Privacy Policy PTA-Family
Last update: 21 November 2025
Guidance
MEDICE Arzneimittel Pütter GmbH & Co. KG (hereinafter referred to as "MEDICE") takes the protection of your personal data very seriously.
The following information is intended to give you an overview of how your personal data is processed in connection with our "PTA-Family" service.
An overview of the individual chapters for better orientation can be found here:
Preamble – Here you will find a brief overview of the content of the website and data protection issues.
Contact – How can you contact us quickly and easily?
Data processing and storage – Which of your data is stored and processed, how, for what purpose, where, by whom and for how long?
Legal basis – On what legal basis do we process your data?
Data transfer – Under what conditions do we transfer your data to third parties?
Data security – What do we do to protect your data as best as possible?
Your rights – Here you will find an overview of all your rights as a data subject.
1. Preamble
When using our "PTA Family" service, personal data may be processed. The data protection term "personal data" refers to all information relating to an identified or identifiable person. The IP address can also be considered personal data. An IP address is assigned to every device connected to the internet by the internet provider so that it can send and receive data. When you use the website, we collect information that you provide yourself. In addition, during your visit to the website, we automatically collect certain information about your use of the website.
If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.
As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection of the personal data processed.
2. Contact
The controller within the meaning of Art. 4 (7) of the EU General Data Protection Regulation (hereinafter "GDPR"), the Federal Data Protection Act (hereinafter "BDSG") and other data protection regulations is:
MEDICE Arzneimittel Pütter GmbH & Co. KG
Kuhloweg 37
58638 Iserlohn
Telephone: +49 (0)2371 937 0
Email: info[at]medice.de
Authorised representatives:
Dr Katja Pütter-Ammer
Dr Richard Ammer
Uwe Baumann, PhD
Annick Berreur-Igersheim
Eric Neyret
Internal Data Protection Officer:
If you have any questions about our data protection measures, the processing of your data or the protection of your rights as a data subject, you can contact our data protection team as follows:
MEDICE Arzneimittel Pütter GmbH & Co. KG
Data Protection
Kuhloweg 37
58638 Iserlohn
Telephone: +49 (0)2371 937 0
Email: datenschutz[at]medice.de
If you have any confidential concerns regarding data protection, you can contact our data protection officer directly at dsb[at]medice.de.
3. Data processing and storage
The following personal data may be collected and processed when you visit this website and use our "PTA Family" service:
3.1 Technology
When you use our website for informational purposes only, we collect only the data that is technically necessary to provide the service. This is usually data that your browser transmits to our server (in so-called server log files). Our website collects a range of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server's log files. The following may be collected:
browser types and versions used,
the operating system used by the accessing system,
the website from which an accessing system reaches our website (so-called referrer),
the sub-websites that are accessed via an accessing system on our website,
the date and time of access to the website,
an abbreviated Internet Protocol address (anonymised IP address) and
the Internet service provider of the accessing system.
We do not draw any conclusions about your person when using this general data and information. Rather, this information is required in order to
deliver the content of our website correctly,
optimise the content of our website and the advertising for it,
ensure the long-term functionality of our IT systems and the technology of our website, and
provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
We therefore evaluate this collected data and information statistically on the one hand and with the aim of increasing data protection and data security in our company on the other, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.
The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest follows from the purposes listed above.
3.2 Hosting by Amazon Web Services - AWS
We host our website with Amazon Web Services (AWS). The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg.
When you visit our website, your personal data is processed on AWS servers. In this context, personal data may also be transferred to the parent company of AWS in the USA.
Your data is processed for the purpose of displaying our website in accordance with Art. 6(1)(f) GDPR.
The parent company Amazon.com.Inc. is certified as a US company under the EU-US Data Privacy Framework. This means that an adequacy decision pursuant to Art. 45 GDPR is in place, so that personal data may be transferred without further guarantees or additional measures. To protect your data, we have also concluded agreements on order processing pursuant to Art. 28 GDPR, based on the standard contractual clauses of the European Commission.
For more information on AWS's privacy policy, please visit: https://aws.amazon.com/privacy/aws-privacy-prior-20250512/
3.3 Amazon CloudFront (content delivery network)
We use Amazon CloudFront, a web service provided by Amazon Web Services Inc., 410 Terry Avenue North, 98109, Seattle, Washington, USA.
Amazon CloudFront is a content delivery network (CDN). It directs the transfer of information between your browser and our website via the CloudFront network. This reduces the latency with which we can deliver static and dynamic web content. It also improves the security of our website through data traffic encryption and access controls.
CloudFront also stores cookies on your computer to optimise the service. CloudFront collects statistical data about visits to our website.
This includes, among other things:
IP address
Page accessed
Referrer URL
Browser type
Operating system
Device type
The legal basis for the processing of your personal data by CloudFront is your informed, voluntary consent in accordance with Art. 6 (1) (a) GDPR, as well as our legitimate interest in using CloudFront to optimise and improve security, and to use the content delivery network so that we do not have to operate one ourselves.
Personal data is stored by Amazon Web Services for as long as necessary to achieve the purposes described.
The parent company Amazon.com.Inc. is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision in accordance with Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures. To protect your data, we have also concluded agreements on order processing in accordance with Art. 28 GDPR, based on the standard contractual clauses of the European Commission.
Further information can be found at: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
For more detailed information about CloudFront, please visit: https://aws.amazon.com/cloudfront/
3.3 Cookies
3.3.1 General information about cookies
Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website.
The cookie stores information that is related to the specific device used. However, this does not mean that we immediately become aware of your identity.
The use of cookies serves to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages on our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognise that you have already been with us and what entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate our offer for you for the purpose of optimisation. These cookies enable us to automatically recognise that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a defined period of time. The respective storage period of the cookies can be found in the settings of the consent tool used.
3.3.2 Legal basis for the use of cookies
The data processed by the cookies, which is necessary for the proper functioning of the website, is therefore necessary to safeguard our legitimate interests and those of third parties in accordance with Art. 6 (1) lit. f) GDPR.
For all other cookies, you have given your consent in accordance with Art. 6 (1) (a) GDPR via our opt-in cookie banner.
3.3.3 Information on avoiding cookies in common browsers
You can delete cookies, allow only selected cookies or completely deactivate cookies at any time via the settings of your browser.
Further information is available on the support pages of the respective providers:
Chrome: https://support.google.com/chrome/answer/95647?tid=311178978.
Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?tid=311178978
Microsoft Edge: https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d
3.3.4 Werkbank Consent Management and Identity and Access Management Tool
We use Vinegar, a self-hosted consent management platform (CMP) from Werkbank GmbH, Viktoriastraße 75, 44787 Bochum, to manage user consent to cookies and other tracking technologies on our platform. This tool ensures compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws by allowing users to review and adjust their cookie settings at any time.
Vinegar collects and processes the following data:
User consent settings for cookies and tracking technologies
Anonymised user IDs to store settings across sessions
Timestamps of consent actions
The collected data is processed and stored on the servers of our service provider Werkbank GmbH. There are no plans to transfer the data to third parties or to countries outside the EU. To this end, a corresponding agreement on data processing on behalf of the client in accordance with Art. 28 GDPR has been concluded with the service provider.
3.3.5 Cookies used on this website
Below you will find a list of the cookies currently used on this platform. This list contains the names of the individual cookies, a brief description of their function, their duration and information on whether or not these cookies are subject to consent in accordance with the EU Cookie Directive.
The names of the individual cookies displayed in the page settings may vary, depending, among other things, on which browser you are using, which websites you visited before visiting this platform, or whether you were redirected to this platform from a website/social media page.
Cookie name: Vinegar
Provider: Werkbank GmbH
Duration: 1 year
Description: Vinegar: This tool is used to obtain and document your consent to the use of cookies in your browser. Further information on Vinegar can be found in section 3.4.4.
Consent requirement: No
Cookie name: Google Analytics / Remarketing
Provider: Google Ireland Limited
Duration: 2 years
Description: Google Analytics/Remarketing: This function is used to monitor data traffic, search queries and visits to this platform. It serves to distinguish between users. If cookies have been accepted, they are personalised for analysis and performance purposes. If they have been rejected, they remain anonymous. For more information about Google Analytics/Remarketing, see section 3.9.
Consent requirement: Anonymous data: No; Personalised data: Yes
Cookie name: Google Tag Manager
Provider: Google Ireland Limited
Duration: 1 day
Description: Google Tag Manager: By using Google Tag Manager, we can automatically track which button, link or personalised image you have actively clicked on. The aim is to make our platform content more interesting. Further information on Google Tag Manager can be found in section 3.10.
Consent requirement: Yes
Cookie name: Matomo
Provider: InnoCraft Ltd
Duration: 13 months
Description: Matomo: We use this software tool for web analysis, i.e. for the collection, collation and evaluation of data on the behaviour of visitors to our platform. Further information on Matomo can be found in section 3.9.
Consent requirement: Yes
Cookie name: QuestionPro
Provider: QuestionPro GmbH
Duration: Session cookies: Session; Persistent cookies: 1 year
Description: QuestionPro: This tool is used to conduct surveys. It redirects users from our website to the respective survey. Further information on QuestionPro can be found in section 3.7.1.
Consent requirement: Session cookies: No; Persistent cookies: Yes
Cookie name: Salesforce Data Cloud
Provider: salesforce.com Inc.
Duration: 1 year
Description: Salesforce Data Cloud: We use this add-on to the Salesforce platform to track visitor interactions with the website and to optimise website content and offers. For more information about Salesforce Data Cloud, please refer to section 3.9.
Consent requirement: Yes
3.4 Registration
When you register on the PTA Family website, MEDICE and its service provider MSCN Digital GmbH collect and process your personal data for the purpose of providing our PTA Family services and, with your additional consent, for subsequent contact for marketing purposes.
The following data is collected:
Contact details (title, first and last name, private email address/postcode, business address/telephone number/email address)
Demographic data (gender)
Qualification data (job title: PTA, PKA, pharmacist)
Customer number
Technical data (IP address, date and time of registration)
Password (encrypted)
This data is only collected with your voluntary, informed consent in accordance with Art. 6 (1) (a) GDPR.
Your registration, including the provision of personal data, also enables us to offer you content or services that, due to their nature, can only be offered to registered users.
MEDICE stores and uses the data you provide until your user account is deleted/until you withdraw your consent.
3.4.1 Single sign-on
Single sign-on (SSO) is an authentication process that allows users to access multiple applications with a single set of login credentials. With SSO, users no longer need to remember multiple login credentials for different applications.
This means:
When you register for our services, the data collected during registration is also stored and managed in the Keycloak identity and access management tool connected to the platform. The identity and access management tool is managed by the service provider Werkbank GmbH (Viktoriastraße 75, 44787 Bochum), which is subject to MEDICE's instructions.
This enables you to authenticate yourself for other offers on this platform without having to register again.
Our offers for which you can log in via SSO include:
Health Family Shop
Health Academy
PTA Family
Professional access
ADHD platform/digital hospital
The legal basis for the transfer and processing of your data is your voluntary consent in accordance with Art. 6 (1) (a) GDPR.
The data collected is processed and stored on the servers of the service provider Werkbank GmbH. There are no plans to transfer the data to third parties or to countries outside the EU. o this end, a data processing agreement pursuant to Art. 28 GDPR has been concluded with the service provider.
3.4.2 MEDICE Health Family Bonus Programme
The MEDICE Health Family Bonus Programme rewards registered users for actively participating in and using the platform's offerings. Registered users from the professional groups of pharmacists, pharmacy technicians, pharmacy assistants or pharmacy clerks can collect points for successfully completing such as participating in training courses, surveys, purchases in the shop, etc. These points can be redeemed for rewards in the Health Family Shop.
As part of the bonus programme, we process personal data to enable you to participate in the programme, to automate the awarding of points and the creation of vouchers, to generate reports on programme behaviour and to carry out internal evaluations, for example using a control group.
Your data will be collected and processed in Salesforce Loyalty Hub, an add-on to the Salesforce platform, provided by salesforce.com Inc. ("salesforce"), One Market Street, Suite 300, San Francisco, CA 94105, USA, on servers in Germany.
The following data will be collected and processed:
Contact details (title, first and last name, private email address, date of birth)
Qualification data (job title: PTA, PKA, pharmacist, other pharmacy specialist)
Customer number
Keycloak ID (technical identification number)
Transactions
Billing data (order value, shipping costs, voucher redeemed yes/no, payment status, payment method)
Number of points collected (available and total)
History of points awarded, e.g. 200 points for newsletter registration or training completion
Competition history and status, e.g. participation in competition XY, status = open
Consent status, e.g. consent to receive newsletters = open
This data may be collected and processed in connection with the following offers and services related to the bonus programme:
360Learning training platform (training courses) – Points can be collected by successfully completing the various training modules.
HFP / PTA websites (competitions/interactions/surveys) - Points can be collected by participating in competitions, interactions or surveys.
KeyCloak/DjangoDB/registration process (date of birth) – Points can be collected by voluntarily providing your date of birth.
Self-service area (consents) – In the self-service area, further consents can be given in exchange for points, e.g. for the sending of newsletters and marketing information.
ventari (events) – Points can be credited for participating in events.
This data is only collected and processed with your voluntary, informed consent in accordance with Art. 6 (1) (a) GDPR.
In order to redeem your collected points in our shop, the necessary data may be forwarded to our partner systems (e.g. Shopware, LivingBytes) to enable the creation and redemption of your vouchers.
MEDICE stores and uses the data collected from you until the described processing purposes have been fulfilled, at the latest until you revoke your consent/delete your user account and all statutory retention periods have expired (in the case of voucher redemption). The statutory retention obligations arise in particular from commercial or tax law regulations.
3.5 Contacting us
When you contact us (e.g. by telephone or email), your personal data (such as your first and last name, email address or telephone/fax number) will be collected and processed.
The data collected will be stored and processed exclusively for the purpose of contacting you, processing your enquiry and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) lit. b) GDPR.
Once your enquiry has been processed, all data collected in the course of contacting us will be deleted. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and there are no legal retention obligations that prevent deletion.
3.6 Profiling
We process your data in a partially automated manner with the aim of evaluating certain aspects of your person (profiling).
We use profiling in the following cases, for example:
We use evaluation tools to provide you with targeted information and advice on products. These enable needs-based communication and advertising, including market and opinion research.
We may use scoring to assess your creditworthiness. This takes into account experience from previous business relationships, publicly available data and information from credit agencies.
3.7 Marketing and newsletter distribution
As part of our marketing activities, we send out digital newsletters containing information about products, events, promotions, offers and advertising relating to the Pharmacy staff offered by the MEDICE Health Family.
This offer covers the following topics:
Relevant training and continuing education programmes, as well as services and news from the Health Academy and PTA Family
Promotions and offers from the bonus programme
Our marketing activities are primarily aimed at customer loyalty and retention, information sharing, market and opinion research, improving our offerings, and automating communication.
The following data is processed for the purpose of sending the newsletter:
Contact details (title, first and last name, private email address)
Professional group (PTA, PKA, pharmacist, pharmacy specialist)
Bonus point information, if relevant for personalised newsletters
We use the CRM solutions provided by salesforce.com Germany GmbH („salesforce“), Erica-Mann-Str. 31-37, 80636 München, Germany. We use these CRM (customer relationship management) solutions for the management of customer and consent data, sales management and the automated sending of newsletters. Salesforce.com Inc. is a US company certified under the EU-US Data Privacy Framework, which means that the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies and thus confirms an adequate level of data protection. To protect your data, we have also concluded agreements on order processing in accordance with Art. 28 GDPR, based on the standard contractual clauses of the European Commission.
Further information about Salesforce can be found at: https://www.salesforce.com/company/legal/privacy/
The legal basis for processing your data in connection with sending the newsletter is either a contractual agreement concluded with you (e.g. when participating in a competition) in accordance with Art. 6 (1) (b) or your voluntary consent in accordance with Art. 6 (1) (a) GDPR.
You can revoke your consent at any time without giving reasons and unsubscribe from the newsletter. For this purpose, there is a corresponding link/contact in every newsletter.
3.7.1 QuestionPro
We use the online survey tool QuestionPro from QuestionPro GmbH, Friedrichstraße 171, 10117 Berlin, to conduct surveys for marketing and market research purposes (e.g. on topics such as satisfaction, feedback on our products or services) on this website.
The service provider QuestionPro sets a cookie in your browser to redirect you from our website to the respective survey. Your session ID and the data collected in the survey are processed by QuestionPro. These processing operations are carried out exclusively with your express consent in accordance with Art. 6 (1) (a) GDPR via the corresponding cookie banner.
Participation in these surveys is always voluntary. The data collected when you participate in one of our surveys is specified in the respective survey.
Your answers will of course be treated confidentially, published only in anonymised form and passed on to third parties only with your express consent.
The legal basis for the processing of your personal data is your informed, voluntary consent in accordance with Art. 6 (1) (a).
The data you enter will be collected and processed on QuestionPro's servers within the European Union. For this purpose, a corresponding agreement on data processing on behalf of the service provider has been concluded in accordance with Art. 28 GDPR.
After completion of the respective survey and creation of the evaluation, your data will be stored for archiving purposes for a period of twenty-four months and will be permanently deleted after this period has expired. In terms of data protection, you also have all the rights mentioned in section 7 when participating in a survey, in particular the right to request information about the data stored in this way and/or its deletion at any time, as well as to revoke your consent to the storage and processing of your answers. To do so, please contactdatenschutz@medice.de .
Further information about QuestionPro can be found at: https://www.questionpro.com/us/
3.8 Our activities on social media platforms
We have our own pages on social media platforms so that we can communicate with you and inform you about our services.
We are not the original provider of these pages, but merely use them within the scope of the options offered to us by the respective providers.
As a precaution, we would therefore like to point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore involve data protection risks for you, as it may be more difficult to protect your rights, e.g. to information, deletion, objection, etc., and processing on social networks is often carried out directly for advertising purposes or to analyse user behaviour by the providers, without us being able to influence this. If usage profiles are created by the provider, cookies are often used or your usage behaviour is assigned to your own member profile on social media platforms.
The processing of personal data described above is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in communicating with you in a modern way and informing you about our services. If you have to give your consent to data processing as a user to the respective providers, the legal basis is Art. 6 (1) (a) GDPR.
As we do not have access to the providers' databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in social media platforms is listed below for each of the social media platform providers we use:
When you visit our Instagram page, where we present our company or individual products from our range, certain information about you is processed. The data controller in Germany is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
All information about how Instagram handles your personal data can be found here: https://instagram.com/legal/privacy/
Facebook When you visit our Facebook pages, where we present our company or individual products from our range, certain information about you is processed. The controller responsible for data processing in Germany is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Further information about the processing of personal data by Facebook can be found at: www.facebook.com/privacy/explanation
3.9 Web analysis
Google Analytics 4 (GA4)
On our platform, we use the web analytics service Google Analytics 4 (GA4) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
This creates pseudonymised usage profiles and uses cookies (see section 3.4 "Cookies").
The following data on platform usage is collected from you by the cookies, among other things:
IP address (short-term collection without permanent storage)
Location data
Browser type/version
Operating system used
Referrer URL (previously visited page)
Time of server request
The pseudonymised data may be transferred by Google to a server in the USA and stored there.
The information is used to evaluate the use of the platform, to compile reports on platform activity and to provide other services related to platform usage and internet usage for market research purposes and to tailor the platform to user needs. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of the platform.
These processing operations are carried out exclusively with your express consent in accordance with Art. 6 (1) (a) GDPR via the corresponding cookie banner.
The default storage period for data set by Google is 14 months. Otherwise, personal data is stored for as long as it is necessary to fulfil the purpose of processing. The data is deleted as soon as it is no longer required to achieve the purpose.
The parent company Google LLC is certified as a US company under the EU-US Privacy Framework, which means that the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies and thus confirms an adequate level of data protection. To protect your data, we have also concluded agreements on order processing in accordance with Art. 28 GDPR, based on the standard contractual clauses of the European Commission.
For more information on Google LLC's privacy policy regarding the use of GA4, please visit: https://support.google.com/analytics/answer/12017362?hl=en&sjid=359143587556839491-EU
Google Analytics Remarketing
We have integrated Google Remarketing services on this platform. The operator of Google Remarketing services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Remarketing is a feature of Google AdWords that enables a company to display advertisements to Internet users who have previously visited the company's website. The integration of Google Remarketing therefore allows a company to create user-related advertising and consequently display interest-relevant advertisements to the Internet user.
The purpose of Google Remarketing is to display interest-based advertising. Google Remarketing enables us to display advertisements via the Google advertising network or on other websites that are tailored to the individual needs and interests of Internet users.
Google Remarketing places a cookie on the IT system of the person concerned. By placing the cookie, Google is able to recognise visito^<rs to our platform when they subsequently visit websites that are also members of the Google advertising network. Each time you visit a website on which the Google Remarketing service has been integrated, your internet browser automatically identifies itself to Google. As part of this technical process, Google obtains knowledge of personal data such as your IP address or surfing behaviour. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.
These processing operations are carried out exclusively with your express consent in accordance with Art. 6 (1) (a) GDPR via the corresponding cookie banner.
The parent company Google LLC is certified as a US company under the EU-US Privacy Framework, which means that the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies and thus confirms an adequate level of data protection. To protect your data, we have also concluded agreements on order processing in accordance with Art. 28 GDPR, based on the standard contractual clauses of the European Commission.
For more information on Google LLC's privacy policy regarding the use of remarketing, please visit: https://policies.google.com/privacy?hl=en&gl=de
Matomo
We have integrated the open source web analysis service Matomo from the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, into this platform. Matomo is a software tool for web analysis, i.e. for collecting, gathering and evaluating data on the behaviour of visitors to websites or applications.
Among other things, data is collected about which website a data subject came to a website from (known as the referrer), which subpages of the website were accessed, how often and for how long a subpage was viewed. This is used to optimise the website and for cost-benefit analysis of internet advertising.
The software is operated on the server of the controller, and the log files, which are sensitive in terms of data protection, are stored exclusively on this server.
Matomo sets cookies on your IT system. Setting the cookie enables us to analyse the use of our platform. Each time the platform is accessed, the Matomo component automatically prompts the internet browser on your IT system to transmit data to our server for the purpose of online analysis. As part of this technical process, we obtain personal data, such as the IP address of the data subject, , which we use, among other things, to track the origin of visitors and clicks. We do not pass on this personal data to third parties.
There is a corresponding contractual agreement with the service provider in accordance with Art. 28 GDPR.
These processing operations are carried out exclusively with your express consent in accordance with Art. 6 (1) (a) GDPR via the corresponding cookie banner.
The privacy policy of InnoCraft Ltd. can be found at: https://matomo.org/privacy/
Salesforce Data Cloud
On this platform, we use Salesforce Data Cloud, an add-on to the Salesforce platform provided by salesforce.com Germany GmbH ("salesforce"), Erica-Mann-Str. 31-37, 80636 Munich, to track visitor interactions and optimise our content and offerings.
Salesforce places cookies on your IT system. Placing cookies enables us to analyse the use of our platform.
The following data on platform usage is collected from you by the cookies, among other things:
Clicks on product details Visits to specific pages
Clicks on download links
Form submissions (e.g. newsletter registration, competitions)
Use of interactive elements
(In a later phase:) Scroll depth and dwell time
The data is processed in the Salesforce Data Cloud on the servers of salesforce.com Inc. in Germany. For this purpose, a corresponding agreement on data processing on behalf of the client in accordance with Art. 28 GDPR has been concluded with the service provider.
These processing operations are carried out exclusively with your express consent in accordance with Art. 6 (1) (a) GDPR via the corresponding cookie banner.
The parent company of salesforce.com Germany GmbH, salesforce.com Inc., is a US company certified under the EU-US Privacy Framework, which means that the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies and thus confirms an adequate level of data protection. To protect your data, we have also concluded agreements on order processing in accordance with Art. 28 GDPR, based on the standard contractual clauses of the European Commission.
Further information on data processing by Salesforce can be found at: https://www.salesforce.com/company/legal/privacy/
3.10 Plugins and other services
Google Tag Manager
We use the Google Tag Manager service on this platform. Google Tag Manager is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This tool allows "tags" (i.e. keywords that are embedded in HTML elements) to be implemented and managed via an interface. By using Google Tag Manager, we can automatically track which button, link or personalised image you have actively clicked on and can then record which content on our platform is of particular interest to you.
The tool also triggers other tags, which may in turn collect data. Google Tag Manager does not access this data. If you have deactivated at the domain or cookie level, this will remain in effect for all tracking tags implemented with Google Tag Manager.
These processing operations are carried out exclusively with your express consent in accordance with Art. 6 (1) (a) GDPR via the corresponding cookie banner.
The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This means that an adequacy decision pursuant to Art. 45 GDPR is in place, so that personal data may be transferred without further guarantees or additional measures. To protect your data, we have also concluded agreements on order processing pursuant to Art. 28 GDPR, based on the standard contractual clauses of the European Commission.
Further information on Google Tag Manager and Google's privacy policy can be found at: https://policies.google.com/privacy?hl=en
Google Web Fonts
We use so-called web fonts provided by Google to ensure a uniform presentation of fonts on our website. When you visit a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
To this end, the browser you are using must connect to the servers of the service providers commissioned by MEDICE, Amazon Web Services (EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg) and Werkbank GmbH (Viktoriastraße 75, 44787 Bochum), and the service providers will be informed that this website has been accessed via your IP address. Appropriate contractual agreements have been made with both service providers in accordance with Art. 28 GDPR.
The legal basis for the processing of your data is our legitimate interest in the uniform presentation of the typeface on our website in accordance with Art. 6 (1) lit. f) GDPR.
If your browser does not support web fonts, a standard font from your computer will be used.
For more information on Google LLC's privacy policy regarding the use of web fonts, please visit: https://policies.google.com/privacy?hl=en
3.11 Cooperation with the parent company and other subsidiaries
In order to pursue the legitimate interests of MEDICE Health Family Holding GmbH pursuant to Art. 6 (1) (f) GDPR in optimising the advertising and sales market presence of our parent company and subsidiaries, it may be necessary for us to share certain personal data within MEDICE Health Family Holding GmbH. This applies in particular to possible contact details, information about your interests and customer profile, and your use of our products and services.
The joint processing of this data takes place within the framework of joint responsibility in accordance with Art. 26 GDPR. The companies involved within MEDICE Health Family Holding GmbH have set out in an agreement how the respective tasks and responsibilities relating to the processing of personal data are distributed and who fulfils which obligations in accordance with the GDPR.
The shared data may be used to:
Optimise our marketing and sales strategies.
To conduct market research and analyses in order to further improve our products and services.
The companies involved within MEDICE Health Family Holding GmbH ensure that appropriate technical and organisational measures are taken to protect your personal data. The transfer and processing of your data is always carried out in accordance with the applicable data protection regulations.
Further information on data protection, your rights as a data subject and data processing by MEDICE Arzneimittel Pütter GmbH & Co. KG as the parent company of MEDICE Health Family Holding GmbH can be found at here:
Privacy Policy MEDICE Arzneimittel Pütter GmbH & Co. KG
If you have any questions about the joint processing of your data within MEDICE Health Family Holding GmbH or would like to exercise your data protection rights, you can contact our data protection team at any time at datenschutz[at]medice.de.
3.12 Purposes of processing
Personal data is processed for the following purposes:
to ensure the long-term technical functionality and user-friendliness of the website
to protect the rights and interests of MEDICE and third parties (e.g. users)
to provide the PTA Family offers
to organize giveaways and surveys
for communication and establishing contact
to fulfil legal obligations
in rare cases, to defend against legal claims or to combat fraud
for market research and marketing purposes
for documentation, reporting and public relations
3.13 Storage and deletion periods
Unless otherwise stated in this privacy policy, we only store your personal data for as long as is necessary to fulfil the stated processing purposes, to fulfil our contractual or legal obligations, or to pursue and defend legal claims.
The statutory retention obligations arise in particular from commercial or tax law, as well as from regulations governing medicinal products and medical devices.
You can delete your user account at any time. If you delete your account, your data will only be processed by MHF to a limited extent if this is required by law in accordance with Art. 6 (1) (c).
4. Legal basis
The legal basis for the processing of your personal data may be your informed, voluntary consent in accordance with Art. 6 (1) (a) in conjunction with Art. 7 GDPR, the performance of a contract to which you are a party, or the performance of pre-contractual measures pursuant to Art. 6 (1) (b) GDPR, the fulfilment of a legal obligation pursuant to Art. 6 (1) (c) or the protection of our legitimate interests or those of a third party pursuant to Art. 6 (1) lit. f) GDPR.
5. Data transfer
We only pass on your personal data to third parties if:
you have given us your express consent to do so in accordance with Art. 6 (1) (a) GDPR,
the transfer is permissible under Art. 6 (1) (f) GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
there is a legal obligation to disclose the data in accordance with Art. 6 (1) (c) GDPR, and
this is legally permissible and necessary for the performance of contractual relationships with you in accordance with Art. 6 (1) (b) GDPR.
Within the scope of the processing operations described in this privacy policy, personal data may be transferred to the United States. Companies in the United States only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies.
We have explicitly mentioned this in the privacy policy for the service providers concerned. In order to protect your data in all other cases, we have concluded agreements on order processing based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49(1)(a) GDPR may serve as the legal basis for the transfer to third countries. This does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.
6. Data security
The security of your personal information is very important to us.
Every time data is collected, stored, used and transferred, there are confidentiality risks (e.g. the possibility of identifying the person concerned). These risks cannot be completely ruled out and increase the more data can be linked together. MEDICE assures you that it will do everything possible in line with the state of the art to protect the transfer of your data.
To this end, we take the following technical and organisational measures, among others:
SSL/TLS encryption: Personal data is only transmitted via connections that are encrypted using the latest technology. We implement the applicable guidelines of the Federal Office for Information Security and use this technology to protect the transmission of your data.
Different passwords for all software tools
Multi-factor authentication for access to internal systems and information
Virus protection for all IT hardware used
Firewall for our internal company network
Regular training on data security and protection for all employees
Regular updates of all software components
Regular data backups to ensure availability
Regular risk analyses of the relevant IT systems
7. Your rights
When processing your personal data, our goal is to guarantee your data protection rights at all times. You can find our contact details under point 2, "Contact".
You can exercise the following rights in relation to your personal data:
You can request information about the processing of your data.
You can request the correction of your personal data if it is incorrect or incomplete.
You may request the restriction of the processing of your personal data: (1) for the duration of the verification of the accuracy of the data, (2) if the processing is unlawful and you refuse to have it deleted, (3) if the data is no longer required by the controller for the purposes of processing, but you need it to assert, exercise or defend legal claims, (4) In the event of an objection to data processing, as long as the corresponding balancing of interests has not been clarified.
You may request that the data collected about you be transferred to you or to a body designated by you.
If there are grounds for complaint, you may file a complaint with the competent data protection authority.
You may request the deletion of the data collected about you.
You may object to the processing of your personal data at any time without giving reasons.
You may revoke your consent to data processing at any time without giving reasons.
You will not suffer any disadvantages as a result of an objection/revocation. The objection is valid with effect for the future; previous data transfers remain lawful. From now on, your data will only be processed by MEDICE to a limited extent if this is required by the relevant legal provisions under Art. 6 (1) (c) and our legitimate interest under Art. 6 (1) (f) GDPR.
If you have any further questions about the handling of your personal data or would like to exercise your other rights, please contact our data protection team at datenschutz[at]medice.de.
For confidential matters relating to data protection, you can contact our data protection officer directly at dsb[at]medice.de.