Thank you for visiting our website and for your interest in our company. Protecting your personal data is important to us. Pursuant to Art. 12, 13 and 21 of the General Data Protection Regulation (GDPR), we are informing you below about how we handle your personal data when you use our website https://www.melisana.ch/
Personal data is individual information about the personal or factual circumstances of an identified or identifiable natural person. This includes information such as civil name, address, telephone number and date of birth.
I. Controller
Melisana AG
Grüngasse 19
8004 Zürich
Telephone: 044 247 72 00
info@melisana.ch
II. Data protection officer
Bugl & colleagues
Herr Alexander Bugl
Eifelstraße 55
93057 Regensburg
Office telephone: 0941-630 49 789
Mobile: 0176-10 31 26 88
Email: Datenschutz.buglundkollegen@klosterfrau.de
III. Purposes and legal grounds of data processing
1. Informative use of the website
You can visit our website without providing any personal information. If you only use our website for informative purposes or otherwise provide us with information about yourself, we will not process any personal data, with the exception of the data that your browser transmits so you can visit the website.
Technical provision of the website
For the purpose of the technical provision of the website, it is necessary that we process certain automatically transmitted information from you so that your browser can display our website and you can use the website. This information is automatically collected each time you visit our website and stored in our server log files. This information relates to the system of the computer accessing the information. The following information is collected:
• IP address;
• Browser type/version (e.g. Firefox 59.0.2 (64 bit));
• Browser language (e.g.: English);
• Operating system used (e.g. Windows 10);
• Inner resolution of the browser window;
• Screen resolution;
• Javascript activation;
• Java on/off;
• Cookies on/off;
• Colour depth;
• Referrer;
• Time of access.
We also use cookies to make our website available for your use. Cookies are text files that are stored on your computer system in the internet browser or by the internet browser when you access a website. A cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again. We only use these cookies to provide you with our website and its technical functions. Some functions of our website cannot be provided without the use of cookies. The following information is stored in the cookies and transmitted to us: cookie ID and login information.
We will not use your information collected through the aforementioned cookies to create user profiles or to evaluate your browsing behaviour.
We process your personal data for the technical provision of our website on the basis of the following legal grounds:
- To perform a contract or to implement pre-contractual measures pursuant to Art. 6 (1) lit. b GDPR, insofar as you visit our website to obtain information about us; and
- To protect our legitimate interests pursuant to Art. 6 (1) lit. f GDPR in order to be able to provide you with the technical means to view the website. Our legitimate interests are to provide you with an attractive, technically functional and user-friendly website and to take measures to protect our website from cyber risks and prevent our website from posing cyber risks to third parties.
Content delivery network (CDN)
As part of this, we use content delivery networks (CDN) to display the content of our webpages as quickly as possible and to shorten the loading time of the webpage for the end user. For this purpose, data such as the IP address (or other information as specified above) is transmitted to the CDN server when the files are retrieved from the server and is temporarily stored there in log files. By caching the content, the CDNs help to display the content quickly and flexibly on all end devices, even when the traffic on our websites goes up. Currently, the following two networks are used: unpkg.com, cdnjs.cloudflare.com.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator, this site uses an SSL or SSL protocol. TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by a third party.
a. Marketing
For the purpose of advertising and remarketing, we use Google Analytics, the Google Tag Manager and therefore cookies, as well as the tools detailed below.
For this purpose, we will only process your personal data if you have given us your consent to do so.
Analysis tools, advertising and remarketing
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). This is used on the basis of Art. 6 (1) p. 1 lit. f. GDPR. Google Analytics uses cookies. These are text files that are stored on your computer system in the internet browser or by the internet browser when you access a website. The information generated by the cookie about your use of the website, such as your
• browser type/version (e.g.:
• operating system used (e.g.
• referrer URL (the previously visited page),
• host name of the accessing computer (IP address) and
• time of the server request,
is usually transferred to a Google server in the USA and stored there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. We have also added the code “anonymizeIP” to Google Analytics on this website. This ensures your IP address is masked so that all data is collected anonymously. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator. You may decline to give your consent to the use of cookies by selecting the appropriate settings on your browser. But please note that, if you do this, you may not be able to use the full functions of this website.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on the link below. An opt-out cookie will be set to prevent your data from being collected when visiting this website in the future. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must activate the opt-out from cookies setting again. [Note: You can find instructions on how to integrate the opt-out cookie setting at: ].https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable
Further information on data protection in connection with Google Analytics can be found in Google Analytics Help, for example (https://support.google.com/analytics/answer/6004245?hl=de).
Browser plugin
You may decline the use of cookies by selecting the appropriate settings on your browser. But please note that, if you do this, you may not be able to use the full functions of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on how Google Analytics handles user data in Google’s Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=de.
IP anonymisation
We have activated the IP anonymisation function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Google Tag Manager
On our website we use the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Google Tag Manager service (which implements the tags) is itself a cookieless domain and does not collect any personal data. The Google Tag Manager allows other tags to be triggered, which, in turn, may collect data. Google Tag Manager does not access this data. If deactivation has been performed at domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager.
Google Re-Marketing
This website uses Google Re-Marketing. Google Re-Marketing is an advertising service of Google Inc. (“Google”, 1600 Amphitheatre Parkway, Mountain View, CA, 94043, USA), which lets us tailor the advertising you are shown to your presumed interests based on your usage patterns during previous visits to our website. If you have consented to Google, your visits will also be recorded across devices. This advertising only appears on Google advertising spaces: either Google Adwords or the Google Display Network.
You can object to Google Re-Marketing in the Google Ads Preferences Manager (https://adssettings.google.com/authenticated?hl=de) or edit your settings. Alternatively, you can prevent re-marketing by deactivating cookies in the browser settings.
ADITION technologies AG
This website uses ADITION adserving technology from ADITION technologies AG to collect and store data for marketing and optimisation purposes. Pseudonymised user profiles can be created from this data. Cookies can be used for this purpose. The data collected using ADITION adserving technology is not used to personally identify the visitor to this website and is not merged with personal data on the person using the pseudonym. ADITION technologies AG does not store any personal data by setting cookies. The information here contains only technical details such as the browser used or the operating system installed. You can object at any time with effect for the future to the collection and storage of data. An opt-out function is available for this purpose on the company website. https://www.adition.com/datenschutz/
b. Social media links
Links toTwitter, Facebook, Google+ and Google Maps are integrated on our website. After clicking on the link, you will be redirected to the page of the respective provider, i.e. only then will user information be transmitted to the respective provider. For information on the handling of your data when using the websites of other providers, please refer to the respective data protection notices of these providers.
Plugins and tools
Google reCaptcha
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., which has its registered office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
The purpose of reCAPTCHA is to check whether data entry on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis purposes, reCAPTCHA evaluates various pieces of information (e.g. IP address, time spent by the website visitor on the website and mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
Data is processed pursuant to Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its websites from abusive automated spying and from SPAM.
For more information on Google reCAPTCHA and Google’s privacy policy, please see the following links: https://www.google.com/intl/de/policies/privacyhttps://www.google.com/recaptcha/intro/android.html
Klick-A module
With KlickA, visitors to this website have the opportunity to reserve your product instantly and online at one of many chemists near you. The end consumer is shown the nearest chemists. The result is visualised in Google Maps. The interested party can select their preferred local chemist’s.
This way, the website visitor can reserve the product online and pick it up at their local chemist’s.
The personal data provided during the order/reservation process via the external link integrated in our website will be passed on to the bricks and mortar chemist’s you selected exclusively for the purpose of reserving the products. By making a binding reservation, you agree to the applicable privacy policy of ApoNow GmbH, which you can see during the reservation process.
The processing of personal data relates to the following types/categories of data:
- Master data:
First name, last name - Communication details:
Telephone number, mobile phone number, email address and address - Sensitive data pursuant to Art. 9 GDPR:
Ordering pharmaceutical products
ApoNow GmbH is the provider of this external service. MCM Klosterfrau Vertriebsgesellschaft mbH has concluded a contract for order processing with ApoNow GmbH and has therefore complied with the requirements of EU GDPR.
2. Active use of the website
Besides the purely informative use of our website, you can also actively use our website to contact us. Besides processing your personal data as described above in the case of purely informative use, in this case we will also process other personal data from you that we need to respond to your enquiry.
Contact enquiries
To process and respond to your enquiries to us, e.g. via the contact form or to our email address, we will process the personal data you provide in this context. This will always include your name and email address so we can send you a reply, as well as the other information you send us in your communication.
We process your personal data to respond to contact enquiries on the basis of the following legal grounds:
- To protect our legitimate interests pursuant to Art. 6 (1) lit. f GDPR; our legitimate interest is to respond appropriately to contact enquiries.
Image database
Our digital image database is an exclusive service for our partners from the chemist, press, advertising, trade and medical sectors. If you belong to a professional organisation in these sectors and do not yet have access to the image database, you can request the access data (identifier and password) via a registration form that we offer on our website. We only use the data requested there to check your access authorisation. To provide a selection of images tailored as closely to demand as possible, we analyse the retrieval frequency of the images offered. You as a user will, however, always remain anonymous in these evaluations. The same applies if you have logged in to the specialist area, where the image database is also available to you without any further access checks.
We process your personal data on the following legal grounds: Consent pursuant to Art. 6 (1) lit. b) GDPR.
Use of web fonts
Google Fonts, which are external fonts, are used on these Internet pages. Google Fonts is a service of Google Inc. (“Google”). These web fonts are integrated via a server call, usually a Google server in the USA. This transmits information to the server detailing which of our Internet pages you have visited. Google also stores the IP address of the user's end device browser to these webpages. You can find more information in Google’s privacy policy, which is available here:
www.google.com/fonts#AboutPlace:about
www.google.com/policies/privacy/
3. Sending an application
We process your personal data within the context of your application, provided you send one to us. Special categories of personal data may be included in the application file.
Processing of personal data
As a rule, the following are included in the applicant’s data: First name and last name, if applicable your academic degree, date and place of birth, contact details (address, email, telephone and/or mobile phone number), application documents (letter of motivation, CV and certificates), language skills and abilities. We also process the data that you send us within the context of contacting us by email.
We base our decisions in the application process on the personal data you provide within the scope of the applicable legal requirements. For example, we use your professional qualifications to decide whether to consider you in the shortlist or for a personal impression in an interview to decide whether to offer you the job you have applied for.
We process your personal data on the following legal grounds: Data processing for the decision on whether to establish an employment relationship, Art. 88 (1) GDPR in conjunction with. section 26 (1) sentence 1 of the Federal Data Protection Act (BDSG).
Processing of special personal data
Pursuant to Art. 9 GDPR, special categories of personal data are personal data revealing racial or ethnic origin, political opinions, religious (e.g. information on religious affiliation/confession) or philosophical beliefs or trade union membership, as well as the processing of biometric data for unambiguous identification (e.g. photographs), health data (e.g. information on the degree of severe disability) or data on sex life or sexual orientation. If your CV contains special categories of personal data, we do not intentionally collect it. We expressly ask you not to send us such data.
If you voluntarily provide us with special categories of personal data pursuant to Art. 9 (1) GDPR (e.g. information on your religious affiliation/denomination) in your application documents, contrary to our express request, we will store this on the basis of your consent pursuant to Art. 88 (1) GDPR in conjunction with section 26 (3) sentence 2 BDSG. This also applies if you provide us with further special personal data in the later stages of the application procedure. By voluntarily submitting this data, you consent to the storage of this particular personal data as part of the application process.
We never take these special personal data into account when making a decision on selection, unless it is necessary to take these special personal data into account on the basis of a legal obligation. For example, some job advertisements may give people with disabilities preferential treatment in accordance with the applicable laws. The information provided in these cases is always voluntary and is given with your express consent, which you convey to us by voluntarily submitting this data.
We will process your specific personal data on the following legal grounds: Pursuant to Art. 9 (1), (2) a) GDPR based on your consent pursuant to Art. 88 (1) GDPR in conjunction with section 26 (3) sentence 2 BDSG.
IV. Links
Some sections of our websites contain links to third-party websites. These websites are subject to their own data protection rules. We are not responsible for their operation including data handling. If you send information to or through such third-party sites, you should check the privacy statements of those sites before sending them any information that can be attributed to you personally.
V. Categories of recipient
Initially, only our employees will receive details of your personal data. In addition, to the extent permitted or required by law we will share your personal data with other recipients who provide services to us in connection with our website. We will limit the transfer of your personal data to what is necessary, in particular to process your order. In some cases, our service providers will receive your personal data as processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently with your data which we transmit to them.
Below we have listed the categories of recipients of your personal data: IT service providers for the administration and hosting of our website.
VI. Third country transfer
When using Google’s tools, we transfer your shortened IP address to the USA. The data transfer is based on the European Commission’s Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection provided by the EU-US Privacy Shield.
Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organisations.
VII. Duration of storage
1. Informational use of the website
In the case of purely informational use of our website, we store your personal data on our servers exclusively for the duration of your visit to our website. After you leave our website, your personal data will be deleted immediately.
Cookies that we install are usually also deleted after you leave our website. You can also delete installed cookies yourself at any time.
2. Active use of the website
When you actively use our website, we initially store your personal data for the duration of the response to your enquiry.
We then also store your personal data until any legal claims arising from the relationship with you become time-barred so we can use them as evidence if necessary. The statute of limitations period is usually between 12 and 36 months, but can also be up to 30 years.
We delete your personal data when the statute of limitations expires, unless there is a legal obligation to retain it, for example in the German Commercial Code (sections 238, 257 (4) HGB) or pursuant to the Fiscal Code of Germany (section 147 (3) and (4)). These retention requirements can range from two to ten years.
3. Applications
We initially store your personal data for the duration of the application process.
If we do not select you to fill the vacancy, we will delete your data after three months following your rejection, unless you have consented to a longer period of storage. If you have given your consent, we will store your data until you revoke your consent, but for a maximum of two years.
If your application is successful and you become an employee with us, we will refer you to our employee data protection information sheet, which explains how your data will be processed.
Longer storage periods may also be needed if the data is necessary to assert, exercise or defend legal claims or if there are statutory retention obligations. The data will be stored for as long as is necessary for these purposes.
VIII. Your rights as a data subject
You have the following rights as a data subject under the statutory conditions, which you can assert against us:
Right to be informed: You may request confirmation from us at any time within the scope of Art. 15 GDPR as to whether we are processing personal data relating to you; if this is the case, you also may within the scope of Art. 15 GDPR receive information on this personal data as well as certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of third country transfers, the appropriate safeguards), along with a copy of your data.
Right to rectification: Pursuant to Art. 16 GDPR, you may ask us to rectify the personal data we hold pertaining to your person if it is inaccurate or incorrect.
Right to erasure: Pursuant to Art. 17 GDPR, you may ask us to erase personal data relating to you without delay. The right to erasure does not apply, inter alia, if the processing of personal data is necessary for (i) the exercise of the right to freedom of expression and information, (ii) compliance with a legal obligation to which we are subject (e.g. legal obligations to retain records) or (iii) the establishment, exercise or defence of legal claims.
Right to restriction of processing: Pursuant to Art. 18 GDPR, you may ask us to restrict the processing of your personal data.
Right to data portability:Pursuant to Art. 20 GDPR, you may ask us to hand over the personal data relating to you which you have provided to us in a structured, common and machine-readable format.
Right of withdrawal: You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
Right to object: Pursuant to Art. 21 GDPR, you have the right to object to the processing of your personal data, meaning that we have to stop processing your personal data. The right to object exists only within the scope provided for in Art. 21 GDPR. In addition, our interests may prevent us from terminating the processing, so that we are entitled to process your personal data despite you raising an objection.
Right to lodge a complaint with a supervisory authority: Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, place of work or place of the alleged infringement if you consider that the processing of personal data on you infringes GDPR. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.
The supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Telephone: 0211/38424-0
Email: poststelle@ldi.nrw.de
However, we recommend that you always address a complaint to our data protection officer in the first instance.
Your enquiries about exercising your rights should, where possible, be addressed in writing to the address above or directly to our data protection officer.
IX. Scope of your obligations to provide data
You are not obliged to provide us with your personal data. If you choose not to provide us with your personal data, however, we will not be able to provide you with a fully comprehensive and technically error-free website and will not be able to answer your enquiries. Personal data that we absolutely need for the above-mentioned processing purposes are marked with an “*” or with another symbol as mandatory information.
X. Automated decision making/profiling
We do not use automated decision making or profiling (an automated analysis of your personal circumstances).
Information about your right to object pursuant to Art. 21 GDPR
1. You have the right to object at any time to the processing of your data based on Art. 6 (1) f GDPR (data processing on the basis of a balancing of interests) or Art. 6 (1) e GDPR (data processing in the public interest) if there are grounds for doing so that arise from your particular situation. This also applies to profiling based on this provision as defined by Art. 4 (4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for said processing which override your interests, rights and freedoms, or processing serves to assert, exercise or defend legal claims.
2. We also process your personal data in individual cases for the purposes of direct advertising. If you do not want any advertising, you have the right to object to this at any time; this also applies to profiling, insofar as it is associated with such direct advertising. We will take heed of this objection for the future.
We will no longer process your data for direct marketing purposes if you object to processing for these purposes.
The objection can be made without following certain formalities and should preferably be addressed to:
MCM Klosterfrau Vertriebsgesellschaft mbH
Gereonsmühlengasse 1-11
50670 Cologne
Telephone: 0221-1652-0
Email: dialog@klosterfrau-service.de
XI. Changes
We reserve the right to change this Privacy Policy at any time. Any changes will be announced by posting the amended Privacy Policy on our website. Unless otherwise specified, these changes will take immediate effect. Please therefore check this Privacy Policy regularly to view the most current version.
Last updated in October 2021