This privacy policy informs you as a user of our website and our offers about the nature, scope and purpose of the collection and use of personal data.

We expressly point out that data transmission on the Internet (eg communication by e-mail) security gaps and can not be completely protected against access by third parties.

This privacy policy is currently valid and has the status February 2021. Due to the further development of our website and offers or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed and printed out at any time on our website at https://www.ursapharm.de/datenschutz/ by you.

1. 1 Data controller

The data controller is:

URSAPHARM Arzneimittel GmbH

Industriestrasse 35

66129 Saarbrücken

Germany

Telephone: +49 (0) 6805/9292-0

Telefax: +49 (0) 6805/9292-88

Email: datenschutz@ursapharm.de

1.2 Privacy Officer

Privacy Officer URSAPHARM Arzneimittel GmbH

Industriestrasse 35

66129 Saarbrücken

E-mail: datenschutz@ursapharm.de

1.3 Disclosure of data to third parties and third-party providers

We comply with the legal requirements. Data will only be passed on to third parties within the scope of legal regulations.

General information

2.1 Integration of services and content of third parties

We may use services of third parties within our website, for example, to integrate external media, perform analyses, etc.. This is always done on the basis of a legal basis, such as on the basis of our legitimate interests (such as our interest in the analysis, optimization and economic operation of our website) within the meaning of Art. 6 para. 1 lit. f DSGVO or - where necessary in individual cases - on the basis of your previously given consent pursuant to Art. 6 para. 1 lit. a DSGVO.

Such services generally require that the third-party providers, perceive the IP address of users, as they could not send the corresponding content to their browser without the IP address. The IP address is thus required for the display of such content. We strive to use only services whose respective providers use the IP address only for the delivery of the content. Some third-party providers also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be combined with such information from other sources.

For more detailed information on which services are actually used on this site and how the data is processed within their framework, as well as the relevant legal basis, please refer to the explanations of the respective services in the further course of this privacy policy.

2.2 Types of data processed

We collect and process on our website inventory data (e.g. names, addresses), contact data (e.g. e-mail addresses, telephone numbers, fax numbers, postal address), usage data (e.g. web pages visited, links clicked, interest in content, access times, access locations), content data (e.g. comments, text input, photos, videos) and meta and communication data (e.g. device information, browser information, IP addresses).

2.3 Categories of data subjects

The data subjects of the processing of personal data are all visitors and users of our website.  

2. 4 Purpose of processing

We collect and process the personal data of the users of our website in order to communicate with them and to inform them (e.g. contact and other inquiries), to carry out statistics, reach measurement and analyses (e.g. with marketing and analysis tools), so that we can better design and optimize content and functions, to technically manage and optimize the website and to close security gaps.

2.5 Legal basis for the processing of personal data 

We process personal data only if we are entitled to do so on the basis of a legal basis. In the following, we will name these legal bases individually in the context of the respective processing operations. In general, we are always entitled to process personal data if the data subject has consented (see Art. 6 para. 1 lit. a, Art. 7 DSGVO), if we are obliged to fulfill contractual or pre-contractual obligations (see Art. 6 para. 1 lit. b DSGVO), if we have to fulfill legal obligations (see Art. 6 para. 1 lit. c DSGVO) or if we safeguard our legitimate interests (see Art. 6 para. 1 lit. f DSGVO).

2.6 Receivers of personal data

We may transfer personal data to processors or other third parties (e.g. hosting agencies, etc.) with whom we cooperate. We are entitled to do this if the data subject has consented to this (see Art. 6 para. 1 lit. a, Art. 7 DSGVO), if we thereby fulfill contractual or pre-contractual obligations (see Art. 6 para. 1 lit. b DSG-VO), if we thereby fulfill a legal obligation (see Art. 6 para. 1 lit. c DSGVO) or if we safeguard our legitimate interests (see Art. 6 para. 1 lit. f DSGVO). With order processors we conclude a so-called order processing agreement in accordance with Art. 28 DSGVO, according to which they also undertake to comply with data protection.

2.7 Hosting

This website is hosted on the servers of Hetzner Online GmbH. The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this website. In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of all users of this website. The legal basis for the use of hosting services is the protection of our legitimate interests in the analysis, optimization and the economic and secure operation of our website (see Art. 6 para. 1 lit. f DSGVO). We have concluded corresponding order data processing agreements with our hosting providers.

2.8 Access data / server log files

On the basis of our legitimate interest according to Art. 6 para. 1 lit. f DSGVO, we collect data about every access to our website (so-called web server log files). The processed data includes IP address, time of access, type of request, protocol, HTTP status, referer, browser type and version, operating system and the message about the successful retrieval. The data is used for statistical analysis for the purpose of operation, security and optimization of the offer. The data is stored for security reasons (e.g. for the clarification of cases of abuse) for a period of 7 days. The IP address is only stored anonymously. If longer storage is necessary for evidentiary purposes, they will be deleted after the final clarification of the matter.

2.9 Cookies

Furthermore, cookies are stored on your computer when you use our website. Cookies are small text files that allow specific information related to the device to be stored on the user's access device (PC, smartphone, other end devices). They are used for the user-friendliness of websites (e.g. storage of login data), the collection of statistical data on website usage and for analysis for the purpose of improving the website. Cookies cannot execute programs or transfer viruses to your computer.

You can prevent the storage of all or only certain cookies by setting your browser accordingly in the security settings. Cookies that have already been stored can be deleted in the browser. In these cases, however, the use of the website may be limited.

This website uses the following types of cookies:

• Transient (temporary) cookies
• Persistent (permanent) cookies

Transient cookies are automatically deleted when you close the browser or log out. These include in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website.

Persistent cookies are automatically deleted after a specified duration, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

Both types of cookies can come from us (then "first-party cookies") or from third parties ("third-party cookies").

Such cookies that enable the secure functioning of the website in the first place and such cookies that only statistically record the general usage behavior (eg. the access to the website at all as well as the time of access), without merging user data across websites, without using external servers or services and without establishing traceability, we use on the basis of our legitimate interest in a secure and functional provision of the website as well as for statistical purposes to optimize our Internet presence in accordance with Art. 6 para. 1 lit. f DSGVO.

The use of other cookies is based solely on your previously given consent in accordance with Art. 6 para. 1 lit. a DSGVO. Such cookies usually serve the optimization of our offer and the development and economic optimization of individual marketing measures. You can give your consent for the cookies and tools in question voluntarily when you call up our website for the first time. You can change your decision at any time on our website.

Disable/object to cookies:

You can generally opt-out of the use of cookies used for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally the US website (http://www. aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Furthermore, you can prevent cookies from being stored by setting this in your browser's security settings. However, you may then not be able to use all the functions of this website.

These options apply to all the cookies mentioned below that we use for on this website.

2.10 eTracker

We use on our website the service etracker Analytics of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Imprint: https://www.etracker.com/impressum/ (hereinafter referred to as "etracker"). Here you can find FAQ from etracker regarding the DSGVO: https://www.etracker.com/docs/faq/eu-dsgvo/. You can access etracker's privacy policy here: www.etracker.com/datenschutz/. We have concluded a corresponding contract for order processing with the company etracker.  

We use etracker Analytics based on our legitimate interest according to Art. 6 para. 1 p. 1 lit. f DSGVO, in this case in the interest of evaluating our website and improving it for you as a user. As standard, etracker Analytics does not use cookies, but records the visit behavior (by means of purely technical parameters, such as the shortened IP address or the browser used) within a session (website visit) by means of cookieless session tracking. A fingerprinting process is used to generate a hash value (a combination of characters from which the original data cannot be derived) from purely technical data (such as the shortened IP address or the browser used), to which the date of the page call is also added in order to make it even less likely that the identity of the user can be deduced. This value is automatically deleted every 24 hours. Within the 24 hours, it is possible to analyze user behavior through this fingerprint.

You can object to the data processing at any time here:

https://www.etracker.com/docs/data-services/remarketing-feed/) as well as access to user profiles in real time are possible.

We maintain online presences within various so-called social media platforms. You can either reach our presences via search engines, via the platforms themselves or follow the links on our website. We would like to point out that on these platforms your data is partly processed by us and partly by the platform operators, which can sometimes also happen outside the european union. For the details of the processing, the risks and legal bases etc., please compare the data protection declarations linked below for the respective presences.

3.1 Facebook-FanPage

Our data protection declaration as well as the information about the subject responsible (imprint) for our Facebook-FanPage can be found here: Privacy Facebook | Imprint

When contacting us (e.g. via contact form, e-mail or via our Facebook account), your details will be processed in accordance with Art. 6 lit.b GDPR in order to process the request and in the event that follow-up questions arise. Your data will be deleted as soon as we have fully processed your request.

We also point out the following: As a pharmaceutical company, we are legally obliged to report requests that describe drug and medical device safety-related events, to document them and, if necessary, to report them to the competent authorities. This notification may also include personal information, such as your name, place of residence, health claims or the like, if you have disclosed it explicitly and voluntarily to us. In order to obtain further information, it may be necessary for URSAPHARM to contact you. The legal basis for this data processing is Art. 6 sec.1 lit. c GDPR together with Section 3 MPSV or Section 63 c AMG. Furthermore, for reasons of pharmacovigilance, we are obliged in this case to store your data for at least 5 years for testing purposes in accordance with the legal requirements. After the end of the legal periods, your data will be deleted or anonymized.

We offer you a newsletter on our website (either permanently or, if applicable, only as part of trade fair, promotion or sweepstake promotions) to inform you about current topics (exclusive sweepstakes, product offers, general information, news, promotion and trade fair promotions, etc.).

You can register to receive the newsletter by entering your title, e-mail address and last name in our registration form on the website or in our registration form for the sweepstakes, so that we can verify the accuracy of your data. Your e-mail address will be activated for the distribution of our newsletter by means of a so-called opt-in procedure. After registration, you will receive a confirmation e-mail from us in which you must click on a link contained therein in order to finally register your address effectively.

The newsletter will be sent approximately six times a year to the e-mail address you have provided. We process your data on the basis of your consent (Art. 6 sec. 1 lit. a DSGVO) exclusively for sending the newsletter and delete it immediately after unsubscribing from our newsletter. When you confirm the link in the double opt-in email, the date and time of registration are also stored on the basis of our legitimate interest (i.e. to provide proof of registration; Art. 6 sec. 1 lit. f DSGVO) are stored.

We send our newsletter via the provider CleverReach (CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede). For this purpose, the data you provide is stored and transmitted to CleverReach in encrypted form. You can find more information about data security at CleverReach here:  https://www.cleverreach.com/de/datensicherheit/  

If you no longer wish to receive our newsletter, you can unsubscribe via the unsubscribe function contained in each newsletter or via the unsubscribe form contained on our website or by means of a link contained in the newsletter or by other communication to us.

We sometimes host sweepstakes / competitions that we promote on our website and/or on our social media presences and to which you can register via a corresponding subpage on our website.

In this respect we cooperate with external agencies for the event. The details of the associated data processing can be found in the competition conditions. This includes the indication of the agency, which cooperates with us in the respective case and processes the data of the participants accordingly for the processing of the competition. The data will therefore be passed on to these agencies. Otherwise, no transfer will take place.

Participation in a competition usually requires the registration of participants with personal data, typically a title, first name, name and e-mail address. The data processing is carried out on the basis of Art. 6 sec.1 lit. b GDPR or – if necessary – on the basis of your consent in accordance with Art. 6 sec.1 lit. a GDPR. The respective terms and conditions apply.

The winners will be published anonymously (i.e. first name, abbreviated last name, shortened place of residence) on our website. The data will be used solely for the purpose of the competition and will be deleted, with the exception of the winning data, after the winners have been determined. The winners' data will also be processed for winning notification and for the dispatch of the winnings and then deleted. Only with your express consent will it be used beyond this purpose, e.g. for sending the newsletter.

We have committed the respective agencies that act in accordance with our instructions to comply with the data protection laws, also and in particular in the sense of the foregoing, and have concluded corresponding data processing contracts with them.

You can request information about the data stored about you at any time free of charge at the above address. In addition, under certain conditions, you may request the correction or deletion of your stored personal data. Furthermore, you may have the right to restrict the processing of your data as well as a right to the publication or transfer of the data provided by you in a structured, common and machine-readable format. If the processing of your personal data is based on your consent, there is also the right to revoke the consent at any time. This does not affect the legality of the processing carried out on the basis of consent until the revocation.

Right to object

You have the right to object at any time to the processing of your personal data, which is based on Article 6 sec. 1 lit. f) GDPR. In particular, an objection may be made to the processing for direct marketing purposes.

You can also contact the above-mentioned data protection officer or a data protection supervisory authority with a complaint.

The supervisory authority responsible for us is:

Unabhängiges Datenschutzzentrum Saarland

Die Landesbeauftragte für Datenschutz und Informationsfreiheit

Fritz-Dobisch-Straße 12

66111 Saarbrücken

Telephone: (0681) 94781-0

Telefax: (0681) 94781-29

E-mail: poststelledatenschutz.saarland.de