Regina Vollmert, Production Assistant
MEDICE The family company stands for reliable medicines. I've been giving my best for this since 1994.
Regina Vollmert, Production Assistant
You are here: Home / Service from MEDICE. / Data protection / Data Protection Information according to EU-GDPR

Data Protection Information according to EU-GDPR

Data Protection Information according to EU-GDPR for natural persons

Medice Arzneimittel Pütter GmbH & Co. KG

The following information shall give you an overview about the processing of your personal data by our company and your data protection rights. Which categories of data we process is determined by the kind of business and level of contact you maintain with us (e.g. visiting our websites, inquiries by phone, visits by our field force, participation in promotional activities, ordering of our products).
 

1. Who is responsible for data processing? Who is my point of contact?

The Controller is:

Medice Arzneimittel Pütter GmbH & Co. KG (in this document „Medice“ or „We“)
Kuhloweg 37
58638 Iserlohn
telephone:                 +49 (0)2371 937 0
fax:                              +49 (0)2371 937 329
e-mail:                        info@medice.de

You may contact our Data Protection Officer any time:

Medice Arzneimittel Pütter GmbH & Co. KG
Datenschutz
Kuhloweg 37
58638 Iserlohn
telephone:                 +49 (0)2371 937 0
fax:                              +49 (0)2371 937 329
e-mail:                        datenschutz@medice.de

 

2. What kind of personal data is processed by Medice? Where is such personal data sourced from?

We process personal data that has been received in the course of our business relationship from interested persons (including visitors to our websites), job applicants, customers, patients, vendors and suppliers. Furthermore, we process personal data – as far as necessary for provision of our services – lawfully received from other companies within the Medice group of companies or third parties (e.g. credit bureaus,  public authorities, partner companies), e.g. to provide our services, to fulfil contractual claims, to comply with the law or due to your consent. Additionally, we source personal data from public sources (e.g. public registries, media, and internet) that we may lawfully process.

Personal data from…

interested parties are e.g.

Master data, communications data, data to answer general inquiries directed to us or to facilitate a transaction (e.g. interest in a product, inclusion into promotional communications), data to use our web services

job applicants are e.g.

Master data, communications data, employment relevant data (e.g. from letters, CVs, certificates), social data

patients are e.g.

Master data, communications data, data to answer inquiries regarding medical questions, data to comply with legal requirements regarding reports and documentation (includes medical data), and data for quality control of our products. In case of clinical trials, Medice only processes anonymized or pseudonymised data.

customers, suppliers, vendors are e.g.

Master data, communications data, data to establish and maintain a business relationship (e.g. credit information, tax information, banking contacts), data regarding past or present business, consent for direct marketing, visits from our field force, data to comply with the law, qualification certificates, and data to collect legal claims.

 

3. For what purpose does Medice process my personal data? What is the legal basis?

We process the aforementioned categories of personal data within the framework of EU-GDPR and the German Bundesdatenschutzgesetz (Federal Law on Data Protection, BDSG):

a. Due to your consent (Article 6 Sec. 1 a GDPR)

As far as you have consented to processing of your personal data for specific purposes, the processing is lawful. You may withdraw your consent at any time. This also applies to consent you may have given us before coming into force of GDPR on May 25, 2018.

Please note that withdrawing your consent only applies to further processing of your personal data. Processing in the past is not subject to you withdrawing your consent

Regardless of you withdrawing your consent, the processing of your personal data by Medice may still be lawful, e.g. if required by legal statutes or if our legitimate interests in processing your personal data override your interests. This may be the case when it comes to statutory requirements of documentation, to collect legal claims or to defend against such claims or to prosecute crimes.

Further information on your right to withdraw consent is given in section 7 of this document.

b. For the performance of a contract (Article 6 Sec. 1 b GDPR)

Processing of personal data may occur to deliver our goods and services in performance of contracts with our customers or to facilitate pre-contractual measures due to your request. Further details are given in our contract forms and business clauses.

c. Due to statutory laws (Article 6 Sec. 1 c GDPR) or in the public interest (Article 6 Abs. 1 e GDPR)

As a pharmaceutical company Medice is bound by various legal obligations that require processing of personal data. These are statutory requirements (e.g. tax laws, accounting standards, pharmaceutical law) and regulations by public authorities (e.g. European Medicines Agency, Federal Institute for Drugs and Medical Devices, District Government).

Purpose of such processing is e.g. compliance with tax inspections and documentation of tax-relevant records, working of our pharma covigilance system, product-centered quality control, track and trace of product batches, measures against corruption, fraud and money laundering, assessment and steering of risks within the Medice group of companies.

d. Due to balancing of interests (Article 6 Sec. 1 f DSGVO)

As far as necessary, we process your personal data outside the scope of our contractual relationship, if this is necessary for our legitimate interests. Examples are:

  • Consultation by and data exchange with credit bureaus (e.g. Schufa)
  • Determination of credit risks
  • Inspection and optimization of our processes regarding the customer relationship, including the definition of customers sections and probabilities of orders
  • Direct marketing and market research, as far as you have not objected to such data processing
  • Collection of and defense against legal claims
  • Maintaining IT-security and IT-services of Medice
  • Prevention and prosecution of crimes
  • Measures to safeguard buildings and installations (e.g. access control)
  • Measures to enforce our domiciliary rights
  • Measures to steer our business and to develop our services and products
  • Steering of risks within the Medice group of companies

 

4. Who can access my personal data?

Within Medice only those people have access to your personal data who need them to fulfil our contractual or statutory obligations.

We may use external parties as data processors, if they comply with our data protection instructions. The relevant companies are listed below.

We may forward your personal data only if permitted by law, if you have consented or if third parties appointed by us guarantee for implementation of GDPR and BDSG.

Under those premises the following parties may receive personal data:

  • Members of the Medice group of companies, as far as necessary to the purpose of the data processing.
  • Public authorities and institutions (e.g. European Medicines Agency, Federal Institute for Drugs and Medical Devices, District Government, European Central Bank, Federal Central Tax Office, other tax authorities, prosecutors offices) if we are bound by statute or ordered to act by such authority
  • Data processors that process on our behalf your personal data within our business relationship, e.g. archival services, field force, receipts, call centers, controlling, compliance, pharma-covigilance, data destruction, purchasing, claims collection, customer administration, letter shops, marketing, media equipment, reporting system, support and maintenance of IT equipment, risk controlling, telephone systems, delivery services, website management, payment facilitation.
  • Professional service providers that are bound by law to keep confidentiality (e.g. attorneys, tax advisors, auditors)
     

Furthermore, third parties may process your personal data with your consent.
 

5. Are personal data submitted to Third Countries or International Organizations?

Data transfers to countries outside the European Union or the European Economic Area (so called Third Countries) are restricted to cases where this is necessary in the course of the business relationship (e.g. payment orders, delivery of goods) or stipulated by statutory law (e.g. tax law or pharmaceutical law, especially on reporting of adverse events), cases where you may have given consent or – rarely – for data processing by a vendor. If we use third party vendors for data processing, those are contractually bound by standard clauses to adhere to European levels of data protection.
 

6. For how long are my personal data stored?

We store and process your personal data as long as necessary to perform our contractual and statutory obligations as well as to collect claims or defend against claims.

If your personal data is not required anymore for performance of our contractual obligations, those data are erased, except if the limited on-going processing is required for the following purposes:

Compliance with commercial law, tax law and pharmaceutical law: 2-15 years
Maintenance of evidence within the framework of the statute of limitations under German civil code (BGB): According to §§ 195 ff. BGB those are up to 30 years, even though the regular statute of limitations is 3 years.
 

7. What are my rights regarding data processing?

You as the data subject have

  • a right to access (Art. 15 GDPR)
  • a right to rectification (Art. 16 GDPR)
  • a right to erasure (Art. 17 GDPR)
  • a right to restriction of processing (Art. 18 GDPR)
  • a right to data portability (Art. 20 GDPR)
  • a right to object (Art. 21 GDPR)

 

For your right to access and erasure the restrictions under §§ 34 and 35 of the BDSG apply. Also, you have a right to lodge a complaint with a data protection authority (Art. 77 GDPR and § 19 BDSG).

You may withdraw your consent for data processing at any time. This also applies to consent you may have given us before coming into force of GDPR on May 25, 2018. Please note that withdrawing your consent only applies to further processing of your personal data. Processing in the past is not subject to you withdrawing your consent.

Please not our special information on your right to object according to Art. 21 GDPR under www.medice.de/datenschutzerklaerung.
 

8. Am I obligated to provide personal data to Medice?

In the course of a business relationship with Medice you must provide those personal data to us that are necessary to establish and maintain such business relationship, are necessary to perform a contract or are mandated by law. Without such data we may usually not be able to enter into an agreement or contract with you or to provide you with goods and services.
 

9. Is there an automated individual decision making process (including profiling)?

To establish and maintain a business relationship we principally do not use a fully automated individual decision making process in the meaning of Art. 22 GDPR. If we use such procedures in certain cases we will inform you separately, if such information is legally required.

 

10. Does Medice use profiling?

We partly process your personal data automatically with the aim to assess certain aspects of your person (profiling). We use profiling e.g. in the following cases:

  • to inform you about our products that may interest you, we use analytics tools. Those are used to advertise according to your perceived interests and need and include marketing and market research.
  • to assess your credit-worthiness we may use scoring in certain cases. Such scoring includes past experiences from our mutual business relationship, publicly available data and information from credit bureaus.

 

Medice reserves the right to amend these Data Protection Information form time to time and to publish those on www.medice.de.