I. General information
Contact details of the person responsible
Pharmaceutical Care Network Europe
Professional secretariat
Prof. Kurt E. Hersberger
Holbeinstraße 33
CH-4051 Basel (Switzerland)
info@pcne.org
II. Specific information on the collection of personal data
1. Visiting the website
a) Purpose of data collection and processing
Each time a user accesses a page of our website and each time a file stored on the website is accessed, access data about this process is stored in a log file. Each data record consists of:
(1) the page from which the file was requested,
(2) the name of the file
(3) the date and time of the request,
(4) the amount of data transferred,
(5) the access status (file transferred, file not found, etc.),
(6) a description of the type of operating system and web browser used,
(7) the client IP address.
The client IP address is used for the purpose of transmitting the requested data; it is anonymised by deleting the last block of digits (Ipv4) or the last octet (Ipv6) once the technical requirement no longer applies.
b) Duration of storage
The data is stored each time a user accesses a page on our website and each time our website is accessed and is deleted as soon as it is no longer required for the purpose for which it was collected, which is the case when the visitor leaves our website.
c) Legal basis
The temporary storage of the aforementioned data takes place on the legal basis of Art. 6 para. 1 lit. f EU General Data Protection Regulation (hereinafter ‘GDPR’). The legitimate interest lies in the provision of our website.
d) Possibility of objection and removal
The data subject can object to the processing.
2. execution of the contract
a) Purpose of data collection and processing
Name, address(es), bank details, e-mail address, telephone or fax number, client IP address at the time of submitting a contractual declaration are collected, stored and processed solely for the purpose of establishing or executing the contract, which includes in particular the billing and processing of the contract.
The personal data will only be passed on to third parties if this is necessary for the purpose of contract fulfilment, for example when commissioning a shipping company or using a payment service provider.
b) Duration of storage
The data is deleted as soon as it is no longer required for the purposes for which it was collected or otherwise processed. This period is five years for personal data subject to Section 147 AO and ten years for personal data subject to Section 257 HGB. The periods begin at the end of the calendar year in which the data was collected.
c) Legal basis
The aforementioned data is stored on the legal basis of Art. 6 para. 1 lit. b and lit. c GDPR.
d) Possibility of objection and removal
As there are legally standardised retention periods and the data must remain stored and processed for the performance of the contract, objection or deletion is not possible
3. e-mail, fax or telephone contact
a) Purpose of data collection and use
A user can contact us by e-mail (also by contact form), fax or telephone. We store the data transmitted to us and provided by the person concerned in order to process the enquiry. These data are name, address, e-mail address, telephone and/or fax number, date and time of the enquiry and the description of the request and, if applicable, contract data if the enquiry is made in the context of entering into or processing a contract. The data will not be passed on to third parties. They are used to process the data subject’s contact enquiry.
b) Duration of storage
As soon as the data is no longer required to fulfil the purpose, it will be deleted, which is the case when the conversation has been conclusively concluded and the matter has been clarified and there are no contractual or tax retention periods to the contrary. This period is five years for personal data subject to Section 147 AO and ten years for personal data subject to Section 257 HGB. The periods begin at the end of the calendar year in which the data was collected.
c) Legal basis
The storage of the aforementioned data takes place on the legal basis of Art. 6 para. 1 lit. a GDPR only after prior consent in the context of the enquiry, according to Art. 6 para. 1 lit. b GDPR in the context of a contract initiation or fulfilment or according to Art. 6 para. 1 lit. f GDPR. The legitimate interest of the controller is to be able to process the contact enquiry and prevent misuse of the contact enquiry. The withdrawal of consent, which is possible at any time, does not affect the lawfulness of the processing of personal data based on consent before its withdrawal.
d) Possibility of objection and removal
The data subject has the option to withdraw their consent to data processing at any time and to object to storage. The data stored for this process will then be deleted. If a contract has been concluded, the above under point II.2. applies.
4. Cookies
a) Purpose of data processing
In order to technically enable the visit to our website, we transmit so-called cookies to the end device of the data subject. Cookies are small text files that can be used to identify the data subject’s end device, usually by recording the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier. By storing the cookie on the end device used – without interfering with the operating system – it is recognised again and enables us to make any default settings immediately available. We use this information to customise our website and the services offered to your needs and to speed up your visit to our website.
The personal data is passed on to third-party providers to analyse the use of our website, insofar as this is necessary for the purposes of the analysis. If cookies are used for tracking purposes, we will inform you about this separately in this privacy policy.
b) Duration of storage
The storage duration of the various cookies varies, but is a maximum of two years. They are stored on your local end device, not on our server, which is why the actual deletion period depends on how your browser software is configured. Please refer to the operating instructions of your browser software to find out how you can delete cookies set by us on an ad hoc or automatic basis.
c) Legal basis
Strictly necessary cookies are based on the legal basis of Art. 6 para. 1 lit. f GDPR to enable you to visit our website; in particular, some functions on our website cannot be used without cookies, as otherwise the user and the settings already made would not be recognised when changing pages, language settings would be lost and searches could not be carried out.
The use of non-essential cookies (such as marketing, statistics or third-party cookies) is based on consent given via the cookie banner on our website and on the legal basis of Art. 6 para. 1 lit a. GDPR and for the transfer of data to third countries on Art. 49 para. 1 sentence 1 lit. a GDPR.
d) Prevention option
The data subject can block the use of cookies on the end device used or delete them after use. However, individual functions of our website may then not be usable. How cookies can be blocked and cookies already stored can be deleted can be found in the instructions for the browser software.
5. Google Maps
a) Purpose of data processing
We use the Google Maps map service from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
When you access the map service by clicking on ‘Activate map’, Google’s web server automatically saves your IP address, location data, a description of the type of operating system, web browser and end device used, the date and time of the pages accessed and the page from which the file was requested. The data is used to provide the map service on our website.
For details, please refer to Google’s privacy policy at the following Internet address: https://policies.google.com/privacy
b) Duration of storage
This access data is not analysed by us and is automatically overwritten no later than seven days after the end of your visit to the site. According to its own information, Google stores the data for 6 – 24 months.
c) Legal basis
The processing is carried out on the legal basis of Art. 6 para. 1 lit. a GDPR only with prior consent.
d) Prevention option
The data subject can block the use of cookies on the end device used or delete them after use. How cookies can be blocked and cookies already stored can be deleted can be found in the instructions for the browser software.
6. YouTube using a 2-click plugin
a) Purpose of data processing
We use the YouTube embedding function to display and play videos from the provider ‘YouTube’, YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, which is represented by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
When a page with a YouTube video is called up, initially only a still image stored on our server is displayed. As soon as the user clicks on this image, a connection to the YouTube servers is established – similar to a link – which is assigned to the user’s personal profile and communicates the pages visited on the website if the user is logged in with their YouTube account. The link can be prevented by logging out of the YouTube account before clicking on the link.
You can find an opt-out function at https://adssettings.google.com/authenticated.
You can find more information about YouTube and Google’s privacy policy at the following Internet addresses:
https://policies.google.com/technologies/ads?hl=de
https://policies.google.com/privacy
b) Duration of storage
Information on data protection and the storage of personal data on ‘YouTube’ can be found in the provider’s privacy policy at https://www.google.de/intl/de/policies/privacy
c) Legal basis
The processing is carried out on the legal basis of Art. 6 para. 1 lit. a GDPR only with prior consent.
d) Prevention option
The data subject can block the use of cookies in the end device used or delete them after use. However, individual functions of the website may then not be usable. How cookies can be blocked and cookies already stored can be deleted can be found in the instructions for the browser software.
7. WordFence Security
a) Purpose of the data processing
We use the ‘Wordfence Security’ service, which is operated by Defiant Inc, 800 5th Ave, Suite 4100, Seattle, WA 98104, USA, to secure our online offering. The website uses the plug-in to protect against viruses and malware and to defend against attacks by computer criminals. The plugin uses cookies to recognise whether the visitor is a human or a robot. IP addresses are stored on the Wordfence servers to protect against brute force and DDoS attacks or comment spam. IP addresses classified as harmless are placed on a white list.
b) Legal basis
The use is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR. Wordfence Security secures our website and thus protects visitors to the website from viruses and malware. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The Live Traffic View option (real-time live traffic) of the plugin is switched off as it is not mandatory. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.wordfence.com/help/general-data-protection-regulation/.
Further information on the collection and use of data by Wordfence Security can be found in Defiant’s privacy policy: https://www.wordfence.com/privacy-policy/.
c) Possibility of prevention
The data subject can block the use of cookies in the end device used or delete them after use. However, individual functions of our website may then not be usable. How cookies can be blocked and cookies already stored can be deleted can be found in the instructions for the browser software.
8. Borlabs
a) Purpose of the data processing
This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consent. For this purpose, we use a tool from a third-party provider Borlabs GmbH, Rübenkamp 32 22305 Hamburg.
You can find more information about Borlabs’ privacy policy at the following Internet address
https://de.borlabs.io/datenschutz/.
The borlabs cookie stores the consent you gave when you entered the website. If you wish to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked for your cookie consent again. The following information is stored in the borlabs-cookie cookie: cookie duration, cookie version, domain and path of the WordPress website, consent, UID. The UID is an ID that is randomly generated after consent is given in the cookie box and stored in the borlabs cookie. If the Essential cookies cookie group is selected, no UID is generated. If other cookie groups are selected, a UID is generated.
III. rights of the data subject
If ‘personal data’ is processed by the user on our website, the data subject (data subject) has the following rights vis-à-vis the controller in accordance with the GDPR.
1. right to information in accordance with Art. 15 GDPR
The data subject has the right to the following information
a) the purposes of the processing;
b) the categories of personal data being processed
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
f) the existence of a right to lodge a complaint with a supervisory authority
g) where the personal data are not collected from the data subject, any available information as to their source
h) the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
i) if personal data are transferred to a third country or to an international organisation, the data subject has the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
We will provide the data subject with a copy of the personal data that is the subject of the processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs.
2. right to rectification pursuant to Art. 16 GDPR
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
3. right to erasure pursuant to Art. 17 GDPR
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies
(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing
c) the data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR;
d) the personal data have been processed unlawfully;
e) the erasure of personal data is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
4. right to restriction of processing pursuant to Art. 18 GDPR
The data subject has the right to obtain from the controller restriction of processing where one of the following applies
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
d) the data subject has objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
5. right to information in accordance with Art. 19 GDPR
If the data subject has requested the controller to rectify their personal data in accordance with Art. 16 GDPR, erasure in accordance with Art. 17 (1) GDPR or restriction of processing in accordance with Art. 18 GDPR, and if the controller has informed all recipients to whom the data subject’s personal data has been disclosed of the data subject’s request (unless this was impossible or would involve disproportionate effort), the data subject has the right to be informed of the recipients by the controller.
6. right to data portability Art. 20 GDPR
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where
a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
b) the processing is carried out by automated means. This must not adversely affect the rights and freedoms of other persons. When exercising the right to data portability in accordance with paragraph 1, the data subject has the right to obtain that the personal data be transferred directly by us to another controller, insofar as this is technically feasible. The exercise of the right to data portability does not affect the right to erasure pursuant to Art. 17 GDPR. The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object pursuant to Art. 21 GDPR
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes. Consent given by the data subject can be revoked at any time. However, the collection and processing carried out up to this point in time remains lawful.
8. automated decisions in individual cases incl. profiling according to Art. 22 GDPR
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This does not apply if the decision
a) is necessary for the conclusion or fulfilment of a contract between the data subject and us
b) is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
c) is made with the express consent of the data subject.
These decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as the legitimate interests of the data subject.
In the cases referred to in points a) and c), we shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express his or her point of view and to contest the decision.
9. right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
10. right to an effective judicial remedy pursuant to Art. 79 GDPR
Without prejudice to any available administrative or extrajudicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, every data subject shall have the right to an effective judicial remedy if he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.
The courts of the Member State in which we or the processor have an establishment shall have jurisdiction for actions against us or against a processor. Alternatively, such actions may also be brought before the courts of the Member State in which the data subject is domiciled, unless we or the processor is a public authority of a Member State acting in the exercise of its public powers.
Imprint provided by
Law firm for media, IT & advertising
Are you looking for an external data protection officer?
Our specialist and partner:
