Last Updated May 2018
The protection of your personal data is important to us ("HERMES"). We always process your personal data such as your name, your address, your e-mail address or your telephone number in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
1. Controller and Data Protection Officer
The controller is:
HERMES Arzneimittel GmbH –
Division HERMES PHARMA
Phone: +49 / 089 7 91 02 - 261
The contact details of the data protection officer of HERMES Arzneimittel GmbH are:
Phone: +49 / 089 7 91 02- 194
2. Collection of General Data and Information
This website collects a series of general data and information with each visit. This general data and information is stored in the log files of the server. The following general data and information may be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referer), (4) the sub-websites which are reached via an accessing system on our website, (5) the date and time of access to the website, (6) the Internet Protocol address (IP address), (7) the Internet service providers of the accessing system, and (8) other similar data and information used for security purposes in the event of attacks to our IT systems.
When using this general data and information, HERMES cannot associate this data to you. Rather, we need this information to correctly deliver the contents of our website, to optimize the contents of our website as well as the advertisements shown on them, to ensure the permanent functionality of our IT systems and of the technology of our website, and to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack.
HERMES statistically evaluates this anonymously collected data and information with the aim of increasing data protection and data security in our company. We store the anonymous data of the server log files separately from all personal data provided by you. The legal basis for the temporary storage of data and log files is Article 6 para. 1 point f) GDPR.
3. Data Processing upon Contact
You can contact us via the contact form provided on this website or via the e-mail address provided. If you contact HERMES through one of these channels, we will automatically store the personal data you submit. Such personal data voluntarily provided to HERMES will be stored for the purpose of processing your request and/or contacting you. In the case of contract initiations or executions, the legal basis for the processing of data is Article 6 para. 1 point b) GDPR. In all other cases the legal basis for the processing is Article 6 para. 1 point f) GDPR.
The data is collected and stored for marketing and optimization purposes. These data are used to create user profiles under a pseudonym. Cookies enable the recognition of the Internet browser. The data collected will not be used to personally identify the visitor to this website and will not be combined with personal data about the bearer of the pseudonym without the separately given consent of the person concerned. The collection and storage of data can be revoked at any time with effect for the future. You can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via your Internet browser or other software programs. This is possible in all common internet browsers. If you deactivate the setting of cookies in your Internet browser, not all functions of our website may be fully usable. The legal basis for the processing of personal data when using cookies is Art. 6 para. 1 lit. f) GDPR.
5. Google Analytics
By anonymizing your IP address on this website, Google will reduce your IP address within the member states of the European Union or in other contracting parties to the Agreement on the European Economic Area prior to transmission to the USA.
Google uses this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.
The legal basis for processing your personal data using analytics cookies is Article 6 para. 1 point f GDPR. Google self-certified to the EU-U.S. Privacy Shield. Therefore, the legal basis for the transmission of personal data to the USA is, in accordance with the EU-U.S. Privacy Shield, Article 45 para. 1 GDPR.
6. Data Transmission to Third Parties
Intra group data sharing
External service providers
Access to personal data is possible for service providers and contractual partners that we use for the operation of our websites. These external providers are obliged to use your personal data only to provide the services requested by us or otherwise in accordance with our instructions.
Disclosure of data to third parties
Apart from the above mentioned data transmissions, we do not transmit, sell or market your personal data to third parties, such as other companies or organizations, unless you have given your express consent, or the transmission is necessary to fulfil our contractual obligations to you, the user of the website.
7. Duration of Data Storage
We store your personal data according to respective legal retention periods. We routinely delete the corresponding data after these periods expire, provided that it is no longer necessary for the performance or initiation of a contract.
If the storage purpose ceases to apply, or if a compulsory storage period by European Union or national law expires, the personal data is routinely blocked or deleted in compliance with statutory provisions.
8. Your Rights
As the data subject, you are entitled to the rights mentioned in Articles 15-21 GDPR against HERMES if the conditions stated therein are fulfilled. These are the rights of access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), data portability (Article 20 GDPR) and the right to object (Articles 21 and 22 GDPR). Apart from this, you have the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR.