Data protection declaration
1. Name and contact details of the controller and his representative
We, medac GmbH, Theaterstraße 6, 22880 Wedel, Germany (Imprint) are controller for the processing.
Contact details of the data protection officer
Our data protection officer is available at all times to answer any questions you may have and to act as your contact person on the subject of data protection at our company.
You can reach our data protection officer at firstname.lastname@example.org, Data Protection Officer Dr. Bernd Schmidt, Deputy Data Protection Officer Dr. Anna-Kristina Roschek.
2. Website: Processing of your personal data
The use of this website requires the processing of personal data to the extent described in section 2.1.
2.1. Data processing to enable website use
When you visit our website (https://www.leflunomide-medac.com/), some of your personal data are automatically processed and stored in so-called web server log files. These are:
⦁ the address (URL) of the accessed web page
⦁ Browser and browser version
⦁ the operating system used
⦁ the address (URL) of the previously visited page (referrer URL)
⦁ the hostname and IP address of the device from which access is made
⦁ Date and time
We receive these data about the devices you use.
The purpose of creating the webserver log files is to ensure the functionality of the website. The legal basis for the processing is Art. 6 (1) lit. f GDPR.
The webserver log files are stored for a maximum of two weeks and then automatically deleted. We do not share these data with third parties.
When you visit our website, information may be stored on your computer in the form of cookies. Cookies are small text files that are sent to your browser by a webserver and stored on your computer's hard drive. This makes it possible for you to be recognized when you return to the website. In this way we can ensure better functionality of the site or carry out web analysis.
There are various types of cookies. A distinction must be made between cookies placed by the website operator when you visit a website (also known as "first party cookies") and cookies placed by third parties (also known as "third party cookies"). We solely have technical control over the first mentioned cookies. On the other hand, there are cookies that are only stored on your computer during your visit to our website (also known as "session cookies") and cookies that are stored for a longer period of time.
Most browsers are set to accept cookies automatically. You can deactivate the storage of cookies in your browser and can delete them from your hard disk at any time. We would like to point out that the use of our offers on the website without cookies is only possible to a limited extent.
However, you can also adjust your browser to only prevent the setting of certain cookies (e.g. cookies from third parties), for example if you wish to prevent web tracking. You can find more information on this in the help function of your browser.
⦁ "European Interactive Digital Advertising Alliance" (EDAA): ⦁ http://www.youronlinechoices.com/de/praferenzmanagement/
⦁ "Digital Advertising Alliance" (DAA): ⦁ info/choices/
⦁ "Network Advertising Initiative" (NAI): www.networkadvertising.org/choices/
We use the following cookies:
Name Storage duration Purpose (necessity)
[please add ]
_ga 1 year Traffic analysis (not necessary)
_ga_< id> 1 year Traffic analysis (not necessary)
Change cookie settings
3. Use of Google Analytics
Alternatively, you can prevent the collection by Google Analytics by setting a so-called "opt-out cookie" on your computer. Use the following link to do this: Set Opt-Out-Cookie
Alternatively, you can revoke your consent by clicking on the "Revoke Google Analytics" button. In this case, we set a technically necessary cookie that recognizes your revocation of consent when you visit our website.
Revoke Google Analytics
For more information about privacy at Google Analytics, please visit: www.google.de/intl/de/policies/.
4. Processing of your data when you contact us for business purposes
If you contact us as an interested party, supplier, service provider or other business partner, we process your personal data such as contact details or correspondence to the extent necessary to process your inquiry (legitimate interest under Art. 6 (1) (f) GDPR) or to initiate or carry out the respective transaction (Art. 6 (1) (b) GDPR) and, if applicable, retain the data within the scope of legal retention obligations (based on legal obligations under Art. 6 (1) (c) GDPR).
The same applies if you are an employee of a interested party, supplier, service provider or other business partner and we receive your personal data in this context; the legal basis in this case is our legitimate interest in initiating or conducting the business relationship with your employer (Art. 6 (1) (f) GDPR).
5. Contact form
When you contact us via the contact form, we store your details (your name, e-mail address, telephone number if necessary, and the text of your request) and process them in order to process your request.
As far as it is necessary in order to answer your request or your request is directed towards this, we may transfer your details to another company of the Medac group (e.g. if your request relates to a contract or a customer relationship with another company of the Medac group or its products). The legal basis for this data processing is - depending on the subject of your request - the admissibility of the processing within the framework of contract initiation, a contract or our legitimate interest in providing a contact form for general requests (Art. 6 Para. 1 lit. b or f GDPR).
6. Video integration through Vimeo
If you call up a page on our website on which a video with Vimeo has been embedded, your IP address and possibly other technically necessary personal data will be transmitted to Vimeo. In the process, your data will be transmitted to the USA. The USA (and possibly other non-EEA countries) do not offer a level of data protection comparable to that of the European Union and, in particular, unauthorized access by government agencies cannot be ruled out in individual cases.
The legal basis for the use of the services of Vimeo is our legitimate interest in the functional presentation of the website, Art. 6 (1) (f) GDPR. If you have any questions about the balance of interests, please contact one of the contact addresses listed in section 1 above
7. Links to third party websites
Our website includes links to third-party websites. When you call up the website links, you leave our website and the browser of your device establishes a direct connection with the servers of the respective website. The respective privacy policies of this website apply.
8. Data security
We has taken the necessary technical and organisational measures to protect the personal data provided by you from loss, destruction, manipulation and unauthorized access. To protect the personal data of our users, we use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) transmission. You can recognize this by the fact that an "s" is attached to the address component http:// ("https://") or a green, closed padlock symbol is displayed in the browser. By clicking on the symbol, you will receive information about the SSL certificate used. SSL encryption guarantees the secure and complete transmission of your data.
9. Transmission to third parties
We only pass on the personal data described here if it is necessary for the provision of our service or if it is required by law. Within the scope of the purposes mentioned here, personal data will be forwarded to service providers who work for us and support us in particular in the provision of services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound by further contractual data protection requirements. In particular, this includes an obligation as a processor according to Article 28 GDPR.
Otherwise, we will only transfer personal data to other recipients if we have a legal permit to do so or you have given your prior consent. You may revoke any consent you may have given at any time with effect for the future. We will only pass on your data to government agencies within the framework of legal obligations or on the basis of an official order or court decision and only to the extent that this is permissible under data protection law.
10. Transfer to countries outside the EEA
To the extent necessary for our purposes, we may also transfer your data to recipients outside the EU and the European Economic Area. This is particularly the case if we have to transfer this data to recipients in countries within the scope of contract processing or due to legal regulations.
With the exception of the processing described in sections [3 and 9 ], we do not pass on your data to recipients based outside the European Union or the European Economic Area. The processing operations described in these sections result in data being transferred to the servers of the processor by us. These servers are partly located in the USA. If the servers are located in Europe, it cannot be completely ruled out that data may nevertheless be transferred to the USA because it is a US provider. The data transfer takes place on the basis of so-called standard contractual clauses of the EU Commission.
We would like to point out that the USA is not a safe third country in the sense of EU data protection law. In certain cases, US companies are obliged to hand over personal data to US authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) may process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
We will delete your personal data as soon as it is no longer required for the aforementioned purposes of processing, or if in the event of an objection there are no compelling reasons on the part of Medac worthy of protection or if in the event of a revocation there is no other legal basis for processing. In certain cases, e.g. if there is a legal storage obligation, your personal data will initially be blocked and deleted at the end of the storage period.
12. Your rights
According to the provisions of the GDPR, you have the right to
⦁ request information about the processing of your data free of charge (Art. 15 (1) GDPR) and to receive a copy of your personal data (Art. 15 (3) GDPR). Among other things, you can request information about the purposes of the processing, the categories of personal data that are processed, the recipients of the data (if a transfer takes place), the duration of the storage or the criteria for determining the duration;
⦁ rectify your data (Art. 16 GDPR). If your personal data is incomplete, you have the right - taking into account the purposes of processing - to complete the data;
⦁ have your data erased or blocked (Art. 17 DSGVO). Reasons for the existence of a deletion/blocking claim include revocation of the consent on which the processing is based, objection to the processing or unlawful processing of the personal data;
⦁ to have the processing restricted (Art. 18 GDPR);
⦁ request the transfer of your data (Art. 20 GDPR);
⦁ revoke your consent to the processing of your data for the future, insofar as the processing is based on consent (Art. 7 (3) GDPR); Please note that in the event of a revocation, we will continue to retain your consent. This is because even after revocation and deletion of your personal data, we must be able to prove consent. The legal basis for the (also continued) storage of consent is Art. 6 (1) (c) in conjunction with. Art. 5 (1) (a), (2), Art. 7 (1) GDPR and Art. 6 (1) (f) GDPR.
⦁ complain to a supervisory authority about unlawful data processing (Art. 77 GDPR).
In addition, in case of processing based on Art. 6 (1) (e) or (f) of the GDPR, you may object to the processing (Art. 21 of the GDPR). You do not have to provide you reasons except for the case of direct marketing.
If you wish to exercise any of your rights, please contact us at one of the contact addresses listed in section 1.
13. No automated individual case-by-case decision-making
We do not use your personal data for automated case-by-case decisions according to Art. 22 (1) GDPR.
Status: December 2022