The protection of personal data and the responsible handling of information you entrust to us are an important and particular concern to us. medac GmbH (medac) processes personal data only in accordance with the legal regulations. These are in particular the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
With this data protection declaration, we inform you about medac as the controller for data protection (see 1.) and how, to what extent and for what purposes we process personal data.
- when using our website (see 2.),
- when applying for a job in our career portal (see 3.)
- when concluding contracts with us (see 4.),
- when registering for newsletters (see 5.) and
- when participating in events (see 6.).
- Drug safety and reporting of side effects (see 7.).
Principles applicable to these processing operations and your rights (see 12.).
1. Controller and Data Protection Officer
Responsible person in terms of data protection law: medac GmbH, Theaterstraße 6 22880 Wedel (Imprint)
Data Protection Officer: medac GmbH, Dr. Anna-Kristina Roschek, Theaterstraße 6, 22880 Wedel, Phone +49 (0)4103 - 8006-0
2. Website: Processing of your personal data
The processing of personal data to the extent described under section 2.1. is necessary in order to use the website.
As far as it is necessary in order for the operation of our Website, we may set cookies without your consent on the legal basis of our legitimate interests for the operation of our Website. All other cookies are set only after you have consented to the setting of the respective cookie via the cookie banner. Until you declare your consent, only technically necessary cookies will be set. Your consent may also include data transfers to the USA in accordance with Article 49 (1) lit. a GDPR (see also section 9 Data transfers to countries outside the EEA). The consent can be revoked in whole or in part at any time with effect for the future. The options available for this are described in detail below.
2.1 Data processing to enable website use
When you visit our website, we collect the necessary data to enable you to use it (usage data). This includes your IP address and data on the start, end and subject of your use of the website and the technical information transmitted by your browser (e.g. browser type, operating system and previously visited website). This data is used to ensure a smooth connection, to evaluate system security and stability and for other administrative purposes in our legitimate interest (Article 6, para 1, lit. f GDPR)
When you visit our website, information may be stored on your computer in the form of a cookie. Cookies are small text files that are sent from a web server to your browser and stored on your computer's hard drive. This makes it possible for you to be recognized when you return to the website. In this way we can ensure better functionality of the site or carry out web analysis (see section 2.3.).
There are various types of cookies. A distinction must be made between cookies placed by the website operator when you visit a website (also known as "first party cookies") and cookies placed by third parties (also known as "third party cookies"). We solely have technical control over the first mentioned cookies. On the other hand, there are cookies that are only stored on your computer during your visit to our website (also known as "session cookies") and cookies that are stored for a longer period of time.
Most browsers are set to accept cookies automatically. You can deactivate the storage of cookies in your browser and can delete them from your hard disk at any time. We would like to point out that the use of our offers on the website without cookies is only possible to a limited extent.
However, you can also adjust your browser to only prevent the setting of certain cookies (e.g. cookies from third parties), for example if you wish to prevent web tracking. You can find more information on this in the help function of your browser. You can find further information on cookies from third-party providers that are set or processed when you visit our website in Section 2.3. and in the data protection declarations of the mentioned provider.
Change cookie settings
|__cfduid||Required||Session||Browser-Update.orgQueries the version of the internet browser used by the user to display a message about outdated browsers.|
|_ga||Statistics||2 years||Google Tag Manager by Google|
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Used by Google Analytics to limit the request rate
|_gid||Statistics||24 hours||Google Tag Manager by Google|
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Allows checking on every page whether the user is logged in to DocCheck.
This cookie is used to identify a session and store preferences based on a random number key. It does not store user data that can be used to identify individual users
2.3. Pseudonymous user profiles for advertising and market research (web tracking and web analytics)
We use web tracking systems for advertising, market research and to make your use of our website as pleasant as possible. Data about the use of our website is stored in pseudonymous user profiles (your IP address is anonymized). This enables us to further develop our website and to tailor the content even better to your needs. The pseudonymous user profiles are not merged with personal data.
You can object to the creation of pseudonymous user profiles. To do this, you can prevent cookies from being set in your browser (see Section 2.2.). On the other hand, you can install a plugin in your browser to protect your privacy, which offers the possibility to prevent tracking - e.g. AdBlock, Ghostery or NoScript (please note the data protection information of the respective plugin provider).
Hereinafter, the tracking technologies used on our website (which may include cookies in particular, see Section 2.2.) and the provider - who processes usage data in pseudonymous profiles for the respective purposes - are listed. In addition, the link to the provider's data protection declaration is provided and we explain to you how you can switch web tracking off or on by the service providers with effect for the future. Generally, a special cookie is stored on your terminal device to prevent the provider from collecting usage data from your terminal devices in the future; please note that you may have to place this cookie again if you delete cookies from your computer.
2.4 Google Analytics
You can prevent the storage of cookies by making the appropriate settings in your browser software and rejecting them (see section 2.2.) or using a privacy plug-in (see section 2.3.). You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en).
Alternatively, you can prevent the collection by Google Analytics by setting a so-called "opt-out cookie" on your computer. Use the following link to do this: Set Opt-Out-Cookie
For more information about privacy at Google Analytics, please visit: https://www.google.de/intl/de/policies/.
2.5 Google Tag Manager
2.6 Data Processing When You Use Other Features of the Website
In general, the provision of personal data is not necessary for the use of our website. With the exception of the cases described in section 2, data collection and processing will only take place if you voluntarily provide us with your data. If you do not provide us with any other personal data, you may not be able to use the functions described in this section. Otherwise there will be no consequences for you.
We process your personal data if you use the following functions:
2.6.1 Processing of your data when you contact us for business purposes
If you contact us as an interested party, supplier, service provider or other business partner, we process your personal data such as contact data or correspondence to the extent that this is necessary to process your enquiry (legitimate interest according to Art. 6 para. 1 letter f GDPR) or to initiate or process the respective transaction (Art. 6 para. 1 letter b GDPR) and, if necessary, store the data within the scope of statutory storage obligations (due to statutory obligations according to Art. 6 para. 1 letter c GDPR.
The same applies if you are an employee of an interested party, supplier, service provider or other business partner and we receive your personal data in this context; the legal basis in this case is our legitimate interest in establishing or carrying out the business relationship with your employer (Art. 6 para. 1 letter f GDPR).
2.6.2 Contact form
When you contact us via the contact form, we store your details (your name, e-mail address, telephone number if necessary, and the text of your request) and process them in order to process your request.
As far as it is necessary in order to answer your request or your request is directed towards this, we may transfer your details to another company of the medac group (e.g. if your request relates to a contract or a customer relationship with another company of the medac group or its products). The legal basis for this data processing is - depending on the subject of your request - the admissibility of the processing within the framework of contract initiation, a contract or our legitimate interest in providing a contact form for general requests (Art. 6 Para. 1 lit. a or f GDPR).
2.6.3 Areas reserved for professional visitors
Professional visitors of our website (doctors, pharmacists and members of certain other health care professions) can access closed areas of our online offer of they have previously registered accordingly. This registration is done via DocCheck. With the password that you receive, you gain access to the closed areas of our website.
DocCheck password protection
DocCheck uses so-called "cookies" - text files that are stored in the user's browser - to facilitate the use of the services. The information generated by these cookies is only transferred to DocCheck servers and is not shared with the website operator or any other third party. There is no data transfer to countries outside the EU.
Allows a single sign-on for all DocCheck logins.
Lifetime = 1 session
Serves to provide suitable content on the basis of pseudonymised identification data (e.g. occupation, country, language).
Lifetime = 1 year
As part of the use of DocCheck password protection, DocCheck collects the so-called log data (IP address, access date, access time, referrer URL, information on hardware and software used such as browser features, device information such as resolution) of the user, starting from the website of the information provider which integrates the login into the website via "embed" or iFrame. This data is not used to draw conclusions about the person, but serve to ensure the correct display of the website or iFrame content and/or the security of the DocCheck services.
We expressly point out that DocCheck is another service provider to whom medac passes you on within the scope of the registration form provided on its website. medac has no influence on the collection, processing and use of your data by DocCheck. Please inform yourself on the DocCheck pages about the measures taken there to protect your personal data: http://info.doccheck.com/de/privacy/
Subscription to our podcast
When you as a professional user register to subscribe to our podcast, we process your email address and send you a confirmation link to complete the subscription process. We will also inform you by email about new podcast episodes available on our website. The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can unsubscribe and revoke your consent at any time. You will find an option to declare your revocation in every email we send you.
2.8 Video integration through Vimeo
If you call up a page on our website on which a video with Vimeo has been embedded, your IP address and possibly other technically necessary personal data will be transmitted to Vimeo. In the process, your data will be transmitted to the USA. The USA (and possibly other non-EEA countries) do not offer a level of data protection comparable to that of the European Union and, in particular, unauthorized access by government agencies cannot be ruled out in individual cases.
The legal basis for the use of the services of Vimeo is our legitimate interest in the functional presentation of the website, Art. 6 (1) (f) GDPR. If you have any questions about the balance of interests, please contact one of the contact addresses listed in section 1 above.
2.9 Google Maps
On some of our pages there is a plugin which shows map sections of Google Maps. Google Maps is provided by Google LLC. (Hereinafter: "Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For this purpose, a connection is established between your browser and Google's servers - as if you were visiting the Google search engine's website. Google is responsible for its own data processing. Tracking by Google on our website does not take place.
3. Advertisements in online portals; the use of job portals and career platforms; the medac career portal
We use advertisements in print and online media to draw attention to job vacancies. In this process, we also use online platforms such as job portals and career networks (e.g. Xing or LinkedIn), which may use conventional usage analysis techniques for visiting websites. The respective operator of the online portal is responsible for the related data processing; for more detailed information, please check their privacy declaration.
We also use the job portals and career networks within the framework provided by the respective operator to find and contact potential applicants. The legal basis for this is our legitimate interest in efficient recruitment (Art. 6 para. 1 lit. f GDPR).
As part of online applications, we collect personal data about you. This particularly includes your personal data with contact information as well as a description of your education, work experience and skills. In addition, you have the option of providing us with electronically stored documents such as certificates or letters. You have the option of creating an online applicant profile so that you do not have to enter your data more than once in the case of multiple applications. This information will only be used by the respective human resource managers of medac and exclusively within the scope of the application procedure and for the purpose of processing your application. If your application remains unsuccessful, this data will be deleted six months after completion of the application process, unless you have expressly agreed to a longer storage period. The legal basis for the processing in order to make a decision on the establishment of an employment relationship is Art. 88 GDPR in conjunction with § 26 BDSG.
4. Conclusion and implementation of contracts
In order to conclude or execute contracts with you, we process personal data relating to you as far as it is necessary for the execution of the contract with you. For this purpose the provision of your personal data is necessary. You are not obliged to provide your personal data, but if you do not provide it, the establishment and implementation of the contractual relationship may not be possible or only possible to a limited extent. Otherwise there will be no consequences for you. The legal basis for this is Art. 6 para. 1 1 lit. b GDPR.
5. Registration for newsletter
If you register for our newsletter or for information about products, developments and events at medac, we process your personal data in order to provide you with the corresponding information. This requires the provision of your personal data. You are not obliged to provide your personal data, but if you do not, we may not be able to provide you with the information you request. Otherwise there will be no consequences for you. The legal basis for this is Art. 6 para.1 lit. a GDPR.
6. Participation in events
If you register to participate in a Medac event or if Medac supports your participation in a third party event, we will process your personal data as far as it is necessary for the execution of the event and your participation. This requires the provision of your personal data. You are not obliged to provide your personal data, but if you do not provide it, your participation in the event may not be possible or only possible to a limited extent, or Medac may not be able to support you or only to a limited extent. The legal basis for this is Art. 6 (1) (b) and (a) GDPR.
If your participation in the event serves the purpose of acquiring a certificate in order to be allowed to administer the corresponding drug, and if you have consented to this during the event or at a later point in time (e.g. when placing an order), we will store your name and the certificate receipt together with the number. We process this data in the context of order processes in order to simplify these, to spare you the need to provide proof of your certificate with each order and to fulfil the obligations arising from the approval of the medicinal product. The legal basis for this processing is Art. 6 (1) (a) GDPR.
7. Drug safety and reports of side effects
When you make a drug safety or a report on side effects, we collect personal data related to the report, such as personal information about you and your circumstances, your state of health, the medicines you are taking, and any side effect you have experienced. You are under no obligation to provide your personal information, but if you do not provide it, it may not be possible to include it and take it into account. The legal basis for the processing of your personal data is Art. 6 para. 1 lit. c GDPR in conjunction with § 63 lit. b German Drug Law (Arzneimittelgesetz AMG).
8. General information on data processing by medac Transmission to third parties
We only pass on the personal data described here if it is necessary for the provision of our service or if it is required by law. Within the scope of the purposes mentioned here, personal data will be forwarded to service providers who work for us and support us in particular in the provision of services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound by further contractual data protection requirements. In particular, this includes an obligation as a processor according to Article 28 GDPR.
Otherwise, we will only transfer personal data to other recipients if we have a legal permit to do so or you have given your prior consent. You may revoke any consent you may have given at any time with effect for the future. We will only pass on your data to government agencies within the framework of legal obligations or on the basis of an official order or court decision and only to the extent that this is permissible under data protection law.
9. Transmission to countries outside the EU
As far as necessary for our purposes, we may also transmit your data to recipients outside the EU. This is particularly the case if we have to transfer this data to recipients in countries as part of contract processing or due to statutory regulations.Except for the processing operations described in section 2.4, we will not share your data with any third party located outside the European Union or the European Economic Area.
European Economic Area. The processing operations listed in section 2.4 involve the transfer of data to the servers of the provider we have commissioned, Google LLC. Some of these servers are located in the US. If the servers are located in Europe, it cannot be completely excluded that data is transmitted to the US, because the provider is a US provider. The data transmission is based on the so-called Standard Contractual Clauses of the EU Commission.
We inform you that the US is not a safe third country in accordance with EU data protection law. In certain cases, US companies are obligated to hand over personal data to security authorities without you as the Data Subject being able to take legal action against this. For this reason, it cannot be excluded that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for surveillance purposes. We do not have any influence on these processing operations.
10. Data security
medac has taken the necessary technical and organisational measures to protect the personal data you provide against loss, destruction, manipulation and unauthorised access. To protect the personal data of our users, we use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) transmission. You can recognise this by the fact that an "s" is appended to the address component http:// ("https://") or a green, closed lock symbol is displayed in the browser. By clicking on the symbol, you will receive information about the SSL certificate used. SSL encryption ensures the secure and complete transmission of your data.
We delete your personal data as soon as they are no longer required for the previously named purposes of processing, in the case of an objection there are no compelling reasons worthy of protection on the part of medac, or in the case of a revocation there is no other legal basis for the processing. In certain cases, e.g. if there is a legal obligation to retain data, your personal data will initially be blocked and deleted upon expiry of the retention period.
12. Your rights
Data protection law grants you a number of rights with regard to data relating to your person (so-called data subject rights). In general these are
- the right to access about personal data we have stored about you (Art. 15 GDPR),
- the right to rectify inaccurate data (Art. 16 GDPR),
- the right to delete data that may no longer be stored (Art. 17 GDPR),
- the right to restrict the processing in certain cases (Art. 18 GDPR),
- the right to data portability, i.e. to transfer data they have provided in electronic form to you or to a third party (Art. 20 GDPR), and
- the right to revoke consent given, if applicable, with effect for the future (Art. 7 para. 3 GDPR).
Furthermore, you can object to processing if it is based on legitimate interests (Art. 6 para. 1 lit. f GDPR) or Art. 6 para. 1 lit. e GDPR (Art. 21 para. 1 GDPR) or for direct marketing purposes (Art. 21 para. 2 GDPR), for which you must provide a specific reason, except in the case of direct marketing.
If and to what extent these rights exist in the individual case and which conditions apply is determined by law, i.e. by the GDPR and the BDSG. You also have the right to complain to the responsible data protection authority. If you have any questions or complaints about data protection at medac, we recommend, in the first instance, that you contact our data protection officer (see point 1).
13. No automated case- by – case decision
We do not use your personal data for automated case-by-case decisions according to Article 22 Paragraph 1 GDPR.
14. Amendments to the data protection declaration
Version: February 2022
Alternativ können Sie die Erfassung durch Google Analytics verhindern, indem Sie ein sog. „Opt-Out-Cookie“ auf Ihrem Rechner setzen. Nutzen Sie hierfür den folgenden Link: Opt-Out-Cookie setzen