Data privacy policy
1. Data privacy at a glance
General information
The following information provides a brief overview of what happens to your personal data when you visit our website. Personal data are all data that can be used to identify you personally. Please refer to the data privacy policy presented below for more detailed information on the subject of data protection.
Data collection on our website
Who is responsible for data collection on this website?
Data processing on our website is performed by the website operator, whose contact details you can find in the website’s legal notice.
How do we collect your data?
In the first instance, your data will be collected when you disclose them to us. For example, this could be data that you enter in a contact form.
Other data are automatically collected by our IT systems when you visit the website. This is primarily technical information (e.g. about your web browser, operating system, or when a page was accessed). These data are collected automatically as soon as you access our website.
What do we use your data for?
Some of the data are collected in order to ensure trouble-free provision of the website. Other data may be used to analyse your user behaviour.
What rights do you have regarding your data?
You are entitled at any time to request information – free of charge – about the origin, recipients and purpose of the personal data we store about you. You also have the right to demand the rectification, deactivation or erasure of these data. You may contact us about this, or if you have any further questions about the topic of data protection, at any time at the address indicated in the legal notice. Furthermore, you are entitled to lodge a complaint with the relevant supervisory authority.
You also have the right to demand a restriction on the processing of your personal data in certain circumstances. Please refer to the section on “Right to the restriction of processing” in our data privacy policy.
2. General notes and mandatory information
Data privacy
As the operators of this website, we take the protection of your personal data very seriously. We handle your personal data with the utmost confidentiality and in accordance with data protection legislation and the provisions of this data privacy policy.
Various personal data are collected when you use this website. Personal data are data that can be used to identify you personally. This data privacy policy explains what data we collect and the purposes for which we use them. It also explains how and why this happens.
We must point out that data transmission over the Internet (e.g. in the case of e-mail communication) can be subject to gaps in security. It is not possible to protect data against access by third parties entirely.
Information about the controller
The controller of the data processing on this website is:
Burg-Apotheke
Owner: Pharmacist Uwe-Bernd Rose
Frankfurter Strasse 7
61462 Königstein im Taunus
Germany
Phone: + 49 6174955650
E-mail: [email protected]
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses etc.).
Withdrawal of your consent to data processing
Many data processing operations are only possible with your explicit consent. You can withdraw consent that you have already given at any time. It is sufficient to send us an informal e-mail for this purpose. The legitimacy of data processing up to the time of withdrawal of consent remains unaffected.
The right to object to data collection in special cases and to direct marketing (Article 21 GDPR)
If data processing is performed on the basis of Article 6 (1e) or (1f) GDPR, you are have the right to object at any time to the processing of your personal data on grounds concerning your particular situation; this also applies to profiling based on these provisions. Please refer to this data privacy policy for the relevant legal basis for processing. If you enter an objection, we will no longer process personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves to establish, exercise or defend legal claims (objection in accordance with Article 21 (1) GDPR).
If personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing; This also applies to profiling to the extent that it is related to such direct marketing. If you do object, your personal data will then no longer be processed for the purpose of such direct marketing (objection in accordance with Article 21 (2) GDPR).
Right to lodge a complaint with the relevant supervisory authority
In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.
Right to data portability
You have the right to receive the personal data that we process in an automated manner based on your consent or for the purpose fulfilling a contract in a structured, commonly used and machine-readable format, or to have such data transmitted to a third party. Insofar as you request the direct transmission of the data to another controller, this will only be effected to the extent that it is technically feasible.
Access, deactivation, erasure and rectification
Under applicable statutory regulations, you are entitled at any time to request information free of charge about the data concerning you that we store, about their origin, about who received them and about the purpose for which they were processed. Where appropriate, you are also entitled to request that these data be rectified, deactivated or erased. You may contact us at the address indicated in the legal notice if you have any further questions about this or any other topic relating to personal data.
Right to the restriction of processing
You have the right to restrict the processing of your personal data by us. You may contact us about this at any time at the address indicated in the legal notice. The right to the restriction of processing exists in the following cases:
If you contest the accuracy of the personal data that we store, we generally require time to verify this. You have the right to request the restriction of the processing of your personal data for the period of this verification.
If the processing of your personal data was / is unlawful, you may request the restriction of their processing rather than their erasure.
If we no longer need your personal data, but you require them for the exercise, defence or establishment of legal claims, you have the right to request the restriction of the processing of your personal data instead of their erasure.
If you have lodged an objection in accordance with Article 21 (1) GDPR, your interests will have to be weighed against ours. You have the right to request the restriction of the processing of your personal data until it has been ascertained whose interests take precedence.
If you have restricted the processing of your personal data, these data may only be processed – aside from their storage – with your consent, or for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of significant public interest of the European Union or of a Member State.
Rejection of promotional e-mails
We hereby reject the use by third parties of data published in accordance with our legal obligation to provide contact information in order to send us advertising material and information that we have not explicitly requested. The operators of this website expressly reserve the right to take legal action against the unsolicited sending of advertising material such as spam mails.
3. Data protection officer
Data protection officer required by law
We have appointed a data protection officer for our company.
Nils Oehmichen
datuno GmbH
Kiebitzhörn 15
D-22885 Barsbüttel
Phone: +49 4022 853 8430
E-mail: [email protected]
4. Data collection on our website
Cookies
Our website sometimes uses what are known as cookies. Cookies do not cause any harm to your computer and contain no viruses. Cookies help us to enhance your user experience and to make our offering more effective and secure. Cookies are small text files that are saved to your computer and stored in your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies are stored on your device until you delete them. These cookies enable us to recognise your browser the next time you visit our site.
You can configure your browser in such a way that you are informed when cookies are set, , and you are able to choose whether to accept them in each individual case only, or whether to reject cookies in specific cases or generally, as well as choose to delete cookies when you close your browser. The functionality of our website may be restricted if you choose to deactivate cookies.
Cookies that are required to perform the process of electronic communication or to provide specific functions that you request (e.g. the shopping cart function) are stored on the basis of Art. 6 (1f) GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically sound and optimised provision of its services. Any other cookies (e.g. cookies used to analyse your surfing behaviour) that are stored are listed separately in this data privacy policy.
Server log files
The provider of the website automatically collects and stores information in server log files, which your browser automatically transfers to us. This information comprises:
Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address
These data are not collated with data from other sources.
These data are collected on the basis of Article 6 Section 1 Subsection f GDPR. The website operator has a legitimate interest in presenting the website in a technically correct manner and in optimising it – server log files need to be collected for this purpose.
Enquiry by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your enquiry – together with all the personal data resulting from it (name, enquiry) – will be stored and processed by us for the purpose of handling your enquiry. We will not pass this information on without your consent.
The processing of these data is performed on the basis of Article 6 (1b) GDPR, provided your enquiry is connected with the fulfilment of a contract or the performance of pre-contractual measures. In all other cases, processing is based on your consent (Article 6 (1a) GDPR) and / or our legitimate interests (Article 6 (1f) GDPR), since we have a legitimate interest in dealing with enquiries directed to us in an effective manner.
The data that you send to us in a contact enquiry are retained by us until you request their erasure, withdraw your consent to their storage, or the purpose for data storage lapses (e.g. after your enquiry has been conclusively processed). Compelling statutory provisions – in particular statutory periods of retention – remain unaffected.
Registration on this website
You can register on our website to use additional features on the site. We use the data entered for this purpose only for the use of the particular offer or service for which you have registered. The mandatory data requested during registration must be provided in full. Otherwise we will refuse registration.
We will use the e-mail address provided during registration to inform you of important changes, such as changes to the scope of our offer or technically necessary changes.
Data entered during registration will be processed on the basis of your consent (Article 6 (1a) GDPR). You can withdraw any consent you have given at any time. It is sufficient to send us an informal e-mail for this purpose. The legitimacy of data processing that has already been performed remains unaffected.
We will store the data collected during registration for as long as you are registered on our website and then erase it. Legal retention periods remain unaffected.
Processing data (customer data and contract details)
We only collect, process and use personal data insofar as they are required for the basis, content-related design or amendment of the legal relationship (basic user data). This is done on the basis of Article 6 (1b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We only collect, process and use personal data relating to the use of our website (usage data) insofar as this is required to enable the user to make use of the service or for charging purposes.
Any customer data collected will be erased after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transfer upon conclusion of contract for online shops, dealers and dispatch of goods
We only transfer personal data to third parties if this is necessary for the execution of the contract, e.g. to the companies entrusted with delivering the goods or to the bank entrusted with handling payments. Any further transfer of data will not take place, or will only take place if you have explicitly agreed to such transfer. Your data will not be disclosed to third parties, for example for advertising purposes, without your explicit consent.
The basis for data processing is Article 6 (1 b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
Cloudflare
We use the “Cloudflare” service. The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”).
Cloudflare offers a worldwide distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed via the Cloudflare network. This enables Cloudflare to analyse the traffic between your browser and our website and act as a filter between our servers and potentially malicious traffic from the Internet. Cloudflare may also use cookies, which, however, are only used for the purpose described here.
We have concluded an agreement with Cloudflare for contract processing. Cloudflare is also a certified participant of the “EU-US Privacy Shield Framework”. Cloudflare has committed itself to handling all personal data received from the Member States of the European Union (EU) in accordance with the “Privacy Shield Framework”.
The use of Cloudflare is based on our legitimate interest in a possibly error-free and secure provision of our web services (Article 6 (1f)GDPR).
Further information about security and privacy at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.