Privacy Policy MEDICE Ibérica

Last update: 25.07.2025

Orientation guide

MEDICE Ibérica attaches great importance to the protection of your personal data.

With the following information we would like to give you an overview of the processing of your personal data on our website and by MEDICE Ibérica.

An overview of the individual chapters for better orientation can be found here:

  1. Preamble - Here you will find a brief overview of the content of the website and the data protection topics.

  2. Contact - How can you get in touch with us quickly and easily?

  3. Data processing and storage - Which of your data is stored and processed, how, for what purpose, where, by whom and for how long?

  4. Legal basis - On what legal basis do we process your data?

  5. Data transfer - Under what circumstances do we transfer your data to third parties?

  6. Data security - What do we do to protect your data in the best possible way?

  7. Your rights - Here you will find an overview of all your rights as a data subject.

1. preamble

When using this website, personal data may be processed. The data protection term "personal data" refers to all information that relates to an identified or identifiable person. The IP address can also be personal data. An IP address is assigned to every device connected to the internet by the internet provider so that it can send and receive data. When you use the website, we collect information that you provide yourself. We also automatically collect certain information about your use of the website during your visit to the website.

As a company, we process personal data that we receive from our interested parties (including visitors to our website), applicants, patients, customers, suppliers or service providers as part of our business relationships. In addition, we process personal data that we have legitimately received from other third parties (e.g. authorities, cooperation partners, contractors; e.g. for the execution of orders, for the fulfilment of contracts, for legal obligations or based on consent given by you). Furthermore, we process personal data that we have legitimately obtained from publicly accessible sources (e.g. public registers, media, internet) and are permitted to process.

If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.

As the controller, we have implemented numerous technical and organizational measures to ensure that the personal data processed is protected as completely as possible.

2. contact

Controller within the meaning of. Art. 4 (7) of the EU General Data Protection Regulation (hereinafter "GDPR"), Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (hereinafter "LOPDGDD") and other data protection regulations is the:

MEDICE IBÉRICA, S.L.

C/Muntaner 179, 3º1ª

08036 - Barcelona

Spain

Phone: +34 936 41 55 11

E-Mail: privacy-spain[at]medice.com

Persons authorized to represent the company:

Dr. Richard Ammer

Internal data protection officer:

If you have any questions about our data protection measures, the processing of your data or the protection of your rights as a data subject, please contact our data protection team as follows:

MEDICE Arzneimittel Pütter GmbH & Co. KG

Data protection

Kuhloweg 37

58638 Iserlohn

Phone: +49 (0)2371 937

E-mail: datenschutz[at]medice.de

For confidential matters relating to data protection, you can contact our data protection officer directly at: dsb[at]medice.de

3. data processing and storage

The following personal data may be collected and processed when you visit our website and contact MEDICE Ibérica:

3.1 Technology

When using our website for information purposes only, we only collect data that is technically necessary for the provision of the service. This is regularly data that your browser transmits to our server ("in so-called server log files"). Our website collects a range of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server log files. The following can be recorded:

  1. Browser types and versions used,

  2. the operating system used by the accessing system,

  3. the website from which an accessing system reaches our website (so-called referrer),

  4. the sub-websites that are accessed via an accessing system on our website,

  5. the date and time of access to the website,

  6. a shortened Internet Protocol address (anonymized IP address) and,

  7. the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. Rather, this information is required in order to:

  1. deliver the content of our website correctly,to optimize the content of our website and the advertising for it,

  2. to ensure the permanent functionality of our IT systems and the technology of our website and

  3. to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.

This collected data and information is therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest follows from the purposes listed above.

3.2 Hosting by Werkbank GmbH

Our website is hosted by Werkbank GmbH, Viktoriastraße 75, 44787 Bochum. When you visit our website, your personal data is processed on Werkbank servers in Germany for the purpose of displaying our website in accordance with Art. 6 (1) point f GDPR. The hosting service provider is used on the basis of a data processing agreement in accordance with Art. 28 GDPR.

3.3 Cookies

3.3.1 General information about cookies

Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website.

Information is stored in the cookie that results in each case from the connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity.

The use of cookies serves to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate our offer for you for the purpose of optimization. These cookies enable us to automatically recognize that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a defined period of time. The respective storage duration of the cookies can be found in the settings of the consent tool used.

3.3.2 Legal basis for the use of cookies

The data processed by the cookies, which are required for the proper functioning of the website, are therefore necessary to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR.

For all other cookies, you have given your consent to this via our opt-in cookie banner within the meaning of Art. 6 para. 1 lit. a) GDPR.

3.3.3 Notes on avoiding cookies in common browsers

You can delete cookies, allow only selected cookies or completely deactivate cookies at any time via the settings of the browser you are using.

Further information can be found on the support pages of the respective providers:

3.3.4 Workbench Cookie Consent Management and Identity and Access Management Tool

We use Vinegar, a self-hosted Consent Management Platform (CMP) from Werkbank GmbH, Viktoriastraße 75, 44787 Bochum to manage user consent for cookies and other tracking technologies on our website. This tool ensures compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws by allowing users to review and adjust their cookie preferences at any time.

Vinegar collects and processes the following data:

  • User consent preferences for cookies and tracking technologies

  • Anonymized user identifiers to remember preferences across sessions

  • Timestamps of consent actions

The collected data is processed and stored on the servers of our hosting service Werkbank GmbH. The data is not intended to be passed on to third parties or to countries outside the EU.

You can manage the collection of your data by cookies by clicking on the following link: Configure your data protection settings for this website individually.

The identity and access management tool Keycloak manages your login data. Your login data (username and password) will be stored exclusively on the servers of Werkbank GmbH in 44787 Bochum. By registering and consenting to data protection as part of the MEDICE login, you consent to the processing of your data by us.

The legal basis for the processing of your personal data is your informed, voluntary consent in accordance with Art. 6 para. 1 sentence 1 lit. a) and Art. 9 para. 2 lit. a) GDPR.

3.3.5 Cookies used on this site

The following is a list of the cookies currently used on this website. This list contains the names of the individual cookies, a brief description of their function, their expiration Time and information on whether or not these cookies are subject to the consent requirement under the EU Cookie Directive. The names of the individual cookies displayed in the website settings may vary depending on a number of factors, including which browser you use, which websites you visited before coming to this website or whether you were redirected to this website from a website or social media platform.

Cookie Name

Expiration Time

Description

Consent required: No

vinegar

10 years

This cookie is used by our cookie bar to record if you have accepted the use of cookies on this website. Clicking on 'Accept' or navigating the site without clicking on 'Decline' will store an acceptance cookie with an expiration time of 10 years. Clicking on 'Decline' will store a 'session' cookie with a record of your decision. This session cookie is only held in your browser until the browser is closed. This cookie does not collect personal data.

_ga

2 years

Google Analytics: This is used to monitor traffic levels, search queries and visits to this website. It is used to distinguish users. If cookies have been accepted, then this will be personalized for analytics and performance purposes. If declined, this will remain anonymized. You can find more information about Google Analytics in section 3.13.

Anonymous data: No

 

 

Personalized data: Yes

3.4 Contact us / Contact form

When you contact us (e.g. by phone, fax, contact form or email), your personal data (such as first and last name, email address or phone/fax number) is collected and processed.

Which data is collected when a contact form is used can be seen from the respective contact form. All data fields marked as mandatory are required to process the respective request. If you do not provide this data, we will not be able to process your request. The provision of additional data is voluntary.

The data collected will be stored and processed exclusively for the purpose stated in the respective contact form/for contacting you, processing your request and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

When data is collected via a contact form, your data is transmitted in encrypted form.

After final processing of your request, all data collected in the course of contacting us will be deleted. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and the deletion does not conflict with any statutory retention obligations.

3.5 Application

As part of our application process, we collect personal data such as your name, address, telephone number and e-mail address. We need this data to contact you. You also have the option of providing us with electronically stored documents such as your CV, certificates, portraits or cover letter.

We are looking for the best applicants, regardless of age, gender, disability, origin, religion, ideology or sexual identity. We therefore do not require any information from you that cannot be used in accordance with the General Equal Treatment Act. Please also do not forward any confidential internal information or even company secrets of your former or current employer to us.

Your personal application data will be used exclusively for the purpose of processing your application and the associated pre-contractual measures to initiate an employment relationship within the meaning of Art. 6 para. 1 lit. b) GDPR in conjunction with. §26 BDSG collected, processed and stored. Only designated employees of MEDICE Arzneimittel Pütter GmbH & Co KG, as the parent company of MEDICE Ibérica, who are involved in the application process have access to the data transmitted to us as part of your application. These employees are trained in accordance with the requirements of the GDPR and are obliged to maintain data confidentiality.

If your application is successful, the data you provide may be used for administrative matters relating to your employment.

If we are unable to offer you employment, we will retain the data you have submitted for up to six months after completion of the application process for the purpose of answering questions in connection with your application and rejection. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage.

If we are unable to offer you a current vacancy but, based on your profile, believe that your application may be of interest for future vacancies, we will, with your separate consent, store your application data for a total of twelve months. You can revoke this consent at any time with effect for the future without incurring any disadvantages.

3.6 Employment relationship

In the context of an employment relationship with MEDICE Ibérica, we process personal data (such as personal and contact data, billing data or qualification data) of employees, interns, working students, trainees, etc. for the fulfillment of the contract, as well as in the context of pre-contractual measures pursuant to Art. 6 para. 1 lit. b) GDPR and Art. 88 GDPR, as well as due to legal requirements pursuant to Art. 6 para. 1 lit. c) GDPR.

It is necessary for you to provide the personal data that is required for the commencement and execution of an employment relationship and the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, it is not possible to enter into an employment relationship.

You will receive all information on the scope and purpose of the personal data collected, used and processed in the context of employment at MEDICE Ibérica, your rights as a data subject and all other data protection-related topics from us as part of the recruitment process.

3.7 Vigilance messages

When reporting adverse events in connection with our products, we collect personal data such as contact details (names of the reporting person and the person affected by the adverse event), time of occurrence of the adverse event or off-label use, as well as underlying and concomitant diseases.

We are legally obliged to collect, report and archive these vigilance reports. This serves to protect our patients and ensure the high quality and safety standards of our products. Your data will only be passed on to third parties (competent authorities) in pseudonymized form (without reference to you personally) within the scope of the legal reporting obligations for vigilance reports.

3.8 Business relationships

MEDICE Ibérica maintains various business relationships with e.g. doctors, pharmacies, suppliers, contract processors, cooperation partners, training participants, other service providers (consultants, other freelancers, etc.), health insurance companies and other customers. Among other things, contact data, billing data and information from the respective contractual agreements are processed for the purpose of fulfilling the contract or as part of pre-contractual measures in accordance with Art. 6 para. 1 lit. b) GDPR.

As part of this business relationship with MEDICE Ibérica, it is necessary for you to provide the personal data that is required for the establishment and execution of a business relationship and the fulfillment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will usually not be able to accept a business relationship or other order or will have to terminate it.

3.9 Events

MEDICE Ibérica regularly organizes various events such as seminars, specialist group meetings or symposia. During these events, employees of MEDICE Ibérica and/or external service providers working on behalf of MEDICE Ibérica take photographs and/or make video recordings of the participants. We collect and process your personal data on the basis of our legitimate interest in documenting the respective event, reporting on it, and for public relations work (e.g. by publishing it on the company intranet, on our homepage, in social networks or in press releases) in accordance with Art. 6 (1) point f GDPR. You will be informed about these photo and/or video recordings before and during the events and you can object to the processing of your personal data at any time by sending an informal letter to datenschutz[at]medice.de.

Within the scope of the events, MEDICE Ibérica processes your personal data for the purpose of processing your registration, as well as for conducting and following up on the event. The data that is collected can be seen on the respective registration form for the event.

Online events

We use the “Zoom” tool from Zoom Video Communications Inc. to plan, coordinate, and hold online events. When you participate in one of our events, your personal data will be processed.

All information on data protection for online events via Zoom can be found here

3.10 Profiling

We process your data partly automatically with the aim of evaluating certain aspects of your person (profiling).

For example, we use profiling in the following cases:

  • We use analysis tools to provide you with targeted information and advice on products. These enable needs-based communication and advertising, including market and opinion research.

  • As part of the assessment of your creditworthiness, we may use scoring. This includes experience from the previous business relationship, publicly available data and information from credit agencies.

3.11 Marketing and Newsletter delivery

As part of our marketing activities, we send out digital newsletters as part of product, event, promotion, offer or advertising information.

Our marketing activities essentially serve to retain and maintain customer loyalty, pass on information, conduct market and opinion research, improve our offers and automate communication.

Your contact details (name, e-mail address) are used to send the newsletter. Tools and software solutions from various mailing service providers are used for this purpose. These are:

  • Salesforce

    We use the CRM solutions provided by salesforce.com Inc. (‘salesforce’), One Market Street, Suite 300, San Francisco, CA 94105, USA. We use these CRM solutions (customer relationship management solutions) for managing customer and consent data, sales management, and for sending newsletters automatically. As a US company, salesforce.com Inc. is certified under the EU-US Data Privacy Framework, whereby the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies and thus an adequate level of data protection is confirmed. You can find more information about Salesforce at: www.salesforce.com

MEDICE Ibérica only uses service providers with whom a corresponding order agreement exists in accordance with Art. 28 GDPR.

As part of personalized newsletters, MEDICE Ibérica uses contact lists from HCP database service providers such as IQVIA.

For more information about IQVIA's privacy policy, please visit: https://www.iqvia.com/about-us/privacy

The legal basis for the processing of your data in the context of sending the newsletter is your voluntary consent pursuant to Art. 6 para. 1 lit. a) GDPR.

This consent can be obtained directly by MEDICE IBÉRICA or external HCP database service providers such as IQVIA.

You can revoke your consent at any time without giving reasons and unsubscribe from the newsletter. There is a corresponding link/contact in every newsletter for this purpose.

The legal basis for sending newsletters as a result of the sale of goods or services is Section 7 (3) UWG. You can also unsubscribe from the newsletter at any time. There is a corresponding link in every newsletter for this purpose.

3.12 Our activities in social networks

We have our own pages on social networks so that we can communicate with you and inform you about our services.

We are not the original provider of these pages, but only use them within the scope of the possibilities offered to us by the respective providers.

As a precautionary measure, we would therefore like to point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore be associated with data protection risks for you, as it may be more difficult to safeguard your rights, e.g. to information, deletion, objection, etc., and processing in social networks is often carried out directly for advertising purposes or for the analysis of user behavior by the providers without us being able to influence this. If user profiles are created by the provider, cookies are often used or the user behavior is assigned to your own social network member profile.

The described processing operations of personal data are carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 para. 1 lit. a) GDPR.

As we do not have access to the providers' databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in the social networks is provided below by the respective social network provider we use:

  • Instagram

    When you visit our Instagram page, through which we present our company or individual products from our range, certain information about you is processed. The controller responsible for data processing is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;

    All information on the handling of your personal data by Instagram can be found here: https://help.instagram.com/155833707900388

  • LinkedIn

    When you visit our LinkedIn pages, through which we present our company or individual products from our range, certain information about you is processed. The controller for data processing is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

    All information on how LinkedIn handles your personal data can be found here: https://www.linkedin.com/legal/privacy-policy

Vigilance messages via social

Occasionally, users, their relatives or healthcare professionals may comment on our products in comments or messages. These comments/messages are also included in the vigilance messages from point 3.6, where we process your personal data.

3.13 Web analysis

Google Analytics 4 (GA4)

On our website, we use the web analysis service Google Analytics 4 (GA4) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This creates pseudonymized user profiles and uses cookies (see section 3.3 "Cookies").

The following data on website use is collected from you by cookies, among other things:

  • IP address (short-term recording without permanent storage) • Location data

  • Browser type/version

  • Operating system used

  • Referrer URL (previously visited page)

  • Time of the server request

The pseudonymized data may be transmitted by Google to a server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of the website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

These processing operations will only take place if you have given your express consent in accordance with Art. 6 para. 1 lit. a) GDPR via the corresponding cookie banner.

The default data storage period set by Google is 14 months. Otherwise, the personal data is stored for as long as it is required to fulfill the purpose of processing. The data is deleted as soon as it is no longer required for the purpose for which it was collected.

The parent company Google LLC is certified as a US company under the EU-US Privacy Framework, which means that the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies and thus confirms an adequate level of data protection.

You can find more information on the data protection provisions of Google LLC regarding the use of GA4 at: https://support.google.com/analytics/answer/7318509

3.14 Cooperation with the parent company and other subsidiaries

In order to safeguard the legitimate interests of MEDICE Health Family Holding GmbH pursuant to Art. 6 para. 1 lit. f) GDPR in optimizing the advertising and sales market presence of our parent company and subsidiaries, it may be necessary for us to share certain personal data within MEDICE Health Family Holding GmbH. This applies in particular to possible contact data, information about your interests and your customer profile as well as your use of our products and services.

The joint processing of this data takes place within the framework of joint responsibility in accordance with Art. 26 GDPR. The participating companies within MEDICE Health Family Holding GmbH have defined in an agreement how the respective tasks and responsibilities with regard to the processing of personal data are distributed and who fulfills which obligations under the GDPR.

The shared data can be used for this purpose:

  • Optimize our marketing and sales strategies.

  • to conduct market research and analyses in order to further improve our products and services.

The companies involved within MEDICE Health Family Holding GmbH ensure that suitable technical and organizational measures are taken to protect your personal data. The transmission and processing of your data is always carried out in accordance with the applicable data protection regulations.

Further information on data protection, your rights as a data subject and data processing by MEDICE Arzneimittel Pütter GmbH & Co. KG, as the parent company of MEDICE Health Family Holding GmbH, can be found here

If you have any questions about the joint processing of your data within MEDICE Health Family Holding GmbH or would like to assert your data protection rights, you can contact our data protection team at datenschutz[at]medice.de at any time. For confidential matters relating to data protection, you can contact our data protection officer directly at dsb[at]medice.de.

3.15 Purposes of the processing

The personal data may be processed for the following purposes:

  • for the fulfillment of contractual obligations or in the context of pre-contractual measures

  • for the provision and delivery of our range of services

  • to provide and ensure the functionality of the website

  • to protect the rights and interests of MEDICE Ibérica and third parties (e.g. users, employees)

  • for communication and contact

  • to fulfill legal obligations

  • to permanently guarantee the technical functionality and user-friendliness of the website

  • in rare cases to defend against legal claims or to combat fraud

  • for market research and marketing purposes

  • for processing and verification of vigilance notifications

3.16 Storage and deletion periods

Unless otherwise stated in this privacy policy or the offer-related data protection information, we will only store your personal data for as long as is necessary to fulfill the stated processing purposes, to fulfill our contractual or legal obligations or to pursue and defend against legal claims.

The statutory retention obligations arise in particular from commercial or tax law regulations.

4. legal basis

The legal basis for the processing of your personal data may be your informed, voluntary consent in accordance with Art. 6 para. 1 lit. a) in conjunction with Art. 7 GDPR. Art. 7 GDPR, the performance of a contract to which you are a party or the performance of pre-contractual measures pursuant to Art. 6 para. 1 lit. b) GDPR, the fulfillment of a legal obligation pursuant to Art. 6 para. 1 lit. c) (in the case of drug safety reports in conjunction with Art. 9 para. 2 lit. i) GDPR, §22 para. 1 no. 1 lit. c) BDSG-neu and §63c AMG) or the protection of our legitimate interests or those of a third party pursuant to Art. 6 para. 1 lit. f) GDPR.

5. data transmission

We only pass on your personal data to third parties if:

  1. you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a) GDPR,

  2. the disclosure is permitted in accordance with Art. 6 para. 1 lit. f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,

  3. in the event that there is a legal obligation for disclosure pursuant to Art. 6 para. 1 lit. c) GDPR, and

  4. this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b) GDPR.

As part of the processing operations described in this privacy policy, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies.

We have explicitly stated this for the service providers concerned in the privacy policy. In order to protect your data in all other cases, we have concluded data processing agreements based on the European Commission's standard contractual clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may serve as the legal basis for the transfer to third countries in accordance with Art. 49 para. 1 lit. a) GDPR. This may not apply in the case of data transfer to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

Under these conditions, recipients of personal data may be, for example

  • Companies affiliated with MEDICE Ibérica, insofar as this is necessary for the purpose of data processing.

  • Public bodies and institutions (e.g. European Central Bank, tax authorities, Federal Central Tax Office, public prosecutor's offices) if there is a legal or official obligation.

  • Processors to whom we transfer personal data in order to carry out the business relationship with you, e.g. for services in connection with archiving, document processing, call center services, controlling, compliance, data destruction, purchasing, debt collection, customer administration, lettershops, marketing, media technology, reporting, support/maintenance of IT applications, risk controlling, telephony, dispatch of goods, website management, payment transactions.

  • Persons bound to professional secrecy (e.g. lawyers, tax consultants, auditors) for support in the fulfillment of legal or official obligations as well as for the prosecution and defense of legal claims and in criminal prosecution.

Other data recipients may be those bodies for which you have given your consent to the transfer of data.

MEDICE Ibérica ensures that your data will only be passed on to bodies that can demonstrate a suitable data protection concept in accordance with the applicable regulations and laws and with which, if necessary, corresponding contractual agreements in accordance with Art. 26 and Art. 28 GDPR exist.

6. data security

The security of your personal information is very important to us.

Any collection, storage, use and transmission of data involves confidentiality risks (e.g. the possibility of identifying the person concerned). These risks cannot be completely ruled out and increase the more data can be linked together. MEDICE IBÉRICA assures you that it will do everything possible in accordance with the state of the art to protect the transmission of your data.

To this end, we take the following technical and organizational measures, among others:

  • SSL/TLS encryption: Personal data is only transmitted via state-of-the-art encrypted connections. We implement the applicable requirements of the Federal Office for Information Security and use this technology to protect the transmission of your data.

  • Different passwords for all software tools used internally

  • Multi factor authentication to access internal systems and data

  • Virus protection for all IT hardware used

  • Firewall for our internal company network

  • Regular training on data security and protection for all employees

  • Regular updates of all software components

  • Regular data backups to ensure availability

  • Regular risk analyses of the corresponding IT systems

7. your rights

When processing your personal data, our aim is to guarantee your data protection rights at all times. Our service times and all contact options can be found under point 2 "Contact".

You can exercise the following rights in relation to your personal data:

  • You can request information about the processing of your data.

  • You can request that your personal data be amended if it is incorrect or incomplete.

  • You can request restrictions on the processing of your personal data. (1) For the duration of the review of the accuracy of the data. (2) If the processing is unlawful and you refuse deletion. (3) If the data is no longer needed by the controller for the purposes of processing, but you need it to assert, exercise or defend legal claims. (4) In the event of an objection to the data processing, as long as the corresponding balancing of interests has not been clarified.

  • You can request that the data collected about you be transferred to you or to a body designated by you.

  • If there is a basis for complaint, you can lodge a complaint with the competent data protection authority.

    You can contact the Spanish data protection supervisory authority at

    Agencia Espanola de Protección de Datos (AEPD)

    C/Jorge Juan, 6

    E - 28001 Madrid

    Phone: + 34 91 266 35 17

    E-mail: internacional[at]aepd.es

    Homepage: https://www.agpd.es

  • You can request the deletion of the data collected about you.

  • You can informally object to the processing of your personal data at any time without giving reasons. If the processing is based on Art. 6 para. 1 lit. e) or f) GDPR.

  • You can revoke your consent to data processing informally at any time without giving reasons

You will not suffer any disadvantages in the event of an objection/revocation. The objection applies with effect for the future; the previous data transfers remain lawful. From now on, your data will only be processed by MEDICE Ibérica to a limited extent if this is required by law in accordance with Art. 6 para. 1 lit. c) and our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. If you have any further questions about the handling of your personal data or would like to make use of your other rights, please contact us at privacy-spain[at]medice.com.

You can also contact our parent company MEDICE Arzneimittel Pütter GmbH & Co. KG in Germany at:

MEDICE Arzneimittel Pütter GmbH & Co. KG

Data protection

Kuhloweg 37

58638 Iserlohn - Germany

Phone: +49 (0)2371 937

E-mail: datenschutz[at]medice.de

For confidential matters relating to data protection, you can contact our data protection officer directly at: dsb[at]medice.de