+49 40 – 59101-0
Contact

Privacy Policy

The protection of personal data of users of this website is a major concern of Desitin Arzneimittel GmbH ("Desitin", "we", "us"). When processing your personal data, we comply with the applicable provisions of the EU General Data Protection Regulation ("GDPR"), the German Federal Data Protection Act ("FDPA") and tele media law. The following privacy notice describes which personal data of users are collected on the website and how they are processed.

1. Controller

The controller for processing your personal data in connection with this website is the Desitin Arzneimittel GmbH ("Desitin"). Our contact data are:

Desitin Arzneimittel GmbH
Weg beim Jäger 214
22335 Hamburg
Germany

Tel.: +49 40-591010
E-mail: info@desitin.de

2. Contact Data of our Data Protection Officer

Should you have any questions regarding this privacy notice or generally about the processing of your personal data by Desitin, please contact our Data Protection Officer:

datenschutz nord GmbH
Jennifer Jähn-Nguyen
Sechslingspforte 2
22087 Hamburg
Germany

Tel.: +49 40-5936160412
E-Mail: jjaehn@datenschutz-nord.de

3. Processing of Personal Data

Personal data are all information referring to an identified or identifiable natural person, such as names, addresses, telephone numbers, email addresses, photos or online identifiers. When we process personal data, this means – for example – that we collect, store, use, transmit or delete such data. In the following, we will first specify the processing purposes and legal bases of processing; thereafter we will explain details regarding the individual categories of personal data that we collect.

3.1. Processing purposes and legal bases

We and/or the service providers commissioned by us process your personal data for the processing purposes listed below. We point out that, according to the "legitimate interest" as legal basis, you are entitled to exercise a special right to object to processing (see section 9 "Your rights as a data subject" for further details regarding the execution of this right).

No.Processing purposeLegal basis of processingDescription of the legitimate interest in processing, where relevant
1Providing a website for the general public according to our Terms of UseLegitimate interestWe have a legitimate interest in collecting and processing data of non-registered users for the purpose of providing an online presence.
2Collecting statistical information about the use of the website (so-called web analysis)Legitimate interestWe have a legitimate interest in obtaining information about the website use, especially in order to improve our offer.
3Webtracking by use of common web analysis tools and services (Google Analytics).Consent
4Tracking malfunctions and safeguarding system security, including the detection and tracing of unauthorized access attempts and accesses to our web server.Compliance with our legal obligations regarding data security, and legitimate interestWe have a legitimate interest in removing malfunctions, guaranteeing the system security, as well as detecting and tracing unauthorised accesses or access attempts.
5Safeguarding and defending our rightsLegitimate interestWe have a legitimate interest in safegarding and defending our rights and legal claims.
6Answering a request via the contact formPerformance of contract
7Providing mapsConsent

3.2. Automatically collected data (server log files)

During your visit to the website, Desitin automatically collects access data, which are relevant for system security and data security, in the so-called log files of the web server. This involves the following data in particular:

  • Domain and Host from which you use the internet
  • Internet address of the web page from which you have accessed this website via a link
  • Date and time of your visit to this website
  • Visited web pages on our website and respective duration
  • Amount of data transferred
  • Internet protocol (IP) address of your computer or end device
  • Operating system and information about the browser used, including add-ons installed, if any
  • http status code (for example "request successful" or "requested file not found").

The log files are stored for up to seven days for the purpose of tracking malfunctions and guaranteeing system security, including detecting and tracing unauthorized access attempts and accesses to our web servers and are deleted after this period unless a suspect case of unlawful access to our web servers has occurred until then. The log files are only analyzed in such suspect cases and only by authorized persons. Log files which must continue to be stored for evidentiary purposes are excluded from deletion until final clarification of the particular case and may be forwarded to investigation authorities or lawyers to the required extent.

The log files are additionally also stored for the web analysis, however without (complete) IP addresses so they do not enable conclusions regarding a specific user. For web analysis purposes, the files are evaluated in aggregated form only (for details see section 5 "web analysis")

3.3. Processing of other personal data

Other personal data, including business related data, are only collected from you if you provide them to us voluntarily, for example when you send a request to Desitin via a contact form. These personal data are only processed to the extent necessary for the particular purpose (e.g. performance of a contract) and legally permitted, or subject to your consent. This information is not linked to other data.

3.4. Google maps

We offer Google Maps as an integrated service on our website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. It allows you to take a look at our exact location. Your personal data are processed and transferred to Google (e.g. IP-address, time of website access) if you click on the map. It is possible that your personal data are also transmitted to other countries outside of the EU. You may take further information on the data processing by Google from Google's privacy policy (https://policies.google.com/privacy?hl=en-US).

3.5. Recipient of personal data

3.5.1. Disclosure of data to other controllers

Your personal data are in principle only transferred to the extent required for the particular purpose and to other controllers only in cases where this is necessary for contract performance, where we or the third party have a legitimate interest in such disclosure, or where you have given your consent. Furthermore, personal data may be transferred to other controllers to the extent we are obligated to make such disclosure due to statutory provisions or enforceable orders issued by public authorities or courts.

3.5.2. Service providers

Desitin may use service providers for data processing. In these cases Desitin will enter into data processing agreements with the service providers to the extent necessary.

In particular, we use the following types of service providers:

  • IT service providers (technical support), Germany;
  • Analysis tool providers, Germany or USA (see section 5 "web analysis"). Map service providers, [USA]

3.5.3. Dicslosure of data to recipients outside the EU or the EEA

We might disclose your personal data to recipients that are located outside of the European Union ("EU") or the European Economic Area ("EEA") in so-called third countries (e.g. service providers which act as processors on our behalf). In this case, we implement safeguards before the data transfer to make sure that there is an adequate level of data protection at the recipient or that you have consented to the transfer of your data explicitly. An adequate level of data protection may be ensured, for example, by the existence of an adequacy decision by the EU Commission for the respective third country, in which the recipient is located, or by the existence of other appropriate safeguards, e.g. if we have agreed on EU standard contractual clauses with the recipient.
You can request from us an overview of the data recipients in third countries and a copy of the specific provisions to safeguard an appropriate data protection level. Please use the contact data named in the contact form if you wish to do so.

3.5.4. Duration of data storage; retention periods

In principle, we store your personal data as long as necessary for providing this website and the related services, or as long as we have a legitimate interest in further storage (for example we might still have a legitimate interest in postal marketing even after performance of a contract). In all other cases we delete your personal data, except for personal data that we must continue to store in order to comply with statutory obligations (due to retention periods set forth by tax and commercial law we are, for example, obliged to preserve documents such as contracts for a certain period of time up to 10 years).

The following specific retention periods apply:

  • Automatically collected personal data (for security reasons): 7 days
  • Web analysis tool Google Analytics (see section 5): Data are stored permanently in anonymized form.

You find information about the duration of storage of cookies used by us in the following section "Cookies".

4. Cookies

Some pages of the Desitin website use so-called cookies. Cookies are small files that are stored on the user's computer or in the browser when visiting a website. Cookies can store various types of data and help to provide additional functions (and thus make the website as a whole more user-friendly, effective and secure).

We use so-called "session cookies", which are automatically deleted when you close the browser.

Desitin also uses a so-called analysis cookie in relation to the web analysis (see section 5 "Web analysis").

Hereinafter you find a summary of cookies used by us, which shall inform you about the purpose and type of the cookie concerned, and the respective storage duration.

Purpose of CookieType of CookieApplication nameName of the CookieStorage period
Essential CookiePermanentCookie bannercb-enabled1 year
Functional CookieSessionGoogle Analytics
(performance)
_gat_gtag_UA_105876084_11 minute
AnalysisSessionGoogle Analytics (performance: if used via the Google day manager function)dc_gtm1 minute
AnalysisSessionGoogle Analytics
(distinction between users)
_gid1 day
AnalysisPermanentGoogle Analytics
(distinction between users)
_ga2 years

Essential Cookies are processed on the basis of our legitimate interest. All non-essential cookies are only processed on the basis of you consent.

Of course you can set your browser in a way that it does not store our cookies on your hard drive by selecting "Accept no cookies" or similar in your browser settings. Please note that certain features of our website may not be available or are no longer conveniently usable if you have disabled the use of cookies.

The settings options do not cover cookies set by other providers during your visit to web pages of third parties.

5. Web Analysis (Google Analytics)

With your consent, we process information about your use of our website via the analysis tool "Google Analytics". Google Analytics is a common web analysis tool to evaluate the usage of websites and is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The information on your use of the website generated by the cookie are usually submitted to and stored at a Google server in the USA. We use Google Analytics with the additional function offered by Google for anonymizing IP addresses. Here, the IP address is normally shortened by Google within the EU already and only in exceptional cases shortened in the USA, and is at all events stored in a shortened form only.

According to the provider, your IP address submitted by your browser in connection with Google Analytics is not combined with other data by Google.

You can prevent the collection and analysis of your data by Google by downloading and installing the browser plugin available here. In addition, you may prevent the storage of cookies by your respective browser settings (see section 4 "Cookies").

7. Data security

Our employees and the service providers commissioned by us and their employees are obliged to maintain secrecy and comply with the regulations of the applicable data protection laws.

We take all necessary technical and organizational measures in order to guarantee a level of protection appropriate to the risk involved with the data processing and to protect your personal data processed by us, especially against risks arising from unintended or unlawful destruction, loss, change or unauthorized disclosure or unauthorized access. Our security measures are continuously being improved in line with the technological development.

8. Confidentiality of emails

If you send an email to Desitin via the contact form, these data are transmitted in encrypted form.

9. Automated decision-making

Automated decision-making, including profiling that is based solely on automated processing, which produces legal effects concerning you or similarly significantly affects you does not take place.

10. Your rights as a data subject

Exercising of your rights: In order to exercise your rights according to Art. 15-22 GDPR, please use the contact details provided in the contact form. Please make sure for this purpose that we can identify you clearly. Alternatively, you may send us a message to exercise your rights via post or e-mail, e.g. via the contact details of our data protection officer.

Right to access (Art. 15 GDPR): You have the right to access your personal data processed by us. You also have the right to receive a copy of the personal data undergoing

Right of rectification and erasure (Art. 16, 17 GDPR): If your personal data are inaccurate or incomplete, you may request that your personal data are rectified or completed. If we have disclosed your personal data to third parties, we will inform them about the rectification to the extent set forth by law. You have the right to obtain erasure of your personal data from us, if the respective legal conditions are fulfilled. This particularly applies in cases where:

  • your personal data are no longer needed for the purposes for which they have been collected
  • the legal basis for processing was exclusively your consent, and you hace withdrawn such consent
  • you have objected to direct marketing
  • you have objected to data processing based on our legitimate interests on grounds that relate to your particular situation and we cannot show that there are overriding legitimate grounds for the processing
  • your personal data have been subject to unlawful processing or
  • your personal data must be erased as to comply with a legal obligation.

When we disclose your personal data to third parties, we inform them about the deletion to the extent prescribed by law. Please note that your right of deletion is subject to restrictions. For example, we are not committed or permitted to delete any data which we must continue to store due to statutory retention periods. Also, personal data which we need in order to establish, exercise or defend legal claims are excluded from your right of deletion.

Restriction of processing (Art. 18 GDPR): You may request restriction of the processing of your personal data, if the respective legal conditions are fulfilled. This particularly applies in cases where:

  • the accuracy of your personal data is contested by you, and then until we have been able to correct or verify the accuracy
  • the processing is unlawful and you request a restriction of use instead of erasure (see also above)
  • we no longer need your personal data for the processing purposes, but you need such data in order to establish, exercise or defend your legal claims
  • you have objected to the processing for personal reasons, and in this case until it is clarified whether your interests override.

If you have the right to restriction of processing, we flag the personal data concerned in order to make sure that these data only continue to be processed within the narrow limits applying to such restricted data (i.e. especially in order to defend legal claims or with your consent).

Right to data portability (Art. 20 GDPR): You also have the right to receive your pesonal data provided to us in a structured, commonly used and machine-readable format, or to request – if technically feasible – that the personal data are transmitted to a third party.

Right to object (Art. 21 GDPR): You have the right to object to data processing on grounds relating to your particular situation, if such processing is based on legitimate interest as legal basis. You can also always object to the processing of your personal data for marketing purposes.

Withdrawal of consent (Art. 7(3) GDPR): If you have consented to the processing of your personal data, you may withdraw such consent at any time and without reason. The lawfulness of processing your personal data remains unaffected until the withdrawal.

Right to lodge a complaint with the Supervisory Authorithy: You have the right to lodge a complaint with a Supervisory Authority. For this purpose you may particularly contact the Supervisory Authority competent for your place of residence, or the Supervisory Authority competent for us. The latter is:

Der  Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
("The Hamburg Officer for Data Protection and Freedom of Information")
(www. Datenschutz.hamburg.de, only German)

11. Amendment of the Privacy Statement

Desitin reserves the right to amend the contents of this privacy notice in accordance with legal requirements. Please keep yourself informed regularly about updates of this privacy notice.

12. Contact

If you wish to contact us, you can o so under the contact data specified in section 1.

Last update: October 2022