We are delighted that you have visited our website and are interested in our company. The protection of your personal data is important to us. In the following we provide information according to Art. 12, 13 and 21 of the General Data Protection Regulation (GDPR) about the handling of your personal data when you use our website https://www.femannose.com/.
Personal data are individual pieces of information on personal or material circumstances of an identified or identifiable natural person. This includes information such as name, address, telephone number and date of birth.
MCM Klosterfrau Vertriebsgesellschaft mbH
II. Data protection officer
Bugl & Kollegen
Mr Alexander Bugl
Telephone office: 0941-630 49 789
Mobile: 0176-10 31 26 88
III. Purpose and legal foundation of data processing
1. Informational use of the website
You may visit our website without providing personal information. If you merely use our website for informational purposes or otherwise transmit personal information, we do not process personal data, with the exception of data which is transmitted by your browser in order to permit you to visit the website.
Technical provision of the website
For the technical provision of the website it is necessary for us to process certain automatically transmitted information about you so that your browser can show our website and you can use it. This information is automatically collected every time our website is visited and stored in our server logfiles. This information refers to the computer system of the requesting computer. The following information is collected here:
- IP address
- Browser type/version (for example: Firefox 59.0.2 (64 bit))
- Browser language (for example: German)
- Operating system used (for example: Windows 10)
- Internal resolution of the browser window
- Screen resolution
- Java on / off
- Cookies on / off
- Colour depth
- Time of access
We do not use the information we have collected about you using the above mentioned cookies to create user profiles or to analyse your surfing behaviour.
We process your personal data for the technical provision of our website on the basis of the following legal foundations
- To satisfy a contract or to conduct pre-contractual measures in accordance with Art. 6 (1) lit. b GDPR where you visit our website for informational purpose; and
- To safeguard our legitimate interests under Art. 6 (1) lit. f GDPR in order to be able to technically provide the website to you. Our legitimate interest here is to provide you with an attractive technically functioning and user friendly website and to take measures to protect our website from cyber risks and to prevent cyber risks emanating from our website for third parties.
Content Delivery Network (CDN)
As a part of this, we use so-called Content Delivery Networks (CDN) in order to present the content of our pages as quickly as possible and to reduce the page load time for the end user. For this purpose, the request of the files by the server causes data such as the IP address (or other information as stated above) to be transmitted to the CDN server and to be stored there in logfiles. By storing the content, the CDNs help to present the content quickly and flexibly on all terminal devices even if the traffic on our website increases. The two following networks are currently used: unpkg.com, cdnjs.cloudflare.com.
SSL and TLS encryption
This website uses an SSL or TLS encryption for safety reasons and to protect the transmission of confidential content such as inquiries which you send to us as website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar.
If the SSL or TLS encryption is activated, the data that you send to us cannot be read by third parties.
For the purposes of marketing and remarketing we use Google Analytics, DoubleClick, the Google Tag Manager and therefore cookies as well as the tools explained in the following.
We only process your personal data if you have given your consent to this.
Analysis tools, marketing und remarketing
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files which are stored on your computer and facilitate an analysis of your use of the website. The information generated by the cookie on your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the analysis of the user behaviour in order to optimise both its web offer and marketing.
The information generated by cookies about your use of the website e. g.
- Browser type/version (for example: Firefox 59.0.2 (64 bit))
- Operating system used (for example: Windows 10)
- IP address
- Time of access
is usually transmitted to a Google server in the USA and stored there.
In case IP-anonymization is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area.
Google is certified under the privacy shield agreement and therefore offers a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Objection to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie is set which prevents the collection of your data for future visits to this website:
Deactivate Google Analytics
You can prevent the storage of cookies by setting your browser software accordingly. We would like to point out, however, that in this case you may possibly not be able to use all functions of this website to the full. You can also prevent the collection of the data generated by the cookie and relating to your use of the website (including your IP address) by Google as well as the processing of these data by Google by downloading the browser plugin available at the following link and installing it: https://tools.google.com/dlpage/gaoptout?hl=de.
Further information on the handling of user data at Google Analytics is provided by the data protection policy of Google: https://support.google.com/analytics/answer/6004245?hl=de.
The personal data of the user are deleted after 14 months or anonymised. We use Google Analytics in order to show the adverts placed within the advertising services of Google and its partners only to those users who have also shown an interest in our online offer or who have specific features (e.g. interest in specific subjects or products which are determined on the basis of the websites visited) which we send to Google (so-called “remarketing” or “Google Analytics audiences”). With the aid of the remarketing audiences we also wish to ensure that our adverts are in line with potential interests of the users.
We have activated the IP anonymisation function on this website. As a result, your IP address is abbreviated by Google within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website in order to compile reports on the website activities and to provide services associated with the use of the website and the use of the internet to the website operator. The IP address transmitted by your browser within the framework of Google Analytics will not be merged with other Google data.
Google Tag Manager
We use the Google Tag Manager from Google on our website. The Google Tag Manager is a solution using which advertisers can manage web page tags via a user interface. The Google Tag Manager itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The Google Tag Manager service facilitates the triggering of other tags which for their part may collect data under certain circumstances. Google Tag Manager does not access these data. If a deactivation was made at the domain or cookie level, it continues to exist for all tracking tags which are implemented using Google Tag Manager.
We use the software Hotjar (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe) to improve the user experience on our web pages. Using Hotjar we can measure and analyse the user behaviour (mouse movements, clicks, scroll height etc.) on our web pages and analyse them. For this purpose, Hotjar places cookies on the terminal devices of users and can store data of users such as browser information, operating system, retention time on the page etc.
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and commercial operation of our online offer within the meaning of Art. 6 (1) lit. f. GDPR), we use the online marketing services of the provider Criteo GmbH, Gewürzmühlstr. 11, 80538 Munich, Germany.
The services provided by Criteo permit us to show adverts for and on our website in a more targeted manner so as to only present advertisements to users which potentially match their interests. If adverts are shown to a user for products which he was interested in on other websites, for example, reference is made here to “remarketing”. For these purposes, on visiting our and other websites in which Criteo is active, Criteo directly conducts a Criteo code and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are incorporated in the website. With their assistance an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). This file notes which websites the user has visited, for which content he has shown interest and which offers he has clicked and furthermore provides technical information on the browser and operating system, referring websites, visit time as well as other information on the use of the online offer. The above mentioned information can also be linked with information from other sources by Criteo. When the user then visits other websites adverts, attuned to him can be shown in line with his interests.
The user’s data are processed pseudonymously, i.e. no clear data of the user (such as name) are processed and the IP addresses of the users are abbreviated. The data are processed only on the basis of an online ID, a technical ID. Any IDs (e.g. of a customer support system) or email addresses communicated to Criteo are encrypted as so-called hash values and stored as a string of characters which do not permit identification.
Further information and possibilities to object (opt-out) to collection by Criteo are provided in the data protection policy of Criteo: https://www.criteo.com/de/privacy/.
ADITION technologies AG
Data for marketing and optimisation purposes are collected and stored on this website using the ADITION adserving technology from ADITION technologies AG. Pseudonymised user profiles may be created from these data. Cookies may be used for this purpose. The data collected using the ADITION adserving technology are not used to personally identify the visitors to this website and are not merged with personal data on the holder of the pseudonym. ADITION technologies AG does not store personal data by placing cookies. All information merely contains technical information such as the browser used and the installed operating system. The collection and storage of data can be objected to at any time with effect for the future. An opt-out function is available for this purpose on the company website.
b. Social media links
Links to the services Twitter, Facebook, Google+ and Google Maps are incorporated in our website. After clicking the link you are forwarded to the page of the respective provider, i.e. only then is user information transmitted to the respective provider. Information on the handling of your data when using the websites of other providers is provided by the respective data protection policies of these providers.
The so-called “Facebook Pixel” of the social network Facebook which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are domiciled in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, (“Facebook”) is used in our website based on our legitimate interest in the analysis, optimisation and commercial operation of our online offer.
Using the Facebook Pixel, Facebook is able firstly to determine the visitors to our website as target group for adverts (so-called “Facebook ads”).
Data is processed by Facebook based on Facebook’s data use policy. General information on the presentation of Facebook Ads can be found in Facebook’s data use policy: https://www.facebook.com/policy.php
Special information and details on the Facebook Pixel and how it works are provided in the help area of Facebook: https://www.facebook.com/business/help/651294705016616
You can object to the collection and use of your data by Facebook Pixel for Facebook ads. To set which type of ads are shown to you within Facebook you can visit the page set up by Facebook and follow the instructions on settings for use-based advertising: https://www.facebook.com/settings?tab=ads
The settings are made irrespective of platform, i.e. they are accepted for all devices such as desktop computer or mobile devices.
Plugins and tools
We use “Google reCAPTCHA” (referred to in the following as “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
reCAPTCHA checks whether the data input on our website (e.g. in a contact form) is performed by a human or an automatic program. For this purpose, reCAPTCHA analyses the behaviour of website visitors using different features. This analysis starts automatically as soon as the website visitor enters the website. For analysis purposes reCAPTCHA assesses different information (e.g. IP address, amount of time spent by the website visitor on the website or mouse movements of the user). The data recorded during analysis are passed on to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
Data is processed on the foundation of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated espionage and spam.
Further information on Google reCAPTCHA and the data protection policy of Google can be found in the following links: https://www.google.com/intl/de/policies/privacy
Our website uses plugins from the YouTube page operated by Google. Operator of the website is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
Whenever you visit one of our pages equipped with a YouTube plugin, a link to the servers of YouTube is created. The YouTube server is notified about which of our pages you have visited.
If you are logged in to your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging off from your YouTube account.
YouTube is used in the interest of presenting our website in an attractive manner. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.
Further information on the handling of user data is provided in YouTube data protection policy at: https://www.google.de/intl/de/policies/privacy.
We use the online survey tool SurveyMonkey for the surveys, which is offered by SurveyMonkey Europe with registered office in 2 Shelbourne Buildings, Second Floor, Shelbourne Road, Dublin 4, Ireland (“SurveyMonkey”). In connection with the collection, use and storage of personal data, SurveyMonkey observes the Safe Harbor guidelines developed by the US Ministry of Trade for the handling of personal data from EU Member States.
We would like to explicitly point out that SurveyMonkey reserves the right to collect, process, use and pass on information and analyses for its own purposes. For this purpose, cookies, ad tracking and IP addresses in particular are used or collected. SurveyMonkey also reserves the right to pass on this information to third parties, also to other countries and to the USA. More detailed information is provided in the corresponding passages of SurveyMonkey’s data protection policy.
We also make particular reference to the fact that SurveyMonkey does not support 'Do not track' so that users may be tracked.
If you participate in this survey, you consent to your data, such as IP address, name and other data provided by you as part of the survey, being stored on SurveyMonkey’s servers. The then applicable data protection conditions of SurveyMonkey can be obtained at https://de.surveymonkey.net/mp/policy/privacy-policy/.
SurveyMonkey Inc. participates in the EU-US privacy shield agreement and in the privacy shield agreement between the USA and Switzerland and has confirmed compliance with these agreements. SurveyMonkey commits to treating all personal information and data received from Member States of the European Union (EU) and Switzerland on the basis of the privacy shield agreement and accordingly its applicable principles. Further information on the privacy shield agreement may be obtained from the privacy shield list of the USA Ministry of Trade. https://www.privacyshield.gov/.
2. Active use of the website
In addition to the purely informational use of our website, you can also use our website actively to get into contact with us. In addition to the above mentioned processing of your personal data for purely informational use, we also process further personal data which we require to answer your inquiry.
In order to be able to process and answer your inquiries to us, e.g. via the contact form or to our email address, we process the personal data you have communicated to us in this connection. This includes at all events your name and your email address in order to send you an answer as well as the other information which you send to us in your communication.
We process your personal data to answer contact inquiries on the basis of the following legal foundations:
- To safeguard our legitimate interests pursuant to Art. 6 (1) lit. f GDPR; our legitimate interest consists in the correct answering of contact requests.
Information from the specialist area
Some areas of our website are only accessible to users from specific specialised areas due to statutory requirements in part, e.g. pharmacists and doctors as well as their employees. In order to select these pages, you must be registered as a user at Klosterfrau or DocCheck Medical Services GmbH (www.doccheck.de). When you register with Klosterfrau we store your personal data requested on registration as well as the user ID assigned to you and your password. We use these data exclusively to check your access authorisation. Whenever you use a user ID which is registered at DocCheck, we send an authentication inquiry to DocCheck for every login to the protected area which is checked there without receiving information on your identity.
We process your personal data on the basis of the following legal foundation: consent in accordance with Art. 6 (1) lit. b) DGPR.
Our digital database is an exclusive service for our partners for the areas of pharmacy, media, advertising, trade and medicine. If you belong to a professional group from these areas and do not as yet have access to the image database, you can request the access data (ID and password) via a registration form which we provide on our websites. The data requested there are only used to check your access authorisation. In order to be able to provide a selection of images which is in line with your requirements as far as possible, we analyse the request frequency of the offered images. In all these analyses you remain anonymous as user. The same applies if you have logged in to the specialised area where the image database is similarly available to you without any further access check.
We process your personal data on the basis of the following legal foundation: consent in accordance with Art. 6 (1) lit. b) GDPR.
If you would like to subscribe to the newsletter offered on our website, we need an email address as well as information which permits us to check whether you are the holder of the specified email address and are agreed to the receipt of the newsletter (double-opt-in process). Further data are not collected. We use these data exclusively to send the requested information and do not pass them on to third parties.
The consent given to store data, the email address as well as its use to send the newsletter can be withdrawn at any time by using the “Unsubscribe” link in the newsletter, for example.
Use of web fonts
External fonts, Google Fonts, are used in this website. Google Fonts is a service of Google Inc. (“Google”). These web fonts are incorporated by visiting the server, usually a server in the USA. The server is notified which of our web pages you have visited. The IP address of the browser of the terminal device of the visitor to these web pages is also stored by Google. Further information is provided in Google’s data protection policy which you can reach here:
3. Sending an application
We process your personal data when you send us an application. Special categories of personal data may be contained in the application documents.
Processing of personal data
Applicant data usually comprises the following: first name and surname, any academic title, date and place of birth, contact data (address, email, telephone and/or mobile telephone number), application documents (motivational letter, curriculum vita, references), knowledge of languages, skills. We also process the data you send us by email for contacts.
We base our decisions in the application procedure on the personal data you have provided to us within the framework of statutory requirements. For example, we use your professional qualification to decide whether we will consider you in the narrower selection procedure or for a personal impression in an interview to decide whether to offer you the position you have applied for.
We process your personal data here on the following legal foundation: data processing for the decision to establish an employment relationship, Art. 88 (1) GDPR in conjunction with Section 26 (1) S. 1 German Data Protection Act (BDSG).
Processing of special personal data
In accordance with Art. 9 GDPR, special categories of personal data are personal data revealing racial or ethnic origin, political opinions, religious (e.g. religion/confession) or philosophical beliefs or trade union membership, as well as the processing of biometric data for unambiguous identification (e.g. photos), health data (e.g. information on the degree of serious disability) or details on a natural person’s sex life or sexual orientation. If your curriculum vitae contains special categories of personal data, we do not intentionally collect them. We explicitly ask you to refrain from sending us any such data.
If you voluntarily send us special categories of personal data under Art. 9 (1) GDPR as part of your application documents and contrary to our explicit request (e.g. details of your religion/confession), we store these data on the foundation of your consent in accordance with Art. 88 (1) GDPR in conjunction with Section 26 (3) S. 2 BDSG. This also applies if you send us further special personal data in the further course of the application procedure. By voluntarily providing us with these data, you state your consent to the storage of these personal data as part of the application process.
We do not in principle consider these special personal data in making a selection decision unless we are required by virtue of the law to consider these special personal data. It is, for example, possible with some vacancies for people with disability to be given preferential treatment in compliance with the law. In these cases the information is always voluntary and with your explicit consent which you send to us by voluntarily communicating these data.
We process your special personal data by virtue of the following legal foundation: in accordance with Art. 9 (1), (2 a) GDPR based on your consent in accordance with Art. 88 (1) GDPR in conjunction with Section 26 (3) S. 2 BDSG.
A few sections of our website contain links to the websites of third party providers. These websites are subject to their own data protection policies. We are not responsible for their operation including data handling. If you send information to or via such pages of third party providers, you should check the data protection policies of these sites before you send them information which can be assigned to you.
V. Categories of recipients
Firstly, only our employees receive knowledge of your personal data. In addition, we share your personal data with other recipients insofar as permitted or prescribed by law who provide services for us in connection with our website. We restrict the forwarding of your personal data to that which is necessary, in particular in order to handle your order. Our service providers also receive your personal data as contract processors and are then strictly bound by our instructions in the handling of your personal data. In some cases, the recipients act independently with your data we send to them.
In the following we set out the categories of recipients of your personal data: IT service providers in the administration and hosting of our website.
VI. Third country transfer
Within the scope of using the Google tools, we transfer your abbreviated IP address to the USA. The data transfer is based on the Commission Implementing Decision 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield.
Furthermore, we do not transfer your personal data to countries outside of the EU or of the EEA or to international organisations.
VII. Period of storage
1. Informational use of the website
For the purely informational use of our website, we store your personal data on our servers exclusively for the duration of your visit to our website. Your personal data are immediately deleted once you have left our website.
Any cookies installed by us are also usually deleted after leaving our website. You also have the possibility to erase installed cookies yourself at any time.
2. Active use of the website
Where our website is used actively, we store your personal data initially for the time it takes to answer your inquiry.
We also store your personal data until any legal claims arising from the relationship with you have become statute barred so as to use them as evidence where applicable. The period of limitation is usually between 12 and 36 months but can also be up to 30 years.
Once the limitation period has expired, we delete your personal data unless there is a statutory storage duty, for example, based on the German Commercial Code (Sections 238, 257 (4) HGB) or on the German Tax Code (Section 147 (3), 4 AO). These storage duties may be between two and ten years.
We store your personal data initially for the duration of the application process.
Where we do not give you the job, we delete your data on expiry of three months after the rejection unless you have given your consent to continue its storage. In the event of consent, we store your data up to the withdrawal of the consent but for a maximum of two years.
If your application was successful and you enter into an employment relationship with us, we refer you to our information sheet on data protection for employees which states how your data are processed.
Lengthier storage periods may also result from the fact that the data are necessary to assert, exercise and defend legal claims or if there are statutory storage duties. The data are stored for as long as this is necessary to satisfy these purposes.
VIII. Your rights as data subject
You have the following rights as data subject under the statutory conditions which you can assert against us:
Right to information: You have the right at any time pursuant to Art. 15 GDPR to obtain from us confirmation as to whether or not we process your personal data. Where this is the case, you are furthermore entitled pursuant to Art. 15 GDPR to obtain information on these personal data as well as certain other information (including the purposes of processing, the categories of personal data, the categories of recipients, envisaged storage period, origin of the data, use of automated decision making and, in the event of transfer to a third country, the appropriate safeguards) and a copy of your data.
Right to rectification: You have the right pursuant to Art. 16 GDPR to obtain from us the rectification of your personal data stored by us if they are inaccurate or faulty.
Right to erasure: You have the right under the conditions set out in Art. 17 GDPR to obtain from us the erasure of your personal data without due delay. The right to erasure does not exist if the processing of personal data is necessary for (i) the exercise of the right of freedom of expression and information, (ii) for the satisfaction of a legal duty to which we are subject (e.g. statutory storage duties) or (iii) to establish, exercise or defend legal claims.
Right to restriction of processing: You have the right under the circumstances set out in Art. 18 GDPR to obtain from us the restriction of processing your personal data.
Right to data portability: You have the right under the conditions of Art. 20 GDPR to receive from us your personal data you have provided to us is a structured, commonly used and machine-readable format.
Right to withdraw: You have the right to withdraw your consent to the processing of personal data at any time taking effect for the future.
Right to object: You have the right under the conditions of Art. 21 GDPR to object to the processing of your personal data so that we must end the processing of your personal data. The right to object only exists within the scope provided for in Art. 21 GDPR. In addition, our interest in the termination of processing may be contrary to this so that despite your objection we are entitled to process your personal data.
Right to lodge a complaint with the supervisory authority: You have the right under the circumstances of Art. 77 GDPR to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. The right to lodge a complaint exists notwithstanding any other appeal under administrative law or of the courts.
The supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(Regional officer for data protection and freedom of information of North Rhine Westphalia)
However, we recommend that you always first lodge a complaint with our data protection officer.
Your applications to exercise your rights should where possible be directed in writing to the above mentioned address or directly to our data protection officer.
IX. Extent of your duties to provide data
In principle, you are not obliged to give us your personal data. However, if you do not do so we will not be able to provide our website to you or answer any inquiries directed at us. The personal data we need for the above mentioned purposes of processing are marked by an “*” or another symbol as mandatory information.
X. Automated decision making / profiling
We do not use any automated decision making or profiling (an automated analysis of your personal circumstances).
Information on your right to object under Art. 21 GDPR
1. You have the right to object, on the grounds relating to your particular situation, at any time to the processing of your data based on Art. 6 (1 f) GDPR (Data processing on the basis of a weighing up of interests) or Art. 6 (1 e) GDPR (Data processing in the public interest). This also applies to a profiling based on this determination within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we are able to provide compelling legitimate reasons for processing which override your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.
2. We process your personal data in individual cases also for direct marketing purposes. If you do not wish to receive marketing, you have the right at any time to object to it; this also applies to profiling to the extent that it is connected with any such direct marketing. We will take this objection into consideration for the future.
We will no longer process your data for the purposes of direct marketing if you object to the processing for these purposes.
The objection can be provided without consideration of form and should be addressed where possible to the following:
MCM Klosterfrau Vertriebsgesellschaft mbH
We reserve the right to change this Data Protection Policy at any time. Any changes will be published in the form of an amended Data Protection Policy on our website. Where nothing is stated to the contrary, such changes will become effective immediately. Please therefore check this Data Protection Policy regularly so as to view the most up-to-date version.
Last updated in May 2018