MEDICE Health Family

Privacy policy for the Health Academy

Last updated: 06/11/2025

Guidance

MEDICE Arzneimittel Pütter GmbH (hereinafter referred to as "MEDICE") takes the protection of your personal data very seriously. The following information is intended to give you an overview of how your personal data is processed at our MEDICE Health Academy.

An overview of the individual chapters for better orientation can be found here:

Preamble – Here you will find a brief overview of the content of the Health Academy and data protection issues.
Contact – How can you contact us quickly and easily?
Data processing and storage – Which of your data is stored and processed, how, for what purpose, where, by whom and for how long?
Legal basis – On what legal basis do we process your data?
Data transfer – Under what conditions do we transfer your data to third parties?
Data security – What do we do to protect your data as best as possible?
Your rights – Here you will find an overview of all your rights as a data subject.

1. Preamble

With the Health Academy, MEDICE offers a web-based platform that provides added value, offers and information for PTAs, doctors and practice teams.

When registering with the Health Academy, personal data may be processed. The data protection term "personal data" refers to all information relating to an identified or identifiable person. The IP address can also be considered personal data. An IP address is assigned to every device connected to the internet by the internet provider so that it can send and receive data. When you use the Health Academy, we collect information that you provide yourself. In addition, during your visit to the Health Academy, we automatically collect certain information about your use of the platform.

If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.

As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection of the personal data processed.

2. Contact

You can contact us directly via the service hotline +49 2371 937-0 or the service email address info[at]medice.de. Our service hours are Monday to Friday (except public holidays) from 7:15 a.m. to 5:30 p.m.

Your enquiry will be processed by our staff within two working days to no later than two weeks after receipt of your enquiry.

The controller within the meaning of Art. 4 (7) of the EU General Data Protection Regulation (hereinafter "GDPR"), the Federal Data Protection Act (hereinafter "BDSG") and other data protection regulations is:

MEDICE Arzneimittel Pütter GmbH & Co. KG
Kuhloweg 37
58638 Iserlohn
Telephone: +49 (0)2371 937 0
Email: info[at]medice.de

Authorised representatives:
Dr Katja Pütter-Ammer
Dr Richard Ammer
Dr. rer. nat. Uwe Baumann
Annick Berreur-Igersheim
Eric Neyret

Internal Data Protection Officer:
If you have any questions about our data protection measures, the processing of your data or the protection of your rights as a data subject, you can contact our data protection team as follows:

MEDICE Arzneimittel Pütter GmbH & Co. KG
Data Protection
Kuhloweg 37
58638 Iserlohn
Telephone: +49 (0)2371 937 0
Email: datenschutz[at]medice.de

If you have any confidential concerns regarding data protection, you can contact our data protection officer directly at dsb[at]medice.de.

3. Data processing and storage

The following personal data may be collected and processed when you visit our website:

3.1 Technology

When you use our website for informational purposes only, we collect only those data that are technically necessary to provide the service. These are usually data that your browser transmits to our server (in so-called server log files). Our website collects a range of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server's log files. The following may be collected:

browser types and versions used,
the operating system used by the accessing system,
the website from which an accessing system reaches our website (so-called referrer),
the sub-websites that are accessed via an accessing system on our website,
the date and time of access to the website,
an abbreviated Internet Protocol address (anonymised IP address) and
the Internet service provider of the accessing system.

We do not draw any conclusions about your person when using this general data and information. Rather, this information is required in order to

deliver the content of our website correctly,
optimise the content of our website and the advertising for it,
ensure the long-term functionality of our IT systems and the technology of our website, and
provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

We therefore evaluate this collected data and information statistically on the one hand and with the aim of increasing data protection and data security in our company on the other, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6 (1) lit. f) GDPR. Our legitimate interest follows from the purposes listed above.

3.2 Microsoft Cloud Services – Hosting 360Learning

For the interactive training courses offered by the Health Academy, we use the services of 360Learning GmbH, Stephaniestr. 94, 76133 Karlsruhe. The 360Learning GmbH learning platform is similar to a physical classroom. Users can enter their name, success status and, if applicable, other data they have provided, such as a profile picture and banner. This data can be viewed by all users of the platform.

To this end, a corresponding agreement on data processing on behalf of the service provider has been concluded in accordance with Art. 28 GDPR.

Further information on data protection at 360Learning GmbH can be found here: https://360learning.cdn.prismic.io/360learning/3048e7ec-16a8-4895-bf1f-fdf8278406d2_Datenschutzbestimmungen_MAJ-23122022.pdf

3.3 Cookies

3.3.1 General information about cookies

Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website.

The cookie stores information that is related to the specific device used. However, this does not mean that we immediately become aware of your identity.

The use of cookies serves to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages on our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognise that you have already been with us and what entries and settings you have made so that you do not have to enter them again.

3.3.2 Legal basis for the use of cookies

The data processed by the cookies, which is necessary for the proper functioning of the website, is therefore necessary to safeguard our legitimate interests and those of third parties in accordance with Art. 6 (1) lit. f) GDPR.

3.3.3 Information on avoiding cookies in common browsers

You can delete cookies, allow only selected cookies or deactivate cookies completely at any time via the settings of your browser.

Further information is available on the support pages of the respective providers:

Chrome: https://support.google.com/chrome/answer/95647?tid=311178978

Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac?tid=311178978

Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?tid=311178978

Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09

3.3.4 Cookies used on this website

Our website uses cookies to ensure basic functionality and optimal user-friendliness. This website only uses technically necessary cookies that are required for the operation of the website and to ensure optimal user-friendliness.

These cookies do not store any personal data and only enable basic functions such as navigating the site and accessing protected areas.

As we do not use cookies that require consent – such as tracking or marketing cookies – your consent is not required for this.

If you wish to prevent the use of cookies in general, you can configure this in your browser settings. Please note that in this case, not all functions of our website may be available without restriction.

3.4 Registration

As part of your registration on the Health Academy website, MEDICE and the service provider commissioned by MEDICE, 360Learning GmbH (Stephaniestr. 94, 76133 Karlsruhe), collect and process your personal data for the purpose of providing our services and, with your additional consent, for subsequent contact for marketing purposes.

The following data is collected and processed:

Contact details (first and last name, email address, home address, employer's postcode, telephone number, organisation, job title, LinkedIn account, Twitter/X account)
Image data (profile picture and banner)
Demographic data (title)
Customer number
Demographic data (title)
Qualification data (job title: PTA, PKA, pharmacist)
Technical data (IP address, date and time of registration)
Points earned in 360Learning (for voucher triggering when threshold value is exceeded)
Optional: occupation (specialist journalist, doctor, pharmacist, pharmacy specialist, clinic specialist, practice specialist, alternative practitioner, psychotherapist and other, other trading partners) and contact details of the institution
Password (encrypted)

This data is only collected and processed with your voluntary, informed consent in accordance with Art. 6 (1) (a) GDPR.

Your registration, including the provision of personal data, also enables us to offer you content or services that, due to their nature, can only be offered to registered users.

MEDICE stores and uses the data you provide until your user account is deleted/until you withdraw your consent.

3.4.1 Single sign-on

Single sign-on (SSO) is an authentication process that allows users to access multiple applications with a single set of login credentials. With SSO, users no longer need to remember multiple login credentials for different applications.

This means:

When you register for our services, the data collected during registration is also stored and managed in the Keycloak identity and access management tool connected to the platform. The identity and access management tool is managed by the service provider Werkbank GmbH (Viktoriastraße 75, 44787 Bochum), which is subject to MEDICE's instructions.

This enables you to authenticate yourself for other offers on this platform without having to register again.

Our services that allow you to log in via SSO include:

Health Family Shop
Health Academy
PTA Family
Professional access
ADHD platform/digital hospital

The legal basis for the transfer and processing of your data is your voluntary consent in accordance with Art. 6 (1) (a) GDPR.

The collected data is processed and stored on the servers of the service provider Werkbank GmbH. There are no plans to transfer the data to third parties or to countries outside the EU. To this end, a corresponding agreement on data processing on behalf of the client has been concluded with the service provider in accordance with Art. 28 GDPR.

3.4.2 MEDICE Health Family Bonus

The MEDICE Health Family Bonus Programme rewards registered users for actively participating in and using the platform's offerings. Registered users from the professional groups of pharmacists, pharmacy technicians, pharmacy assistants or pharmacy clerks can collect points for successfully completed tasks, such as participating in training courses, surveys, purchases in the shop, etc. These points can be redeemed for rewards in the Health Family Shop.

As part of the bonus programme, we process personal data to enable you to participate in the programme, to automate the awarding of points and the creation of vouchers, to generate reports on programme behaviour and to carry out internal evaluations, for example using a control group.

Your data is collected and processed in Salesforce Loyalty Hub, an add-on to the Salesforce platform, provided by salesforce.com Inc. ("salesforce"), One Market Street, Suite 300, San Francisco, CA 94105, USA, on servers in Germany.

The following data will be collected and processed:

Contact details (title, first and last name, private email address/postcode, billing address, delivery address, telephone number if applicable)
Qualification data (job title: PTA, PKA, pharmacist, other pharmacy specialist staff)
Customer number
Transactions
Billing data (order value, shipping costs, voucher redeemed yes/no, payment status, payment method)
Programmes and levels
Number of points collected (available and total)
History of points awarded, e.g. 200 points for newsletter registration or completion of training
Competition history and status, e.g. participation in competition XY, status = open
Consent status, e.g. consent to receive newsletters = open

This data may be collected and processed in connection with the following offers and services related to the bonus programme:

360Learning training platform (training courses) – Points can be collected by successfully completing the various training modules.
HFP / PTA websites (competitions/interactions/surveys) - Points can be collected by participating in competitions, interactions or surveys.
KeyCloak/DjangoDB/registration process (date of birth) – Points can be collected by voluntarily providing your date of birth.
Self-service area (consents) – In the self-service area, you can give further consents for which you receive points, e.g. for the dispatch of newsletters and marketing information.
ventari (events) – Points can be credited for participating in events.

This data is only collected and processed with your voluntary, informed consent in accordance with Art. 6 (1) (a) GDPR.

In order to redeem your collected points in our shop, the necessary data may be forwarded to our partner systems (e.g. Shopware, LivingBytes) to enable the creation and redemption of your vouchers.

MEDICE stores and uses the data collected from you until the described processing purposes have been fulfilled, at the latest until you revoke your consent/delete your user account and all statutory retention periods have expired (in the case of voucher redemption). The statutory retention obligations arise in particular from commercial or tax law regulations.

3.5 Marketing and newsletter distribution

As part of our marketing activities, we send out digital newsletters containing information about MEDICE Health Academy products, events, promotions, offers and advertising.

Our marketing activities are primarily aimed at customer loyalty and retention, information sharing, market and opinion research, improving our offerings, and automating communication.

Your contact details (name, email address) are used to send the newsletters. We use the Brevo solution to send emails. The provider is Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Brevo stores and processes your data on servers in Germany.

Further information on Brevo's data protection regulations can be found at: https://www.brevo.com/de/datenschutz-uebersicht/

MEDICE Arzneimittel Pütter GmbH & Co. KG only uses service providers with whom a corresponding contract agreement in accordance with Art. 28 GDPR has been concluded.

The legal basis for the processing of your data in the context of sending the newsletter is either a contractual agreement concluded with you (e.g. when participating in a competition) in accordance with Art. 6 (1) (b) or your voluntary consent in accordance with Art. 6 (1) (a) GDPR.

You can revoke your consent at any time without giving reasons and unsubscribe from the newsletter. For this purpose, there is a corresponding link/contact in every newsletter.

3.6 Purposes of processing

Personal data is processed for the following purposes:

to provide the Health Academy, which includes the following processing:
- registration and expert group verification
- Provision of training content
- processing of rewards
- the organisation of competitions
- Issuing certificates of participation
- Viewing responses and success status between users within the learning environment
- fulfilling contractual obligations or as part of pre-contractual measures
to protect the rights and interests of MEDICE Health Family and third parties (e.g. users)
for communication and establishing contact
To fulfil legal obligations
to provide and permanently guarantee the technical functionality and user-friendliness of the Health Academy
in rare cases, to defend against legal claims or to combat fraud
for market research and marketing purposes

3.7 Storage and deletion periods

Unless otherwise stated in this privacy policy, we only store your personal data for as long as is necessary to fulfil the aforementioned processing purposes, to fulfil our contractual or legal obligations, or to pursue and defend against legal claims.

The statutory retention obligations arise in particular from commercial or tax law regulations.

You can delete your user account at any time. If you delete your account, your data will only be processed by MHF to a limited extent if this is required by law in accordance with Art. 6 (1) (c).

If your account has been inactive for more than 2 years, you will be contacted by email and asked whether you wish to continue using the MEDICE Health Academy service. If your user account remains inactive for a further 3 months from the date of receipt of the information email, your user account will be deleted by MEDICE.

3.8 Cooperation between the parent company and other subsidiaries

In order to pursue the legitimate interests of MEDICE Health Family Holding GmbH pursuant to Art. 6 (1) (f) GDPR in optimising the advertising and sales market presence of our parent company and subsidiaries, it may be necessary for us to share certain personal data within MEDICE Health Family Holding GmbH. This applies in particular to possible contact details, information about your interests and customer profile, and your use of our products and services.

The joint processing of this data takes place within the framework of joint responsibility in accordance with Art. 26 GDPR. The companies involved within MEDICE Health Family Holding GmbH have set out in an agreement how the respective tasks and responsibilities relating to the processing of personal data are distributed and who fulfils which obligations in accordance with the GDPR.

The shared data may be used for the following purposes:

To optimise our marketing and sales strategies.
To conduct market research and analyses in order to further improve our products and services.

The companies involved within MEDICE Health Family Holding GmbH ensure that appropriate technical and organisational measures are taken to protect your personal data. Your data is always transmitted and processed in accordance with the applicable data protection regulations.

Further information on data protection, your rights as a data subject and data processing by MEDICE Arzneimittel Pütter GmbH & Co. KG as the parent company of MEDICE Health Family Holding GmbH can be found at here:
Privacy Policy of the MEDICE Arzneimittel Pütter GmbH & Co. KG

If you have any questions about the joint processing of your data within MEDICE Health Family Holding GmbH or would like to assert your data protection rights, you can contact our data protection team at any time at datenschutz[at]medice.de.

4. Legal basis

The legal basis for the processing of your personal data may be your informed, voluntary consent in accordance with Art. 6 (1) (a) in conjunction with Art. 7 GDPR/§ 25(1) TDDDG, the performance of a contract to which you are a party, or the performance of pre-contractual measures pursuant to Art. 6(1)(b) GDPR, the fulfilment of a legal obligation pursuant to Art. 6(1)(c) or the protection of our legitimate interests or those of a third party pursuant to Art. 6 (1) lit. f) GDPR.

5. Data transfer

We only pass on your personal data to third parties if:

you have given us your express consent to do so in accordance with Art. 6 (1) (a) GDPR,

the transfer is permissible under Art. 6 (1) lit. f) GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,

there is a legal obligation to disclose the data in accordance with Art. 6 (1) (c) GDPR, and

this is legally permissible and necessary for the performance of contractual relationships with you in accordance with Art. 6 (1) (b) GDPR.

Within the scope of the processing operations described in this privacy policy, personal data may be transferred to the United States. Companies in the United States only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies.

We have explicitly mentioned this in the privacy policy for the service providers concerned. In order to protect your data in all other cases, we have concluded agreements on order processing based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49(1)(a) GDPR may serve as the legal basis for the transfer to third countries. This does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

Under these conditions, recipients of personal data may include, for example:

Companies affiliated with MHF, insofar as this is necessary for the purpose of data processing.

Public authorities and institutions (e.g. European Central Bank, tax authorities, Federal Central Tax Office, public prosecutors) in the event of a legal or official obligation.

Processors to whom we transfer personal data in order to conduct our business relationship with you, e.g. for services related to archiving, document processing, call centre services, controlling, compliance, data destruction, purchasing, debt collection, customer management, lettershops, marketing, media technology, reporting, support/maintenance of IT applications, risk controlling, telephony, goods dispatch, website management, payment transactions.

Persons bound to professional secrecy (including solicitors, tax advisors, auditors) for support in fulfilling legal or official obligations, as well as for pursuing and defending legal claims and in criminal prosecution.

Other data recipients may be those entities to which you have given your consent for data transfer.

MHF guarantees that your data will only be passed on to entities that can demonstrate an appropriate data protection concept in accordance with the applicable regulations and laws and with which, if necessary, appropriate contractual agreements have been concluded in accordance with Art. 26 and Art. 28 GDPR.

6. Data security

The security of your personal information is very important to us.

Every time data is collected, stored, used and transferred, there are confidentiality risks (e.g. the possibility of identifying the person concerned). These risks cannot be completely ruled out and increase the more data can be linked together. MHF assures you that it will do everything possible in line with the state of the art to protect the transfer of your data.

To this end, we take the following technical and organisational measures, among others:

SSL/TLS encryption: Personal data is only transmitted via connections that are encrypted using the latest technology. We implement the applicable requirements of the German Federal Office for Information Security and use this technology to protect the transmission of your data. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
Different passwords for all internally used software tools
Multi-factor authentication for access to internal systems and information
Virus protection for all IT hardware used
Firewall for our internal company network
Regular training on data security and protection for all employees
Regular updates of all software components
Regular data backups to ensure availability
Regular risk analyses of the relevant IT systems

7. Your rights

When processing your personal data, our goal is to guarantee your data protection rights at all times. Our service hours and all contact details can be found under point 2, "Contact".

You can exercise the following rights in relation to your personal data:

You can request information about the processing of your data.

You can request the correction of your personal data if it is incorrect or incomplete.

You can request the restriction of the processing of your personal data. (1) For the duration of the verification of the accuracy of the data. (2) If the processing is unlawful and you refuse to have it deleted. (3) If the data is no longer required by the controller for the purposes of processing, but you need it to assert, exercise or defend legal claims. (4) In the event of an objection to data processing, as long as the corresponding balancing of interests has not been clarified.

You may request that the data collected about you be transferred to you or to a body designated by you.

If there are grounds for complaint, you may lodge a complaint with the competent data protection authority.

The contact details of the data protection supervisory authorities of all federal states can be found at the following internet address:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

You may request the deletion of the data collected about you.

You may object to the processing of your personal data at any time without giving reasons. If the processing is based on Art. 6 (1) (e) or (f) GDPR.

You may revoke your consent to data processing at any time without giving reasons.

You will not suffer any disadvantages as a result of an objection/revocation. The objection is effective for the future; previous data transfers remain lawful. From now on, your data will only be processed by MHF to a limited extent if this is required by the relevant legal provisions under Art. 6 (1) (c) and our legitimate interest under Art. 6 (1) (f) GDPR.

If you have any further questions about the handling of your personal data or would like to exercise your other rights, please contact our data protection team at datenschutz[at]medice.de.

For confidential matters relating to data protection, you can contact our data protection officer directly at dsb[at]medice.de.

Privacy policy for the Health Academy​