1. Scope of personal data processing

We collect and use our users' personal data only to the extent necessary to provide a functional website and our content and services. The collection and use of our users' personal data only takes place if the processing is permitted by legal regulations or with the consent of the user.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis. In the processing of personal data necessary for the performance of a contract to which the data subject is party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DS-GVO serves as the legal basis. In the event that processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) of the GDPR shall serve as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DS-GVO serves as the legal basis for processing. The legal basis for the processing of your health data is Article 9 (2) (h) of the GDPR in conjunction with Section 22 (1) (1) (b) of the BDSG. In addition, the essential legal basis for the processing of your data is the Pharmacy Act, the Pharmacy Operating Regulations and the Social Security Code (SGB) Fifth Book (V), in particular Section 300 SGB V.

3. Data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage beyond this period may occur if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. For example, if there are statutory retention requirements, the personal data will be stored until the retention requirement has expired and then deleted. If the purpose of the storage has not yet ceased at this point in time, the data will be blocked until the purpose ceases and then deleted.

4. Disclosure of data

Should we disclose, transmit or otherwise grant access to the data to other persons and companies (processors or third parties) in the course of our processing, this will only be done on the basis of legal permission or a legal obligation or on the basis of our legitimate interests or your consent. In the following cases, our data processing is carried out by a service provider that is bound by instructions and is obliged to comply with data protection regulations and is not allowed to use the data for any other purpose:
Website hosting, design and layout of the website, sending of newsletters (see also Section IV).
If we commission third parties to process data on the basis of a so-called 'data processing agreement', this is done on the basis of Art. 28 GDPR.
Should data be processed in a third country in the context of using third-party services, this will only take place if it is done either to fulfill our (pre)contractual obligations, a legal obligation or on the basis of our legitimate interests or with your consent. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Art. 44 ff. GDPR if, for example, the processing is carried out on the basis of special guarantees or in compliance with officially recognized special contractual obligations.

1. Description and scope of data processing

Every time our website is accessed, our system automatically collects data and information from the accessing computer system. The following data is collected:
Information about the browser type and version used
The user's operating system
The user's internet service provider
Date and time of access
User's IP address
Websites from which the user's system accesses our website
Websites accessed by the user's system via our website
The data is also stored in our system's log files. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 (1) (f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. To do this, the user's IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, the data helps us to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context. These purposes also constitute our legitimate interest in the data processing in accordance with Article 6(1)(f) GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. It is possible that the data will be stored for a longer period. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign them to the accessing client.

5. Right to object

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no right to object on the part of the user.

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in or by the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again. We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR.

3. Purpose of data processing

The purpose of using cookies is to make it easier for users to use websites. Some of our website's functions cannot be offered without the use of cookies. These functions require that the browser be recognized even after a page change. The user data collected by technically necessary cookies are not used to create user profiles.
Our legitimate interest in processing personal data for the purposes mentioned also lies in the purposes mentioned in accordance with Art. 6 Para. 1 lit. f DS-GVO.

4. Duration of storage, right to object and right to erasure

Cookies are stored on the user's computer and transmitted by it to our website. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it is possible that not all of the website's functions can be used to their full extent. Accepting cookies is not required to visit our website. However, we would like to point out that individual functions of our website may only be available to a limited extent; in particular, the 'drug reservation' functionality cannot be used.

1. Description and extent of data processing

If you send us an e-mail, we collect and process the personal data that you provide to us in the e-mail. This may include, for example, your first name, last name, address, telephone number, email address and the content of your message or notification, if this contains information about you. This is done in order to communicate with you if you have contacted us, for example by answering your questions, processing reservations or providing you with requested information.
In this context, the data will not be passed on to third parties. The data will be used exclusively for the purpose of processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DS-GVO. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DS-GVO.

3. Purpose of data processing

We process personal data solely for the purpose of handling the contact. This also constitutes the necessary legitimate interest in processing the data.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case when the conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Right of objection

The user has the option at any time to revoke their consent to the processing of personal data. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of making contact will be deleted in this case.

1. Description and scope of data processing

For your non-binding medication reservation, we collect

• a. in the case of an over-the-counter medication reservation or the reservation of prescription-only medications via the form, we collect your first name and last name, title, address, telephone number and e-mail address, as well as the medication you wish to reserve, including the quantity, dosage form, package contents and supplier, as well as the time of the reservation, the date of the planned pick-up and any personal comments or requests you may have provided.
• b. in the case of a reservation of prescription drugs via the form for statutory health insurance, in addition to the information required for reserving non-prescription drugs, the cost unit identifier and information on whether the drug is subject to a fee as well as the autidem note.
• c. in the case of prescription uploads, all visible information on the prescription (in particular first name, last name, date of birth, insurance provider ID, insurance number, medication, fee liability, Autidem note) as well as all information visible on the medication packaging.

Please note that this information includes data about your health, which, as special personal data within the meaning of Art. 9 (1) GDPR, enjoys increased protection. We ensure this by using a special encryption system. In order to inform you about the status of your reservation and/or possible special features of the ordered product, we will contact you via one of the contact options provided by you (e-mail, telephone, SMS). The collection, processing and use of your data is carried out exclusively in encrypted form using TLS, RSA, AES, SHA. These encryption mechanisms make it possible to encrypt the continuous data stream between a user's server and browser on the internet to prevent 'secret eavesdropping and reading'. You can recognize a secure SSL connection, among other things, by a note next to the URL line of your browser. This does not apply if you contact us on your own initiative by email. In this case, it is your responsibility to take appropriate measures to transmit your data securely and to protect it against access by unauthorized third parties.

2. Legal basis

For the processing of the data collected as part of your medication reservation, your consent is obtained as part of the reservation process and reference is made to this data protection declaration. The legal basis for processing the data provided in the course of the drug reservation is thus Art. 9 Para. 2 lit. a DS-GVO.

3. Purpose and duration of storage

The sole purpose of the processing is to process your medication reservation. The data will be deleted after 100 days at the latest.

4. Right to object

The user has the right to revoke his consent to the processing of personal data at any time.

1. Description and scope of data processing

We use WhatsApp, a messaging service provided by WhatsApp Inc., to communicate with customers and prospects. WhatsApp can be used to process phone numbers, message content, and associated metadata such as timestamps and recipients. This data can be stored and processed on servers in the United States.

2. Legal basis

The processing of your personal data via WhatsApp is based on your explicit consent in accordance with Art. 6 (1) a GDPR and, if the communication is related to a contract or the implementation of pre-contractual measures, on Art. 6 (1) b GDPR.

3. Purpose and duration of storage:

The data received via WhatsApp is used solely for the purpose of communicating and processing your requests. The data is stored for as long as is necessary for communicating with you or for documenting our business relationship, unless statutory retention periods require longer storage.

4. Right to object:

You have the right to revoke your consent to data processing via WhatsApp at any time. To revoke your consent and if you wish to use alternative communication channels, please contact us using the company contacts provided (e.g. telephone, email). Please note that in the event of revocation, communication via WhatsApp cannot be continued.