Privacy notice for the website

We respect the personal rights of our customers, prospective customers and partners, above all their right to informational self-determination, as one of our fundamental principles. This naturally also applies to the way we handle your data when you visit our website. Generally speaking, you can visit our website without informing us of your identity. We only collect, process and use personal data in accordance with the statutory requirements and data security specifications.

The pages on our website may contain links to other providers. Our privacy notice does not apply to these.

Controller

The Controller in accordance with the General Data Protection Regulation and other national data protection legislation as well as other data privacy regulations

Deutsche Apotheker- und Ärztebank
Richard-Oskar-Mattern-Straße 6
40547 Düsseldorf
Germany
Telefon: +49 211 5998 8123
E-Mail: info@apobank.de

Data Protection Officer

The Data Protection Officer designated by the Controller

Deutsche Apotheker- und Ärztebank
Datenschutzbeauftragter
Richard-Oskar-Mattern-Straße 6
40547 Düsseldorf
Germany
E-Mail: datenschutz@apobank.de

General information on data processing

Scope of processing personal data
As a matter of principle, we only process our users’ personal data to the extent that this is necessary to provide a fully functioning website and for the use of our content and services. We only process our users’ data regularly with the user’s prior consent. An exception applies in such cases where it is not possible to get the user’s prior consent for practical reasons and we are permitted to process the data by law.

Legal basis for processing personal data
Insofar as we obtain the data subject’s consent for processing their personal data, the legal basis is Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR).
Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, the legal basis is Art. 6 (1) (b) GDPR. This also applies when processing is required to perform pre-contractual measures.

Insofar as personal data must be processed to fulfil a legal obligation to which our company is subject, the legal basis is Art. 6 (1) (c) GDPR.
Where the processing of personal data is required to protect the vital interests of the data subject or that of another natural person, the legal basis is Art. 6 (1) (d) GDPR.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former, the legal basis for the processing is Art. 6 (1) (f) GDPR.

Data erasure and retention period
The data subject’s personal data shall be deleted or blocked as soon as the purpose for which they were stored no longer applies. Data may also be stored if this has been stipulated by European or national legislation in EU regulations, laws or other requirements to which the Controller is subject. The data will also be blocked or deleted once a legally defined storage period has expired, unless there is a need to continue storing the data for the conclusion or fulfilment of a contract.

Provision of the website

Provision of the website and creation of log files

Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the requesting computer.
The following data are collected:

  • information on the browser type and the version used,
  • the user’s operating system,
  • the user’s internet service provider,
  • the user’s IP address,
  • date and time of access,
  • websites from which the user’s system reaches our website,
  • websites accessed by the user’s system through our website.

The data are also stored in the log files of our system. These data are not stored together with any other of the user’s personal data.

Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

Purpose of data processing
It is necessary for the system to temporarily store the IP address to deliver the website to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session. Storing the data in log files ensures the functioning of our website. In addition, we use the data to optimize the website and guarantee the security of our IT systems. The data are not evaluated for marketing purposes in this connection. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR.

Duration of storage
The data are deleted as soon as they are no longer required for the purpose for which they were stored. In the case of data collected for the provision of the website, this is the case when the respective session is over. If the data are stored in log files, this is the case after seven days at the latest. The data may be stored beyond this period. In this case, the users’ IP addresses will be deleted or anonymized so that they can no longer be allocated to the visiting client.

Possibility of objection and elimination

The collection of data for the provision of the website and the storage of data in log files is absolutely essential for the operation of the website. Consequently, users do not have the possibility to object.

Cookies

Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a distinctive character string that enables the browser to be clearly identified when the website is requested again.

We also use cookies on our website that enable us to analyse users’ surfing behaviour. The following data can be submitted in this way:

  • entered search terms,
  • frequency of visits to website,
  • utilization of website functions.

User data collected in this way is pseudonymised using technical means. This makes it impossible to allocate the data to the user accessing the site. The data are not stored together with any other of the user’s personal data. See also “Web analytics” below.

When accessing our website, users are informed about the use of cookies for analytical purposes by means of an info banner and referred to this data privacy statement. In this context, users are also informed about how they can prevent the cookies being stored by adjusting their browser settings.

Legal basis for data processing
The legal basis for processing personal data using cookies is Art. 6 (1) (f) GDPR.

Purpose of data processing
The purpose of using cookies for analytical purposes is to improve the quality of our website and its contents. By using analysis cookies, we learn how our website is used and are able to continuously optimise our products and services. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR.

Duration of storage, possibility of objection and elimination
Cookies are stored on the user’s computer and transmitted from here to our site. This means that as a user, you also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all the functions available on this website.

In addition, all users can refuse to accept cookies by adjusting their browser settings on cookies from third-party providers. You can also make adjustments for Facebook, Google and other providers via the website http://www.youronlinechoices.com/uk/your-ad-choices

Newsletter

Description and scope of data processing
On our website, we offer the option to subscribe to our newsletter ‘apoStrategie’ and to our information service for members. In this process, data entered into the input mask during registration are sent to rapidmail GmbH and DGN Service GmbH, respectively, for shipping purposes. This includes the name, e-mail address, account number and serial number.
In addition, the following data are collected on registration:

  • IP address of the visiting computer,
  • date and time of registration.

Legal basis for data processing
The legal basis for processing data after the user has registered for the newsletter is Art. 6 (1) (a) GDPR, insofar as the user has given his consent.

Purpose of data processing
The purpose of recording the user’s e-mail address is to deliver the newsletter. The purpose of collecting other personal data during the registration process is to prevent misuse of the services or the given e-mail address.

Duration of storage
The data will be deleted as soon as they are no longer required for the purpose for which they were recorded. In this regard, the user’s e-mail address will be stored as long as the newsletter subscription is active.

Possibility of objection and elimination
The newsletter subscription can be cancelled at any time by the data subject. A link can be found in each newsletter for this purpose.

Registration

Description and scope of data processing
On our website, we offer members the possibility of registering with their personal data. The data are entered into an input mask and transferred to DGN Service GmbH, where they are stored. The following data are collected during the registration process:

  • e-mail,
  • name,
  • branch,
  • account number.

In addition, the following data are stored at the time of registration:

  • the user’s IP address,
  • date and time of registration.

Legal basis for data processing
The legal basis for processing data insofar as the user’s consent has been given is Art. 6 (1) (a) GDPR. The legal basis for processing data submitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR.

Purpose of data processing
Registration is necessary to enable registered members to be approached as part of apoBank’s “Mitdenker” project to involve members more actively in the Bank’s design processes.

Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were recorded. For data collected during the registration process, this is the case when you withdraw or change your registration on our website.

Possibility of objection and elimination
As a user, you have the possibility of deregistering at any time at www.apobank.de/mitdenker

Contact form and e-mail contact

Description and scope of data processing
Contact forms are available on our website that can be used to contact us electronically. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to APO Data-Service GmbH or Konnektum GmbH and stored there. This includes the e-mail address, title, name, address, customer, branch, telephone number (for return calls).
In addition, the following data are stored at the time the message is sent:

  • the user’s IP address,
  • date and time of sending the message.

Alternatively, users can contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail are stored. The data are used for processing the conversation and for quality assurance.

Legal basis for data processing
The legal basis for processing data insofar as the user’s consent has been given is Art. 6 (1) (a) GDPR. The legal basis for processing data submitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the purpose of making contact by e-mail is to conclude an agreement, the additional legal basis for processing the data is Art. 6 (1) (b) GDPR.

Purpose of data processing
Personal data from the input mask are processed with the purpose of establishing contact and for quality assurance. If contact is made by e-mail, this also constitutes the necessary legitimate interest in processing the data. The purpose of processing other personal data submitted while sending the e-mail is to prevent misuse of the contact form and guarantee the safety of our IT systems.

Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were recorded. For personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user is ended. The conversation is over when it can be concluded from the circumstances that the matter in question has been unequivocally clarified. Personal data from the input mask of the contact form that are stored for quality assurance purposes will be deleted after six months.

Possibility of objection and elimination
Users have the possibility to revoke their consent to processing their personal data at any time. If they contact us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. Please contact our Data Protection Officer in this connection. All personal data stored in the course of contacting us will be deleted in this case.

Web analytics

We use web analysis tools for marketing and optimization purposes. On our website, we offer users the possibility of opting out of our analytical processes. To do this, follow the corresponding link. As a result, an additional opt-out cookie is set on your system that tells our system not to store your data. If you have deleted the corresponding cookie from your own system in the meantime, you must reactivate the opt-out cookie. See also “Cookies\Duration of storage, possibility of objection and elimination” above.

MATOMO
Scope of processing personal data
We use the open source software tool Matomo (formerly PIWIK) on our website to analyse our users’ surfing behaviour. The software sets a cookie on the users’ computers. The following data are stored when individual pages of our website are accessed:

  • IP address of the user’s system,
  • the accessed website,
  • the website from which the user’s system reached the accessed website (referrer),
  • the subpages visited from the accessed website,
  • the length of time spent on the website,
  • how often the website is accessed.

The software runs exclusively on the servers of our website. Personal data are only stored there. The data are not passed on to third parties. To ensure that the IP address is not fully stored, 2 bytes of the IP address are masked in the software settings. As a result, it is impossible to allocate the truncated IP address to the requesting computer.

Legal basis for processing personal data
The legal basis for processing the user’s personal data is Art. 6 (1) (f) GDPR.

Purpose of data processing
The purpose of processing our users’ personal data is to enable us to analyse their surfing behaviour. By analysing the collected data, we are able to compile information about the way the individual components of our website are used. This helps us to continuously improve our website and make it more user-friendly. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR. By anonymising the IP address, we take the user’s interest in protecting their personal data sufficiently into account.

Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were recorded. More information on the privacy settings of Matomo software can be found at: https://matomo.org/docs/privacy/.

Possibility of objection and elimination
You can object to the use of Matomo here ▶ Deactivate Matomo

GOOGLE ANALYTICS

This website uses Google Analytics including Google Analytics advertising functions. Google Analytics is a web analysis service of Google Inc. (“Google”).

Scope of processing personal data

When users access individual pages of our website, the following data are stored:

  • IP address of the user’s requesting system,
  • the accessed website,
  • the website from which the user's system reached the accessed website (referrer),
  • the subpages visited from the accessed website,
  • the length of time spent on the website,
  • how often the website is accessed.

Google Analytics is used exclusively with the IP anonymisation function activated (IP masking). This means that the IP address is truncated by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. In exceptional cases only, for example in the case of technical failures in Europe, the full IP address is transmitted to a Google server in the United States and truncated there.
If Google’s IP anonymization method is used, the full IP address is not written to disk at any time as all anonymization happens in the memory almost immediately after the request has been received.
The IP address transmitted by the user’s browser is not combined with other data held by Google.

Legal basis for processing personal data
The legal basis for processing the user’s personal data is Art. 6 (1) (f) GDPR.

Purpose of data processing
Google uses this information on our behalf to analyse your use of the website in accordance with Art. 6 (1) (f) GDPR, to compile reports on website activities and provide us with additional services in connection with website and Internet usage, in particular functions for display advertising and Google Analytics Demographics and Interests Reports.
Google may also pass on this information to third parties where this is required by law or in cases where third parties process this data on behalf of Google. Personal data are excluded from this.
Google Analytics Demographics and Interests Reports use data and visitor data obtained by Google via interest-based advertising from third-party providers (such as age groups or interest groups).
Please note that Google Analytics has been extended on this website with the code "anonymizeIp" to guarantee that IP addresses are anonymised (IP masking).

Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were recorded. More information on Google can be found here: Overview of privacy policy at https://policies.google.com/?hl=en

Possibility of objection and elimination
You can prevent these cookies from being stored by enabling the relevant setting in your browser software. Please note, however, that this may prevent you from using all the functions available on this website.

In addition, you can prevent the information generated by the cookie (including your IP address) on your use of the website being recorded and processed by Google by downloading and installing the browser plug-in available here: Browser add-on to deactivate Google Analytics https://tools.google.com/dlpage/gaoptout?hl=en

More information on terms of service and data privacy can be found at https://www.google.de/analytics/terms/de.html or at https://policies.google.com/?hl=en&gl=de

In addition, you can object to the use of Google Analytics here ▶ Google Analytics deaktivieren
Integrating third-party services and content

YouTube: Our websites integrate videos from our official YouTube channel, which can be accessed at  www.youtube.com, a service of YouTube LLC, a subsidiary of Google Inc. To this end, we use YouTube’s "privacy-enhanced mode". This mode can set cookies on your computer as soon as you click on the YouTube video player. We receive evaluations from YouTube on visits to our integrated YouTube videos without any reference to the respective user.

Google Maps: This website uses Google Maps to display maps and generate route maps. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you agree that Google, one of its representatives or third-party providers may collect, process and use data that is automatically collected or entered by you. The terms of use for Google Maps can be found here: https://www.google.com/intl/en_de/help/terms_maps.html

Note to the above services provided by Google Inc.: If you have a Google account, you can determine the activity data that you want to be saved in your account yourself, including data on YouTube. These can be found at Google ->My account -> Personal info & privacy, Manage your Google activity: https://myaccount.google.com/activitycontrols

apoInvestor: We provide the market information service apoInvestor belonging to DZ Bank on our websites. The privacy notice for this service can be found in the terms of service of apoInvestor. 

Google Dynamic Remarketing: We use Google Dynamic Remarketing. This technology can be used to show users who previously visited our websites tailored advertising on the websites of Google’s partner network. The adverts are displayed as described above through the use of cookies to analyse the way the user visits the website and send them targeted product recommendations and advertising based on their interests. This is done in accordance with Art. 6 (1) (f) GDPR.

You can prevent cookies being installed by adjusting your browser settings. Please note, however, that this may prevent you from using all the functions available on this website. If you do not want this to happen, you can deactivate the function via the ads preferences manager.

More information on terms of service and privacy can be found at http://www.google.de/intl/de/policies/privacy/

Your rights as a user of our website

All data subjects have the right to information in accordance with Art. 15 GDPR, the right to rectification in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR and the right to data portability from Art. 20 GDPR. With regard to the right to information and the right to erasure, the restrictions according to Sections 34 and 35 German Federal Data Protection Act (BDSG) apply. Furthermore, users have the right to object to a data protection authority (Art. 77 GDPR in connection with Section 19 BDSG).

Withdrawal of consent

You can withdraw the consent you have given us, whether express or implied, at any time with future effect.

Widerspruchsrecht

Information about your right to object according to Art. 21 of the General Data Protection Regulation (GDPR)

  1. You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6 (1) (e) GDPR (data processing in public interest) or Article 6 (1) (f) GDPR (data processing based on balancing of interests). This also applies to profiling on the basis of those provisions in accordance with Article 4 (4) GDPR, which we use for credit rating or for advertising purposes. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds, which override your interests, rights and freedoms, or if processing serves to establish, exercise or defend legal claims.
  2. In individual cases, we process your personal data for direct advertising. You have the right to object to the processing of your personal data for the purpose of such advertising at any time. This also applies to profiling, insofar as it is in connection with such direct advertising. If you object to processing for the purpose of direct advertising, we will no longer process your personal data for these purposes.

Your objection can be sent without any formal requirements to:
Deutsche Apotheker- und Ärztebank eG
Central Service Centre
"Objection in acc. with GDPR"
30135 Hanover
Germany
Phone: +49 211 5998 8123
Fax: +49 211 5938 77

As at: May 2018