Apothekenportal

Privacy Policy

Privacy policy of PHOENIX Pharma-Einkauf GmbH 

It is important to us that the protection of your privacy is fully respected when processing personal data. We would therefore like to inform you below about the handling of your personal data when using our website/customer portal (hereinafter: "website") as well as in the context of existing business relationships or during a visit on site. Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable data subject is one who can be identified, directly or indirectly, in particular by reference to an identifier. An identifier may be, for example, the name, an identification number, location data, an online identifier, the IP address or other special characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person (hereinafter collectively referred to as "data"). For a better overview, we have divided our data protection information into the following sections: 

A: Responsible persons and data protection officers
Includes our contact details, the contact details of our data protection officer

B: Data processing when visiting our website
Includes all information in connection with the visit or active use of our website. 

C: Further data processing by us outside the website
Contains all information on data processing if you have a business relationship with us, if you visit us on website or if you contact us in any other way. 

D: Your rights, the reporting system and general information
Includes the information provided for fair and transparent processing, such as your rights and the LINK to our reporting system. 

 

A: Responsible persons and data protection officers 

The controller for the collection, processing and use of your personal data within the meaning of the GDPR is 

PHOENIX Pharma-Einkauf GmbH (We and/or PPE)
Pfingstweidstrasse 10-12 
68199 Mannheim
Phone: +49 6181 104 370

You can reach our data protection officer at datenschutz-PPE(at)phoenixgroup.eu or our postal address with the addition "the data protection officer". 

B: Data processing when visiting our website 

  1. You can visit our website without providing any personal information.  When using the website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server.
     
  2. For the purpose of the technical provision of the website, it is necessary that  We process certain automatically transmitted information from you so that your browser can display our website and you can use the website. This information is automatically collected each time you visit our website and stored in our server log files. This information relates to the computer system of the accessing computer. The following information is collected:
     
    • Date and time of the request
    • Content of the request (specific page)
    • Access status/HTTP status code
    • Amount of data transferred in each case
    • Website from which the request comes
    • Operating system and its interface
    • Language and version of the browser software 

      In addition to ensuring a smooth connection setup and convenient use of our website, the data collected is also used to ensure the system security of the website. 
       
  3. Cookies and similar technologies
    1. In the context of the use of our website, cookies, pixels and  similar technologies (hereinafter: "cookies") are used. Cookies are text files that are stored in the Internet browser or by the Internet browser on your computer system when you access a website. A cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
       
    2. When using cookies, we essentially distinguish between four categories:
      • Strictly necessary cookies
        Strictly necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies. 
         
      • Preference cookies - We do not use these cookie types 
        Preference cookies allow a website to remember information that influences the behavior or appearance of a website, such as your preferred language or the region you are in. 
         
      • Statistics cookies - We do not use these cookie types 
        Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.
         
      • Marketing cookies - We do not use these cookie types
        Marketing cookies are used to follow visitors on websites. The intention is to show ads that are relevant and engaging to the individual user and therefore more valuable to publishers and third party advertisers. 
         
    3. Unless otherwise described in the following section, we process your data in the context of the use of cookies on the basis of the following legal bases:
      1. To safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to be able to provide you with an attractive, technically functioning, high-performance and user-friendly website of our company and to ensure the system security of the website.
      2. to ensure the proper operation of the website, in particular to implement appropriate technical and organizational measures and to fulfill a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR
      3. and if you have given your consent to the processing of the data, in accordance with Art. 6 para. 1 lit. a GDPR. This applies in particular to marketing cookies and thirdparty tracking methods. Your consent pursuant to Section 25, paragr. 1, sentence 1 German Teleservices Data Protection Act (TDDSG)
      4. also constitutes the legal basis for the storage of non-essential cookies on the end device. 
         
  4. We process your data for the technical provision of our website on the basis of the following legal bases: For the performance of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR, insofar as you visit our website to find out about our range of goods or services; to ensure the proper operation of the website, in particular to implement appropriate technical and organizational measures and to fulfill a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR and to safeguard our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to be able to provide you with an attractive, technically functioning and userfriendly website of our company and to ensure the system security of the website
     
  5. Active use of the website In addition to the purely informational use of our website, you can also actively order medicines in accordance with  Section 73 (3) of the German Medicines Act (AMG) on the password-protected pharmacy portal of our affiliated company PHOENIX Pharmahandel GmbH & Co KG. Further data protection information on the pharmacy portal can be found  PHOENIX pharmacy portal (phoenix-apothekenportal.de)
     
  6. You can contact us via the contact email addresses provided on the Website or by telephone. For more information on how we process your data, when you contact us, please refer to section "C. - Other data processing by us outside the website" 

C: Further data processing by us outside the website
 

  1. Processing of your data in the context of business relationships (customers, suppliers and business partners) and general business communication 

    If you contact us, e.g. as part of a contract initiation process or if you have a contractual relationship with us, we will process your personal data. This also applies if you act as a contact person in a business relationship with us and are not a party to the contract yourself. 
     
    1. Depending on the processing operation, different data may be processed. Relevant personal data may include, for example: contact data (e.g. name, address, telephone number, e-mail address), identification data (e.g. extracts from the commercial register and ID card data), data relating to our business relationship (e.g. position, position and department in the company, supervisor, order data, payment data, creditworthiness data), photographs and video recordings (e.g. at events or visits to our company headquarters), system data (e.g. user name and ID or user ID, log data), date of birth and other data comparable to these categories.

    2. In order to protect your data against manipulation and unauthorized access, we have implemented state-of-the-art technical and organizational measures in our processing procedures and IT systems. 

      The data will be stored until the processing of the request has been completed or, in the context of our contractual relationship with you, until the end of the contractual relationship and then, for example, until the expiry of the statutory limitation or retention periods. 

    3. We process your data in the context of business relationships and general business communication on the basis of the following legal bases: to fulfill a contract or to carry out pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR; to fulfill a legal obligation in accordance with Art. 6 para. 1 lit. c GDPR and to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in selecting suitable business partners and managing them, as well as in defending against dangers and liability claims and avoiding (legal) risks. This also includes the protection of our property and the investigation of possible compliance violations, as well as the prevention of criminal offenses and the settlement of damages resulting from the business relationship. This also includes system security and stability requirements and our interest in documenting (corporate) events for communication and marketing purposes.
       
  2. Processing of data for law enforcement purposes 
    We also process your personal data in order to assert our rights and enforce our legal claims. We also process your personal data in order to be able to defend ourselves against legal claims. Finally, we process your personal data insofar as this is necessary for the prevention or prosecution of criminal offenses. We process your personal data for this purpose on the following legal basis: To protect our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offenses; to fulfill a legal obligation to which we are subject pursuant to Art. 6 para. 1 lit. c GDPR in conjunction with, among others, commercial, trade or tax law, insofar as we are obliged to record and store your data. 
     
  3. Transmission of personal data
    1. Within the Group companies 
      PPE may transfer the personal data of business partners/customers (natural persons) or their employees, agents, guarantors, etc. within the affiliated companies for internal administrative purposes (e.g. accounts receivable management, controlling, risk management, indirect purchasing, compliance with legal obligations such as tax returns, money laundering or compliance with international sanctions guidelines).
    2. External receivers 
      Personal data may also be passed on to third parties (e.g. lawyers, auditors, banks, insurance companies, law enforcement agencies, transport companies, etc.) if there is a legitimate interest or a legal obligation. 

      In addition, personal data of business partners/customers may be passed on to state authorities and other institutions if this is required by law (e.g. control bodies such as the tax office, the Federal Opium Agency, customs, law enforcement authorities, executors of wills, insolvency administrators, etc.). The legal basis for this is Art. 6 para. 1 lit. c GDPR. 
       
    3. Order processing 
      In some cases, we use external service providers/processors to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. 

      Personal data is sometimes also processed in countries outside the European Union ("EU") or the European Economic Area ("EEA"), where the level of data protection may generally be lower than in Europe. In these cases, we ensure that an adequate level of data protection is guaranteed for this data, e.g. through contractual agreements with our contractual partners. 

 

D: Your rights, the reporting system and general information 

  1. your rights 
    Below we would also like to inform you about your rights under the GDPR: 

     

    1. Right to information 
      You are entitled at any time to request information free of charge within the scope of Art. 15 GDPR about, among other things, your data processed by us, the processing purposes, the categories of recipients, the planned storage period or, in the case of third country transfers, the appropriate guarantees.
       
    2. Right to rectification, erasure, restriction of processing 
      If your data processed by us is incorrect, incomplete or its processing is inadmissible, you can demand that we correct or supplement your data, restrict processing or delete the data to the extent permitted by law, Art. 16, 17 and 18 GDPR. The right to erasure does not exist, inter alia, if the processing of personal data is necessary for (i) the exercise of the right to freedom of expression and information, (ii) for compliance with a legal obligation to which we are subject (e.g. statutory retention obligations) or (iii) for the establishment, exercise or defense of legal claims.
       
    3. Right to data portability 
      If you have provided us with your data on the basis of your consent or as part of an existing contractual relationship with us, we will make this data available to you in a structured, commonly used and machine-readable format at your request or - where technically feasible - transmit it to a third party designated by you.
       
    4. Right to object 
      If we process your data on the basis of a legitimate interest, you can object to this processing in accordance with Art. 21 GDPR for reasons arising from your particular situation. The right to object exists only within the limits provided for in Art. 21 GDPR. In addition, our interests may conflict with the termination of processing, so that we are entitled to process your personal data despite your objection
       
    5. 1.6 Consent/revocation
      In the event that you give or have given us your consent to collect, process or use your data, you can revoke this consent at any time with effect for the future by contacting the office named under Section A. 

      You also have the right to object, on grounds relating to your particular situation, at any time to processing of data concerning you by us which is based on point (e) of Article 6(1) GDPR (performance of a task carried out in the public interest) or point (f) of Article 6(1) GDPR (legitimate interest of the controller). In this case, we will no longer process the data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. 

      If the data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of this data for the purpose of such marketing. If you object to processing for direct marketing purposes, the data will no longer be processed for these purposes.
       
    6. Right of appeal 
      If you have any questions, suggestions or criticism, please contact our data protection officer (see section A). 

      You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of data relating to you infringes the GDPR, subject to the conditions of Art. 77 GDPR. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy. 

      However, we recommend that you always address a complaint  our data protection officer first.
       
  2. Reporting system for data protection incidents 
    The PHOENIXgroup and its affiliated companies within the meaning of Sections 15 et seq. of the German Stock Corporation Act (AktG) have set up a web-based reporting system that provides employees, business partners, customers and third parties with a simple system for reporting data incidents or problems. These reports are taken seriously, reviewed and serve to improve the protection of personal data. 

    We process your data when using our reporting system for data protection incidents on the basis of the following legal bases: to fulfill a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR and to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to offer you an easy way to report data protection incidents. 

    You can access this reporting system at any time via: https:

    To explain the background to the reporting system in more detail, we have also answered some frequently asked questions below: 

    When should I report an incident?
    PPE is obliged to notify the supervisory authority within 72 hours of becoming aware of an incident, so all incidents must be reported immediately via the online reporting tool. 

    Which data protection incidents should be reported and how?
    All incidents involving personal data must be reported to the data protection officers via the online reporting tool. 

    What is a data protection incident?
    Data protection incidents are all events that have led or could lead to an accidental or intentional loss of personal data (electronic or paper) or to the destruction of data or unauthorized access to data (e.g. loss or theft of laptops, smartphones, paper documents, prescriptions). 

    What happens after I have submitted a report?
    The Data Protection Officers will review the report and contact you to obtain further information or, if necessary, assist you with the actions to be taken following the incident. 
     
  3. General information 
    We reserve the right to change our privacy policy. This may become necessary in particular due to technical developments. We therefore ask you to call up the data protection declaration again from time to time and to observe the current version. 

    If you have any further questions about the processing of your personal data, please contact the responsible data protection officer. 

 

Last updated in September 2024