Data protection
1 Privacy policy of Dermapharm GmbH (AT)
We, the operators of the Dermapharm GmbH (AT) website, take the protection of your personal data very seriously and adhere strictly to data protection regulations (GDPR, BDSG, TMG) and other legal provisions. The subject of data protection is personal data. This is all information that relates to an identified or identifiable natural person. This includes, for example, information such as name, postal address, e-mail address or telephone number, but also usage data such as your IP address.
We would like to inform you below about how we handle your personal data.
1.1 Responsible body and data protection officer
This privacy policy applies to all pages of dermapharm.com/at-de/ . It does not extend to any linked websites or internet presences of other providers.
1.2 Controller and data protection officer
The controller responsible for the processing of personal data within the scope of this privacy policy within the meaning of Art. 4 No. 7 GDPR is:
Dermapharm GmbH (AT)
Kleeblattgasse 4/13
1010 Wien
Österreich
Telefon: +43 (1) 3 19 30 01-0
Telefax: +43 (1) 3 19 30 01-40
eMail: office@dermapharm.at
If you have any questions about data protection with regard to our company or our website, you can contact our external data protection officer at:
Sebastian Heinemann
Interner Revisor DIIR/Seniorberater
Merkurhaus
Petersstraße 50
D-04109 Leipzig
Telefon: + 49 (0) 341 355821 -502
Fax: + 49 (0) 341 355821 -599
E-Mail: datenschutz@dermapharm.com
1.3 Purposes and scope of data processing when visiting the website
Each time a user accesses a page of our website and each time a file is retrieved, access data about this process is stored in a log file on our server.
Each data record consists of
- the page from which the file was requested (so-called referrer URL)
- the name of the file
- the date and time of the request (so-called “time stamp”)
- the amount of data transferred
- the access status (file transferred, file not found, etc.)
- The access method used (Get, Head, Post) and any violations thereof (Trace, Flurp, etc.)
- Encryption algorithm used (TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3) and cipher suite
- Violations against HPKP
- http protocol used (HTTP1.0, HTTP1.1, HTTP2.0) and violations of the RFC definition of the protocol
- Transmission compression used (gZIP, Deflate, Brotoli)
- Browser cache status for recurring visits
- Server cache responses and changes
- Violations of CSP (Content Security Policy)
- Violations of load and request restriction (DDOS)
- Violations against access restrictions of the server directories
We store IP addresses in server log files for a maximum period of 180 days (depending on the log file created).
Further use or forwarding of this data only takes place in the event of an error with the developer of the website. The evaluation is used to check the functionality of the web server or the website.
The data is stored for reasons of data security in order to ensure the stability and operational security of our website. The legal basis for this is Art. 6 para. 1 lit. B GDPR.
We do not pass on your data to third parties unless you have consented to this. For certain areas (e.g. the hosting of our website), however, we are dependent on the use of service providers, which we usually oblige to comply with the legal requirements through order processing.
1.4 Collection, use and disclosure of personal data
Personal data is only stored if you provide it to us voluntarily, e.g. when you register on the website, order information material or subscribe to the newsletter. We use your personal data exclusively for the technical administration of our website, to give you access to special information and for other communication with you. We take precautions to protect your personal data from loss, destruction, falsification, manipulation and unauthorized access. The statutory data protection regulations are of course observed. In exceptional cases, e.g. in the case of inquiries about bite away® products, we reserve the right to pass on your personal data to the currently registered and responsible manufacturer. Our employees are obliged to maintain confidentiality. If data is passed on to service providers as part of commissioned data processing, they are also obliged to maintain confidentiality and are bound by data protection laws, other statutory regulations and this privacy policy.
1.5 External links
This website may contain cross-references (links) to external websites that are not covered by this privacy policy. The operator of the website provides access to the use of these external websites, but is not responsible for their content, as it does not initiate the transmission of the information, does not select the addressee of the transmitted information and has not selected, changed or temporarily stored the transmitted information. When you leave the website, we recommend that you carefully read the privacy policy of every other website.
2 Data collection and processing
2.1 Collection and processing when using the contact form
When you use the contact form, we only collect your personal data (name, email address, telephone number, message text, address) to the extent that you provide it. The data processing serves the purpose of contacting you. The processing is carried out on the basis of Art. 6 para. 1 lit. B GDPR.
We only use your personal data to process your request. Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
2.2 Contact by email, telephone, fax
If you contact us by email, we will only use your personal data (name, email address, message text) to get in touch with you. The processing takes place on the basis of Art. 6 para. 1 lit. B GDPR. We only use your e-mail address to process your request. Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is usually the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
2.3 Newsletter mailing
You may be able to subscribe to newsletters with general and product information on our website, provided you have expressly consented to this. The processing takes place on the basis of Art. 6 para. 1 lit. B GDPR with your consent. When you register for the newsletter, the data from the input screen is transmitted to us. To receive the newsletter, it is sufficient to provide an email address. Your consent is given as part of a so-called double opt-in. In this context, the IP address of the accessing computer and the date and time of registration are also logged to document your consent. You can withdraw your consent at any time with effect for the future and unsubscribe from our newsletter, for example by using the unsubscribe option provided in the newsletter.
3 Plugins
3.1 Cookies
Our website uses cookies. Cookies are small text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. In the case of a login, this cookie contains a characteristic string of characters that ensures unique identification of the browser for the duration of the login. As a rule, cookies are used to manage website metadata and do not contain any personal data.
We use cookies for the purpose of making our website more user-friendly, effective and secure. Some functions of our website cannot be offered without the use of cookies. The processing is carried out on the basis of Art. 6 (1) lit. F GDPR for the legitimate interest in the above-mentioned purposes.
The data collected from you in this way is pseudonymized by technical precautions. It is therefore no longer possible for us as the website operator to assign the data to your person. The data is not stored together with other personal data we collect from you.
Cookies are stored on your computer. You therefore have full control over the use of cookies. By selecting the appropriate technical settings in your Internet browser, you can prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been saved can be deleted at any time. However, we would like to point out that you may then not be able to use all the functions of this website to their full extent. You can find out how to manage (including deactivating) cookies in the most important browsers by clicking on the links below: Chrome, Internet Explorer, Firefox, Safari.
3.2 Google Analytics
We use Google Analytics to analyze website usage. The data obtained from this is used to optimize our website and advertising measures.
Google Analytics is a web analytics service provided and operated by Google Ireland Limited (“Google”), a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the confidentiality of the processed data.
The following data is recorded during your visit to the website
- Pages accessed
- Your behavior on the pages (e.g. clicks, scrolling behavior and dwell time)
- Your approximate location (country and city)
- Your IP address (in abbreviated form, so that no clear assignment is possible)
- Technical information such as browser, internet provider, end device and screen resolution
- Source of origin of your visit (i.e. via which website or advertising medium you came to us)
This data is transferred to Google servers in the USA. We would like to point out that the same level of data protection cannot be guaranteed in the USA as within the EU. Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognized on future visits to the website. The recorded data is stored together with the randomly generated user ID, which makes it possible to analyze pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.
The Google Analytics service is used to analyze the usage behavior of our website. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. If you do not consent to the collection of data, you can prevent this by installing the browser add-on to deactivate Google Analytics.
3.3 Google Ads
This website also uses conversion tracking. This is a service provided by Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Ads places a cookie on your computer if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Google Ads customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking.
Google Ads customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
The legal basis for the use of this Google service is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example, by using a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “www.ads.google.com”. You can find Google's privacy policy on conversion tracking here.
3.4 Google Tag Manager
This website uses Google Tag Manager. This is a service provided by Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This organizational tool makes it possible to centrally integrate and manage various tracking tools. This involves inserting sections of code, also known as tags, into the source code of the website, for example to track user activities, support marketing tools, set cookies and track users across different websites.
We use Google Tag Manager to make the maintenance of our website more efficient and to provide a better user experience. This tool allows us to easily integrate the necessary scripts and manage them from a central location without the need for programming knowledge.
The Google Tag Manager itself does not store any data and does not set any cookies. The data collected by the implemented tags is forwarded directly to the corresponding tracking tools, such as Google Analytics. Please refer to the data protection texts of the individual analysis and tracking tools to find out what data is collected, stored and processed.
In the Tag Manager account settings, we have allowed Google to receive anonymized data, but this is solely for the use of the Tag Manager itself and not your personal data collected via the implemented code sections. We agree to the anonymous sharing of website data, with Google deleting any information that could identify our website. The collected data is merged anonymously with other website data in order to analyze trends and optimize processes.
3.5 Google Remarketing
This website uses Google Remarketing, an advertising analysis tool. This is a service provided by Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses cookies, which are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookies about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. The IP address is then shortened by Google by the last three digits, so that a clear assignment of the IP address is no longer possible. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
Third-party providers, including Google, place ads on websites on the Internet. Third-party providers, including Google, use stored cookies to place ads based on a user's previous visits to this website. Google will not associate your IP address with any other data held by Google. You can object to the collection and storage of data at any time with effect for the future. You can deactivate the use of cookies by Google by visiting the page for deactivating Google advertising. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
This service is used to analyze the usage behavior of our website and to address users individually with remarketing campaigns. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can object to the collection and storage of data at any time with effect for the future. Further information on Google's provisions can be found at https://policies.google.com/privacy?hl=de.
3.6 Google Web Fonts
This website uses Google Fonts for the uniform display of fonts. Google Fonts is a service provided by Google Ireland Limited (“Google”), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Fonts play a key role in maintaining the quality of our website. All Google fonts are automatically optimized for web use, which leads to efficient data transmission and is particularly advantageous for mobile devices. The small file size of Google fonts ensures that our website loads quickly, which has a positive effect on the user experience.
The Google fonts are installed locally on our server. There is no connection to Google servers.
3.7 YouTube
We incorporate YouTube videos into our online offering, which are stored at www.youtube.com and can be played directly from our website. YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
YouTube automatically records your IP address, the date and time of access, as well as information about the website you visited and the video you viewed. This takes place regardless of whether you are logged in to YouTube via a user account or not. In addition, a connection to the Google advertising network is established.
If you access one of our web pages with an embedded YouTube video without playing the video, no data will initially be transmitted to YouTube if YouTube's "extended data protection mode" is activated. The data will only be transmitted when you start the video.
We set a cookie to save your settings regarding video playback and data transmission to YouTube. These cookies do not contain any personal data, but are only used to customize your browser.
If you are logged in to YouTube at the same time, YouTube can link the connection information to your YouTube account and use it for personalized advertising.for more information, see Google's privacy policy: www.google.de/intl/de/policies/privacy/.
We use YouTube to show you videos on our websites. The legal basis for processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
3.8 Usercentrics Consent Management
We use the Usercentrics Consent Management Platform on our website as a consent management tool as part of our analytics activities. The service provider is the German company Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany.
The Usercentrics Consent Management Platform uses JavaScript to collect log file and consent data. This JavaScript makes it possible to inform users about their consent to certain tags on our website and to obtain, manage and document this consent.
The following consent data is collected during processing: anonymized logbook data (Consent ID, Processor ID, Controller ID), consent status and timestamp, data of the devices used (including shortened IP addresses (IP v4, IP v6), device information and timestamp) and user data (including email, ID, browser information, SettingIDs, changelog). The ConsentID (contains the above-mentioned data) and the Consent status including timestamp are stored in the local memory of your browser and simultaneously on the cloud servers used. Further processing will only take place in the event of a request for information or revocation of your consent.
No user information is stored for the statistical evaluation of consents granted or not granted. Only the frequency and locations of clicks are logged.
The personal data is stored on a Google Cloud server based in the EU (Brussels, Frankfurt am Main).
The purpose of processing your data is to analyze and manage the consents given in order to comply with our obligation to manage consent in accordance with the GDPR. The use of Usercentrics serves the purpose of providing evidence of granted and non-granted consents and their management. The legal basis for the management of your consent to the processing of your personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the legally compliant documentation and verifiability of consent, the control of marketing measures based on the consent given and the optimization of consent rates.
3.9 Use of OpenStreetMap
Our website uses map material from the open source service “OpenStreetMap” (OSM), provided by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The integration takes place via an API so that map content is loaded directly from the servers of the OpenStreetMap Foundation. This may result in the transmission of your IP address and possibly other technical data to the OSM servers. This data processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in order to provide you with an appealing and functional presentation of our location. Further information on data processing by the OpenStreetMap Foundation can be found at: wiki.osmfoundation.org/wiki/Privacy_Policy
3.10 DocCheck Log-In
Certain information about prescription drugs on this website may only be made available to persons who belong to the medical profession. To verify your access authorization, we are therefore obliged to request proof of your professional affiliation. For this purpose, we use the external service of DocCheck Medical Services GmbH via an iframe. Your registration data stored with DocCheck will be transmitted to DocCheck for verification each time you register. We do not process any further data from you in this context, but merely initiate data processing through the integration. This serves the proper provision of information, which is our legitimate interest. The legal basis is therefore Art. 6 para. 1 lit. f GDPR.
Further information can be found at http://info.doccheck.com/de/privacy/.
4 Protection of minors
Consent to the processing of personal data can only be given by a person of legal age. For services of Dermapharm GmbH (AT), the consent of a child is permitted from the age of sixteen in accordance with Art. 8 GDPR.
5 Changes to our privacy policy
In order to ensure that our privacy policy always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy policy has to be adapted due to new or revised services, for example new services. The new privacy policy will then apply the next time you visit our website.
6 Rights of the data subject
You have the following rights under the provisions of the GDPR:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (“right to be forgotten”) (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to notification - notification obligation in connection with the rectification or erasure of personal data or the restriction of processing (Art. 19 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right not to be subject to a decision based solely on automated processing, including profiling (Art. 22 GDPR)
You can contact us at any time at datenschutz@dermapharm.com or using the contact details provided in section 1.2 above to assert all these rights and for further questions on the subject of personal data.
Irrespective of this, you have the right to lodge a complaint with a supervisory authority - in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement - if you consider that the processing of personal data relating to you infringes the GDPR or other applicable data protection laws (Art. 77 GDPR, Section 19 BDSG).
7 Data transfer to third countries
Data is not transferred to bodies in countries outside the European Union (so-called third countries) (Note: Please note the information on this under section 3).
8 Use of automated decision-making or profiling
In principle, we do not use fully automated decision-making or profiling in accordance with Article 22 GDPR. If we use these procedures in individual cases, we will inform you separately if this is required by law. (Note: Please note the information on this under section 4-6).
Status of the privacy policy
This privacy policy is currently valid and was last updated in June 2025.