Data protection
Privacy statement
The protection of your personal data is important to us. Therefore, we only process your data based on the legal provisions.The information here will describe how Institute AllergoSan Pharmazeutische Produkte Forschungs- und Vertriebs GmbH, its affiliated companies and any medical companies serviced or supported by one of the previously mentioned companies (“we”), process personal data collected from you and personal interests (“data”).
1. Processing your data
All data made available to us when you conclude a contract with us (e.g. purchase of one of our products) or send a query to us (e.g. question about a product or personal interest), will be used by us, provided there is no consent for further data processing, exclusively for the purposes required to fulfil the contract or answer your query (Art. 6 (1) (b) GDPR (General Data Protection Regulation)).
Only when you give your consent according to Art 6 (1) (a) GDPR will we use your data that have been made available by you to us with this consent for other purposes, such as sending scientific information in newsletters, etc. The exact purpose can be found in the respective declaration of consent. The consent to the processing of your personal data is given on a voluntary basis and you can refuse this consent without any negative consequences for you.You can revoke your consent at any time, but please note that any data processing which is required to fulfil contracts or legal obligations may continue to be carried out by us even after this consent is revoked. Your data may be lawfully processed by us up until your revocation has been received.
You will not experience any disadvantages by revoking your consent to the processing of your data and you will no longer be sent promotional information by us.
2. Transmission of your data to recipients
Your data will be sent with your consent to the companies affiliated with us and mentioned in your declaration of consent as well as to medical companies serviced or supported by us (as currently listed in overview of subsidiary companies and supporting medical societies). These companies may also process your data only to the extent to which you have consented.
We also outsource some data processing to external service providers. Your data will only be made accessible to these processors to the extent that is required for their service. Processors are also subject to the strict requirements of data protection law and are bound to the purposes of processing contractually specified to them by us, i.e. they may not use your data for other purposes.We make your data accessible to the following processors:IT service providers employed by us (e.g. storage space)logistics service providers (e.g. parcel services)communication service providers (e.g. fax, post)credit institutions for payment purposestax adviserslegal representatives or courts, if requiredSome of these recipients are located outside of the European Union (EU) or process your data there. We will only send your data to countries for which the EU Commission has decided that there is a suitable level of data protection comparable with the EU (“Privacy Shield”).
Your data will not be disclosed to third parties for commercial use, unless you explicitly agree to such disclosure in a separate declaration.
3. Storage duration
Your data will only be retained by us for as long as is considered reasonably necessary by us in order to fulfil the above-mentioned purposes and is permissible according to applicable law. We will store your data in any case for as long as there are legal retention periods or periods of limitation for potential legal claims have not yet lapsed.
4. Data processing when using our website
a. Storage of access data in server log files
You can visit our websites (as currently listed in overview of subsidiary companies and supporting medical societies) without providing information about yourself. We store only access data in server log files, such as the name of the requested file, date and time of retrieval, volume of data transmitted and the requesting provider. This data are evaluated only to ensure uninterrupted operation of the website and to improve our online presence and does not allow us to make conclusions about your person. These websites cannot process personal data without your active intervention. Where personal data are collected on our websites (e.g. name, address, email address), this is done on a voluntary basis and requires a form to be actively filled out and submitted. These data are used only for us to directly send information that is explicitly requested by you (the exact purpose is found in the respective declaration of consent).
b. Contact with us
If you get in touch with us using the contact form on the website or by email, the data you provided will be used exclusively for processing your request and will not be processed further without your explicit consent.
c. Cookies
Our website uses cookies. Cookies are small text files, which are stored on your end device by means of your browser. They do not cause any damage. We use cookies to make our website user-friendly and design it according to your interests. Some cookies remain stored on your end device until you delete them. They allow us to recognise your browser on your next visit. If this is not what you want, you can configure your browser so that it will inform you about the setting of cookies and you can allow this only in the specific case. The functionality of our website may be restricted if you deactivate cookies.
d. Web analysis tools
Our website uses functions of different web analysis services which are described for you below. We have concluded a corresponding contract for the data processing in each case with the providers. The data processing is carried out based on the legal provisions of Section 96 (3) TKG (German Telemedia Act) and of Art. 6 (1) (a) (consent) and/or (f) (legitimate interest) of the GDPR. Our goal in the context of the GDPR (legitimate interest) is to improve our offering and our website.
i. Google Analytics
Google Analytics is a web analysis service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies that enable our users’ use of the website to be analysed. Your IP address is collected, but immediately pseudonymised (by deleting the last 8 bit). As a result, only a rough localisation is possible. The information generated as a result is transmitted to the provider’s servers and stored there. Google uses this information on our behalf to evaluate your use of our websites and compile reports about the website activities, amongst other things. Google user data are retained for the period of 50 months. You can prevent this by configuring your browser so that cookies are not stored. You can also prevent the collection of the data (including your IP address) generated by the cookie and relating to your use of the website as well as the processing of this data by Google by downloading and installing the browser plug in available using this link: http://tools.google.com/dlpage/gaoptout?hl=de. You can find more information about Google’s terms of service and data protection at http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/.
ii. Google AdWords
We use Google AdWords, an analysis service from Google, and, as part of this, Conversion Tracking. A “conversion cookie” is stored on your end device by Google AdWords when you click on an ad published by Google. These cookies become invalid after 30 days and are not used for personal identification. If you visit certain pages of our website, Google and we can determine that you have clicked on the advert and were directed to this page. The information obtained by means of the conversion cookies is used to generate statistics which indicate to us the total number of users who have clicked on the ads published by Google and have retrieved a page provided with a conversion tracking tag.
In addition to conversion tracking, we also use the functions of remarketing, target groups with common interests, user-defined target groups with common interests, ready-to-buy target groups, similar target groups, and demographic and geographic targeting.
Using Google’s remarketing function, we reach users who have already visited our website and can display our adverts according to their interests. Google AdWords also determines the common interests and characteristics of the users of our website based on user behaviour on websites in Google’s ad network (display network) in the last 30 days and using the context-based search engine. Based on this information, AdWords then finds potential new customers for marketing purposes, whose interests and characteristics are similar to those of the users of our website.
You can find further information on the Google AdWords’ terms of service and data privacy at http://www.google.de/policies/technologies/ads/.
iii. Hotjar
We use the software, Hotjar (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe) to improve the user experience on our websites. We can measure and evaluate user behaviour (mouse movements, clicks, depth of scrolling, etc.) on our websites by means of Hotjar. To this end, Hotjar sets cookies on the users’ end devices and can store user data such as e.g. browser information, operating system, time spent on the page etc. You can find further information about Hotjar’s data processing at www.hotjar.com/privacy.
iV. HubSpot
We also use the service, HubSpot for various reasons. HubSpot is a US software company with a branch office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500. HubSpot is an integrated software solution that allows us to cover different aspects of our online marketing. These include: Email marketing, social media publishing & reporting, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms.
Our registration service allows visitors to our website to learn more about our company, download content and make their contact information and other demographic information available. This information and the content of our website will be stored on servers of our software partner, HubSpot. They may be used by us to get in contact with visitors of our website and to determine which of our company’s services are of interest to them. All information collected by us is subject to this privacy policy. We use all information collected exclusively to optimise our marketing measures.
More information about the HubSpot privacy policies: https://legal.hubspot.com/privacy-policy?__hstc=126461458.d172fb6ce77416dc0204e0edccefeb00.1619080587812.1619080587812.1619080587812.1&__hssc=126461458.1.1619080587813&__hsfp=3707404404
More information from HubSpot about the EU privacy policies: https://legal.hubspot.com/data-privacy?__hstc=126461458.d172fb6ce77416dc0204e0edccefeb00.1619080587812.1619080587812.1619080587812.1&__hssc=126461458.1.1619080587813&__hsfp=3707404404
You can find more information about the cookies used by HubSpot at: https://knowledge.hubspot.com/articles/kcs_article/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser?__hstc=126461458.d172fb6ce77416dc0204e0edccefeb00.1619080587812.1619080587812.1619080587812.1&__hssc=126461458.1.1619080587813&__hsfp=3707404404
The following data in particular may be collected and processed by HubSpot as part of the effort to optimise our marketing measures:
- Geographic position
- Browser type
- Navigation information
- Referrer URL
- Performance data
- Information about the use of the application
- Mobile app data
- Registration information for the HubSpot subscription service
- Files displayed locally
- Domain name
- Pages viewed
- Aggregated use Version of the operating system
- Internet service provider
- IP address
- Device identifier
- Duration of visit
- Where the application was downloaded from
- Operating system
- Events that occur within the application
- Times of access
- Click stream data
- Device model and version
We will also use HubSpot in the future to provide contact forms. We use the HubSpot service to make online forms available to you. To do this, we share your data with HubSpot who processes the data exclusively on our behalf. Please see the corresponding HubSpot privacy statement. Please note here: If you contact us using contact forms, personal data may be sent to service providers in third-party countries. The security of the transmission is generally safeguarded using standard data protection clauses which ensure that the processing of personal data is subject to a level of security corresponding to that of the GDPR. If the standard data protection clauses are an insufficient guarantee to establish an adequate level of security, your acknowledgement of the privacy statement as part of the contact forms is considered consent in the context of Art 49 (1) (a) GDPR which justifies a data transfer to third-party countries.
If you would prefer that the mentioned data was not collected and processed by HubSpot, you can refuse your consent or revoke it at any time with effect for the future. The personal data will be stored for as long as they are required to fulfil the purpose of processing. The data will be deleted as soon as they are no longer required to achieve the purpose.
V. Active Campaign
We also use the ActiveCampaign service for various purposes. ActiveCampaign is a software company from the USA with a branch in Ireland. Contact: ActiveCampaign, Inc, 1 N Dearborn St, 5th Floor, Chicago, Illinois 60602, US. ActiveCampaign is an integrated software solution that we use to cover various aspects of our online marketing. These include: Email marketing, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms.
Our sign-up service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information, as well as our website content, is stored on servers operated by our software partner ActiveCampaign. It may be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected solely to optimise our marketing activities.
More information about ActiveCampaign’s privacy policy: https://www.ActiveCampaign.com/legal/privacy-policy
More information from ActiveCampaign regarding EU data protection regulations: https://www.ActiveCampaign.com/legal/gdpr-updates/privacy-shield
More information about the cookies used by ActiveCampaign can be found here: https://www.ActiveCampaign.com/legal/cookie-policy
As part of the optimisation of our marketing measures, the following data in particular may be collected and processed via ActiveCampaign:
Geographical position
- Browser type
- Navigation information
- Referral URL
- Performance data
- Application usage information
- Mobile apps data
- ActiveCampaign subscription service credentials
- Files displayed on site
- Domain names
- Pages viewed
- Aggregated usage
- Operating system version
- Internet service provider
- IP address
- Device identifier
- Duration of visit
- Where the application was downloaded from
- Operating system
- Events that occur within the application
- Access times
- Clickstream data
- Device model and version
In addition, we will also use ActiveCampaign in the future to provide contact forms. In doing so, we use the ActiveCampaign service to provide you with online forms. For this purpose, we forward your data to ActiveCampaign, which processes the data exclusively on our behalf. See the corresponding data protection declaration for “ActiveCampaign”. Please note in this context: If you contact us via contact forms, personal data may be transferred to service providers in third countries. The security of the transmission is regularly ensured by so-called standard data protection clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard data protection clauses are not sufficient as a guarantee to establish an adequate level of security, your acknowledgement of the data protection declaration within the framework of the contact forms is deemed to be consent within the meaning of Art. 49 (1) lit a DSGVO, which justifies a data transfer to third countries.
If you do not wish the aforementioned data to be collected and processed via ActiveCampaign, you can refuse your consent or revoke it at any time with effect in the future. The personal data will be kept for as long as it is necessary to fulfil the purpose of the processing. The data will be deleted as soon as they are no longer required to achieve the purpose.
VII. TikTok
We use the “TikTok pixel” from the provider TikTok (for EU: TikTok Information Technologies UK Limited, Aviation House, 125 Kingsway Holborn, London, WC2B 6NH) on our website.
This is a code which we have implemented on our site. This code is used to connect to TikTok servers when you visit our website, if you give explicit consent, in order to track your behaviour on our website. For example, when you purchase a product on our website, the TikTok pixel is triggered and stores your actions on our website in one or more cookies. You have the option to withdraw your consent at any time with future effect.
Personal data such as your IP address, email address and other information such as device ID, device type and operating system may also be transferred to TikTok. TikTok uses email or other login or device information to identify users of our website and associate their actions with a TikTok user account.
TikTok uses this data to display targeted and personalised advertising to its users and to create interest-based user profiles. The data collected is anonymous and not visible to us and is only used to measure the effectiveness of ad placements.
TikTok also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may entail various risks for the lawfulness and security of the data processing.
As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, TikTok uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Through these clauses, TikTok undertakes to adequately comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en
TikTok’s privacy policy can be found here: https://www.tiktok.com/legal/page/eea/new-privacy-policy/en
e. Newsletter
You have the possibility to subscribe to our newsletter via our website. If you register for our newsletter, we will use the data required for this purpose or separately provided by you to regularly send you our email newsletter based on your consent pursuant to Art. 6 para. 1 p. 1 lit. GDPR.
Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
5. Your rights with regards to your data
According to applicable data privacy law, you are entitled, amongst other things, (subject to the conditions of the applicable law),
to request information about whether and which data we have stored about you and to receive copies of said data, to request that your data, which is inaccurate or incomplete or not processed in accordance with the law, be rectified or supplemented, to request the deletion of your data if there is no legally recognised basis opposing deletion (legal retention periods), to request that we restrict the processing of your data subject to the following conditions:
- You dispute the accuracy of your personal data,
- Instead of deletion of unlawfully processed data, you request that their use be restricted,
- You require processed data to assert, exercise or defend legal claims,
- When exercising the right to object, for the duration of the clarification of whether legitimate reasons necessitate further data processing, under certain circumstances, to object to the processing of your data or to revoke the consent previously given for the processing (the lawfulness of data processing carried out by us up to your revocation will not be affected as a result), to request transfer of data, to know the identity of third parties to whom your data is sent and to lodge complaints with the competent data protection authorities.
6. Our contact details
If you have questions about the processing of your data or you want to exercise your rights as data subject, please contact us:
Institut AllergoSanPharmazeutische Produkte Forschungs- und Vertriebs GmbH
Gmeinstraße 13
8055 Graz
Email: datenschutz@allergosan.at
In the case of requests for information, we ask that you also send a copy of a valid photo ID for the purposes of identification.
