Privacy policy


Introduction 

This privacy statement is intended to provide transparency regarding Fagron's position on data protection and the processing of personal data. We want to demonstrate that Fagron handles personal data with care and processes it in accordance with applicable legislation, such as the General Data Protection Regulation (GDPR). Our strategy focuses on optimising and innovating individual pharmaceutical care in order to expand the therapeutic spectrum for prescribing physicians around the world. As the international market leader in the manufacture of pharmaceutical formulations, we promote the unique selling point of individual medication and improve the quality of life of patients. It is our mission to remain the leading manufacturer of formulations in the future, and our confidence in this will lead us to success. "The customer is number one" – this statement is very important to Fagron, and therefore acting in the customer's best interests is our top priority. This also applies to the processing of personal data. "Transparency" is one of the rules of the Fagron family, which is applied in this privacy statement. Our aim is to explain the processing of personal data in a clear and understandable way.

Fagron processes personal data from the following groups of people (hereinafter also referred to as "data subjects"):

• Customers
• Suppliers
• Users of the website and web shop
 • Website visitors; • Visitors
 • Employees & applicants who are not covered by this privacy policy.

Processing activities

1. Customers What types of personal data do we process? Fagron serves various customer groups in the pharmaceutical industry, including pharmacies, hospitals and clinics. We process certain personal data of the professionals who represent our customers.

Fagron processes the following data from customers:

• Name 
• Contact details (e-mail address, telephone number) 
• Job titl

For what purpose is the data processed? 
Fagron processes personal data from customers for the following purposes: 
• to provide our customers with a suitable order processing system; 
• to provide our customers with the best possible service.

What are the legal requirements for processing? 
 • Legal obligation 
 We are legally obliged to process certain types of personal data in accordance with applicable pharmaceutical laws and regulations, such as GxP guidelines. We are generally obliged to know our customers and keep records of who receives our products. In doing so, we only store minimally confidential data such as names, telephone numbers and email addresses in our systems. 
• Contract We also need to store this personal data in order to fulfil the purchase contracts with our customers.

How long is the data stored?
Fagron stores the data in accordance with the applicable statutory retention period or for as long as necessary for the purpose of processing.

2. Suppliers
What types of personal data do we process? 
Fagron processes the following data from suppliers:

• Name 
• Contact details (e-mail address, telephone number) 
• Job titl

For what purpose is the data processed? 
Fagron processes the personal data of suppliers for the following purposes:

• to ensure the correct processing of orders;
• to fulfil contractual obligations

What are the legal requirements for processing?
• Contract
Fagron must process personal data in order to fulfil its contractual obligations towards its suppliers.

How long will the data be stored? 
Fagron stores data in accordance with the applicable statutory retention period or for as long as necessary for the purposes of processing.

3. Users of the website and web shop
 What types of personal data do we process?
 Fagron processes the following data from users of the website who have an account:

Name

Email address

Occupation

Online behaviour on our website


For what purpose is the data processed?
Fagron processes the online behaviour of visitors to the website for the purpose of maintaining and improving the website.
 
 4. What are the legal requirements for processing?

Legitimate interest
Fagron has a legitimate interest in processing personal data for marketing and communication purposes. We will always balance our legitimate interest with the interests of the data subject to determine the impact of the processing. We will ensure that we respect the rights of the data subject and inform them in an easily accessible format about the possibility of objecting to the processing.

How long is the data retained?
 Fagron will retain the data in accordance with the applicable statutory retention period or for as long as necessary for the purposes of processing.


 
 5. Visitors
 What types of personal data do we process?
Fagron processes the following data from visitors to our facilities:

Name

Contact


For what purpose is the data processed?
Fagron processes the personal data of visitors for the following purposes:

to ensure security at our pharmaceutical production facilities;

to identify individuals in the event of misconduct.


How long will the data be stored?
Fagron stores data in accordance with the applicable statutory retention period or for as long as necessary for the purposes of processing. 
 
Security measures
Fagron protects your personal data from unauthorised access, use or disclosure. Fagron protects your personal information that you provide on computer servers in a controlled and secure environment. When transferring to other websites, personal data is protected by the Secure Socket Layer (SSL) encryption protocol, which encrypts and obscures all confidential information before it is sent.
 In addition to our standard processes and procedures, technical and functional checks and official audits by independent third parties are carried out regularly to identify risks relating to our global IT and data landscape in a timely manner. All information, data and traffic is always encrypted by default.
 
 Data transfers
1. External processors
 Fagron employs external processors for a range of support activities. We only work with processors who provide sufficient guarantees for appropriate technical and organisational security measures. The processing of personal data by a processor is always based on a processing agreement.
 
2. Transfer to third parties
 Fagron transfers personal data to external third parties under certain conditions. This only happens if the data subject has a legitimate expectation that Fagron will do so. This includes, for example, legal obligations to disclose personal data to authorities.
 
 3. Our role as data controller
When Fagron processes personal data in connection with a purchase agreement with our customers, we do not process personal data in the interests of our customers. We process personal data in our own interests as a data processor. This means that we comply with the applicable data protection laws and regulations when processing our customers' personal data on our own responsibility . For this reason, no processing agreement between Fagron and its customers is required.
 
 Customers can expect Fagron to process any personal data with the utmost care and to adequately secure our systems to protect their privacy.
 
4. META PIXEL (FORMERLY FACEBOOK PIXEL)
 
This website uses Facebook/Meta visitor action pixels to measure conversions. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the United States and other third countries.
 
This allows the behaviour of page visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook advertisement. This allows the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimised.
 
The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Use Policy (https://de-de.facebook.com/about/privacy/). This enables Facebook to place advertisements on Facebook pages and outside of Facebook. As the website operator, we have no influence on this use of the data.
 
The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG. Consent can be revoked at any time.
 
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The processing by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert your rights as a data subject (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your rights as a data subject with us, we are obliged to forward them to Facebook.
 

 Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
 
You can find further information on the protection of your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.
 
You can also deactivate the "Custom Audiences" remarketing function in the ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . To do this, you must be logged in to Facebook.
 
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
 
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
 
 Rights of data subjects
 
1. Right to information
Every data subject has the right to obtain information about the personal data that Fagron processes. Upon request, we will provide you with a copy of the information about your personal data that we process. We intend to comply with such a request within one month of receipt, but may extend this period by two months in complex cases. In this case, we will inform you of the reasons for the delay. Fagron reserves the right to charge a reasonable fee in the event of an excessive request.
 
2. Right to rectification
You may request the rectification of your personal data if this information is incorrect. Fagron intends to comply with the request within one month of receipt, but may extend this period by two months in complex situations. In this case, we will inform you of the reasons for the delay. We will inform the recipients of personal data of any rectifications, if applicable.
 
3. Right to be forgotten
You have the right to request that Fagron erase your personal data if one of the following reasons applies:

the purpose of the processing no longer applies;

You have withdrawn your consent;

You object to the processing;

the processing is unlawful;

the erasure of your personal data is required by law;

Fagron reserves the right to restrict the right to be forgotten in the following cases:

Fagron is legally obliged to process your personal data;

the processing is necessary for the establishment, exercise or defence of legal claims;

the processing is necessary to ensure the high standards of our medical products;

the right to erasure is manifestly unfounded or disproportionate.

Fagron intends to comply with your request within one month of receipt. We may extend this period by two months in complex situations. In this case, we will inform the data subject of the reasons for the delay. If we object to your request for erasure, we will inform you promptly of the reasons for our decision and your rights in this matter.
 
4. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:

Your personal data is inaccurate;

You have objected to the processing and Fagron is considering whether Fagron's legitimate reasons outweigh yours;

the processing is unlawful;

Fagron no longer needs your personal data, but you need the data to assert, exercise or defend legal claims.

Fagron will inform you in a timely manner of the method used to restrict the processing of your personal data. Fagron may reject your request if it is manifestly unfounded or disproportionate. We intend to comply with your request within one month of receipt.
 We may extend this period by two months in complex situations. We will always inform you of the reasons for the delay or refusal and your rights in this matter.
 
5. Right to data portability

 Under certain circumstances, you have the right to data portability. This means that you have the right to receive your personal data and reuse it across other services. This means that you must receive your personal data in an easily accessible format so that the personal data can be moved/copied/transferred from one IT environment to another. This must be done in a secure manner.
 
The right to data portability only applies in the following circumstances:

the personal data is provided to Fagron by an individual;

the processing is based on the consent of the individual; or

is carried out for the performance of a contract;

the processing is carried out by automated means.

We intend to comply with your request within one month of receipt. We may extend this period by two months in complex situations. We will always inform you of the reasons for the delay and your rights in this matter.


  
 6. Right to object
 You may object to the processing of your personal data on grounds relating to your particular situation. This also applies in the following circumstances:

the processing is based on the legitimate interests of Fagron;

Fagron processes your personal data for direct marketing purposes;

Fagron is not obliged to comply with the right to object if the processing is not for direct marketing purposes and if:

Fagron has legitimate reasons that outweigh yours;

Fagron needs to process your personal data to assert, exercise or defend legal claims.

Fagron is committed to protecting your privacy and uses technologies that enable you to have a powerful and secure online experience. Fagron uses cookies to improve the usability of the website.
 
What are cookies?

Cookies are small text files. When you visit the Fagron website, these small text files are temporarily stored on your computer. Cookies are used to record the preferences of website visitors and to improve the user experience. For example, they show which web pages are visited and how visitors move from one web page to another. Cookies also record how many people visit a web page and how long they stay on that page. Fagron uses this information to optimise its website.
 
Are cookies safe?

Cookies are safe. They do not store any personal data or other confidential information relating to individuals. Furthermore, it is not possible to use cookies to track personal data or to send spam or other unwanted emails.
 
 How do I change my cookie settings?


You can specify in your browser settings how websites should handle cookies on your computer. For example, you can define your settings as follows:

ask for notification when a website wants to place a cookie;

reject third-party cookies;

Delete cookies;


Google Tag Manager
 
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
 
Google Tag Manager is a tool that helps us integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies or perform independent analyses. It is used solely to manage and display the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.
 
The use of Google Tag Manager is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
 
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 
 
 
Google Analytics


This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
 
Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data is assigned to the user's respective end device. It is not assigned to a user ID.
 
Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the data sets collected and uses machine learning technologies in data analysis.
 
Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
 
The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
 
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/ (https://privacy.google.com/businesses/controllerterms/mccs/).
 
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 
  
IP anonymisation
 
Google Analytics IP anonymisation is enabled. This means that your IP address is truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
 
Browser plugin
 
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de (https://tools.google.com/dlpage/gaoptout?hl=de).
 
For more information on how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de (https://support.google.com/analytics/answer/6004245?hl=de).
 
Order processing
 
We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
 
Demographic characteristics in Google Analytics
 
This website uses the "demographic characteristics" function of Google Analytics to display relevant advertisements to website visitors within the Google advertising network. This allows reports to be created that contain information about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be attributed to any specific individual. You can disable this feature at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section "Objection to data collection".
 
Google Analytics e-commerce tracking
 
This website uses the "e-commerce tracking" function of Google Analytics. With the help of e-commerce tracking, the website operator can analyse the purchasing behaviour of website visitors in order to improve its online marketing campaigns. This involves collecting information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device.
 
Storage period
 
Data stored by Google at user and event level that is linked to cookies, user IDs (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. Details can be found at the following link: https://support.google.com/analytics/answer/7667196?hl=de
 
Google Ads
 
The website operator uses Google Ads. Google Ads is an online advertising programme from Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
 
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available to Google (e.g. location data and interests) (target group targeting). As website operators, we can evaluate this data quantitatively, for example by analysing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
 
The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
 
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks (https://policies.google.com/privacy/frameworks) and https://business.safety.google/controllerterms/ (https://business.safety.google/controllerterms/).
 
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 (https://www.dataprivacyframework. gov/participant/5780).
 
Google Conversion Tracking
 
This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
 
With the help of Google Conversion Tracking, Google and we can recognise whether the user has performed certain actions. For example, we can evaluate which buttons on our website are clicked how often and which products are viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification.
 
The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
 
For more information about Google Conversion Tracking, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=de (https://policies.google.com/privacy?hl=de).
 
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 (https://www.dataprivacyframework.gov/participant/5780).
 
 
Contact details
For further information, questions and/or complaints regarding this privacy policy or the processing of personal data by Fagron, please contact the data protection officer using the following contact details:
 
 Fagron GmbH
 Data Protection Officer
 Wilhelm-Bergner-Straße 11 g
 21509 Glinde
 Email: privacy@fagron.de
 
 

 






Privacy policy


Introduction 

This privacy statement is intended to provide transparency regarding Fagron's position on data protection and the processing of personal data. We want to demonstrate that Fagron handles personal data with care and processes it in accordance with applicable legislation, such as the General Data Protection Regulation (GDPR). Our strategy focuses on optimising and innovating individual pharmaceutical care in order to expand the therapeutic spectrum for prescribing physicians around the world. As the international market leader in the manufacture of pharmaceutical formulations, we promote the unique selling point of individual medication and improve the quality of life of patients. It is our mission to remain the leading manufacturer of formulations in the future, and our confidence in this will lead us to success. "The customer is number one" – this statement is very important to Fagron, and therefore acting in the customer's best interests is our top priority. This also applies to the processing of personal data. "Transparency" is one of the rules of the Fagron family, which is applied in this privacy statement. Our aim is to explain the processing of personal data in a clear and understandable way.

Fagron processes personal data from the following groups of people (hereinafter also referred to as "data subjects"):

• Customers
• Suppliers
• Users of the website and web shop
 • Website visitors; • Visitors
 • Employees & applicants who are not covered by this privacy policy.

Processing activities

1. Customers What types of personal data do we process? Fagron serves various customer groups in the pharmaceutical industry, including pharmacies, hospitals and clinics. We process certain personal data of the professionals who represent our customers.

Fagron processes the following data from customers:

• Name 
• Contact details (e-mail address, telephone number) 
• Job titl

For what purpose is the data processed? 
Fagron processes personal data from customers for the following purposes: 
• to provide our customers with a suitable order processing system; 
• to provide our customers with the best possible service.

What are the legal requirements for processing? 
 • Legal obligation 
 We are legally obliged to process certain types of personal data in accordance with applicable pharmaceutical laws and regulations, such as GxP guidelines. We are generally obliged to know our customers and keep records of who receives our products. In doing so, we only store minimally confidential data such as names, telephone numbers and email addresses in our systems. 
• Contract We also need to store this personal data in order to fulfil the purchase contracts with our customers.

How long is the data stored?
Fagron stores the data in accordance with the applicable statutory retention period or for as long as necessary for the purpose of processing.

2. Suppliers
What types of personal data do we process? 
Fagron processes the following data from suppliers:

• Name 
• Contact details (e-mail address, telephone number) 
• Job titl

For what purpose is the data processed? 
Fagron processes the personal data of suppliers for the following purposes:

• to ensure the correct processing of orders;
• to fulfil contractual obligations

What are the legal requirements for processing?
• Contract
Fagron must process personal data in order to fulfil its contractual obligations towards its suppliers.

How long will the data be stored? 
Fagron stores data in accordance with the applicable statutory retention period or for as long as necessary for the purposes of processing.

3. Users of the website and web shop
 What types of personal data do we process?
 Fagron processes the following data from users of the website who have an account:

Name

Email address

Occupation

Online behaviour on our website


For what purpose is the data processed?
Fagron processes the online behaviour of visitors to the website for the purpose of maintaining and improving the website.
 
 4. What are the legal requirements for processing?

Legitimate interest
Fagron has a legitimate interest in processing personal data for marketing and communication purposes. We will always balance our legitimate interest with the interests of the data subject to determine the impact of the processing. We will ensure that we respect the rights of the data subject and inform them in an easily accessible format about the possibility of objecting to the processing.

How long is the data retained?
 Fagron will retain the data in accordance with the applicable statutory retention period or for as long as necessary for the purposes of processing.


 
 5. Visitors
 What types of personal data do we process?
Fagron processes the following data from visitors to our facilities:

Name

Contact


For what purpose is the data processed?
Fagron processes the personal data of visitors for the following purposes:

to ensure security at our pharmaceutical production facilities;

to identify individuals in the event of misconduct.


How long will the data be stored?
Fagron stores data in accordance with the applicable statutory retention period or for as long as necessary for the purposes of processing. 
 
Security measures
Fagron protects your personal data from unauthorised access, use or disclosure. Fagron protects your personal information that you provide on computer servers in a controlled and secure environment. When transferring to other websites, personal data is protected by the Secure Socket Layer (SSL) encryption protocol, which encrypts and obscures all confidential information before it is sent.
 In addition to our standard processes and procedures, technical and functional checks and official audits by independent third parties are carried out regularly to identify risks relating to our global IT and data landscape in a timely manner. All information, data and traffic is always encrypted by default.
 
 Data transfers
1. External processors
 Fagron employs external processors for a range of support activities. We only work with processors who provide sufficient guarantees for appropriate technical and organisational security measures. The processing of personal data by a processor is always based on a processing agreement.
 
2. Transfer to third parties
 Fagron transfers personal data to external third parties under certain conditions. This only happens if the data subject has a legitimate expectation that Fagron will do so. This includes, for example, legal obligations to disclose personal data to authorities.
 
 3. Our role as data controller
When Fagron processes personal data in connection with a purchase agreement with our customers, we do not process personal data in the interests of our customers. We process personal data in our own interests as a data processor. This means that we comply with the applicable data protection laws and regulations when processing our customers' personal data on our own responsibility . For this reason, no processing agreement between Fagron and its customers is required.
 
 Customers can expect Fagron to process any personal data with the utmost care and to adequately secure our systems to protect their privacy.
 
4. META PIXEL (FORMERLY FACEBOOK PIXEL)
 
This website uses Facebook/Meta visitor action pixels to measure conversions. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the United States and other third countries.
 
This allows the behaviour of page visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook advertisement. This allows the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimised.
 
The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Use Policy (https://de-de.facebook.com/about/privacy/). This enables Facebook to place advertisements on Facebook pages and outside of Facebook. As the website operator, we have no influence on this use of the data.
 
The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG. Consent can be revoked at any time.
 
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The processing by Facebook after the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert your rights as a data subject (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your rights as a data subject with us, we are obliged to forward them to Facebook.
 

 Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
 
You can find further information on the protection of your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.
 
You can also deactivate the "Custom Audiences" remarketing function in the ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . To do this, you must be logged in to Facebook.
 
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
 
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
 
 Rights of data subjects
 
1. Right to information
Every data subject has the right to obtain information about the personal data that Fagron processes. Upon request, we will provide you with a copy of the information about your personal data that we process. We intend to comply with such a request within one month of receipt, but may extend this period by two months in complex cases. In this case, we will inform you of the reasons for the delay. Fagron reserves the right to charge a reasonable fee in the event of an excessive request.
 
2. Right to rectification
You may request the rectification of your personal data if this information is incorrect. Fagron intends to comply with the request within one month of receipt, but may extend this period by two months in complex situations. In this case, we will inform you of the reasons for the delay. We will inform the recipients of personal data of any rectifications, if applicable.
 
3. Right to be forgotten
You have the right to request that Fagron erase your personal data if one of the following reasons applies:

the purpose of the processing no longer applies;

You have withdrawn your consent;

You object to the processing;

the processing is unlawful;

the erasure of your personal data is required by law;

Fagron reserves the right to restrict the right to be forgotten in the following cases:

Fagron is legally obliged to process your personal data;

the processing is necessary for the establishment, exercise or defence of legal claims;

the processing is necessary to ensure the high standards of our medical products;

the right to erasure is manifestly unfounded or disproportionate.

Fagron intends to comply with your request within one month of receipt. We may extend this period by two months in complex situations. In this case, we will inform the data subject of the reasons for the delay. If we object to your request for erasure, we will inform you promptly of the reasons for our decision and your rights in this matter.
 
4. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:

Your personal data is inaccurate;

You have objected to the processing and Fagron is considering whether Fagron's legitimate reasons outweigh yours;

the processing is unlawful;

Fagron no longer needs your personal data, but you need the data to assert, exercise or defend legal claims.

Fagron will inform you in a timely manner of the method used to restrict the processing of your personal data. Fagron may reject your request if it is manifestly unfounded or disproportionate. We intend to comply with your request within one month of receipt.
 We may extend this period by two months in complex situations. We will always inform you of the reasons for the delay or refusal and your rights in this matter.
 
5. Right to data portability

 Under certain circumstances, you have the right to data portability. This means that you have the right to receive your personal data and reuse it across other services. This means that you must receive your personal data in an easily accessible format so that the personal data can be moved/copied/transferred from one IT environment to another. This must be done in a secure manner.
 
The right to data portability only applies in the following circumstances:

the personal data is provided to Fagron by an individual;

the processing is based on the consent of the individual; or

is carried out for the performance of a contract;

the processing is carried out by automated means.

We intend to comply with your request within one month of receipt. We may extend this period by two months in complex situations. We will always inform you of the reasons for the delay and your rights in this matter.


  
 6. Right to object
 You may object to the processing of your personal data on grounds relating to your particular situation. This also applies in the following circumstances:

the processing is based on the legitimate interests of Fagron;

Fagron processes your personal data for direct marketing purposes;

Fagron is not obliged to comply with the right to object if the processing is not for direct marketing purposes and if:

Fagron has legitimate reasons that outweigh yours;

Fagron needs to process your personal data to assert, exercise or defend legal claims.

Fagron is committed to protecting your privacy and uses technologies that enable you to have a powerful and secure online experience. Fagron uses cookies to improve the usability of the website.
 
What are cookies?

Cookies are small text files. When you visit the Fagron website, these small text files are temporarily stored on your computer. Cookies are used to record the preferences of website visitors and to improve the user experience. For example, they show which web pages are visited and how visitors move from one web page to another. Cookies also record how many people visit a web page and how long they stay on that page. Fagron uses this information to optimise its website.
 
Are cookies safe?

Cookies are safe. They do not store any personal data or other confidential information relating to individuals. Furthermore, it is not possible to use cookies to track personal data or to send spam or other unwanted emails.
 
 How do I change my cookie settings?


You can specify in your browser settings how websites should handle cookies on your computer. For example, you can define your settings as follows:

ask for notification when a website wants to place a cookie;

reject third-party cookies;

Delete cookies;


Google Tag Manager
 
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
 
Google Tag Manager is a tool that helps us integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies or perform independent analyses. It is used solely to manage and display the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.
 
The use of Google Tag Manager is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
 
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 
 
 
Google Analytics


This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
 
Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data is assigned to the user's respective end device. It is not assigned to a user ID.
 
Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the data sets collected and uses machine learning technologies in data analysis.
 
Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
 
The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
 
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/ (https://privacy.google.com/businesses/controllerterms/mccs/).
 
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 
  
IP anonymisation
 
Google Analytics IP anonymisation is enabled. This means that your IP address is truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
 
Browser plugin
 
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de (https://tools.google.com/dlpage/gaoptout?hl=de).
 
For more information on how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de (https://support.google.com/analytics/answer/6004245?hl=de).
 
Order processing
 
We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
 
Demographic characteristics in Google Analytics
 
This website uses the "demographic characteristics" function of Google Analytics to display relevant advertisements to website visitors within the Google advertising network. This allows reports to be created that contain information about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be attributed to any specific individual. You can disable this feature at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section "Objection to data collection".
 
Google Analytics e-commerce tracking
 
This website uses the "e-commerce tracking" function of Google Analytics. With the help of e-commerce tracking, the website operator can analyse the purchasing behaviour of website visitors in order to improve its online marketing campaigns. This involves collecting information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product. This data can be summarised by Google under a transaction ID that is assigned to the respective user or their device.
 
Storage period
 
Data stored by Google at user and event level that is linked to cookies, user IDs (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. Details can be found at the following link: https://support.google.com/analytics/answer/7667196?hl=de
 
Google Ads
 
The website operator uses Google Ads. Google Ads is an online advertising programme from Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
 
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available to Google (e.g. location data and interests) (target group targeting). As website operators, we can evaluate this data quantitatively, for example by analysing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
 
The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
 
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks (https://policies.google.com/privacy/frameworks) and https://business.safety.google/controllerterms/ (https://business.safety.google/controllerterms/).
 
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 (https://www.dataprivacyframework. gov/participant/5780).
 
Google Conversion Tracking
 
This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
 
With the help of Google Conversion Tracking, Google and we can recognise whether the user has performed certain actions. For example, we can evaluate which buttons on our website are clicked how often and which products are viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification.
 
The use of this service is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
 
For more information about Google Conversion Tracking, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=de (https://policies.google.com/privacy?hl=de).
 
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780 (https://www.dataprivacyframework.gov/participant/5780).
 
 
Contact details
For further information, questions and/or complaints regarding this privacy policy or the processing of personal data by Fagron, please contact the data protection officer using the following contact details:
 
 Fagron GmbH
 Data Protection Officer
 Wilhelm-Bergner-Straße 11 g
 21509 Glinde
 Email: privacy@fagron.de
 
 

Â