Data protection

 

1 Privacy policy of Dermapharm AG

We, the operators of the Dermapharm AG website, take the protection of your personal data very seriously and adhere strictly to data protection regulations (GDPR, BDSG, TMG) and other legal provisions. The subject of data protection is personal data. This is all information that relates to an identified or identifiable natural person. This includes, for example, information such as name, postal address, email address or telephone number, but also usage data such as your IP address.

We would like to inform you below about how we handle your personal data.

1.1 Responsible body and data protection officer

The privacy policy applies to all pages of dermapharm.com.  It does not extend to any linked websites or internet presences of other providers.

1.2 Responsible body and data protection officer

Responsible for the processing of personal data within the scope of this privacy policy within the meaning of Art. 4 No. 7 GDPR is 

Dermapharm AG
Lil-Dagover-Ring 7
82031 Grünwald
Grünwald, Germany

Phone: +49 (89) 6 41 86-0
Fax: +49 (89) 6 41 86-130
E-mail: service@dermapharm.de

If you have any questions about data protection with regard to our company or our website, you can contact our external data protection officer at

Sebastian Heinemann
Internal Auditor DIIR
Senior consultant

Merkurhaus
Petersstraße 50
D-04109 Leipzig

Telephone: + 49 (0) 341 355821 -502
Fax: + 49 (0) 341 355821 -599
E-Mail: datenschutz@dermapharm.com

1.3 Purposes and scope of data processing when visiting the website

Every time a user accesses a page on our website and every time a file is retrieved, access data about this process is stored in a log file on our server.

Each data set consists of:

We store IP addresses in server log files for a maximum period of 180 days (depending on the log file created).

Further use or forwarding of this data only takes place in the event of an error with the developer of the website. The analysis is used to check the functionality of the web server or the website.

Data is stored for reasons of data security in order to ensure the stability and operational security of our website. The legal basis for this is Art. 6 para. 1 lit. B GDPR.

We do not pass on your data to third parties unless you have consented to this. For certain areas (e.g. the hosting of our website), however, we are dependent on the use of service providers, which we generally oblige to comply with the legal requirements by means of order processing.

1.4 Collection, use and disclosure of personal data

Personal data is only stored if you provide it to us voluntarily, e.g. when you register on the website, order information material or subscribe to the newsletter. We use your personal data exclusively for the technical administration of our website, to give you access to special information and for other communication with you. We take precautions to protect your personal data from loss, destruction, falsification, manipulation and unauthorised access. The statutory data protection regulations are of course observed. In exceptional cases, e.g. in the event of enquiries about the products bite away® , we reserve the right to pass on your personal data to the currently registered and responsible manufacturer. Our employees are obliged to maintain confidentiality. If data is passed on to service providers as part of commissioned data processing, they are also obliged to maintain confidentiality and are bound by data protection laws, other statutory regulations and this privacy policy.

1.5 External links

This website may contain links to external websites that are not covered by this privacy policy. The operator of the website provides access to the use of these external websites, but is not responsible for their content, as it does not initiate the transmission of the information, does not select the addressee of the transmitted information and has not selected, changed or temporarily stored the transmitted information. When you leave the website, we recommend that you carefully read the privacy policy of any other website.

2 Data collection and processing

2.1 Collection and processing when using the contact form

When you use the contact form, we collect your personal data (name, e-mail address, telephone number, message text, address) only to the extent that you provide. The data processing serves the purpose of establishing contact. The processing is carried out on the basis of Art. 6 para. 1 lit. B GDPR.

We only use your personal data to process your enquiry. Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. This is usually the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

2.2 Contact by e-mail, telephone, fax

If you contact us by e-mail, we will only use your personal data (name, e-mail address, message text) to get in touch with you. The processing takes place on the basis of Art. 6 para. 1 lit. B GDPR. We only use your e-mail address to process your enquiry. Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. This is usually the case when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

2.3 Newsletter dispatch

You may be able to subscribe to newsletters with general and product information on our website if you have expressly consented to this. The processing takes place on the basis of Art. 6 para. 1 lit. B GDPR with your consent. When you register for the newsletter, the data from the input screen is transmitted to us. To receive the newsletter, it is sufficient to provide an email address. Your consent is given as part of a double opt-in. In this context, the IP address of the accessing computer and the date and time of registration are also logged to document your consent. You can revoke your consent at any time with effect for the future and unsubscribe from our newsletter, for example via the unsubscribe option provided in the newsletter.

3 Plugins

3.1 Cookies

Our website uses cookies. Cookies are small text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. In the case of a login, this cookie contains a characteristic string of characters that ensures unique identification of the browser for the duration of the login. As a rule, cookies are used to manage website metadata and do not contain any personal data.

We use cookies for the purpose of making our website more user-friendly, effective and secure. Some functions of our website cannot be offered without the use of cookies. The processing is carried out on the basis of Art. 6 (1) lit. F GDPR from the legitimate interest in the above-mentioned purposes.

The data collected from you in this way is pseudonymised by technical precautions. It is therefore no longer possible for us as the website operator to assign the data to your person. The data is not stored together with other personal data we collect from you.

Cookies are stored on your computer. You therefore have full control over the use of cookies. By selecting the appropriate technical settings in your Internet browser, you can prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been saved can be deleted at any time. However, we would like to point out that you may then not be able to use all the functions of this website to their full extent. You can find out how to manage (including deactivating) cookies in the most important browsers by clicking on the links below: ChromeInternet ExplorerFirefoxSafari.

3.2 Google Analytics

We use Google Analytics to analyse website usage. The data obtained from this is used to optimise our website and advertising measures.

Google Analytics is a web analytics service provided and operated by Google Ireland Limited ("Google"), a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the confidentiality of the processed data.

During your visit to our website, the following data is recorded:

This data is transferred to Google servers in the USA. We would like to point out that the same level of protection under data protection law cannot be guaranteed in the USA as within the EU. Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future visits to the website. The recorded data is stored together with the randomly generated user ID, which makes it possible to analyse pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely. 

The Google Analytics service is used to analyse the usage behaviour of our website. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. If you do not consent to the collection of data, you can opt out of this by installing the browser add-on to deactivate Google Analytics to disable Google Analytics.

3.3 Google Ads

This website also uses conversion tracking. This is a service provided by Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Ads places a cookie on your computer if you have reached our website via a Google advert. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Google Ads customer's website and the cookie has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked via the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking.

Google Ads customers find out the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. 

The legal basis for the use of this Google service is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example, by using a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "www.ads.google.com". You can find Google's privacy policy on conversion tracking here.

3.4 Google Tag Manager

This website uses the Google Tag Manager . This is a service provided by Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This organisational tool makes it possible to centrally integrate and manage various tracking tools. This involves inserting sections of code, also known as tags, into the source code of the website, for example to track user activities, support marketing tools, set cookies and track users across different websites.

We use Google Tag Manager to make the maintenance of our website more efficient and to provide a better user experience. This tool allows us to easily integrate the necessary scripts and manage them from a central location without the need for programming knowledge.

The Google Tag Manager itself does not store any data and does not set any cookies. The data collected by the implemented tags is forwarded directly to the corresponding tracking tools, such as Google Analytics. Please refer to the data protection texts of the individual analysis and tracking tools to find out what data is collected, stored and processed.

In the Tag Manager account settings, we have allowed Google to receive anonymised data, but this is solely for the use of the Tag Manager itself and not your personal data collected via the implemented code sections. We agree to the anonymised sharing of website data, with Google deleting any information that could identify our website. The data collected is merged anonymously with other website data in order to analyse trends and optimise processes.

3.5 Google Remarketing

This website uses Google Remarketing, an advertising analysis tool. This is a service provided by Google Ireland Limited ("Google"), a company incorporated and operated under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google uses cookies which are stored on your computer and which enable your use of the website to be analysed. The information generated by the cookies about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. The IP address is then shortened by Google by the last three digits, so that it is no longer possible to clearly identify the IP address. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Third-party providers, including Google, place adverts on websites on the Internet. Third-party providers, including Google, use stored cookies to place adverts based on a user's previous visits to this website. Google will not associate your IP address with any other data held by Google. You can object to the collection and storage of data at any time with effect for the future. You can deactivate the use of cookies by Google by visiting the page for deactivating Google advertising. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

This service is used to analyse the usage behaviour of our website and to address users individually with remarketing campaigns. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can object to the collection and storage of data at any time with effect for the future. Further information on Google's provisions can be found at policies.google.com/privacy.

3.6 Google Web Fonts

This website uses Google Fonts for the standardised display of fonts. Google Fonts is a service provided by Google Ireland Limited ("Google"), a company incorporated and operated under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Fonts play a key role in maintaining the quality of our website. All Google fonts are automatically optimised for web use, which results in efficient data transfer and is particularly beneficial for mobile devices. The small file size of Google fonts ensures that our website loads quickly, which has a positive effect on the user experience.

The Google fonts are installed locally on our server. There is no connection to Google servers.

3.7 YouTube

We integrate YouTube videos into our online offering, which are stored at www.youtube.com and can be played directly from our website. YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

YouTube automatically records your IP address, the date and time of access, as well as information about the website you visited and the video you viewed. This takes place regardless of whether you are logged in to YouTube via a user account or not. In addition, a connection to the Google advertising network is established.

If you call up one of our web pages with an embedded YouTube video without playing the video, no data will initially be transmitted to YouTube if YouTube's "extended data protection mode" is activated. The data will only be transmitted when you start the video.

We set a cookie to save your settings regarding video playback and data transmission to YouTube. These cookies do not contain any personal data, but are only used to customise your browser.

If you are logged in to YouTube at the same time, YouTube can link the connection information to your YouTube account and use it for personalised advertising. you can find more information in Google's privacy policy: http://www.google.de/intl/de/policies/privacy/.

We use YouTube to show you videos on our websites. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

3.8 Usercentrics Consent Management

We use the Usercentrics Consent Management Platform on our website as a consent management tool as part of our analytics activities. The service provider is the German company Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany.

The Usercentrics Consent Management Platform uses JavaScript to collect log file and consent data. This JavaScript makes it possible to inform users about their consent to certain tags on our website and to obtain, manage and document this consent.

The following consent data is collected during processing: anonymised logbook data (Consent ID, Processor ID, Controller ID), consent status and timestamp, data of the devices used (including shortened IP addresses (IP v4, IP v6), device information and timestamp) and user data (including email, ID, browser information, SettingIDs, changelog). The ConsentID (contains the above-mentioned data) and the consent status including timestamp are stored in the local memory of your browser and simultaneously on the cloud servers used. Further processing only takes place in the event of a request for information or revocation of your consent.

No user information is stored for the statistical evaluation of consents given or not given. Only the frequency and locations of clicks are logged.

The personal data is stored on a Google Cloud server based in the EU (Brussels, Frankfurt am Main).

The purpose of processing your data is to analyse and manage the consents granted in order to comply with our obligation to manage consents in accordance with the GDPR. The use of Usercentrics serves the purpose of providing evidence of granted and non-granted consents and their management. The legal basis for the management of your consent to the processing of your personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the legally compliant documentation and verifiability of consent, the management of marketing measures based on the consent given and the optimisation of consent rates.

3.9 Use of OpenStreetMap 

Our website uses map material from the open source service “OpenStreetMap” (OSM), provided by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The integration takes place via an API so that map content is loaded directly from the servers of the OpenStreetMap Foundation. This may result in the transmission of your IP address and possibly other technical data to the OSM servers. This data processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in order to provide you with an appealing and functional presentation of our location. Further information on data processing by the OpenStreetMap Foundation can be found at: https://wiki.osmfoundation.org/wiki/Privacy_Policy

3.10 DocCheck Log-In

Certain information about prescription drugs on this website may only be made available to persons who belong to the medical profession. In order to verify your access authorization, we are therefore obliged to request proof of your professional affiliation. For this purpose, we use the external service of DocCheck Medical Services GmbH via an iframe. Your registration data stored with DocCheck will be transmitted to DocCheck for verification each time you register. We do not process any further data from you in this context, but merely initiate data processing through the integration. This serves the proper provision of information, which is our legitimate interest. The legal basis is therefore Art. 6 para. 1 lit. f GDPR.
Further information can be found at https://more.doccheck.com/en/privacy. 

4 Protection of minors

Consent to the processing of personal data can only be given by a person of legal age. For services of Dermapharm AG, the consent of a child is permitted from the age of sixteen in accordance with Art. 8 GDPR.

5 Changes to our privacy policy

In order to ensure that our privacy policy always complies with current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the privacy policy has to be adapted due to new or revised services, for example new services. The new privacy policy will then apply the next time you visit our website.

6 Rights of the data subject

According to the provisions of the GDPR, you have the following rights:

You can contact us at any time at datenschutz@dermapharm.com or using the contact details provided in section 1.2 above to assert all these rights and for further questions on the subject of personal data. 

Irrespective of this, you have the right to lodge a complaint with a supervisory authority - in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement - if you consider that the processing of personal data relating to you infringes the GDPR or other applicable data protection laws (Art. 77 GDPR, Section 19 BDSG).

7 Data transfer to third countries

Data will not be transferred to bodies in countries outside the European Union (so-called third countries) (Note: Please note the information on this under section 3).

8 Use of automated decision-making or profiling

In principle, we do not use fully automated decision-making or profiling in accordance with Article 22 GDPR. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law. (Note: Please note the information on this under section 4-6).

Status of the privacy policy

This privacy policy is currently valid and was last updated in June 2025.