Privacy Policy

Data Privacy Policy

Responsible handling of personal data is of high priority for us. Through this privacy policy, we would like to inform you about the type, scope, and purpose of the personal data we collect, use, and process, as well as to inform data subjects about their rights. We process your personal data in compliance with the General Data Protection Regulation (GDPR) and in accordance with the applicable country-specific data protection regulations (BDSG, TMG). However, absolute protection cannot be guaranteed as internet-based data transmission can have security vulnerabilities.

We reserve the right to occasionally update this privacy policy to comply with the current legal requirements or to implement changes in our services.

I. Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection regulations, is:


medpharm networks GmbH
Birkenwaldstr. 44
70191 Stuttgart

Telephone: 0711 2582 0
Fax: 0711 2582 290
info@medpharm-networks.de
Website: www.medpharm-networks.de
Managing Directors: Dr. Benjamin Wessinger, Leonie Haas-Rotta, Thomas Koch und Nils Wörner

II. Contact Details of the Data Protection Officer
We have appointed a data protection officer to whom any data subject can directly address all questions and suggestions regarding data protection. You can reach them via postal mail at the address of our company mentioned above, with the addition “Attn: Data Protection Officer,” or by email at datenschutz@dav-medien.de.

III. General Information on Data Processing Scope of Processing Personal Data

  1. Scope of Processing Personal Data We generally process personal data of our users only to the extent necessary for providing a functional website and our content and services. The processing of personal data of our users regularly occurs only after the user’s consent. An exception applies in such cases where prior consent cannot be obtained for factual reasons and processing of data is permitted by legal regulations.
  2. Legal Basis for Processing Personal Data If we obtain the data subject’s consent for processing personal data, Article 6(1)(a) GDPR serves as the legal basis. For processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required for pre-contractual measures. If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis. If processing is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis. If processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not override the first-mentioned interests, Article 6(1)(f) GDPR serves as the legal basis for processing.
  3. Data Erasure and Storage Duration Personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to exist. Storage may continue if provided for by European or national lawmakers in EU regulations, laws, or other provisions to which the data controller is subject. Data will also be blocked or deleted if a storage period prescribed by the above standards expires, unless continued storage is necessary for concluding or fulfilling a contract.
  4. Data Disclosure If we disclose data to other individuals and companies (contract processors or third parties) as part of our processing, transmit it to them, or otherwise grant them access to the data, this will only occur on the basis of a legal permission, our legitimate interests, or your consent. In such cases, data processing is carried out by a service provider bound by instructions, who is obligated to comply with the data protection requirements, and who is not allowed to use the data for other purposes. If we engage third parties to process data based on a so-called “data processing agreement,” this is done based on Article 28 GDPR.

If data is processed in a third country within the framework of using third-party services or if data is disclosed or transmitted to other persons or companies in a third country, this will only occur if it is necessary to fulfill our (pre-)contractual obligations, a legal obligation, or based on our legitimate interests or your consent. Subject to legal or contractual permissions, we will process or have the data processed in a third country only if the special conditions of Articles 44 et seq. GDPR are met. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of an appropriate data protection level (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

IV. Provision of the Website and Creation of Log Files

  1. Description and Scope of Data Processing
    Each time our website is accessed, our system automatically collects data and information from the requesting computer’s system. The following data is collected:
    • Information about the browser type and version
    • The user’s operating system
    • The internet service provider of the user
    • The user’s IP address
    • Date and time of access
    • Websites from which the user’s system accesses our website
    • Websites accessed by the user’s system through our website
    The data is also stored in the log files of our system. Storage of this data together with other personal data of the user does not occur.
  2. Legal Basis for Data Processing
    The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.
  3. Purpose of Data Processing
    The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. Furthermore, the data is used for website optimization and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also represent our legitimate interest in data processing under Art. 6(1)(f) GDPR.
  4. Duration of Storage
    The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of data collection for providing the website, this is the case when the respective session is ended. In the case of storing data in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of users will be deleted or obscured, so that assignment to the requesting client is no longer possible.
  5. Objection and Removal Option
    The collection of data for providing the website and the storage of data in log files are mandatory for the operation of the website. Therefore, there is no option for the user to object.

V. Wordfence

  1. Description and Scope of Data Processing
    We have integrated Wordfence on this website. The provider is Defiant Inc., Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).
    Wordfence serves to protect our website against unwanted access or malicious cyberattacks. For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can compare its databases with the accesses made on our website and, if necessary, block them.
  2. Legal Basis for Data Processing
    The use of Wordfence is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the most effective protection of their website against cyberattacks. If appropriate consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time.
    The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

VI. Use of Cookies

  1. Description and Scope of Data Processing
    Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when the website is accessed again. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can also be identified after a page change.
    The following data is stored and transmitted in the cookies:
    • Language settings
    Furthermore, we use cookies on our website that allow an analysis of users’ surfing behavior. In this way, the following data can be transmitted:
    • Frequency of page views
    • Use of website functions
  2. Legal Basis for Data Processing
    The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR.
  3. Purpose of Data Processing
    The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary for the browser to be recognized even after a page change. We require cookies for the following applications:
    • Transfer of language settings
    The user data collected through technically necessary cookies is not used to create user profiles. The use of analysis cookies is for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used, allowing us to continuously optimize our offering. These purposes also represent our legitimate interest in the processing of personal data according to Art. 6(1)(f) GDPR.
  4. Duration of Storage, Objection, and Removal Option
    Cookies are stored on the user’s computer and transmitted to our site from there. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Previously stored cookies can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it may no longer be possible to fully use all the functions of the website. The transmission of Flash cookies cannot be prevented via browser settings, but it can be blocked by changing the settings of the Flash Player.

VII. Reminder Service

  1. Content of the Reminder Service
    If you have booked an event by medpharm networks GmbH, you will receive reminder emails. These emails inform you about the start of an event, the provision of new videos for the event, the end of access to the contents, and possibly learning assessments for the event.
  2. Data Used
    For the reminder service, we use and store your title, first name, last name, email address, and the booked event.
  3. Legal Basis
    The data processing is based on your consent according to Art. 6(1)(a) GDPR or based on Art. 6(1)(b) GDPR. You can revoke this consent at any time by unsubscribing from the reminder service. The lawfulness of data processing carried out before the revocation remains unaffected.
  4. Purpose of Data Processing
    The collection of the user’s email address is used to deliver the reminder emails. The collection of other personal data during the registration process is used to prevent misuse of the services or the email address used.
  5. Storage Period
    The data stored for the purpose of receiving reminder emails from us will be stored by us until you unsubscribe from the reminder service, and after unsubscribing, the data will be deleted from our servers. Data stored by us for other purposes (e.g., email addresses for the member area) remains unaffected by this.
  6. Objection Option
    The reminder service can be terminated by the user at any time. For this purpose, each reminder email contains an appropriate link. This also allows for revoking consent to store the personal data collected during the registration process or to object to data processing.

VIII. Data Protection for Webinars with GoToWebinar

Description and Scope of Data Processing
A webinar is comparable to an in-person seminar and takes place over the internet using computer/software support. You can participate in a webinar after registering via https://apv.medpharm-networks.de/. For this purpose, the following data is requested: first name, last name, email address.

To conduct webinars over the internet, we use the software solution GoToWebinar by LogMeIn, Inc. LogMeIn, Inc. is responsible for providing this service and the associated data processing (LogMeIn’s privacy policy). For the webinar’s contractual execution, we transmit your registration and customer data to LogMeIn, Inc.

During and after the webinar’s execution, statistical data is transmitted to medpharm networks GmbH. If you participate in a webinar, pose or answer a question during the webinar, we will also receive information, in addition to your registration data, about the duration of your participation, your interest in the webinar, and the questions or answers provided for further customer support or to enhance the user experience.

An encrypted connection is established between you and the webinar’s organizer. The sound or image information transmitted during this session is recorded by us. By clicking “Participate,” you confirm that you will not create any recordings or screen captures of this session. An encrypted connection is established between you and the webinar’s organizer.

You can end the session at any time by simply closing the browser window or exiting the program or app. If your contact ends the session, your participation in the session will also be automatically terminated.

IX. Rights of the Data Subject
If personal data concerning you is processed, you are a data subject within the meaning of the General Data Protection Regulation (GDPR), and you have the following rights against the data controller:

  1. Right to Information
    You have the right to obtain confirmation from the data controller as to whether personal data concerning you is being processed by us.
    If such processing is taking place, you can request the following information from the data controller:
    (1) The purposes for which the personal data is processed; (2) The categories of personal data being processed; (3) The recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed; (4) The planned duration of storage of the personal data concerning you or, if specific information about this is not possible, the criteria for determining the storage period; (5) The existence of the right to rectification or erasure of personal data concerning you, the right to restriction of processing by the data controller, or the right to object to such processing; (6) The existence of a right to lodge a complaint with a supervisory authority; (7) All available information on the origin of the data if the personal data concerning you was not collected from you; (8) The existence of automated decision-making, including profiling, in accordance with Art. 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
    You have the right to request information on whether the personal data concerning you is being transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
  2. Right to Rectification
    You have the right to request the rectification and/or completion of your personal data processed by the data controller if it is inaccurate or incomplete. The data controller shall rectify the data without undue delay.
  3. Right to Restriction of Processing
    Under the following conditions, you can request the restriction of processing of your personal data:
    (1) If you dispute the accuracy of your personal data for a period that allows the data controller to verify the accuracy of the personal data; (2) If the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead; (3) If the data controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims; or (4) If you have objected to the processing pursuant to Art. 21(1) GDPR, pending the verification of whether the legitimate grounds of the data controller override your grounds.
    If the processing of your personal data has been restricted in accordance with the above conditions, except for storage, such data may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state. If the restriction of processing has been restricted under the above conditions, you will be informed by the data controller before the restriction is lifted.
  4. Right to Erasure
    You can request the data controller to erase your personal data without undue delay if one of the following grounds applies:
    (1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed. (2) You withdraw your consent on which the processing pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR was based, and there is no other legal ground for the processing. (3) You object to the processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR. (4) The personal data concerning you has been unlawfully processed. (5) The erasure of personal data concerning you is required for compliance with a legal obligation under Union or Member State law to which the data controller is subject. (6) The personal data concerning you has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
    If the data controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17(1) GDPR, the data controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform data controllers that are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.
    The right to erasure does not apply to the extent that processing is necessary:
    (1) To exercise the right of freedom of expression and information; (2) For compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller; (3) For reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR; (4) For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89(1) GDPR, insofar as the right referred to in Section XVI.4.a. is likely to render impossible or seriously impair the achievement of the objectives of that processing; or (5) For the establishment, exercise, or defense of legal claims.
  5. Right to Information
    If you have asserted the right to rectification, erasure, or restriction of processing against the data controller, the data controller is obliged to communicate to each recipient to whom the personal data concerning you have been disclosed any rectification or erasure of personal data or restriction of processing, unless this proves impossible or involves disproportionate effort. The data controller shall inform you about those recipients if you request it.
  6. Right to Data Portability
    You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another data controller without hindrance from the data controller to whom the personal data have been provided, where:
    (1) The processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR; and (2) The processing is carried out by automated means.
    In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one data controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
  7. Right to Object
    You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. The data controller shall no longer process the personal data concerning you unless the data controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
    If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
    If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
    You have the option, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.
  8. Right to Withdraw Consent
    You have the right to withdraw your consent to data protection declarations at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  9. Automated Individual Decision-Making, Including Profiling
    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
    (1) Is necessary for entering into or performance of a contract between you and the data controller; (2) Is authorized by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or (3) Is based on your explicit consent.
    However, these decisions must not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. With regard to the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the data controller, to express your point of view, and to contest the decision.
  10. Right to Lodge a Complaint with a Supervisory Authority
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

End of Privacy Policy
Date: 22nd July 2023