We take the protection and security of our customer, business partner, employee, and third-party data seriously.
The respect of privacy is thus a serious concern to which we pay special attention when processing and using personal data. Insofar as personal data is collected (e.g. your name, address, or other contact details), it is processed and used exclusively in accordance with applicable data protection regulations.
In the following we would like to inform you about the collection of personal data when using this website. Personal data is any data that refers to you personally – e.g. name, address, e-mail address, user behaviour.
1. Controller & Data Protection Officer
The controller responsible for the collection, processing, and use of your
personal data in the context of the General Data Protection Regulation (GDPR) is
transmed Transport GmbH, Dr.-Gessler-Straße 37, 93051 Regensburg, Germany, management(at)transmed.de.
You can contact our data protection officer at datenschutz(at)transmed.de or via our postal address, marked for the attention of “the data protection officer”.
2. Collection of personal data when visiting our website
(1) When you use the website for information purposes only – i.e. if you do not register or otherwise provide us with information – we collect only the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
– IP address
– Date and time of the request
– Time zone difference from Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– Amount of transferred data
– Referrer URL
– Operating system and its interface
– Language and version of the browser software
The lawful basis for processing this data is Art. 6(1)(f) GDPR. Our interests in the data processing are, in particular, to enable the use of the website by guaranteeing the stable operation and security of the website. Where not specifically indicated, we store personal data only for as long as it is necessary to fulfil the purposes for which it was collected.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the entity placing the cookie (in this case, us). Cookies cannot execute programs or transmit viruses to your computer. Their purpose is to make websites more user-friendly and effective.
So that we can determine whether you have consented to the processing of data in connection with cookies/plug-ins (if necessary), we set a cookie, on the basis of our legitimate interest (Art. 6(1)(f) GDPR), that informs us to which type of data processing you have given your consent or if you have not consented.
(3) If you have given us your consent, we will use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics allows us to compile statistics about the use of our website and its sources. The cookies are stored for two years. We use Google Analytics exclusively for statistical purposes – e.g. to track how many users have clicked on a specific element or piece of information.
The lawful basis for the processing is your consent (Art. 6(1)(a) GDPR), which you can provide in the cookie banner. If you have not given us your consent, your use of our website will not be recorded by Google Analytics.
Google Analytics is based on cookies and records information about your use of our website, including your IP address. To prevent website visitors being identified via their IP address, we use a specific code to ensure that their IP address is only transmitted in a truncated and therefore anonymous form. It is no longer possible to identify individual users with this shortened IP address.
You can find more information about data protection with Google Analytics here.
You may revoke your consent with effect for the future by downloading and installing the plug-in available from the following link:
In addition, you can change the settings here or via the opt-out page of the Network Advertising Initiative (NAI).
Finally, you can prevent cookies from being stored via your browser’s general settings.
General note about Google:
The information recorded by Google Analytics is sent to Google, which is based in the USA. Google is self-certified under the Privacy Shield to ensure adequate protection of your personal data in accordance with EU law.
Further information about data protection at Google can be found here.
3. E-mail contact
If you contact us (e.g. via the contact form or e-mail), we store your details in order to process your query and for any follow-up questions. We delete this data when it no longer needs to be stored or restrict its processing if there are legal obligations to keep the data. We store and use other personal data only if you consent to this or this is legally permissible without specific consent.
4. Google Maps
The website incorporates Google Maps via an API in order to display geographical information visually. Our legitimate interests are derived from this purpose. The IP address needs to be processed by Google in order to display the map. When you visit the website, Google is notified that you have accessed the relevant subpage of our website. The data is processed on the lawful basis of Art. 6(1) sentence 1(f) GDPR. Our cooperation with Google LLC in data protection aspects is based on an agreement regarding shared responsibility in accordance with Art. 26 GDPR, which can be viewed here.
By using Google Maps, the user enters directly into a user relationship with Google.
General note about Google:
The information recorded by Google Maps is sent to Google, which is based in the USA. Google is self-certified under the Privacy Shield to ensure adequate protection of your personal data in accordance with EU law.
Further information about data protection at Google can be found here.
5. Google Fonts
To ensure the consistent display of fonts, our website uses the fonts service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). When you access a webpage, your browser loads the required web fonts into your browser’s cache in order to correctly display text and fonts. To do this, the browser you are using needs to communicate with Google’s servers. This involves transmitting personal data to the servers of Google LLC in the USA. Google will be informed, for example, that our website has been accessed via your IP address. Google Fonts is used to ensure that our online services are presented in a consistent and attractive way. Our legitimate interests within the meaning of Art. 6(1)(f) GDPR are derived from these purposes.
In the event that personal data is transmitted to Google LLC, which is based in the USA, Google is self-certified under the Privacy Shield, which guarantees compliance with the level of data protection applicable in the EU.
6. Social plug-ins
Our website uses social plug-ins (“plug-ins”) from social networks.
To enhance the protection of your data while visiting our website, the plug-ins are not unrestricted but merely embedded in the page using an HTML link (the so-called “Shariff” solution from German computer magazine c’t). This embedding ensures that when you access a page on our website containing these plug-ins, no connection is made with the servers of the provider of that social network. If you click on one of the buttons, a new browser window opens and calls up the page of the respective service provider, on which you can (after entering your login details, if required) use the Share button, for example.
To learn more about the purpose and extent of data collection and the further processing and use of the data by providers on their websites as well as your rights in this respect and settings options to protect your privacy, please consult the following providers’ data policies:
XING AG (Dammtorstr. 30, 20354 Hamburg, Germany)
LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA)
7. Your rights
In the following we would like to inform you about your rights according to the GDPR:
Right of access
You have the right to obtain confirmation as to whether we process your personal data and, if this is the case, to obtain information regarding this data according to Art. 15 GDPR.
Right to rectification
In accordance with Art. 16 GDPR, you have the right to request the completion or correction of inaccurate data concerning you.
Right to erasure
In accordance with Art. 17 GDPR, you have the right to demand that your personal data be deleted, provided that there are no legal obligations to keep the data.
Right to restriction of processing
You may demand restriction of the processing of your personal data in accordance with Art. 18 GDPR.
Right to data portability
In accordance with Art. 20 GDPR, you have the right to request a copy of the personal data we hold about you and, in addition, to request that it be transmitted to other data controllers.
Right to object
You may object to the processing of your personal data in accordance with Art. 21 GDPR at any time.
Right to withdraw consent
You have the right to withdraw consent at any time in accordance with Art. 7(3) GDPR with effect for the future.
Right to lodge a complaint with a supervisory authority
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
8. Reporting system for data protection incidents
The PHOENIX group, i.e. PHOENIX Pharmahandel GmbH & Co KG as well as its affiliated companies within the meaning of sections 15ff of the German Stock Corporation Act (AktG), has established a web-based reporting system that provides customers, business partners, employees, and third parties with a simple system for reporting data incidents or problems. These reports are taken seriously, reviewed and actioned regularly, and used to improve the protection of personal data.
You can access this reporting system at any time via phoenixgroup-databreach.integrityplatform.org.
In order to explain the background to the reporting system in more detail, we have also answered a number of frequently asked questions below:
When should I report an incident?
PHOENIX group has an obligation to notify the supervisory authority within 72 hours of becoming aware of an incident. This means that all incidents must be reported without undue delay via the online reporting tool.
Which data protection incidents need to be reported and how?
All personal data incidents are to be reported to the data protection officer via the online reporting tool.
What is a data protection incident?
A data protection incident is any event that has resulted, or could result, in the accidental or deliberate loss of personal data (electronic or paper) or destruction of data, or unauthorised access to data (e.g. loss or theft of laptops, smartphones, paper documents).
What happens after I submit a report?
The data protection officers will review the incident report and contact you for further information or, where necessary, assist you with post-incident actions.
We reserve the right to modify our data security statement. This may be necessary as a result of technical developments, for example. We therefore ask you to consult the data security statement from time to time and to apply the current version.
If you have any further questions regarding the processing of your personal data, please contact our data protection officer.
Last updated: 10 October 2019