Responsible party for data processing
NOVENTI Health SE
Executive Board: Dr. Hermann Sommer (CEO), Mark Böhm, Victor J. Castro, Dr. Sven Jansen
Privacy officer of the responsible parties
intersoft consulting services AG
1. General data collection from accessing our website
The concept of personal data is defined in the GDPR. Accordingly, this is all information that relates to an identified or identifiable natural person (hereinafter “Data Subject”). A natural person is regarded as identifiable who can be directly or indirectly identified, especially by being assigned to an identifier such as a name, to an identification number, to location data, to an online identifier, or to one or several special characteristics that are the expression of physical, physiological, genetic, mental, economic, cultural, or social identity of these natural persons. For example, this also includes your real name, your address, your telephone number, or your date of birth.
We only collect the personal data that your browser transmits to our servers for mere informational use of the website, i.e. when you do not register or share information with us in some other way. If you want to view our website, we collect the following data that is technically necessary for us to display our website to you and to guarantee stability and security (the legal basis of this is legitimate interests pursuant to Art. 6 Par. 1 Sent. 1 Letter f GDPR)
We have considered and weighed our interests in providing and your interests in processing of your personal data in a way that is compliant with data privacy as part of the balancing of interests according to Art. 6 Par. 1 Letter f GDPR. Since the following data is sometimes technically necessary to provide our services and to be able to offer you our website and also to guarantee stability and security, especially to offer protection from abuse, we came to the conclusion that this data – in line with ensuring data security based on the latest technology – can be processed, whereby your interests in processing that is compliant with data privacy isare appropriately considered.
Every time our website is accessed, our system automatically collects data and information from the computer system of the requesting device (computer, smartphone, tablet, etc.).
The following data is collected (the purpose is in parentheses):
- Operating system used (evaluation by devices to ensure optimized presentation of the website)
- The product and version information of the browser used (evaluation of the browser used in order to optimize our website for your browser)
- Internet service provider of the user (evaluation of the internet service provider)
- IP address (presentation of the website on the device)
- Date, time, access status – file found, not found, etc. – and the inquiry that your browser made to the server (ensure proper website operation)
- If necessary, manufacturer and type designation of the smartphone, tablet, or other device (evaluation of the device manufacturer and type of device for statistical purposes)
- The amount of data transferred as well as the webpage from which you came to the requested page (ensure proper website operation)
- The individual pages of our website that you access (ensure proper website operation)
Collecting data to provide the website and storing data in log files is absolutely necessary in order to operate the website. Consequently, no option on the part of the user exists to object.
The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case after every session is ended in the case of data collected to provide the website.
In the case of data being saved in log files, this is the case after no more than 7 days. Additional storing is possible. In this case, user IP addresses are deleted or anonymized so that it is no longer possible to classify the accessing client.
You have the option of contacting us by our email address or the various contact forms. The personal data transmitted to us in this way will of course be solely used for the purpose that you provided it to us by making contact.
Provided that we request information using our contact forms that is not required for establishing contact, we have consistently marked this information as optional. This information helps us to refine your request and to better process your concerns. This information is solely shared on a volunteer basis and with your consent. If you provide this information by communication channels (for example email address, telephone number), you also give your consent that if necessary we can contact you using these communication channels as well to answer your concern.
As a matter of course, you can revoke your consent at any time with future effect. To do this, please contact our privacy officer whose contact information can be found above.
The following data is collected (the purpose is in parentheses):
- IP address at registration (transmitting the content of the form to the Web server)
- Title (direct contact)
- First name (direct contact)
- Last name (direct contact)
- Pharmacy (direct contact)
- Concern (to answer the concern)
- Email address (to answer the concern)
- Institution identification code number (specific classification to answer the concern)
- *Telephone number (to answer the concern)
- *Fax (to answer the concern)
- *Pharmacy address (to answer the concern)
- *Customer number (improved inquiry processing)
* optional information
Legal basis of processing: consent/initiation/performance of a contractual relationship
duration of storage: until purpose is achieved/end of documentation requirements
3. Applications and duration of storing
You can apply for a job electronically at our company. As a matter of course, we will solely use your information to process your application and will not disclose it to third parties. Please note that unencrypted emails are not transmitted in a protected form. Currently, you can only send us your application by unencrypted email.
An applicant’s personal data that is collected, processed, and used in relation to the application procedure is deleted if an employment relationship does not come into being no later than 6 months after the conclusion of the application procedure. The data is only retained to be considered in future application procedures after first obtaining the express consent of the applicant.
Provided that an employment relationship comes into being between us and you, we can, pursuant to § 26 Par. 1 German Data Protection Act (BDSG), further process the personal data that we already received from you for purposes of the employment relationship if this is required to perform or end the employment relationship or to exercise or fulfill the rights and duties of representing the information of employees that arise by law, a wage agreement, a works agreement, or a service agreement (collective agreement).
You can find more detailed information on data protection for our applicants on the individual pages of the brands/divisions of the NOVENTI Group www.noventi.de/karriere/
4. Disclosure of data
Your personal data is not transmitted to third parties for reasons other than the stated purposes.
We only disclose your personal data to third parties if:
- you have given your express consent to do so,
- disclosure is necessary to assert, exercise, or defend legal claims and no grounds exist for the assumption that you have a predominant, legitimate interest in the non-disclosure of your data,
- in the event that a legal obligation exists for disclosure, and
- this is permitted by law and is required to implement contractual relationships with you.
As a rule, the high level of European data protection does not exist for data transmissions outside of the European Union. In the event of transmission, it may be that no current, adequate decision of the EU Commission exists as defined by Art. 45 Par. 1,3 GDPR. This means that the EU Commission has not yet positively determined that the country-specific data protection level corresponds to the data protection level of the European Union based on the GDPR, which is why we created the above-stated suitable guarantees.
Possible risks that may not be able to be completely ruled out in regard to data transmission are especially:
- Your personal data could possibly be processed beyond the actual purpose.
- Moreover, the possibility exists that for instance you may not be able to sustainably claim and enforce your rights under data privacy law such as your right to information, correction, deletion, or data portability.
- A higher likelihood could also exist that data processing may be done incorrectly and that the protection of your personal data may not quantitatively and qualitatively completely correspond to the requirements of the GDPR.
5. Integrating third-party services and contents
It is possible that third-party content may be integrated into this online offer such as videos from YouTube, map material from Google maps, search functions from Google, RSS feeds, or graphics from other websites. If you use these functions, an assumption can always be made that the providers of these contents detect the IP addresses of users. They would not be able to send contents to a user’s browser without an IP address. An IP address is required to present these contents. We have no influence on the other purposes for which your IP address is stored, e.g. for statistical purposes. In this respect, what was already stated applies. Please also note the data privacy notifications of providers.
6. Data security
We have taken extensive technical and operational protection measures to protect your data from accidental or intentional manipulation, loss, destruction, or from access by unauthorized persons. Our security procedures are regularly checked and adjusted to technological advancements.
7. Consent for direct marketing pursuant to § 7 Par. 3 German Act Against Unfair Competition (UWG)
We use email addresses collected during the purchase of products or services on our website for direct marketing for our own and similar products and/or services. In the event that you do not want to receive any more direct marketing, you can object to the use of your email address at any time.
If you do not want to receive any (more) direct marketing, you can object to the use of your email for direct marketing at any time by sending a notice by mail to NOVENTI Health SE, privacy officer, Tomannweg 6, 81673 Munich or byemail.
8. Cookies – General information
a) Cookies necessary for technical reasons
Consequently, the user has no opportunity to object. These cookies can be deactivated by the settings in your browser. Most browsers automatically accept cookies. If you would like to prevent cookies from being stored, you can select “do not accept cookies” in your browser settings. For full details of how this works, please read the instructions given for your browser. At any time, you can delete cookies that have been placed on your computer. However, we would like to point out that our web content may not be able to be fully used without cookies.
b) Cookies for audience measurement
Cookies for audience measurement collect information about the way our website is used, for example website accesses or error messages. These cookies do not store any information that make it possible to identify users. The information that has been collected is only aggregated and evaluated anonymously.
Description and extent of data processing
We use the open source software tool Matomo on our website (formerly PIWIK) to analyze the surfing behavior of our users. This software places a cookie on users’ devices. (See more information about cookies above.) If individual pages of our website are accessed, the following data is stored
- IP address*
- Visitor ID
- Date and time of access
- Page title and page URL
- Webpage by which the visitor came to the current webpage
- Screen resolution
- Time in the visitors’ time zone
- Additional links
- Loading time for the webpage that was visited
- Browser software language
*The software is set in such a way that IP addresses cannot be completely stored, but 2 bites of the IP addresses are masked (for example 192.168.xxx.xxx). In this way, it is not possible to associate the shortened IP addresses with the device that is accessing.
Legal basis: Art. 6 Par. 1 Letter f GDPR
Purpose of data processing:
We process personal data of users to enable us to analyze the surfing behavior of our users. An evaluation of the data that we have obtained makes it possible for us to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes are also our legitimate interests for processing data according to Art. 6 Par. 1 Letter f GDPR. By anonymizing IP addresses, the interests of users in the protection of their personal data is sufficiently considered.
Duration of storing:
When IP addresses are shortened as part of being stored, they cannot be associated with a specific device or user anymore and thus no longer constitute personal data. When we use Matomo, no personal data is stored. Personal data is merely processed during the collection and shortening of IP addresses.
Options for objecting and removal:
The software runs exclusively on the servers of our website. Personal user data is only stored there. The data is not disclosed to third parties.
We offer the users of our website the option of opting out of the analysis procedure. To do so, please follow the appropriate link. By doing so, another cookie is placed on your system that sends a signal to our system to not store your user data. If the user deletes the cookie in the meantime from its own system, then the user must set the opt out cookie once again. The same applies if users access our website from another device. Use the opt-out option.
You can find more detailed information on the privacy settings of Matomo software at the following link: https://matomo.org/docs/privacy/.
9. Social Plug-Ins
Our website uses Social Plug-Ins (“Plug-Ins”) from facebook.com, a social network, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). These Plug-Ins are recognized by one of the Facebook logos (white “f” on a blue tile or a “thumbs up” sign) or are labeled with the “Facebook social Plug-In” description. The list and the appearance of Facebook social Plug-Ins can be viewed here: developers.facebook.com/search/
If you access a webpage of our website that contains one of these Plug-Ins, your browser makes a direct connection with Facebook’s servers. Facebook directly transmits the content of the Plug-In to your browser and integrates it into the webpage. Therefore, we have no influence on the extent of the data that Facebook collects with the help of this Plug-In, and we are informing you according to our level of knowledge.
By integrating Plug-Ins, Facebook receives the information that you accessed the page of our website. If you are logged into Facebook, Facebook can associate your visit with your Facebook account. If you interact with Plug-Ins, for example you click on the like button or make a comment, that information is transmitted directly to Facebook from your browser and stored there. If you are not a Facebook member, you still have the option of Facebook finding out your IP address and storing it. Facebook’s purpose and extent of collecting the data and further processing and using the data as well as your rights in this regard and settings options to protect your privacy can be found in Facebook’s data protection notices: www.facebook.com/policy.php.
If you are a Facebook member and do not want Facebook to collect information about you using our website and associate it with your membership data stored at Facebook, you have to log out of Facebook before visiting our website. Other settings and objections to using data for marketing purposes can be made within the Facebook profile settings: www.facebook.com/settings.
10. Instructions about the rights of Data Subjects
Every Data Subject has the right of information according to Art. 15 GDPR, the right of correction according to Art. 16 GDPR, the right of deletion according to Art. 17 GDPR, the right to limit processing according to Art. 18 GDPR, the right to object from Art. 21 GDPR, as well as the right of data portability from Art. 20 GDPR. The limitations of §§ 34 and 35 GDPR apply to the right to information and to the right to deletion.
11. Instructions on lodging a complaint
You also have the right to lodge a complaint with the responsible data protection supervisory authority about our processing of your personal data.
12. Instructions on revoking consent
At any time, you can revoke consent that has been granted for processing personal data. This also applies to revoking declarations of consent that were granted to us before the General Data Protection Regulation was in force or before May 25, 2018. Please note that revocations are only effective for the future. Processing that was made before the revocation, is not affected by the revocation.
13. Rights in the case of data processing for direct marketing purposes
Pursuant to Art. 21 Par. 2 GDPR, you have the right at any time to object to the processing of personal data regarding you. In the event that you object to processing for the purpose of direct marketing, we will not process your personal data anymore for these purposes. Please note that objections are only effective for the future. Processing that was made before the objection, is not affected by the objection.
14. Notice on the right to object while balancing interests
Provided that we based the processing of your personal data on the balancing of interests, you can object to the processing. When you exercise such an objection, we ask you to set forth the reasons why we should not process your personal data as we described. In the event that your objection is justified, we examine the matter and will either stop or modify the data processing or explain our legitimate, mandatory reasons to you.
15. Links to other websites
As a provider, we are responsible for our own contents according to general legislation. A distinction is to be made between our own contents and links to contents provided by other providers. The provider is not responsible for third-party contents that are provided for use by links if the provider does not have knowledge of the third-party contents. The provider is also not responsible if it is unaware of facts or circumstances from which it becomes apparent that actions or information are unlawful or if the provider takes immediate action to remove the information or to block access to it as soon as the provider has obtained knowledge of the unlawful action or information. The provider of the linked website is solely liable for illegal, incorrect, or incomplete contents as well as for damages that are incurred by using or not using the information.