Data Protection Policy
We are delighted that you have visited our website and are interested in our company. The protection of your personal data is important to us. In the following we provide information according to Art. 12, 13 and 21 of the General Data Protection Regulation (GDPR) about the handling of your personal data when you use our website https://www.klosterfrau.com.
Personal data are individual pieces of information on personal or material circumstances of an identified or identifiable natural person. This includes information such as name, address, telephone number and date of birth.
MCM Klosterfrau Vertriebsgesellschaft mbH
II. Data protection officer
Bugl & Kollegen
Mr Alexander Bugl
Telephone office: 0941-630 49 789
Mobile: 0176-10 31 26 88
III. Purpose and legal foundation of data processing
1. Informational use of the website
You may visit our website without providing personal information. If you merely use our website for informational purposes or otherwise transmit personal information, we do not process personal data, with the exception of data which is transmitted by your browser in order to permit you to visit the website.
Technical provision of the website
For the technical provision of the website it is necessary for us to process certain automatically transmitted information about you so that your browser can show our website and you can use it. This information is automatically collected every time our website is visited and stored in our server logfiles. This information refers to the computer system of the requesting computer. The following information is collected here:
- IP address
- Browser type/version (for example: Firefox 59.0.2 (64 bit))
- Browser language (for example: German)
- Operating system used (for example: Windows 10)
- Internal resolution of the browser window
- Screen resolution
- Java on / off
- Cookies on / off
- Colour depth
- Time of access
We do not use the information we have collected about you using the above mentioned cookies to create user profiles or to analyse your surfing behaviour.
We process your personal data for the technical provision of our website on the basis of the following legal foundations:
- To satisfy a contract or to conduct pre-contractual measures in accordance with Art. 6 (1) lit. b GDPR where you visit our website for informational purpose; and
- To safeguard our legitimate interests under Art. 6 (1) lit. f GDPR in order to be able to technically provide the website to you. Our legitimate interest here is to provide you with an attractive technically functioning and user friendly website and to take measures to protect our website from cyber risks and to prevent cyber risks emanating from our website for third parties.
Content Delivery Network (CDN)
As a part of this, we use so-called Content Delivery Networks (CDN) in order to present the content of our pages as quickly as possible and to reduce the page load time for the end user. For this purpose, the request of the files by the server causes data such as the IP address (or other information as stated above) to be transmitted to the CDN server and to be stored there in logfiles. By storing the content, the CDNs help to present the content quickly and flexibly on all terminal devices even if the traffic on our website increases. The two following networks are currently used: unpkg.com, cdnjs.cloudflare.com.
For the purposes of marketing and remarketing we use Google Analytics, DoubleClick, the Google Tag Manager and therefore cookies as well as the tools explained in the following.
We only process your personal data if you have given your consent to this.
Analysis tools, marketing und remarketing
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files which are stored on your computer and facilitate an analysis of your use of the website. The information generated by the cookie on your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the analysis of the user behaviour in order to optimise both its web offer and marketing.
The information generated by cookies about your use of the website e. g.
- Browser type/version (for example: Firefox 59.0.2 (64 bit))
- Operating system used (for example: Windows 10)
- IP address
- Time of access
is usually transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield agreement and therefore offers a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Objection to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie is set which prevents the collection of your data for future visits to this website:
Deactivate Google Analytics
You can prevent the storage of cookies by setting your browser software accordingly. We would like to point out, however, that in this case you may possibly not be able to use all functions of this website to the full. You can also prevent the collection of the data generated by the cookie and relating to your use of the website (including your IP address) by Google as well as the processing of these data by Google by downloading the browser plugin available at the following link and installing it: https://tools.google.com/dlpage/gaoptout?hl=de.
Further information on the handling of user data at Google Analytics is provided by the data protection policy of Google: https://support.google.com/analytics/answer/6004245?hl=de.
The personal data of the user are deleted after 14 months or anonymised. We use Google Analytics in order to show the adverts placed within the advertising services of Google and its partners only to those users who have also shown an interest in our online offer or who have specific features (e.g. interest in specific subjects or products which are determined on the basis of the websites visited) which we send to Google (so-called “remarketing” or “Google Analytics audiences”). With the aid of the remarketing audiences we also wish to ensure that our adverts are in line with potential interests of the users.
We have activated the IP anonymisation function on this website. As a result, your IP address is abbreviated by Google within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website in order to compile reports on the website activities and to provide services associated with the use of the website and the use of the internet to the website operator. The IP address transmitted by your browser within the framework of Google Analytics will not be merged with other Google data.
Google Tag Manager
We use the Google Tag Manager from Google on our website. The Google Tag Manager is a solution using which advertisers can manage web page tags via a user interface. The Google Tag Manager itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The Google Tag Manager service facilitates the triggering of other tags which for their part may collect data under certain circumstances. Google Tag Manager does not access these data. If a deactivation was made at the domain or cookie level, it continues to exist for all tracking tags which are implemented using Google Tag Manager.
Plugins and tools
We use “Google reCAPTCHA” (referred to in the following as “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
reCAPTCHA checks whether the data input on our website (e.g. in a contact form) is performed by a human or an automatic program. For this purpose, reCAPTCHA analyses the behaviour of website visitors using different features. This analysis starts automatically as soon as the website visitor enters the website. For analysis purposes reCAPTCHA assesses different information (e.g. IP address, amount of time spent by the website visitor on the website or mouse movements of the user). The data recorded during analysis are passed on to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
Data is processed on the foundation of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated espionage and spam.
Further information on Google reCAPTCHA and the data protection policy of Google can be found in the following links: https://www.google.com/intl/de/policies/privacy
In order to be able to process and answer your inquiries to us, e.g. via the contact form or to our email address, we process the personal data you have communicated to us in this connection. This includes at all events your name and your email address in order to send you an answer as well as the other information which you send to us in your communication.
We process your personal data to answer contact inquiries on the basis of the following legal foundations:
- To safeguard our legitimate interests pursuant to Art. 6 (1) lit. f GDPR; our legitimate interest consists in the correct answering of contact requests.
Information from the specialist area
Some areas of our website are only accessible to users from specific specialised areas due to statutory requirements in part, e.g. pharmacists and doctors as well as their employees. In order to select these pages, you must be registered as a user at Klosterfrau or DocCheck Medical Services GmbH (www.doccheck.de). When you register with Klosterfrau we store your personal data requested on registration as well as the user ID assigned to you and your password. We use these data exclusively to check your access authorisation. Whenever you use a user ID which is registered at Doc-Check, we send an authentication inquiry to DocCheck for every login to the protected area which is checked there without receiving information on your identity.
We process your personal data on the basis of the following legal foundation: consent in accordance with Art. 6 (1) lit. b) DGPR.
Our digital database is an exclusive service for our partners for the areas of pharmacy, media, advertising, trade and medicine. If you belong to a professional group from these areas and do not as yet have access to the image database, you can request the access data (ID and password) via a registration form which we provide on our websites. The data requested there are only used to check your access authorisation. In order to be able to provide a selection of images which is in line with your requirements as far as possible, we analyse the request frequency of the offered images. In all these analyses you remain anonymous as user. The same applies if you have logged in to the specialised area where the image database is similarly available to you without any further access check.
We process your personal data on the basis of the following legal foundation: consent in accordance with Art. 6 (1) lit. b) GDPR.
Use of web fonts
External fonts, Google Fonts, are used in this website. Google Fonts is a service of Google Inc. (“Google”). These web fonts are incorporated by visiting the server, usually a server in the USA. The server is notified which of our web pages you have visited. The IP address of the browser of the terminal device of the visitor to these web pages is also stored by Google. Further information is provided in Google’s data protection policy which you can reach here:
3. Sending an application
We process your personal data when you send us an application. Special categories of personal data may be contained in the application documents.
Processing of personal data
Applicant data usually comprises the following: first name and surname, any academic title, date and place of birth, contact data (address, email, telephone and/or mobile telephone number), application documents (motivational letter, curriculum vita, references), knowledge of languages, skills. We also process the data you send us by email for contacts.
We base our decisions in the application procedure on the personal data you have provided to us within the framework of statutory requirements. For example, we use your professional qualification to decide whether we will consider you in the narrower selection procedure or for a personal impression in an interview to decide whether to offer you the position you have applied for.
We process your personal data here on the following legal foundation: data processing for the decision to establish an employment relationship, Art. 88 (1) GDPR in conjunction with Section 26 (1) S. 1 German Data Protection Act (BDSG).
Processing of special personal data
In accordance with Art. 9 GDPR, special categories of personal data are personal data revealing racial or ethnic origin, political opinions, religious (e.g. religion/confession) or philosophical beliefs or trade union membership, as well as the processing of biometric data for unambiguous identification (e.g. photos), health data (e.g. information on the degree of serious disability) or details on a natural person’s sex life or sexual orientation. If your curriculum vitae contains special categories of personal data, we do not intentionally collect them. We explicitly ask you to refrain from sending us any such data.
If you voluntarily send us special categories of personal data under Art. 9 (1) GDPR as part of your application documents and contrary to our explicit request (e.g. details of your religion/confession), we store these data on the foundation of your consent in accordance with Art. 88 (1) GDPR in conjunction with Section 26 (3) S. 2 BDSG. This also applies if you send us further special personal data in the further course of the application procedure. By voluntarily providing us with these data, you state your consent to the storage of these personal data as part of the application process.
We do not in principle consider these special personal data in making a selection decision unless we are required by virtue of the law to consider these special personal data. It is, for example, possible with some vacancies for people with disability to be given preferential treatment in compliance with the law. In these cases the information is always voluntary and with your explicit consent which you send to us by voluntarily communicating these data.
We process your special personal data by virtue of the following legal foundation: in accordance with Art. 9 (1), (2 a) GDPR based on your consent in accordance with Art. 88 (1) GDPR in conjunction with Section 26 (3) S. 2 BDSG
A few sections of our website contain links to the websites of third party providers. These websites are subject to their own data protection policies. We are not responsible for their operation including data handling. If you send information to or via such pages of third party providers, you should check the data protection policies of these sites before you send them information which can be assigned to you.
V. Categories of recipients
Firstly, only our employees receive knowledge of your personal data. In addition, we share your personal data with other recipients insofar as permitted or prescribed by law who provide services for us in connection with our website. We restrict the forwarding of your personal data to that which is necessary, in particular in order to handle your order. Our service providers also receive your personal data as contract processors and are then strictly bound by our instructions in the handling of your personal data. In some cases, the recipients act independently with your data we send to them.
In the following we set out the categories of recipients of your personal data: IT service providers in the administration and hosting of our website.
VI. Third country transfer
Within the scope of using the Google tools, we transfer your abbreviated IP address to the USA. The data transfer is based on the Commission Implementing Decision 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield.
Furthermore, we do not transfer your personal data to countries outside of the EU or of the EEA or to international organisations.
VII. Period of storage
1. Informational use of the website
For the purely informational use of our website, we store your personal data on our servers exclusively for the duration of your visit to our website. Your personal data are immediately deleted once you have left our website.
Any cookies installed by us are also usually deleted after leaving our website. You also have the possibility to erase installed cookies yourself at any time.
2. Active use of the website
Where our website is used actively, we store your personal data initially for the time it takes to answer your inquiry.
We also store your personal data until any legal claims arising from the relationship with you have become statute barred so as to use them as evidence where applicable. The period of limitation is usually between 12 and 36 months but can also be up to 30 years.
Once the limitation period has expired, we delete your personal data unless there is a statutory storage duty, for example, based on the German Commercial Code (Sections 238, 257 (4) HGB) or on the German Tax Code (Section 147 (3), 4 AO). These storage duties may be between two and ten years.
We store your personal data initially for the duration of the application process.
Where we do not give you the job, we delete your data on expiry of three months after the rejection unless you have given your consent to continue its storage. In the event of consent, we store your data up to the withdrawal of the consent but for a maximum of two years.
If your application was successful and you enter into an employment relationship with us, we refer you to our information sheet on data protection for employees which states how your data are processed.
Lengthier storage periods may also result from the fact that the data are necessary to assert, exercise and defend legal claims or if there are statutory storage duties. The data are stored for as long as this is necessary to satisfy these purposes.
VIII. Your rights as data subject
You have the following rights as data subject under the statutory conditions which you can assert against us:
Right to information: You have the right at any time pursuant to Art. 15 GDPR to obtain from us confirmation as to whether or not we process your personal data. Where this is the case, you are furthermore entitled pursuant to Art. 15 GDPR to obtain information on these personal data as well as certain other information (including the purposes of processing, the categories of personal data, the categories of recipients, envisaged storage period, origin of the data, use of automated decision making and, in the event of transfer to a third country, the appropriate safeguards) and a copy of your data.
Right to rectification: You have the right pursuant to Art. 16 GDPR to obtain from us the rectification of your personal data stored by us if they are inaccurate or faulty.
Right to erasure: You have the right under the conditions set out in Art. 17 GDPR to obtain from us the erasure of your personal data without due delay. The right to erasure does not exist if the processing of personal data is necessary for (i) the exercise of the right of freedom of expression and information, (ii) for the satisfaction of a legal duty to which we are subject (e.g. statutory storage duties) or (iii) to establish, exercise or defend legal claims.
Right to restriction of processing: You have the right under the circumstances set out in Art. 18 GDPR to obtain from us the restriction of processing your personal data.
Right to data portability: You have the right under the conditions of Art. 20 GDPR to receive from us your personal data you have provided to us is a structured, commonly used and machine-readable format.
Right to withdraw: You have the right to withdraw your consent to the processing of personal data at any time taking effect for the future.
Right to object: You have the right under the conditions of Art. 21 GDPR to object to the processing of your personal data so that we must end the processing of your personal data. The right to object only exists within the scope provided for in Art. 21 GDPR. In addition, our interest in the termination of processing may be contrary to this so that despite your objection we are entitled to process your personal data.
Right to lodge a complaint with the supervisory authority: You have the right under the circumstances of Art. 77 GDPR to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. The right to lodge a complaint exists notwithstanding any other appeal under administrative law or of the courts.
The supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (Regional officer for data protection and freedom of information of North Rhine Westphalia)
However, we recommend that you always first lodge a complaint with our data protection officer.
Your applications to exercise your rights should where possible be directed in writing to the above mentioned address or directly to our data protection officer.
IX. Extent of your duties to provide data
In principle, you are not obliged to give us your personal data. However, if you do not do so we will not be able to provide our website to you or answer any inquiries directed at us. The personal data we need for the above mentioned purposes of processing are marked by an “*” or another symbol as mandatory information.
X. Automated decision making / profiling
We do not use any automated decision making or profiling (an automated analysis of your personal circumstances).
Information on your right to object under Art. 21 GDPR
1. You have the right to object, on the grounds relating to your particular situation, at any time to the processing of your data based on Art. 6 (1 f) GDPR (Data processing on the basis of a weighing up of interests) or Art. 6 (1 e) GDPR (Data processing in the public interest). This also applies to a profiling based on this determination within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we are able to provide compelling legitimate reasons for processing which override your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.
2. We process your personal data in individual cases also for direct marketing purposes. If you do not wish to receive marketing, you have the right at any time to object to it; this also applies to profiling to the extent that it is connected with any such direct marketing. We will take this objection into consideration for the future.
We will no longer process your data for the purposes of direct marketing if you object to the processing for these purposes
The objection can be provided without consideration of form and should be addressed where possible to the following:
MCM Klosterfrau Vertriebsgesellschaft mbH
We reserve the right to change this Data Protection Policy at any time. Any changes will be published in the form of an amended Data Protection Policy on our website. Where nothing is stated to the contrary, such changes will become effective immediately. Please therefore check this Data Protection Policy regularly so as to view the most up-to-date version.
Last updated in August 2021