Data Privacy Statement

Lomapharm GmbH (hereinafter referred to as „we“ or „Data Controller“) takes the protection of personal data seriously and adheres to the pertinent data protection law provisions, in particular the provisions of the EU General Data Protection Regulation (GDPR). Below, we should like to inform you, in particular, of when we process which data in the context of the use of our website www.lomapharm.de .

I. Controller

Controller in the meaning of the GDPR and other national data protection laws of the EU Member States, as well as other data protection law provisions is:

Lomapharm GmbH

Langes Feld 5
31860 Emmerthal

Telephone: +49 5155 2791-370
Telefax: +49 5155 2791-379

E-mail:


II. Contact details of the data protection officer

The contact details of the controller’s data protection officer are:

E-mail:


III. Contact details of the supervisory authority

The contact details of the supervisory authority competent for the place of business of our company are:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Barbara Thiel

Prinzenstr. 5
30159 Hannover

Telephone: +49 511 120 4500
Telefax: +49 511 120 4599

IV. General information on processing of the data

1. Scope of processing of the data

It is, principally, only to the extent necessary for the provision of a functioning website and of our contents and services that we collect and use personal data. The collection and use of the personal data of our users takes place only where processing of the data is permitted by statutory provisions or after consent has been granted by the user.

2. Legal basis for processing of the data

Where the user’s consent to operations in relation to the processing of personal data is obtained by us on our website, Art. 6 (1) lit. a GDPR serves as a legal basis for the processing of personal data.

Art. 6 (1) lit. b GDPR serves as a legal basis for the processing of personal data required for the fulfilment of a contract of which the user is a contracting party. This applies also to processing operations necessary for the fulfilment of a quasi contract obligation or for pre-contractual measures.

If and when the processing of personal data is required for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as a legal basis.

Where the processing is necessary for the protection of a legitimate interest of our company or a third party and the first-mentioned interest is not overridden by the interests, basic rights and fundamental freedoms of the user concerned, Art. 6 (1) lit. f GDPR serves as a legal basis for processing of the data (so-called weighing of interests).
Apart from that, there are other statutory provisions for the processing of personal data, which – to the extent pertinent – are concretely specified by us below.

3. Duration of storage

The users’ personal data will be deleted or blocked as soon as the purpose of storage has ceased to exist. Apart from that, storing may take place where this has been provided for by the European or national legislator in regulations, laws or other provisions of the European Union to which our company is subject. Blocking or deletion of the data will also take place when a period for storing of the data prescribed by the above-mentioned norms has expired, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

4. The passing on of personal data

If we pass on personal data, we do so exclusively to service providers supporting us with fulfilling the above-mentioned purposes. Such companies are not allowed to use your personal data except for fulfilling their tasks on our behalf, as so-called data processing companies, and they are obligated to adhere to the pertinent data protection rules.
The data processing company employed by us is:

  • Falk Tacke GmbH, Zinngießerstraße 9, 31789 Hameln

Apart from that, there is no passing on of personal data to third parties.

5. Place where the data is processed

Processing of your stored personal data by us takes place in countries of the European Economic Area.


V. Provision of the website and logfile creation

1. Description of the data processing operation

Whenever our website is accessed, our system automatically collects data and information from the system of the computer calling up the website.

Thereby, the following data are collected:

  • Website / file requested from our server
  • Hostname of the accessing computer
  • Message as to whether the accessing was successful
  • Information on the type of the browser and the version used
  • User’s operating system
  • User’s internet service provider
  • Date and time of access
  • Websites from which the user’s system accesses our website (so-called „referrer“)
  • Amount of data transferred (in bytes)
  • User’s anonymized IP address

It is only the user’s anonymized IP address which is stored in our logfiles; thus, it is not possible to attribute the user’s data to a specific person.

There is no storing of these data together with other personal data of the user.

2. Legal basis for processing of the data

Art. 6 Abs. lit. f GDPR is the legal basis for the temporary storage of the data.

3. Purpose of processing of the data

The storage in logfiles is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of data for marketing purposes does not take place in this context. These are the purposes wherein our legitimate interest in the processing of data in accordance with Art. 6 (1) lit f GDPR lies.

4. Duration of storage

The data will be deleted as soon as it is no longer required for achieving the purpose for which it was collected. Where the data is collected for provision of the website, this is the case when the respective session has ended. Storage beyond this point is possible as the users’ IP addresses have been anonymized so that it is no longer possible to attribute the client calling up the website.

5. Possibility of objection and removal

The collection of data for provision of the website and the storage of data in logfiles is necessary for operating of the website. Consequently, there is no possibility of objection on the part of the user.


VI. Contact form / E-mail contact

1. Description of the data processing operation

There are contact forms on our website which can be used for making contact electronically. Where a user makes use of this possibility, the data entered in the input mask (mandatory fields and optional information) are transmitted to us and stored. These data are, in particular:

  • Company name
  • Surname
  • Given name
  • Country
  • E-mail address
  • Telephone number
  • Request (contents of the message)


Alternatively, contact may be made via the e-mail address made available by us. In this case, the user’s personal data transmitted together with the e-mail will be stored.

No passing on of data to third parties takes place in this context. The data is used for processing the conversation, exclusively.

2. Legal basis for processing of the data

The legal basis for processing of the data is Art. 6 (1) lit. f GDPR. Where the e-mail contact is aimed at the conclusion of a contract or a quasi contract obligation, Art. 6 (1) lit. b GDPR is an additional legal basis for the processing.

3. Purpose of processing of the data

Processing of the personal data only serves us to process the communication. This is also where the required legitimate interest in the processing of data lies in the event of contact.

4. Duration of storage

The data will be deleted as soon as it is no longer required for achieving the purpose for which it was collected. As regards personal data transmitted by e-mail, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the respective facts have been clarified conclusively.

5. Possibility of objection and removal

Where users contact us by e-mail or via the contact form, they may object to the storage of their data, at any time. The objection may be made by notifying the contact information at the end of our Data Privacy Statement. In the event of objection, the conversation with the user cannot be continued and all the personal data stored within the course of making the contact will be deleted by us.


VII. Use of cookies

1. Description of the data processing operation

We use “cookies” to make visiting our website more attractive and to facilitate the use of certain functions. Cookies are small text files stored on the browser or copy pasted from the browser to the user’s terminal device. When a website is called up by a user, a cookie may be stored on the user’s operating system. This cookie contains a characteristic character string which allows the browser to be identified unambiguously when the website is called up again.

a) Technically necessary cookies

We use cookies to make our website more user-friendly. Some elements of our website require that the browser accessing it can be identified even after a page change. The following data are stored in the cookies and transmitted:

  • „Session“ cookie
  • „Backend user“ cookie (is automatically set by the content management system at every registration in the content management system)
  • „Cookie information“ cookie



b) Technically unnecessary cookies, third-party cookies

Apart from that, we use the following technically unnecessary cookies or third-party cookies on our website.

 

  • Cookies set by Matomo, including „Matomo-opt-out cookie“ (where the user makes use of the possibility of an opt-out, see number VIII 5. of the Data Privacy Statement).


c) Information on a change of the browser settings

Most browsers are set in a way that they automatically accept cookies. The user may, however, prevent the storing of cookies on his/her computer by adjusting the browser settings accordingly. This may, however, restrict the scope of the functions of our website.

2. Legal basis for processing of the data

The legal basis for processing of the personal data using cookies is Art. 6 (1) lit. f GDPR.

3. Purpose of processing of the data

The purpose of the use of technically necessary cookies is to make it easier for the user to use the website. Some of the functions of our website cannot be offered without using cookies. For these functions it is necessary that the browser can be recognized again after a page change. The analytical cookies tell us how our website is used which allows us to continuously optimize our online offers.  The above-mentioned purposes are also the ones wherein our legitimate interest in the processing of data in accordance with Art. 6 (1) lit f GDPR lies.

The user data collected on our website using cookies are not used for the creation of user profiles.

4. Duration of storage, possibility of objection and removal

Cookies are stored on the user’s computer and transmitted from there to our website. Thus, you as the user have full control of the use of cookies. By changing the settings of your browser you may deactivate or restrict the transmission of cookies. Cookies which have already been stored can be deleted any time. This can also be done automatically. The full use of all the functions of our website may no longer be possible where cookies have been deactivated for our website.


VIII. Use of the „Matomo“ web analysis tool

1. Description of the data processing operation

On our website, we use the Matomo web analysis tool to analyze the surfing behaviour of our users. The following data are stored when individual pages of our website are called up:

  • The anonymized IP address of the user’s system calling up the website
  • User’s internet service provider
  • Number of visitors (unique and recurrent)
  • Number of clicks on individual subpages
  • Duration of stay
  • Break-off and opt-out rates
  • Number of pages visited
  • Number of specific activities performed (e.g. downloads)
  • Number of days since last visit
  • Kind of referrals (direct access or access via external sources like search engines and other websites)
  • Software used (operating system and browser)
  • Devices used (type, model, screen resolution)
  • Origin of the visitors by country
  • Access times


The tool is set in a way that the IP addresses are not stored completely but that 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). Thus, it is no longer possible to attribute the shortened or anonymized IP address to the computer calling up the website.

2. Legal basis for processing of the data

Art. 6 (1) lit. f) GDPR is the legal basis for the here described processing of the users’ personal data.

3. Purpose of processing of the data

Processing of the users’ personal data enables us to analyze the surfing behaviour of our users. By evaluating the data collected we are able to compile information on the use of the individual components of our website. This helps us in constantly improving their user-friendliness. These are also the purposes wherein our legitimate interest in the processing of data pursuant to Art. 6 (1) lit. f) GDPR lies. By anonymizing their IP addresses, the users’ interest in the protection of their personal data is sufficiently taken account of.

4. Duration of storage

The data will be deleted as soon as they are no longer required for our recording purposes. In our case this will be the case after 3 months.

5. Possibility of objection and removal, deactivation of Matomo

On our website, we offer our users the possibility to opt out from the analysis procedure. To do this you have to follow the respective link. Hereby, a cookie (opt-out cookie) is set in your system signalizing to our system not to store the user’s data. Where a user has meanwhile deleted the respective cookie from his/her own system, he/she has to set the opt-out cookie once again.

You may object to the web analysis by clicking on the following link:

For more detailed information on the private sphere settings of the Matomo tool please see the following link: https://matomo.org/docs/privacy/


IX. Data subject rights

When personal data from you are processed you are a data subject in the meaning of the GDPR and entitled to the following rights towards the data controller:

1. Right to information

You have the right to request to be informed whether or not personal data concerning you are processed; where this is the case, you have the right to information about these personal data and to the information specified in detail in Art. 15 GDPR.

2. Right to correction

You have the right to immediately request correction of any incorrect personal data concerning you and, if applicable, completion of incomplete personal data (Art. 16 GDPR).

3. Right to the restriction of processing

You have the right to request the restriction of processing, if one of the conditions mentioned in Art. 18 GDPR is fulfilled, e.g. where you have lodged an objection against the processing, pending verification whether the objection is admissible.

4. Right to deletion

You have the right to request that personal data concerning you are deleted, immediately, if one of the reasons mentioned in detail in Art. 17 GDPR applies, e.g. if the data are no longer required for the purposes pursued and deletion is not excluded by the statutory obligations to preserve records.

5. Right to data portability

Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have made available to us, in a structured, commonly used and machine-readable format, in order to be able to either transmit them yourselves or – where technically feasible – have them transmitted by us to a third party.

6. Right to object

You have the right to object, at any time, on grounds resulting from your particular situation, to the processing of personal data concerning you within the scope of the requirements of Art. 21 GDPR.

7. Right to revoke the declaration of consent under data protection law

You have the right to revoke, at any time, any declaration of consent under data protection law you have made towards us. Revoking the consent does not affect the legitimacy of the processing based on the consent performed until such revocation.

8. Rights in the case of automated decisions

Where, as an exception, we use automated individual case decisions – including profiling – we are obligated by statutory provisions to arrange for you to be able to influence the decision (Art. 22 GDPR).

9. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that processing of the personal data concerning you infringes any data protection law provisions.

For the contact details of the supervisory authority competent for our company please see no. III.

10. Other matters

We should like to point out that the above data subject rights may be restricted by EU law or the applicable national law.

For assertion of the above-mentioned rights please contact us using the contact details provided in no. I. Any enquiries submitted to us electronically will, as a rule, be answered electronically, unless otherwise provided for in your enquiry.


X. External links

Our website may contain links referring to the pages of third parties. Where this is not obvious, we point out that an external link is concerned.  We have no influence on the contents and design of the pages of external providers. This Data Privacy Statement does not apply there.


XI. Alteration of this Data Privacy Statement

The continuous development of the internet and the related frequent amendments to the applicable legal norms require our Data Privacy Statement to be adjusted from time to time. We will keep you informed here about any corresponding alterations.

Status as of: February 2019