Data Protection

We are pleased about your visit to our website https://pharmahandelkoehnen.de and the associated interest in our company. With the aim of offering you the greatest possible degree of transparency, we will inform you below about the type, scope and purpose of the collection, processing and use of personal data that arise when using our website. The General Data Protection Regulation (hereinafter referred to as "GDPR") can be accessed here as a complete document.

Contents

  1. Definitions of terms
  2. Responsible party according to Article 4 No. 7 GDPR
  3. Lawfulness of processing (Art. 6 GDPR)
  4. Data retention and deletion policy
  5. Transfer of personal data
  6. Collection of personal data
    1. Exclusive informational use of our website
    2. Contact via email
    3. Contact form
  7. Hosting
  8. Your Rights
  9. Right of objection
  10. Data Security

1. Definitions of terms
The following terms that we use in our data protection declaration are defined within Art. 4 of the GDPR. This is only an excerpt from Art. 4 of the GDPR. All definitions can be found in the GDPR (available here).

  • personal Data (Art. 4 No. 1 GDPR)
    personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • processing (Art. 4 No. 2 GDPR)
    processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • pseudonymisation (Art. 4 No. 5 GDPR)
    pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
  • controller (Art. 4 No. 7 GDPR)
    controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • processor (Art. 4 No. 8 GDPR)
    processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • third party (Art. 4 No. 10 GDPR)
    third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  • consent (Art. 4 No. 11 GDPR)
    consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  • enterprise (Art. 4 No. 18 GDPR)
    enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;

2. Responsible party according to Article 4 No. 7 GDPR
Pharmahandel Köhnen GmbH
Im Wäldchen 9
66663 Merzig
Telephone: +49  6861 93 95 230
Telefax: +49  6861 93 95 232
E-Mail: info@pharmahandelkoehnen.de
You can access our complete imprint here:
Imprint

3. Lawfulness of processing (Art. 6 GDPR)
For each processing described in our privacy policy, we will inform you of the relevant legal basis on which the processing is carried out. We distinguish between the following groups of cases in which processing is lawful:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Art. 6 Para. 1 C. 1 Letter a GDPR).
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 Para. 1 C. 1 Letter b GDPR).
  • processing is necessary for compliance with a legal obligation to which the controller is subject (Art. 6 Para. 1 C. 1 Letter c GDPR).
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person (Art. 6 Para. 1 C. Letter d GDPR).
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Art. 6 Para. 1 C. 1 Letter e GDPR). processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Art. 6 Para. 1 C. 1 Letter f GDPR).

4. Data retention and deletion policy
Within the processing described in our data protection policy, we will inform you of the corresponding storage period or the times of deletion or blocking of data. If no explicit storage period is defined, the data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer exists.
Data may be stored beyond the defined periods if legal regulations to which we are subject (e.g. § 147 AO, § 247 HGB) stipulate a different storage period.
Following the storage period, the personal data will be deleted or blocked unless further storage is required by us on a legal basis. Furthermore, storage beyond the specified period is possible in the event of a (possible) legal dispute with you or other legal proceedings.

5. Transfer of personal data
If your personal data is passed on, you will be informed accordingly at the relevant Letter in our data protection declaration. If your personal data is transferred outside the European Economic Area and thus to so-called third countries, you will be informed accordingly at the relevant Letter in our data protection declaration. As a matter of principle, we only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can guarantee the careful handling of personal data on the basis of contractual agreements or other suitable guarantees.

6. Collection of personal data
In the following, we will inform you about the collection of personal data (such as name, e-mail address, address or user behaviour).

6.1 Exclusive informational use of our website
If you do not register on our website (for example in the form of a newsletter) or transmit data to us in any other way (for example by using a contact form), only that personal data is collected which is transmitted to our server by your browser. This is data that is technically necessary for us to provide you with the website for viewing while ensuring a secure and stable display. This is the following information, which is derived from a log file line:

  • Internet protocol address (IP address)
  • Time and date of the respective access
  • Time zone difference to Greenwich Mean Time (GMT)
  • The specific page accessed
  • Status of the access / Hypertext Transfer Protocol (http)
  • Amount of data transferred in each case
  • Website from which our website was accessed (referrer URL)
  • Internet browser used (incl. language and version)
  • Operating system used

The legal basis for the collection of the listed data results from Art. 6 Para. 1 (1) Letter f GDPR. We have a legitimate interest in ensuring an error-free connection and comfortable use of our website, as well as analysing system stability and security and using the data for further administrative purposes.

6.2 Contact via email
If you contact us via the e-mail address in Section 2 or other e-mail addresses of our company that are published on our website, your e-mail address and other contact data contained in your e-mail (e.g. your name or your telephone number) stored by us in order to process your request. This data will be deleted immediately as soon as further storage is no longer necessary. If there are legal retention periods for the data, instead of deleting the data, the processing will be restricted accordingly. Depending on the reason for sending the e-mail, the legal basis for processing the data is Article 6 Paragraph 1 Clause 1 Letter b GDPR or Article 6 Paragraph 1 Clause 1 Letter f GDPR, i.e. it occurs either for Processing of the contract concluded with you and to fulfill our (pre)contractual obligations or is based on our legitimate interest in contacting those interested in our service.

6.3 Contact form
If you contact us using the contact form on our website, the contact details you provide will be stored and processed by us in order to process your request. Depending on the reason for contact, the legal basis for processing the data results from Article 6 Paragraph 1 Clause 1 Letter b GDPR or from Article 6 Paragraph 1 Clause 1 Letter f GDPR, i.e. it takes place either to process the contract concluded with you and to fulfill our (pre)contractual obligations or is based on our legitimate interest in contacting people who are interested in our service.

7. Hosting
Our website is hosted by the company Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Imprint: https://www.hetzner.com/de/legal/legal-notice (hereinafter referred to as "Hetzner"). When our website is called up, the personal data mentioned in this data protection declaration is transmitted to Hetzner for purely informational use of the website. For this purpose, we have concluded a corresponding contract for order processing with the company Hetzner. Here you can find the privacy policy of Hetzner: https://www.hetzner.com/legal/privacy-policy


8. Your Rights
Below we explain your rights under the GDPR. You can access the GDPR as a complete document here.

  • Right of access by the data subject under Art. 15 Para. 1 GDPR
    The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  • Right to rectification under Art. 16 GDPR
    The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Right to erasure (‘right to be forgotten’) under Art. 17 Para. 1 GDPR
    You have the right to request that we delete the personal data concerning you immediately. According to Art. 17 Para. 3 GDPR, however, this right does not exist if the processing is carried out to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest in the area of public health, for archiving purposes in the public interest or is required to assert, exercise or defend legal claims.
  • Right to restriction of processing under Art. 18 Para. 1 GDPR
    The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
  • Right to data portability under Art. 20 GDPR
    The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: the processing is based on consent pursuant to Letter (a) of Article 6(1) or Letter (a) of Article 9(2) or on a contract pursuant to Letter (b) of Article 6(1); and the processing is carried out by automated means.
  • Right to withdraw given consent under to Art. 7 Para. 3 GDPR
    The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
  • Right to lodge a complaint under Art. 77 GDPR
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or the place of the alleged infringement. For more information, please visit the website of the Federal Commissioner for Data Protection and Freedom of Information.

9. Right of objection
In addition to the aforementioned rights, you also have the right to object at any time with future effect to the processing of your personal data which is conducted on the basis of the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 (1) Clause 1 Letter e GDPR) or for the protection of legitimate interests on our part (Art. 6 (1) Clause 1 Letter f GDPR), provided that there are grounds for doing so which arise from your particular situation. In the event of an objection, no further processing of the personal data will be carried out unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. In the case of processing of your personal data for the purpose of direct marketing or profiling, where there is a link to direct marketing, you have a general right to object without having to provide grounds based on your particular situation. In the event of an objection, we will immediately cease processing the personal data for these purposes.  To exercise your right of revocation or objection, simply send an email to: info@pharmakoehnen.de

10. Data Security
The encryption and communication protocol TLS 1.3 (Transport Layer Security) is used on our website. With the TLS certificate we use and issued by a certification authority, we enable encrypted data exchange between the web browser and web server, which means that sensitive data cannot be read by third parties. We use the process with the highest level of encryption that your browser supports, which is usually 256-bit encryption. The higher the number of bits, the longer the key and the better the protection against third parties.

Diese Cookie-Richtlinie wurde erstellt und aktualisiert von der Firma Consent Management - CookieFirst.