1. Scope

The protection of personal data is very important to us. With the following information on data protection, we want to give you an understanding of which personal data we process for which purposes while you are using our website.

The following information applies to all content of the website www.meddrop.com (hereinafter “offer”). The legal basis of data protection can be found in the EU General Data Protection Regulation (hereinafter GDPR) and the Federal Data Protection Act.

2. Definitions Personal Data
“Personal Data” means any information relating to an identified or identifiable natural person

relate person; an identifiable natural person is one who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special features, are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

“Processing” means any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as collecting, recording, organizing, organizing, storing, adapting or changing, reading out, querying, Use, disclosure by transmission, distribution or any other form of making available, matching or linking, restriction, deletion or destruction.

3. Types of Personal Data Access Data

Access data is data about every access to the server on which our website is located. The access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Cookies

Cookies are small files that make it possible to store specific, device-related information on the access device.

Input data

If you register with us as a customer, fill out the contact form on our website, or contact us by other means (e.g. telephone, e-mail), we process the personal data that you enter in the respective form or give us in another way (e.g. last name, first name, e-mail address, address).

4. Purposes of processing access data

Our hosting provider collects the access data on our behalf for security reasons for fraud and abuse control and for statistical recording of website use. The legal basis for processing is Art. 6 Para. 1 Sentence 1 f GDPR. For the processing of the IP address by third parties, see section

5. Cookies

On the one hand, cookies serve to improve the user-friendliness of websites and thus the users (e.g. storage of login data). On the other hand, they can be used to collect statistical data on website use and to be able to analyze them in order to improve our offers.

The legal basis for the use of cookies is Art. 6 Para. 1 f GDPR. Our legitimate interest in data collection follows from the fact that we need the use of cookies for the purpose of making our website user-friendly and optimizing our offers.

Position data

If you use our institute finder, your position data (geographical coordination data) may be collected. You can find more information on this under Section 6.

Input data

If you register as a customer, we use your personal data to manage your account (legal basis Art. 6 Para. 1 Sentence 1 b GDPR). If you use our contact form or provide us with your personal data in another way, we will use this to process your request (legal basis Art. 6 Para. 1 Sentence 1 a, f GDPR). If you communicate with us via e-mail, your e-mails and the personal data communicated in them will be transported to the servers of our e-mail provider Strato AG on our behalf in order to be stored on our servers (legal basis Art. 6 Para. 1 sentence 1 a, f GDPR).

Our legitimate interest in data collection within the meaning of Art. 6 Para. 1 f GDPR follows from the fact that we cannot process your request (registration, contact) without your data.

5. Data processing by a third-party hosting

Our website is operated on the servers of the hosting provider Strato AG. This processes the personal data mentioned under point 3 on our behalf for the operation of our website and for misuse control. The legal basis for this is Art. 6 Para. 1 Sentence 1 f GDPR.

Hosting

Our website is operated on the servers of the hosting provider Strato AG. This processes the personal data mentioned under point 3 on our behalf for the operation of our website and for misuse control. The legal basis for this is Art. 6 Para. 1 Sentence 1 f GDPR.

Plug-ins, usage analysis

We embed various services and content from third parties on our website. The integration can lead to the processing of your personal data. In addition, the integration of third-party content may result in data being transferred to countries outside the EU. You can find more information on this under Section 6.

The legal basis for the integration of services and content is Art. 6 Para. 1 Sentence 1 f GDPR. Our legitimate interest in data processing follows from the fact that we use the services of third parties for the purpose of making our website user-friendly and optimizing our offers.

6. Google Analytics, institute finder, and Google Maps Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you however that in this case, you will if applicable not be able to use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and installing: tools.google.com/dlpage/gaoptout We would like to point out that on this website Google Analytics has been supplemented with the code “gat. anonymizeIp();” was expanded to ensure anonymous collection of IP addresses (so-called IP masking).

You can find more information on the terms of use and data protection at https://support.google.com/analytics/answer/6004245?hl=de.

Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Para. 1 Sentence 1 f GDPR. Our legitimate interest in data collection follows from the fact that we use Google Analytics for the purpose of need to optimize our offers.

Institute finder and Google Maps

You can use our institute finder to find a DERMADROP institute near you. For this see a map from Google Maps at www.dermadrop.com. By zooming in on the map you will find the location of the cosmetic institute with DERMADROP products, which is in your area. By visiting our website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, to the best of our knowledge, the following information is transmitted to Google: Date and time of the visit to the website in question, Internet address or URL of the website accessed, IP address of the access device and the start and destination address entered on the Google Maps page as part of route planning. This takes place regardless of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research, and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

Further information on the purpose and scope of data collection and its processing by Google can be found in Google’s data protection declaration. There you will also find further information on your rights in this regard and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.

Google also processes your personal data in the USA and has submitted it to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

The legal basis for using the institute finder and Google Maps is Art. 6 Para. 1 Sentence 1 f GDPR. Our legitimate interest in data collection follows from the fact that we use Google Analytics for the purpose of better locating our DERMADROP Institute and thus optimizing our offers.

7. Online job applications/publication of job advertisements

We offer you the opportunity to apply to us via our website. With these digital applications, your applicant and application data will be electronically collected and processed by us to process the application process.

The legal basis for this processing is Section 26 (1) sentence 1 BDSG in conjunction with Article 88 (1) GDPR.

If an employment contract is concluded after the application process, we will store the data you transmitted during the application in your personnel file for the purpose of the usual organizational and administrative process – of course in compliance with the further legal obligations.

The legal basis for this processing is also Section 26 (1) sentence 1 BDSG in conjunction with Article 88 (1) GDPR.

If an application is rejected, we automatically delete the data transmitted to us two months after notification of the rejection. However, the data will not be deleted if the data requires longer storage of up to four months or until the conclusion of legal proceedings due to legal provisions, e.g. due to the burden of proof according to the AGG.

In this case, the legal basis is Art. 6 (1) (f) GDPR and Section 24 (1) No. 2 BDSG. Our legitimate interest lies in legal defense and enforcement.

If you expressly consent to a longer storage of your data, e.g. for your inclusion in a

applicant or interested party database, the data will be processed based on your consent.

The legal basis is then Article 6 (1) (a) GDPR. Of course, you can withdraw your consent at any time
Art. 7 Para. 3 DSGVO revoked by declaration to us with effect for the future.

8. MailChimp – Newsletter

We offer you the opportunity to register for our free newsletter via our website.

If you register for our newsletter, the data requested from you, i.e. your e-mail address and – optionally – your name and address will be transmitted to us. At the same time, we save the IP address of the Internet connection from which you access our website as well as the date and time of your registration. As part of the further registration process, we will obtain your consent to the sending of the newsletter, describe the content specifically and refer to this data protection declaration referred. We use the data collected in this way exclusively for sending the newsletter – it is therefore in particular not passed on to third parties.

The legal basis for this is Art. 6 (1) (a) GDPR.

You can revoke your consent to the newsletter dispatch at any time with effect for the future in accordance with Art. 7 Para. 3 DSGVO. All you have to do is inform us of your revocation or click on the unsubscribe link contained in every newsletter.

We use MailChimp, a service of The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA, hereinafter referred to as “The Rocket Science Group” to send newsletters.

Through certification according to the EU-US data protection shield (“EU-US Privacy Shield”) https://www.privacyshield.gov/… The Rocket Science Group guarantees that the data protection regulations of the EU are also observed when processing data in the USA. In addition, The Rocket Science Group offers further data protection information at http://mailchimp.com/legal/pri…

If you register to receive our newsletter, the data requested during the registration process, such as your e-mail address and, optionally, your name and address, will be processed by The Rocket Science Group. In addition, your IP address and the date of your registration together with the time will be saved. As part of the further registration process, your consent to the sending of the newsletter will be obtained, the content will be specifically described and reference will be made to this data protection declaration.

The newsletter then sent via The Rocket Science Group also contains a so-called tracking pixel, also known as a web beacon. With the help of this tracking pixel, we can evaluate whether and when you read our newsletter and whether you followed any further links contained in the newsletter. In addition to other technical data, such as the data from your IT system and your IP address, the data processed is stored so that we can optimize our newsletter offer and respond to the wishes of the readers. The data is therefore processed to increase the quality and attractiveness of our newsletter offer.

The legal basis for sending the newsletter and for the analysis is Art. 6 (1) (a) GDPR.

You can revoke your consent to the newsletter dispatch at any time with effect for the future in accordance with Art. 7 Para. 3 DSGVO. All you have to do is inform us of your revocation or click on the unsubscribe link contained in every newsletter.

9. Voluntary provision of data

The provision of personal data when you visit our website is neither required by law nor by contract, nor is it necessary for the conclusion of a contract. You are also not obliged to provide personal data when you visit our website, although access data is recorded automatically when you visit our website. If you want to register as a customer, the registration data is required.

10. Duration of processing access data, cookies

The access data is temporarily stored by our hosting provider for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.

If IP addresses are processed by third parties, we have no influence on the duration of the processing. Under section 6 you will find the links to the data protection declarations of the third-party providers. There you can find out about the duration of the processing.

Input data

We process personal data that you provide via our forms or communicate to us in any other way for the duration of the processing of your request, provided that this data is not subject to the retention periods under tax and commercial law or consent justifies continued storage.

11. Contradiction

You have the right to object at any time to the personal data processed on the basis of Art. 6 Para. 1 Sentence 1 f GDPR, provided that there are reasons for the objection that arise from your particular situation. However, your personal data will be processed further if there are compelling legitimate reasons for further processing the data that outweigh your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims. If we process your personal data in order to operate direct advertising, you have the right to object to the processing of your personal data for the purpose of such advertising at any time without giving reasons (Article 21 GDPR).

12. Other Data Subject Rights

If you have given your consent, you have the right to revoke it. We would like to point out that a revocation does not change the lawfulness of the processing carried out up to the revocation (no retroactive effect of the revocation).

You have the right, within the framework of the GDPR, to request information free of charge about the personal data we hold about you (Art. 15 GDPR).

Furthermore, in accordance with the GDPR, you have the right to correction (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction (Art. 18 GDPR) and transfer (Art. 20 GDPR) of your personal data.

You also have the right to complain to the data protection supervisory authority responsible for us in justified cases (Article 77 GDPR).

You can assert your rights under the GDPR by email or in writing. The contact details of the provider can be found below.

13. Contact Information

Provider as responsible body:

Meddrop BioMedical Technologies GmbH
Wilhelm-Stein-Weg 5
22339 Hamburg
Germany

Phone: +49 (0) 40 688 9204 80
Email: info@meddrop.com

Data protection supervisory authority:

The Hamburg Commissioner for Data Protection and Freedom of Information Klosterwall 6 (Block C)
20095 Hamburg

Germany
Telephone: +49 (0) 40 42854 – 4040
Fax: +49 (0) 40 42854 – 4000

Email: mailbox@datenschutz.hamburg.de
http://www.datenschutz.hamburg

Last Updated: February 2021