Information on data protection in accordance with
Article 13 of the General Data Protection Regulation
Protecting your personal data is very important to MCS Pharma GmbH, which operates this website. We treat your personal data confidentially and in compliance with the statutory data protection regulations and this declaration on data protection. A range of personal data is collected when you use this website. Personal data are data that can be used to identify you personally. This data protection declaration explains which data we collect and what the data are used for. It also explains how and for what purpose the data are used. Please note that data transmission via the internet (e.g. in email communications) can be exposed to security breaches. It is not possible to completely protect data from being accessed by third parties.
1. Name and contact details of the data controller:
MCS Pharma GmbH
Dr. med. Harry Grossmann:
Bruchköbeler Landstraße 47, 63452 Hanau, Germany
2. Contact details of the data protection officer:
MCS Pharma GmbH
Bruchköbeler Landstraße 47
63452 Hanau
Germany
E-mail: mcspharma@web.de
Phone: 0049-6181-258116
Fax.: 0049-6181-251906
3. Data processing in connection with provision of the website
3.1 Scope of processing
Every time our website is accessed, our system generates automated data and information from the web-enabled system with which you as the user (“data subject”) visit our website. These data are stored and processed on our server in a log file. The following personal data are collected:
- Browser type and version used
- User’s operating system
- User’s internet service provider
- User’s IP address
- Date and time of access
- Websites from which the user’s web-enabled system accessed our internet page
- Websites called up by the user’s web-enabled system from our website
3.2 Purpose of processing
The IP address is a series of digits that clearly identifies your web-enabled system when it accesses our website. The IP address is used to send and receive data packages and enables users to access a website. Temporary storage of the IP address on our server is necessary to transmit the page content to the user’s web-enabled system when accessing our website; otherwise this content cannot be displayed.
Storage in log files is necessary to ensure that the website functions and to establish any transmission errors. In addition, we use these data to optimise our website and to safeguard the security of our IT systems. These data are not evaluated for marketing purposes.
3.3 Legal basis of processing
Data processing is based on our legitimate interests in accordance with Article 6(1) Sentence 1 letter f GDPR.
3.4 Legitimate interests
We have a legitimate commercial and non-commercial interest in presenting our company to the public via a website.
3.5 Recipients or categories of recipients
Personal data are passed on to our IT department and to contractors, who are used for hosting and the provision of the IT resources required to operate our website.
3.6 Transfer to third countries
We do not intend to transfer personal data to foreign countries.
3.7 Duration of storage
Personal data are deleted when they are no longer required for the purpose for which they were collected. Where data are collected for the provision of the website, this is when the session ends. The user’s IP address has to be stored for the duration of the session to permit use of the website.
If the data are stored in the log file, the data collected by this file are deleted after seven days at the latest. Storage for a longer period is possible. In this case, users’ IP addresses are deleted or anonymised, so allocation to the web-enabled system that accessed the website is no longer possible.
3.8 Right to object and right to erasure
As the data subject, you have the right to object at any time, on grounds relating to your personal situation, to processing of personal data concerning you which is based on Article 6(1) Sentence 1 letter e or f GDPR (Article 21(1) GDPR). Processing of personal data in order to provide this website and to generate log files is essential for the administration and maintenance that operating this website entails. Therefore, users cannot object to this type of processing.
3.9 Obligation to provide information (Article 13(2) letter e GDPR)
Providing your data for the processing of log files is voluntary. If you do not provide your data, we may not be able to address your web-enabled system, and you may not be able to use our website.
4. Processing of cookies
4.1 Scope of processing
Our website uses cookies. Cookies are text files that are stored in or by the internet browser on the user’s web-enabled system as soon as the user accesses our website. Cookies contain characteristic series of characters that allow clear identification of the browser on subsequent visits to the website.
We use cookies to make our website more user-friendly. In addition, some page elements on our website require the internet browser that accesses our website to be identified when moving to another page on the website.
4.2 Purpose of processing
The purpose of using technical cookies is to make it simpler for users to use websites. Some functions on our website cannot be offered without enabling cookies. For these, it is necessary to recognise the internet browser even after the user has called up a different page. These technical cookies collect and store data and transmit it to us to allow our website to be called up from the database and to store the shopping cart for membership applications. The user data collected by these technical cookies are not used for profiling.
4.3 Legal basis of processing
Data processing is based on our legitimate interests in accordance with Article 6(1) Sentence 1 letter f GDPR.
4.4 Legitimate interests
We have a legitimate commercial interest in presenting our company to the public and promoting our products. For that purpose, it is necessary to offer a website that meets generally accepted usage standards and offers users simple use of the website in accordance with their needs and interests.
4.5 Recipients or categories of recipients
Cookie data are passed on to our internal departments and to contractors who are used for hosting and the provision of IT resources.
4.6 Transmission to third countries
We do not intend to transfer personal data to foreign countries.
4.7 Duration of storage
Personal data are deleted when they are no longer required for the purpose for which they were collected. Where data are processed for the provision of our website, this is when the session ends. Cookies are stored on the user’s web-enabled system and transmitted by this system to our server. As the user, you therefore have complete control over the use of cookies. By altering the setting in your internet browser, you can disable or restrict the transmission of cookies. Cookies that are already stored can be deleted at any time. This can also be done automatically.
4.8 Right to object and right to erasure
The data subject has the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her which is based on Article 6(1) letter e or f, GDPR (Article 21(1) GDPR). If cookies are disabled for our website, full use of all functions on our website may not be possible.
4.9 Obligation to provide information (Article 13(2) letter e GDPR)
Providing your data for the processing of cookies is voluntary. If you do not provide your data, we may not be able to address your web-enabled system and you may not be able to use our website or to use it in full.
5. Processing with Google Analytics
5.1 Scope of processing
We use the functions of Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses “cookies”. These are text files that are stored on your computer and that permit analysis of your use of the website. Google uses this information on our behalf to evaluate your use of the website and compile reports on your website activity.
5.2 Purpose of processing
We use these data for user-oriented structuring and optimisation of our website and to safeguard the security of our IT systems. We will also use the data for marketing purposes to improve our understanding of our customers’ and members’ interest in our products, services and membership offers and to provide practical solutions.
5.3 Legitimate interests
If data processing is based on Article 6(1) letter f GDPR – in other words, on our legitimate interests – we are required to inform you of the legitimate interests pursued by us or by a third party. Your data are processed in pursuit of our legitimate interest in analysing our market presence, the effectiveness of recruiting members and our public image. To this end, Google Analytics provides use with anonymised visitor statistics from which we can see when the site was accessed from which country.
5.4 Recipients or categories of recipients
Your personal data are passed on to our internal departments and to contractors who are used for the provision of IT resources. They are not passed on to other recipients. A data processing contract has been concluded with Google.
5.5 Transmission to third countries
As a rule, data on your usage of this website are transmitted to a Google server in the USA, where it is stored. We have activated the IP anonymisation function on the website. Therefore, in the member states of the European Union and other states party to the Agreement on the European Economic Area, Google shortens your IP address before it is transmitted to the USA. Only in exceptional circumstances will your full IP address be transmitted to a Google server in the USA and shortened there.
5.6 Duration of storage
User data are stored for 26 months. It is not possible to identify individuals on the basis of the reports prepared by Google Analytics.
5.7 Obligation to provide information (Article 13(2) letter e GDPR)
Providing your data for processing by Google Analytics is voluntary. You will not be placed at a disadvantage if you do not provide your data.
5.8 Right to object and right to erasure
The data subject has the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her which is based on Article 6(1) letter e or f, GDPR (Article 21(1) GDPR). The processor no longer processes the personal data from then on.
You can prevent Google Analytics from collecting your data by setting an opt-out cookie. The opt-out cookie prevents collection of your data when you visit this website in the future: Disable Google Analytics.
In addition, you can prevent Google from collecting the data generated by the cookie relating to your use of the website (including your IP address) and processing these data by downloading and installing the browser plugin available from the following link: tools.google.com/dlpage/gaopt
6. Processing of customer and supplier data
6.1 Scope of processing
You can contact us by post, email, fax, phone and text message. You can contact us by providing your personal data, especially your name, address, communication details and other content; we will reply and this will involve processing your personal data.
6.2 Purpose of processing
Your personal data will be processed in order to identify you, to allocate your communication to an existing contract or other contractual relationship where appropriate, to process your communication and to reply to it. The personal data that you transmit to us via your communication medium will be processed for the purpose of dealing with and replying to your communication.
6.3 Legal basis of processing
If you have given your consent to the processing of the personal data specified in subsection 6.1 for the purposes set out in subsection 6.2, processing will be based on your consent in accordance with Article 6(1) Sentence 1 letter a GDPR.
Processing of the above personal data may be necessary in specific cases for the performance of a contract to which you are a party or for the performance of steps undertaken at your request prior to entering into a contract, Article 6(1) Sentence 1 letter b GDPR.
Processing of personal data is also undertaken on the basis of our legitimate interests in accordance with Article 6(1) Sentence 1 letter f GDPR.
6.4 Legitimate interests
We have a legitimate commercial interest in being contactable via our communication media in order to process and reply to enquiries.
6.5 Recipients or categories of recipients
Your personal data will be processed internally and possibly forwarded to external recipients where necessary to deal appropriately with your enquiry. Public bodies on the basis of overriding legal regulations. Other external bodies insofar as the data subject has given consent and transmission is permissible on the basis of overriding interests.
6.6 Transmission to third countries
We do not intend to transfer personal data to foreign countries. Your data may be processed outside the European Union in connection with performance of the contract.
6.7 Duration of storage
Personal data are deleted when they are no longer required for the purpose for which they were collected. The period for which the data are stored depends on statutory retention periods and is normally 10 years.
7. Information on data security
For security reasons and to protect the transmission of confidential content such as enquires that you send to us as the operator of this site, this website uses SSL or TLS encryption. You can recognise an encrypted connection by a change in the address line in your browser from “http://” to “https://” and the padlock symbol in your browser toolbar. When SSL or TLS encryption is activated, data you transfer to us cannot be read by third parties.
8. Your rights as a data subject
1. Right to withdraw consent: Under Article 7(3) GDPR, you have the right to withdraw the consent you have given to the data controller at any time. In this case, data processing that was based on your consent may no longer be performed in the future.
2. Right to access: Under Article 15 GDPR, you have the right to obtain information on the personal data processed by the controller. In particular, you can obtain information on the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data have been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request rectification or erasure of the data, to restrict or object to processing of the data, the existence of a right to lodge a complaint, the source of the data if they were not collected by us, and the existence of automated decision-making, including profiling and, where relevant, meaningful information providing details of this.
3. Right to rectification: Under Article 16 GDPR, you have the right to demand rectification, without undue delay of incorrect or incomplete personal data stored by the data controller.
4. Right to erasure and right to be forgotten: Under Article 17 GDPR, you have the right to demand erasure of your personal data stored by the controller, unless processing is necessary to exercise the right to freedom of expression and information, to comply with a legal obligation, in the public interest or to establish, exercise or define legal claims.
5. Right to restrict processing: Under Article 18 GDPR you have the right to restrict processing of your personal data if the accuracy of the personal data is contested by you, processing is unlawful but you oppose erasure of the data, we no longer need the data but you require them for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Article 21 GDPR.
6. Right to data portability: Under Article 20 GDPR you have the right to receive personal data that you have made available to us in a structured, commonly used and machine-readable format and the right to demand transmission of the data to another controller.
7. Right to complain: Under Article 77 GDPR, you have the right to submit a complaint to a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence, place of work or the seat of the controller.
8. Right to object: If your personal data are processed on the basis of legitimate interests in accordance with Article 6(1) Sentence 1 letter f GDPR, you have the right under Article 21 to object to processing of your personal data on grounds relating to your particular situation. Below we explain how you can exercise your right to object.