Data protection

Of Hevert-Arzneimittel GmbH & Co. KG

Data protection

Thank you for visiting our website. Our business practices reflect our commitment to the protection of your privacy and the security of all business information when personal data is processed. This page provides full details on how we handle your data.

I. Information on the collection of personal data

To learn how we collect personal data when users visit our website, please read the following. “Personal data” means all data that relates to you personally, such as name, address, e-mail address, and how you use our site.

The controller pursuant to Art. 4 (7) EU General Data Protection Regulation (GDPR) is:

Hevert-Arzneimittel GmbH & Co. KG
In der Weiherwiese 1
55569 Nussbaum, Germany
Phone: +49 6751-910-0
E-mail: info@hevert.de
Managing Directors: Marcus Hevert, Mathias Hevert
See also our legal notice.

Our data protection officer is:

Ronald Baranowski
SIX DATENSCHUTZ GmbH
Kasseler Str. 30
61118 Bad Vilbel, Germany
Tel.: + 49 6101 -982 94 22
datenschutz@hevert.de
rb@six-datenschutz.de

You can also reach him at our mailing address c/o “Data protection officer.”

When contacting us via e-mail or the contact form, we will store the data you provide to us (your e-mail address, your name and your phone number if included) in order to respond to your inquiry. We will delete the data generated in this case once storage is no longer required, or we will restrict processing in the event of legal retention obligations.

If we use contractors to provide some of our service functions or wish to use your data for advertising purposes, we will advise you of this as explained in detail below. Our information will include the criteria defined for the storage period.

II. How your data is processed

In addition to providing information on our website, we offer a number of services that you may use if desired. To do so, you must generally provide additional personal information that we will use to provide the relevant service; this information is subject to the aforementioned data processing principles. Required information will be marked with an asterisk (*). Entering information in fields not marked with * is strictly voluntary.

When you contact the service provider using the contact form, we will store your title, name, address, e-mail address and, if provided, your company name in order to respond to your inquiry.

In some cases we use third-party, contractually obligated providers to process your data. These providers have been carefully selected by us, act only in accordance with our instructions, and are monitored on a regular basis.
If our providers or partners are domiciled in a country outside the European Economic Area (EEA), we will notify you of the relevant details in the description of our service.

1. How personal data is collected during visits to our website

If you use our website for information purposes only, meaning that you do not register on our site or send us any other information, we collect only the personal information transmitted by your browser to our server. If you wish to view our website, we collect the following technical data that is required to display the website and to ensure its stability and security (the legal basis is Art. 6 (1) f) GDPR):

  • IP address
  • Host name
  • Date and time of your inquiry
  • Time zone difference from Greenwich Mean Time (GMT)
  • Subject of the request (specific page)
  • Access status / http status code
  • The data volume transferred
  • The referring website
  • The specific pages of our website that you have accessed
  • Browser: type, version, and language setting
  • Operating system: type and version

Also, if JavaScript is activated:

  • Screen resolution
  • Color depth
  • Size of browser window
  • Browser plugins installed

2. Use of essential cookies

In addition to the aforementioned data, your computer will also store cookies when you use our website. Cookies are small text files that are placed on your hard drive by your browser and that provide the site that sets the cookie (in this case, ours) with certain information. Cookies cannot execute programs or transmit viruses to your computer.

Essential cookies do not require your consent and are processed by us in accordance with Art. 6 (1) f) GDPR. Our legitimate interest in this context is the error-free, optimal use and presentation of our website.

This website uses the following types of cookies. Their scope and how they function are explained below.

Transient cookies

Transient cookies are deleted automatically once you close the browser. This includes in particular the session cookies. They store a “session ID” that allows various requests from your browser to identify the session. This will recognize your computer when you return to our website. The session cookies will be deleted once you log out or close the browser.

Persistent cookies

Persistent cookies are deleted automatically after a certain period of time, which can vary by cookie. You can delete the cookies in your browser’s security settings at any time.

Flash cookies

The Flash cookies used will not be stored by your browser but rather by your Flash plugin. You can configure how Flash cookies are set and deleted using the Adobe Flash Player settings manager at http://www.macromedia.com/support/documentation/de/flashplayer/help/settings_manager07.html. In the alternative, if you do not want Flash cookies to be processed, you can install an add-on such as “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash killer cookie for Google Chrome. We also recommend that you delete your cookies and your browser history manually on a regular basis.

3. Contacting us

When you contact us using the contact form, we will store your e-mail address and your name in order to respond to your inquiry. The same applies if you make a donation to the Hevert Foundation and request a receipt, as we will need this information to issue and send the receipt to you. Information that you provide voluntarily, such as company name and address, will also be stored for the relevant purpose. The storage period depends on the legal record-keeping obligations; your data will be deleted once the purpose no longer applies.

4. Information for employment candidates

If you apply to our company for an open position or send an unsolicited application to bewerbung@hevert.de or to our mailing address, we will require and store personal data from you, which includes the following:

  • Basic data such as title, first and last names, etc.
  • Contact information such as private address with postal code, town, street, house number, e-mail addresses, telephone numbers (landline and/or cell, etc.)
  • All application documents such as cover letter, resume, personal photo, school transcripts, employment references, and other proof of qualification

You can also send us other data and files on an optional basis in order to facilitate contact with you.

If any information is missing for the application procedure, we may request this from you separately if needed for our decision-making purposes.

Purpose and legal basis of processing
The data you provide will be processed in-house to complete the application procedure, to review your eligibility for the position, and to select the candidates.
The primary legal basis of this data processing is Art. 88 GDPR in conjunction with Section 26 GDPR (new) (data processing for the purposes of the employment relationship) and Art. 6 (1) b) GDPR (pre-contractual measures and contract performance).

Note on data usage and storage
We are committed to handling your personal data confidentially as soon as the application process begins. The data you transmit will be processed only for the aforementioned purposes. At all times, only those persons who require your data for the proper implementation of the application procedure will have access to it. Your data will not be shared with unauthorized third parties.

Storage period
We will delete your data six months after the job vacancy has been filled unless you file a claim in accordance with the Equal Treatment Act (Gleichbehandlungsgesetz (AGG) regarding the employment decision. In this case, your data will be deleted after the proceedings on your claim are complete. In the event that we wish to keep your data on file for a longer period of time, we will not do so without your consent.

At any time, you can withdraw part or all of your application. At any time, you can also request that all or some of the data and files you have transmitted be deleted or modified unless prohibited by a legal regulation. You also have the right to withdraw your prior consent to processing of the personal data you have sent for your application at any time with future effect. To do so, simply send an e-mail to bewerbung(at)hevert.de.

For our jobs portal, we use services by Haufe-Umantis AG. We have chosen this provider carefully and concluded a contract with it to process data on our behalf. Furthermore, this provider is obligated to comply with the data privacy rules and our instructions. The data you enter and the documents you attach here, along with all processing steps associated with your application, will be stored in a secure manner on a server of this provider in Germany and Switzerland. Only authorized persons have access to the data stored by this provider.

5. Newsletter / Press mailing list

By giving your consent, you can subscribe to our newsletter, which provides updates on our latest interesting offers. The goods and services that are marketed will be listed in the relevant declaration of consent.

For newsletter subscriptions, we use the double opt-in procedure. This means that after you register, we will send you an e-mail to the address you have provided in order to request your confirmation that you wish to receive the newsletter. If you do not confirm registration within 24 hours, your information will be blocked and deleted automatically after one month. We also store the IP address you have used, along with the time of registration and confirmation. The purpose of this procedure is to document your registration and investigate any misuse of your personal data if applicable.

You must provide only your e-mail address in order to receive the newsletter. The disclosure of other, specially denoted data is voluntary and is used to personalize communications with you. Following your registration, we will store your e-mail address for the purposes of sending the newsletter. The legal basis is Art. 6 (1) a) GDPR, your consent.

You can opt out of the newsletter at any time and unsubscribe from the newsletter. You can unsubscribe at any time by clicking in the link in the newsletter e-mail, by using this website form, by sending an e-mail to newsletter(at)hevert.de or sending a message to the contact information under the imprint/legal notice.

Please note that when we send the newsletter, we analyze your user behavior. For this analysis, the e-mails we send contain web beacons/tracking pixels, i.e. 1 x 1 pixel images which are stored on our website. For the purposes of analysis, we associate the data listed under 1. and the web beacons with your e-mail address and an individual ID. The links in the newsletter also contain this ID. The data is collected in pseudononymous form only, meaning that the IDs are not associated with your other personal data and your personal identity cannot be detected directly.

You can opt out of this tracking at any time by clicking on the separate link that is provided in every e-mail or notifying us through other contact methods. The information will be stored as long as you subscribe to the newsletter. After you unsubscribe, we will store the data for statistical purposes only and in anonymous form.

Our newsletter is sent by provider CleverReach GmbH & Co. KG, Schafjückenweg 2, Germany, 26180 Rastede, Tel.: +49 4402 97390-00, www.cleverreach.com. Processing takes place in accordance with the provisions of Art. 28 GDPR. A data processing contract has been concluded with the provider pursuant to Art. 28 GDPR.

6. Tracking

Below is a description of how your personal data is processed with the help of tracking technologies to analyze and optimize our services, as well as for marketing purposes.

a) The use of third-party services for statistical purposes

The legal basis for using all web analytics tools listed in this paragraph is based exclusively on your consent under Art. 6 (1) a) GDPR. The analysis of user behavior via tracking helps us to assess the effectiveness of our services, to optimize these services, to adapt them to user needs, and to fix any errors. It also serves to collect statistics on the use of our services (reach, frequency of use, user browsing behavior) on the basis of uniform, standard procedures, and to obtain benchmark figures from the general market. If the analytics tool used also serves other purposes or if we use it for our additional interests, we will inform you of this directly in the explanations for each analytics tool.

Google Analytics

The controller in charge of processing has integrated the Google Analytics component (with anonymization function) into this website. Google Analytics is a web analytics service. Web analytics means the collection, reporting, and analysis of website visitor behavior. A web analytics service covers such data as the original website that directed a data subject to another website (“referrer”), which other pages of the website were accessed, and the frequency and duration of a visit to a particular page of the website. Web analytics is primarily used to optimize a website and for a cost/benefit analysis of internet advertising.

The Google Analytics component is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The controller in charge of processing adds “gat._anonymizeIp” to the tracking code for web analytics using Google Analytics. This extension shortens and anonymizes the IP address of the data subject’s internet connection if our website is accessed from a member state of the European Union or another country under the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze web traffic on our site. Google uses the data and information collected for such purposes for analyzing the use of our website in order to compile online reports that shows us the activities on our web pages, and in order to perform additional services that relate to the use of our website.

Google Analytics places a cookie on the IT system of the data subject. The definition of cookies has already been provided above. Setting cookies allows Google to analyze the use of our website. Each time a page of this website that is operated by the controller and that contains a Google Analytics component is accessed, the web browser on the IT system of the data subject is automatically prompted by the Google Analytics component to transmit data for the purposes of online analysis to Google. With this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which helps Google to determine the origin of the visitors and clicks, among other things, and to subsequently generate commission statements.

The cookies are used to store personal information such as time of access, location from where access originated, and the frequency of visits to our website by the data subject. During each visit to our web pages, this personal data, including the IP address of the internet connection used by the data subject, will be transmitted to Google in the United States of America (USA) and processed there. Google may, in certain cases, forward the personal data collected by this technical procedure to third parties. Because the Privacy Shield has been invalidated, at present an adequate level of data protection in third countries cannot be guaranteed (see the European Court of Justice decision – EuGH July 16, 2020). Personal data can be processed only with your consent under Art. 6 (1) a) GDPR.

Alternatively or in addition thereto, concluding the EU standard data protection clauses issued by the European Commission with the receiving party can provide sufficient guarantees under Art. 46 (2) c) GDPR and an adequate level of data protection. Copies of the EU standard data protection clauses are available from the website of the European Commission under this link. We have concluded the standard data protection clauses with Google for this purpose.

As described above, you can prevent our website from placing cookies and permanently prohibit them at any time by adjusting your browser setting. Adjusting your setting in this manner would also prevent Google from placing a cookie on the data subject’s IT system. Furthermore, a cookie previously placed by Google Analytics can be deleted at any time via the web browser or other software program.

You can also object to and prevent the collection of the data generated by Google Analytics as well as to the processing of this data by Google. To do so, you must download and install a browser add-on under the link tools.google.com/dlpage/gaoptout. This browser add-on notifies Google Analytics via JavaScript that no information about the visits to websites can be transmitted to Google Analytics. Google considers the installation of the browser add-on to be an opt-out. If your computer’s hard drive is deleted, formatted or newly installed, the browser add-on must be reinstalled in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person under their sphere of influence, there is the option to reinstall or reactivate the browser add-on.

Processing is pursuant to your consent (Art. 6 (1) a) GDPR). If you have granted consent, you can withdraw it at any time in the cookie settings.
Google has joint controllership with Hevert-Arzneimittel GmbH & Co. KG. There is an agreement for this purpose that defines the joint responsibilities for compliance with the obligations under the GDPR regarding joint controllership, as set forth in the referring terms of service. Under this agreement, Google Ireland is responsible for the fulfillment of data subjects’ rights under Art. 15-20 of the GDPR with regard to the personal data that is stored. The information required under Art. 13 (1) a) and b) GDPR, information on the processing of personal data, the relevant legal basis, and the rights of data subjects can be found in Google Ireland’s privacy information under https://privacy.google.com/businesses/gdprcontrollerterms/ . The use of Google is subject to the applicable terms of service.

Terms of service: https://marketingplatform.google.com/about/analytics/terms/us/

Data privacy overview:https://policies.google.com/privacy

Google Signals

In addition to Google Analytics, this website also uses the web analytics service Google Signals by Google Ireland Limited (“Google”). With Google Signals, Google provides us with reports on cross-device user numbers and on various user groups, which are based on different combinations of devices used. For this purpose, Google gathers data from users who are signed on to their Google account and have turned on the “Ads Personalization” option in their settings. Please note that is option is turned on by default, so in order to opt out you must turn it off if you do not want personalized advertising. Google Signals is used only with activated IP anonymization. This means that the IP address of users within the member states of the EU and the European Economic Area are shortened. This makes it impossible to identify the person to whom the IP address belongs. Thus, we cannot identify a specific user. However, Google is able to use personalized cross-device tracking of your browsing behavior if you are signed on to your Google account. According to our information, Google will store this data for a period of 26 months.

Google also processes your personal data in the USA. Because the Privacy Shield has been invalidated, at present an adequate level of data protection in third countries cannot be guaranteed (see the European Court of Justice decision – EuGH July 16, 2020). Personal data can be processed only with your consent under Art. 6 (1) a) GDPR.

Alternatively or in addition thereto, concluding the EU standard data protection clauses issued by the European Commission with the receiving party can provide sufficient guarantees under Art. 46 (2) c) GDPR and an adequate level of data protection. Copies of the EU standard data protection clauses are available from the website of the European Commission under this link. We have concluded the standard data protection clauses with Google for this purpose.

Processing is pursuant to your consent (Art. 6 (1) a) GDPR). If you have granted consent, you can withdraw it at any time in the cookie settings and you can opt out of tracking by Google Signals by deactivating the “Ads Personalization” option in your Google account. For information, please see https://support.google.com/adspolicy/answer/143465?hl=en&ref_topic=1626336

Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001

Terms of service: https://marketingplatform.google.com/about/analytics/terms/us/

Data privacy overview:https://policies.google.com/privacy

Data privacy policy: https://policies.google.com/privacy

b) Social Media

Embedded YouTube videos

The controller in charge of processing has integrated components from YouTube into this website. YouTube is an internet video portal that allows video publishers to post video clips at no charge and other users to view, rate, and comment on these videos, also at no charge. YouTube permits the publication of all types of videos, which is why complete films and TV shows, as well as music videos, trailers, or user-generated videos are accessible on the portal.

YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If you wish, you can use the “YouTube button” or the share function. To do so, you must sign on to YouTube. Once you sign on, the service of the provider will be activated.

By clicking on a YouTube button on our website, you will be connected to the YouTube servers. This notifies YouTube of the website you visited. This information is collected by YouTube and Google and affiliated with your YouTube account. If you have your own YouTube account and are already signed on, you allow YouTube to affiliate your browsing behavior directly to your personal profile. This occurs even if you do not click on a YouTube video. You can prevent this identification by logging out of your account first.

YouTube and Google also process your personal data in the USA. Because the Privacy Shield has been invalidated, at present an adequate level of data protection in third countries cannot be guaranteed (see the European Court of Justice decision – EuGH July 16, 2020). Processing is pursuant to your consent (Art. 6 (1) a) GDPR). If you have granted consent, you can withdraw it at any time in the cookie settings.

Alternatively or in addition thereto, concluding the EU standard data protection clauses issued by the European Commission with the receiving party can provide sufficient guarantees under Art. 46 (2) c) GDPR and an adequate level of data protection. Copies of the EU standard data protection clauses are available from the website of the European Commission under this link. We have concluded the standard data protection clauses with Google for this purpose.

Google has joint controllership with Hevert-Arzneimittel GmbH & Co. KG. There is an agreement for this purpose that defines the joint responsibilities for compliance with the obligations under the GDPR regarding joint controllership, as set forth in the referring terms of service. Under this agreement, Google Ireland is responsible for the fulfillment of data subjects’ rights under Art. 15-20 of the GDPR with regard to the personal data that is stored. The information required under Art. 13 (1) a) and b) GDPR, information on the processing of personal data, the relevant legal basis, and the rights of data subjects can be found in Google Ireland’s privacy information under https://privacy.google.com/businesses/gdprcontrollerterms/ . The use of Google is subject to the applicable terms of service.
Further information about YouTube is available at https://www.youtube.com/yt/about.

For more information about data privacy and Google services please see: https://policies.google.com/privacy

c) The use of third-party services to enhance our marketing measures

DoubleClick by Google

This website uses the DoubleClick online marketing tool by Google. The controller in charge of processing has integrated services of Google Remarketing into this website. Google Remarketing is a function of Google AdWords that allows a company to display ads to those web users who previously visited the company’s website. Thus, the integration of Google Remarketing allows a company to generate user-based advertising and show the web users ads that are relevant to their interests.

Google Remarketing / Google AdWords is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of Google Remarketing is to integrate advertising relevant to user interests. Google Remarketing allows us to display ads using the Google ad network or other websites that are tailored to the individual needs and interests of internet users.

Google Remarketing places a cookie on the IT system of the data subject. By placing the cookie, Google allows the recognition of a visitor to our website if this person then accesses websites which are also members of the Google ad network. Each time a website that integrates the service of Google Remarketing is accessed, the browser of the data subject automatically identifies itself to Google. During this technical process, Google obtains knowledge of personal data, such as the IP address or browsing behavior of the user, which Google uses to display ads relevant to their interests, among other things.

Using the cookie, personal information, such as the IP address or the websites visited, is stored and transmitted to Google in the USA and processed.
Because the Privacy Shield has been invalidated, at present an adequate level of data protection in third countries cannot be guaranteed (see the European Court of Justice decision – EuGH July 16, 2020). Personal data can be processed only with your consent under Art. 6 (1) a) GDPR.

Alternatively or in addition thereto, concluding the EU standard data protection clauses issued by the European Commission with the receiving party can provide sufficient guarantees under Art. 46 (2) c) GDPR and an adequate level of data protection. Copies of the EU standard data protection clauses are available from the website of the European Commission under this link. We have concluded the standard data protection clauses with Google for this purpose.

As described above, you can block cookies from our website and permanently prohibit them from being placed at any time by adjusting your browser setting. Adjusting your setting in this manner would also prevent Google from placing a cookie on your computer. Furthermore, a cookie previously placed by Google Analytics can be deleted at any time via the web browser or other software program.

There is also the option to opt out of the interest-based advertising by Google. To do so, the data subject must access each of the web browsers they use from the link www.google.de/settings/ads and adjust the desired settings there.

More information and the applicable data privacy rules of Google can be found at https://policies.google.com/privacy

Processing is pursuant to your consent (Art. 6 (1) a) GDPR). If you have granted consent, you can withdraw it at any time in the cookie settings.

Facebook Custom Audience

The website also uses the “Custom Audiences” remarketing function of Facebook Inc. (“Facebook”). This means that users of the website will see interest-based advertising (“Facebook Ads”) when visiting the Facebook social network or other websites that use the procedure. This is in our interest of showing you advertisements that may be relevant to you. The legal basis for processing is your consent (Art. 6 (1) a) GDPR.

Due to the marketing tools used, your browser will automatically connect directly to Facebook’s servers. We have no influence on the scope or further use of the data that is collected by Facebook through the use of this tool and therefore are notifying you on the basis of our knowledge: Due to the integration of Facebook Custom Audiences, Facebook will be notified that you have accessed our website or that you have clicked on one of our ads. If you are registered for a service of Facebook, Facebook can associate the visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible for the provider to determine and store your IP address and other identifying characteristics.

The “Facebook Custom Audiences” function has been activated on this page. You can deactivate the function here: The function “Facebook Custom Audiences” can be disabled for users who have logged in by going to https://www.facebook.com/settings/?tab=ads#.

Facebook also processes your personal data in the USA. Because the Privacy Shield has been invalidated, at present an adequate level of data protection in third countries cannot be guaranteed (see the European Court of Justice decision – EuGH July 16, 2020). Personal data can be processed only with your consent under Art. 6 (1) a) GDPR.

Facebook Ireland has a joint controllership with Hevert-Arzneimittel GmbH & Co. KG. There is an agreement for this purpose that defines the joint responsibilities for compliance with the obligations under the GDPR regarding joint controllership, as set forth in the referring terms of service. Under this agreement, Facebook Ireland is responsible for the fulfillment of data subjects’ rights under Art. 15–20 of the GDPR with regard to the personal data that is stored. The information required under Art. 13 (1) a) and b) GDPR, information on the processing of personal data, the relevant legal basis, and the rights of data subjects can be found in Facebook Ireland’s privacy information under https://www.facebook.com/about/privacy . The use of Facebook is subject to the applicable terms of service for Facebook.

The standard data protection clauses have also been agreed with Facebook.

More information on data processing by Facebook, is available from:

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
http://www.facebook.com/policy.php; additional information on data collection:
http://www.facebook.com/help/186325668085084 ,
http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo .

The use of KUPONA

This page uses advertising technology by KUPONA GmbH. KUPONA collects anonymized information and data about users’ browsing behavior to optimize how advertising campaigns are provided on the internet. Cookie text files are stored on your computer for this purpose. Following an algorithm-based analysis of browsing behavior, KUPONA can display targeted product recommendations in the form of product-specific ad banners on other websites as well (retargeting). The use of cookies in this case is solely for optimizing the offers. Neither personal identification of the user nor the use or forwarding of data to third parties are possible. Our use of this technology is intended to show you ads for our products that would be of interest to you even on other websites you visit. The legal basis for processing is your consent (Art. 6 (1) a) GDPR.

There are numerous ways to opt out of participation in this tracking procedure:

a) adjusting your browser settings, i.e. by refusing third-party cookies;

b) deactivating the interest-based ad displays from KUPONA by setting an opt-out cookie at http://datenschutz.kupona.de/global_optOut.html. Please note that this setting will be deleted once you delete your cookies.

c) deactivating the interest-based ad displays from KUPONA by managing your preference configurations at http://www.youronlinechoices.com/de. Please note that this setting will be deleted once you delete your cookies.

Additional data privacy information about KUPONA is available from KUPONA GmbH, Frankfurter Strasse 8, 36043 Fulda, Germany: Data privacy information available at https://www.kupona-media.de/datenschutzbestimmungen (German only).

Use of ScorecardResearch

This website uses the plugin ScorecardResearch of Full Circle Studies Inc., a subsidiary of comScore Inc. domiciled at 11950 Democracy Drive, Reston, VA 20190, Washington DC, USA. By analyzing general browsing patterns and conducting surveys, ScorecardResearch can give companies a clearer idea of what audiences like and dislike, thereby helping companies provide products and services that are more customized to consumer needs.

ScorecardResearch collects data primarily through the use of web tags. A web tag is a code that is deployed by partners on their websites and collects information about general user traffic. As a rule, companies use web tags on the internet to learn about visits to their website. The ScorecardResearch web tag also places a cookie, i.e. a small text file that is stored on your computer. ScorecardResearch uses a combination of web tags and cookies, which helps websites count how many visitors have looked at the website or various portions of a site.

We use ScorecardResearch for marketing and optimization purposes, particularly to analyze the use of our website and to improve certain functions and offers, as well as the user experience, on a continuous basis. The statistical analysis of user patterns helps us improve our offers and make them more appealing to you, the user. The legal basis for processing is your consent (Art. 6 (1) a) GDPR.

ScorecardResearch also processes your personal data in the USA. Because the Privacy Shield has been invalidated, at present an adequate level of data protection in third countries cannot be guaranteed (see the European Court of Justice decision – EuGH July 16, 2020). Therefore, personal data can be processed only with your consent under Art. 6 (1) a) GDPR.

Alternatively or in addition thereto, concluding the EU standard data protection clauses issued by the European Commission with the receiving party can provide sufficient guarantees under Art. 46 (2) c) GDPR and an adequate level of data protection. Copies of the EU standard data protection clauses are available from the website of the European Commission under this link. We have concluded the standard data protection clauses with ScoreCardResearch for this purpose.

There are numerous ways to opt out of participation in this tracking procedure:

a) adjusting your browser settings, i.e. by refusing third-party cookies;

b) deactivating the ScorecardResearch plugin by setting an opt-out cookie at http://www.scorecardresearch.com/preferences.aspx?newlanguage=1. Please note that this setting will be deleted once you delete your cookies.

c) deactivating the ScorecardResearch plugin under the self-regulation campaign “About Ads” at://www.aboutads.info/choices. Please note that this setting will be deleted once you delete your cookies.
Further information on ScorecardResearch is available from comScore Inc., 11950 Democracy Drive, Suite 600, Reston, VA 20190, USA, or its European headquarters at Herikerbergweg 280, 1101 CT Amsterdam, Netherlands. Data privacy information can be found at https://www.scorecardresearch.com/privacy.aspx?newLanguage=1.

d) Other services

Google Maps

We use the services of Google Maps on this website. Google Maps is operated by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This enables us to show you interactive maps directly on the website and offers you convenient access to the map function.

For more information about how Google processes data, please see Google’s data privacy policy. You can also adjust your personal data privacy settings there in the Safety Center. Complete instructions on how to manage your own data in relation to Google products is available here.

The legal basis for the integration of Google Maps and the relevant data transfer to Google is your consent (Art. 6 (1) a) GDPR). If you block access, you may not have full access to certain functions on the website.

When you visit our website, Google receives information that you have accessed a particular page of our website. This occurs regardless of whether Google provides a user account that you are signed on to or whether a user account exists. If you are signed on to Google, your data will be associated directly with your account.

If you do not want your visit associated with your Google profile, before activating the button you must sign out of Google. Google stores your data as a user profile and uses it for the purposes of advertising, market research and/or the targeted design of its website. This analysis is applied in particular (even for users not signed on) to display targeted advertising and to inform other users of the social network about your activities on our website. You have the right to opt out of the creation of these user profiles, but you must do so via Google.

The terms of service for Google Maps can be found here:

https://policies.google.com/privacy

Google also processes your personal data in the USA. Because the Privacy Shield has been invalidated, at present an adequate level of data protection in third countries cannot be guaranteed (see the European Court of Justice decision – EuGH July 16, 2020). Personal data can be processed only with your consent under Art. 6 (1) a) GDPR.

Alternatively or in addition thereto, concluding the EU standard data protection clauses issued by the European Commission with the receiving party can provide sufficient guarantees under Art. 46 (2) c) GDPR and an adequate level of data protection. Copies of the EU standard data protection clauses are available from the website of the European Commission under this link. We have concluded the standard data protection clauses with Google for this purpose.

If you do not want Google to collect, process, or use your data from our website, you can opt out at any time through your cookie settings. If you block access, you may not have full access to certain functions on the website.

Facebook Connect: Sign-on service

Facebook Connect makes it easier to sign in to our website. You can log in using your Facebook account data. This offer allows us to provide you with a better user experience on our website, which serves our interest of enhancing the appeal of the site. The legal basis for processing is your consent (Art. 6 (1) a) GDPR.

When you visit our website, the third-party provider receives information that you have accessed a particular page of our website. The data listed under II. 1 of this Privacy Policy is also transmitted. This occurs regardless of whether this third party provides a user account that you are signed on to or whether you have a user account. If you are signed on to the third-party provider, your data will be associated directly with your account. If you do not want your visit associated with your third-party profile, before activating the button you must sign out. The third-party provider may store your data as a user profile and can use it for the purposes of advertising, market research and/or the targeted design of its website. This analysis is applied in particular (even for users not signed on) to display targeted advertising and to inform other users of the social network about your activities on our website. You have the right to opt out of the creation of these user profiles, but you must do so via the third-party provider.

Facebook also processes your personal data in the USA. Because the Privacy Shield has been invalidated, at present an adequate level of data protection in third countries cannot be guaranteed (see the European Court of Justice decision – EuGH July 16, 2020). Personal data can be processed only with your consent under Art. 6 (1) a) GDPR.

Facebook Ireland has a joint controllership with Hevert-Arzneimittel GmbH & Co. KG. There is an agreement for this purpose that defines the joint responsibilities for compliance with the obligations under the GDPR regarding joint controllership, as set forth in the referring terms of service. Under this agreement, Facebook Ireland is in charge of fulfilling the rights of data subjects in accordance with Art. 15-20 GDPR with regard to the persona data that is stored. The information required under Art. 13 (1) a) and b) GDPR, information on the processing of personal data, the relevant legal basis, and the rights of data subjects can be found in Facebook Ireland’s privacy information under https://www.facebook.com/about/privacy . The use of Facebook is subject to the applicable terms of service for Facebook.

The standard data protection clauses have also been agreed with Facebook.

Further information on the purpose and scope of data collection and its processing by the plugin provider is available in the data privacy notice from this provider below. There, you will also find additional information on your affiliated rights and settings options to protect your privacy:

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland; Data Privacy Policy: http://facebook.com/policy.php

Google Fonts

This website uses external fonts from Google Fonts. Google Fonts is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The integration of these web fonts is based on server access, usually a Google server in the USA. The server is thus notified about which of our web pages you have visited. Google also stores the IP address for the browser of the visitor’s device when viewing these web pages. For more information, see Google’s data privacy information here: https://policies.google.com/privacy.

Google also processes your personal data in the USA. Because the Privacy Shield has been invalidated, at present an adequate level of data protection in third countries cannot be guaranteed (see the European Court of Justice decision – EuGH July 16, 2020). Personal data can be processed only with your consent under Art. 6 (1) a) GDPR.

Alternatively or in addition thereto, concluding the EU standard data protection clauses issued by the European Commission with the receiving party can provide sufficient guarantees under Art. 46 (2) c) GDPR and an adequate level of data protection. Copies of the EU standard data protection clauses are available from the website of the European Commission under this link. We have concluded the standard data protection clauses with Google for this purpose.

The legal basis for processing is your consent (Art. 6 (1) a) GDPR.

Integration of DocCheck

Our website offers you an alternative login option to our specialists’ portal with your DocCheck account For this purpose, we have integrated a DocCheck plugin to verify your login information, which includes certain functionalities as explained below. This information was provided to us by DocCheck. We are not aware of whether DocCheck performs any additional processing or analysis relating to the use of the DocCheck login on our website.

DocCheck uses cookies (small text files that are stored in the user’s browser) in order to facilitate the services. The information generated by these cookies is sent only to DocCheck’s servers and is not shared with us or any other third parties. Data is not transmitted to countries outside the EU. You can opt out of these cookies by blocking the installation of third-party cookies in your browser settings. However, in this case you may no longer be able to log in using DocCheck. As an alternative, you can use your Hevert login for accessing our specialists’ portal.

When using DocCheck password protection, DocCheck uses the plugin to collect protocol data (IP address, access date, access time, referrer URL, information about the hardware and software used such as browser characteristics, device information such as resolution) on the user. This data is not used to determine personal identity but rather to ensure the correct presentation of the pages or iframe content and/or security of the DocCheck services.

More information about how your data is processed by DocCheck is available from DocCheck Community GmbH, Vogelsanger Strasse 66, 50823 Cologne, Germany. You can find the privacy statement of DocCheck at https://www.doccheck.com/de/privacy.

Use of Google reCAPTCHA

We use Google’s reCaptcha service to determine whether a person or a computer is entering certain information in our contact or newsletter form. This service is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Google uses the following data to verify whether you are a person or a computer. IP address of the device used, the web page that you are visiting on our site and on which Captcha is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, your Google account if you are signed on to Google, mouse movements on the reCaptcha images and tasks that require you to identify images.

Google also processes your personal data in the USA. Because the Privacy Shield has been invalidated, at present an adequate level of data protection in third countries cannot be guaranteed (see the European Court of Justice decision – EuGH July 16, 2020). Personal data can be processed only with your consent under Art. 6 (1) a) GDPR.

Alternatively or in addition thereto, concluding the EU standard data protection clauses issued by the European Commission with the receiving party can provide sufficient guarantees under Art. 46 (2) c) GDPR and an adequate level of data protection. Copies of the EU standard data protection clauses are available from the website of the European Commission under this link. We have concluded the standard data protection clauses with Google for this purpose.

The legal basis for data processing as described above is your consent under Art. 6 (1) a) GDPR.

7. Services from other providers

Paypal

We have integrated components of PayPal into our website as an option for making financial donations. PayPal is an online payment provider that processes payments via PayPal accounts. You also have the option of making virtual payments using credit cards if you do not have a PayPal account. You can send online payments to third parties, receive payments and use the payment operations and purchase protection services offered by PayPal

When you visit a page on our website that includes PayPal components, PayPal is notified that you have accessed that page on our website. The data listed under II. 1 of this Privacy Policy is also transmitted. This occurs regardless of whether PayPal provides a user account that you are signed on to or whether you have a user account. If you are signed on to Google, your data will be associated directly with your account. If you do not want your visit associated with your PayPal profile, before accessing the page on our website you must sign out. PayPal stores your data as a user profile and uses it for the purposes of advertising, market research and/or the targeted design of its website. This analysis is applied in particular (even for users not signed on) to display targeted advertising. You have the right to opt out of the creation of these user profiles, but you must do so via PayPal.

We use the functions or components provided by PayPal in our interest of providing you with a simple, convenient option for transferring money online when making a donation to us. The legal basis is Art. 6 Abs. 1 b) GDPR (contract / pre-contractual measures).

Further information on the purpose and scope of data collection and its processing by PayPal is available in the data privacy notice from this provider. There, you will also find additional information on your affiliated rights and settings options to protect your privacy: PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg (European operating company of Paypal), Luxembourg; https://www.paypal.com/webapps/mpp/ua/privacy-full.

8. Apps by Hevert

We offer apps on various subjects. Below you will find information on how your personal data is processed for these offers. The apps are available from your app store (Google Play Store for Android and the Apple App Store).

Calmvalera

You can use this app to stream relaxing music and receive helpful tips on how to unwind. We will also show you product information relating to the subject of relaxation. To use this app, log files (access and error logs) are collected, but your IP addresses will be stored in anonymized form. The information will no longer be saved once you uninstall the app.

The legal basis for processing is your consent under Art. 6 (1) a) GDPR once you download the app to your mobile device.

Vademecum

With the Vademecum app, we provide you with a wide range of information on our products and preparations. When using this app, log data with your anonymized IP address will be stored. The information will no longer be saved once you uninstall the app.

The legal basis for processing is your consent under Art. 6 (1) a) GDPR once you download the app to your mobile device.

Hevert Akademie

The Hevert Akademie app gives you direct access to all information on the products and medicinal products from Hevert Arzneimittel. You also have mobile access to the most important content from the Hevert Akademie continuing education program and can compete in quizzes with the app itself or other users.

To use the app you must provide your name, e-mail address, and user name. Passwords will not be saved. We also store anonymized log files and login codes. These are generated on a user-specific basis as an AppLoginKey and stored on the server of the learning platform as well as on the app server. The information will no longer be saved once you uninstall the app.

The legal basis for processing is your consent under Art. 6 (1) a) GDPR once you download the app to your mobile device.

III. Your rights

Below is an explanation of your rights as a data subject pursuant to Art. 15 GDPR. You can assert these rights at any time and contact us directly to do so. If you do assert these rights to us, we will review them immediately, taking account of the associated legal requirements and conditions. For this purpose, we may request additional information from you. We will inform you in detail about the outcome of our review and our procedure for fulfilling your request.

Right to information

You have the right to request information from us at any time about whether we process personal data on you, and if so, which data. This also includes information on the purposes of processing, possibly including recipients to whom we have provided your data, the planned storage period and any information on the origin of this data if we did not collect it directly from you. You also have the right to request a one-time copy at no charge of your personal data we have on file. If you request additional copies, we reserve the right to charge a reasonable processing fee.

Right to rectification

You have the right to request that we correct any incorrect data that we have stored in relation to you. This also includes the right to completion of any incomplete personal data.

Right to erasure

You have the right to request that we delete any data that we have stored in relation to you. If we have published data about you, this also includes our obligation as regards the “right to be forgotten” under Art. 17 (2) GDPR, taking account of available technologies and the implementation costs, to forward your request for erasure, all links to this data and copies or duplicates of this data to additional controllers who are in charge of processing this published personal data.

Right to restriction of processing

You have the right to request that we restrict the processing of data that we have stored in relation to you. Thereafter, this data can be processed only upon your consent or for a few legally defined purposes.

Right to object to processing

If we base the processing of your personal data on a consideration of interests, you can file an objection to the processing. This applies particularly if the processing is not required to fulfill a contract with you, as explained by us in the following function descriptions.

In the event of an objection, we will review the matter and will either discontinue or adjust data processing or explain our mandatory, legitimate reasons why we will continue to process the data.

Naturally, you can object at any time to the processing of your personal data for the purposes of advertising and data analysis. You can notify us of your objection to advertising with one of the contact methods listed under I.

Right to withdraw prior consent under data protection laws

If you have consented to the processing of your data, you can withdraw consent at any time. Withdrawal will affect the lawfulness of processing your personal data once you have notified us of your withdrawal.

Right to data portability

You have the right to receive your personal data that you have provided to us, from us in a structured, standard and machine-readable format for the purposes of transferring it to another controller. This includes, upon your request and subject to the available technical options, direct transfer by us to the other controller.

Right to file a complaint with a supervisory authority

You have the right at any time to file a complaint with a data protection authority about how we process your personal data.