Privacy policy

Privacy policy and information for the data subject according to Articles 13, 14 EU-GDPR for the website https://www.dr-scheffler.com/de/ Dr. B. Scheffler Nachfolger GmbH & Co. KG (hereinafter “Dr. Scheffler” or “we”) takes the protection of your personal data very seriously. The processing of your personal data by Dr. Scheffler is therefore subject exclusively to the data protection requirements of the European General Data Protection Regulation (EU GDPR). On this page, we provide you with information about the processing of your personal data in accordance with Article 13, 14 GDPR.

The entity responsible for data protection is: Dr. B. Scheffler Nachfolger GmbH & Co. KG
Senefelderstrasse 44
51469 Bergisch Gladbach, Germany
T +49 2202 540-47
info@dr-scheffler.com

Our data protection officer is:
Dr. Philipp Wehler
Hoffmann Liebs Partnerschaft von Rechtsanwälten mbB
Goltsteinstraße 14
40211  Düsseldorf
legal@krueger.de

When you visit this website and use the various offers, we process your personal data as described in detail below.

1. COOKIES

We do use cookies on the websites hosted under https://www.dr-scheffler.com/de/  (including their subpages), if the use has been approved in advance.

2. SERVER LOG FILES

Each time you visit our website, your browser automatically transmits us your IP address, identifier (manufacturer, version, operating system) and the language settings of your web browser, the time of your visit and visited subpages of our website, your referrer URL (i.e. the URL of the page from which you are visiting us), as well as the data volume accrued during your visit to our website (hereinafter “access data”). We process your access data to ensure system security (e.g. to prevent hacker attacks) and to compile usage statistics. This processing is carried out on the basis of our legitimate overriding interest (Article 6(1)(f) EU GDPR). You are under no legal or contractual obligation to provide us with your access data, nor is this necessary for the conclusion of a contract. However, you must provide us with your access data so that you can retrieve our website and use the offers and services provided on it.

3. Google Analytics

a) Categories of data concerned, recipients, purposes of the processing

This website uses Google Analytics if the use has been consented to in advance. Google Analytics is a web analytics service provided by Google LLC. ("Google"). As our processor, Google will process the data collected via Google Analytics in order to analyse your use of the websites, compile reports on corresponding activities and provide us with other services related to the use of our website. The statistics obtained in this way enable us to improve our services and make them more interesting for you as a user. Google Analytics uses cookies for this purpose, whereby the information generated by these cookies about your use of this website is generally transferred to a Google server in the USA and stored there.
As a rule, no personal data is processed when Google Analytics is used. Your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Our contractual partner is Google Ireland Ltd. Nevertheless, it cannot be ruled out that your data may also be transmitted in whole or in part to the parent company in the USA. The European Commission certifies data protection comparable to the EEA standard for some third countries by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). This now also applies (again) to the USA through the adequacy decision for the EU-U.S. Data Privacy Framework (EU-US DPF) adopted by the European Commission on 10.07.2023: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Google is certified with the U.S. Department of Commerce under the EU-US DPF: https://www.dataprivacyframework.gov/s/participant-search
You are under no legal or contractual obligation to provide your data, nor is this necessary for the conclusion of a contract.

We would like to point out that on our websites Google Analytics has been extended by the plug-in "AnonymizeIP"; in order to ensure an anonymised collection of your IP address even in these exceptional cases, so that your data cannot be related to your person.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

b) Legal bases, storage period The legal basis for the use of Google Analytics is Article 6(1)(a)/(f) GDPR. Sessions are regularly terminated after 30 minutes without activity and campaigns after six months; data on campaigns can be stored for a maximum of two years.

c) Right to object If Google Analytics processes your data in a personal form, you can object at any time. If you do so, the processing will be discontinued immediately. Specifically, you can send an informal letter of objection to our data protection officer by post: Krüger GmbH & Co. KG, Legal Department, Senefelderstrasse 44, 51469 Bergisch Gladbach, Germany or by email: legal@krueger.de. You can also exercise your right to object in particular and prevent the storage of cookies used by Google Analytics by configuring the appropriate setting in your browser software (for more information, please refer to hier); however, please note that if you do so, you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de Please note that in doing so, you will leave our website.

d) Information from Google Google Dublin, Google Ireland Ltd.
Gordon House, Barrow Street, Dublin 4, Ireland
Fax: +353 (1) 436 1001. Google Analytics Terms of Service: http://www.google.com/analytics/terms/de.html Privacy & Terms (among others) for Google Analytics: https://policies.google.com/technologies/partner-sites?hl=de&gl=de Google Privacy Policy: http://www.google.de/intl/de/policies/privacy

4 Social Media Plugins

On our website we use click fields, if the use has been agreed to in advance, with which you can share certain contents of our website with other members of this network via the social network of the respective provider. You can recognise these offers by the respective icons.
We currently use click boxes that allow you to connect to the following social network providers (hereinafter "providers") via HTML hyperlink: Facebook (including Pinterest and Instagram), Google (you can recognise the provider via the click field logo). All of these plug-ins are deactivated as long as you do not activate the respective click field by mouse click. Your IP address and your referrer URL (hereinafter referred to as "social media data") are only transmitted to the respective providers when you click on them. This also applies if you do not have your own account with the respective provider or are not logged in. If you are logged in to the provider, your social media data collected by us will be directly assigned to your account with the provider. We recommend that you log out regularly after using a social network, but in particular before activating the click box, as this will help you to avoid being assigned to your profile with the provider of the social network.
Via the click fields, we offer you the opportunity to interact with the respective social network and its users so that we can improve our offer and make it more interesting for you as a user. The legal basis for our use of the click boxes is Article 6 (1) sentence 1 lit. f) EU-DSGVO. In the case of Facebook, according to this provider, your IP address is anonymised immediately after collection in Germany.
Our contractual partners are Meta Platforms Ireland Ltd (formerly Facebook) and Google Ireland Ltd, but it cannot be ruled out that your data may also be transmitted in whole or in part to the parent company in the USA. The European Commission certifies data protection comparable to the EEA standard for some third countries through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). This now also applies (again) to the USA through the adequacy decision for the EU-U.S. Data Privacy Framework (EU-US DPF) adopted by the European Commission on 10.07.2023: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Meta (for Facebook and Instagram) and Google are certified with the U.S. Department of Commerce under the EU-US DPF: https://www.dataprivacyframework.gov/s/participant-search

You are under no legal or contractual obligation to provide your social media data, nor is this necessary for the conclusion of a contract.
The providers store your social media data in usage profiles created for you in order to process these for the purposes of advertising, market research and/or the needs-based design of their websites. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective provider to exercise this right.

We have no influence on the collected data and data processing procedures of the providers, nor are we aware of the full scope of the data collection, the purposes of processing, or the storage periods, nor do we have information on the deletion of the collected data by individual providers. Further information about the purpose and scope of their data collection can be found in each of the privacy policies listed below. They also contain further information about your rights in this regard and setting options for protecting your privacy:

• Meta Platforms Inc., 1601 S California Ave, Palo Alto, California 94304, USA. More information on data processing is available from the provider here
  http://www.facebook.com/policy.php
  http://www.facebook.com/help/186325668085084
  http://www.facebook.com/about/privacy/your-info-on-other#applications
  http://www.facebook.com/about/privacy/your-info#everyoneinfo
• Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA. More information on data processing is available from the provider here:
  https://www.google.com/policies/privacy/partners/?hl=de
• YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. More information on data processing is available from the provider here:
  https://policies.google.com/privacy?hl=de&gl=de
  https://www.youtube.com/intl/de/yt/about/policies/#community-guidelines
  https://www.youtube.com/t/terms
  https://www.youtube.com/t/terms_paidservice
• Pinterest Europe Ltd., Palmerston House 2nd floor, Fenian Street, Dublin 2, Ireland.
  https://policy.pinterest.com/de/impressum
  https://policy.pinterest.com/de/privacy-policy
  https://policy.pinterest.com/de/community-guidelines

5. CONTACT AND CUSTOMER COMPLAINTS: FORM AND EMAIL FUNCTION

You have the option of contacting us directly via a contact form stored on our website. If you do this, you must provide your name, email address, and the subject of your query. We also offer you the option of contacting us directly by email. To do so, click on the email links provided on our website. Your email program will then open and you can send a message to us at our pre-entered email address. If you contact us via email or web form, we also collect your IP address and the time at which you send us your message. You are under no legal or contractual obligation to provide the aforementioned data concerning you, nor is this necessary for the conclusion of a contract. However, your query cannot be processed without this data. We use the information you provide us via the contact form or email exclusively to process your request. The legal basis for this processing is Article 6(1)(b) EU GDPR. We process your IP address and the time of your request in order to be able to identify and defend against automated access and hacker attacks. As a rule, we delete this data one week after responding to or otherwise handling your request; however, we retain this data for a longer period in specific cases insofar as we are legally entitled or required to do so (such as for commercial or tax retention periods)

6. SHOPPING CART FUNCTION

Dr. Scheffler offers you the possibility to order the products presented on the Dr. Scheffler websites via a so-called shopping basket function to your local pharmacy and to have them ready for collection in the pharmacy.

When using this function, you will leave Dr. Scheffler's websites. The shopping basket function is carried out by the pharmaceutical service ApoNow GmbH, Deipenbecker Weg 12, 58300 Wetter (Ruhr).

Dr. Scheffler does not receive any personal data from you when you use the shopping basket function. The shopping basket function is carried out independently and via the websites of the Pharma-Service ApoNow.
You can find more information about ApoNow here: https://www.aponow.de/impressum/

7. RIGHTS OF DATA SUBJECTS

In the following, we would like to inform you about the additional rights to which you are entitled as a data subject in accordance with Article 15-21 and Article 77(1) EU GDPR. Specifically, you can contact our data protection officer by email at legal@krueger.de to assert these rights.

a) Right to access: According to Article 15 EU GDPR, you have the right to receive information about the data processing and a copy of the processed data. In this regard, you also have the right to receive a copy of your personal data processed by us in accordance with Article 15(3-4) EU GDPR.

b) Right to rectification: According to Article 16 EU GDPR, you have the right to request that we correct or complete your personal data.

c) Right to deletion: According to Article 17(1) EU GDPR, you have the right to obtain from us the erasure of your personal data. To the extent that we have made your personal data public, according to Article 17(2) EU GDPR, you also have the right to require us to inform other data controllers of your request to delete all links to and/or copies or replications of your personal data.

d) Right to restriction of processing: According to Article 18 EU GDPR, you have the right to request that we restrict the processing of your personal data.

e) Right to data portability: According to Article 20 EU GDPR, you have the right to receive the personal data about you that you provided us in a structured, commonly used and machine-readable format and to request the transfer of this data to another controller.

f) Revoking your consent: If you have given us consent to process your personal data, you may withdraw this consent at any time, in whole or with respect to individual processing purposes, in each case without providing any reasons. Please note that any lawful processing of your personal data that has taken place up to the time of your withdrawal will not be rendered unlawful retroactively by this withdrawal. In particular, you may withdraw any consent you have given us for the processing purposes listed in points 2 and 3 above by sending your withdrawal notice by email to legal@krueger.de. By withdrawing the consent you have given for a certain service, you can no longer use the corresponding service; beyond that, you will not suffer any disadvantages. If you wish to revoke your consent only for certain processing and use purposes, please specify this in your withdrawal notice by naming the relevant purposes (e.g. “withdrawal of consent regarding the contact form” if you only wish to withdraw your consent to the processing of your data for this purpose). If you do not provide any details about your withdrawal or if you expressly withdraw your overall consent, we will assume that you are withdrawing your consent to all collections, processing, and uses explained in this privacy policy.

g) Right of revocation: According to Article 21 GDPR, you have the right to object to the processing of your personal data by us, insofar as this is carried out for the purpose of direct marketing and/or on the basis of a “legitimate interest” within the meaning of Article 6(1)(f) EU GDPR.

h) Complaint to supervisory authorities: According to Article 77(1) EU GDPR, you have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data by us if you consider that the processing of your personal data infringes the data protection regulations.

Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Germany Tel.: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle@ldi.nrw.de

In addition, you have the option of pursuing other legal remedies to which you are entitled (e.g. in courts or with authorities).

Last updated: July 2023