ilapo privacy policy
All personal data will be treated confidential. Our data privacy practice complies with the German Federal Data Protection Act, the “Bundesdatenschutzgesetz” (hereinafter referred to as “BDSG”), and the General Data Protection Regulation (hereinafter referred to as “GDPR”).
The following will inform you about the details regarding data privacy:
We will process personal data (mostly referred to as "data" hereinafter) only if necessary, or to provide a functional, user-friendly internet presence, including its content and the services it offers.
Under Art. 4 no. 2 of the EU Regulation 2016/679 (GDPR), "processing" means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The following data privacy policy will inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide, either alone or in conjunction with others, about the purpose and means of that processing. It will also inform you about the cookies and similar technologies we use for optimization and to increase user quality, to the extent that third parties process data autonomously.
Our data privacy policy is structured as follows:
I. Information about us as the controller
II. Rights of the users and data subjects
III. Information about data processing
IV. Changes to the privacy policy
I. Information about us as the controller
1. For the purposes of data privacy law, the controller for this internet presence is:
ilapo Internationale Ludwigs-Arzneimittel GmbH & Co. KG
Friedenheimer Brücke 21
80639 Munich
Germany
Telephone: +49 (0) 89 189 40 300
Fax: +49 (0) 89 189 40 300
Email: info@ilapo.de
2. We have appointed a company data protection officer. You can reach that officer as follows:
ilapo Internationale Ludwigs-Arzneimittel GmbH & Co. KG
Thomas Müller
Friedenheimer Brücke 21
80639 Munich
Germany
Telephone: +49 (0) 89 189 40 300
Fax: +49 (0) 89 189 40 300
Email: mueller@ilapo.de
II. Rights of the users and data subjects
With a view to the data processing described in greater detail in the following, users and data subjects have the rights to
information of whether data concerning them is being processed by us, to information about that processed data, to further information about the data processing and to copies of the data (Art. 15 GDPR);
rectification or completion of incorrect or incomplete data (Art. 16 GDPR);
erasure of the data concerning them (Art. 17 GDPR), or in the alternative, insofar as further processing is necessary under Art. 17 ( 3) GDPR, to restriction of that processing based on Art. 18 GDPR;
receive the data concerning them, which they have provided, and to have those data transmitted to other providers or controllers (Art. 20 GDPR);
lodge a complaint with the supervisory authority if they believe that the data concerning them is being processed by the provider in breach of data protection provisions (Art. 77 GPDR). The supervisory authority responsible for us is the Bayerische Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection Supervision), Promenade 27 (Schloss), 91522 Ansbach, www.lda.bayern.de/de/index.html.
We are also obligated to inform all recipients to whom the provider discloses data about any rectification or erasure of data, or the restriction of its processing, which occur due to Articles 16, 17 (1), and 18 GDPR. However, we will not be obligated to do so if this notification is impossible or would entail a disproportionate effort. Without prejudice to this, the user has the right to information about these recipients.
Right of objection under Art. 21 (1 and 2) GDPR:
You may object at any time, for reasons arising from your particular situation, to the processing of your personal data under Art. 6 (1) (e or f) GDPR. After you lodge such an objection, we will not process your personal data unless we can prove compulsory reasons for doing so which are worth protecting and which override your interests, rights and freedoms, or if the processing helps to assert, exercise or defend against legal claims (Art. 21 (1) GDPR, "restricted right to object"). In this case, you must provide reasons for your objection which result from your particular situation. You may also object, without giving reasons, to your personal data being processed for direct advertising.
III. Information about data processing
1. Collection and processing of personal data
a. Server-Logfiles
Whenever our internet site is accessed, our system automatically records data and information from the system of the accessing computer. These server log files are small files which log your inquiries and accesses of our internet presence. The following data will be logged:
Name of the visited internet presence
Date and time of access
Quantity of transmitted data
Reference from which you arrived at the internet presence (the "referrer URL")
Your browser type
Your operating system
Your IP address
These data do not normally allow us to identify you directly and will be processed to improve our internet presence services. The legal basis for processing your personal data is a legitimate interest (Art. 6 (1) (f) GDPR). We have a legitimate interest in presenting you with a internet presence optimized for your browser and facilitating communication between our server and your end device. Moreover, if the system is misused, we can process and use the information captured by the web server in cooperation with your internet provider, the local authorities, or both, to determine the perpetrator of that misuse. The legal basis for doing so is also a legitimate interest, Art. 6 (1) (f) GDPR. In this scenario, our legitimate interest is to protect the integrity of our system and those of our users.
b. Cookies
aa. What are Cookies
We want to provide you with an optimal and meaningful user experience on our internet presence. For this reason, we use cookies and other technologies on the platform and as part of our services in order to (a) better understand how our users use the internet presence and our services; (b) optimize and improve the internet presence and our services; and (c) to the extent possible and reasonable, provide and maintain a functional and accurate internet presence.
Cookies and other technologies help us to make your visit to our internet presence more pleasant, efficient and meaningful.
Cookies are text information files that are sent by our web server to your computer and stored there when you visit the platform. Most browsers automatically accept cookies, but the cookies can be configured through the browser's setting function so that they do not accept them or indicate when a cookie is being sent. Cookies can be rejected or deleted at a later date. It is not necessary to accept our cookies in order to use the internet presence in general. However, there are certain areas and functions on the internet presence that you cannot use without cookies.
Instructions for deleting cookies in the most common browsers can be found in the following overview:
The cookies used by us on our internet presence can be divided into the following categories:
(1) Necessary Cookies
These cookies are necessary for the proper functioning of the internet presence; they allow you to navigate on our internet presence and use our features. An example of this is the reminder of recent actions (e.g. text entered) when you return to a page within the same session. This data does not allow us to identify you. If you do not accept these cookies, this may affect the performance of the internet presence or parts of it. The legal basis for the collection and processing of personal data is the fulfilment of our contractual obligations (Art. 6 (1) (b) GPDR) and the safeguarding of our legitimate interests, in particular the provision of the internet presence with its essential functions (Art. 6 (1) (f) GPDR).
Cookie-Name | Purpose of use | Expiry time |
---|---|---|
acccc | Used to store your cookie settings | 1 Month |
(2) Marketing / Targeting Cookies
These cookies are used to provide content that is more relevant to you and your interests (direct marketing). They can be used to provide targeted advertising or to limit the frequency with which an advertisement is displayed to you. They also help us measure the effectiveness of advertising campaigns on our internet presence or third party internet presences. We may also use these cookies to remember which pages you have visited. The legal basis for the processing of personal data is your consent (Art. 6 (1) (a) GPDR). However, our internet presence does not currently use any marketing/targeting cookies. Should this be the case in the future, we will obtain your prior consent for the processing of your personal data through marketing / targeting cookies.
Cookie-Name | Verwendungszweck | Ablaufzeit |
---|---|---|
_ga | Google Analytics captures the anonymized IP address per domain visit, and recognizes thereby repeat visitors to the site. | 2 years |
_gid | Used to distinguish users | 24 hours |
_gat | Used to reduce request rate | 1 minute |
bb. Cookies and similar technologies used on our internet presence
In particular, we use the following third-party services which use cookies and similar technologies. If you do not agree to this use, you may deactivate these services by refusing to accept the cookies in your browser. You may also deactivate the service by clicking on the opt-out link or using other opt-out possibilities. For the opt-out links and other opt-out possibilities, please see the heading "Opt-out". You will find further information about the services in the related privacy policies, accessible through the links provided under the heading "Data protection information". Under the heading "Recipient countries and appropriate protection measures" you will also find information to which country the data is transferred and if appropriate safeguards are fulfilled.
(1) Google Analytics
On our internet presence we use Google Analytics. This is a web analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA), hereinafter referred to as "Google". The Google Analytics service is used to analyze the usage behavior on our internet presence. Usage and user-related information, such as the IP address, location, time or frequency of the visit to our internet presence, is transferred to a Google server in the USA and stored there. However, we use Google Analytics with the anonymization function. By using this function, Google truncates the IP address with the EU or EEA. Therefore, we cannot draw any conclusions about your person. The so collected data is in turn used by Google to provide us with an evaluation of the visit to our internet presence and the usage activities there. This data may also be used to provide other services related to the use of our internet presence and the internet. Google states that it does not link your IP address with other data. The legal basis for the processing of you personal data is our legitimate interest (Art. 6 (1) (f) GPDR), which consists of analysing and evaluating the economic operation of our internet presence for optimisation purposes.
Opt-Out: Google also offers a deactivation add-on, plus additional information, under tools.google.com/dlpage/gaoptout. This add-on can be installed on common browsers and offers you a further opportunity to monitor the data captured by Google when you visit our internet presence. As part of this process, the add-on informs JavaScript (ga.js) of Google Analytics that information about your visit to our online presence is not to be transmitted to Google Analytics. However, this will not prevent information from being transmitted to us or to other web analysis services. Naturally, this data privacy statement will also inform you of the other web analysis services we use, if any.
Privacy Policy: Google provides other information related to data privacy law under policies.google.com/technologies/partner-sites, including instructions for preventing data use.
Receiving Countries and adequate level of data protection: Google may process the data in the USA. By being certified under the EU-US Privacy Shield (available under: www.privacyshield.gov/participant) Google guarantees that the data protection provisions of the EU will be complied with when data are processed in the USA.
(2) YouTube
On our internet presence we use YouTube. This is a video portal of YouTube LLC (901 Cherry Ave, 94066 San Bruno, CA, USA), hereinafter referred to as "YouTube". YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as "Google". We use YouTube in connection with the function "enhanced data protection mode" to be able to show you videos. The legal basis for the processing of your personal data is our legitimate interest (Art. 6 (1) (f) GPDR), which consists in constantly improving the quality of our internet presence. The "enhanced data protection mode" function means that the data more closely described below will be transmitted to the YouTube server only when you actually start a video. With the start of the video on our internet presence a connection to the server of YouTube in the USA will be established. This connection is required in order to display the video on our internet presence through your internet browser. During this process, YouTube will capture and process at least your IP address, the date and time, and the internet presence you visit. In addition, a connection will be established to the advertising network "DoubleClick", a Google subsidiary. If you are logged into YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our online presence or make the appropriate changes to the settings of your YouTube user account.
Opt-out: For functionality purposes and to analyze usage behavior, YouTube continually stores cookies on your end device through your browser. If you do not agree to such processing, you can prevent cookies from being stored by changing your browser settings appropriately. You can find more information above, under the heading "What are cookies".
Privacy policy: Google provides further information about the collection and use of data, and your rights and privacy options in the matter, in the data privacy notice accessible under policies.google.com/privacy.
Receiving Countries and adequate level of data protection: YouTube may process the data in the USA. By being certified under the EU-US Privacy Shield (available under: www.privacyshield.gov/participant, Google and its subsidiary YouTube guarantee that the data protection provisions of the EU will be complied with when data are processed in the USA.
(3) Zoho
On our internet presence, we use various services of Zoho. These services are provided by Zoho Corporation B.V. (Hoogoorddreef 15, 1101 BA Amsterdam, Niederlande), Zoho Corporation (4141 Hacienda Drive, Pleasanton, California 94588, USA) and Zoho Corporation Pvt. Ltd. (Estancia IT Park, Plot No. 140 & 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, Indien). Our direct contractual partner is Zoho Corporation B.V. in the Netherlands (hereinafter referred to as "Zoho") and is therefore fully subject to European data protection law.
(a) Zoho Chat
On our internet presence, we use Zoho Chat. Zoho Chat enables us to contact you, as well as you to contact us through a chat function placed at the edge of the browser when you visit our internet presence. To contact us through the chat function, all you need to do is enter your name, your e-mail address and your request. Further information (e.g. your telephone number) is voluntary. Legal basis for the processing of your personal data before activating the chat function is our legitimate interest (Art. 6 (1) (f) GPDR), which consist of proactively contacting you through the chat function. The processing of your personal data within the scope of the chat function is based on the fulfilment of the contract (Art. 6 (1) (b) GPDR) in order to process and respond to your request.
(b) Zoho SalesIQ
On our internet presence, we use the website analysis function Zoho SalesIQ. Zoho SalesIQ enables us to collect and analyse anonymous usage data when you visit our internet presence. For this purpose, Zoho automatically stores cookies on your computer, that collect information about how visitors use our internet presence, the website from which the user comes to our internet presence, the number of visits of each user and the duration of their stay on our internet presence. Zoho will use this information to evaluate the use of our internet presence and to create reports about the use of our internet presence. We store this data for statistical purposes only. The IP addresses are shortened by the last digits after the collection in order to guarantee anonymity of your data during the evaluation. The legal basis for the processing of your personal data within the framework of the use of our internet presence is our legitimate interests (Art. 6 (1) (f) GDPR), which consist in analysing and evaluating the economic operation of our internet presence for optimisation purposes.
(c) Zoho Campaigns
We use the email marketing software Zoho Campaigns to send our newsletter and evaluate it. When you register for our newsletter, your data is processed in our CRM system and then transferred to the newsletter tool Zoho Campaigns. On our behalf Zoho Campaigns uses this information to send our newsletter and for statistical analysis. For evaluation purposes, our newsletter emails contain web beacons or tracking pixels that allow Zoho to determine whether a newsletter has been opened and which links in it have been clicked on. Technical information is also collected (such as time of access, IP address, browser type and operating system). This information is used for statistical analysis of our newsletter campaigns. The results can be used by us to optimize our newsletter offer and to better adapt it to the interests of the recipients. Zoho Campaigns does not use the data of the newsletter recipients to contact them itself. The legal basis for the processing of your personal data in the context of the use of our newsletter is our legitimate interests (Art. 6 (1) (f) DSGVO), which consist in analysing and evaluating our newsletter campaigns for optimisation purposes.
Opt-out: For the purpose of providing the services of Zoho, Zoho stores cookies on your computer via your internet browser.. If you do not agree with this, you have the possibility to prevent the storage of cookies in the settings of your internet browser. You can find more information above, under the heading "What are cookies".
If you also wish to object to the data analysis of our newsletter for statistical evaluation purposes, you must unsubscribe from our newsletter. Please use the link to unsubscribe from our newsletter.
Privacy policy: Details on data protection at Zoho and on setting options to protect your personal data can be found in Zoho's data protection information: www.zoho.eu/privacy.html.
Receiving Countries and adequate level of data protection: Zoho processes your data in the EU, USA and India.
Involved in the provisioning of the services is also the Zoho Corporation (4141 Hacienda Drive pleasanton, California 94588, USA). By being certified under the EU-US Privacy Shield (available under: www.privacyshield.gov/participant, Zoho Corporation guarantees that it complies with European data protection laws when processing data in the USA.
Further involved in the provisioning of the services is the Zoho Corporation Pvt. Ltd (Estancia IT Park, Plot No. 140 & 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, India). By having concludes a data processing agreement, incorporating the EU Standard Contract Clauses, Zoho Corporation Pvt. Ltd guarantees that it complies with European data protection laws when processing data in India.
cc. Contract execution
(1) Identification using DocCheck
We use the identification services of DocCheck Medical Services GmbH for visits to the parts of our internet presence, which are not open to the public. To this end, you must enter your user name and password of DockCheck in the input screen. This login procedure is performed on DocCheck servers, so no personal data is forwarded to us. DocCheck Medical Services GmbH uses cookies to independently provide and operate DocCheck services. The information generated by the cookies will be transmitted only to the servers of DocCheck Medical Services GmbH in Germany, and will not be shared with us or other third parties.
(2) Orders in the online shop
For the orders in our online shop to be placed and handled, your name, address, payment method and order data must be processed. The data transmitted from you to take advantage of our goods or services will be processed by us in order to process the contract, and are necessary to that extent. Contracts cannot be concluded or processed unless you provide your data. The legal basis for the processing of you personal data is the fulfilment of our contractual obligations (Article 6 (1) (b) GDPR). We will erase the data when the contract has been executed and the tax and commercial retention periods have expired. During contract execution, we will forward your data to the transport firm commissioned to deliver the merchandise, or to the financial service provider, provided such forwarding is necessary for goods delivery or payment purposes. The legal basis for transferring the data is the fulfilment of our contractual obligations, (Article 6 (1) (b) GDPR).
(3) Customer account / Registration function
If you open a customer account with us through our internet presence, we will collect and store the data you provide during registration (such as your name, address or email address) exclusively for pre-contractual services, contract execution, or customer services (for example, to give you an overview of your orders so far or offer you the "bookmark" function). At the same time, we store the IP address and date and time of your registration. Those data will not be forwarded to third parties. The legal basis for the processing of you personal data is the fulfilment of our contractual obligations (Article 6 (1) (b) GDPR).
(4) Contact questions / Contact options
If you wish to contact us by using the contact form, the chat function or email on our internet presence, the data you provide when doing so will be used to process your request and to get in contact with you. Providing that data is necessary to handle and answer your request; without those data, we cannot answer your request completely or at all. The use of the chat function requires the setting of cookies on your computer. You can find further information on this under the heading "Cookies used on our internet presence". The legal basis for the processing of you personal data is the fulfilment of our contractual obligations (Article 6 (1) (b) GDPR) as well as safeguarding our legitimate interests, which include, but are not limited to, contacting you and communicating with you about any concerns you have contacted us about (Article 6 (1) (f) GDPR).
(5) Newsletter
If you have provided your consent, we also collect your name and email address when registering for our newsletter. We process this personal data in order to send you our newsletter. The legal basis for this is the consent provided by you (Art. 6 (1) (a) GDPR). We use the service provider Zoho Campaigns for sending our newsletters. More information on Campaigns is available in section 4.2. We use the so-called double opt-in procedure for the registration of our newsletter, i.e. once you have registered for the newsletter, we will first of all send you an email that includes a confirmation link. Only once you have clicked on the confirmation link and we have received the confirmation, will we activate the delivery of the newsletter. You may withdraw your consent at any time with future effect. You can declare such a withdrawal of consent at any time by following our withdrawal instructions that are included in each newsletter or by sending your withdrawal request to the contact details specified in section “Cookies and similar technologies used on our internet presence”.
(6) Online job applications / Publishing job ads
We give you the opportunity to apply for a job with us through our internet presence. As part of these digital applications, we will collect and process your applicant and application data electronically to handle the application process. The legal bases for this processing are the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR, Sec. 26 (1) (1) BDSG in conjunction with Art. 88 (1) GDPR). If an employment contract is concluded after the application procedure, we will store the data transmitted during your application in your personnel file, for the typical organization and administration processes, naturally under observance of further legal obligations. The legal bases for this processing are also Art. 6 (1) (b) GDPR, Sec. 26 (1) (1) BDSG in conjunction with Art. 88 (1) GDPR. If an application is rejected, we delete the transmitted data automatically two months after that rejection is announced. However, the data will not be deleted if they must be stored longer—for up to four months or until court proceedings have been concluded—due to statutory obligations such as the burden of proof obligations under the German General Equal Treatment Act (AGG). In this case, the legal bases are Art. 6 (1) (f) GDPR and Sec. 24 (1) (2) BDSG. Our legitimate interest lies in legal defense or enforcement. If you expressly agree to a longer storage period for your data (so you can be included in a database of applicants or interested parties, for example), the data will be processed further on the basis of that consent. The legal basis will then be Art. 6 (1) (a) GDPR. Naturally, you may withdraw your consent under Art. 7 (3) GDPR at any time, with effect for the future, by sending us a declaration to that effect.
2. Disclosure of personal data
We will not transfer or otherwise disseminate your personal data to third parties unless this is necessary for the performance of our services (legal basis: Art. 6 (1) (b) GDPR), you have consented to the transfer (legal basis: Art. 6 (1) (a) GDPR) or the transfer is permitted on the basis of statutory law. Within the framework of data protection regulations we are entitled to outsource the processing of your personal data in whole or in part to external service providers who act for us as processors in accordance with Art. 4 no. 8 GDPR. External service providers support us, for example, in the technical operation and support of the internet presence, data management, the provision and performance of services, marketing and website analysis. We also use a CRM system from Zoho Corporation B.V. (Hoogoorddreef 15, 1101 BA Amsterdam, The Netherlands) to organise our business contacts and to carry out our commercial activities, such as contract management with customers and suppliers. For this purpose, we store personal data on the systems of Zoho Corporation B.V. The service providers commissioned by us process your data exclusively in accordance with our instructions. We remain responsible for the protection of your data, which is ensured by strict contractual regulations, such as concluding data processing agreements, technical and organisational measures and supplementary controls by us. Personal data may also be processed in other ways and also disclosed to third parties if we are required to do so by law - e.g. by court order or to fulfil legal obligations (legal basis: Art. 6 (1) (c) GPDR) or to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to safeguard legitimate interests (legal basis: Art. 6 (1) (b) GPDR), such as to provide products and services.
3. Data trasfers to third countries
In general, our external service providers process your data within the European Union (EU) or the contracting states of the Agreement on the European Economic Area (EEA). However, in the event that your personal data is transferred to and processed by a service provider located in a third country, we will ensure the protection of your personal data by providing appropriate safeguards, such as Standard Contractual Clauses or the EU-U.S. Privacy Shield. Further information on the safeguards we have taken in individual cases can be obtained at any time from our data protection officer (for contact details, see the heading "Information about us as the controller").
4. Storage period
Your personal data will only be stored by us for as long as it is necessary to achieve the purposes for which the data was collected or - insofar as statutory retention periods exist beyond this (e.g. in the German Commercial Code and the German Tax Code) - for the duration of the legally stipulated retention period. Afterwards your personal data will be deleted by us. Only in a few exceptional cases your data can be stored beyond that date, e.g. if storage is necessary in connection with the enforcement and defence of legal claims in our favour.
5. Data Security
We take adequate measures to secure your personal data. All data transmission on the platform and as part of our services uses encryption procedures and occurs through HTTPS, which meets state of the art technology.
IV. Changes to the privacy policy
We reserve the right to change these data privacy principles at any time in accordance with statutory regulations. This can be the case, for example, if new statutory provisions must be complied with or new services are required. A revision history will inform you about the adjustments made. The currently valid data privacy principles apply to your visit.
Last updated: June 2023