+49 40 – 59101-0
Contact

Privacy Policy

The protection of personal data of users of this website is a major concern of Desitin Arzneimittel GmbH (“Desitin“, “we“, “us“). When processing your personal data, we comply with the applicable provisions of the EU General Data Protection Regulation (“GDPR“), the German Federal Data Protection Act (“FDPA“) and tele media law. The following privacy notice describes which personal data of users are collected on the website and how they are processed.

1. Controller

The controller for processing your data in connection with this website is the Desitin Arzneimittel GmbH (“Desitin“). Our contact data are:

Desitin Arzneimittel GmbH
Weg beim Jäger 214
22335 Hamburg
Germany

Tel.: +49 40-591010
E-mail: info@desitin.de

2. Contact Data of our Data Protection Officer

Should you have any questions regarding this privacy notice or generally about the processing of your data by Desitin, please contact our Data Protection Officer:

Desitin Arzneimittel GmbH
– Data Protection Officer –
Weg beim Jäger 214
22335 Hamburg
Germany
E-mail: datenschutz@desitin.de

3. Processing of Personal Data

Personal data are all information referring to an identified or identifiable natural person, such as names, addresses, telephone numbers, email addresses, photos or online identifiers. When we process personal data, this means – for example – that we collect, store, use, transmit or delete such data. In the following, we will first specify the processing purposes and legal bases of processing; thereafter we will explain details regarding the individual categories of personal data that we collect.

3.1. Processing purposes and legal bases

We and/or the service providers commissioned by us process your personal data for the processing purposes listed below. We point out that, according to the “legitimate interest” as legal basis, you are entitled to exercise a special right to object to processing (see section 9 “Your rights as a data subject” for further details regarding the execution of this right).

No.Processing purposeLegal basis of processingDescription of the legitimate interest in processing, where relevant
1Providing a website for the general public according to our Terms of UsePerformance of contract (for registered users)/ respectively legitimate interest (for non-registered users).We have a legitimate interest in collecting and processing data of non-registered users for the purpose of providing an online presence.
2Collecting statistical information about the use of the website (so-called web analysis)Legitimate interestWe have a legitimate interest in obtaining information about the website use, especially in order to improve our offer.
3Webtracking by use of common web analysis tools and services (Google Analytics).Consent
4Tracking malfunctions and safeguarding system security, including the detection and tracing of unauthorized access attempts and accesses to our web server.Compliance with our legal obligations regarding data security, and legitimate interestWe have a legitimate interest in removing malfunctions, guaranteeing the system security, as well as detecting and tracing unauthorised accesses or access attempts.
5Safeguarding and defending our rightsLegitimate interestWe have a legitimate interest in safegarding and defending our rights and legal claims.

3.2. Automatically collected data (server log files)

During your visit to the website, Desitin automatically collects access data, which are relevant for system security and data security, in the so-called log files of the web server. This involves the following data in particular:

  • Domain and Host from which you use the internet
  • Internet address of the web page from which you have accessed this website via a link
  • Date and time of your visit to this website
  • Visited web pages on our website and respective duration
  • Amount of data transferred
  • Internet protocol (IP) address of your computer or end device
  • Operating system and information about the browser used, including add-ons installed, if any
  • http status code (for example “request successful” or “requested file not found”).

The log files are stored for up to seven days for the purpose of tracking malfunctions and guaranteeing system security, including detecting and tracing unauthorized access attempts and accesses to our web servers and are deleted after this period unless a suspect case of unlawful access to our web servers has occurred until then. The log files are only analyzed in such suspect cases and only by authorized persons. Log files which must continue to be stored for evidentiary purposes are excluded from deletion until final clarification of the particular case and may be forwarded to investigation authorities or lawyers to the required extent.

The log files are additionally also stored for the web analysis, however without (complete) IP addresses so they do not enable conclusions regarding a specific user. For web analysis purposes, the files are evaluated in aggregated form only (for details see section 5 “web analysis”)

3.3. Processing of other personal data

Other personal data, including business related data, are only collected from you if you provide them to us voluntarily, for example when you register with Desitin, order brochures or send a request to Desitin via a contact form. These data are only collected, processed and used to the extent necessary for the particular purpose (e.g. performance of a contract) and legally permitted, or subject to your consent (for example to process a brochures order, to register and subsequently verify the access authorisation for the protected areas on our website, or to reply to a request via our contact form). This information is not linked to other data.

3.4. Recipient of personal data

3.4.1. Disclosure of data to other controllers

Your personal data are in principle only transferred to the extent required for the particular purpose and to other controllers only in cases where this is necessary for contract performance, where we or the third party have a legitimate interest in such disclosure, or where you have given your consent. Furthermore, data may be transferred to other controllers to the extent we are obligated to make such disclosure due to statutory provisions or enforceable orders issued by public authorities or courts.

3.4.2. Service providers

Desitin may use service providers for data processing. In these cases Desitin will enter into data processing agreements with the service providers to the extent necessary.

In particular, we use the following types of service providers:

  • IT service providers (technical support), Germany;
  • Analysis tool providers, Germany or USA (see section 5 “web analysis”).

3.4.3. Dicslosure of data to recipients outside the EU or the EEA

We might disclose your personal data to recipients that are located outside of the European Union or the European Economic Area in so-called third countries (e.g. service providers which act as processors on our behalf). In this case, we implement safeguards before the data transfer to make sure that there is an appropriate level of data protection at the recipient (e.g. because of an adequacy decision for the respective third country by the EU Commission according to Art. 45 GDPR or by agreement of so-called standard contractual clauses of the EU Commission with the recipient according to Art. 46 GDPR) or that you have consented to the transfer of your data explicitly.

You can request from us an overview of the data recipients in third countries and a copy of the specific provisions to safeguard an appropriate data protection level. Please use the contact data named in section 1 if you wish to do so.

3.4.4. Duration of data storage; retention periods

In principle, we store your data as long as necessary for providing this website and the related services, or as long as we have a legitimate interest in further storage (for example we might still have a legitimate interest in postal marketing even after performance of a contract). In all other cases we delete your personal data, except for data that we must continue to store in order to comply with statutory obligations (due to retention periods set forth by tax and commercial law we are, for example, obliged to preserve documents such as contracts for a certain period of time up to 10 years).

The following specific retention periods apply:

  • Automatically collected data (for security reasons): 7 days
  • Web analysis tool Google Analytics (see section 5): Data are stored permanently in anonymized form

You find information about the duration of storage of cookies used by us in the following section “Cookies”.

4. Cookies

Some pages of the Desitin website use so-called cookies. Cookies are small files that are stored on the user’s computer or in the browser when visiting a website. Cookies can store various types of data and help to provide additional functions (and thus make the website as a whole more user-friendly, effective and secure).

We use so-called “session cookies”, which are automatically deleted when you close the browser.

Desitin also uses a so-called analysis cookie in relation to the web analysis (see section 5 “Web analysis”).

Hereinafter you find a summary of cookies used by us, which shall inform you about the purpose and type of the cookie concerned, and the respective storage duration.

Purpose of CookieType of CookieApplication nameName of the CookieStorage period
Functional CookiePermanentCookie bannercb-enabled1 year
Functional CookieSessionGoogle Analytics
(performance)
_gat_gtag_UA_105876084_11 minute
AnalysisSessionGoogle Analytics (performance: if used via the Google day manager function)dc_gtm1 minute
AnalysisSessionGoogle Analytics
(distinction between users)
_gid1 day
AnalysisPermanentGoogle Analytics
(distinction between users)
_ga2 years

Of course you can set your browser in a way that it does not store our cookies on your hard drive by selecting “Accept no cookies” or similar in your browser settings. Please note that certain features of our website may not be available or are no longer conveniently usable if you have disabled the use of cookies.

The settings options do not cover cookies set by other providers during your visit to web pages of third parties.

5. Web Analysis (Google Analytics)

Google Analytics is a common web analysis tool to evaluate the usage of websites and is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“). The information on your use of the website generated by the cookie are usually submitted to and stored at a Google server in the USA. We use Google Analytics with the additional function offered by Google for anonymizing IP addresses. Here, the IP address is normally shortened by Google within the EU already and only in exceptional cases shortened in the USA, and is at all events stored in a shortened form only.

According to the provider, your IP address submitted by your browser in connection with Google Analytics is not combined with other data.

You can prevent the collection and analysis of your data by Google by downloading and installing the browser plugin available here. In additional, you may prevent the storage of cookies by your respective browser settings (see section 4 “Cookies”).

Our website may include links to web pages of third parties. We have no influence on the processing of any personal data transferred to third parties by clicking the link (e.g. your IP address or the URL of our website including the link). We take no liability for the processing of such personal data by third parties. The third party’s respective privacy notices shall apply..

7. Data security

Our employees and the service providers commissioned by us and their employees are obliged to maintain secrecy and comply with the regulations of the applicable data protection laws.

We take all necessary technical and organizational measures in order to guarantee a level of protection appropriate to the risk involved with the data processing and to protect your data processed by us, especially against risks arising from unintended or unlawful destruction, loss, change or unauthorized disclosure or unauthorized access. Our security measures are continuously being improved in line with the technological development.

8. Confidentiality of emails

If you send an email to Desitin via this website, these data are transmitted in encrypted form.

9. Your rights as a data subject

Exercising of your rights: In order to exercise your rights according to Art. 12-22 GDPR, please use the contact details named in section 1. Please make sure for this purpose that we can identify you clearly.

Right to information and access (Art. 13, 14, 15 GDPR): You are entitled to receive information about the processing of your data from us. You may require us to confirm whether we process any personal data concerning you, and you have the right to access your data processed by us.

Right of rectification and erasure (Art. 16, 17 GDPR): If your data are inaccurate or incomplete, you may request that your data are rectified or completed. If we have disclosed your data to third parties, we will inform them about the rectification to the extent set forth by law. You have the right to obtain erasure of your personal data from us, if the respective legal conditions are fulfilled. This particularly applies in cases where:

  • your personal data are no longer needed for the purposes for which they have been collected
  • the legal basis for processing was exclusively your consent, and you withdrawn such consent
  • you have objected to direct marketing
  • you have objected to data processing based on our legitimate interests on grounds that relate to your particular situation and there are no overriding legitimate grounds for the processing
  • your personal data have been subject to unlawful processing or
  • your personal data must be erased as to comply with a legal obligation.

When we disclose your data to third parties, we inform them about the deletion to the extent prescribed by law. Please note that your right of deletion is subject to restrictions. For example, we are not committed or permitted to delete any data which we must continue to store due to statutory retention periods. Also, data which we need in order to establish, exercise or defend legal claims are excluded from your right of deletion.

Restriction of processing (Art. 18 GDPR): You may request restriction of the processing of your data, if the respective legal conditions are fulfilled. This particularly applies in cases where:

  • the accuracy of your personal data is contested by you, and then until we have been able to correct or verify the accuracy
  • the processing is unlawful and you request a restriction of use instead of erasure (see also above)
  • we no longer need your data for the processing purposes, but you need such data in order to establish, exercise or defend your legal claims
  • you have objected to the processing for personal reasons, and in this case until it is clarified whether your interests override.

If you have the right to restriction of processing, we flag the data concerned in order to make sure that these data only continue to be processed within the narrow limits applying to such restricted data (i.e. especially in order to defend legal claims or with your consent).

Right to data portability (Art. 20 GDPR): You also have the right to receive your data provided to us in a structured, commonly used and machine-readable format, or to request – if technically feasible – that the data are transmitted to a third party.

Right to object (Art. 21 GDPR): You have the right to object to data processing on grounds relating to your particular situation, if such processing is based on legitimate interest as legal basis. You can also always object to the processing of your data for marketing purposes.

Withdrawal of consent (Art. 7(3) GDPR): If you have consented to the processing of your data, you may withdraw such consent at any time and without reason. The lawfulness of processing your data remains unaffected until the withdrawal.

Right to lodge a complaint with the Supervisory Authorithy: You have the right to lodge a complaint with a Supervisory Authority. For this purpose you may particularly contact the Supervisory Authority competent for your place of residence, or the Supervisory Authority competent for us. The latter is:

Der  Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (“The Hamburg Officer for Data Protection and Freedom of Information”)

10. Obligation to Provide Data

You can visit our website without disclosing your personal data to us. For registration purposes and for making use of the “Desitin login” you are however obliged to provide us with the personal data needed for contract agreement and performance; we highlight these mandatory details with an asterisk (*). If you do not want to provide these data, you are unfortunately not able to use the “Desitin login”.

11. Amendment of the Privacy Statement

Desitin reserves the right to amend the contents of this privacy notice in accordance with legal requirements. Please keep yourself informed regularly about updates of this privacy notice.

12. Contact

If you wish to contact us, you can o so under the contact data specified in section 1.

Last update: October 2020