as Standard Contractual Clauses or the EU-U.S. Privacy Shield. Further information on the safeguards we have taken in individual cases can be obtained at any time from our data protection officer (for contact details, see the heading "Information about us as the controller").
4. Storage period
Your personal data will only be stored by us for as long as it is necessary to achieve the purposes for which the data was collected or - insofar as statutory retention periods exist beyond this (e.g. in the German Commercial Code and the German Tax Code) - for the duration of the legally stipulated retention period. Afterwards your personal data will be deleted by us. Only in a few exceptional cases your data can be stored beyond that date, e.g. if storage is necessary in connection with the enforcement and defence of legal claims in our favour.
5. Data Security
We take adequate measures to secure your personal data. All data transmission on the platform and as part of our services uses encryption procedures and occurs through HTTPS, which meets state of the art technology.
We reserve the right to change these data privacy principles at any time in accordance with statutory regulations. This can be the case, for example, if new statutory provisions must be complied with or new services are required. A revision history will inform you about the adjustments made. The currently valid data privacy principles apply to your visit.