I. Name and address of the responsible person
The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
QUIRIS Healthcare GmbH & Co. KG
Isselhorster Straße 260
Phone: +49 (0) 5241 / 403 430
II. data protection officer of QUIRIS Healthcare GmbH & Co. KG
QUIRIS Healthcare GmbH & Co. KG |
Data Protection Officer
Isselhorster Strasse 260 | 33334 Gütersloh
III. general information on data processing
1. scope of the processing of personal data
As a matter of principle, we process personal data of our users only insofar as this is necessary to provide a functional website as well as our content and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by legal regulations.
2. legal basis for the processing of personal data
Insofar as we obtain consent from the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) lit. c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.
3. Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply . Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other regulations to which the controller is subject. Blocking or deletion of data also takes place when a storage period prescribed by the aforementioned norms expires, unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract.
IV. Provision of the website and creation of log files
1. description and scope of data processing
Each time our website is called up, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
(1) date and time of access (pages and files)
(2) IP address of the user
(3) Operating system of the user
(4) Information about the type of browser and the version used.
The data is also stored in the log files of our system.
2. legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f DSGVO.
3. purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 lit. f DSGVO.
4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case after 14 days.
In the case of storage of the data in log files, this is the case after one month at the latest.
5. possibility of objection and elimination
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
1. description and scope of data processing
The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f DSGVO.
2. purpose of the data processing
The user data collected through technically necessary cookies are not used to create user profiles.
3. duration of storage, possibility of objection and removal.
VI. Cookie consent / Borlabs
Our website uses cookie consent technology from Borlabs, provider: Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (hereinafter: Borlabs).
The purpose of the cookie use is to obtain your consent to store certain cookies in your browser and to document it.
When you enter our website, a cookie is stored in the browser, which stores the consent given and, if applicable, the revocation. This data will not be shared with Borlabs. You can change your cookie settings cookie at any time: Cookie settings
Collected data is regularly stored for one year (please check settings), unless you object beforehand or request deletion. Mandatory legal retention periods remain unaffected.
The cookie consent tool is used to fulfill legal obligations. The legal basis is Art. 6 para. 1 p. 1 lit. c DSGVO.
For more information on the, please visit: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie
VII. Google Analytics
We use Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland (“Google”), to tailor our website to your needs. The purpose of our use of the tool is to enable the analysis of your user interactions on websites and in apps and to improve our offer through the statistics and reports obtained and to make it more interesting for you as a user.
We primarily collect the interactions between you as a user of the website and our website with the help of cookies, device/browser data, IP addresses and website or app activities. Google Analytics also collects your IP addresses to ensure the security of the service and to provide us, as the website operator, with information about which country, region or location the respective user comes from (so-called “IP location determination”). For your protection, however, we naturally use the anonymization function (“IP masking”), i.e. that Google truncates the IP addresses by the last octet within the EU/EEA.
Google acts as an order processor and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transmitted to a Google server in the USA and processed there. For these cases, Google has, according to its own information, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data. We have also agreed to so-called standard contractual clauses with Google, the purpose of which is to ensure compliance with an adequate level of data protection in the third country.
|_ga||Helps us count how many people visit our internet presentation if you have already visited it.||2 years|
|_gid||Helps us to count how many people visit our internet presentation if you have already visited it||24 hours|
|_gat||Helps us manage the frequency in which requests were made to view a page.||1 minute|
The legal basis for the collection and further processing of the information – which takes place for a maximum of 14 months – is your given consent, Art. 6 para. 1 p. 1 lit. a DSGVO.
The revocation of your consent is possible at any time, without affecting the permissibility of the processing until the revocation. In apps, you can reset the advertising ID under the Android or iOS settings. The easiest way to revoke your consent is to use our Consent Manager or to install the Google browser add-on, which can be accessed via the following link: tools.google.com/dlpage/gaoptout?hl=en/.
For more information on the scope of services provided by Google Analytics, please visit marketingplatform.google.com/about/analytics/terms/en/. Google provides information on data processing when using Google Analytics at the following link: support.google.com/analytics/answer/6004245?hl=en/.
VIII. Google Tag Manager
IX. Contact by e-mail, contact form, telephone, fax
1. description and scope of data processing
If you contact us by e-mail, telephone or fax, your request including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1) (a) DSGVO) and/or on our legitimate interests (Art. 6 (1) (f) DSGVO), as we have a legitimate interest in the effective processing of requests addressed to us.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular legal retention periods – remain unaffected.
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
QUIRIS Healthcare collects, processes and uses the personal data you provide for the following purposes: to forward your spontaneous inquiry to the medical-scientific department for the preparation and transmission of the response, for drug safety purposes, to document submitted inquiries and the corresponding responses, and to verify your status as a healthcare professional.
QUIRIS Healthcare is required by law, in the interest of patient safety, to record information about complaints, adverse drug reactions, or similar adverse events and, when appropriate, to submit such information to the appropriate authority. Such information is stored in an internal database and forwarded to the responsible regulatory authority only in anonymous form. We may also have to pass on these pseudonymous reports to other cooperation partners if they are themselves obliged to make reports to the health authorities responsible for them. The legal obligation to retain this data extends to at least 10 years after expiry of the approval for the respective product. Contact details of all persons as well as the name of the reporting person are not transmitted at all. The legal basis for the processing is Art. 6 para.1 lit. c and d DSGVO. We collect and process your personal data exclusively for the purpose of recording notifications as required by law. Your personal data will be treated as strictly confidential and, in particular, will not be used for other purposes, and will not be passed on to third parties. By providing voluntary information, you consent to the processing of this information by us for the aforementioned purposes. You can revoke this consent at any time with effect for the future by contacting us at info(at)quiris.de.
2. legal basis for data processing
The legal basis for the processing of data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
3. purpose of the data processing
The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation shall be deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
5. possibility of objection and elimination
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
X. Social Media
1. use of Facebook and Instagram on elasten.de
The elasten.de page contains buttons that link to the Facebook or Instagram social network. Plugins are not integrated on this page, so no personal data is transmitted to Facebook or Instagram with the use of the buttons via this route.
2. information on data processing
for the website https://start.elasten.de/ and https://www.elasten.de/
with regard to the Facebook page https://www.facebook.com/elasten.de/
The ECJ ruled on 05.06.2018 that Facebook and a Facebook page operator are jointly responsible for data processing under data protection law. (More information here)
One day later, i.e. on 06.06.2018, the Data Protection Conference (association of German supervisory authorities) issued a so-called resolution with regard to this joint responsibility under data protection law. (Read more here).
According to this, we must inform you comprehensively about the data processing that takes place via and through the Facebook page, especially if you do not use Facebook itself per se. Unfortunately, we also do not currently have more information available to us in this regard than what Facebook itself provides. Facebook’s data policy, including information about your rights as a data subject, can be found here.
Further, according to the aforementioned ECJ ruling as well as the resolution of the DSK, we would have to conclude a contract with Facebook pursuant to Article 26 of the GDPR with regard to joint responsibility. We would like to do that. But so far we have not been able to conclude such a contract with Facebook; Facebook has not yet commented on this matter.
XI. Embedded content from third parties
a) Use of YouTube in extended data protection mode
The operator of YouTube is YouTube, LLC. 901 Cherry Ave, San Bruno, CA 94066, USA.
b) Use of Google Maps API
The Pharmacy Finder uses Google Maps API to visually display geographic information. By using the Pharmacy Finder, you consent to the collection, processing as well as use of the automatically collected data by Google Inc, its representatives as well as third parties. The data processing will only take place if you confirm the data protection notice before playing the video.
The operator of Google Maps is Google LLC, 1600 Ampitheatre Parkway, Mountain View, CA 94043, USA.
XII. Rights of the data subject
As a data subject, you are entitled to various rights under the GDPR, in detail:
Right to object: you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
Right to withdraw consent: You have the right to revoke any consent you have given at any time.
Right to information: you have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with the legal requirements.
Right to rectification: You have the right, in accordance with the law, to request that data concerning you be completed or that inaccurate data concerning you be rectified.
Right to erasure and restriction of processing: You have the right, in accordance with the law, to request that data concerning you be erased immediately or, alternatively, to request restriction of the processing of the data in accordance with the law.
Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to request its transfer to another controller.
Complaint to the supervisory authority: You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, in accordance with the legal requirements, if you believe that the processing of personal data concerning you violates the GDPR.