Data privacy

Privacy Policy

This privacy policy informs you as a user of our website and our offers about the nature, scope and purpose of the collection and use of personal data.

We expressly point out that data transmission on the Internet (e.g. when communicating via e-mail) has security gaps and cannot be completely protected from access by third parties.

This privacy policy is currently valid and has the status February 2021. Due to the further development of our website and offers or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. The current data protection declaration can be accessed and printed by you at any time on our website under https://www.ursapharm.de/en/datenschutz/.

Responsible for data processing

The controller is:

URSAPHARM Arzneimittel GmbH
Industriestraße 35
66129 SaarbrückenGermany
Phone: +49 (0) 6805/9292-0
Fax: +49 (0) 6805/9292-88
E-Mail: datenschutz@ursapharm.de

Data Protection Officer

Data Protection Officer
URSAPHARM Arzneimittel GmbH
Industriestraße 35
66129 Saarbrücken
E-Mail: datenschutz@ursapharm.de

Disclosure of data to third parties and third party providers

We comply with the legal requirements. Data is only passed on to third parties within the scope of the statutory provisions.

Data processing on our website

General Information

Integration of third-party services and content

We may use third-party services within our website to, for example, integrate external media, perform analyses, etc. This is always done on a legal basis, such as on the basis of our legitimate interests (e.g. our interest in the analysis, optimization and economical operation of our website) within the meaning of Art. 6 sec. 1 lit. f GDPR or – if this is necessary in individual cases – on the basis of your previously given consent pursuant to Article 6 sec. 1 lit. a GDPR.

Such services generally require that the third-party providers perceive the IP address of the users, since they could not send the corresponding content to the browser without the IP address. The IP address is required for the presentation of such content. We try to only use services whose respective providers only use the IP address for the delivery of the content. Some providers also use so-called “pixel tags” (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, among other things, technical information about the browser and operating system, referring websites, visiting time and other information on the use of our online offer, as well as being linked to such information from other sources.

For more information on which services are actually used on this site and how data is processed within their framework, as well as the relevant legal basis, please refer to the explanations on the respective services in the further course of this data protection declaration.

Types of data processed

On our website, we collect and process inventory data (e.g. names, addresses), contact data (e.g. e-mail addresses, telephone numbers, fax numbers, postal address), usage data (e.g. websites visited, links clicked, interest in content, access times, access locations), content data (e.g. comments, text entries, photos, videos) and measurement and communication data (e.g. device information, browser information, IP addresses).

Categories of data subjects

The persons affected by the processing of personal data are all visitors and users of our website.

Purpose of processing

We collect and process the personal data of users of our website in order to communicate with and inform them (e.g., contact and other inquiries), to perform statistics, reach measurement and analysis (e.g., with marketing and analysis tools), so that we can better design and optimize content and functions, to technically manage and optimize the website and to close security gaps.

Legal bases for the processing of personal data

We only process personal data if we have a legal basis to do so. In the following, we will identify the legal bases in question individually in the context of the respective data processing operations. In general, we are always entitled to process personal data, if the person concerned has given its consent (see Art. 6 sec. 1 lit. a, Art. 7 GDPR) if we are obliged to fulfil contractual or pre-contractual obligations (see Art. 6 sec. 1 lit. b GDPR) if we have to fulfil other legal obligations (see Art. 6 sec. 1 lit. c GDPR) or if we safeguard our legitimate interests (see Art. Art. 6 sec. 1 lit. f GDPR).

Recipients of personal data

We may transfer personal data to processors or other third parties (e.g. hosting agencies, etc.) with whom we cooperate. We are entitled to do this if the data subject has consented to this (see Art. 6 sec. 1 lit. a, Art. 7 DSGVO), if we thereby fulfill contractual or pre-contractual obligations (see Art. 6 sec. 1 lit. b DSGVO), if we thereby fulfill a legal obligation (see Art. 6 sec. 1 lit. c DSGVO) or if we safeguard our legitimate interests (see Art. 6 sec. 1 lit. f DSGVO). We conclude a so-called data processing agreement with data processors in accordance with Art. 28 DSGVO, according to which they also undertake to comply with the rules of data protection.

Hosting

This website is hosted on the servers of Hetzner Online GmbH. The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this website. In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of all users of this website. The legal basis for the use of hosting services is the protection of our legitimate interests in the analysis, optimization and the economic and secure operation of our website (see Art. 6 sec. 1 lit. f DSGVO). We have concluded corresponding data processing contracts with our hosting providers.

Access Data / Server-Logfiles

Based on our legitimate interest under Art. 6 sec. 1 lit. f GDPR, we collect data about every access to our website (so-called web server log files). The data processed includes IP address, time of retrieval, type of request, protocol, HTTP status, referer, browser type and version, operating system, and the message of successful retrieval. The data are used for statistical evaluations for the purpose of operation, safety and optimization of the offer. The data will be stored for security reasons (e.g. for the investigation of abuse cases) for a period of 7 days. The IP address is stored anonymously only. If a longer retention is required for evidence purposes, these will be deleted after the final clarification of the matter.

Cookies

Furthermore, when you use our website, cookies may be stored on your computer. Cookies are small text files that make it possible to store specific information related to the device on the user’s access device (PC, smartphone, other devices). They serve the user-friendliness of websites (e.g. storage of login data), the collection of statistical data of the use of the website and for analysis in order to improve the website. Cookies cannot run programs or transmit viruses to your computer.

You can prevent the storage of all or only certain cookies by setting your browser accordingly in the security settings. Cookies that have already been saved can be deleted in the browser. In these cases, however, the use of the website may be restricted.

This website may use the following types of cookies:

  • Transient (temporary) cookies
  • Persistent (permanent) cookies

Transient cookies are automatically deleted when you close or log out of the browser. This includes, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the common session. This allows your computer to be recognized when you return to our website.

Persistent cookies are automatically deleted after a predetermined duration, which may vary depending on the cookie. You can delete the cookies in your browser’s security settings at any time.

Both types of cookies may come from us (then “first-party cookies”) or from third-party providers (“third-party cookies”).

Such cookies, which enable the safe functioning of the website in the first place and such cookies, which only record the general usage behavior statistically (e.g. access to the website at all and the time of access), without merging user data across websites, without using external servers or services and without establishing traceability, we use on the basis of our legitimate interest in a secure and functional provision of the website as well as for statistical purposes to optimize our website in accordance with Article 6 sec. 1 lit. f GDPR.

The use of other cookies is based exclusively on your previously given consent in accordance with Art. 6 sec. 1 lit. a GDPR. Such cookies are usually used to optimize our offer as well as to develop and optimize individual marketing measures. You can give your consents for the cookies and tools in question voluntarily when you first visit our website.
You can change your decision at any time on our website.

Deactivation/opposition to cookies:

In general, you can object to the use of cookies for range measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
Furthermore, the storage of cookies can be prevented by setting this in the security settings of your browser. However, you may then not be able to use all the functions of this website.
These options apply to all cookies listed below that we use for this website.

MyFonts Counter

On this website, we use the web-based design service MyFonts from the service provider Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, MA 01801, USA (“MyFonts”). We use it to optimise the texts and backgrounds (so-called “fonts”) displayed on the site so that they are always presented to you in a legible and attractive manner. This works in such a way that your browser loads the fonts required for the presentation into your browser cache. On the basis of our contractual relationship, MyFonts is entitled to remuneration which is calculated on the basis of the number of hits on the website with said fonts. For this reason, we are contractually obliged to include a so-called tracking pixel on the website. This is a one-pixel image file that is stored on the website itself. This pixel-code collects the IP addresses of the visitors in order to count the number of different accesses (“hits”). The data is processed by MyFonts together with an anonymised project number and the page URL for the purpose of counting. For details of what MyFonts does with the data, please see their privacy policy at: https://www.monotype.com/de/rechtshinweise/datenschutzrichtlinie/datenschutzrichtlinie-zum-tracking-von-webschriften.

eTracker

We use the service etracker Analytics of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Imprint: https://www.etracker.com/impressum/ (hereinafter referred to as “etracker”). Here you can find FAQ from etracker regarding the GDPR: https://www.etracker.com/docs/faq/eu-dsgvo/. The privacy policy of etracker can be found here: https://www.etracker.com/datenschutz/. We have concluded a corresponding data processing contract with etracker.

We use etracker Analytics on the basis of our legitimate interest under Art. 6 sec. 1 p. 1 lit. f GDPR, in this case in the interest to evaluate our website and improve it for you as a user. As standard, etracker Analytics does not use cookies, but records the visiting behavior (using purely technical parameters, such as the abbreviated address or the browser used) within a session (visit to the website) by means of cookieless session tracking. A hash value (combination of characters from which the original data cannot be derived) is generated by means of a fingerprinting procedure from purely technical data (such as the abbreviated IP address or the browser used), to which the date of the page call is added, in order to make a conclusion on the identity of the user even less likely. This value is automatically deleted every 24 hours. Within 24 hours, this fingerprint allows to analyze user behavior.

You can object to the data processing here at any time:
allow Tracking

In addition to the etracker Analytics, we use on our website the etracker Optimiser add-on from etracker with A/Btesting (further information: https://www.etracker.com/docs/bedienung/etracker-optimiser/testing-targeting/a-b-testing-smart-messages/), Overlay Messaging (further information: https://www.etracker.com/docs/videos/etracker-optimiser/smart-messages/), Remarketing Feed (further information: https://www.etracker.com/docs/data-services/remarketing-feed/) as well as access to user profiles in real time.

Google Analytics

We use the web-tracking tool Google Analytics (https://marketingplatform.google.com/intl/de/about/analytics/) of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, imprint: https://www.google.de/intl/de/contact/impressum.html.
The parent company of this Irish-based company is: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”).

We only use Google Analytics if you have given us your express consent (Art. 49 sec. 1 lit. a GDPR) via the cookie settings of our website (Consent Tool). With your consent, your data will then be transferred not only to Ireland but also to the USA and thus to an unsafe third country. There currently are no EU adequacy decision or any other appropriate guarantees for the US. The protection of your data cannot be guaranteed in the destination country USA. There is currently no equivalent level of data protection in the US. Therefore, the transmission is associated with corresponding risks. In particular, there are no guarantees regarding the failure of access to your transferred data by public authorities. For example it cannot be ruled out that US authorities may access your data on the basis of Section 702 of the Foreign Intelligence Surveillance Act (FISA; a law that governs the United States’ foreign intelligence and counter-espionage services). In this context, we expressly point out that you, as an EU citizen, do not have an effective legal protection against the processing of your data by US authorities on the basis of FISA. If you give your consent, you do so in the knowledge of these risks, which you consciously accept as a result. You can revoke your consent at any time by means of the cookie settings within this privacy policy, in which you only accept essential cookies.

Individual cookie settings

 

Furthermore, we would like to point out that you can prevent the storage of cookies at any time by setting your browser appropriately. Further information in this context we have compiled, with regard to the most common browsers, below, but point out that this may limit the functionality of our website.

You can also download a browser add-on to disable Google Analytics at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. By installing the add-on, you prevent the collection and processing of the data collected by the cookie by Google. If you have given your consent and the storage of cookies in your browser is not prevented, your use of the website is analyzed by means of Google Analytics by the use of cookies. In this respect, we have concluded a corresponding data processing contract with the company Google. In general, the information generated by the cookies is transmitted to and stored on a Google server in the USA. We use Google Analytics with a code extension to ensure that your IP address is only processed in a truncated manner and that rough localization is possible, but that the connection of the data to a person cannot be made. It is possible to merge the IP address transmitted by your browser with other data from Google, e.g. with data from your Google account. We would like to point out that the data processing is mainly carried out by Google and not all data is anonymous. In addition, Google may link to other data on your part, such as the search history, personal accounts, usage data and any other data that Google has about you.

Here you can find information about your Google Account privacy settings: https://safety.google/intl/de/privacy/privacy-controls/.
With privacy settings, you can decide for yourself what data is stored in your Google Account. In individual cases, the unabridged (and therefore not anonymised) IP address is transmitted to the USA and truncated accordingly. Google uses the data provided to evaluate the use of the website, so that we have access to relevant statistics (e.g. about the activities on the website). Google itself uses this data for its own purposes, such as profiling. In addition to Google, this data is also accessed by public authorities.

We also use Google Analytics to analyze visitor flows across devices via a user ID. In addition, google can link to the usage data of other devices. In order to prevent cross-device capture by Universal Analytics, it is necessary to perform the opt-out on all devices with which you have accessed our website.

Youtube

We include YouTube videos on our website. This is a video portal of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, imprint: https://www.google.de/intl/de/contact/impressum.html. The parent company of this Irish-based company is: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”).

Google’s privacy policy is available here: https://policies.google.com/privacy?hl=de.
We have implemented the videos in an “extended privacy mode”, which ensures that data transfer to the US and thus to an unsafe third country does not take place until you start playing the video.

If you call up a sub-page on which a YouTube video is implemented and play it, Google receives the information about this call-up and a transmission of the personal data mentioned in this data protection declaration takes place in the case of purely informative use of the website to Google (and thus possibly to an unsafe third country). This transfer is used to create a user profile by Google and takes place regardless of whether you have a Google account. However, if there is an account and you are logged into your account when you access a sub-page that includes a YouTube video, this data will be assigned. This data is stored by Google and used for advertising and/or market research purposes, such as the provision of tailored advertising.

With regard to storage, please refer to Google’s statements, available at: https://policies.google.com/technologies/retention?hl=de.

We only use Google Analytics if you have given us your express consent (Art. 49 sec. 1 lit. a GDPR) via the cookie settings of our website (Consent Tool). With your consent, your data will then be transferred not only to Ireland but also to the USA and thus to an unsafe third country. There currently are no EU adequacy decision or any other appropriate guarantees for the US. The protection of your data cannot be guaranteed in the destination country USA. There is currently no equivalent level of data protection in the US. Therefore, the transmission is associated with corresponding risks. In particular, there are no guarantees regarding the failure of access to your transferred data by public authorities. For example it cannot be ruled out that US authorities may access your data on the basis of Section 702 of the Foreign Intelligence Surveillance Act (FISA; a law that governs the United States’ foreign intelligence and counter-espionage services). In this context, we expressly point out that you, as an EU citizen, do not have an effective legal protection against the processing of your data by US authorities on the basis of FISA. If you give your consent, you do so in the knowledge of these risks, which you consciously accept as a result. You can revoke your consent at any time by means of the cookie settings within this privacy policy, in which you only accept essential cookies.

Individual cookie settings

Use of social media

We maintain online presences within various so-called social media platforms. You can either reach our presences via search engines, via the platforms themselves or follow the links on our website. We would like to point out that on these platforms your data is partly processed by us and partly by the platform operators, which can sometimes also happen outside the european union. For the details of the processing, the risks and legal bases etc., please compare the data protection declarations linked below for the respective presences.

Facebook FanPage

Our data protection declaration as well as the information about the subject responsible (imprint) for our Facebook-FanPage can be found here: Use of social media | Facebook

YouTube channel

Our data protection declaration as well as the information about the subject responsible (imprint) for our YouTube channel can be found here: Use of social media | Youtube

Contact

When contacting us (e.g. via contact form, e-mail or via our Facebook account), your details will be processed in accordance with Art. 6 lit.b GDPR in order to process the request and in the event that follow-up questions arise. Your data will be deleted as soon as we have fully processed your request.
We also point out the following:

As a pharmaceutical company, we are legally obliged to report requests that describe drug and medical device safety-related events, to document them and, if necessary, to report them to the competent authorities. This notification may also include personal information, such as your name, place of residence, health claims or the like, if you have disclosed it explicitly and voluntarily to us. In order to obtain further information, it may be necessary for URSAPHARM to contact you. The legal basis for this data processing is Art. 6 sec.1 lit. c GDPR together with Section 3 MPSV or Section 63 c AMG. Furthermore, for reasons of pharmacovigilance, we are obliged in this case to store your data for at least 5 years for testing purposes in accordance with the legal requirements. After the end of the legal periods, your data will be deleted or anonymized.

Newsletter

We offer you a newsletter on our website (either permanently or, if applicable, only as part of trade fair, promotion or sweepstake promotions) to inform you about current topics (exclusive sweepstakes, product offers, general information, news, promotion and trade fair promotions, etc.).
You can register to receive the newsletter by entering your title, e-mail address and last name in our registration form on the website or in our registration form for the sweepstakes, so that we can verify the accuracy of your data. Your e-mail address will be activated for the distribution of our newsletter by means of a so-called opt-in procedure. After registration, you will receive a confirmation e-mail from us in which you must click on a link contained therein in order to finally register your address effectively.

The newsletter will be sent approximately six times a year to the e-mail address you have provided. We process your data on the basis of your consent (Art. 6 sec. 1 lit. a DSGVO) exclusively for sending the newsletter and delete it immediately after unsubscribing from our newsletter. When you confirm the link in the double opt-in email, the date and time of registration are also stored on the basis of our legitimate interest (i.e. to provide proof of registration; Art. 6 sec. 1 lit. f DSGVO) are stored.

We send our newsletter via the provider CleverReach (CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede). For this purpose, the data you provide is stored and transmitted to CleverReach in encrypted form. You can find more information about data security at CleverReach here: https://www.cleverreach.com/de/datensicherheit/
If you no longer wish to receive our newsletter, you can unsubscribe via the unsubscribe function contained in each newsletter or via the unsubscribe form contained on our website or by means of a link contained in the newsletter or by other communication to us.

Sweepstakes / Competitions

We sometimes host sweepstakes / competitions that we promote on our website and/or on our social media presences and to which you can register via a corresponding subpage on our website.

In this respect we cooperate with external agencies for the event. The details of the associated data processing can be found in the competition conditions. This includes the indication of the agency, which cooperates with us in the respective case and processes the data of the participants accordingly for the processing of the competition. The data will therefore be passed on to these agencies. Otherwise, no transfer will take place.

Participation in a competition usually requires the registration of participants with personal data, typically a title, first name, name and e-mail address. The data processing is carried out on the basis of your consent given for this purpose (Art. 6 sec.1 lit. a GDPR). The respective terms and conditions apply.

The winners will be published anonymously (i.e. first name, abbreviated last name, shortened place of residence) on our website. The data will be used solely for the purpose of the competition and will be deleted, with the exception of the winning data, after the winners have been determined. The winners’ data will also be processed for winning notification and for the dispatch of the winnings and then deleted. Only with your express consent will it be used beyond this purpose, e.g. for sending the newsletter.

We have committed the respective agencies that act in accordance with our instructions to comply with the data protection laws, also and in particular in the sense of the foregoing, and have concluded corresponding data processing contracts with them.

Your rights as data subjects

You can request information about the data stored about you at any time free of charge at the above address. In addition, under certain conditions, you may request the correction or deletion of your stored personal data. Furthermore, you may have the right to restrict the processing of your data as well as a right to the publication or transfer of the data provided by you in a structured, common and machine-readable format. If the processing of your personal data is based on your consent, there is also the right to revoke the consent at any time. This does not affect the legality of the processing carried out on the basis of consent until the revocation.
Right to object
You have the right to object at any time to the processing of your personal data, which is based on Article 6 sec. 1 lit. f) GDPR. In particular, an objection may be made to the processing for direct marketing purposes.

Right of appeal

You can also contact the above-mentioned data protection officer or a data protection supervisory authority with a complaint.

The supervisory authority responsible for us is:

Unabhängiges Datenschutzzentrum Saarland
Die Landesbeauftragte für Datenschutz und Informationsfreiheit

Fritz-Dobisch-Straße 12
66111 Saarbrücken
Telephone: (0681) 94781-0
Telefax: (0681) 94781-29
E-mail: poststelle@datenschutz.saarland.de

Transfer of data to a third country/outside the EU

If we transfer personal data to service providers outside the EU, we will only do so in accordance with Artt. 44 et seq. GDPR, i.e. in principle only if an adequate level of data protection has been confirmed to the third country by the EU Commission or if other adequate data protection safeguards (e.g. binding internal data protection rules or EU standard contractual clauses) are in place. Should we deviate from this exceptionally, we will always inform you in good time before the start of processing and start the processing only after your prior, explicit, informed consent (Art. 49 sec.1 lit. a GDPR).

Privacy Notices for Business Customers

Marketing
In the context of marketing campaigns (e.g. at trade fairs), we offer you the opportunity to be further informed about our company as well as about our products (for example by contacting us personally via e-mail or telephone or by ordering or sending information materials via post or e-mail).

In order to provide you with such further information or to contact you for advertising purposes, we need your relevant contact data. You can provide them to us, for example, by filling out a corresponding form or by supplying your business card.

We usually collect this data via a mobile app called Fanomena Leads. This was provided to us by the company Fanomena GmbH, Dudweilerstraße 71, 66111 Saarbrücken (https://fanomena.io/impressum/). The data collected with the app is stored and processed on a server of Fanomena GmbH on a cloud storage assigned to us alone. The servers are exclusively within the European Union. We have concluded an data processing contract with Fanomena. For more information about the app, see https://fanomena.io/leads/. Fanomena’s privacy policy can be found at https://fanomena.io/datenschutz/. The app is used on the basis of our legitimate interest in a structured and purpose-based processing of your data, Art. 6 sec.1 lit. f GDPR.

Data processing for marketing purposes is carried out – unless the data may be processed or further processed on the basis of our legitimate interest in accordance with Art. 6 sec. 1 lit. f GDPR (for example for the purpose of direct marketing) or any other legal basis (for example, for contractual or pre-contractual purposes in accordance with Article 6 sec. 1 lit. b GDPR) – on the basis of your consent in accordance with Article 6 sec. 1 lit. a GDPR). You can revoke your consent free of charge at any time.

Your data will be deleted after sending the information materials or after revocation of consent, unless the data may be further processed on the basis of our legitimate interest or any other legal basis. If you no longer wish to receive promotional e-mails from us, you can either inform us (see further below in this privacy policy) or unsubscribe via the unsubscribe form to which we link in our promotional e-mails.

Conclusion or execution of contracts
Furthermore, it is possible that we process personal data for the purpose of concluding or implementing contracts. The legal basis for such a processing of personal data for pre-contractual and contractual purposes is Art. 6 sec. 1 lit. b GDPR. The data will be deleted as soon as it is no longer necessary for the aforementioned purposes or for the fulfilment of legal, commercial or tax retention requirements (in this case, the respective statutory provisions in connection with Art. 6 sec. 1 lit. c GDPR serve as the legal basis for the processing. It may happen that personal data is retained for the time during which claims can be made against our company (legal limitation period of three or up to thirty years).

Job offers

Our website publishes Stellenangebote / job offers that you can apply for by e-mail. Applicants are responsible for the secure transfer of applications with personal data through these communication channels.

In order to be able to process the applications, we require minimum data resulting from the job advertisement. These are, for example, data such as names, address data and the documents belonging to the application, such as cover letter, resume and certificates. Further data can be submitted voluntarily.

We process the data provided by applicants only for the purposes of the application process. The legal basis for the processing of this data is the fulfillment of our pre-contractual obligations within the scope of the application procedure pursuant to Art. 6 (1) lit. b DSGVO in conjunction with Section 26 BDSG. An additional legal basis may arise from Art. 6 (1) lit. f DSGVO, insofar as data processing becomes necessary for us, for example, in the context of legal proceedings.

We process all data that applicants submit to us, e.g. name, address, e-mail address, telephone number, specific data of the application. By submitting such data, applicants consent to the processing of their data in accordance with this privacy policy.

If applicants voluntarily submit special categories of personal data pursuant to Art. 9 sec.1 DSGVO, we process this data in accordance with Art. 9 sec.2 lit. b DSGVO. If we request these special categories of data, the data will be processed in accordance with Art. 9 sec.2 lit. a DSGVO.

In the event of a successful application, the applicant data will be processed by us for the purpose of establishing an employment relationship in accordance with Art. 6 sec. 1 lit. b DSGVO in conjunction with § 26 BDSG.

Otherwise, the applicant’s data will only be stored by us for the duration of the application process and at the longest in accordance with the generally recognized and statutory retention periods. After this period or in the event that an application is withdrawn, the data will be deleted. As a rule, data is deleted no later than three months after the position has been filled, in order to be able to respond to any claims by applicants under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz). In the event of a claim under the General Equal Treatment Act, further data may also be stored until final clarification. Longer storage may also be possible in order to fulfill other legal obligations.

If an applicant consents, we include his or her applicant data in our applicant pool so that we can contact him or her in the event of future job openings. The legal basis for such data processing is the applicant’s voluntary informed consent pursuant to Art. 6 sec. 1 lit. a, Art. 7 DSGVO.

Applicants are informed that their consent to be included in the applicant pool is voluntary and has no influence on the current application process. They may revoke their consent at any time for the future and object to data processing in the applicant pool for the future in accordance with Art. 21 DSGVO. These declarations can be sent to the above address for data protection inquiries/to our data protection officer.

For the purpose of proper processing within the meaning of the foregoing, we use the software of the service provider coveto RECRUITING. This is a service provided to us as software-as-a-service (SaaS) by the provider coveto ATS GmbH, Zeppelinstraße 9, 63667 Nidda (cf. https://www.coveto.de/impressum). The software runs on the servers of the provider, where the data is also stored. These servers are exclusively data centers within Germany that have been checked by the Technical Control Board (Technischer Überwachungsverein = TÜV). The data connections are encrypted. You can read the details about data protection and data security at coveto under https://www.coveto.de/Datenschutz. The provider processes the data exclusively according to our instructions and not for his own purposes; a corresponding data processing contract has been concluded between us and the supplier.

Use of social media | Facebook

Facebook Fan Page | Imprint

URSAPHARM Arzneimittel GmbH
Industriestraße 35
66129 Saarbrücken

Legal:
URSAPHARM Arzneimittel GmbH is a limited liability company in accordance with the GmbH Gesetz (German Federal Act on Limited liability companies).
Managing Director: Frank Holzer, Dominik Holzer

Contact:
Phone: + 49 (0) 68 05 92 92-0
Fax: + 49 (0) 68 05 92 92-88
E-Mail: info@ursapharm.de
Internet: www.ursapharm.de

Supervisory authority:
Ministry of Social Affairs, Health, Women and Family (= Ministerium für Soziales, Gesundheit, Frauen und Familie)
Franz-Josef-Röder-Straße 23
66119 Saarbrücken
Telephone (0681) 501 00

Commercial register:
Saarbrücken District Court, HRB 18141
VAT ID number: DE 200 408 804

Responsible for content in accordance with Section 18 (2) MStV:
Barbara Sold, Industriestraße 35, 66129 Saarbrücken

Facebook Fan Page | Privacy Policy

We appreciate your visit on our Facebook fan page https://de-de.facebook.com/ursapharm/ (hereinafter also called “Page”) and the associated interest in our company. With the aim of providing you with the highest possible level of transparency, we will inform you below about the nature, scope and purpose of the collection, processing and storage of personal data that accrues in the context of the use of our Facebook fan page. The General Data Protection Regulation (hereinafter referred to as the “GDPR”) can be accessed here as a complete document. Of course, there is no obligation for you to provide us with personal data, but we would like to point out that this may be necessary for certain functions of our Facebook fan page and that you will not be able to use these functions in this case or only with restrictions. When you visit our Facebook fan page (even if you do not have a Facebook profile yourself), personal data is collected, processed, used and stored not only by us, but also by Facebook itself. This is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, Imprint: https://www.facebook.com/terms. The parent company of this Irish-based company is: Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA (hereinafter referred to as “Facebook”). Since not all individual data processing operations as well as their scope are known by us in detail, we refer to the data policy of Facebook, which can be accessed here, for certain points within this data protection declaration.

In addition, we expressly point out that your data may be transferred not only to Ireland but also to the USA and thus to an unsafe third country. There are currently no EU adequacy decision or any other appropriate guarantees for the US. The protection of your data cannot be guaranteed in the destination country USA. There is currently no equivalent level of data protection in the US. Therefore, the data transfer is associated with corresponding risks.

In particular, there are no guarantees regarding the failure of access to your transmitted data by public authorities. For example: it cannot be ruled out that US authorities may access your data on the basis of Section 702 of the Foreign Intelligence Surveillance Act (FISA; a law that governs the United States’ foreign intelligence and counter-espionage services). In this context, we expressly point out that you, as an EU citizen, do not have an effective legal protection against the processing of your data by US authorities on the basis of FISA. If you still use our Facebook fan page, you do so in the knowledge of these risks, which you consciously accept as a result.

Definition of terms
The following terms that we use within our privacy policy are defined within Article 4 GDPR. This is only an extract from Article 4 GDPR. All definitions can be viewed in the GDPR (available here).

  • Personal data (Art. 4 no. 1 GDPR)
    Personal means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processing (Art. 4 no. 2 GDPR)
    Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Pseudonymisation (Art. 4 No. 5 GDPR)
    Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  • Controller (Art. 4 no. 7 GDPR)
    Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processor (Art. 4 No. 8 GDPR)
    Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Third party (Article 4 No. 10 GDPR)
    Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • Consent (Art. 4 No. 11 GDPR)
    Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  • Enterprise (Art. 4 No. 18 GDPR)
    Enterprise means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.

Jointly responsible (Art. 4 no. 7 GDPR) in accordance with Article 26 GDPR
URSAPHARM Arzneimittel GmbH
Industriestraße 35
66129 Saarbrücken
Phone: + 49 (0) 68 05 92 92-0
Fax: + 49 (0) 68 05 92 92-88
E-Mail: info@ursapharm.de
Internet: www.ursapharm.de
Our complete imprint can be found here: Legal notice

Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbour,
Dublin 2 Ireland,
Imprint: https://www.facebook.com/terms
The parent company of this Irish-based company is: Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA.

The basis of the data processing is an agreement between us and Facebook in accordance with Art. 26 sec. 1 and 2 GDPR. You find it under the following link: https://www.facebook.com/legal/terms/page_controller_addendum. Pursuant to Article 26(3) GDPR, you may exercise your rights against both us and Facebook in accordance with this Privacy Policy.

Data protection supervisor
URSAPHARM Arzneimittel GmbH
z. Hd. of the Data Protection Supervisor
Industriestraße 35,
66129 Saarbrücken
You can reach our Data Protection Officer at the e-mail address datenschutz@ursapharm.de or by post at our aforementioned address.

Facebook
You can contact Facebook’s data protection officer using the following form: https://www.facebook.com/help/contact/540977946302970

Legal bases of processing
For any processing described within this Privacy Policy, we will always inform you of the appropriate legal basis on which the processing is carried out. A distinction is made between the following case groups where processing is lawful:

  • You have given us consent to the processing of personal data concerning you for one or more specific purposes (Art. 6 sec. 1 lit. a GDPR).
  • There is a contract between you and us for the fulfilment of which the processing takes place or the processing is necessary for the implementation of pre-contractual measures, which are carried out on your request (Art. 6 sec. 1 p. 1 lit. b GDPR).
  • The fulfilment of a legal obligation to which we are subject requires processing (Art. 6 sec. 1 p. 1 lit. c GDPR).
  • The protection of vital interests on your part or of another natural person requires processing (Art. 6 sec. 1 p. 1 lit. d GDPR).
  • The exercise of a task entrusted to us which is in the public interest or the exercise of official authority require processing (Art. 6 sec. 1 lit. e GDPR).
  • The necessity of the processing in order to safeguard our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and fundamental freedoms, which require the protection of personal data, predominate (Art. 6 sec. 1 p. 1 lit. f GDPR).

With regard to Facebook’s data processing, we refer to Facebook’s data policy, which you can access under the following link https://www.facebook.com/policy.php, as well as to Facebook’s cookie policy, which you can reach under the following link: https://www.facebook.com/policies/cookies/.

Storage of data / deletion of data
Within the processing as described in our privacy policy, we always inform you of the corresponding storage period or the times of deletion or blocking of the data. If no explicit storage period is defined, the data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies.

Storage can take place beyond the defined times if statutory regulations to which we are subject (e.g. Section 147 Tax Code (Abgabenordnung), Section 247 Commercial Code (Handelsgesetzbuch)) provide for a different storage period. After the storage period, the personal data will be deleted or blocked, unless further storage is required by us due to a legal basis. In addition, storage beyond the specified time is possible in the event of a (threatening) dispute with you or any other legal procedure. With regard to Facebook’s data storage or deletion, we refer to Facebook’s data policy, which you can access under the following link https://www.facebook.com/policy.php, as well as Facebook’s cookie policy, which you can reach under the following link: https://www.facebook.com/policies/cookies/.

Collection of personal data
In the following, we will inform you about the collection of personal data (such as name, e-mail address, address or user behaviour).

Exclusively informational use of our Facebook fan page (without log-in)
You can always access our Facebook fan page even if you do not have a Facebook profile or are not logged into it when you are access our fan page, whereby some functions (such as the Messenger) cannot be used here. We do not collect any data from you in this case. However, we would like to point out that data is collected by Facebook. At least the personal data that your browser transmits to the Facebook server will be collected.

This is usually data that is technically required to provide you with the site for viewing while ensuring a secure and stable display. To our knowledge, this means at least the following information, that results from a logfile line:

  • Internet protocol address (IP address)
  • Time and date of access
  • Time zone difference from Greenwich Mean Time (GMT)
  • The concretely accessed page
  • Access Status / Hypertext Transfer Protocol (http)
  • Amount of data that has been transferred in each case
  • Website from which access to our fan page takes place (referrer URL)
  • Used internet browser (incl. language and version)
  • Operating system used

For more information, we refer to Facebook’s data policy, which you can access under the following link https://www.facebook.com/policy.php. In addition, when you visit our fan page by Facebook, so-called cookies are stored on your used device, which enables Facebook to create user profiles through your preferences and interests, so that you can see targeted advertisements (both inside and outside of Facebook).

For more information, see Facebook’s cookie policy, which can be accessed under the following link: https://www.facebook.com/policies/cookies/. We would like to point out that you can prevent the storage of cookies at any time by setting your browser appropriately. Further information in this context we have compiled with regard to the most common browsers below, yet we point out that this may limit the functionality of our Facebook fan page.

Exclusively informational use of our Facebook fan page (with log-in)
If you visit our Facebook fan page while being logged into your Facebook profile, further personal data will be collected by Facebook in addition to the data mentioned in clause 6.1. For more information, see Facebook’s Privacy Policy, which can be accessed here: https://www.facebook.com/policy.php.

Use of special features of our Facebook fan page

  • Contact
    If you contact us via Facebook Messenger, we will receive the appropriate information. Contact details voluntarily provided by you (e.g. e-mail address or telephone number) will be stored and processed by us in order to process your request. This is done on the basis of our legitimate interest under Art. 6 sec. 1 lit. f GDPR.
    We also point out the following:

    As a pharmaceutical company, we are legally obliged to report requests that describe drug and medical device safety-related events, to document them and, if necessary, to report them to the competent authorities. This notification may also include personal information, such as your name, place of residence, health claims or the like, if you have disclosed it explicitly and voluntarily to us. In order to obtain further information, it may be necessary for URSAPHARM to contact you. The legal basis for this data processing is Art. 6 sec.1 lit. c GDPR together with Section 3 MPSV or Section 63 c AMG. Furthermore, for reasons of pharmacovigilance, we are obliged in this case to store your data for at least 5 years for testing purposes in accordance with the legal requirements. After the end of the legal periods, your data will be deleted or anonymized.
  • Commentary on a post
    If you make a comment under a post written by us, we will also receive information. We do not receive any further information or personal data, except those that are publicly available within your profile.
  • “Like-Me Button”
    If you mark a post with a “Like Me” button or one of the available emojis, we will also receive information. We do not receive any further information or personal data, except those that are publicly available within your profile.

Facebook Insights
By means of Facebook Insights (for more information on Facebook Insights, please visit: https://www.facebook.com/business/pages/manage#page_insights and the following link https://www.facebook.com/help/pages/insights) to provide us with anonymous statistics via our Facebook fan page. This is, for example, information about page subscriptions, likes, post coverage and post interactions, page views, page previews, actions on our site, videos, stories, people, news. For individual statistics, we can parameterise, e.g. by demographic data. We use these statistics to optimize our fan page and make it more suitable for demand. We do not have access to the usage data collected by Facebook for the production of these statistics by means of cookies. The legal basis for the processing of this data is our legitimate interest under Art. 6 sec. 1 lit. f) GDPR to achieve an improvement of the user experience of our Fanpage visitors in accordance with target groups.

Facebook Ads
We run ads on Facebook. In order to be able to use our advertising as targeted as possible, we define target groups by means of Custom Audiences (further information: https://www.facebook.com/business/help/744354708981227?id=2469097953376494).
For this purpose, we only use the sources that Facebook provides to us. Information from other sources or even from customer lists or offline contacts are not used by us in any case.
Furthermore, we are able to create a specific target group based on the Audience Insights of Facebook (further information: https://www.facebook.com/business/insights/tools/audience-insights) by parameterizing demographic data collected via Facebook.
We do not have access to the usage data collected by Facebook for the production of these statistics by means of cookies. We use these tools to tailor our advertising to your needs. The legal basis for the processing of this data is our legitimate interest under Art. 6 sec. 1 lit. f) GDPR to supply a demand-oriented and effective advertising. The following page allows you to set ad settings on Facebook and thus not allow certain ads: https://www.facebook.com/ads/preferences/. We are able to display the perfomance of our advertisements through the Ad Center. Among other things, we receive information about the estimated reach (number of people who have viewed our ad at least once), the post interactions (total number of actions performed by persons in connection with our ads) and the link clicks (number of clicks on links within our ad). Within the Ad Manager, we receive additional detailed information so that we can break down our various campaigns using various anonymous metrics (including demographic data) to obtain information on results, reach, or impressions.

Sweepstakes/Competitions
We create sweepstakes/competitions for our Facebook fans. For each one, we provide terms of use that are in accordance with Facebook’s guidelines (https://www.facebook.com/policies/pages_groups_events/.

If participation is made by a private message via Facebook Messenger, contact details provided by you (e.g e-mail address or telephone number) are stored by us on the basis of our legitimate interest in accordance with Art. 6 sec. 1 lit. f GDPR to conduct our competition. As soon as the competition is completed, this data will be deleted immediately. The winner will also be informed of his winnings via Facebook Messenger. Name and profile will not be published.
Your rights
In the following, we will clarify your rights under the GDPR. The GDPR can be retrieved here as a complete document.

  • Right to information under Art. 15 sec. 1 GDPR
    You have the right to request confirmation from us as to whether you personal data is processed by us. If this is the case, you have a right to information about these personal data, in addition to the right to information about processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your personal data has been disclosed or will be disclosed in the future (in particular for recipients in third countries or international organisations), the storage period or the duration of storage. Criteria for determining the retention period, the existence of a right of rectification or erasure of the personal data concerning you or the right to restrict the processing on our part, as well as the existence of a right of objection to such processing, the existence of a right of appeal to a supervisory authority, all available information on the origin of the data (in the event that it was not collected by us), the existence of automated decision-making, including profiling and, where applicable, meaningful information on the logic involved, such processing.
  • Right to rectification under Article 16 GDPR
    You have the right to request from us without delay the correction of inaccurate personal data as well as the completion of incomplete personal data concerning you.
  • Right to erasure (“right to be forgotten”) under Article 17(1) GDPR
    You have the right to request that we delete the personal data concerning you immediately. However, under Article 17(3) GDPR, that right does not exist where processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest in the field of public health, for archival purposes in the public interest or for the assertion, exercise or defence of legal claims.
  • Right to restrict processing under Article 18(1) GDPR
    You have the right to request from us to restrict the processing of your personal data if you dispute the accuracy of your personal data (the restriction applies to the duration that allows us to verify the accuracy), the processing of your personal data is unlawful and you refuse it to be deleted, we no longer need your personal data for the processing purposes, however, you need them to assert, exercise or defend legal claims or you have objected to the processing under Article 21(1) GDPR (the restriction applies for the duration, as long as it is not established whether our legitimate reasons outweigh yours).
  • Right to data portability under Article 20 GDPR
    You have the right to receive the personal data concerning you from us in a structured, common and machine-readable format, as well as to make a transfer to another controller without hindrance on our part (or to request a direct transfer from us to another controller, if technically possible) if the processing by us was based on a consent or a contract or was carried out by automated procedures.
  • Right to revoke consents given in accordance with Art. 7 sec. 3 GDPR
    You have the right to revoke a given consent to us at any time with effect for the future, so that the data processing, which was carried out on the basis of your consent, can no longer be continued for the future, but the legality of the processing carried out up to your revocation is not affected by this.
  • Right to appeal under Article 77 GDPR
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or the place of the alleged infringement. Further information is available on the website of the Federal Commissioner for Data Protection and Freedom of Information at: https://www.bfdi.bund.de

Right to object
In addition to the aforementioned rights, you also have the right to object at any time against the processing of your personal data, which takes place on the basis of the performance of a task that takes place in the public interest or in the exercise of official authority (Art. 6 sec. 1 p. 1 lit. e GDPR) or to safeguard legitimate interests on our part (Art. 6 sec. 1 p. 1 lit. f GDPR), provided that there are grounds for this which arise from your particular situation. In the event of an objection, no further processing of your personal data will be carried out unless we can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or unless the processing serves to assert, exercise or defend legal claims. In the case of the processing of your personal data for the purpose of direct marketing or profiling, if there is a connection to direct marketing, you have a general right to object, without the need for reasons arising from your particular situation. In the event of an objection, we shall immediately stop processing the personal data for these purposes.

To exercise your right of withdrawal or objection, please send an e-mail to: datenschutz@ursapharm.de or contact Facebook’s data protection officer using the following form:

https://www.facebook.com/help/contact/540977946302970

Use of social media | YouTube

YouTube | Imprint

URSAPHARM Arzneimittel GmbH

Industriestraße 35

66129 Saarbrücken

Legal:

URSAPHARM Arzneimittel GmbH is a limited liability company in accordance with the GmbH Gesetz (German Federal Act on Limited liability companies).

Managing Director: Frank Holzer, Dominik Holzer

Contact:

Phone: + 49 (0) 68 05 92 92-0

Fax: + 49 (0) 68 05 92 92-88

E-Mail: info(at)ursapharm.de

Internet: www.ursapharm.de

Supervisory authority:

Ministry of Social Affairs, Health, Women and Family (= Ministerium für Soziales, Gesundheit, Frauen und Familie)

Franz-Josef-Röder-Straße 23

66119 Saarbrücken

Telephone (0681) 501 00

Commercial register:

Saarbrücken District Court, HRB 18141

VAT ID number: DE 200 408 804

Responsible for content in accordance with Section 18 (2) MStV:

Barbara Sold, Industriestraße 35, 66129 Saarbrücken

YouTube channel | Privacy Policy

We appreciate your visit to our YouTube channel https://www.youtube.com/channel/UCkQE97qt1PtrfwhkGe1MH2Q (hereinafter also referred to as “Page”) and the associated interest in our company. With the aim of providing you with the highest possible degree of transparency, we will inform you below about the nature, scope and purpose of the collection, processing and storage of personal data that accrues in the context of the use of our site. The General Data Protection Regulation (hereinafter referred to as the “GDPR”) can be accessed here as a complete document. Of course, there is no obligation for you to provide us with personal data, but we would like to point out that this may be necessary for certain functions of our YouTube channel and that you will not be able to use these functions in this case or only with restrictions. When you visit our YouTube channel (even if you do not have a YouTube or Google account), personal data is collected, processed, used, and stored not only by us, but also by YouTube itself. This is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland, imprint: https://www.youtube.com/t/impressum?hl=de&gl=DE. The parent company of this Irish-based company is: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to uniformly as “Google” or “YouTube”). Since not all individual data processing operations as well as their scope are known by us in detail, we refer to the data policy of Google, which can be accessed here, for certain points within this data protection declaration.

In addition, we expressly point out that your data may be transferred not only to Ireland but also to the USA and thus to an unsafe third country. There currently are no EU adequacy decision or any other appropriate guarantees for the US. The protection of your data cannot be guaranteed in the destination country USA. There is currently no equivalent level of data protection in the US. Therefore, the data transfer is associated with corresponding risks. There are no guarantees regarding the failure of access to your transmitted data by public authorities. For example: it cannot be ruled out that US authorities may access your data on the basis of Section 702 of the Foreign Intelligence Surveillance Act (FISA; a law that governs the United States’ foreign intelligence and counter-espionage services). In this context, we expressly point out that you, as an EU citizen, do not have an effective legal protection against the processing of your data by US authorities on the basis of FISA. If you still use our YouTube channel, you do so in the knowledge of these risks, which you consciously accept as a result.

Definition of terms

The following terms that we use within our privacy policy are defined within Article 4 GDPR. This is only an extract from Article 4 GDPR. All definitions can be viewed in the GDPR (available here).

Personal data (Art. 4 no. 1 GDPR)

Personal means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing (Art. 4 no. 2 GDPR)

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Pseudonymization (Art. 4 No. 5 GDPR)

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller (Art. 4 no. 7 GDPR)

Controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor (Art. 4 No. 8 GDPR)

Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Third party (Article 4 No. 10 GDPR)

Third party means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent (Art. 4 No. 11 GDPR)

Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Enterprise (Art. 4 No. 18 GDPR)

Enterprise means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.

Joint responsibility (Art. 4 no. 7 GDPR) in accordance with Article 26 GDPR

URSAPHARM Arzneimittel GmbH
Industriestraße 35
66129 Saarbrücken
Phone: + 49 (0) 68 05 92 92-0
Fax: + 49 (0) 68 05 92 92-88
E-Mail: info(at)ursapharm.de
Internet: www.ursapharm.de
Our complete imprint can be found here: https://www.ursapharm.de/en/impressum/

Google Ireland Limited

Gordon House, Barrow Street
Dublin 4, Ireland
E-Mail: support-deutschland@google.com
Phone: +353 1 543 1000
Fax: +353 1 686 5660
Imprint: https://www.youtube.com/t/impressum?hl=de&gl=DE

The parent company of this company, which is established in Ireland, is:

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

The agent for service for Google Ireland Limited within the meaning of Section 5 (1) NetzDG and Section 92 MStV and Section 21 (2) JMStV is:

Google Germany GmbH, – Legal Department -, ABC-Straße 19, 20354 Hamburg.

Data protection supervisor

URSAPHARM Arzneimittel GmbH
z. Hd. des Datenschutzbeauftragten
Industriestraße 35,
66129 Saarbrücken

You can reach our Data Protection Officer at the e-mail address datenschutz@ursapharm.de  or by post at our aforementioned address.

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
Data Protection Supervisor
E-Mail: support-deutschland@google.com
Phone: +353 1 543 1000
Fax: +353 1 686 5660
Imprint: https://www.youtube.com/t/impressum?hl=de&gl=DE

The parent company of this company, which is established in Ireland, is:

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Legal bases of processing

For any processing described within this Privacy Policy, we will always inform you of the appropriate legal basis on which the processing is carried out. A distinction is made between the following case groups where processing is lawful:

  • You have given us consent to the processing of personal data concerning you for one or more specific purposes (Art. 6 sec. 1 lit. a GDPR).
  • There is a contract between you and us for the fulfilment of which the processing takes place or the processing is necessary for the implementation of pre-contractual measures, which are carried out on your request (Art. 6 sec. 1 p. 1 lit. b GDPR).
  • The fulfilment of a legal obligation to which we are subject requires processing (Art. 6 sec. 1 p. 1 lit. c GDPR).
  • The protection of vital interests on your part or of another natural person requires processing (Art. 6 sec. 1 p. 1 lit. d GDPR).
  • The exercise of a task entrusted to us which is in the public interest or the exercise of official authority require processing (Art. 6 sec. 1 lit. e GDPR).
  • The necessity of the processing in order to safeguard our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and fundamental freedoms, which require the protection of personal data, predominate (Art. 6 sec. 1 p. 1 lit. f GDPR).

With regard to Google’s data processing, we refer to Google’s privacy policy, which you can access at the following link https://policies.google.com/privacy?hl=de,  as well as to the legal framework for data transfer, which Google explains on this page:  https://policies.google.com/privacy/frameworks?hl=de.  We also refer to the “basics of data protection in YouTube apps”:  https://support.google.com/youtube/answer/10364219

Storage of data / deletion of data

Within the processing as described in our privacy policy, we always inform you of the corresponding storage period or the times of deletion or blocking of the data. If no explicit storage period is defined, the data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies.

Storage can take place beyond the defined times if statutory regulations to which we are subject (e.g., Section 147 Tax Code (Abgabenordnung), Section 247 Commercial Code (Handelsgesetzbuch)) provide for a different storage period. After the storage period, the personal data will be deleted or blocked, unless further storage is required by us due to a legal basis. In addition, storage beyond the specified time is possible in the event of a (threatening) dispute with you or any other legal procedure. With regard to Google’s data processing, we refer to Google’s privacy policy, which you can access at the following link https://policies.google.com/privacy?hl=de,in particular the item “Retention of your information”, which you can access here:  https://policies.google.com/privacy?hl=de#inforetaining and the legal framework for data transfer, which Google explains on this page:  https://policies.google.com/privacy/frameworks?hl=de. We also refer to the “basics of data protection in YouTube apps”:  https://support.google.com/youtube/answer/10364219

Collection of personal data

In the following, we will inform you about the collection of personal data (such as name, e-mail address, address, or user behavior).

Exclusively informational use of our YouTube channel (without log-in)

You can also access our YouTube channel if you do not have a YouTube or Google profile or are not logged into it when accessed, although some functions (such as commenting posts, “like-me” marking of videos and subscription to channels) cannot be used here. We do not collect any data from you in this case. However, we would like to point out that data is collected by Google. At least the personal data that your browser transmits to the Google server will be collected. This is usually data that is technically required to provide you with the site for viewing while ensuring a secure and stable display. To our knowledge, this is at least the following information, which results from a logfile line:

  • Internet protocol address (IP address)
  • Time and date of access
  • Zeitzonendifferenz zur Greenwich Mean Time (GMT)
  • The concretely accessed page
  • Access Status / Hypertext Transfer Protocol (http)
  • Amount of data that has been transferred in each case.
  • Website from which access to our channel takes place (referrer URL)
  • Used internet browser (incl. language and version)
  • Operating system used.

For more information, please refer to Google’s Privacy Policy, which you can access at the following link https://policies.google.com/privacy?hl=de. We also refer to the “basics of data protection in YouTube apps”:  https://support.google.com/youtube/answer/10364219.

In addition, when you visit our channel Google will store so-called cookies on your used device, which allow Google to create user profiles based on your preferences and interests, so that you can see targeted advertising (both inside and outside YouTube). Regarding the management of the privacy settings for advertisements and other points in this context, we refer to the corresponding sub-item “Ads in YouTube Videos” within the privacy settings: https://support.google.com/youtube/answer/3181017.

For more information, see the “How Google uses Cookies” subpage, which can be found at the following link: https://policies.google.com/technologies/cookies?hl=de. We would like to point out that you can prevent the storage of cookies at any time by setting your browser appropriately. Further information in this context we have compiled with regard to the most common browsers below but point out that this may limit the functionality of our YouTube channel.

Exclusively informational use of our YouTube channel (with log-in)

If you access our YouTube channel and are logged into your account, further personal data may be collected by Google in addition to the data mentioned in clause 6.1. For more information, please refer to Google’s Privacy Policy, which you can access at the following link https://policies.google.com/privacy?hl=de. We also refer to the “basics of data protection in YouTube apps”:  https://support.google.com/youtube/answer/10364219

Use of special features of our YouTube channel.

  • Contact
    If you contact us via the e-mail address provided within our channel or imprint, your e-mail address will be stored and processed by us together with any other data you may have voluntarily provided (e.g., name, telephone number, etc.) in order to process your request. This is done on the basis of our legitimate interest under Art. 6 sec. 1 lit. f GDPR.
    We also point out the following:

    As a pharmaceutical company, we are legally obliged to report requests that describe drug and medical device safety-related events, to document them and, if necessary, to report them to the competent authorities. This notification may also include personal information, such as your name, place of residence, health claims or the like, if you have disclosed it explicitly and voluntarily to us. In order to obtain further information, it may be necessary for URSAPHARM to contact you. The legal basis for this data processing is Art. 6 sec.1 lit. c GDPR together with Section 3 MPSV or Section 63 c AMG. Furthermore, for reasons of pharmacovigilance, we are obliged in this case to store your data for at least 5 years for testing purposes in accordance with the legal requirements. After the end of the legal periods, your data will be deleted or anonymized.
  • Commenting on a video
    If you make a comment under a video uploaded by us, we will not receive any further information or personal information other than those that are publicly available within your profile.

Ads on our YouTube channel

On our channel you may see advertisements from third parties when you watch one of our videos. Regarding the management of the privacy settings for advertisements and other points in this context, we refer to the corresponding sub-item “Ads in YouTube Videos” within the privacy settings: https://support.google.com/youtube/answer/3181017.

YouTube Analytics

Google provides us with anonymous statistics about our videos using YouTube Analytics (for more information at: https://support.google.com/youtube/answer/6085583?hl=de). This is, for example anonymous information about page views, access sources, or demographic data.  For individual statistics we can perform a parameterization. These statistics we use to optimize our YouTube channel and make it more demand oriented. We do not have access to the usage data collected by Google to produce these statistics using cookies or other technologies. The legal basis for the processing of this data is our legitimate interest under Art. 6 sec. 1 lit. f) GDPR to achieve an improvement of the user experience of our YouTube channel in accordance with target groups.

Connecting our YouTube channel to Google Analytics

We have connected our YouTube channel to the Google Analytics service. This allows us to perform a more comprehensive analysis of our YouTube channel. Google Analytics is a web tracking tool of the company Google (further information can be found here: (https://marketingplatform.google.com/intl/de/about/analytics/), which also operates YouTube itself (see above).

The following also applies to processing using Google Analytics:

In addition to Ireland, your data will also be transferred to the USA and thus to an unsafe third country. There are currently no EU adequacy decision or any other appropriate guarantees for the US. The protection of your data cannot be guaranteed in the destination country USA. There is currently no equivalent level of data protection in the US. Therefore, the data transfer is associated with corresponding risks. In particular, there are no guarantees regarding the failure of access to your transferred data by public authorities. For example, it cannot be ruled out that US authorities may access your data on the basis of Section 702 of the Foreign Intelligence Surveillance Act (FISA; German such as “Foreign Intelligence Surveillance Act”, a law that governs the United States’ foreign intelligence and counter-espionage services). In this context, we expressly point out that you, as an EU citizen, do not have an effective legal protection against the processing of your data by US authorities on the basis of FISA.  The legal basis for this transfer of data are pre-contractual measures (Article 49 sec. 1 p. 1 b) GDPR).

Furthermore, we would like to point out that you can prevent the storage of cookies at any time by setting your browser appropriately. Further information in this context we have compiled with regard to the most common browsers below but point out that this may limit the functionality of our YouTube channel.

You can also download a browser add-on to disable Google Analytics under the following link: https://tools.google.com/dlpage/gaoptout?hl=de. By installing the add-on, you prevent the collection and processing of the data collected by the cookie by Google. If you have given your consent and the storage of cookies in your browser is not prevented, your use of the website is analyzed by means of Google Analytics using cookies. In this respect, we have concluded a corresponding contract for data processing with the company Google. In general, the information generated by the cookies is transmitted and stored to a Google server in the USA. We use Google Analytics with a code extension to ensure that your IP address is only processed in a truncated manner and that rough localization is possible, but that personal data can be excluded. It is possible for Google to merge the IP address transmitted by your browser with other data from Google, e.g., with data from your Google account. We would like to point out that the data processing is mainly carried out by Google and not all data is anonymous. In addition, Google may link to other data on your part, such as your search history, personal accounts, usage data and any other data that Google has about you.

Learn about your Google Account’s privacy settings: https://safety.google/intl/de/privacy/privacy-controls/.

With privacy settings, you can decide for yourself what data is stored in your Google Account. In individual cases, the unabridged (and therefore not anonymized) IP address is transmitted to the USA and truncated accordingly. Google uses the data provided to evaluate the use of the channel, so that we have access to relevant statistics (e.g., about the activities on the website). Google itself uses this data for any of its own purposes, such as profiling. In addition to Google, this data is also accessed by public authorities.

We have agreed to the Google Measurement Controller Data Protection Terms, which govern a joint responsibility in accordance with Article 26 GDPR of Google as well as us (see here: https://support.google.com/analytics/answer/9012600).

Connection of our YouTube channel to our Google Ads account

We have connected our YouTube channel with our Google Ads account. This allows us to publish Google Ads advertisements on YouTube. We only receive anonymous statistics regarding these advertisements via Google Ads, through which an assignment to persons is not possible. Regarding the management of the privacy settings for advertisements and other points in this context, we refer to the corresponding sub-item “Ads in YouTube Videos” within the privacy settings:  https://support.google.com/youtube/answer/3181017.

Your rights

In the following, we will clarify your rights under the GDPR. The GDPR can be retrieved here as a complete document.

  • Right to information under Art. 15 sec. 1 GDPR
    You have the right to request confirmation from us as to whether you personal data is processed by us. If this is the case, you have a right to information about these personal data, in addition to the right to information about processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your personal data has been disclosed or will be disclosed in the future (in particular for recipients in third countries or international organisations), the storage period or the duration of storage. Criteria for determining the retention period, the existence of a right of rectification or erasure of the personal data concerning you or the right to restrict the processing on our part, as well as the existence of a right of objection to such processing, the existence of a right of appeal to a supervisory authority, all available information on the origin of the data (in the event that it was not collected by us), the existence of automated decision-making, including profiling and, where applicable, meaningful information on the logic involved, such processing.
  • Right to rectification under Article 16 GDPR
    You have the right to request from us without delay the correction of inaccurate personal data as well as the completion of incomplete personal data concerning you.
  • Right to erasure (“right to be forgotten”) under Article 17(1) GDPR
    You have the right to request that we delete the personal data concerning you immediately. However, under Article 17(3) GDPR, that right does not exist where processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest in the field of public health, for archival purposes in the public interest or for the assertion, exercise or defence of legal claims.
  • Right to restrict processing under Article 18(1) GDPR
    You have the right to request from us to restrict the processing of your personal data if you dispute the accuracy of your personal data (the restriction applies to the duration that allows us to verify the accuracy), the processing of your personal data is unlawful and you refuse it to be deleted, we no longer need your personal data for the processing purposes, however, you need them to assert, exercise or defend legal claims or you have objected to the processing under Article 21(1) GDPR (the restriction applies for the duration, as long as it is not established whether our legitimate reasons outweigh yours).
  • Right to data portability under Article 20 GDPR
    You have the right to receive the personal data concerning you from us in a structured, common and machine-readable format, as well as to make a transfer to another controller without hindrance on our part (or to request a direct transfer from us to another controller, if technically possible) if the processing by us was based on a consent or a contract or was carried out by automated procedures.
  • Right to revoke consents given in accordance with Art. 7 sec. 3 GDPR
    You have the right to revoke a given consent to us at any time with effect for the future, so that the data processing, which was carried out on the basis of your consent, can no longer be continued for the future, but the legality of the processing carried out up to your revocation is not affected by this.
  • Right to appeal under Article 77 GDPR
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or the place of the alleged infringement. Further information is available on the website of the Federal Commissioner for Data Protection and Freedom of Information at: https://www.bfdi.bund.de

Right to object

In addition to the aforementioned rights, you also have the right to object at any time against the processing of your personal data, which takes place on the basis of the performance of a task that takes place in the public interest or in the exercise of official authority (Art. 6 sec. 1 p. 1 lit. e GDPR) or to safeguard legitimate interests on our part (Art. 6 sec. 1 p. 1 lit. f GDPR), provided that there are grounds for this which arise from your particular situation. In the event of an objection, no further processing of your personal data will be carried out unless we can prove compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms or unless the processing serves to assert, exercise or defend legal claims. In the case of the processing of your personal data for the purpose of direct marketing or profiling, if there is a connection to direct marketing, you have a general right to object, without the need for reasons arising from your particular situation. In the event of an objection, we shall immediately stop processing the personal data for these purposes.

To exercise your right of withdrawal or objection, please send an e-mail to: datenschutz@ursapharm.de  or contact Google using the contact details specified in section 2.