Privacy Policy

Our company values the protection of personal data and respects your wish for privacy. In the following, we inform you about the collection of personal data when using our website. If you have any further questions regarding the handling of your personal data, please do not hesitate to contact our data protection officer.

1. Person responsible

The responsible party within the meaning of the General Data Protection Regulation (GDPR) is:
Ichthyol-Gesellschaft
Cordes, Hermanni & Co. (GmbH & Co.) KG
Sportallee 85
22335 Hamburg
Germany

2. How to contact the data protection officer

You can reach our data protection officer at datenschutz@ichthyol.de or at our postal address with the addition of “the data protection officer”.

3. Legal basis of our data processing

The processing of personal data can be based on various legal bases.

If we need your data to fulfill a contract with you or to respond to inquiries from you regarding a contract, the legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b GDPR. If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1. p. 1 lit. a GDPR. We carry out some data processing on the basis of our legitimate interest, always weighing your interests worthy of protection against our legitimate interests. The legal basis for this is Art. 6 para. 1 p. 1 lit. f GDPR. Insofar as processing is necessary for the fulfillment of a legal obligation to which we are subject, the legal basis is Art. 6 (1) p. 1 lit. c GDPR.

In the following, we explain how we process personal data via our website.

3.1 Data processing when calling up the website

During the informational use of the website, i.e. if you do not contact us via the online form or otherwise transmit information to us, we collect the following technical information (log file data):

– Operating system of the end device with which you visit our website
– browser (type, version & language settings)
– the amount of data retrieved
– the current IP address of the end device with which you visit our website
– date and time of access
– the URL of the previously visited website (referrer)
– the URL of the (sub)page you are accessing on the website
– the Internet service provider of the accessing system

The collection of this data is technically necessary to display our website and to ensure stability and security. We (and our service provider) do not necessarily know who is behind an IP address. We do not combine the data listed above with other data.

The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Since the collection of data for the provision of the website and the storage in log files are absolutely necessary for the operation of the website and to prevent unauthorized use, our legitimate interest in data processing prevails at this point.

3.2 Contacting us by e-mail or contact form

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 para. 1 p. 1 lit. f GDPR.

Insofar as we request input via our contact form which is not required for contacting you, we have always marked this as optional. This information serves us to specify your request and to improve the processing of your request. A communication of this information is expressly on a voluntary basis and with your consent, Art. 6 para. 1 p. 1 lit. a GDPR. Insofar as this involves information on communication channels (for example, e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to respond to your request. You can, of course, revoke this consent at any time for the future.

Your data, which we have received in the course of contacting you, will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you.

4. Use of cookies

Cookies is data which is stored on your computer by a website you visit and which enable your browser to be reassigned. Cookies transmit information to the entity that sets the cookie. Cookies can store various information, such as your language preference, the duration of your visit to our website or the entries you have made there. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective.

4.1 Transient cookies

These cookies are automatically deleted when you close the browser. These include, in particular, the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

4.2 Persistent cookies

These cookies are deleted automatically after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

5 Google Web Fonts (Offline Version)

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. We have opted for the offline variant, in which the Google Fonts are stored locally on our web server. The management of the fonts is then possible – using CSS – as with any other font family. A transmission of the IP address and other data to Google does not take place.

The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offerings with regard to efficiency and cost-saving considerations. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer.

You can find more information on Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/

6. Information for professionals and registration via DockCheck

For pharmacists or physicians (specialists) we offer the possibility to retrieve specialist-specific information in a protected area.

6.1 Registration by fax

If you wish to register with us directly, you can send us a fax with your job title, workplace address and, if applicable, e-mail address in case you wish to be contacted. We process this data only for the purpose of registering you for our protected area and, if necessary, for contacting you.

The legal basis for the processing is Art. 6 para. lit. f GDPR. It is in our legitimate interest to grant you access to our area for professionals at your own request and to contact you if you wish.

We store your data as long as your registration exists. If you would like us to delete your data, please contact our data protection officer.

6.2 Registration via DocCheck

Access to the area provided for professionals is also possible via a DocCheck account. DocCheck is an offer of DocCheck Medical Services GmbH, Vogelsanger Str. 66, D-50823 Cologne (“DocCheck”). The verification of user name and password takes place directly on servers of DocCheck. DocCheck only passes on data from you to us if you have explicitly agreed to this process. We use DocCheck in the so-called standard process. During this process no data transfer from DocCheck to us takes place.

If you register or log in to our protected area via DocCheck, the following data will be processed by DocCheck Medical Services GmbH, Vogelsanger Str. 66, D-50823 Cologne:

When using DocCheck, the agreements between you and DocCheck apply. You can find more detailed information at: https://more.doccheck.com/de/terms

For information on the duration of data storage, legal basis and assertion of your rights, please refer to www.info.doccheck.com/de/privacy/.

7. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). The use includes the operating mode Google Analytics 4.

Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transmitted to a Google server in the USA and stored there.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

During your website visit, your user behavior is recorded in the form of “events”. Events can be:

– Page views
– First visit to the website
– Start of session
– Your “click path”, interaction with the website
– Scrolls (whenever a user scrolls to the bottom of the page (90%))
– clicks on external links
– internal search queries
– interaction with videos
– seen / clicked ads

Also recorded:

– Your approximate location (region)
– your IP address (in shortened form)
– technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
– your internet service provider
– the referrer URL (via which website/advertising medium you came to this website)

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your pseudonymous use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. If applicable, you are not entitled to any legal remedies against access by authorities.

The data sent by us and linked to cookies will be automatically deleted after 14 months at the latest. The deletion of data whose retention period has been reached takes place automatically once a month.

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a GDPR. The consent can be revoked at any time.

For more information on the terms of use of Google Analytics and data protection at Google, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.

Change privacy settings
Revoke consents

8. Real cookie banner

This website uses the cookie consent technology “Real Cookie Banner” to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and in order to document this in accordance with data protection law. The provider of this technology is devowl.io GmbH, Tannet 12, 94539 Grafling, website (hereinafter “Real Cookie Banner”).

When you access our website, the following personal data is transferred to Real Cookie Banner:

– Your consent(s) or revocation of your consent(s).
– Your IP address
– Information about your browser
– Information about your terminal device
– Time of your visit to the website

Furthermore, Real Cookie Banner stores a cookie in your browser in order to be able to assign the consent(s) granted to you or their revocation.

The legal basis for this is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest is the user-friendliness of the website as well as the fulfillment of the legal requirements from the GDPR.
For more information, please visit: https://devowl.io/de/wordpress-real-cookie-banner/

9. Google Tag Manager

We use the Google Tag Manager of the provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA on our website. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Tag Manager facilitates the integration and management of our tags. Tags are small pieces of code that are used to, among other things, measure traffic and visitor behavior, track the impact of online advertising and social channels, set up remarketing and audience targeting, and test and optimize websites. Through the tags, the Tag Manager collects relevant information for the services that we have built into our website through Google Tag Manager. The services may be necessary website elements or third-party analytics and marketing tools.

A processing of the collected end device information and personal data does not take place through the Google Tag Manager itself, rather the data is forwarded to the respective third-party provider. The forwarding initiated by the Google Tag Manager constitutes processing within the meaning of Art. 4 No. 2 GDPR.

Insofar as not only technically necessary website elements from third-party providers are integrated via the Google Tag Manager, but also an integration of marketing and analysis tools takes place, the Google Tag Manager can also be classified as an analysis service or a marketing service.

We use the Tag Manager for the Google Analytics service. Data processing by the Google Tag Manager is thus based on your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR.

For further information on the Google Tag Manager see: https://www.google.com/intl/de/tagmanager/use-policy.html.

10. Applications

You can apply to our company electronically, e.g. via e-mail. Please note that unencrypted e-mails are not transmitted with access protection.

Your details will be used for processing your application and deciding whether to establish an employment relationship. The legal basis is § 26 para. 1 in conjunction with. Abs. 8 S.2 BDSG. Furthermore, your personal data may be processed insofar as this should be necessary for the defense of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 p.1 lit. f GDPR. The stated purposes also constitute the legitimate interest in the processing.

Insofar as an employment relationship arises between you and us, we may, in accordance with Section 26 (1) BDSG, further process the personal data already received from you for the purposes of the employment relationship if this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the employee representation resulting from a law or a collective agreement, a company or service agreement (collective agreement).

Your application data will not be processed beyond the described use.

Your personal data will be deleted after completion of the application process after 6 months at the latest, provided that no other legitimate interests on our part oppose deletion or you have not given us your consent for longer storage. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

11. Data transmission

A transfer of your data to third parties will not take place except in the cases mentioned, unless we are legally obliged to do so, or the data transfer is necessary for the implementation of the contractual relationship, or you have previously expressly consented to the transfer of your data.

External service providers and partner companies such as IT service providers will only receive your data to the extent necessary to process your order. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers come into contact with your personal data, we ensure within the framework of order processing pursuant to Art. 28 GDPR that they comply with the provisions of data protection laws in the same manner. Please also note the respective data protection notices of the providers. The respective service provider is responsible for the content of third-party services, whereby we check within the scope of reasonableness that the services comply with the legal requirements.

We attach importance to processing your data within the EU / EEA. However, it may happen that we use service providers who process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient before transferring your personal data.

12. Data security

We have implemented extensive technical and operational safeguards to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

13. Your rights

You have the following rights vis-à-vis us with regard to personal data concerning you. To exercise your above rights, please contact us by email at datenschutz@ichthyol.de or by mail at:

The Data Protection Officer
Ichthyol-Gesellschaft
Cordes, Hermanni & Co. (GmbH & Co.) KG
Sportallee 85
22335 Hamburg
Germany

13.1 General rights

We will gladly provide you with information as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR. In addition, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal conditions.

In addition, you have the right to complain to a competent data protection supervisory authority about the processing of your personal data by us if you believe that the processing of your personal data violates data protection regulations.

13.2 Rights in the case of data processing according to the legitimate interest

Pursuant to Article 21 (1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) sentence 1 lit. e GDPR (data processing in the public interest) or on the basis of Article 6 (1) sentence 1 lit. f GDPR (data processing for the protection of a legitimate interest). In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If personal data are processed for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerned for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.