Li-iL GmbH Arzneimittel Arzneibäder, Leipziger Straße 300, 01139 Dresden Germany, Telephone +49-(0) 351-894120, Fax +49-(0) 351-8941226, e-mail: firstname.lastname@example.org.
You can reach our data protection officer, Johann Mellem, at +49-(0) 351 / 8941235, email@example.com or via our mailing address with the affix “The data protection officer”.
1. Domain of applicability and legal framework
(1) This privacy statement informs you about the nature, scope and purpose of the processing of personal data within our website, the websites linked to it, functions and content.
(2) With respect to the terms used such as “personal data” or its “processing”, we refer to the definitions from Art. 4 of the General Data Protection Regulation (DS-GVO).
(3) The term “user” refers to all categories of persons affected by data processing. They include our business partners, customers, interested parties and other visitors of our website.
(4) The personal data of the users processed in connection with this website includes
- master data (e.g. customer names and addresses),
- contact data (e.g. e-mail address, telephone number),
- contractual data (e.g. services used or products purchased, payment information),
- usage data (e.g. the web pages of our website that were visited, interest in our services and products),
- content data (e.g. entries in the contact form, comments) as well as
- technical data (e.g. IP addresses, device information)
(5) The personal data of users is processed particularly for the following purposes:
- provision of the website, its content and functions,
- provision of our contractual services,
- customer care,
- responding to contact requests and communicating with users,
- marketing as well as
- security of the website
(6) We only process the personal data of the users in compliance with applicable data protection provisions. This means that the data of the users is only processed if legal permission is in place. This is particularly the case if the data processing is necessary or required by law for the fulfillment of our contractual services (e.g. for processing contracts and orders) as well as our online services, the consent of the users is at hand or occurs on the basis of our legitimate interests. The analysis, optimization, security and cost-effective operation of our website are deemed legitimate interests.
(7) Please note that the legal basis for consent is Art. 6 para. 1 p. 1 lit. a) and Art. 7 DS-GVO, the legal basis for processing for the fulfillment of our services and the implementation of contractual measures is Art. 6 para. 1 p. 1 lit. b) DS-GVO, the legal basis for processing for the fulfillment of our legal obligations is Art. 6 para. 1 p. 1 lit. c) DS-GVO and the legal basis for processing to uphold our legitimate interests is Art. 6 para. 1 p. 1 lit. f) DS-GVO.
2. Security measures
(1) To ensure an appropriate level of protection with respect to a risk, we take suitable technical and organizational measures as prescribed by Art. 32 DSGVO and taking into account the state of the art, the costs of implementation, nature, scope, circumstances, purposes of processing, the varying probability of occurrence and the severity of the respective risk to the rights and freedoms of natural persons. Thus, the data we process shall be protected in particular against accidental or intentional manipulation, loss, deletion or against unauthorized access by third parties. The security measures also include the encrypted transfer of data between your browser and our server.
(2) Furthermore, we have implemented procedures to ensure that the rights of affected parties are exercised, the deletion of data occurs and the endangerment of data is duly responded to.
3. Forwarding of data to third parties and third-party providers
(1) To the extent we disclose data to other persons and companies (contract processors or third parties), transfer it to said parties or otherwise grant them access to the data, this shall only occur on the basis of legal permission. This applies e.g. with respect to the transfer of data in accordance with Art. 6 para. 1 p. 1 lit. b) DS-GVO to third parties if this is necessary for contractual fulfillment (e.g. for the purpose of shipping the goods or settling the payment of the purchase price) if you have consented to this, it is required by a legal obligation or on the basis of our legitimate interests (e.g. through the use of agents, web hosters etc.). Depending on which payment service provider you select during the order process, we forward the payment data collected for this purpose to the credit institute commissioned with the payment for the settling of payments and, if applicable, to the payment service provider we have commissioned. In some cases, the selected payment service providers also collect this information themselves if you create or have created an account with them. In this case, you must use your login data to log in to the payment service provider during the ordering process. The privacy statement of the respective payment service provider shall apply in this respect.
(2) To the extent we process data in a third country (that is, outside of the European Union or the European Economic Area) or this occurs through the use of services of third parties or the disclosure or transfer of data to third parties, this shall only occur if the special conditions of Art. 44 et seqq. DS-GVO are at hand. That is, processing shall occur e.g. on the basis of special guarantees such as the officially recognized assessment of a data protection level corresponding to that of the EU (e.g. the “Privacy Shield” in the USA) or through compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
(3) To the extent we engage third parties with the processing of data on the basis of a so-called “data processing contract”, this shall occur on the basis of Art. 28 DS-GVO.
4. Collection of access data and log files
(1) On the basis of our legitimate interests in the sense of Art. 6 para. 1 lit. f) DS-GVO, we collect data every time the server containing this service is accessed (so-called server log files). This data is technically required in order to display the respective website to you as well as to ensure stability and security. The access data includes the IP address of the requesting computer, data and time of access, name and URL of the file accessed, website from which access is occurring (referrer URL), the browser used and, if applicable, the operating system of the user’s computer as well as the name of the requesting access provider.
(2) The log file information is generated in anonymized form and saved in order to analyze system security and stability as well as for security reasons (e.g. to clarify any acts of misuse or fraud) for no more than seven days (the IP address is only saved for one day), after which time it is deleted. Data whose storage is necessary for the purpose of evidence is excluded from deletion until the respective incident has been fully investigated.
5. Provision of contractual services
(1) We process master, contact, contractual data and content-related data in order to fulfill our contractual obligations and render services in accordance with Art. 6 para. 1 p. 1 lit. b) DS-GVO. The entries marked as required on the online forms are necessary for the conclusion of the contract.
(2) Users also have the option of opening a user account where they can, among other things, view their orders. During the registration process, the users will be notified of the required mandatory information. If users cancel their user account (via e-mail to firstname.lastname@example.org or email@example.com), their data relating to the user account is deleted within one week to the extent further storage is not required for legal reasons, particularly with respect to reasons arising out of commercial or tax law as per Art. 6 para. 1 p. 1 lit. c) DS-GVO.
(3) The IP address of the user and the time of the order will be saved in connection with orders. It will be saved on the basis of our legitimate interests as well as those of the users to protection against misuse and other unauthorized use of their data. As a general rule, this data will not be forwarded to third parties unless it is required in pursuance of our claims or there is a legal obligation in this respect in accordance with Art. 6 para. 1 p. 1 lit. c) DS-GVO. The data saved will be deleted again after 7 days. Data whose storage is necessary for the purpose of evidence is excluded from deletion until the respective incident has been fully investigated.
(4) The data will be deleted for the provision of contractual services after the statutory warranty and comparable obligations have expired. In the event of statutory archiving obligations, deletion will occur after they have expired (end of the retention obligation under commercial law (6 years) and under tax law (10 years)). The data in the customer account will be retained until it is deleted.
When contacting us (using the contact form, via the request form in regards to our products or via e-mail), the data of the user (your e-mail address, your name and, if applicable, your telephone number) will be processed in order to process the contact request and finalize it in accordance with Art. 6 para. 1 p. 1 lit. b) DS-GVO.
7. Product ratings and comments
You can submit ratings of our products in our website and write comments in response to blog entries (posts). Your post will be published for the respective product or blog entry with the name you provide. We recommend using a pseudonym instead of your actual name when providing a name. We also collect your e-mail address. We require it in order to contact you if a third party claims your post is in breach of the law. The corresponding legal bases are Art. 6 para. 1 p. 1 lit. b) and f) DS-GVO. Your posts will be evaluated before they are published. We reserve the right to delete posts, e.g. if third parties claim that they are in breach of the law.
(1) With the notes below, we are informing you in regards to the content of our newsletter, the registration and forwarding procedures as well as your rights of objection. By subscribing to our newsletter, you declare your consent to the receipt and the described procedures.
(2) We will only send e-mail newsletters containing promotional information with the consent of the recipients or legal permission. Our newsletters contain information about our products and services, promotions and our company.
(3) Subscribing to our newsletter occurs on the basis of a so-called double opt-in procedure. This means you are sent an e-mail following registration asking you to confirm your registration. This confirmation is required to ensure that no one is able to register using third-party e-mail addresses. The registrations for the newsletter are logged in order to be able to verify the registration process in accordance with legal requirements. This includes saving the time of registration and confirmation as well as the IP address. The purpose of the process is to verify your registration and, if applicable, to clarify any misuse of your personal data. This occurs on the basis of Art. 6 para. 1 p. 1 lit. f) DS-GVO.
(4) In order to register for the newsletter, it is sufficient if you specify your e-mail address. Optionally, you can provide further information, in particular your name for a personal greeting in the newsletter.
(5) Our newsletters contain a so-called “web-beacon”, that is, a pixel-sized file, which is retrieved by our server when the newsletter is opened. During the retrieval, initially technical information such as information concerning your browser and your system as well as your IP address and time of the retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their locations of retrieval (which can be determined using the IP address) or the access times. The statistical data collected also includes the assessment as to whether the newsletters are opened, when they are opened and which links are clicked. Although this information can be associated with individual newsletter recipients for technical reasons, it is not our goal to observe individual users. Rather, the analyses help us to assess the reading habits of our users and adapt our content to them or send different content corresponding to the interests of our users.
(5) The forwarding of the newsletter and the measurement of success occur on the basis of the consent of the recipients in accordance with Art. 6 para. 1 p. 1 lit. a), Art. 7 DS-GVO in conjunction with Section 7 para. 2 no. 3 UWG (Unfair Competition Act).
(6) You can revoke your consent to receive our newsletter at any time. You can find a link for exercising your right of revocation at the end of each newsletter. If the users only registered for the newsletter and have canceled this registration, their personal data will be deleted.
(1) We use cookie technology for our website. Cookies are small text files, which are mapped and saved on your device by the browser you use and which provide certain information to the party, which creates the cookie (in this case, us). Cookies are not able to execute programs or transfer viruses to your computer. They serve to make the website more user-friendly and effective overall.
(2) We use transient and persistent cookies. Transient cookies are automatically deleted when you close the browser. They include, in particular, the session cookies. They save a so-called session ID, which enables the allocation of various requests from your browser to the joint session. This makes it possible to recognize your device when you return to our website. The session cookies are deleted when you log out or close your browser. Persistent cookies are saved on your device between browser sessions so that your interests or actions can be saved across multiple websites. Persistent cookies are automatically deleted after a prescribed period of time. We do not use our own persistent cookies. However, this happens in connection with the tools used for measuring reach and for marketing purposes; users are specifically informed in this regard in this privacy statement, see points 10–12 below. We also use a cookie to save the user’s decision whether to confirm the cookie banner. However, said cookie is not deleted unless the user requests this.
(3) You can delete cookies at any time in your browser’s security settings. You can also configure your browser setting according to your wishes and e.g. refuse to accept cookies from third-party providers or all cookies. Please note that you may not be able to use all functions of our website in this case.
10. Google Analytics
(2) Google will use this information on our behalf to analyze the use of our website by users in order to generate reports on activities within this website and render further services to us associated with the use of this website and the use of the Internet. In the process, the processed data can be used to create pseudonymized use profiles for the users.
(3) We use Google Analytics in order to only display the ads placed within the advertising services of Google and its partners to users, who have shown an interest in our website or who have certain characteristics (e.g. interests in certain topics or products, which are determined based on the web pages they visited), which we transfer to Google (so-called “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we would also like to ensure that our ads cater to the potential interest of users.
(4) We only use Google Analytics with IP anonymization enabled. This means that the IP address of users is shortened by Google within the member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
(5) The IP address transferred by the browser of the user is not combined with other Google data. Users can prevent cookies from being saved by configuring their browser software accordingly; the users can also prevent the collection of the data generated by the cookie and related to their use of the website that is passed on to Google as well as the processing of this data by Google by downloading and installing the Browser plug-in provided under the following link:
(6) More information about data usage by Google, possibilities for configuration and objection is available on Google’s web pages: https://www.google.com/intl/de/policies/privacy/partners (“Data usage by Google when you use websites or apps of our partners”), https://policies.google.com/technologies/ads (“Data usage for promotional purposes”), https://adssettings.google.com/authenticated (“Managing information, which Google uses to display advertising”).
11. Google marketing services
(1) On the basis of our legitimate interests (that is, our interest in the analysis, optimization and cost-efficient operation of our website in the sense of Art. 6 para. 1 p. 1 lit. f) DS-GVO), we use the marketing and remarketing services (in short: “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google is certified under the Privacy Shield Agreement and as a result, guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
(2) Google’s marketing services allow us to display ads for and on our website in a targeted manner so that ads are only displayed to users with a potential interest. If a user is shown e.g. ads for products, which they are interested in on other websites, this is referred to as “remarketing”. For these purposes, a code is executed directly by Google when accessing our website and other websites where Google marketing services are active and so-called (re)marketing tags (invisible graphics or a code, also referred to as “web beacons”) are integrated in the website. With their help, an individual cookie (a small file) is saved on the device of users (comparable technologies may be used instead of a cookie). The cookies can be generated by different domains, among others, by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file contains a record of which websites users visited, the content they showed interest in, which offers they clicked and furthermore technical information relating to the browser and operating system, linking websites, duration of visit as well as other information about the use of the website. The IP address of the users is also recorded. In this respect, we declare in connection with Google Analytics that the IP address is shortened within the member states of the European Union or in other states party to the Agreement on the European Economic Area and, only in exceptional cases, transferred to a Google server in the USA and shortened there. The IP address is not combined with data of the user within the scope of other Google offers. Google can also combine the above information with information from other sources. If users subsequently visit other websites, ads tailored to their interests may be displayed.
(3) The data of the users will be processed in pseudonymized form in connection with Google marketing services. That is, Google will not save or process the name or e-mail address of the users; instead it only processes the relevant data with respect to individual cookies on the basis of pseudonymized user profiles. This means, from Google’s perspective, the ads are not managed and displayed for a person, who has been specifically identified, but for the cookie holder regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without pseudonymization. The information collected by Google marketing services about users is transferred to Google and saved on Google’s servers in the USA.
(4) The Google marketing services we use include, among other things, the online advertising program “Google AdWords”. With Google AdWords, every AdWords customer receives a different “conversion cookie”. As a result, cookies cannot be traced via the websites of AdWords customers. The information retrieved with the help of the cookie serves to generate conversion statistics for AdWords customers, who have opted in favor of conversion tracking. The AdWords customers are informed of the total number of users, who clicked their ad and were forwarded to a page provided with a conversion tracking tag. However, they do not receive any information that can be used to identify users personally.
(6) Furthermore, we can use the “Google Tag Manager” to integrate and manage Google analytical and marketing services in our website.
(7) For further information about the use of data by Google for marketing purposes, you can visit the overview page: https://policies.google.com/technologies/ads, the privacy statement of Google is available at https://policies.google.com/privacy.
(8) If you would like to object to interest-based advertising by Google marketing services, you can use the configuration and opt-out possibilities provided by Google: https://adssettings.google.com/authenticated.
12. Microsoft Advertising
We use Microsoft Advertising on our website, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Via the Microsoft Advertising service of Microsoft Corporation, we use Universal Event Tracking (UET) on our website. This involves Microsoft Bing Ads storing a cookie on your computer if you have accessed our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognize that someone has clicked on an ad, been redirected to our website and reached a previously determined target page (conversion page).
We thereby obtain non-personal data (time spent on the website, areas of the website accessed, ad from which the user reached the website). Information about your identity is not collected. The cookie itself has limited validity and is also not used for personal identification.
In the case of Microsoft services, the transfer of data to the USA cannot be ruled out. The collection of data for advertising purposes is a legitimate interest on our part and has its legal basis in Art. 6 (1) p. 1 lit. f DS-GVO. You can find more information about Microsoft Advertising at: https://privacy.microsoft.com/de-de/privacystatement
13. Facebook marketing services
(1) The so-called “Facebook Pixel” from the Facebook social network, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is used within our website on the basis of our legitimate interests in the analysis, optimization and cost-efficient operation of our website. Facebook is certified under the Privacy Shield Agreement and as a result, guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
(2) The Facebook pixel allows Facebook, amongst other things, to identify the visitors to our website as a target group for the display of ads (so-called “Facebook ads”). Accordingly, we use the Facebook pixel in order to only display the Facebook ads we placed to users, who have shown an interest in our website or who have certain characteristics (e.g. interests in certain topics or products, which are determined based on the web pages they visited), which we transfer to Facebook (so-called “custom audiences”). With the help of the Facebook pixel, we would also like to ensure that our Facebook ads cater to the potential interest of users and are not a nuisance. With the Facebook pixel, we are also able to understand the effectiveness of Facebook ads for statistical purposes and for the purpose of market research as we see whether a user was forwarded to our website by clicking on a Facebook ad (so-called “conversion”).
(3) Data is processed by Facebook in connection with Facebook’s data policy. The data policy of Facebook in turn contains general notes on the display of Facebook ads: https://www.facebook.com/policy.php. You can find special information and details about the Facebook pixel and how it works in the Facebook help section: https://www.facebook.com/business/help/651294705016616.
(4) You can object to the collection of your data by the Facebook pixel and to the use of your data for the display of Facebook ads. To configure which types of ads are shown to you within Facebook, you can access the corresponding page created by Faebook and follow the notes on the settings for usage-based advertising provided there: https://www.facebook.com/settings?tab=ads. The settings are made independently from the platform, that is, they are adopted for all devices such as desktop computers or mobile devices.
14. Facebook plug-ins
(1) On the basis of our legitimate interests (that is, our interest in the analysis, optimization and cost-efficient operation of our website in the sense of Art. 6 para. 1 p. 1 lit. f. DS-GVO), we use social plug-ins (“plug-ins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plug-ins may represent interaction elements or content (e.g. videos, graphics or text posts) and can be recognized by one of the Facebook logos (white “f” in a blue box, the terms “Like” or a “Thumbs up” icon) or are marked with the “Facebook Social Plugin” affix. Facebook is certified under the Privacy Shield Agreement and as a result, guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
(2) If a user accesses a function of this website, which contains such a plug-in, his device will establish a direct connection to the servers of Facebook. Facebook will transfer the content of the plug-ins directly to the user’s device and integrate it in the website. In the process, the processed data can be used to create use profiles for the users. We therefore have no influence on the scope of data that Facebook collects using this plug-in and therefore inform the users according to our level of knowledge.
(3) Through the integration of the plug-ins, Facebook is informed that a user has accessed a corresponding page of the website. If the user is logged onto Facebook, Facebook can attribute the visit to the corresponding Facebook account. If users interact with the plug-ins, for example, if they push or click the Like button or submit a comment, your device will forward the corresponding information directly to Facebook where it is saved. If a user is not a member of Facebook, there is nonetheless the possibility that Facebook determines and saves their IP address. According to information provided by Facebook, IP addresses are only saved in anonymized form.
15. Integration of third-party services and content
(1) On the basis of our legitimate interests (that is, our interest in the analysis, optimization and cost-efficient operation of our website in the sense of Art. 6 para. 1 p. 1 lit. f) DS-GVO), we use content or service offers of third-party providers in order to integrate their content and services, e.g. videos or fonts (hereinafter jointly referred to as “content”). This always assumes that the third-party providers of this content recognize the IP address of the users as they could not send the content to their browser without the IP address. The IP address is therefore required for displaying this content. We are committed to only using content whose respective provider only uses the IP address to deliver the content. Furthermore, third-party providers can use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. With the “pixel tags”, information such as visitor traffic can be analyzed on the pages of this website. The pseudonymized information can furthermore be saved in cookies on the device of the users and, among other things, contain technical information concerning the browser and operating system, linking websites, duration of visit and other information about the use of our website and they can be linked with such information from other sources.
(2) The following rendition offers an overview of third-party providers and their content including links to their privacy statements, which contain further notes on the processing of data and, in some cases, possibilities for objection (so-called opt-out possibilities):
16. Your rights
(1) Users have the right to, at their request and at no charge, receive information regarding their personal data that we process.
(2) Furthermore, users have the right to the correction of incorrect data, the restriction of processing and deletion of their personal data and, to the extent applicable, the right to data portability and, if it is suspected that data is processed unlawfully, the right to complain to the competent regulatory authority.
(3) Likewise, users can revoke their consent with effect for the future.
17. Deletion of data
(1) The data saved at our location is deleted as soon as it is no longer required for the respective purpose and no legal retention requirements prevent its deletion. To the extent user data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies e.g. in particular to the data of users, which must be kept for reasons relating to commercial or tax law.
(2) In accordance with legal provisions, data will be kept for 6 years pursuant to Section 257 para. 1 of the German Commercial Code (e.g. for commercial and business correspondence) and for 10 years pursuant to Section 147 para. 1 of the German Fiscal Code (e.g. for books of account and accounting records).
18. Right of objection
Users can at any time object to the future processing of their personal data in accordance with legal provisions. In particular, processing for purposes of direct advertising may be objected to.
19. Provision of personal data
We wish to inform you that the provision of personal data is in some cases prescribed by law (e.g. on the basis of tax regulations) or may result on the basis of contractual provisions (e.g. information regarding a contractual partner). In order to conclude a contract, a data subject must provide us with personal data that we must in turn process. There is no obligation to do so. However, failure to provide personal data would of course lead the contract to not be concluded with the user.
20. Automated decision making
Automated decision making or profiling in accordance with Art. 22 DS-GVO [General Data Protection Regulation] does not occur with us.
21. Changes to the privacy statement
The users are requested to inform themselves regarding the content of our privacy statement on a regular basis. We will amend our privacy statement as soon as this is required as the result of changes to the data processing we perform or to legal provisions. We will inform you immediately as soon as changes require cooperation on your part (e.g. consent) or any other individual notification.