Data Protection Declaration according to GDPR/BDSG 2018
I. Name and Address of the Controller
The Controller in terms of the General Data Protection Regulation and other national data protection laws of the Member States and other data protection enforcements is:
Company: Dr. Fresen Pharma GmbH
CEO: Dr. rer. nat. Thomas Klose
Address: Neversstraße 5, 56068 Koblenz, Rheinland-Pfalz, Deutschland
Tel: 0049 (0)2 61 / 97 37 71 31 Fax: 0049 (0)2 61 / 97 38 58 07
E-Mail: info@drfresenpharma. de
Homepage: www. drfresenpharma. de
Data Protection Registrar for the Controller, is:
Mr Rainer Schmidt, McZert, Am Felde 10, 58840 Plettenberg
Telefon: 0 23 91 / 60 15 10 Fax: 0 23 91 / 601 51 19
www. mczert. de
II. General Information regarding Data processing
1. Scope of processing of personal data
We process personal data of our users generally, only in so far as this is necessary to provide a functioning website, including our contents and services. The processing of personal data belonging to our users only takes place regularly once the user has consented. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
In so far as we obtain consent from the Data Subject for the processing of personal user data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the processing of personal data required for the performance of a contract in which the Data Subject is a contract party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing activities, which are necessary for the execution of pre-contractual measures.
In so far as the processing of personal user data is required for the fulfilment of a legal obligation, to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that the vital interests of the Data Subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is required to safeguard a legitimate interest in our company or a third party and if the interests, fundamental rights and fundamental freedoms of the Data Subject do not outweigh the first-mentioned interest, then in this case Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
3. Data deletion and duration of Data storage
The personal data of the Data Subject will be deleted or blocked, as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if provision has been made for this via European or national legislation within EU regulations, laws or other provisions to which the Controller is subject. The data will be blocked or deleted once a storage period which was prescribed by the aforementioned rules, has expired, unless further storage of data is required in order to close or fulfil a contract.
III. Provision of the website and creation of log files
1. Description and scope of data processing
Every time you visit our website, the hosting system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
Information about the browser type and the version used
The IP address of the user (anonymised)
Date and time of access
Host name and country of the user of our website
2. Legal basis for the data processing
The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary in order to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session. For these purposes we retain our legitimate interest in the data processing according to Art. 6 para. 1 lit. f GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary to the purpose for which it was collected. In the case of the data being collected in order to make the website available, this will take place when the respective session has ended.
5. Possibility of objection and of deletion
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
a)Description and scope of data processing
Cookies are set on the access device. These are small text files which are stored on your access device.
Upon renewed connection, they will be sent back to the web server used by us with the aim of recognising you as a user and with your web settings (browser, operating system, etc. ).
b)Legal basis for data processing
The legal basis for data processing of personal data using Cookies is Art. 6 para. 1 lit. f GDPR.
c)Purpose of data processing
Cookies not only serve to create a user-friendly web-site environment (eg storage of login-data), but they can also serve to collect statistical data of web site usage (eg at what time you accessed which page of our web site and for how long).
e)Duration of storage, possibility to appeal and possibility for remediation
IV. Contact form and E-mail contact
1. Description and scope of the data processing
A contact form can be found on our web site, which can be used to make electronic contact. If the user makes use of this opportunity, the data which has been entered in the form will be transmitted to us and stored. The data stored:
Surname, first name
Alternatively, you can contact us via the e-mail address provided. In this instance, the user’s personal data transmitted by e-mail will be stored.
In this context, there follows no transmission of the data to third parties. The data will be used exclusively for the processing of the conversation.
2. Legal basis for data processing
The legal basis for the processing of data, where consent has been obtained from the user, is Art. 6 para. 1 lit. a GDPR.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
3. Purpose of the data processing
Data processing of the personal data from the contact form serves us only for the process of establishing contact. In the event of contact being made via e-mail, this also constitutes the necessary, legitimate interest in processing the data.
The other personal data processed during the transmission process, serves to prevent a misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as it is no longer needed for the achievement of the purpose for which it was obtained. This is also the case, regarding the personal data from the contact form and that which was sent per e-mail, once the respective conversation with the user has terminated. The conversation is terminated, once the circumstances indicate that the matter in question has been finally resolved.
The additional personal data collected during the transmission process will be deleted at the latest after a period of seven days has expired.
5. Possibility of Appeal and remediation
The user has the opportunity to withdraw their consent to the processing of personal data at any time. If the user makes contact with us via e-mail, they may at any time object to the storage of their personal data. In this event, the conversation cannot be continued. This applies analogously to a subsequent withdrawal of consent previously given. In this event, all personal data, which was saved in the course of contacting us, will be deleted.
V. Rights of the Data Subject
The following list includes all the rights of the Data Subject according to the GDPR/BDSG(new). Rights that are not relevant to the own web site do not need to be mentioned. In this respect, the list can be shortened.
If your personal data is processed, then you are a Data Subject in terms of the GDPR/BDSG(new) and you are entitled to the following rights vis-à-vis the Data Controller.
1. The right to information
You have the right to request confirmation from the Controller as to whether personal data, which concerns you, has been processed by us.
In the event that such processing has taken place, you may request the following information from the Controller:
(1)the purposes for which the personal data are processed;
(2)the categories of personal data, which are processed;
(3)the recipients and respectively the categories of recipients to whom the personal data concerning you, have been or are still in the process of being disclosed.
(4)the planned duration of the storage of the personal data concerning you, or in the event that it is not possible to obtain concrete information regarding this, then the criteria for determining the duration of storage.
(5)the existence of a right to amendment or deletion of personal data concerning you, a right to a limitation of processing via the Controller or a right to appeal against such processing.
(6)the existence of a right of appeal to a supervisory authority.
(7)all available information regarding the origin of the data, if the personal data is not obtained from the Data Subject.
(8)the existence of automated decision-making, including profiling in accordance with Art. 22 para. 1 und 4 GDPR and – at least in these cases – significant information about the logic involved and the scope and intended effects of such processing upon the Data Subject.
You have the right to request information as to whether the personal data which concerns you will be communicated to a third country or to an international organisation. In this regard, you can request to be informed about the proper guarantees according to Art. 46 GDPR in connection with the communication.
2. The right to Amendment
You have the right of amendment and/or completion vis-à-vis the Controller if the personal data processed, which concerns you, is incorrect or incomplete. The Controller is bound to undertake the amendment without delay.
3. The right to limitation of the processing
You can request the limitation of processing of the personal data concerning yourself under the following circumstances:
(1)when you dispute the accuracy of the personal data concerning yourself for a period of time, which allows the Controller to review the accuracy of the personal data;
(2)the processing is unlawful and you decline the deletion of personal data and instead of which, request that the use of the personal data be restricted;
(3)the Controller no longer needs the personal data for the purpose of processing, however you do need it to assert, exercise or defend legal claims, or
(4)when you have filed an objection to the processing according to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the Controller outweigh your reasons.
If the processing of the personal data concerning yourself has been restricted, this data may only be processed – aside from its storage – with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State.
If the restriction of processing ensued under the above mentioned circumstances, you will be informed by the Controller before the restriction is lifted.
4. Right to deletion
a)Obligation to delete
You can demand from the Controller, that the personal data concerning yourself is deleted forthwith and the Controller is bound to
delete this data forthwith, in so far as one of the following reasons applies:
(1)The personal data concerning yourself is no longer needed for the purposes for which it was obtained or otherwise processed.
(2)You revoke your consent, upon which the processing was based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
(3)You file an objection against the processing according to Art. 21 para. 1 GDPR and there are no overriding, legitimate grounds for the processing or you file an objection against the processing according to Art. 21 para. 2 GDPR.
(4)The personal data concerning yourself was unlawfully processed.
(5)The deletion of the personal data concerning yourself is necessary for the fulfilment of a legal obligation under Union law or the law of the Member States, to which the Data Controller is subject.
(6)The personal data which concerns yourself was obtained in relation to services provided by the information society according to Art. 8 para. 1 GDPR.
b)Information to third parties
If the Controller has made public the personal data concerning yourself and if they are bound to delete it, according to Art. 17 para. 1 GDPR, they shall be bound to take appropriate measures, taking into account the available technology and the costs of implementation, including the technical kind, to inform the person responsible for the data processing, who processes the personal data, that you, as Data Subject have demanded that they delete all links to this personal data or copies or replications of this personal data.
The right to delete does not exist, as far as the processing is necessary.
(1)to exercise freedom of expression and information;
(2)in order to fulfil a legal obligation which the processing requires according to the law of the Union or of the Member States to which the Controller is subject, or for the realisation of a task which lies within the public interest or which ensues from the exercising of public authority, which was conferred upon the Controller;
(3)for reasons of public interest in the field of public health according to Art. 9 para. 2 lit. h and i, also Art. 9 para. 3 GDPR;
(4)for archiving purposes, which are in the public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 para. 1 GDPR, in so far as the law referred to under section a) is anticipated to make it impossible or seriously impair the attainment of the objectives of such processing, or
(5)to assert, exercise or defend legal claims.
5. Right to information
If you have exercised your right of amendment, deletion or restriction of the processing against the Controller, the Controller is bound to inform all recipients to whom personal data concerning yourself has been disclosed, of the amendment or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed of the recipients by the Controller.
6. Right to data transferability
You have the right to receive the personal data, with which you have provided the Controller, in a structured, usable and machine-readable format. Besides which, you have the right to communicate this data to another Controller without hindrance by the Controller, to whom the personal data was provided, in so far as
(1)the processing is based on consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract according to Art. 6 para. 1 lit. b GDPR and
(2)the processing is carried out by means of automated methods.
In exercising this right, you furthermore have the right to effect the transference of the personal data concerning yourself directly from one Controller to another Controller, in so far as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data transferability does not apply to the processing of personal data, which is necessary for the realisation of a task which lies in the public interest or in the exercising of public authority, which was delegated to the Controller.
7. Right of Objection
You have the right to object at any time, due to reasons which arise from your particular situation, to the processing of personal data concerning yourself, which ensues according to Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based upon these terms.
The Controller will no longer process the personal data concerning yourself, unless they can prove compelling, defensible grounds for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning yourself is processed for direct advertising purposes, you have the right at any time to object against the processing of the personal data concerning yourself being used for this kind of advertisement; this also applies to profiling, in so far as it is associated with such direct advertising.
If you object to the processing being used for the purposes of direct advertisement, the personal data concerning yourself will no longer be used for these purposes.
You have the option to exercise your right of objection by means of automated methods, which use technical specifications, in conjunction with the utilisation of services provided by the information society – irrespective of the directives 2002/58/EC.
8. The right to revoke the data protection consent declaration
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent up until the revocation.
9. Automated decision in individual cases, including profiling
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This does not apply, if the decision
(1)is necessary for the conclusion or performance of a contract between you and the Controller,
(2)is permitted according to Union or Member State legislation to which the Controller is subject and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
(3)follows with your explicit consent.
However, these decisions may not be based on special categories of personal data according to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR apply and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.
With regard to the cases mentioned in (1) and (3) the Controller will take appropriate measures to safeguard the rights and freedoms and your legitimate interests, in which case, the right exists at the least for a person on the part of the Controller, to effect an intervention to state their own position and to challenge the decision.
10. The right to appeal to a supervisory authority
Notwithstanding any other administrative or judicial remedy, you have the right to appeal to a supervisory body, in particular in the Member State where you are staying, working or at the place of the alleged offence if you are of the opinion that the processing of the personal data concerning yourself violate the GDPR/BDSG(new).
The supervisory body (eg below, to which the complaint is lodged), informs the complainant of the current status and results of the appeal, including the possibility of a judicial remedy according to Art. 78 GDPR.
The state Commissioner for Data Protection and Freedom of Information Rheinland-Pfalz
Postfach 30 40, 55020 Mainz, Tel: 0049 (0) 61 31 / 2 08 – 24 49, Fax: – 24 97,