This privacy policy informs you as a user of our website and our offers about the nature, scope and purpose of the collection and use of personal data.

We expressly point out that data transmission on the Internet (eg communication by e-mail) security gaps and can not be completely protected against access by third parties.

This privacy policy is currently valid and has the status February 2021. Due to the further development of our website and offers or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed and printed out by you at any time on our website at https://www.ursapharm.de/datenschutz/.

1. 1 Data controller

The data controller is:

URSAPHARM Arzneimittel GmbH

Industriestrasse 35

66129 Saarbrücken

Germany

Telephone: +49 (0) 6805/9292-0

Telefax: +49 (0) 6805/9292-88

E-mail: datenschutz@ursapharm.de

1. 2 Data Protection Officer

Data Protection Officer URSAPHARM Arzneimittel GmbH

Industriestrasse 35

66129 Saarbrücken

E-mail: datenschutz@ursapharm.de

1.3 Disclosure of data to third parties and third party providers

We comply with the legal requirements. Data will only be passed on to third parties within the scope of legal regulations.

General information

2.1 Integration of services and content of third parties

We may use services of third parties within our website, for example, to integrate external media, perform analyses, etc.. This is always done on the basis of a legal basis, such as on the basis of our legitimate interests (such as our interest in the analysis, optimization and economic operation of our website) within the meaning of Art. 6 para. 1 lit. f DSGVO or - to the extent necessary in individual cases - on the basis of your previously given consent pursuant to Art. 6 para. 1 lit. a DSGVO.

Such services generally require that the third-party providers, perceive the IP address of users, as they could not send the corresponding content to their browser without the IP address. The IP address is thus required for the display of such content. We strive to use only services whose respective providers use the IP address only for the delivery of the content. Some third-party providers also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be combined with such information from other sources.

For more detailed information on which services are actually used on this site and how data is processed within their scope, as well as the relevant legal basis, please refer to the explanations on the respective services in the further course of this privacy policy.

2.2 Types of data processed

We collect and process on our website inventory data (e.g. names, addresses), contact data (e.g. e-mail addresses, telephone numbers, fax numbers, postal address), usage data (e.g. web pages visited, links clicked, interest in content, access times, access locations), content data (e.g. comments, text input, photos, videos) and meta and communication data (e.g. device information, browser information, IP addresses).

2.3 Categories of data subjects

The data subjects of the processing of personal data are all visitors and users of our website.  

2. 4 Purpose of processing

We collect and process the personal data of the users of our website in order to communicate with and inform them (e.g. contact and other inquiries), to perform statistics, reach measurement and analysis (e.g. with marketing and analysis tools), so that we can better design and optimize content and functions, to technically manage and optimize the website and to close security gaps.

2.5 Legal bases for the processing of personal data 

We only process personal data if we are entitled to do so on the basis of a legal basis. In the following, we will name these legal bases individually in the context of the respective processing operations. In general, we are always entitled to process personal data if the data subject has consented (see Art. 6 para. 1 lit. a, Art. 7 DSGVO), if we are obliged to fulfill contractual or pre-contractual obligations (see Art. 6 para. 1 lit. b DSGVO), if we have to fulfill legal obligations (see. Art. 6 (1) lit. c DSGVO) or if we safeguard our legitimate interests (s. Art. 6 (1) lit. f DSGVO).

2.6 Recipients of personal data

We may transfer personal data to order processors or other third parties (e.g. hosting agencies, etc.) with whom we cooperate. We are entitled to do so if the data subject has consented thereto (see Art. 6 para. 1 lit. a, Art. 7 DSGVO), if we thereby fulfill contractual or pre-contractual obligations (see Art. 6 para. 1 lit. b DSG-VO), if we thereby fulfill a legal obligation (see Art. 6 para. 1 lit. c DSGVO) or if we safeguard our legitimate interests (see Art. 6 para. 1 lit. f DSGVO). We conclude a so-called order processing agreement with order processors in accordance with Art. 28 DSGVO, according to which they also undertake to comply with data protection.

2.7 Hosting

This website is hosted on the servers of Hetzner Online GmbH. The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this website. In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of all users of this website. The legal basis for the use of hosting services is the protection of our legitimate interests in the analysis, optimization and the economic and secure operation of our website (see Art. 6 para. 1 lit. f DSGVO). We have concluded corresponding order data processing agreements with our hosting providers.

2.8 Access data / server log files

On the basis of our legitimate interest according to Art. 6 para. 1 lit. f DSGVO, we collect data about every access to our website (so-called web server log files). The processed data includes IP address, time of access, type of request, protocol, HTTP status, referer, browser type and version, operating system and the message about the successful retrieval. The data is used for statistical analysis for the purpose of operation, security and optimization of the offer. The data is stored for security reasons (e.g. for the clarification of cases of abuse) for a period of 7 days. The IP address is only stored anonymously. If longer storage is required for evidentiary purposes, they will be deleted after the final clarification of the matter.

2.9 Cookies

Furthermore, cookies are stored on your computer when you use our website. Cookies are small text files that enable specific information related to the device to be stored on the user's access device (PC, smartphone, other end devices). They are used for the user-friendliness of websites (e.g. storage of login data), the collection of statistical data on website usage and for analysis for the purpose of improving the website. Cookies cannot execute programs or transfer viruses to your computer.

You can prevent the storage of all or only certain cookies by setting your browser accordingly in the security settings. Cookies that have already been stored can be deleted in the browser. In these cases, however, the use of the website may be limited.

This website uses the following types of cookies:

• Transient (temporary) cookies
• Persistent (permanent) cookies

Transient cookies are automatically deleted when you close the browser or log out. These include in particular the session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website.

Persistent cookies are automatically deleted after a specified duration, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

Both types of cookies can come from us (then "first-party cookies") or from third parties ("third-party cookies").

Such cookies that enable the secure functioning of the website in the first place and such cookies that only statistically record the general usage behavior (eg. the access to the website at all as well as the time of access), without merging user data across websites, without using external servers or services and without establishing traceability, we use on the basis of our legitimate interest in a secure and functional provision of the website as well as for statistical purposes to optimize our Internet presence in accordance with Art. 6 para. 1 lit. f DSGVO.

The use of other cookies is based solely on your previously given consent in accordance with Art. 6 para. 1 lit. a DSGVO. Such cookies usually serve the optimization of our offer and the development and economic optimization of individual marketing measures. You can give your consent for the cookies and tools in question voluntarily when you call up our website for the first time. You can change your decision at any time on our website.

Disabling/objection to cookies:

You can generally object to the use of cookies that are used for range measurement and advertising purposes via the Network Advertising Initiative's deactivation page (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Furthermore, the storage of cookies can be prevented by setting this in the security settings of your browser. However, not all functions of this website may then be used.

These options apply to all cookies mentioned below, which we use for on this website.

2.10. Retargeting technology from The Trade Desk

This website uses the retargeting technology of The Trade Desk, Inc. ("The Trade Desk"). This feature is used to present interest-based adverts to visitors to the website as part of The Trade Desk advertising network.

The website visitor's browser stores so-called "cookies", text files which are stored on your computer, and which make it possible to recognize the visitor when he or she visits websites that belong to The Trade Desk's advertising network.

On these pages, the visitor can then be presented with adverts that relate to content that the visitor has previously accessed on websites that use The Trade Desk's retargeting technology.

According to The Trade Desk collects pseudonymized data during this process.

However, if you do not wish to use this retargeting function, you can deactivate it.

Please note that deactivation must be carried out separately for each browser or end device using one of the following methods:

•    Via the AdChoices icon in the advertising banner

•    Via https://www.youronlinechoices.com/

•    Directly at The Trade Desk here: https://www.adsrvr.org

•    For mobile apps: https://www.networkadvertising.org/mobile-choice and http://www.aboutads.info/choice

Further information on The Trade Desk's retargeting technology, The Trade Desk's privacy policy and opt-out options can be found at: https://www.thetradedesk.com/general/privacy.

2.11 eTracker

We use on our website the service etracker Analytics of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Imprint: https://www.etracker.com/impressum/ (hereinafter referred to as "etracker"). Here you can find FAQ from etracker regarding the DSGVO: https://www.etracker.com/docs/faq/eu-dsgvo/. You can access etracker's privacy policy here: www.etracker.com/datenschutz/. We have concluded a corresponding contract for order processing with the company etracker.  

We use etracker Analytics based on our legitimate interest according to Art. 6 para. 1 p. 1 lit. f DSGVO, in this case in the interest of evaluating our website and improving it for you as a user. As standard, etracker Analytics does not use cookies, but records the visit behavior (by means of purely technical parameters, such as the shortened IP address or the browser used) within a session (website visit) by means of cookieless session tracking. A fingerprinting process is used to generate a hash value (a combination of characters from which the original data cannot be derived) from purely technical data (such as the shortened IP address or the browser used), to which the date of the page call is also added in order to make it even less likely that the identity of the user can be deduced. This value is automatically deleted every 24 hours. Within the 24 hours, it is possible to analyze user behavior through this fingerprint.

You can object to the data processing at any time here:

https://www.etracker.com/docs/data-services/remarketing-feed/) as well as access to user profiles in real time are possible.

We maintain online presences within various so-called social media platforms. You can either reach our presences via search engines, via the platforms themselves or follow the links on our website to them. We would like to point out that on these platforms your data will be processed partly by us and partly by the platform operators, which may sometimes also take place outside the area of the European Union. For details of the processing, the risks and legal bases, etc., please compare the privacy statements linked below for the respective presences.

3.1 Instagram profile

Our privacy policy as well as the details of the responsible person (imprint) related to our Instagram profile can be found here: Privacy Policy | Imprint

3.2 Facebook FanPage

Our privacy policy as well as the details of the responsible person (imprint) related to our Facebook FanPage can be found here: Privacy Policy | Imprint

When contacting us (for example, by contact form, e-mail or via our Facebook account), your information will be processed for the purpose of processing the request and in the event that follow-up questions arise, pursuant to Art. 6 lit. b DSGVO. Your data will be deleted as soon as we have fully processed your request.

We would also like to point out the following:

As a pharmaceutical company, we are legally obligated to collect, document and, if necessary, report to the competent authorities inquiries that describe events relevant to drug and medical product safety. This report may also include personal data, such as your name, place of residence, health-related information or similar information about you, if you have explicitly and voluntarily disclosed it to us. In order to obtain further information, it may be necessary for URSAPHARM to contact you. The legal basis for this data processing is Art. 6 (1) c) DSGVO in conjunction with § 3 MPSV or § 63 c AMG. Furthermore, for reasons of pharmacovigilance, we are obliged in this case to store your data for at least 5 years for testing purposes in accordance with the legal requirements. After the end of the legal periods, your data will be deleted or anonymized.

REGISTRATION AND CONFIRMATION (DOUBLE-OPT-IN PROCEDURE)

The only mandatory information within the registration mask is your e-mail address. Any additional information you provide is voluntary (e.g. your name). Data provided voluntarily in addition to the e-mail address will be used for the purpose of personalizing the newsletter. The registration takes place by means of a double opt-in procedure. This means that after your registration you will receive an e-mail to the e-mail address you entered. This e-mail contains a link. By clicking on this link, you can confirm that you would like to receive our newsletter from now on. After confirmation, we will store your e-mail address as well as any additional data you voluntarily provide (the legal basis for this is Article 6 (1) sentence 1 lit. a DSGVO) in order to send you the newsletter in the future.

If this confirmation does not take place, the information provided to us (such as your e-mail address and other voluntarily provided data) will be deleted automatically without delay.

Furthermore, only your IP address and the times of newsletter registration, newsletter confirmation and newsletter unsubscription after sending the last newsletter will be stored by us for the period in which it is necessary for us to keep proof of your registration, including your confirmation and unsubscription, as well as to enable clarification of any misuse of your data (the time of deletion is thus determined by the statute of limitations for any claims).

CANCELLATION

You have the right to revoke your consent to receive our newsletter at any time and to unsubscribe from the newsletter without incurring any costs other than the transmission costs according to the basic rates. There are two ways to do this. Firstly, you can send us a corresponding e-mail to newsletter@hylo.sport or click on the "Unsubscribe from newsletter" link, which is present at the end of every newsletter you receive from us.

SERVICE PROVIDER CLEVERREACH

To send our newsletter, we use the email marketing tool of the company CleverReach GmbH & Co. KG, CRASH Building, Schafjückenweg 2, 26180 Rastede, Imprint: https://www.cleverreach.com/de/impressum/ (hereinafter referred to as "CleverReach"). For this purpose, we have concluded a corresponding contract for order processing with the company. Your data is stored exclusively on servers within the EU. You can access the data protection information of the company CleverReach here: https://www.cleverreach.com/de/datenschutz/.

We occasionally organize sweepstakes, which we advertise on our website and/or on our social media presences and for which one can register via a corresponding subpage on our website. 

In this respect, we cooperate with external agencies for the event. The details of the associated data processing can be found in the competition conditions. This also includes the specification of the agency that cooperates with us in the respective case and processes the data of the participants accordingly for the handling of the competition. Your data will therefore be passed on to these agencies. Otherwise, no data will be passed on.

Participation in a sweepstake usually requires registration of the participants with personal data, typically salutation, first name, last name and e-mail address. The data processing is based on Art. 6 para.1 lit. a DSGVO based on your consent given for this purpose. The respective conditions of participation apply.

The winners will be published anonymously (i.e. first name, shortened last name, shortened place of residence) on our website. The data will be used solely for the purpose of conducting the competition and, with the exception of the winner data, will be deleted after the winners have been determined. The winners' data will also be processed for the purpose of notifying the winners and sending the prizes, after which it will be deleted. Only with your express consent will it be used beyond this purpose, e.g. for newsletter dispatch. 

We have obligated the respective agencies, which act on our instructions in this regard, to comply with data protection laws, also and in particular in the sense of the above, and have concluded corresponding order processing agreements with them.

You can request information about your stored personal data free of charge at any time at the above address. In addition, you may, under certain conditions, request the correction or deletion of your stored personal data. Furthermore, you may have a right to restrict the processing of your data and a right to the return or transfer of the data you have provided in a structured, common and machine-readable format.

If the processing of your personal data is based on your consent, you also have the right to revoke your consent at any time. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this.

Right of objection

You have the right to object at any time to the processing of your personal data based on Art. 6 (1) f) DSGVO. An objection can be made in particular against processing for direct marketing purposes.

Furthermore, you have the possibility to address a complaint to the above-mentioned data protection officer or to a data protection supervisory authority.

The supervisory authority responsible for us is:

Independent Data Protection Center Saarland

The State Commissioner for Data Protection and Freedom of Information

Fritz-Dobisch-Strasse 12

66111 Saarbrücken

Telephone: (0681) 94781-0

Fax: (0681) 94781-29

E-mail: poststelle@datenschutz.saarland.de

If we transfer personal data to service providers outside the EU, we do so only in accordance with Art. 44 et seq. DSGVO, i.e. in principle only insofar as the third country has been confirmed by the EU Commission to have an adequate level of data protection or other adequate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place. Should we exceptionally deviate from this, we will always inform you accordingly in due time before the start of the processing and only start the processing after your prior, explicit, informed consent (Art. 49 para.1 lit.a DSGVO).