Data Protection Policy

We are delighted that you have visited our website and are interested in our company. The protection of your personal data is important to us. In the following we provide information according to Art. 12, 13 and 21 of the General Data Protection Regulation (GDPR) about the handling of your personal data when you use our website https://www.klosterfrau.com.

Personal data are individual pieces of information on personal or material circumstances of an identified or identifiable natural person. This includes information such as name, address, telephone number and date of birth.

I. Controller

MCM Klosterfrau Vertriebsgesellschaft mbH
Gereonsmühlengasse 1-11
50670 Cologne
Tel: 0221-1652-0
Fax: 0221-1652-430
Email: dialog@klosterfrau-service.de

II. Data protection officer

Bugl & Kollegen
Mr Alexander Bugl
Sedanstraße 7
93055 Regensburg
Telephone office: 0941-630 49 789
Mobile: 0176-10 31 26 88
Email: Datenschutz.buglkollegen@klosterfrau.de

III. Purpose and legal foundation of data processing
1. Informational use of the website

You may visit our website without providing personal information. If you merely use our website for informational purposes or otherwise transmit personal information, we do not process personal data, with the exception of data which is transmitted by your browser in order to permit you to visit the website.

Technical provision of the website
For the technical provision of the website it is necessary for us to process certain automatically transmitted information about you so that your browser can show our website and you can use it. This information is automatically collected every time our website is visited and stored in our server logfiles. This information refers to the computer system of the requesting computer. The following information is collected here:

  • IP address
  • Browser type/version (for example: Firefox 59.0.2 (64 bit))
  • Browser language (for example: German)
  • Operating system used (for example: Windows 10)
  • Internal resolution of the browser window
  • Screen resolution
  • JavaScript activation
  • Java on / off
  • Cookies on / off
  • Colour depth
  • Referrer
  • Time of access

Furthermore, we use cookies so that you may use our website. Cookies are text files which are stored in the internet browser or by the internet browser on your computer system when you visit a website. A cookie contains a characteristic string of characters which permits an unambiguous identification of the browser when the website is revisited. We use these cookies exclusively to provide our website with its technical functions to you. A few functions of our website cannot be offered without the use of cookies. The following information is stored in the cookies and transmitted to us: cookie ID, login information.

We do not use the information we have collected about you using the above mentioned cookies to create user profiles or to analyse your surfing behaviour.

We process your personal data for the technical provision of our website on the basis of the following legal foundations:

  • To satisfy a contract or to conduct pre-contractual measures in accordance with Art. 6 (1) lit. b GDPR where you visit our website for informational purpose; and
  • To safeguard our legitimate interests under Art. 6 (1) lit. f GDPR in order to be able to technically provide the website to you. Our legitimate interest here is to provide you with an attractive technically functioning and user friendly website and to take measures to protect our website from cyber risks and to prevent cyber risks emanating from our website for third parties.

Content Delivery Network (CDN)
As a part of this, we use so-called Content Delivery Networks (CDN) in order to present the content of our pages as quickly as possible and to reduce the page load time for the end user. For this purpose, the request of the files by the server causes data such as the IP address (or other information as stated above) to be transmitted to the CDN server and to be stored there in logfiles. By storing the content, the CDNs help to present the content quickly and flexibly on all terminal devices even if the traffic on our website increases. The two following networks are currently used: unpkg.com, cdnjs.cloudflare.com.

SSL and TLS encryption
This website uses an SSL or TLS encryption for safety reasons and to protect the transmission of confidential content such as inquiries which you send to us as website operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar.

If the SSL or TLS encryption is activated, the data that you send to us cannot be read by third parties.

a. Marketing
For the purposes of marketing and remarketing we use Google Analytics, DoubleClick, the Google Tag Manager and therefore cookies as well as the tools explained in the following.

We only process your personal data if you have given your consent to this.

Analysis tools, marketing und remarketing
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files which are stored on your computer and facilitate an analysis of your use of the website. The information generated by the cookie on your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the analysis of the user behaviour in order to optimise both its web offer and marketing.

The information generated by cookies about your use of the website e. g.

  • Browser type/version (for example: Firefox 59.0.2 (64 bit))
  • Operating system used (for example: Windows 10)
  • Referrer
  • IP address
  • Time of access

is usually transmitted to a Google server in the USA and stored there.

In case IP-anonymization is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. The IP-anonymization is active on this website. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage. The IP-address that your Browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Google is certified under the privacy shield agreement and therefore offers a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Objection to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie is set which prevents the collection of your data for future visits to this website:
Deactivate Google Analytics

Browser plugin
You can prevent the storage of cookies by setting your browser software accordingly. We would like to point out, however, that in this case you may possibly not be able to use all functions of this website to the full. You can also prevent the collection of the data generated by the cookie and relating to your use of the website (including your IP address) by Google as well as the processing of these data by Google by downloading the browser plugin available at the following link and installing it: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on the handling of user data at Google Analytics is provided by the data protection policy of Google: https://support.google.com/analytics/answer/6004245?hl=de.

The personal data of the user are deleted after 14 months or anonymised. We use Google Analytics in order to show the adverts placed within the advertising services of Google and its partners only to those users who have also shown an interest in our online offer or who have specific features (e.g. interest in specific subjects or products which are determined on the basis of the websites visited) which we send to Google (so-called “remarketing” or “Google Analytics audiences”). With the aid of the remarketing audiences we also wish to ensure that our adverts are in line with potential interests of the users.

IP anonymisation
We have activated the IP anonymisation function on this website. As a result, your IP address is abbreviated by Google within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website in order to compile reports on the website activities and to provide services associated with the use of the website and the use of the internet to the website operator. The IP address transmitted by your browser within the framework of Google Analytics will not be merged with other Google data.

Google Tag Manager
We use the Google Tag Manager from Google on our website. The Google Tag Manager is a solution using which advertisers can manage web page tags via a user interface. The Google Tag Manager itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The Google Tag Manager service facilitates the triggering of other tags which for their part may collect data under certain circumstances. Google Tag Manager does not access these data. If a deactivation was made at the domain or cookie level, it continues to exist for all tracking tags which are implemented using Google Tag Manager.

Hotjar
We use the software Hotjar (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe) to improve the user experience on our web pages. Using Hotjar we can measure and analyse the user behaviour (mouse movements, clicks, scroll height etc.) on our web pages and analyse them. For this purpose, Hotjar places cookies on the terminal devices of users and can store data of users such as browser information, operating system, retention time on the page etc.

Criteo
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and commercial operation of our online offer within the meaning of Art. 6 (1) lit. f. GDPR), we use the online marketing services of the provider Criteo GmbH, Gewürzmühlstr. 11, 80538 Munich, Germany.

The services provided by Criteo permit us to show adverts for and on our website in a more targeted manner so as to only present advertisements to users which potentially match their interests. If adverts are shown to a user for products which he was interested in on other websites, for example, reference is made here to “remarketing”. For these purposes, on visiting our and other websites in which Criteo is active, Criteo directly conducts a Criteo code and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are incorporated in the website. With their assistance an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). This file notes which websites the user has visited, for which content he has shown interest and which offers he has clicked and furthermore provides technical information on the browser and operating system, referring websites, visit time as well as other information on the use of the online offer. The above mentioned information can also be linked with information from other sources by Criteo. When the user then visits other websites adverts, attuned to him can be shown in line with his interests.

The user’s data are processed pseudonymously, i.e. no clear data of the user (such as name) are processed and the IP addresses of the users are abbreviated. The data are processed only on the basis of an online ID, a technical ID. Any IDs (e.g. of a customer support system) or email addresses communicated to Criteo are encrypted as so-called hash values and stored as a string of characters which do not permit identification.

Further information and possibilities to object (opt-out) to collection by Criteo are provided in the data protection policy of Criteo: https://www.criteo.com/de/privacy/.

ADITION technologies AG
Data for marketing and optimisation purposes are collected and stored on this website using the ADITION adserving technology from ADITION technologies AG. Pseudonymised user profiles may be created from these data. Cookies may be used for this purpose. The data collected using the ADITION adserving technology are not used to personally identify the visitors to this website and are not merged with personal data on the holder of the pseudonym. ADITION technologies AG does not store personal data by placing cookies. All information merely contains technical information such as the browser used and the installed operating system. The collection and storage of data can be objected to at any time with effect for the future. An opt-out function is available for this purpose on the company website.
https://www.adition.com/datenschutz/

MP Newmedia
We use the service M,P,Newmedia from M,P,NEWMEDIA, GmbH, Hindenburgstraße 45, 71638 Ludwigsburg (“M,P,Newmedia”) on our website for retargeting purposes. This is a tracking process in online marketing where the visitor to a website is marked and then addressed again on other websites with targeted advertising. We use this new technology in order to make our offer even more attractive and to inform you about current offers which you have already seen once on our website and to which we would like to bring attention again.

Cookie technology (see 8.) is used for this purpose. You or your computer or your browser are identified anonymously as an internet user via the so-called cookie ID and your surfing behaviour logged, in particular noting which of our web pages you have visited. There is no other use or passing on to third parties. The cookie can then be read and analysed by M,P,Newmedia. This means that you also see adverts for our products or recommendations for comparable products from third providers, e.g. as personalised advertising banners, on other websites.

To prevent web bugs on our website, you can deactivate the retargeting at https://www.mp-newmedia.com/opt-out.

Further information on the remarketing service of M,P,Newmedia, the details of data processing via this service and the corresponding data protection policy of M,P,Newmedia is available at https://www.mp-newmedia.com/datenschutz.
Legal foundation is Art. 6 (1) lit. f GDPR.

b. Social media links
Links to the services Twitter, Facebook, Google+ and Google Maps are incorporated in our website. After clicking the link you are forwarded to the page of the respective provider, i.e. only then is user information transmitted to the respective provider. Information on the handling of your data when using the websites of other providers is provided by the respective data protection policies of these providers.

Facebook Pixel
The so-called “Facebook Pixel” of the social network Facebook which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are domiciled in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, (“Facebook”) is used in our website based on our legitimate interest in the analysis, optimisation and commercial operation of our online offer.

Using the Facebook Pixel, Facebook is able firstly to determine the visitors to our website as target group for adverts (so-called “Facebook ads”).

Data is processed by Facebook based on Facebook’s data use policy. General information on the presentation of Facebook Ads can be found in Facebook’s data use policy: https://www.facebook.com/policy.php

Special information and details on the Facebook Pixel and how it works are provided in the help area of Facebook:
https://www.facebook.com/business/help/651294705016616

You can object to the collection and use of your data by Facebook Pixel for Facebook ads. To set which type of ads are shown to you within Facebook you can visit the page set up by Facebook and follow the instructions on settings for use-based advertising: https://www.facebook.com/settings?tab=ads

The settings are made irrespective of platform, i.e. they are accepted for all devices such as desktop computer or mobile devices.

You can object to the use of cookies which serve to measure range and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org) and in addition the US-American website (http://www.aboutads.info/choices); or the European website (http://www.youronlinechoices.com/uk/your-ad-choices.

Plugins and tools
Google reCaptcha
We use “Google reCAPTCHA” (referred to in the following as “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

reCAPTCHA checks whether the data input on our website (e.g. in a contact form) is performed by a human or an automatic program. For this purpose, reCAPTCHA analyses the behaviour of website visitors using different features. This analysis starts automatically as soon as the website visitor enters the website. For analysis purposes reCAPTCHA assesses different information (e.g. IP address, amount of time spent by the website visitor on the website or mouse movements of the user). The data recorded during analysis are passed on to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

Data is processed on the foundation of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated espionage and spam.

Further information on Google reCAPTCHA and the data protection policy of Google can be found in the following links: https://www.google.com/intl/de/policies/privacy
and https://www.google.com/recaptcha/intro/android.html

YouTube
Our website uses plugins from the YouTube page operated by Google. Operator of the website is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

Whenever you visit one of our pages equipped with a YouTube plugin, a link to the servers of YouTube is created. The YouTube server is notified about which of our pages you have visited.

If you are logged in to your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging off from your YouTube account.

YouTube is used in the interest of presenting our website in an attractive manner. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR.

Further information on the handling of user data is provided in YouTube data protection policy at: https://www.google.de/intl/de/policies/privacy.

Klick-A module
KlickA provides visitors to this website with the possibility to reserve their product immediately and online at one of many pharmacies in the vicinity. The nearest pharmacies are displayed to end consumers. The result is visualised on a Google Maps map. The prospective customer can select his local pharmacy of choice.

In this way, the visitors to the website have the possibility to reserve the product online and to collect it from the local pharmacy.

The personal data provided when ordering/reserving via an external link which is incorporated in our website are passed on exclusively for the purpose of reserving the products at the stationary pharmacy you have selected. By making a binding reservation you consent to the applicable data protection policy of ApoNow GmbH which is visible to you in the reservation process.

Subject matter of processing of personal data refers to the following data types / categories:

  • Inventory data:
    First name, surname
  • Communication data:
    Telephone number, mobile telephone number, email address, address
  • Sensitive data in accordance with Art. 9 GDPR:
    Order of pharmaceutical products

The provider of this external service is ApoNow GmbH. MCM Klosterfrau Vertriebsgesellschaft mbH has entered into an agreement for contract processing with ApoNow GmbH and therefore observes the requirements of the GDPR.

SurveyMonkey polls
We use the online survey tool SurveyMonkey for the surveys, which is offered by Survey-Monkey Europe with registered office in 2 Shelbourne Buildings, Second Floor, Shelbourne Road, Dublin 4, Ireland (“SurveyMonkey”). In connection with the collection, use and storage of personal data, SurveyMonkey observes the Safe Harbor guidelines developed by the US Ministry of Trade for the handling of personal data from EU Member States.

We would like to explicitly point out that SurveyMonkey reserves the right to collect, process, use and pass on information and analyses for its own purposes. For this purpose, cookies, ad tracking and IP addresses in particular are used or collected. SurveyMonkey also reserves the right to pass on this information to third parties, also to other countries and to the USA. More detailed information is provided in the corresponding passages of SurveyMonkey’s data protection policy.

We also make particular reference to the fact that SurveyMonkey does not support 'Do not track' so that users may be tracked.

If you participate in this survey, you consent to your data, such as IP address, name and other data provided by you as part of the survey, being stored on SurveyMonkey’s servers. The then applicable data protection conditions of SurveyMonkey can be obtained at https://de.surveymonkey.net/mp/policy/privacy-policy/.

SurveyMonkey Inc. participates in the EU-US privacy shield agreement and in the privacy shield agreement between the USA and Switzerland and has confirmed compliance with these agreements. SurveyMonkey commits to treating all personal information and data received from Member States of the European Union (EU) and Switzerland on the basis of the privacy shield agreement and accordingly its applicable principles. Further information on the privacy shield agreement may be obtained from the privacy shield list of the USA Ministry of Trade. https://www.privacyshield.gov/.

2. Active use of the website

In addition to the purely informational use of our website, you can also use our website actively to get into contact with us. In addition to the above mentioned processing of your personal data for purely informational use, we also process further personal data which we require to answer your inquiry.

Contact inquiries
In order to be able to process and answer your inquiries to us, e.g. via the contact form or to our email address, we process the personal data you have communicated to us in this connection. This includes at all events your name and your email address in order to send you an answer as well as the other information which you send to us in your communication.

We process your personal data to answer contact inquiries on the basis of the following legal foundations:

  • To safeguard our legitimate interests pursuant to Art. 6 (1) lit. f GDPR; our legitimate interest consists in the correct answering of contact requests.

Information from the specialist area
Some areas of our website are only accessible to users from specific specialised areas due to statutory requirements in part, e.g. pharmacists and doctors as well as their employees. In order to select these pages, you must be registered as a user at Klosterfrau or DocCheck Medical Services GmbH (www.doccheck.de). When you register with Klosterfrau we store your personal data requested on registration as well as the user ID assigned to you and your password. We use these data exclusively to check your access authorisation. Whenever you use a user ID which is registered at Doc-Check, we send an authentication inquiry to DocCheck for every login to the protected area which is checked there without receiving information on your identity.

We process your personal data on the basis of the following legal foundation: consent in accordance with Art. 6 (1) lit. b) DGPR.

Image database
Our digital database is an exclusive service for our partners for the areas of pharmacy, media, advertising, trade and medicine. If you belong to a professional group from these areas and do not as yet have access to the image database, you can request the access data (ID and password) via a registration form which we provide on our websites. The data requested there are only used to check your access authorisation. In order to be able to provide a selection of images which is in line with your requirements as far as possible, we analyse the request frequency of the offered images. In all these analyses you remain anonymous as user. The same applies if you have logged in to the specialised area where the image database is similarly available to you without any further access check.

We process your personal data on the basis of the following legal foundation: consent in accordance with Art. 6 (1) lit. b) GDPR.

Newsletter data
If you would like to subscribe to the newsletter offered on our website, we need an email address as well as information which permits us to check whether you are the holder of the specified email address and are agreed to the receipt of the newsletter (double-opt-in process). Further data are not collected. We use these data exclusively to send the requested information and do not pass them on to third parties.

The consent given to store data, the email address as well as its use to send the newsletter can be withdrawn at any time by using the “Unsubscribe” link in the newsletter, for example.

Use of web fonts
External fonts, Google Fonts, are used in this website. Google Fonts is a service of Google Inc. (“Google”). These web fonts are incorporated by visiting the server, usually a server in the USA. The server is notified which of our web pages you have visited. The IP address of the browser of the terminal device of the visitor to these web pages is also stored by Google. Further information is provided in Google’s data protection policy which you can reach here:
www.google.com/fonts#AboutPlace:about
www.google.com/policies/privacy/

3. Sending an application

We process your personal data when you send us an application. Special categories of personal data may be contained in the application documents.

Processing of personal data
Applicant data usually comprises the following: first name and surname, any academic title, date and place of birth, contact data (address, email, telephone and/or mobile telephone number), application documents (motivational letter, curriculum vita, references), knowledge of languages, skills. We also process the data you send us by email for contacts.

We base our decisions in the application procedure on the personal data you have provided to us within the framework of statutory requirements. For example, we use your professional qualification to decide whether we will consider you in the narrower selection procedure or for a personal impression in an interview to decide whether to offer you the position you have applied for.

We process your personal data here on the following legal foundation: data processing for the decision to establish an employment relationship, Art. 88 (1) GDPR in conjunction with Section 26 (1) S. 1 German Data Protection Act (BDSG).

Processing of special personal data
In accordance with Art. 9 GDPR, special categories of personal data are personal data revealing racial or ethnic origin, political opinions, religious (e.g. religion/confession) or philosophical beliefs or trade union membership, as well as the processing of biometric data for unambiguous identification (e.g. photos), health data (e.g. information on the degree of serious disability) or details on a natural person’s sex life or sexual orientation. If your curriculum vitae contains special categories of personal data, we do not intentionally collect them. We explicitly ask you to refrain from sending us any such data.

If you voluntarily send us special categories of personal data under Art. 9 (1) GDPR as part of your application documents and contrary to our explicit request (e.g. details of your religion/confession), we store these data on the foundation of your consent in accordance with Art. 88 (1) GDPR in conjunction with Section 26 (3) S. 2 BDSG. This also applies if you send us further special personal data in the further course of the application procedure. By voluntarily providing us with these data, you state your consent to the storage of these personal data as part of the application process.

We do not in principle consider these special personal data in making a selection decision unless we are required by virtue of the law to consider these special personal data. It is, for example, possible with some vacancies for people with disability to be given preferential treatment in compliance with the law. In these cases the information is always voluntary and with your explicit consent which you send to us by voluntarily communicating these data.

We process your special personal data by virtue of the following legal foundation: in accordance with Art. 9 (1), (2 a) GDPR based on your consent in accordance with Art. 88 (1) GDPR in conjunction with Section 26 (3) S. 2 BDSG

IV. Links

A few sections of our website contain links to the websites of third party providers. These websites are subject to their own data protection policies. We are not responsible for their operation including data handling. If you send information to or via such pages of third party providers, you should check the data protection policies of these sites before you send them information which can be assigned to you.

V. Categories of recipients

Firstly, only our employees receive knowledge of your personal data. In addition, we share your personal data with other recipients insofar as permitted or prescribed by law who provide services for us in connection with our website. We restrict the forwarding of your personal data to that which is necessary, in particular in order to handle your order. Our service providers also receive your personal data as contract processors and are then strictly bound by our instructions in the handling of your personal data. In some cases, the recipients act independently with your data we send to them.

In the following we set out the categories of recipients of your personal data: IT service providers in the administration and hosting of our website.

VI. Third country transfer

Within the scope of using the Google tools, we transfer your abbreviated IP address to the USA. The data transfer is based on the Commission Implementing Decision 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield.

Furthermore, we do not transfer your personal data to countries outside of the EU or of the EEA or to international organisations.

VII. Period of storage
1. Informational use of the website

For the purely informational use of our website, we store your personal data on our servers exclusively for the duration of your visit to our website. Your personal data are immediately deleted once you have left our website.

Any cookies installed by us are also usually deleted after leaving our website. You also have the possibility to erase installed cookies yourself at any time.

2. Active use of the website

Where our website is used actively, we store your personal data initially for the time it takes to answer your inquiry.

We also store your personal data until any legal claims arising from the relationship with you have become statute barred so as to use them as evidence where applicable. The period of limitation is usually between 12 and 36 months but can also be up to 30 years.

Once the limitation period has expired, we delete your personal data unless there is a statutory storage duty, for example, based on the German Commercial Code (Sections 238, 257 (4) HGB) or on the German Tax Code (Section 147 (3), 4 AO). These storage duties may be between two and ten years.

3. Applications

We store your personal data initially for the duration of the application process.

Where we do not give you the job, we delete your data on expiry of three months after the rejection unless you have given your consent to continue its storage. In the event of consent, we store your data up to the withdrawal of the consent but for a maximum of two years.

If your application was successful and you enter into an employment relationship with us, we refer you to our information sheet on data protection for employees which states how your data are processed.

Lengthier storage periods may also result from the fact that the data are necessary to assert, exercise and defend legal claims or if there are statutory storage duties. The data are stored for as long as this is necessary to satisfy these purposes.

VIII. Your rights as data subject

You have the following rights as data subject under the statutory conditions which you can assert against us:

Right to information: You have the right at any time pursuant to Art. 15 GDPR to obtain from us confirmation as to whether or not we process your personal data. Where this is the case, you are furthermore entitled pursuant to Art. 15 GDPR to obtain information on these personal data as well as certain other information (including the purposes of processing, the categories of personal data, the categories of recipients, envisaged storage period, origin of the data, use of automated decision making and, in the event of transfer to a third country, the appropriate safeguards) and a copy of your data.

Right to rectification: You have the right pursuant to Art. 16 GDPR to obtain from us the rectification of your personal data stored by us if they are inaccurate or faulty.
 
Right to erasure: You have the right under the conditions set out in Art. 17 GDPR to obtain from us the erasure of your personal data without due delay. The right to erasure does not exist if the processing of personal data is necessary for (i) the exercise of the right of freedom of expression and information, (ii) for the satisfaction of a legal duty to which we are subject (e.g. statutory storage duties) or (iii) to establish, exercise or defend legal claims.

Right to restriction of processing: You have the right under the circumstances set out in Art. 18 GDPR to obtain from us the restriction of processing your personal data.

Right to data portability: You have the right under the conditions of Art. 20 GDPR to receive from us your personal data you have provided to us is a structured, commonly used and machine-readable format.

Right to withdraw: You have the right to withdraw your consent to the processing of personal data at any time taking effect for the future.

Right to object: You have the right under the conditions of Art. 21 GDPR to object to the processing of your personal data so that we must end the processing of your personal data. The right to object only exists within the scope provided for in Art. 21 GDPR. In addition, our interest in the termination of processing may be contrary to this so that despite your objection we are entitled to process your personal data.

Right to lodge a complaint with the supervisory authority: You have the right under the circumstances of Art. 77 GDPR to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. The right to lodge a complaint exists notwithstanding any other appeal under administrative law or of the courts.

The supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (Regional officer for data protection and freedom of information of North Rhine Westphalia)
Kavalleriestr. 2-4
40213 Düsseldorf
Telephone: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle@ldi.nrw.de

However, we recommend that you always first lodge a complaint with our data protection officer.

Your applications to exercise your rights should where possible be directed in writing to the above mentioned address or directly to our data protection officer.

IX. Extent of your duties to provide data

In principle, you are not obliged to give us your personal data. However, if you do not do so we will not be able to provide our website to you or answer any inquiries directed at us. The personal data we need for the above mentioned purposes of processing are marked by an “*” or another symbol as mandatory information.

X. Automated decision making / profiling

We do not use any automated decision making or profiling (an automated analysis of your personal circumstances).

Information on your right to object under Art. 21 GDPR

1. You have the right to object, on the grounds relating to your particular situation, at any time to the processing of your data based on Art. 6 (1 f) GDPR (Data processing on the basis of a weighing up of interests) or Art. 6 (1 e) GDPR (Data processing in the public interest). This also applies to a profiling based on this determination within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we are able to provide compelling legitimate reasons for processing which override your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.

2. We process your personal data in individual cases also for direct marketing purposes. If you do not wish to receive marketing, you have the right at any time to object to it; this also applies to profiling to the extent that it is connected with any such direct marketing. We will take this objection into consideration for the future.
We will no longer process your data for the purposes of direct marketing if you object to the processing for these purposes

The objection can be provided without consideration of form and should be addressed where possible to the following:


MCM Klosterfrau Vertriebsgesellschaft mbH
Gereonsmühlengasse 1-11
50670 Cologne
Telephone: 0221-1652-0
Fax: 0221-1652-430
Email: dialog@klosterfrau-service.de

XI. Changes

We reserve the right to change this Data Protection Policy at any time. Any changes will be published in the form of an amended Data Protection Policy on our website. Where nothing is stated to the contrary, such changes will become effective immediately. Please therefore check this Data Protection Policy regularly so as to view the most up-to-date version.

Last updated in May 2018