DATA PRIVACY POLICY

1) Information on the collection of personal data and contact details of the person in charge

We are pleased that you are visiting our website and thank you for your interest. In the following we will inform you about how we handle your personal data when you use our website. Personal data are all data with which you can be personally identified.

Your personal data (e.g. name, address, e-mail, telephone number, etc.) will only be processed by us in accordance with the provisions of European and German data protection law. The legal basis for data protection can be found in the EU General Data Protection Regulation (GDPR) and the German laws Bundesdatenschutzgesetz (BDSG) and Telemediengesetz (TMG).

The person responsible for data processing on this website within the meaning of the EU General Data Protection Regulation (GDPR) is:

ALLERGIKA Pharma GmbH
Hans Urmiller Ring 58
D 82515 Wolfratshausen

Tel.: 08171-4225-7
Fax: 08171-4225-854
E-Mail: info@allergika.de

The controller of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

The responsible person has appointed a data protection officer for this website, who can be reached as follows: „datenschutzbeauftragter@allergika.de“.

For security reasons and to protect the transmission of personal data and other confidential contents (e.g. orders or inquiries to the responsible person), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

2) Data collection when visiting our website

When using our website for informational purposes only, i.e. when you do not register or otherwise provide us with information, we only collect the data that your browser sends to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website:

– Date and time of access
– Amount of sent data in bytes
– Source/reference from which you reached the page
– Used Browser
– Operating system used
– IP address used (if necessary: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 letter f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are concrete indications of illegal use.

3) Data processing when opening a customer account and for contract processing

In accordance with Art. 6 Para. 1 lit. b) GDPR, personal data will continue to be collected and processed if you provide us with this information for the purpose of executing a contract or opening a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above mentioned address of the responsible person. We store and use the data you provide us with for the purpose of contract processing. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by us.

4) Making contact

Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of a contact form can be seen from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted after final processing of your request. This is the case if it can be deduced from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal storage obligations to the contrary.

5) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognize your browser the next time you visit us (so-called persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data and IP address values. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. The duration of the respective cookie storage can be seen in the overview of the cookie settings of your web browser.

Partly cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 Para. 1 letter b) GDPR either for the execution of the contract, in accordance with Art. 6 Para. 1 letter a GDPR in the case of a granted consent or in accordance with Art. 6 Para. 1 letter f) GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for each browser under the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/#cookies

6) Use of customer data for direct advertising

a. Registration for the newsletter

If you register for the newsletter, your e-mail address will be used for advertising purposes, i.e. within the scope of the newsletter we will inform you in particular about products from our range. For this purpose we use Mailchimp of a newsletter dispatch platform of the US supplier Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. We need your consent to use this provider in the newsletter registration process.

For statistical purposes we can evaluate which links are clicked in the newsletter. It is not possible for us to identify which specific person clicked. You have given the following consent separately or, if applicable, explicitly during the ordering process: Subscribe to our newsletter. The e-mail addresses of our newsletter recipients, as well as their other data described in this notice, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp may use this data according to its own information to optimize or improve its own services, e.g. for technical optimization of sending and presentation of the newsletters or for economic purposes to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or pass them on to third parties. The legal basis for this processing is Art. 6 paragraph 1 a) GDPR. Your e-mail address will only be stored for the duration of the desired registration.

Right of withdrawal
You can revoke your consent at any time with effect for the future. If you no longer wish to receive the newsletter, you can unsubscribe as follows: Via an unsubscription link in the newsletter or by sending a message to the person responsible.

b. Sending the e-mail newsletter to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to send you regular offers on similar goods or services from our product range by e-mail. In accordance with § 7 paragraph 3 UWG we do not need to obtain your separate consent for this. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 Par. 1 lit. f) GDPR. If you have initially objected to the use of your e-mail address for this purpose, we will not send you an e-mail.

Right of withdrawal

You can revoke your consent at any time with effect for the future. If you no longer wish to receive the newsletter, you can unsubscribe as follows: Via an unsubscription link in the newsletter or by sending a message to the person responsible.

c. Advertising by letter post

On the basis of our justified interest in personalized direct advertising, we reserve the right to store your first and last name, your postal address and – insofar as we have received this additional information from you within the scope of the contractual relationship – your title, academic degree, year of birth and your professional, industry or business designation in accordance with Art. 6 Para. 1 letter f) GDPR and to use this information to send you interesting offers and information on our products by post.

You can object to the storage and use of your data for this purpose at any time by sending a corresponding message to the person responsible.

7) Data processing for order processing

a. Order processing

In order to process your order, we work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of contract processing, insofar as this is necessary for the delivery of the goods.

Your payment data will be passed on to the assigned credit institute within the scope of the payment processing, as far as this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b) GDPR.

b. Transfer of personal data to shipping service providers

DHL

If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany), we will pass on your e-mail address to DHL in accordance with Art. 6 Para. 1 letter a) GDPR before the goods are delivered for the purpose of coordinating a delivery date or to announce delivery, provided that you have given your express consent in the ordering process. Otherwise we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery in accordance with Art. 6 para. 1 lit. b) GDPR. This information will only be passed on if this is necessary for the delivery of goods. In this case, prior coordination of the delivery date with DHL or the delivery announcement is not possible.

The consent can be revoked at any time with future effect vis-à-vis the above-mentioned person in charge or vis-à-vis the transport service provider DHL.

DPD

If the goods are delivered by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg), we will pass on your e-mail address and your telephone number to DPD prior to delivery of the goods in accordance with Art. 6 Para. 1 letter a) GDPR for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent in the ordering process. Otherwise we will only pass on the name of the recipient and the delivery address to DPD for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b) GDPR. We will only pass this information on to you if it is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DPD or the delivery announcement is not possible.

Consent can be revoked at any time with future effect vis-à-vis the person responsible as described above or vis-à-vis the transport service provider DPD.

c. Use of payment service providers (payment services)

Paypal

In case of payment via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal, we will pass on your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) within the scope of the payment processing. The data will be passed on in accordance with Art. 6 para. 1 lit. b) GDPR and only to the extent necessary for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit assessment with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.

For further information on data protection, including the credit agencies used, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary to process your payment in accordance with the contract.

8) Web analysis services

Google (Universal) Analytics

This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google (Universal) Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website (including the abbreviated IP address) is usually transferred to a Google server and stored there, and may also be transferred to the servers of Google LLC. in the USA.

This website uses Google (Universal) Analytics exclusively with the extension “_anonymizeIp()”, which ensures anonymization of the IP address by shortening it and excludes the possibility of direct personal reference. Through the extension, your IP address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area before. Only in exceptional cases will the full IP address be transferred to a server of Google LLC.in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide us with further services related to the use of the website and the Internet. The IP address transmitted by your browser within the framework of Google (Universal) Analytics is not combined with other Google data.

All the processing described above, in particular the setting of Google Analytics cookies for reading information on the terminal device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 para. 1 letter a)V GDPR. Without this consent, the use of Google Analytics during your visit to our website will not take place.

You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie-Consent-Tool” provided on the website. You can access the cookie settings again by deleting the Borlabs cookie or all cookies in your browser. Afterwards, the settings will be requested again when you call up the website again. We have concluded a contract with Google for the use of Google Analytics, which obliges Google to protect the data of our site visitors and not to pass it on to third parties.

For the transmission of data from the EU to the USA, Google relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European data protection level in the USA.

Further information about Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=de&gl=de

9) Notes on data of special categories

Health data

The health data you provide us with – in the form of a doctor’s prescription – is strictly earmarked for a specific purpose and is collected and processed in accordance with the applicable statutory data protection regulations. Your health data will not be disclosed to third parties. Only in the case of order processing with a doctor’s prescription for medical products or medical aids will we forward your data to your health insurance company for accounting purposes. Health data is a special type of personal data that directly or indirectly allows an inference to the physical and/or mental health of a person. The health data provided by you within the scope of the order (e.g. information on the type and quantity of the ordered medical products or aids) will only be collected and processed by us for the purpose of implementing the contract.

10) Rights of the person concerned

The currently applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the person responsible for processing your personal data, about which we inform you below:

Right of information under Art. 15 GDPR the criteria for determining the storage period, the existence of a right of rectification, cancellation, restriction of processing, opposition to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees provided under Art. 46 DPA when your data is transferred to third countries;

Right to rectification according to art. 16 GDPR: You have a right to immediate correction of incorrect data concerning you and/or completion of your incomplete data stored with us;

Right of erasure in accordance with Art. 17 GDPR: You have the right to request the deletion of your personal data if the conditions of Art. 17 para. 1 GDPR are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;

Right of restriction of processing in accordance with Art. 18 GDPR: You have the right to demand that the processing of your personal data be limited as long as the accuracy of your data, which you dispute, is verified, if you refuse to have your data deleted due to unauthorized data processing and demand instead that the processing of your data be limited, if you require your data for the assertion, exercise or defense of legal claims, after we no longer require these data after the purpose has been achieved, or if you have lodged an objection for reasons relating to your particular situation, as long as it is not yet clear whether our justified reasons outweigh the objection;

Right to notification according to Art. 19 GDPR: If you have asserted the right to rectification, erasure or limitation of processing vis-à-vis the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

Right to data portability according to art. 20 GDPR: you have the right to receive your personal data, which you have provided us with, in a structured, common and machine-readable format or to request the transfer to another person in charge, as far as this is technically feasible;

Right to revoke the consent given under data protection law consent granted in accordance with Art. 7 para. 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation;

Right to lodge a complaint with a supervisory authority according to Art. 77 GDPR: If you believe that the processing of personal data relating to you is in breach of the DPA, you have the right – without prejudice to any other administrative or judicial remedy – to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged breach occurs.

This is the supervisory authority responsible for us:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach

Please also note your right of objection under Article 21 GDPR:

a) In general: reasoned objection required
If the processing of personal data concerning you takes place in order
– to perform our overriding legitimate interest (legal basis: Article 6 (1f) GDPR)
or
– to safeguard the public interest (legal basis: Article 6 (1e) GDPR),
you are entitled to object to the processing at any time for reasons arising from your particular situation; this also applies to profiling based on the provisions of the GDPR.

In the event of objection, we will no longer process the personal data concerning you unless we can prove compelling grounds for processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims;

b) Special case of direct marketing: simple objection is sufficient
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing and without stating reasons; this includes profiling to the extent that it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

11) Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if relevant – additionally by the respective legal retention period (e.g. retention periods under commercial and tax law).

When personal data is processed on the basis of an explicit consent pursuant to Art. 6 para. 1 letter a) GDPR, this data is stored until the person concerned revokes his or her consent.

If there are legal retention periods for data which are processed within the scope of legal or similar obligations on the basis of Art. 6 Para. 1 letter b) GDPR, these data are routinely deleted after expiry of the retention periods, provided that they are no longer required for the performance of the contract or the initiation of the contract and/or we have no justified interest in their further storage.