1. Contact details of the person responsible for data processing and Data Protection Officer
German Medicines Manufacturers´Association (BAH), including its two offices at Ubierstraße 71-73, 53173 Bonn as well as Friedrichstraße 134, 10117 Berlin, Email: firstname.lastname@example.org, Telephone: 0228/95745-0, Fax: 0228/95745-90.
Please direct any questions regarding data protection to our Data Protection Officer
Dr. Andreas Franken, situated at the office in Bonn, Email: email@example.com
2. Collection and retention of personal data as well as scope and purpose of using these data
a) Visits to our website
If you access our website www.bah-bonn.de, the browser you use on your device will automatically send some information to the server of our website. The information is temporarily retained in so-called logfiles. Depending on the individual logfile the duration of intermediate storage varies from one week up to one year.
The following information is collected automatically without your intervention and retained until deletion:
• IP address of your computer,
• date and time of access,
• name and URL of the accessed file,
• website from which our website is accessed (Referrer-URL), as well as
• the browser you used and, if necessary, the operating system of your computer.
The name of your internet provider is not stored in the server log.
We process these data for the following purposes:
• To support a trouble-free connection setup of our website,
• to support comfortable use of our website,
• for the evaluation of system security and system stability as well as
• further administrative purposes.
The legal basis for this data processing is Art. 6 paragraph 1 sentence 1 point (f) of the General Data Protection Regulation (GDPR). Our lawful interest is derived from the above-listed purposes of data processing. On no account will we use the collected data for the purpose of drawing conclusions about your person.
If you contact us by using our Contact Form, we need your consent to the retention of your data pursuant to Art. 6 paragraph 1 Sentence 1 point (a) of the GDPR. Please provide your consent by putting a checkmark in the contact form. The same applies to the use of your data that you provided in the Form for registration for our members section.
Use of Matomo
This website uses the web analysis software Matomo (www.matomo.org), a service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (“Matomo”), for the collection and storage of data, based on our lawful interest in the statistical analysis of user behaviour for optimisation and marketing purposes pursuant to Art. 6 paragraph 1 sentence 1 point (f) of the GDPR. For the same purpose, pseudonymized user profiles can be produced and evaluated from these data. For this purpose cookies can be used. Cookies are small data files that are locally stored in the internet browser of the website visitor. Among other functions, cookies enable recognition of the internet browser. The data collected with the aid of the Matomo technology (including your pseudonymized IP address) are processed on our servers. We will not use the information in the pseudonymized user profile generated by the cookie for personal identification of visitors to our website. In addition, this information will not be linked to the personal data of the carrier of the pseudonym. If you do not agree to the storage and evaluation of these data generated from your visit, you can opt-out from the storage and use any time with a mouse click (see below). In this case a so-called opt-out cookie is placed in your browser, with the consequence that Matomo will not collect any data on your visit. Please be aware that complete deletion of your cookies also includes the deletion of your opt-out cookie, so consequently it would have to be re-activated again upon your next visit.
b) Registration for information media for our members
Currently you can register on the BAH Website for the so-called “Pressenewsletter”, meaning that you can subscribe for press releases that will be sent to you by email after registration. Further information media can currently only be signed up for by email.
We assume that we are allowed to use your data for the purpose of sending our aforementioned Newsletters regularly to you, due to the existence of lawful interests pursuant to Art. 6 paragraph 1 sentence 1 point (f) of the GDPR. One of our statutory tasks is to inform our members about any topics that are relevant for the pharmaceutical industry. It is, therefore, explicitly in your interest to be informed about respective matters in a timely and comprehensive manner.
You can deregister/unsubscribe for these services any time. For this purpose, you can contact us either by phone or fax (see information in Section 1). You can also send an email to firstname.lastname@example.org.
c) Use of our Contact Form
We provide you with the opportunity to get in contact with us via the Contact Form on our website. For this, we need your last name as well as a valid email address, in order to know from whom the request comes and how we can answer you. Further information can be provided voluntarily. The personal data collected by us for the use of the Contact Form are deleted after completion of your request.
3. Sharing information
We will not share your personal data with third parties for other purposes than the purposes given below. We will only share your personal data with third parties, if:
- you have given your explicit consent to do so pursuant to Art. 6 paragraph 1 sentence 1 point (a) of the GDPR,
- the disclosure pursuant to Art. 6 paragraph 1 sentence 1 point (f) of the GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
- sharing is necessary to comply with a legal obligation pursuant to Art. 6 paragraph 1 sentence 1 point (c) of the GDPR,
- sharing is required for the fulfillment of contract relations with you pursuant to Art. 6 paragraph 1 sentence 1 point (b) of the GDPR
4. Social Media
a) General information
Based on Art. 6 paragraph 1 sentence 1 point (f) of the GDPR, we use the Icons/Buttons of the social networks Facebook, Twitter, LinkedIn and Xing on our website, in order to make us more well-known.
The pursued commercial purpose is to be considered a lawful purpose pursuant to the GDPR. The responsibility for the data protection compliant operation of the networks is with the respective providers.
The same applies to the services Google Maps and Google Search Console.
The buttons are embedded as external links (for Facebook e.g. with “sharer.php”). The transfer of user data therefore takes place after a click on the button and is performed on the website of the social network and not on the website of BAH.
b) Integration of services and contents of third parties
It may happen that third-party content, such as videos from YouTube, maps from Google Maps or graphics from other websites, is embedded in this website. This always presupposes that the providers of these contents (hereinafter referred to as “third providers”) are perceiving the users’ IP addresses, because without an IP address, the content cannot be sent to the respective user’s browser. Consequently, the IP address is required for the presentation of this content. We strive to only use content whose respective providers use the IP address only for the delivery of the content. However, we have no control over third party providers from saving the IP address e.g. for statistical purposes.
Further information on the use of IP addresses can be found on the respective provider’s website.
Google Inc. (subsidiary of Alphabet Inc., 1600 Amphitheater Parkway, Mountain View, Calif., United States) collects, among other things, the places you have searched for and the routes you plan to use; on YouTube, which videos you show interest for. Further information on which data is collected, processed and used in the individual services can be found here:
We would like to point out that, as the provider of this website, we have no knowledge of the content of the transmitted data or its use by Alphabet and its subsidiary Google.
You can change your privacy-policy settings for Google within your account settings:
5. Your personal rights
You may request that we provide you with information about your personal data that we have stored. Please send your request by email to email@example.com.
Furthermore, under certain conditions, you can claim for rectification or erasure of your personal data. You may also be entitled to require a restriction of the processing of your data or to receive the data you have provided to us in a structured, commonly used and machine-readable format.
You have the right to opt-out from processing of your personal data for direct marketing purposes.
If we process your data for the safeguarding of legitimate interests, you may object this processing if reasons arise from your special situation, which speak against the data processing.
6. Duration of data storage
The BAH deletes your personal data as soon as they are no longer required for the purposes stated in Section 2. It may happen that we store your personal data for the period in which you can assert claims against our association (statutory limitation period of three years or up to 30 years). In addition, we store your personal data only as long as we are legally obliged to do so. Cookies are stored for a maximum period of 365 days.
7. Right of Complaint
In case of complaints you have the opportunity to refer to the Data Protection Officer given in Section 1 or to lodge a complaint with a data protection supervisory authority. The competent data protection supervisory authority for our company is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
8. Data Security
During visits to our website we use the common SSL (Secure Socket Layer) technology in connection with the respective current/common encryption level that is supported by your browser. In addition, we have put in place various suitable technical and organisational security precautions to protect your data against hazardous or intentional manipulations, partial or complete loss, and destruction or unauthorized access by third parties. Our security precautions are continuously updated according to technological progress.