Privacy policy of Dermapharm GmbH

We, the operators of the Dermapharm GmbH website, take the protection of your personal data very seriously and adhere strictly to data protection regulations (GDPR, BDSG, TMG and other legal provisions). The subject of data protection is personal data. This is all information that relates to an identified or identifiable natural person. This includes, for example, information such as name, postal address, e-mail address or telephone number, but also usage data such as your IP address.

We would like to inform you below about how we handle your personal data.

1. responsible body and data protection officer

The website www.tiroler-nussoel.de is a service provided by Dermapharm GmbH. Dermapharm GmbH is therefore the controller within the meaning of Art. 5 II GDPR.

You can contact our data protection officer at datenschutz@dermapharm.com and at the address given in the legal notice.

2 Collection, use and disclosure of personal data

We take precautions to protect your personal data from loss, destruction, falsification, manipulation and unauthorised access. The statutory data protection regulations are of course observed. We do not pass on your data to third parties unless you have consented to this. For certain areas (e.g. the hosting of our website), however, we are dependent on the use of service providers, which we generally oblige to comply with the legal requirements by means of order processing. We also reserve the right in exceptional cases, e.g. in the case of enquiries about our products, to pass on your personal data to the currently registered and responsible manufacturer. Our employees are obliged to maintain confidentiality. If data is passed on to service providers as part of order processing, they are also obliged to maintain confidentiality and are bound by data protection laws, other statutory regulations and this privacy policy.

3. external links

This website may contain cross-references (links) to external websites that are not covered by this privacy policy. The operator of the website provides access to the use of these external Internet offers (§8 Telemedia Act), but is not responsible for their content, as he does not initiate the transmission of the information, does not select the addressee of the transmitted information and has not selected, changed or temporarily stored the transmitted information. When you leave the website, you are advised to carefully read the privacy policy of any other website.

4 Purposes and scope of data processing when visiting the website

4.1 Access to the website

Every time a user accesses a page of our website and every time a file is retrieved, access data about this process is stored in a log file on our server.

Each data record consists of:

• Information about the browser type and version used
• The operating system of the user's end device
• The user's internet service provider
• The IP address of the user
• The date and time of access
• The previous website from which the user accessed our website
• Various communication data

We store IP addresses in server log files for a period of 21 days.

This data is stored for reasons of data security in order to ensure the stability and operational security of our website.

The legal basis for this is Art. 6 para. 1 lit. f GDPR.

4.2 Cookies

Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

Cookies are stored on your computer. You therefore have full control over the use of cookies. By selecting the appropriate technical settings in your Internet browser, you can prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been saved can be deleted at any time. However, we would like to point out that you may then not be able to use all the functions of this website to their full extent.

4.2.1 Use of session cookies

Our website uses so-called session cookies. These are used to store information that can assign online activities to an individual browser session. This allows your device to be recognised when you return to our website. These cookies are automatically deleted when you close your web browser.

Session cookies are necessary for the proper operation of our website and are used to save your progress within a session in order to make browsing easier for you.

The legal basis for this is Art. 6 para. 1 lit. f GDPR.

4.2.2 Use of Google Analytics

We use Google Analytics to analyse website usage. The data obtained from this is used to optimise our website and advertising measures.

Google Analytics is a web analysis service operated and provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google processes the data on website usage and displays this data to us in statistical form. Google is contractually obliged to take measures to ensure the confidentiality of the processed data and is responsible for further data processing.

The following data is recorded during your visit to the website:

• Pages accessed
• Your behaviour on the pages (e.g. clicks, scrolling behaviour and time spent)
• Your approximate location (country and city)
• Your IP address (in abbreviated form, so that no clear assignment is possible)
• Technical information such as browser, internet provider, end device and screen resolution
• Source of origin of your visit (i.e. via which website or advertising medium you came to us)

This data is transferred to a Google server in the USA. Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future visits to the website. The recorded data is stored together with the randomly generated user ID, which makes it possible to analyse pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely. If you do not agree to the collection of this data, you can prevent it by installing the browser add-on to deactivate Google Analytics.

The legal basis for the use of the service is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time here.

Further information can be found at https://policies.google.com/privacy?hl=de.

4.3 Further data processing on our website

4.3.1 Contact by email, telephone, fax

If you contact us by e-mail, we will only use your personal data (name, e-mail address/telephone number/fax number, message text) to get in touch with you. We will only use your contact details to process your enquiry. Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. This is usually the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR.

5 Changes to our privacy policy

In order to ensure that our privacy policy always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy policy has to be adapted due to new or revised services, e.g. new services. The new privacy policy will then apply the next time you visit our website.

6 Rights of the data subject

Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to object under Art. 21 GDPR and the right to data portability under Art. 20 GDPR, provided that there are no legal requirements to the contrary (in particular under Art. 15, 17 GDPR, §§ 34 and 35 BDSG).

You have the right to object, on grounds relating to your particular situation, at any time to processing of your data which is based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests).

You have the right to object at any time to the processing of your data for the purpose of direct marketing. This also applies to profiling insofar as it is associated with such direct advertising.

To exercise your rights, a letter by post or e-mail is sufficient. You can contact our data protection officer at datenschutz@dermapharm.com and at the address given in the legal notice.

If you are of the opinion that the processing of your personal data is not lawful, you can lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).

7 Data transfer to third countries

Data is not transferred to bodies in countries outside the European Union (so-called third countries).

8. use of automated decision-making or profiling

In principle, we do not use fully automated decision-making or profiling in accordance with Article 22 GDPR. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.

Status of the privacy policy: 18/02/2020