ilapo privacy policy

All personal data will be treated confidential. Our data privacy practice complies with the German Federal Data Protection Act, the “Bundesdatenschutzgesetz” (hereinafter referred to as “BDSG”), and the General Data Protection Regulation (hereinafter referred to as “GDPR”). The following will inform you about the details regarding data privacy: 


We will process personal data (mostly referred to as "data" hereinafter) only if necessary, or to provide a functional, user-friendly internet presence, including its content and the services it offers. 


Under Art. 4 no. 2 of the EU Regulation 2016/679 (General Data Protection Regulation), "processing" means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


The following data privacy policy will inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide, either alone or in conjunction with others, about the purpose and means of that processing. It will also inform you about the external components we use for optimization and to increase user quality, to the extent that third parties process data autonomously.


Our data privacy policy is structured as follows:
I.    Information about us as the controller
II.    Rights of the users and data subjects
III.    Information about data processing
IV.    Changes to the privacy policy


I.        Information about us as the controller
1.    For the purposes of data privacy law, the controller for this internet presence is:

Ilapo Internationale Ludwigs-Arzneimittel GmbH & Co. KG
Friedenheimer Brücke 21
80639 Munich
Germany
Telephone: +49 (0) 89 189 40 300
Fax: +49 (0) 89 189 40 300
Email: info@ilapo.de


2.     We have appointed a company data protection officer. You can reach that officer as follows:
Ilapo Internationale Ludwigs-Arzneimittel GmbH & Co. KG
Thomas Müller
Friedenheimer Brücke 21
80639 Munich
Germany
Telephone: +49 (0) 89 189 40 300
Fax: +49 (0) 89 189 40 300
Email: mueller@ilapo.de

 

II.    Rights of the users and data subjects
With a view to the data processing described in greater detail in the following, users and data subjects have the rights to

  • information of whether data concerning them is being processed by us, to information about that processed data, to further information about the data processing and to copies of the data (Art. 15 GDPR); 
  • rectification or completion of incorrect or incomplete data (Art. 16 GDPR); 
  • erasure of the data concerning them (Art. 17 GDPR), or in the alternative, insofar as further processing is necessary under Art. 17 para. 3 GDPR, to restriction of that processing based on Art. 18 GDPR; 
  • receive the data concerning them, which they have provided, and to have those data transmitted to other providers or controllers (Art. 20 GDPR); 
  • lodge a complaint with the supervisory authority if they believe that the data concerning them is being processed by the provider in breach of data protection provisions (Art. 77 GPDR). The supervisory authority responsible for us is the Bayerische Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision), Promenade 27 (Schloss), 91522 Ansbach, www.lda.bayern.de/de/index.html. 

We are also obligated to inform all recipients to whom the provider discloses data about any rectification or erasure of data, or the restriction of its processing, which occur due to Articles 16, 17 (1), and 18 GDPR. However, we will not be obligated to do so if this notification is impossible or would entail a disproportionate effort. Without prejudice to this, the user has the right to information about these recipients.

 


Right of objection under Art. 21 (1 and 2) GDPR
You may object at any time, for reasons arising from your particular situation, to the processing of your personal data under Art. 6 (1) (e or f) GDPR. After you lodge such an objection, we will not process your personal data unless we can prove compulsory reasons for doing so which are worth protecting and which override your interests, rights and freedoms, or if the processing helps to assert, exercise or defend against legal claims (Art. 21 (1) GDPR, "restricted right to object"). In this case, you must provide reasons for your objection which result from your particular situation.
You may also object, without giving reasons, to your personal data being processed for direct advertising.



III.    Information about data processing

1.     Collection and processing of personal data

a.    Server-Logfiles

Whenever our internet site is accessed, our system automatically records data and information from the system of the accessing computer. These server log files are small files which log your inquiries and accesses of our internet presence. The following data will be logged:

  • Name of the visited internet presence
  • Date and time of access 
  • Quantity of transmitted data 
  • Reference from which you arrived at the internet presence (the "referrer URL") 
  • Your browser type 
  • Your operating system 
  • Your IP address

These data do not normally allow us to identify you directly and will be processed to improve our internet presence services. The legal basis for processing your personal data is a legitimate interest (Art. 6 (1) (f) GDPR). We have a legitimate interest in presenting you with a internet presence optimized for your browser and facilitating communication between our server and your end device. 
Moreover, if the system is misused, we can process and use the information captured by the web server in cooperation with your internet provider, the local authorities, or both, to determine the perpetrator of that misuse. The legal basis for doing so is also a legitimate interest, Art. 6 (1) (f) GDPR. In this scenario, our legitimate interest is to protect the integrity of our system and those of our users.


b.    Cookies

aa.     What are Cookies

We want to provide you with an optimal and meaningful user experience on our internet presence. For this reason, we use cookies and other technologies on the platform and as part of our services in order to (a) better understand how our users use the internet presence and our services; (b) optimize and improve the internet presence and our services; and (c) to the extent possible and reasonable, provide and maintain a functional and accurate internet presence.


Cookies and other technologies help us to make your visit to our internet presence more pleasant, efficient and meaningful.


Cookies are text information files that are sent by our web server to your computer and stored there when you visit the platform. Most browsers automatically accept cookies, but the cookies can be configured through the browser's setting function so that they do not accept them or indicate when a cookie is being sent. Cookies can be rejected or deleted at a later date. It is not necessary to accept our cookies in order to use the internet presence in general. However, there are certain areas and functions on the internet presence that you cannot use without cookies.
Instructions for deleting cookies in the most common browsers can be found in the following overview:

Browser  Instruction for deleting cookies
Microsoft Internet Explorer  https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer 
Mozilla Firefox  https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox 
Google Chrome   https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDektop&hl=en-GB 
Apple Safari   https://support.apple.com/en-gb/guide/safari/sfri11471/mac 
Opera  https://help.opera.com/en/latest/web-preferences/#cookies 


The cookies used by us on our internet presence can be divided into the following categories:


(1)     Necessary Cookies

These cookies are necessary for the proper functioning of the internet presence; they allow you to navigate on our internet presence and use our features. An example of this is the reminder of recent actions (e.g. text entered) when you return to a page within the same session.
This data does not allow us to identify you. If you do not accept these cookies, this may affect the performance of the internet presence or parts of it. The legal basis for the collection and processing of personal data is the fulfilment of our contractual obligations (Art. 6 (1) (b) GPDR) and the safeguarding of our legitimate interests, in particular the provision of the internet presence with its essential functions (Art. 6 (1) (f) GPDR).


(2)     Preferences / Functional Cookies

These cookies allow our internet presence to remember the choices you have made (for example, your username, language, or region of residence) in order to provide you with a more personalized online experience. They can also allow users to view videos and interact with social tools such as blogs, chat rooms and forums.

The information collected by these cookies may include personally identifiable information that you have disclosed, such as your username or profile picture. The legal basis for the collection and processing of personal data is to protect our legitimate interests, in particular to personalise the internet presence (e.g. by integrating videos and social tools) and to optimise and increase the attractiveness of our internet presence (Art. 6 (1) (f) GPDR).

 

(3)     Statistics / Performance Cookies

These cookies help us understand how visitors interact with our site by providing information about which web pages or search terms users bring to our site, how long they typically stay on our sites, or how many pages they visit on average.
We use this data to improve the content of our internet presence and to compile statistics for internal market analysis purposes on the individual use of the internet presence. This data does not allow us to directly identify you. All data collected by us is only processed in aggregated form. The legal basis for the collection and processing of personal data is the protection of our legitimate interests, which consist in particular in constantly optimising and improving the functions and attractiveness of our internet presence (Art. 6 (1) (f) GPDR).


(4)     Marketing / Targeting Cookies

These cookies are used to provide content that is more relevant to you and your interests (direct marketing). They can be used to provide targeted advertising or to limit the frequency with which an advertisement is displayed to you. They also help us measure the effectiveness of advertising campaigns on our internet presence or third party internet presences. We may also use these cookies to remember which pages you have visited.

The legal basis for the processing of personal data is your consent (Art. 6 (1) (a) GPDR). However, our internet presence does not currently use any marketing/targeting cookies. Should this be the case in the future, we will obtain your prior consent for the processing of your personal data through marketing / targeting cookies.

 

bb.    Cookies used on our internet presence

In particular, we use the following third-party services which use cookies and other technologies.

If you do not agree to this use, you may deactivate these services by refusing to accept the cookies in your browser. You may also deactivate the service by clicking on the opt-out link or using other opt-out possibilities. For the opt-out links and other opt-out possibilities, please see the heading "Opt-out". You will find further information about the services in the related privacy policies, accessible through the links provided under the heading "Data protection information". Under the heading "Recipient countries and appropriate protection measures" you will also find information to which country the data is transferred and if appropriate safeguards are fulfilled.

(1)     Google Analytics
On your internet presence we use Google Analytics. This is a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as "Google".
The Google Analytics service is used to analyze the usage behavior on our internet presence. Usage and user-related information, such as the IP address, location, time or frequency of the visit to our internet presence, is transferred to a Google server in the USA and stored there. However, we use Google Analytics with the anonymization function. By using this function, Google truncates the IP address with the EU or EEA. Therefore, we cannot draw any conclusions about your person.
The so collected data is in turn used by Google to provide us with an evaluation of the visit to our internet presence and the usage activities there. This data may also be used to provide other services related to the use of our internet presence and the internet. Google states that it does not link your IP address with other data.
The legal basis for the processing of you personal data is our legitimate interest (Art. 6 (1) (f) GPDR), which consists of analysing and evaluating the economic operation of our internet presence for optimisation purposes.
Opt-Out: Google also offers a deactivation add-on, plus additional information, under tools.google.com/dlpage/gaoptout. This add-on can be installed on common browsers and offers you a further opportunity to monitor the data captured by Google when you visit our internet presence. As part of this process, the add-on informs JavaScript (ga.js) of Google Analytics that information about your visit to our online presence is not to be transmitted to Google Analytics. However, this will not prevent information from being transmitted to us or to other web analysis services. Naturally, this data privacy statement will also inform you of the other web analysis services we use, if any.
Privacy Policy: Google provides other information related to data privacy law under policies.google.com/technologies/partner-sites, including instructions for preventing data use.
Receiving Countries and adequate level of data protection: Google may process the data in the USA. By being certified under the EU-US Privacy Shield (available under: www.privacyshield.gov/participant) Google guarantees that the data protection provisions of the EU will be complied with when data are processed in the USA.

(2)     YouTube
On your internet presence we use YouTube. This is a video portal of YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as "YouTube". YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as "Google".
We use YouTube in connection with the function "enhanced data protection mode" to be able to show you videos. The legal basis for the processing of you personal data is our legitimate interest (Art. 6 (1) (f) GPDR), which consists in constantly improving the quality of our internet presence. The "enhanced data protection mode" function means that the data more closely described below will be transmitted to the YouTube server only when you actually start a video.
With the start of the video on our internet presence a connection to the server of YouTube in the USA will be established. This connection is required in order to display the video on our internet presence through your internet browser. During this process, YouTube will capture and process at least your IP address, the date and time, and the internet presence you visit. In addition, a connection will be established to the advertising network "DoubleClick", a Google subsidiary.
If you are logged into YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our online presence or make the appropriate changes to the settings of your YouTube user account.
Opt-out: For functionality purposes and to analyze usage behavior, YouTube continually stores cookies on your end device through your browser. If you do not agree to such processing, you can prevent cookies from being stored by changing your browser settings appropriately. You can find more information above, under the heading "What are cookies".
Privacy policy: Google provides further information about the collection and use of data, and your rights and privacy options in the matter, in the data privacy notice accessible under policies.google.com/privacy.
Receiving Countries and adequate level of data protection: YouTube may process the data in the USA. By being certified under the EU-US Privacy Shield (available under: www.privacyshield.gov/participant, Google and its subsidiary YouTube guarantee that the data protection provisions of the EU will be complied with when data are processed in the USA.

(3)     Zoho Chat and SalesIQ
On our internet presence we use Zoho Chat. This is a chat function of Zoho Corporation B. V., Hoogoorddreef 15, 1101 BA, Amsterdam, Netherlands, hereinafter referred to as "Zoho".
Zoho enables us to contact you, as well as you to contact us through a chat function placed at the edge of the browser when you visit our internet presence. To contact us through the chat function, all you need to do is enter your name, your e-mail address and your request. Further information (e.g. your telephone number) is voluntary.
In addition to providing the chat function, the service also analyses your use of our internet presence. For this purpose, Zoho automatically saves cookies on your computer when you visit our internet presence.
The information generated by the use of the chat function and the use of our internet presence (including your IP address) is transferred to a Zoho server in Europe and stored there. Zoho will use this information for the purpose of providing the chat function, evaluating your use of our internet presence and compiling reports on the use of our internet presence.
The processing of your personal data before activating the chat function is based on our legitimate interest (Art. 6 (1) (f) GPDR), which consist of proactively contacting you through the chat function. The processing of your personal data within the scope of the chat function is based on the fulfilment of the contract (Art. 6 (1) (b) GPDR) in order to process and respond to your request. The processing of your personal data within the framework of the use of our internet presence takes place on the basis of our legitimate interests (Art. 6 (1) (f) GPDR), which consist of analysing and evaluating the economic operation of our Internet presence for optimisation purposes.
Opt-out: Zoho stores cookies on your computer through your internet browser for the purposes of the chat functionality and analysis of user behavior. If you do not agree with this processing, you have the possibility to prevent the storage of cookies in the settings of your internet browser. You can find more information above, under the heading "What are cookies".
Privacy policy: Details on data protection at Zoho and on setting options to protect your personal data can be found in Zoho's data protection information: www.zoho.eu/privacy.html.
Receiving Countries and adequate level of data protection: ZoHo processes the data in the EU, USA and India. Invoved in the provisioning of the services is also the Zoho Corporation, 4141 Hacienda Drive pleasanton, California 94588, USA. By being certified under the EU-US Privacy Shield (available under: www.privacyshield.gov/participant, Zoho Corporation guarantees that the data protection provisions of the EU will be complied with when data are processed in the USA.
Further involved in the provisioning of the services is the Zoho Corporation Pvt. Ltd, Estancia IT Park, Plot No. 140 & 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, India. Please note that for India no EU Commission adequacy decision exists regarding the compliance with European data protection standards, however, Zoho Corporation Pvt. Ltd provides us with safeguards to ensure an adequate level of data protection. Specifically, we have concluded a data processing agreement with Zoho Corporation Pvt. Ltd that includes the EU Standard Contract Clauses for processing personal data in third countries.


cc.    Contract execution

(1)     Identification using DocCheck
We use the identification services of DocCheck Medical Services GmbH for visits to the parts of our internet presence, which are not open to the public. To this end, you must enter your user name and password of DockCheck in the input screen. This login procedure is performed on DocCheck servers, so no personal data is forwarded to us. DocCheck Medical Services GmbH uses cookies to independently provide and operate DocCheck services. The information generated by the cookies will be transmitted only to the servers of DocCheck Medical Services GmbH in Germany, and will not be shared with us or other third parties.

(2)     Orders in the online shop 
For the orders in our online shop to be placed and handled, your name, address, payment method and order data must be processed. The data transmitted from you to take advantage of our goods or services will be processed by us in order to process the contract, and are necessary to that extent. Contracts cannot be concluded or processed unless you provide your data. 
The legal basis for the processing of you personal data is the fulfilment of our contractual obligations (Article 6 (1) (b) GDPR).
We will erase the data when the contract has been executed and the tax and commercial retention periods have expired. 
During contract execution, we will forward your data to the transport firm commissioned to deliver the merchandise, or to the financial service provider, provided such forwarding is necessary for goods delivery or payment purposes. The legal basis for transferring the data is the fulfilment of our contractual obligations, (Article 6 (1) (b) GDPR). 

(3)     Customer account / Registration function
If you open a customer account with us through our internet presence, we will collect and store the data you provide during registration (such as your name, address or email address) exclusively for pre-contractual services, contract execution, or customer services (for example, to give you an overview of your orders so far or offer you the "bookmark" function). At the same time, we store the IP address and date and time of your registration. Those data will not be forwarded to third parties.
The legal basis for the processing of you personal data is the fulfilment of our contractual obligations (Article 6 (1) (b) GDPR).

(4)     Contact questions / Contact options
If you wish to contact us by using the contact form, the chat function or email on our internet presence, the data you provide when doing so will be used to process your request and to get in contact with you. Providing that data is necessary to handle and answer your request; without those data, we cannot answer your request completely or at all.
The use of the chat function requires the setting of cookies on your computer. You can find further information on this under the heading "Cookies used on our internet presence".
The legal basis for the processing of you personal data is the fulfilment of our contractual obligations (Article 6 (1) (b) GDPR) as well as safeguarding our legitimate interests, which include, but are not limited to, contacting you and communicating with you about any concerns you have contacted us about (Article 6 (1) (f) GDPR). 

(5)     Online job applications / Publishing job ads
We give you the opportunity to apply for a job with us through our internet presence. As part of these digital applications, we will collect and process your applicant and application data electronically to handle the application process.
The legal bases for this processing are the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR, Sec. 26 (1) (1) BDSG in conjunction with Art. 88 (1) GDPR).
If an employment contract is concluded after the application procedure, we will store the data transmitted during your application in your personnel file, for the typical organization and administration processes, naturally under observance of further legal obligations.
The legal bases for this processing are also Art. 6 (1) (b) GDPR, Sec. 26 (1) (1) BDSG in conjunction with Art. 88 (1) GDPR.
If an application is rejected, we delete the transmitted data automatically two months after that rejection is announced. However, the data will not be deleted if they must be stored longer—for up to four months or until court proceedings have been concluded—due to statutory obligations such as the burden of proof obligations under the German General Equal Treatment Act (AGG). In this case, the legal bases are Art. 6 (1) (f) GDPR and Sec. 24 (1) (2) BDSG. Our legitimate interest lies in legal defense or enforcement. 
If you expressly agree to a longer storage period for your data (so you can be included in a database of applicants or interested parties, for example), the data will be processed further on the basis of that consent. The legal basis will then be Art. 6 (1) (a) GDPR. Naturally, you may withdraw your consent under Art. 7 (3) GDPR at any time, with effect for the future, by sending us a declaration to that effect. 

2.     Disclosure of personal data
We will not transfer or otherwise disseminate your personal data to third parties unless this is necessary for the performance of our services (legal basis: Art. 6 (1) (b) GDPR), you have consented to the transfer (legal basis: Art. 6 (1) (a) GDPR) or the transfer is permitted on the basis of statutory law.
Within the framework of data protection regulations we are entitled to outsource the processing of your personal data in whole or in part to external service providers who act for us as processors in accordance with Art. 4 no. 8 GDPR. External service providers support us, for example, in the technical operation and support of the internet presence, data management, the provision and performance of services, marketing and internet presence analysis. The service providers commissioned by us process your data exclusively in accordance with our instructions. We remain responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures and supplementary controls by us.
Personal data may also be processed in other ways and also disclosed to third parties if we are required to do so by law - e.g. by court order or to fulfil legal obligations (legal basis: Art. 6 (1) (c) GPDR) or to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to safeguard legitimate interests (legal basis: Art. 6 (1) (b) GPDR), such as to provide products and services.

3.    Data trasfers to third countries
In general, our external service providers process your data within the European Union (EU) or the contracting states of the Agreement on the European Economic Area (EEA). However, in the event that your personal data is transferred to and processed by a service provider located in a third country, we will ensure the protection of your personal data by providing appropriate safeguards, such as Standard Contractual Clauses or the EU-U.S. Privacy Shield. Further information on the safeguards we have taken in individual cases can be obtained at any time from our data protection officer (for contact details, see the heading "Information about us as the controller").

4.    Storage period
Your personal data will only be stored by us for as long as it is necessary to achieve the purposes for which the data was collected or - insofar as statutory retention periods exist beyond this (e.g. in the German Commercial Code and the German Tax Code) - for the duration of the legally stipulated retention period. Afterwards your personal data will be deleted by us. Only in a few exceptional cases your data can be stored beyond that date, e.g. if storage is necessary in connection with the enforcement and defence of legal claims in our favour.

5.    Data Security
We take adequate measures to secure your personal data. All data transmission on the platform and as part of our services uses encryption procedures and occurs through HTTPS, which meets state of the art technology.

IV.        Changes to the privacy policy
We reserve the right to change these data privacy principles at any time in accordance with statutory regulations. This can be the case, for example, if new statutory provisions must be complied with or new services are required. A revision history will inform you about the adjustments made. The currently valid data privacy principles apply to your visit.


Last updated: August 2019