Responsible handling of personal data is a high priority for us, the offering pharmacies (see imprint). We want you to know when we collect which data and how we use it. We have taken technical and organizational measures to ensure that the data protection regulations (the relevant laws are the GDPR, the BDSG and TMG) are observed both by us and by our external service providers.
In principle, it is possible to use our website without providing personal data. If special services of our company are used via our website, it may be necessary to process personal data.
We reserve the right to amend this privacy policy from time to time so that it always complies with current legal requirements or to implement changes to our services in the privacy policy. The updated privacy policy will then apply to your next visit.
1. definitions of terms
This data protection declaration uses the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR).
1.1 Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Please note that some of this data relates to your health, i.e. special data within the meaning of Art. 9 (I) GDPR. You are aware that this is partly a release from the pharmacist"s duty of confidentiality, as you hereby consent to your data, which also includes health data, being stored, processed and also passed on to third parties as part of the provision of the services you have requested, as described below.
1.2 Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller.
1.3 Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.4 Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
1.5 Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
1.6 Controller or controller responsible for the processing
The controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
1.7 Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
1.8 Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
1.9 Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
1.10 Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject"s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
We only collect, process and use your personal data if you have given your prior consent or if this is permitted by law or if we are legally obliged to do so. If it is sufficient for the stated purpose to use anonymized or pseudonymized data, we will limit ourselves solely to the collection and use of such data. We will only collect, store and process your personal data, other than when you log in to our website, if you are or wish to become a customer of ours, and here exclusively for the purpose of your medication reservation, to answer your questions and process your messages and/or for the purpose of preparing your customer card.
2. collection of general data and information
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are
-
Browser type and browser version
-
Operating system used
-
referrer URL
-
Host name of the accessing computer
-
Time of the server request
This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.
3. rights of data subjects
3.1 Right to confirmation
Every data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact our Data Protection Officer or another employee of the controller.
3.2 Right to information
Any person affected by the processing of personal data has the right to receive information free of charge from the controller at any time about the personal data stored about them and a copy of this information. If a data subject wishes to exercise this right to rectification, they can contact our data protection officer at any time.
3.3 Right to erasure (right to be forgotten)
Any person affected by the processing of personal data has the right to demand from the controller that the personal data concerning them be deleted immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:
The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary; The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing; The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR. 21 (2) GDPR; the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject or where the personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
3.4 Right to restriction of processing
Any person affected by the processing of personal data has the right to obtain from the controller restriction of processing where one of the following applies
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; The data subject has objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification of the accuracy of the personal data. Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.
3.5 Right to data portability
Any person affected by the processing of personal data has the right to receive the personal data concerning them in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Art. 20 (1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
3.6 Right to object
Any person affected by the processing of personal data has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR.
In the event of an objection, we will no longer process the personal data unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
3.7 Automated decisions in individual cases including profiling
Any person concerned by the processing of personal data has the right not to be subject to a decision based solely on automated processing, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is authorized by Union or national legislation to which the controller is subject and that such legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or (3) is taken with the express consent of the data subject.
3.8 Right to withdraw consent under data protection law
Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.
Users have the right, upon request and free of charge, to receive information about the personal data that we have stored about them. In addition, users have the right to correct incorrect data, revoke consent, block and delete their personal data as well as the right to lodge a complaint with the competent supervisory authority in the event of the assumption of unlawful data processing.
3.9. right to lodge a complaint
You have the right to lodge a complaint with the competent supervisory authority in the event of unlawful data processing.
4. contact option on the website
Due to legal requirements, this website enables quick electronic contact with our company and direct communication by e-mail. If you contact us by email or via a contact form, the personal data you provide will be stored automatically. Such voluntarily transmitted personal data is stored for the purpose of processing or contacting the person concerned. This personal data will not be passed on to third parties.
5. legal basis for data processing
Art. 6 para. I a GDPR serves as the legal basis for processing operations for which consent is obtained for a specific processing purpose. If the processing is necessary for the performance of a contract to which the data subject is party, the processing is based on Art. 6 (I) b GDPR. The same applies to processing operations for the implementation of pre-contractual measures. If we are subject to a legal obligation that requires the processing of personal data, the processing is based on Art. 6 (I) c GDPR. In rare cases, the processing of personal data is necessary to protect the vital interests of the data subject in accordance with Art. 6 (I) d GDPR. Finally, processing operations could be based on Art. 6 para. I f GDPR if processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
6. erasure and blocking
The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
7. cooperation with processors and third parties
If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant access to the data, this will only be done on the basis of legal permission, you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.
8. transfers to third countries
If we process data in a third country or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. I.e. the processing is carried out, for example, on the basis of special guarantees or compliance with officially recognized special contractual obligations.
9. cookies
We use so-called cookies. Cookies are alphanumeric identifiers that are either stored in your working memory for a short time and deleted again as soon as you close your browser ("session cookies") or stored in your storage medium for a longer period ("permanent cookies") We use session cookies to maintain the connection during your visit to our website. Persistent cookies are only used to make our website more user-friendly and convenient for you and to make it easier for you to use our website by ensuring that you do not have to re-enter certain information on repeated visits and are quickly redirected to our website. The lifespan of permanent cookies is a few days to a maximum of 1 year.
You can use your browser settings to reject cookies, delete them from your computer, block them or activate the function so that you are always prompted before a cookie is set. It is not necessary to accept cookies in order to visit our website. However, we would like to point out that individual functions of our website may only be used to a limited extent, in particular the "medication reservation" function cannot be used.
The following is an example of how you can deactivate cookies:
Example in the Internet Explorer browser:
-
open Internet Explorer.
-
select "Internet Options" in the "Tools" menu
-
click on the "Privacy" tab
-
you can now set whether cookies should be accepted, selected or rejected
-
confirm your setting with "OK"
Example in the Firefox browser:
-
open the Firefox browser.
-
select the "Settings" item in the "Extras" menu
-
click on the "Privacy" tab
-
select the entry "Create according to user-defined settings" in the drop-down menu
-
now you can set whether cookies should be accepted, how long you want to keep these cookies and can add as exceptions which websites you always or never want to allow to use cookies.
-
confirm your settings with "OK".
Example in the Safari browser:
-
open the Safari browser.
-
select "Settings" in the toolbar (pictogram: gray cogwheel in the top right corner) and click on "Privacy"
-
under "Accept cookies", you can specify whether and when Safari should accept cookies from websites. For more information, click on "Help" (?).
-
if you would like more information about cookies that are stored on your computer, click on "Show cookies".
10. web analysis Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc ("Google"). The use is made on the basis of Art. 6 para. 1 sentence 1 lit. f. GDPR. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website, such as
-
Browser type/version,
-
operating system used,
-
Referrer URL (the previously visited page),
-
Host name of the accessing computer (IP address),
-
time of the server request,
are generally transmitted to a Google server in the USA and stored there. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. We have also added the code "anonymizeIP" to Google Analytics on this website. This guarantees that your IP address is masked so that all data is collected anonymously. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. [Note: You can find information on integrating the opt-out cookie at: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable].
We continue to use Google Analytics to analyze data from double-click cookies and AdWords for statistical purposes. If you do not want this, you can deactivate this via the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=de).
Further information on data protection in connection with Google Analytics can be found in the Google Analytics help section (https://support.google.com/analytics/answer/6004245?hl=de).
You have the option of preventing the future collection of your data when you visit this website by clicking on the following link to activate an opt-out cookie: Deactivate Google Analytics.
11. Google Maps
We use Google Maps to display geographical information visually. When using Google Maps, Google also collects, processes and uses data about the use of the Maps functions. Further information about data processing by Google can be found here: Google"s privacy policy. The settings can be changed in the data protection center. By using our service, you consent to the collection, processing and use of the automatically collected data by Google Inc, its representatives and third parties. You can find the terms of use of Google Maps under "Terms of use of Google Maps".
12. customer card
If you would like us to prepare a customer card that offers you the benefits described, we collect and process the following data: Your first and last name, your postal address, your e-mail address and your telephone number and, if available, your fax number and your date of birth as well as the expected date for collecting your customer card.
13. medication reservation
For your medication reservation, we collect your first name and surname, title, address, telephone number and e-mail address as well as the medication or medications you wish to reserve, including the quantity, dosage form, package contents and provider and the time of the reservation, the date of the planned collection, as well as any personal comments or requests you may have specified. In the case of statutory health insurance, in addition to the information required for the over-the-counter medication reservation, the cost unit ID and information on the fee liability as well as the aut-idem note.
Please note that this is data relating to your health, which enjoys increased protection as special personal data within the meaning of Art. 9 para. 1 GDPR. We comply with this by using a special encryption system. In order to inform you about the status of your reservation and/or any special features of the product ordered, we will contact you via one of the contact options you have provided (email, telephone, SMS).
The collection, processing and use of your data is exclusively encrypted using TLS, RSA, AES, SHA. These encryption mechanisms make it possible to encrypt the continuous data flow on the Internet between the server and the user"s browser in order to prevent "secret interception and reading". You can recognize a secure SSL connection by a note next to the URL line of your browser. This does not apply if you contact us by e-mail on your own initiative. In this case, you are responsible for taking appropriate measures to transmit your data securely and to protect it against access by unauthorized third parties.
14. e-mail communication
If you send us an e-mail, we collect and process the personal data that you provide to us in the e-mail. This may include, for example, your first name, surname, address, telephone number, e-mail address and the content of your message or communication, if it contains personal data about you. This is done so that we can communicate with you if you have contacted us, e.g. by answering your questions, processing orders or providing you with the information you have requested.
Please note that data relating to your health that you transmit to us is special personal data within the meaning of Art. 9 (I) GDPR. Due to the need to protect this data, please take special measures to protect the data during transportation.
15 Transmission of the data
Your personal data will only be passed on and transmitted if this is absolutely necessary for the purpose of processing your medication reservation, communicating with you and for the purpose of creating a customer card or if you have given your prior consent.
For the purpose of processing these services - in particular the transportation of your medication reservation - the service providers we use receive the necessary data. The data passed on in this way may only be used by our service providers to fulfill these tasks specified by us within the framework of an agreement on the order data agreement in accordance with Art. 28 Para. III GDPR. Any other use of the data is not permitted. The processing of the data takes place exclusively in the territory of the Federal Republic of Germany, in a member state of the European Union or in a state party to the Agreement on the European Economic Area. Your data will be deleted immediately after successful transmission.
Subject to the above provisions, your personal data will under no circumstances be disclosed to third parties for advertising or marketing purposes or for other purposes or passed on to third parties without your consent. This shall only not apply if we are obliged to disclose the data by law or by order of the authorities, in particular in cases of criminal prosecution or for the purpose of averting danger.
16. data protection notice for the use of WhatsApp
The use of the American WhatsApp service complies with WhatsApp"s General Terms and Conditions and Privacy Policy, which every user has agreed to before using the application.
We would like to point out that the WhatsApp short message service does not meet the data security requirements of the German Federal Data Protection Act and that we assume no liability for the security of your data.
We would also like to point out that WhatsApp can find out that you have sent us a message and when.
By contacting us via WhatsApp, you give the respective pharmacy your consent to communicate with you via this medium and, if necessary, to request personal data. All personal data is created and transmitted by you. As soon as the ordering and delivery process is completed, we delete the data collected via WhatsApp from our end devices.
17. name and address of the controller
For the purposes of the General Data Protection Regulation and other data protection laws applicable in the Member States of the European Union, the controller is
Bahnhof Apotheke
Dr. Susanne Frisse e.K.
Poststr. 21
53111 Bonn
Telephone: 0228 7669033
Email: info@bahnhof-apotheke-bonn.de
Legal representative: Pharmacist Dr. Susanne Frisse e.K.
Competent supervisory authority
State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf
Phone: 0211/38424-0
Fax: 0211/38424-10
E-mail: poststelle@ldi.nrw.de
18. the data protection officer of the controller is
Michael Meurer, lawyer
Data subjects can contact our data protection officer with any questions or suggestions regarding data protection. To do so, please contact the respective pharmacy.