Data protection policy

Controller

APOGEPHA Arzneimittel GmbH

Kyffhäuserstraße 27
01309 Dresden, Germany
Telephone: +49 (0) 351/​33 63-3
Fax: +49 (0) 351/​33 63-4 40
Email: info[at]apogepha.de

Represented by

Dr. Dirk Pamperin

Introduction

The security and confidentiality of your personal data are of great importance to us. Below, you can find information concerning the framework in which we process your data and the measures we have taken in order to protect your private sphere as a user of this site. This data protection policy also applies to the following social media pages of APOGEPHA: Facebook and Instagram.

All data which is collected here is treated in the strictest confidence in our area of responsibility in accordance with the regulations of the European General Data Protection Regulation (GDPR) and the applicable country-specific data protection provisions, such as the German Federal Data Protection Act (BDSG, new version) or the German Telemedia Act (TMG). The processing takes place either in accordance with Article 6 Paragraph 1 Letter a) GDPR on the basis of your consent, in accordance with Article 6 Paragraph 1 Letter b) GDPR in order to fulfil or negotiate a contract, in accordance with Article 6 Paragraph 1 Letter c) GDPR in order to fulfil a legal obligation to which we are subject or on the basis of Article 6 Paragraph 1 Letter f) GDPR in order to safeguard our legitimate interests.

Compliance with these provisions is monitored by the external data protection officer of APOGEPHA Arzneimittel GmbH, Ms Kerstin Herschel (PRODATIS CONSULTING AG AG) dsb@prodatis.com.

Collection and processing of personal information

We use state-of-the-art encryption methods (e.g., SSL) via HTTPS for the collection and processing of your data, and especially for the transmission of your data, to ensure that it is protected. We only process the personal information which you disclose to us via our website in order to correspond with you and only for the purpose for which you have provided the data. We take appropriate technical and organisational precautions to ensure the security of your personal data.

Automatically saved data, server log-files

The Provider of the pages will automatically collect and save information in so-called 'server log-files', which will be communicated automatically to us by your browser. These include the following:

• Date and time of the request
• Name of the requested file
• Web-page from which the file was requested
• Access status (file transferred, file not found, etc.)
• Web browser and operating system used
• Complete IP-address of the requesting computer
• Data volume transferred.

These data will not be merged with other data sources. Processing is carried out in accordance with Art. 6 para. 1 letter f of the General Data Protection Regulation (GDPR) on the basis of our legitimate interest in improving the stability and functionality of our website. For technical safety reasons, in particular, to prevent hacking attempts on our Web server, these data will be stored briefly by us. We will not be able to infer the identity of individual persons with the help of these data. In addition to this, the data will be processed in anonymised form for statistical purposes; no comparisons will be made with other data sets, nor will the data be forwarded to third parties, not even in parts. The number of times the pages were launched will be represented exclusively within the context of our server statistics.

Using the contact form
Your personal data that you disclose to us via our contact form will be processed only for the purpose of corresponding with you, for processing your request, or for the purpose for which you have provided us with the data.

For example, the following data is recorded from the contact form:

  • Surname, first name, title
  • Content of the message (“your concern”)
  • Email address

Mandatory fields in the form are indicated with an asterisk (*).

Using the medicine safety form
Reporting side effects or other risks associated with medicines (pharmaceutical drugs) (such as quality complaints) is important for assessing the safety of our drugs in particular and for public health in general. All personal data collected here is necessary to prevent duplication of a report, or to contact you in the case of queries, provided you have given us your contact details.

The following data from mandatory fields and voluntary information is collected from the medicine safety form:

  • Physiological information (date of birth, gender, weight, height)
  • Information concerning medicines and side effects (description of treatment and side effects, as well as outcome)

Mandatory fields in the form are indicated with an asterisk (*).

For further information, please refer to Duty to provide information to data subjects pursuant to Art. 13/ 14 GDPR in connection with drug monitoring and drug safety.

Using the Incontinence and IPSS questionnaire
All data collected here is voluntary and is saved only for the duration of your visit to our website in order to be able to show you the evaluation.

Saving duration
The personal data which you have disclosed to us via our website will be saved only for as long as is necessary to fulfil the purpose for which it was provided and for which the saving is necessary. Should it be necessary, in order to comply with retention periods under commercial, tax or administrative laws, the saving duration for specific data can last for up to 6 or 10 years.

The protocol data generated when accessing our website is saved for 90 days and then deleted. Any subsequent anonymised access statistics are not deleted.In the case of data related to medicine safety, the saving period can also extend beyond 10 years, after which this is no longer authorised in any country. However, documents may be kept longer if necessary.

Transfer of personal information
Should we engage service providers in order to carry out or fulfil tasks for us, the contractual relationships will be regulated in writing in accordance with the provisions of the General Data Protection Regulation (EU-GDPR) and the new version of the Federal Data Protection Act (BDSG). This includes the following categories of recipients:

  • IT service providers in order to ensure security and confidentiality
  • Service providers such as consultants, database operators

We are obliged to provide data and information in certain situations, for example, if this is required by a statutory provision, e.g., when reporting risks associated with medicines (pharmaceutical drugs). This includes the following categories of recipients:

  • Health authorities within the framework of the statutory reporting obligations, as well as other public bodies (e.g., Federal Institute for Drugs and Medical Devices);
  • Subsidiaries and distribution and licensing partners, on the basis of contractual agreements

Your rights

As a data subject whose data is being processed by us, you are entitled to comprehensive rights in accordance with the GDPR: You have the right to receive information concerning your personal data which is being processed by us, in particular concerning the purposes of the processing, the categories of personal data which are being processed, the recipients and categories of recipients to whom your data has been disclosed or is being disclosed, the planned saving duration and the categories for determining this. Should you no longer agree to the processing or saving of your personal data or should your data be incorrect, you have the right of rectification or erasure or to have the processing restricted. Following your request or notice of revocation, we will carry out the necessary corrections, initiate the erasure or restriction of the processing of your data or carry out the necessary corrections, provided this is possible in accordance with applicable laws. In addition, should you have issued us with consent, you have the right to object to the processing in the future at any time, the right of data portability and the right to complain to a supervisory authority.

This data protection policy applies to all websites which are managed by APOGEPHA Arzneimittel GmbH. The websites may contain links to websites of other companies and organisations. This policy does not extend to their websites.

Should you have any queries, you can get in touch with our data protection officer.

Data protection notice in accordance with the EU General Data Protection Regulation
Alongside these website-specific data protection notices, the data protection policies/information obligations in accordance with Articles 13 and 14 GDPR also apply.

#####Information obligations for groups of medical professionals

#####Information obligations for customers and suppliers

#####Information obligations for applicants

User registration

Our website provides you with the option of registering for the specialist area by providing personal data. The purpose of the registration is to provide specialist personnel (doctors and members of the medical profession) access to content and information which is only available to specialist medical groups in accordance with the German Pharmaceutical Advertising Law (HWG). You can terminate the user account by sending an email to info@apogepha.de. In case of termination of the user account, the relevant data will be deleted, unless retention periods under commercial, tax or administrative laws need to be complied with.

Newsletter

APOGEPHA provides you the option of registering for a technical newsletter by providing your e-mail address and other voluntary personal data. The legal basis for processing your data is Art. 6 Section 1 a of the GDPR – your consent. The purpose of the subscription is to regularly provide specialist personnel (doctors and members of the medical profession) with scientific content and information which is only available to specialist medical groups according to the German Pharmaceutical Advertising Law (HWG). You can unsubscribe from the newsletter at any time using the unsubscribe link "Unsubscribe from newsletter" in the newsletter. You also have the option of doing this via the Unsubscribe form or by sending a mail to . In case of termination of the subscription, the relevant data will be deleted, unless retention periods under commercial, tax or administrative laws have to be complied with.

When subscribing and accessing our technical newsletter, we also evaluate anonymised data such as delivery rate, opening rate, click rate and unsubscription rate for measuring the success and for analysing the technical newsletter. In addition, a personal evaluation is carried out during the access and use of our technical newsletter, such as the time of opening and the hyperlinks clicked on, in order to send you customised information in the future that matches your interests and needs.

Use of cookies

When accessing our website, you will be informed of the use of cookies and referred to this data protection policy.

DocCheck

We use DocCheck on our websites for accessing the protected specialist area. The following data protection notices apply to this login:

Cookie information

DocCheck uses so-called “cookies” - text files which are saved in the browser of the user in order to make the use of the services easier. The information which is generated by these cookies is only transferred to the servers of DocCheck and is not shared with the website operator or other third parties. Data is not transferred to countries outside of the EU.

Cookie 1
Doccheck_user_id
Enables a single sign-on for all DocCheck logins.Duration = 1 session

Cookie 2
Doccheck_scu_data
Serves the purpose of providing suitable content on the basis of pseudonymised core data (for example profession, country, language)Duration = 1 year

Protocol data
Within the framework of the use of the DocCheck password protection, DocCheck gathers the so-called protocol data (IP address, date of access, time of access, referrer URL, information concerning the hardware and software used, such as browser characteristics, device information, such as resolution) of the user on the basis of the website of the information provider which integrates the login into the website via “embed” and/or iFrame.

This data is not used in order to trace your person, but rather to ensure the correct display of the site or iFrame content and/or the security of the DocCheck services.

Google Analytics

Our website uses Google Analytics, a web analysis service of Google LLC (hereinafter: “Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses “cookies”, text files which are saved on your computer and which enable an analysis of the use of the website by you. The information concerning your use of the website which is generated by the cookie is generally transferred to a server of Google in the USA and saved there. The IP address transferred by your browser in the course of Google Analytics is not combined with other data by Google. We have also extended Google Analytics on the website by means of the “anonymizeIP“code. This guarantees the masking of your IP address, which means that all data is gathered anonymously. Only in exceptional cases is the full IP address transferred to a server of Google in the USA and shortened there.

On behalf of the operator of our website, Google will use this information in order to evaluate your use of the website, to compile reports concerning the website activities and to provide other services to the website operator connected to the use of the website and the use of the Internet. You can prevent the saving of the cookies by setting your browser software accordingly; however, we wish to inform you that in such a case, you may not be able to fully use all of the functions of this website. You can prevent the recording of the data generated by the cookie which relates to your use of the website (including your IP address) by Google, as well as the processing of this data by Google by downloading and installing the browser plugin which is available via the following link: https://​tools.google.com/​dlpage/​gaoptout?hl=de. Alternatively to the browser add-on, in particular in case of browsers on mobile end devices, you can also prevent the recording by Google Analytics by clicking on this link. An opt-out cookie will be set, which prevents the future recording of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and will be placed on your device. Should you delete the cookies in this browser, you need to reset the opt-out cookie.

We also use Google Analytics to evaluate data from double click cookies and also AdWords for statistical purposes. Should you not wish for this to take place, you can de-activate this via the advertising settings manager (https://​www.google.com/​settings/​ads/​onweb/?​hl=de).

 

Google Tag Manager

Google Tag Manager is used in order to be able to administer website tags via an interface. Google Tag Manager itself does not record any personal data.

As an alternative to the browser plugin, you can click on this link in order to prevent the recording on this website by Google Analytics in the future. In such a case, an opt-out cookie will be placed on your end device. If you delete your cookies, you have to click on the link again.

Google Maps

Some of our sites contain a plugin which displays map sections of Google Maps. Google Maps is operated by Google. For this purpose, a connection is established between your browser and the servers of Google, in the same way as happens when you visit the website of the Google search engine. Google itself is responsible for the data processing. Tracking by Google does not take place on our website.

Further information concerning the use of Google Maps can be found in the terms and conditions of use of Google Maps. Information concerning the protection of your private sphere can be found at https://​www.google.de/​intl/​de/​policies/.

YouTube

We integrate YouTube videos on our website. The operator of the relevant plugins for the display of these videos is:
YouTube, LLC
901 Cherry Ave.San Bruno
CA 94066
USA

When you visit a website with a YouTube plugin, a connection is established with the servers of YouTube. During this process, YouTube is informed which website you are visiting. Should you be logged into your YouTube account (Google account), YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account (Google account) first.

Should a YouTube video be launched, Google uses cookies which collect information concerning the user behaviour. Should you have de-activated the saving of cookies for the Google Ad program, no such cookies will be used when viewing YouTube videos. However, YouTube also places non-personal usage information in other cookies. Should you wish to prevent the saving of cookies, you can do this via your browser.Further information concerning data protection at YouTube can be found in the data protection policy of the provider at: https://​www.google.de/​intl/​de/​policies/​privacy/

Social media

We use plugins from various social networks on our website or link our website to them. When you call up our website, the plugins cause the transmission of data, such as your IP address to the servers of the providers and tell, if applicable, which pages of our website have been or are being accessed. If you visit our website via a social network, you send certain personal data to the social network provider, for example, your IP address or cookie information, by which you can be identified as the person who accessed the page.

As we have no influence on the way in which data is collected, stored and further processed by these plugins or the providers of the social networks, we hereby ask you to refer to the data protection policies of the respective providers.

In order to prevent providers from collecting the above-mentioned data during your visit to our website and linking it directly to your provider account, please log out from the providers before visiting our website.

 

Facebook

We operate a Facebook page where your personal data is processed. As part of a multi-level provider agreement, there is joint responsibility according to Art. 26 GDPR of us together with

Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

for data processing on our Facebook page. The relevant agreement with Facebook is available at www.facebook.com/legal/terms/page_controller_addendum .

Using the Facebook page and its functions is your own responsibility, especially the use of interactive functions such as "comment", "share" and "rate".

The data collected by Facebook when you visit our Facebook page is processed by Facebook Ireland Ltd. and may be sent to countries outside the European Union. The data collected includes your IP address and other information stored in cookies on your device. For more information on the data collected by Facebook, please refer to Facebook's data protection policy.

The way in which Facebook uses the data pertaining to a visit to our Facebook page for its own purposes, the extent to which the activities on the Facebook page are mapped to individual users, the duration for which Facebook stores this data and whether data pertaining to the visit of a Facebook page is shared with third parties is not conclusively and clearly stated by Facebook and is not known to us. When you access a Facebook page, the IP address of your device is sent to Facebook. According to Facebook, this IP address is anonymised (for "German" IP addresses) and deleted after 90 days. Facebook also stores information about the devices of its users (e.g., as part of the "registration notification" function). This may enable Facebook to map IP addresses to individual users.

If you are currently logged into Facebook as a user, there is a cookie on your device with your Facebook ID. This enables Facebook to find out that you visited this page and how you used it. This also applies to all other Facebook pages. Using Facebook buttons embedded in websites, Facebook can record your visits to these webpages and map them to your Facebook profile. This data can be used to offer customised content or promotions to you. If you want to avoid this, you should log out of Facebook or deactivate the "remain logged in" function, delete the cookies saved on your device and close and restart your browser. In this way, Facebook information, with which you can be directly identified, will be deleted. This allows you to use our Facebook page without revealing your Facebook ID. A Facebook login screen is displayed when you access interactive features of the page (Like, Comment, Share, Message, etc.). After logging in, Facebook identifies you again as a specific user.

We also process your personal data for communicating with you if you have started the same via the public comment function.

For more information on Facebook's data protection, please refer to the Data Usage Policy at: http://de-de.facebook.com/about/privacy

As well as the provider's data protection policy at: https://de-de.facebook.com/full_data_use_policy

Instagram

We operate an Instagram page. The provider of this technical platform and its services is

Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

Any use of the Instagram page and its functions is your own responsibility.

The data collected by Facebook Ireland when you visit our Instagram page is processed by Facebook Ireland Ltd. and may be sent to countries outside the European Union. The data collected includes your IP address and other information stored in cookies on your device. For more information on the data collected by Facebook, please refer to Instagram's data protection policy.

The way in which Facebook uses the data pertaining to a visit to our Instagram page for its own purposes, the extent to which the activities on the Instagram page are mapped to individual users, the duration for which Facebook Ireland stores this data, and whether data pertaining to the visit of an Instagram page is shared with third parties is not conclusively and clearly stated by Facebook Ireland and is not known to us. When you access an Instagram page, the IP address of your device is sent to Facebook. According to Facebook, this IP address is anonymised (for "German" IP addresses) and deleted after 90 days. Facebook also stores information about the devices of its users (e.g., as part of the "registration notification" function). This may enable Facebook to map IP addresses to individual users.

If you are currently logged into Instagram as a user, there is a cookie on your device with your Instagram ID. This enables Facebook to find out that you visited this page and how you used it. This also applies to all other Instagram pages. Using Instagram buttons embedded in websites, Facebook can record your visits to these webpages and map them to your Instagram profile. This data can be used to offer customised content or promotions to you. If you want to avoid this, you should log out of Instagram or deactivate the "remain logged in" function, delete the cookies saved on your device, and close and restart your browser. In this way, Instagram information, with which you can be directly identified, will be deleted. This allows you to use our Instagram page without revealing your Instagram ID. An Instagram login screen is displayed when you access interactive features of the page (Like, Comment, Share, Direct Message, etc.). After logging in, Facebook identifies you again as a specific user.

Further information on data protection in Instagram can be found in the Data Protection Policy of the provider at: https://​help.instagram.com/​519522125107875?helpref=page_content.

As well as in the privacy settings at: https://help.instagram.com/519522125107875?helpref=page_content.

LinkedIn

We operate a LinkedIn-page where your personal data will be processed. As part of a multi-level provider agreement, and in the context of the processing of Insight data pursuant to Art. 26 GDPR, we share responsibility with

LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2
Ireland

for the data processing on our LinkedIn page. The agreement pertaining to this can be viewed at legal.linkedin.com/pages-joint-controller-addendum.

You will be using LinkedIn and its functions under your own responsibility, especially while using interactive functions such as "share".

The data collected by LinkedIn when you visit our channel is processed by LinkedIn and may be sent to countries outside the European Union for this purpose. LinkedIn has been certified under the Privacy Shield and uses the standard contractual clauses of the EU (https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de). Through this, LinkedIn undertakes to comply with the data protection standards of the EU. The data that is collected includes, among other things, your IP address and other information such as your usage behaviour, which will be saved in the form of cookies on your PC, and which will be collected and processed even if you do not have a LinkedIn account, or have not signed in to LinkedIn. These data will be assigned to the data of your LinkedIn account or to your LinkedIn profile, if you have not logged out of it. LinkedIn offers users various options for restricting the processing of their data; these options can be found in the Settings of your LinkedIn account.

We have no influence whatsoever on the extent and nature of the user data that is captured by LinkedIn, nor do we have full access to it.

LinkedIn will provide us with anonymous statistics, which we can use to evaluate the quality of our LinkedIn page and our contents. We advertise on LinkedIn and use the 'Insight data' that is provided by LinkedIn to evaluate the behaviour of users during the interaction with our web page. Here, Art. 6 Para. 1 letter f GDPR constitutes the legal basis for the data processing. Furthermore, we also process your personal data for communicating with you if you have contacted us through our LinkedIn page. Apart from the anonymised user data, we see only the public information of your profile. You can decide on your own which of these will be definite through your LinkedIn settings.

If you are currently registered with LinkedIn as a user, LinkedIn can capture your visits to these web pages and assign them to your LinkedIn profile. If you want to avoid this, you should log out of LinkedIn, delete the cookies saved on your device, then close and restart your browser. In this way, any LinkedIn information, which can be used to identify you directly, will be deleted. This allows you to use our LinkedIn page without revealing your LinkedIn ID. When you access the interactive features of the page (advertise, comment, chat, etc.), a LinkedIn login screen will appear. After logging in, LinkedIn will identify you again as a specific user.

Further information concerning data protection at LinkedIn can be found in the data protection policy under: de.linkedin.com/legal/privacy-policy

To exercise your rights as an affected party with respect to LinkedIn, please contact LinkedIn, at best under: www.linkedin.com/help/linkedin/ask/PPQ

You can contact the Data Protection Officer of LinkedIn through the following link: www.linkedin.com/help/linkedin/ask/TSO-DPO The supervisory authority responsible for LinkedIn and for the page Insights can be accessed through: www.dataprotection.ie

Data transfer to the USA

We would like to point out that our website uses plugins and tools from providers in the USA. When using these plugins and tools, it is possible that pb may send data about you, such as your IP address or your surfing behaviour, to the respective provider of these tools in the USA.

The USA is currently not considered a safe third country under the GDPR. US authorities may demand US companies to hand over personal data, and you cannot take legal action against this. It cannot be therefore completely ruled out that your data will be processed and permanently stored by US authorities.

Exclusion of liability

We occasionally refer to third party websites. Even though we carefully select these third parties, we cannot assume any guarantee or liability for the correctness and completeness of the content and for data security in connection with third party websites. In addition, this data protection policy does not apply to linked third party websites. All information contained on this website has been subject to a thorough check. However, we cannot provide any guarantee that the content of our websites is correct, complete and up-to-date at all times.

Dispute resolution before a consumer mediation body

The European Commission provides an online platform for out of court dispute resolution, which can be accessed at www.ec.europa.eu/​consumers/​odr. You can find our email address in the legal notice. We are neither obliged nor willing to participate in dispute resolution proceedings.