PRIVACY & COOKIE POLICY

A. Privacy Notice

The protection of personal data of users of this website is a major concern of Desitin Pharma Ltd (“Desitin“). The following privacy notice describes what personal data of users are collected on the website and how they are used.

You can display and print out this entire notice here.

 

Controller

The controller for processing your data in connection with this online website is Desitin; exceptions are explained in this privacy statement.

Our contact information is as follows:

Desitin Pharma Ltd

Fairbourne Drive

Atterbury

Milton Keynes

MK10 9RG

Tel.: +44 (0)1908 488817

E-mail: medinfo@desitin.co.uk

 

1. Contact Details for Data Protection Enquiries

Should you have any questions regarding this privacy statement or generally about the processing of your data by Desitin, please contact:

Desitin Pharma Ltd

Fairbourne Drive

Atterbury

Milton Keynes

MK10 9RG

E-mail: medinfo@desitin.co.uk

 

2. Processing of Personal Data

Personal data are all information referring to an identified or identifiable natural person, such as names, addresses, telephone numbers, e-mail addresses, photos or online identifiers. When we process personal data, this means – for example – that we collect, store, use, transmit or delete such data. Hereinafter we will initially specify the processing purposes and legal bases of processing; thereafter we will go into details of the individual categories of personal data collected by us.

3.1. Processing purposes and legal bases

We and service providers contracted by us process your personal data for the processing purposes listed below. We point out that, according to the “legitimate interest” as legal basis, you are entitled to exercise a special right to object to processing (see section 9):

No.	Purpose of Processing	Legal Basis of Processing	Description of the Legitimate Interest in Processing, where relevant
1.	Providing a website for the general public according to our Terms of Use [LINK]	performance of a contract, respectively our legitimate interest	We have a legitimate interest in providing an internet presence in order to generally inform about our enterprise.
2.	Providing an opt in area for Healthcare Professionals only	performance of a contract
3.	Collecting statistical information about the use of the website (so-called web analysis) through Google Analytics	Legitimate Interest	We have a legitimate interest in obtaining information about the website use, especially in order to improve our offer.
4.	Tracking malfunctions and guaranteeing the system security, including the detection and tracing of unauthorised access attempts and accesses to our web server	Compliance with our legal obligations in the field of data security, and our legitimate interest	We have a legitimate interest in removing malfunctions, guaranteeing the system security, as well as detecting and tracing unauthorised accesses or access attempts.
5.	Safeguarding and defending our rights	Legitimate Interest	We have a legitimate interest in exercising and defending our rights.

3.2. Automatically collected data

During your visit to the website Desitin automatically collects the following access data, which are relevant for system security and data security, in the so-called logfiles of the web server. This in particular involves the following data:

• Domain and Host, from where you use the internet;

• Internet address of the web page, from where you have come through a link to this website;

• Date and time;

• Duration and selection of visited web pages on our website;

• Amount of data transferred;

• Internet protocol (IP) address of your computer;

• Operating system and information about the browser used, including add-ons installed, if any (for example for the flash player); and

• https status code (for example “Request successful” or “Requested file not found”).

The logfiles are stored for up to seven days for the purpose of tracking malfunctions and guaranteeing system security, including detecting and tracing unauthorised access attempts and accesses to our web servers, and are thereafter deleted, unless a suspect case of unlawful access to our web servers has occurred until then. The logfiles are only analysed in such suspect cases and only by authorised persons. Logfiles which must continue to be stored for evidentiary purposes are excluded from deletion until final clarification of the particular case, and may be forwarded to investigation authorities or lawyers to the required extent. The logfiles are additionally also stored for the web analysis, however without (complete) IP address. For web analysis purposes, the files are evaluated in aggregated form only (for details see section Web analysis [LINK]).

 

3.3.  Processing of other personal data

Personal or business data are only collected from you when you give them to us voluntarily, for example when you register with Desitin, or send a request to Desitin via a contact form. These data are only collected, processed and used to the extent necessary for the particular purpose and legally permitted, or subject to your consent. No link is created between your details and the automatically collected data.

 

3.4.  Recipient of personal data

3.4.1. Disclosure of data to other controllers (general)

Your personal data are in principle only transferred to the extent required for the particular purpose and to other controllers only in cases where this is necessary for contract performance, where we or the third party have a legitimate interest in such disclosure, or where you have given your consent for that purpose. Furthermore data may be transferred to other controllers insofar as we are obligated to make such disclosure due to statutory provisions or enforceable orders issued by public authorities or courts having jurisdiction.

 

3.4.2. Service providers (general)

Desitin reserves the right to employ service providers for data processing (for example, Desitin may commission a service provider to send you requested information material; for this purpose the mailing company must know your name, address and the specifically requested material). In these cases Desitin will enter into processing agreements with the service providers to the necessary extent.

In concrete terms the following types of service providers are concerned:

• IT service provider

• Google Analytics

 

3.4.3. Disclosure to recipients outside the EEA

We might forward personal data also to recipients having their registered seat outside the EEA in so-called third countries (for example service providers working for us as processors). Non-EEA countries are countries not forming part of the so-called European Economic Area, thus for example the United States of America. In such event we make sure prior to disclosure that either an appropriate level of data protection exists at the recipient (for example based on an Adequacy Decision of the EU Commission for the country concerned in accordance with Article 45 GDPR, based on a self-certification of the recipient for the EU-US Privacy Shield in conjunction with the corresponding Adequacy Decision of the Commission according to Article 45 GDPR, or based on an agreement on so-called EU standard contractual clauses approved by the European Commission with the recipient in accordance with Article 46 GDPR), or that you have given your explicit consent to the disclosure.

You can obtain from us an overview of the recipients in third countries and a copy of the specifically agreed regulations to ensure the appropriate level of data protection. For this purpose, please use the details in section Contact [LINK].

 

3.5. Duration of storage; retention periods

In principle, we store your data as long as this is necessary for providing this website and the related services, or as we have a legitimate interest in further storage (for example we can still have a legitimate interest in postal marketing even subsequent to performance of a contract). In all other cases we delete your personal data, except for data that we must continue to store in order to comply with statutory obligations (due to retention periods prescribed under tax and commercial law we are, for example, obliged to preserve documents such as contracts for a certain period of time).

The following specific retention periods apply:

• Automatically collected data (for security reasons): 7 days;

• Analysis tool Google Analytics: Data are permanently retained in anonymised form;

• Registration data: These data are retained until they are deleted by you, or until you instruct us accordingly; inactive registrations are deleted upon expiration of 4 years;

• You find information about the duration of storage of cookies used by us in the following section Cookies [LINK].

 

4. Cookies

Some of the web pages of the Desitin website use so-called “cookies”. Cookies are small files that are stored on the user’s computer when visiting a website. Cookies can store various types of data and help to provide additional functions (and thus make the website as a whole more user-friendly, more effective and safer). If cookies are used, these do not contain any personal data, unless you have given your explicit consent.

Desitin also uses a so-called analysis cookie in conjunction with the web analysis (see section Web analysis [LINK]).

Hereinafter you find a summary of cookies used by us, which shall inform you about the purpose and type of the cookie concerned, and the respective storage duration.

Purpose of Cookie	Type of Cookie	Name of Application	Name of Cookie	Storage Duration
Functional Cookie	Session	DocCheck Login / Professionals Login	ap_docchecklogin_redirect	Browser session
Functional Cookie	Session	DocCheck Login / Professionals Login	Doccheck_user_id	Browser session
Functional Cookie	Session	DocCheck Login / Professionals Login	Doccheck_scu_data	1 year
Functional Cookie	Permanent	Reference to Cookie	cb-enabled	1 year
Functional Cookie	Session	Selected font size		7 days
Functional Cookie	Session	Google Analytics (performance)	_gat_gtag_UA_105876084_1	1 minute
Analysis	Session	Google Analytics (performance: if used via the Google day manager function)	dc_gtm<property-id	1 minute
Analysis	Session	Google Analytics (distinction between users)	_gid	1 day
Analysis	Permanent	Google Analytics (distinction between users)	_ga	2 years

Of course you can set your browser in a way that it does not store our cookies on your hard drive by selecting “Accept no cookies” in your browser settings. Please note that certain features of our website may not be available or are no longer conveniently usable, if you have disabled the use of cookies.

The settings options do not cover cookies set by other providers during your visit to web pages of third parties.

5. Web Analysis – Google Analytics

Google Analytics is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use Google Analytics with the additional function offered by Google for anonymising IP addresses: Here, the IP address is normally stored by Google within the EU already and only in exceptional cases shortened in the USA, and is at all events stored in a shortened form only.

You can object to the collection or analysis of your data through this tool by downloading and installing the available Browser Plugin here [LINK].

6. External Links

Our online offer may include links to web pages of third parties. We have no influence on the processing of any personal data transferred to third parties by clicking the link (like for example your IP address or the URL of our website where the link is located). We assume no liability for the processing of such personal data by third parties. The third party’s privacy notice shall apply.

 

7. Security

 

Our employees and the service companies contracted by us are obliged to maintain secrecy and comply with the regulations of the applicable data protection laws.

We take all necessary technical and organisational measures, in order to guarantee a level of protection appropriate to the risk involved and to protect your data managed by us, especially against risks arising from unintended or unlawful destruction, loss, change or unauthorised disclosure or unauthorised access. Our security measures are continuously improved in line with the technological development.

 

8. Confidentiality of E-Mails

 

If you send an e-mail to Desitin via this website, these data are transmitted in encrypted form via an SSL.

 

9. Your Rights as Data Subject

Exercising of your rights: In order to exercise your rights as data subject affected by the processing of your personal data, please use the details in section Contact [LINK]. Please ensure for this purpose that a clear identification of your person is possible for us.

Right to information and access: You are entitled to receive information about the processing of your data from us. You may require us to confirm whether we process any personal data concerning you, and you have the right to access your data processed by us.

Right of rectification and erasure: If your data are inaccurate or incomplete, you may demand that your data should be rectified or completed. If we disclosed your data to third parties, we inform them about the rectification to the extent prescribed by law.

You have the right to obtain erasure of your personal data from us, if the legal prerequisites are fulfilled for that purpose. This situation particularly applies in cases where:

• your personal data are no longer needed for the purposes for which they have been collected;

• the legal basis for processing was exclusively your consent, and you withdrawn such consent;

• you objected to direct marketing;

• you objected to processing based on our legitimate interests as legal basis on grounds that relate to your particular situation and there are no overriding legitimate grounds for the processing;

• your personal data have been subject to unlawful processing; or

• your personal data must be erased, so as to comply with a legal obligation.

When we disclose your data to third parties, we inform them about the deletion to the extent prescribed by law. Please note that your right of deletion is subject to restrictions. For example, we are not committed or permitted to delete any data which we must continue to preserve due to statutory retention periods. Likewise, data which we need in order to establish, exercise or defend legal claims are excluded from your right of deletion.

Restriction of processing: You may require us to restrict the processing of your data, if the legal prerequisites are fulfilled for that purpose. This situation particularly applies in cases where:

• the accuracy of your personal data is contested by you, and then until we have been able to correct or verify the accuracy;

• the processing is unlawfully done and you request a restriction of use instead of erasure (see also above);

• we no longer need your data for processing purposes, but you need such data in order to establish, exercise or defend your legal claims;

• you objected to the processing for personal reasons, and then until it is established whether your interests are predominant.

If the right to have processing restricted exists, we mark the data concerned in order to make sure that these data only continue to be processed within the narrow limits applying to such restricted data (i.e. especially in order to defend legal claims, or with your consent).

Right to data portability: Under the General Data Protection Regulation (GDPR) to be observed as from 25 May 2018, you are furthermore entitled to receive transmission of your data provided to us in a structured, commonly used and machine-readable format, or to request – if technically feasible – that the data be transmitted to a third party.

Rights of objection: You have the right to object to data processing on grounds relating to your particular situation, if such processing is based on legitimate interest as legal basis. You may furthermore always object to the processing of your data for marketing purposes. Please also note in this context section Information about your rights of objection [LINK].

Withdrawal of consent: If you have given us your consent to the processing of your data, you may always withdraw such consent with effect for the future. The lawfulness of processing your data remains unaffected until withdrawal.

Right to lodge a complaint with the Supervisory Authority: You have the right to lodge a complaint with a Supervisory Authority. For this purpose you may particularly contact the Supervisory Authority competent for your place of residence, or the Supervisory Authority competent for us. This is: The Information Commissioners Office (ICO) – https://ico.org.uk/global/contact-us/

 

10. Amendment of the Privacy Statement

Desitin reserves the right to amend the contents of this privacy statement in accordance with the statutory requirements. We will post changes on this website that materially affect you or have an impact on you and will inform affected registered users in advance. Please also keep yourself informed about updates of this privacy notice on our website.

 

11. Contact

If you wish to contact us, you reach us under the address specified in section Controller [LINK].

B. Information about your rights to object

In order to exercise your rights, we advise you to contact:

Address: Desitin Pharma Ltd, Fairbourne Drive, Atterbury, Milton Keynes, MK10 9RG

E-mail: medinfo@desitin.co.uk

 

Objection to data processing based upon “legitimate interest” as legal basis:

You have the right to always object to data processing performed by us, where it is based on legitimate interest as legal basis. We will then cease to process your data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or process these data in order to establish, exercise or defend legal claims only.

Objection to direct marketing:

You can furthermore always object to the processing of your personal data for direct marketing purposes (“objection to promotional activities”). We will then cease to process your data for marketing purposes. Please take into consideration that, for organisational reasons, your objection and the use of your data during an already ongoing campaign can overlap.