Data security

The respect of privacy is a serious concern to which we pay special attention when processing and using personal data. We therefore attribute great importance to the protection of your personal data. Insofar as personal data is collected (e.g. your name, address or other contact details), it is processed and used exclusively in accordance with applicable data protection regulations.

In the following we would like to inform you about the processing of personal data when using this website. Personal data are all data that identify you, e.g. name, address, e-mail addresses, user behavior.

1. Controller & Data Protection Officer
Responsible Controller for the collection, processing and use of your personal data in the context of  the GDPR is:
PHOENIX Pharmahandel GmbH & Co KG
Pfingstweidstraße 10-12
D-68199 Mannheim
+49 621 8505-0

You can reach our data protection officer at datenschutz(at)phoenixgroup(dot)eu or our postal address with the addition "the data protection officer".

2. Data Collection during the visit of the website

(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability

• IP address
• date and time of the request
• Referrer URL
• Browser Type
• Operating system

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk in the browser you use and through which certain information flows to the instituion that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.

(3) Use of cookies:
a) This website uses transient cookies, the scope and functioning of which are explained below:

b) Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

c) You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third party cookies or all cookies. Please note that you may not be able to use all functions of this website.

3. E-Mail Contact

If you contact us (e.g. via contact form or e-mail), we store your details for processing the enquiry and for any follow-up questions. We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist. We only store and use further personal data if you give your consent or if this is legally permissible without special consent. Please note that if you contact us by e-mail the transfer of e-mails is unencrypted.

4. Usage of our password restricted Member Area

(1) If you wish to use our password restricted area, you must register by entering your e-mail address, company name, position, phone number and a password of your choice. Your registration is not complete until you have received a confirmation e-mail. It is obligatory to provide the aforementioned data.
(2) If you use our password restricted area, we store your data necessary for the fulfilment of the contract, until you finally contact us to delete your access. If you wish us to delete your data, we will do so on your written request to:

PHOENIX Pharmahandel GmbH & Co KG, International Sales & Marketing Network, Pfingstweidstraße 10-12, D-68199 Mannheim) or email (phoenix-pharmacy-partnership(at)phoenixgroup(dot)eu)

(3) In order to prevent unauthorized access to your personal data, especially financial data, the connection is encrypted using TLS technology.

5. Plugins

Google Maps
This website uses Google Maps API to display geographical information visually. When using Google Maps, Google also collects, processes and uses data about the use of map functions by visitors. You can find more information about Google's data processing in the Google Privacy Policy. There you can also change your personal data protection settings in the Data Protection Center.

Vimeo
This website uses plug-ins from the American company Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. As a consequence, log information may be transmitted from our website to Vimeo. Vimeo’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Vimeo features, the browser type and settings, the date and time of your request, information about your use of Vimeo, and cookies.
You can find out more information about data collection, how your data is evaluated and processed by Vimeo, and your rights relating to this in Vimeo’s Privacy Policy: http://vimeo.com/privacy.

Matomo (formerly Piwik)
This website uses the open source web analytics service Matomo. Matomo uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before it is stored.

Matomo cookies remain on your device until you delete them.

The storage of Matomo cookies is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

The information generated by the cookies about your use of this website will not be disclosed to third parties. You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website.

If you do not agree with the storage and use of your data, you can disable this feature here. In this case, an opt-out cookie will be stored in your browser to prevent Matomo from storing your usage data. If you delete your cookies, this will mean that the opt-out cookie will also be deleted. You will then need to reactivate it when you return to our site if you wish your activity not to be tracked.

You may opt out explicitly from being tracked by Matomo using the following control:


Social Plugins
On our website social plugins ("plugins") are used by social networks.
In order to increase the protection of your data when visiting our website, the plugins are not unrestricted, but only integrated into the page using an HTML link (so-called "Shariff solution" from c't). This integration ensures that no connection is established with the servers of the provider of the respective social network when a page of our website containing such plug-ins is called up. Click on one of the buttons, a new window of your browser opens and calls up the page of the respective service provider, on which you can (if necessary after entering your login data) e.g. press the Share button.
The purpose and scope of data collection and the further processing and use of the data by the providers on their pages as well as your relevant rights and setting options for the protection of your privacy can be found in the data protection information of the following providers:

LinkedIn Corporation (2029 Stierlin Court - Mountain View - CA 94043 - USA)
Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA)

7. Your Data Privacy Rights
We gladly want to you inform you regarding your rights according to the general data protection regulation:

Right of Access
You have the right to request confirmation whether data concerning you are being processed and to request information regarding these data according to Art. 15 GDPR

Right to rectification
In accordance with Article 16 of the GDPR, you have the right to request the completion or correction of inaccurate data concerning you.

Right to erasure
In accordance with Art. 17 GDPR, you have the right to demand that relevant data may be deleted in case there are no legal obligations preventing the deletion. 

Right to restriction of processing
You may demand a restriction of the processing in accordance with Art. 18

Right of data portability
You have the right to request to receive the data provided to us in accordance with Art. 20 GDPR and additionally to request its transmission to other processors

Right to object
You may object to the future processing according to Art. 21 GDPR at any time.

Right to revocation
You have the right to revoke consent anytime according to Art. 7 Par. 3 GDPR valid for the future.

Right to notify the supervisory authority
In accordance with Art. 77 GDPR you have the right to file a complaint with the competent supervisory authority.

8. Reporting System
The PHOENIX group, i.e. the PHOENIX Pharmahandel GmbH & Co KG as well as its affiliated companies according to §§ 15ff AktG, has established a web based reporting system which is designed to enable employees, business partners, customers and third parties an easy system by which to report data incidents or concerns. These reports are taken seriously and are reviewed and actioned regularly and are used to improve the protection of personal data. 

You can access this reporting tool at any time via:
https://phoenixgroup-databreach.integrityplatform.org/

In order to explain the background to the reporting system in more detail, we have also answered a number of frequently asked questions below:

When should I report an incident?
PHOENIX group has an obligation to notify the supervisory authority within 72 hours of becoming aware of an incident, due to this, all incidents must be reported without delay via the online reporting tool.

What data incidents should be reported and how?
All personal data incidents are to be reported to the Data Protection team via the online reporting tool.

What is a data protection incident?
Data Protection incidents are any event which has, or could have, resulted in the accidental or deliberate loss of personal data (electronic or paper) or destruction of data, or unauthorised access to data (e.g. loss or theft of laptop, smartphone, paper record, prescriptions).

What happens after I submit a report?
The Data Protection team will review the incident report and will contact you for further information or, where necessary, will assist you with the post incident actions.

9. General Comments
We retain the right to change our data privacy statement. This may be necessary as a result of technical developments. We therefore ask you to consult the data privacy statement from time to time and to apply the current version.

If you have do have any further questions or concerns regarding you personal data, please contact the designated data protection officer.

Date of last review and update: May 2018