In processing your personal data, the protection of your privacy is very important to us. We therefore collect and process your data in accordance with statutory requirements, most notably the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). With this Privacy Statement we wish to inform you about the key aspects of data processing (also in connection with our website).
When you visit our website, our web servers routinely save details of your internet service provider’s IP address, the website from which you were referred to us, which of our web pages you visit, and the date and duration of your visit. This information is necessary for the technical transmission of the web pages and secure server operation. These data are not evaluated on a personalised basis. If you send us data by means of the contact form, these data will be stored on our servers in the course of data backup. We exclusively use your data to process your enquiry/request. Your data are treated in strict confidence. They are not shared with any third party.
1. Data controller
The data controller of all data processing procedures set out here is:
WINpharma Herstellungs- und Vertriebs-GmbH
Mr. Peter Kanzlsperger
Untere Hauptstraße 10
Tel.: +43 (0) 2746 21008
Our Data Protection Officer is:
Mr. Werner Wiatrek
2. Type, scope and source of collected data
WINpharma Herstellungs- und Vertriebs-GmbH collects personal data from you, usually by telephone, e-mail or our online services (contact form on our websites). In doing so, we only collect those personal data that are necessary to fulfil the given contractual purpose (principle of data minimisation). Any other data provided is on a voluntary basis.
WINpharma Herstellungs- und Vertriebs-GmbH collects and processes:
• Basic customer data such as your name, address and telephone number.
• Invoicing data (invoicing address that differs from your home address).
• Online traffic data to initiate and maintain a contractual relationship by electronic means of communication, e.g. your e-mail address.
As a rule, you provide us with these data with your order/request.
2.1 Data collection via our online services
The provider of the websites automatically collects and stores information in what are known as server log files that your browser automatically transmits to us. These files may contain the following:
• Date and time of the server request
• Name of requested file
• Page from which the file was requested
• Access status
• Your browser type and version
• The operating system you are using
• Host name of the computer being used (IP address).
Most of the cookies we use are so-called “session cookies”. They are automatically erased when you leave our website. Other cookies remain on your end device until you erase them. These cookies allow us to recognise your browser the next time you visit. You can adjust your browser settings so that you are informed about the placement of cookies, so that only individual cookies are permitted, so that cookies are only allowed in certain cases or are completed blocked, or so that cookies are automatically deactivated when you close your browser. If you deactivate cookies, our website functionality may be limited. Cookies that are necessary for the electronic communication process or to provide certain functions that you want, are placed on the basis of Art. 6, 1 (f) GDPR. The website operator has a legitimate interest in placing cookies for the technically error-free and optimised provision of its services. Your interests as the data subject do not outweigh the placement of these cookies.
This website uses Google Analytics, a web analysis service owned by Google Inc. (“Google”). This use is on the basis of Art. 6, 1 (f) GDPR. Google Analytics generates cookies that collect information about your use of the website (time, place, frequency, IP address). As a rule, these data are transferred to a Google server in the USA where they are stored.
The IP address transferred from your browser by Google Analytics is not associated with other data held by Google. We also use the extension “anonymizeIP” on this website in conjunction with Google Analytics. This guarantees that your IP address is masked, so that all data are collected anonymously. It is only in exceptional cases that the full IP address is transmitted to a Google server in the USA and abbreviated there.
Google uses this information on behalf of the operator of this website to evaluate your use of the website, to create reports about website activity, and to provide other associated services to the website operator in connection with website and internet usage. You can prevent the placement of cookies by adjusting your browser settings. We would however point out that if you do so, you may not be able to make full use of all of this website’s functionalities.
You can moreover prevent the collection and processing by Google of data generated by the cookie that relates to your use of the website (incl. your IP address) by downloading and installing the browser plugin provided in the following link:
You can refer to Google Analytics Help for further privacy information in connection with Google Analytics.
3. Purposes for which we process personal data; legitimation
We collect and process your data for the following purposes:
• to conclude and fulfil a contract and to provide customer service
• to inform you about WINpharma Herstellungs- und Vertriebs-GmbH’s services
• for statistical evaluation relating to the traceability of medical products (complaints), to develop measures on the basis of calculated key
figures and to analyse existing contractual relationships with regard to their maintenance, improvement or termination
• in order to send you product information
• to comply with statutory obligations or official directives.
Processing is in accordance with statutory provisions incl. the GDPR and the BDSG.
4. Type and manner of data processing
WINpharma Herstellungs- und Vertriebs-GmbH ensures that your personal data are processed in such a way that the privacy of your data is guaranteed. The data are processed both electronically and on paper whereby we observe security standards to protect your privacy and to prevent unauthorised parties from gaining access to the data. We have taken comprehensive technical and organisational precautions to protect the data you have given to us against loss, manipulation, destruction and unauthorised access. Our security measures are in line with technological developments and, in keeping with statutory requirements, are improved on an ongoing basis.
5. Data recipients
The data controller is WINpharma Herstellungs- und Vertriebs-GmbH. It stores all data required for contract performance and customer service in its IT systems. All service providers whom we contract are inspected beforehand with regard to their data protection standard and we obligate them to comply with statutory data protection requirements. Data are not otherwise shared with any third party we contract, save where we are legally entitled and/or obliged to do so and/or we have received your prior consent. Data are not transmitted to third countries or to international organisations.
6. Retention of data
WINpharma Herstellungs- und Vertriebs-GmbH stores your customer data for the period necessary for the performance of the contractual relationship(s) and, where a legitimate interest exists (e.g. outstanding payments), after the contractual relationship comes to an end. Data retention is based on statutory retention periods which may extend for up to 30 years, as in the case of Art. 195 ff of the Federal Civil Code (BGB), whereby the usual retention period is three years. We are moreover also subject to various retention and documentation obligations arising out of the Commercial Code (HGB) and the Medical Products Act (MPG). The periods set out there for retention and documentation range from six to ten years.
7. Rights of the data subject
WINpharma Herstellungs- und Vertriebs-GmbH upholds and protects your rights in accordance with the GDPR.
You most notably have the right
• to request information from us on whether we are processing your personal data. If we are, you may obtain information about that personal
data and all purposes for which they are being processed and used.
• to the rectification, erasure and restriction of processing of your personal data provided there are no statutory requirements to prevent same.
• to be given your data in a structured, commonly used and machine-readable format.
• to withdraw your consent to the use of voluntarily shared data e.g. your telephone number.
To exercise your rights, please write to: WINpharma Herstellungs- und Vertriebs-GmbH, Untere Hauptstraße 10, A-3150 Wilhelmsburg, E-mail: email@example.com – specifying your contact details.
If you are of the opinion that the processing your personal data violates the GDPR, you may lodge a complaint with a supervisory authority, in particular in the member state in which you are resident or have your workplace, or in the place where the alleged violation occurred.