Last update: August 2020
We - Bionorica SE - are not only committed to protecting your health, but also to protecting your data and thus your privacy. With this data protection declaration we inform you about
- which personal data we collect, store, process, block and erase from you when you visit the website and use our online services (collectively referred to as ‘processing’),
- what we use these data for,
- how you can object to the use or withdraw your consent and
- what rights you have as a data subject, e.g. how you revoke declared consent and how you can exercise other rights to information, correction, complaint and deletion of your data.
1. Who is responsible for data processing and who can I contact?
The responsible body for data processing in the sense given in the GDPR is:
92318 Neumarkt, Germany
Phone: +49 (0) 9181 231-90
Fax: +49 (0) 9181 231-265
Our company data protection officer can be reached via email at firstname.lastname@example.org or by post at the above address (please include the line ‘ATTENTION: Data Protection Officer’).
This data protection declaration applies to your visit to the websites available under the following domains:
Since the services/functionalities described below do not run on all of the domains mentioned, we will name the concerned domain(s) for each individual service.
3. Definition of the data categories
In the context of this data protection declaration, the following definitions apply to data types:
Type 1: web usage data
- IP address;
- Date and time of the request;
- Time zone difference to Greenwich Mean Time (GMT);
- Content of the request (specific page);
- Access status / HTTP status code;
- Amount of data transferred in each case;
- Website from which the request comes;
- Browser used including language and version;
- Operating system of the device used and its interface.
Type 2: personal details and contact details
- Date of birth;
- Marital status;
- Occupation/occupational position;
- Phone number(s);
- E-mail address;
- Other communicated contact details including accounts for social media (e.g. Facebook, Twitter).
Type 3: Electronic communication data (especially email)
- Contents of electronic communication that you address to us or that we carry with us;
- Metadata, e.g. e-mail addresses involved, time and date of e-mail correspondence, details on your opening and clicking behavior in our PhytoNews (e-mail newsletter).
4. General website visit
Applies to: All websites mentioned
(1) If you use the website for informational purposes only, i.e. if you do not register or otherwise convey any information to us, we will only collect the personal data your browser transmits to our server. If you would like to view our website, we collect the type 1 data which are technically necessary for us to display our website to you and ensure the stability and security (legal basis is Art. 6(1) (f) GDPR).
(2) In addition to the data mentioned above, the following transient and persistent cookies are saved on your computer when you visit our website:
a) Transient cookies: these cookies are automatically deleted when you close the browser. They particularly include session cookies. A session cookie saves a so-called session ID with which various requests from your browser can be assigned to a given session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you close your browser.
b) Persistent cookies: these cookies are automatically deleted after the expiration time has been reached. Depending on the cookie, the expiration time may differ. You can delete the cookies at any time via the system settings in your browser.
c) You can configure your browser settings as you wish and, e.g., refuse to accept third-party cookies or all cookies. Please be aware that if you disable cookies, you may not be able to use all the features of this website.
5. Google Analytics
Applies to: All websites mentioned
(2) The information on your use of this website generated by the cookies mentioned above is usually transferred to and saved on a Google server in the US. Google uses this information on our behalf to analyse your use of the website, to compile reports on website activity and to provide additional services associated with the website and internet use to us.
(3) You can prevent cookies being saved by making the appropriate setting in your browser. However, in this case you may not be able to use all the features of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) for Google and the processing of these data by Google by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=de.
(4) The legal basis for the use of this service is yielded from Art. 6 Para. 1 lit. f GDPR.
(5) Further information on the use of data by Google for advertising purposes as well as on setting and objection possibilities can be found at: https://support.google.com/analytics/answer/6004245?hl=de.
6. Your contact with us
Applies to: All mentioned websites with the exception of www.bionorica-fortbildung.de
When contacting us (for example via a contact form or an e-mail), your details are voluntary unless we need them to process your request and answer. This information is stored and processed by us to process the request and potential follow-up questions.
Depending on your details, data of types 1, 2 and 3 will be collected and processed when you contact us. The legal basis for the use of this service depends on the nature of your request from Art. 6 Para. 1 lit. a or b GDPR.
7. Health insurance reimbursement for over-the-counter medication (“The Green Prescription”)
Applies to: sinupret-extract.de, bronchipret.de, agnucaston.de
At https://www.sinupret-extract.de/service/erstattung/ you can search for statutory health insurance companies that will reimburse you for expenses for certain over-the-counter medications (also called “OTC medicines”). You can fill out a corresponding reimbursement form directly on the website and either download it or have it sent to a specific e-mail address. The latter option is of course voluntary. If you would like to receive it, we need your email address, which we will only use for this delivery and then delete it from our systems immediately.
The legal basis for this data use is Art. 6 Para. 1 lit. a GDPR.
8. Google Maps: pharmacy or event search
Applies to: canephron.de, bronchipret.de, sinupret-extract.de, imupret.de, bionorica.de, phytothek.de, sinupret-saft.de, agnucaston.de, blase-gesundheit.de
(1) The websites mentioned above integrate maps from Google Maps, a service of Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA; EU branch: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. This enables us to perform two types of searches, on the one hand, the search for pharmacies and, on the other hand, events in the vicinity of your location.
(2) When a website with Google map material is accessed on the respective website, a connection to the Google servers in the USA is established. Your IP address and your location can be transmitted to Google, and Google registers that you have accessed the corresponding page, regardless of whether you have a user account with Google and whether you are logged in at the time. If you are logged into your Google account, Google can assign the above data to your account. If you do not want this, you must log out of your Google account. Google creates user profiles from such data and uses this data for the purpose of advertising, market research or optimization of its websites.
(3) The legal basis for this is our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
9. YouTube videos
Applies to: sinupret-extract.de, bionorica.com
(1) To illustrate our products, we embed YouTube videos on the website mentioned, which are managed by YouTube LLC, a subsidiary of Google in the USA. We have embedded the videos in the so-called extended data protection mode (information on this can be found here: https://support.google.com/youtube/answer/171780?hl=de). In this mode, in contrast to the usual mode, cookies are only placed on your end device and personal data is collected from you if you actively click on the video. In addition, the videos are embedded with a so-called 2-click solution, in which no data is collected from you before you click on the video.
(2) If you click on a YouTube video embedded on the website after the first click, Google stores a large amount of data in the cookie (including device-related information, log data, location-related information, application numbers, visits to websites that use Google advertising services). Google processes and uses the data mentioned, among other things, to provide and maintain the services, to develop new services and to provide customized content (advertising, search results). The data determined with the help of cookies is usually transferred to a Google server in the USA and stored there.
(3) Google transmits data to third parties if permission has been granted, if this is necessary for legal reasons or if third parties process this data on behalf of Google.
(4) You can prevent the storage of Google cookies by making the appropriate setting in your browser. This may limit the functionality of the YouTube videos and Google services. Further information can be found in the Google data protection declaration.
(5) The use of the YouTube video function is voluntary. The legal basis for data processing is Art. 6 Para. 1 lit. a GDPR.
10. Wistia videos
Applies to: bronchipret.de, fachkreise.bionorica.de, bionorica.de
The website uses Wistia (https://wistia.com/) from Wistia, Inc., based in Cambridge, Massachusetts, USA, to embed videos in our websites and to promote and measure the interaction behavior of website visitors with the videos. Wistia collects the following categories of personal data on our behalf:
- Anonymized IP address including provider;
- Access time to viewed videos;
- Details of viewed video sections;
- URL of the videos;
- Type of device (stationary, mobile), operating system and browser used.
No cookies or similar technologies are used for flash or video. All information on the transfer and use of data by Wistia can be found here: https://wistia.com/privacy
11. Mouse tracking with Mouseflow
Applies to: fachkreise.bionorica.de
On the websites mentioned above, we use a tool called “Mouseflow” from mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark (https://mouseflow.de/). With this tool, we measure web surfing behavior to improve our online offer. We specifically process the following data categories:
- Anonymized IP address;
- Access time to websites and their URLs;
- Mouse and scroll movements;
- Form submission;
- Type of device (stationary, mobile), operating system and browser used.
This data is processed within the EU. The legal basis for processing is Art. 6 Para. 1 lit. f GDPR. You can deactivate the functions of Mouseflow by clicking on the “Deactivate” button on the following website: https://mouseflow.de/opt-out/
All information on how Mouseflow handles personal data can be found here: https://mouseflow.de/gdpr/
12. Email newsletter
Applies to: fachkreise.bionorica.de, phytothek.de
We offer an email newsletter called “PhytoNews” on the website mentioned to provide information about our products, services and events. You can register for this newsletter by entering an email address; Information that goes beyond the email address is voluntary. We use the data collected for the purpose of registering for the newsletter, to send the corresponding newsletter and to evaluate your click behavior in the emails (openings, clicks) in order to improve our newsletter offer.
The legal basis for processing your data for the purpose of sending the newsletter is Art. 6 Para. 1 lit. a GDPR, for the purpose of evaluating click behavior Art. 6 para. 1 lit. f GDPR. You can withdraw your consent to the sending of the newsletter at any time by clicking on the “Unsubscribe” link that you will find in every newsletter issue.
Applies to: bionorica.de/karriere/ihre-bewerbung
We offer an e-mail newsletter on the website mentioned, which provides information about our current vacancies. You can register for this newsletter by entering an email address; We use the data collected for the purpose of registering for the newsletter only for sending the corresponding newsletter.
The legal basis for processing your data for the purpose of sending the newsletter is Art. 6 Para. 1 lit. a GDPR. You can withdraw your consent to the sending of the newsletter at any time by clicking on the corresponding link that you will find in every newsletter issue.
13. User management
Applies to: fachkreise.bionorica.de, phytothek.de
On the websites mentioned, we offer members of medical circles the opportunity to create and manage a user account. However, since certain content may only be made available to members of a specialist group according to the German Drug Advertisement Act (HWG) in Germany, we must make the specialist group property a prerequisite for creating such an account. We use this account to collect and process the data you provide about online training, event participation, etc. The information you provide is voluntary.
The legal basis for processing your data for user administration is Art. 6 Para. 1 lit. a GDPR. You can delete your user account and the data in it at any time by logging in and selecting the deletion in the menu item “My account”.
14. DocCheck login
Applies to: fachkreise.bionorica.de
Likewise only on the website for HCPs, we offer the possibility of logging in via DocCheck (http://www.doccheck.com/), a portal for the proof of the medical specialist group property of DocCheck Medical Services GmbH, Vogelsanger Strasse 66, 50823 Cologne. DocCheck processes data that is entered via the corresponding login portal. We receive the following data from DocCheck for the purpose of verifying your professional group status:
- Job title
- Postal address
- E-mail address
The use of the portal is voluntary. The legal basis for using the DocCheck login is Art. 6 Para. 1 lit. a GDPR.
Applies to: bionorica.de, bionorica.com
Our website uses the Hotjar web analysis service from Hotjar Ltd .. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, Tel: +1 (855) 464-6788).
This tool can be used to create heat maps, click maps, conversion funnels, visitor recordings, incoming feedback, feedback polls and surveys (more information is available at https://www.hotjar.com/).
Above all, Hotjar's services can improve the functionality of the Hotjar-based website by making them more user-friendly, more valuable and easier to use for end users.
We pay particular attention to the protection of your personal data when using this tool. So we can only understand which buttons are clicked, the course of the mouse, how far is scrolled, the screen size of the device, device type and browser information, geographical location (only the country) and the preferred language to display our website. Areas of the websites in which personal data from you or third parties are displayed are automatically hidden by Hotjar and are therefore never traceable. In order to exclude direct personal reference, IP addresses are only stored anonymously and processed further. However, Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data that is transmitted by your browser as part of web page requests. This would be, for example, cookies or your IP address. In these exceptional cases, this processing takes place in accordance with Art. 6 Paragraph 1 lit.
Your data will be erased after 1 year at the latest. The legal basis is Art. 6 para. 1 cl. 1 lit. a GDPR.
Hotjar offers every user the option of preventing the use of the Hotjar tool with the help of a “Do Not Track” function so that no data is recorded about the visit to the respective website. This is a setting that all common browsers support in current versions. To do this, your browser sends a request to Hotjar to deactivate the tracking of the respective user. If you use our websites with different browsers / computers, you must set up the “Do Not Track” function for each of these browsers / computers separately.
You can prevent Hotjar from collecting your data at any time by going to the opt-out page https://www.hotjar.com/legal/compliance/opt-out/ and clicking Deactivate Hotjar. Please note, however, that you have to click the link again if you delete the cookies stored on your device.
More information about Hotjar Ltd. and via the Hotjar tool can be found at: https://www.hotjar.com
The data protection declaration of Hotjar Ltd. can be found at: https://www.hotjar.com/privacy/
16. Server logs
(1) The web server(s) delivering the website write protocols in which the following data is listed:
- Name of the website accessed;
- File, date and time of access;
- Amount of data transferred;
- Notification of successful retrieval;
- Browser type and version;
- Operating system used by the user;
- URL of the previously visited website (referrer URL);
- IP address of the user;
- Inquiring telecommunications provider.
(2) We use the log data only for statistical evaluations for the purpose of operation, security and optimization of the website and our offer. However, we reserve the right to check the log data retrospectively if there is concrete reason to suspect that the website has been or is being used illegally.
(3) The legal basis for maintaining the server logs is Art. 6 Para. 1 lit. f GDPR. As a rule, we delete the server logs after 14 days, or later if the reason for this is given in paragraph 2.
17. Your rights
(1) If you have any questions about the protection of your data, you can contact our data protection officer by sending an email to email@example.com, or at our postal address with the addition "the data protection officer".
(2) You determine what happens to us with your personal data and we will help you with this. You can receive information about the data we have stored about you, you can request the correction of incorrect data and the restriction of the processing and deletion of your personal data from us. Please write an email to the address firstname.lastname@example.org.
(3) You also have the right to data portability.
(4) You can withdraw your consent given to us at any time, whereby the route recommended by us will be specified depending on the medium (you can register for the newsletter, for example, simply by clicking on "Unsubscribe", which you can find in every newsletter Find output). You can also use the web form mentioned above for this. The way via the web form is not automated and therefore takes longer than the fully automatic way recommended by us in case of doubt.
(5) You also have the right to complain to the competent data protection supervisory authority.