Data security

Data Privacy Statement

In the following, we provide information on the processing of your personal data when you use our web shop, and on your rights. Please read carefully the Data Privacy Statement.

§ 1 Name and contact details of the responsible party; data protection officer

(1) The responsible party may be contacted under:

NOBAMED Paul Danz AG
Höltkenstraße 1-5
58300 Wetter

Phone: +49 (0)2335 - 760 90
Fax: +49 (0)2335 - 760 950
e-mail: info@nobamed-ag.com

See our masthead for further information.

(2) A data protection officer has been appointed who may be contacted at the a.m. address and phone number or at the following e-mail address: datenschutz@nobamed-ag.com.

§ 2 Collection of personal data when visiting our web shop

(1) If our web shop is used only informationally – that is if you do not register or otherwise transmit information – we only collect the personal data which your browser transfers to our server.

(2) If you want to informationally use our web shop, we collect the following data technically necessary for the use of our web shop and to ensure stability and security.

a) IP address

b) Date and time of the request

c) Time zone difference to Greenwich Mean Time (GMT)

d) Content of the request (specific page)

e) Access status/HTTP status code

f) The amount of data transferred in each case

g) Website from which the request comes (referrer)

h) Browser

i) Operating system and its interface

j) Language and version of the browser software.

(3) This data stored in log files is automatically deleted after 3 months.

(4) In addition to the data mentioned above, cookies shall be stored on your computer when you use our website.

a) Cookies are small text files that are assigned and stored on your hard drive by the browser you use and through which certain information flows to the appropriate place that sets the cookie (here by us). Cookies cannot run programs or transmit viruses to your computer. Their purpose is to make the website more user-friendly and effective overall.

b) We only use persistent cookies. These cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies in your browser’s security settings at any time.

i. For customers we use cookies to store, and have recourse to, language settings, products collected in the shopping basket, login details, viewed products and categories, customer status of registration, customer name and first name as well as e-mail address.

ii. For non-customers we use cookies to store, and have recourse to, language settings, products collected in the shopping basket, viewed products and categories as well as the session ID.

(5) The legal basis for the processing is Art. 6 (1) page 1 lit. a) and f) GDPR.

§ 3 Collection of personal data when placing orders in our web shop

(1) If you want to place an order in our web shop, it is necessary to provide some personal data needed for the conclusion of the contract and the order processing. The mandatory details necessary for the implementation of the contract are marked, further details are optional. The data you provide is used for the processing of your order. To this end, we may pass on your payments data to our main bank.

(2) You have the option of establishing a customer account which will allow us to store your data for future further purchases. If a customer account is established, the data provided by yourself will be revocably stored.

(3) Due to economic and tax law requirements we are obliged to store your address as well as payment and order details for the statutory period of 10 years, pursuant to, for example, § 147 (3) AO (tax code), beginning with the end of the calendar year where the document was created.

(4) Legal basis for the processing is Article 6 (1) page 1 lit. a), b), and c) GDPR.

§ 4 Collection of personal data when visiting the web shop through YouTube

(1) We have included YouTube videos in our online services. They are stored on https://youtube.com with direct access from our web shop. They are all integrated in our ‘advanced data protection mode’, which means that no data on you as user will be transmitted to YouTube if you do not play the videos. Only if you play the videos, the data mentioned in Article 2 will be transmitted. This data transmittal is beyond our own control.

(2) When you visit our web shop, YouTube will receive the information that you have accessed the respective page in the web shop as well as further information, in particular technical information about your terminal. You may obtain further information on the extent and purpose of the data collection and its processing through YouTube in the privacy declaration of YouTube resp. Google. There you will also find further information as to your rights and setting options to ensure the protection of your privacy: https://www.google.de/intl/de/policies/privacy. Google will process your personal data also in the U.S. They have submitted to the EU-US-Privacy-Shield. Further information is available on: https://www.privacyshield.gov/EU-US-Framework.

(3) Data will be collected, irrespective of whether YouTube provides a user account under which you are logged in or whether no user account exists. If you are logged into Google, your data will be assigned directly to your account. If you do not wish your profile to be linked with YouTube, you need to log off before going to our website. YouTube stores your data as usage profiles and uses the information for the purpose of advertising, marketing research and/or the demand-oriented design of the website. Such an evaluation is made in particular (even for users who are not logged in) to create targeted offers and to inform other users of the social network about your activities in our web shop.

(4) You have a right to object to the creation of such usage profiles. To exercise that right, you will have to get in touch with YouTube.

§ 5 Collection of personal data when using our e-mail addresses

(1) If you have any question you may contact us via our e-mail addresses. This requires that you provide a valid e-mail address for us to know from whom the inquiry comes and to reply to your question. To ensure adequate data security during the transmission of contact details the service reCAPTCHA from Google Inc. is used. This service seeks to differentiate if an action on the internet is carried out by a physical person or unlawfully by a computer program or rather bot. In doing so the IP address and, if necessary , other data required for Google´s reCAPTCHA service will be transferred. For further information on Google Inc.´s privacy policy that apply for this service, please read Google´s terms and conditions and privacy policy at (https://www.google.com/intl/de/policies/privacy/)

(2) Depending on the configuration of your terminal, your IP address and possibly further personal data will also be submitted. All this information is provided voluntarily by yourself, as it is not necessary for getting in touch with us.

(3) The personal data processed in order to reply to your communication will be deleted after your inquiry has been dealt with, provided the contact is not followed by a contractual relationship or no legal retention periods will apply, pursuant to, for example, § 147 (3) AO (tax code) 10 years, beginning with the end of the calendar year where the document was created.

(4) The legal basis for the processing is Art. 6 (1) page 1 lit. a) and f) GDPR.

§ 6 Collection of personal data when using our phone numbers

(1) If you have any question you may contact us via our phone numbers. If you get in touch with us via phone, we will see your phone number which is assigned to the device you use for the call (unless you have deactivated the transmission).

(2) If you have deactivated the transmission of your phone number, no further personal data will be processed by us unless you provide it in the conversation (like name, phone number, e-mail address, customer identification number).

(3) The personal data processed in order to answer your call will be deleted after your inquiry has been dealt with, provided the contact is not followed by a contractual relationship or no legal retention periods will apply, pursuant to, for example, § 147 (3) AO (tax code) 10 years, beginning with the end of the calendar year where the document was created.

(4) The legal basis for the processing is Art. 6 (1) page 1 lit. a) and f) GDPR.

§ 7 Data transfer

(1) Your personal data will not be transferred to third parties other than for the purposes mentioned in the following.

(2) We will transfer your personal data to third parties only if

a) you have expressed your consent pursuant to Art. 6 (1) page 1 lit. a) GDPR,

b) the transfer pursuant to Art. 6 (1) page 1 lit. f) GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to believe that you have an overriding interest worthy of protection in the non-disclosure of your personal data,

c) there is a legal obligation for the transfer pursuant to Art. 6 (1) page 1 lit. c) GDPR, and

d) this is permitted by law and necessary for the processing of a contractual relation pursuant to Art. 6 (1) page 1 lit. b) GDPR.

(3) The categories of recipients of the data are IT service providers, telephone companies and service providers, logistics service providers, credit institutions, service providers for credit assessment and receivables management, computer centre for customer prescription accounting, insurances, lawyers, tax consultants, auditors, courts and authorities.

§ 8 Rights of the persons affected

(1) The EU General Data Protection Regulation (GDPR) designates you as ‘data subject’.

(2) As data subject affected by the processing of your personal data you have the following rights:

a) Pursuant to Article 15 GDPR you have the right to obtain from us information as to the personal data we process. This concerns in particular the purposes of the processing; the categories of personal data; the categories of recipient to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored; the existence of the right to request rectification or erasure or restriction of processing or to object to such processing; the right to lodge a complaint; the source of your personal data if they are not collected by us; and the existence of automated decision-making, including profiling, and possibly meaningful information about relevant details;

b) Pursuant to Article 16 GDPR you may request immediate rectification of incorrect or completion of personal data which is stored by us;

c) Pursuant to Article 17 GDPR you may request the erasure of your personal data stored by us, unless their processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation; for reasons of public interest; or for the establishment, exercise or defence of legal claims;

d) Pursuant to Article 18 GDPR you may request the restriction of processing of your personal data where the accuracy of the data is contested by yourself; when the processing is unlawful but you oppose their erasure and when we no longer need your personal data, but you require them for the establishment, exercise or defence of legal claims; or if you have objected to processing pursuant to Article 21 GDPR;

e) Pursuant to Article 20 GDPR you may request to receive your personal data, which you have provided us, in a structured, commonly used and machine-readable format or to transmit those data to another controller;

f) Pursuant to Article 7 (3) GDPR you may withdraw your consent at any time. This will entail that we will no longer process the data subject to this consent; and

g) Pursuant to Article 77 GDPR you may lodge a complaint with a supervisory authority. As a general rule, you may contact the supervisory authority at your usual place of residence or place of work or at our place of business. Our competent authority is: Landesbeauftrage für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Ms. Helga Block, Kavalleriestraße 2-4, D-40213 Düsseldorf, phone: +49 211-384 240, fax: +49 211-384 2410, e-mail: poststelle@ldi.nrw.de, website: https://www.ldi.nrw.de. The address of the resp. competent authority may be obtained at: https://www.bfdi.bund.de/DE/Infothek/Anschriften Links/anschriften links-node.html.

§ 9 Right to object

(1) If your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) page 1 lit. f) GDPR, you have the right, pursuant to Article 21 GDPR, to object, on grounds relating to your particular situation, to processing of your personal data, including direct marketing. In the latter case you have a general right to object, without stating any specific situation, which will be implemented by us.

(2) If you want to exercise your right, it is sufficient to send, for example, an e-mail to our a.m. e-mail address.

§ 10 Data security

(1) We use the widespread SSL method for your visit to our web shop. The use of SSL is enforced by the server, it is not possible to visit our web shop without SSL encryption. If our web shop is displayed without SSL encryption or if the SSL certificate is faulty, the connection is probably not tap-proof. Whether an individual page of the web shop is transmitted encrypted can be seen by the display of the key symbol or the closed display of the lock symbol in your browser.

(2) Apart from that, we use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access through third person. The security measures are constantly improved, in line with technological developments.

§ 11 Currency and modifications

(1) This Data Privacy Statement is currently valid and dated May 2019.

(2) Due to the further development of the web shop or due to modified legal or official regulations it may become necessary to amend this Data Privacy Statement. You may access, store, or print, if necessary, the current Data Privacy Statement in our web shop.