Privacy Policy

We are pleased that you are visiting our website. We take the protection of your personal data very seriously.

In the following, you will find information on the type and scope of the processing of your personal data in accordance with Art. 13 of the GDPR by Biologische Heilmittel Heel GmbH (hereinafter: “we” or “us”), which we are happy to provide you with in this data protection declaration.

1. Name and contact information of the controller; data protection officer’s contact

(1) The name and contact information of the controller:

 Biologische Heilmittel Heel GmbH
Dr.-Reckeweg-Str. 2-4
76532 Baden-Baden, Germany
E-mail: info@heel.com 

You can find more information in the Legal notice.

(2) Contact details of the Data Protection Officer:

Biologische Heilmittel Heel GmbH
Data Protection Officer
Dr.-Reckeweg-Str. 2-4
76532 Baden-Baden, Germany
E-mail: dataprotection@heel.com

2. Processing of personal data when using our website

2.1 Accessing the website

(1) When you visit our website, we inform you about various third-party services and content via our cookie banner. You can find this information again in Section 5 of this privacy policy below. In this case, the type and scope of data processing depends in part on which "privacy settings" you make within the cookie banner.         

In addition, we process the data from you described below in this Section 2. The type and scope of data processing here depends in particular on which functions of the website you use or how you communicate with us: 

In this context, we collect the following data, which is technically necessary for us to display our website and to ensure its stability and security:                 

  • IP address of the requesting processor
  • Date and time of the request
  • Name and URL of the file retrieved
  • Operating system information and its access status/HTTP status code
  • The volume of data transmitted in each case
  • Website from which our site was accessed
  • Browser and language and version of the browser software

(2) If this data constitutes personal data, we process it on the basis of our overriding legitimate interests (Art. 6 Para. 1(1) Letter f) of the GDPR).

 The aforementioned data is processed by us for the following purposes:

  •  Ensuring a problem-free connection setup of the website
  • Evaluation of system security and stability.
  • Analysis of unauthorised access or attempts to access the system

(3) The listed data are automatically deleted after a period of seven days.

2.2 Use of our contact options

(1) If you have any questions, you can contact us using a form provided on our website. In addition to your query (including content and subject), you are required to enter your salutation, name, country and valid E-mail address so that we know who the query is coming from and will be able to respond to it personally. Other information can be entered voluntarily. 

In addition to using the above-mentioned contact form, you are also welcome to contact us directly by E-mail. 

Please note that data cannot always be transmitted securely on the internet. Protection cannot be guaranteed when exchanging data, especially in E-mail correspondence. Please do not send sensitive data (including health-related aspects) to us via E-mail. 

We also offer you the option of contacting us by telephone using the published telephone numbers (such as the customer hotline). Other communication channels (such as post and fax) can also be used. 

Last name, first name and other data depending on the selected medium (e.g. telephone numbers provided, address, notes on the content of the call) are regularly processed when this is done. 

(2) The legal basis for the processing of personal data is Art. 6 Para. 1 (1) Letter b of the GDPR. According to it, we are allowed to process data if the processing is required for the fulfilment of a contract which you party to or for the performance of pre-contractual measures. Otherwise, if you are not a customer of ours and no customer relationship is being formed, we base the data processing on our overriding legitimate interests (Art. 6 Para. 1 (1) Letter f) of the GDPR). We process the data listed for the following purposes: 

  • Getting in touch
  • Responding to specific questions

(3) The personal data we collect will only be stored for as long as is necessary to achieve the purpose for which the data was collected. We may be obliged to store data beyond this due to retention duties under the provisions of fiscal and commercial law.

3. Notes on consent for provision of the personal data  

If you have given your consent to the processing of your data, you can withdraw it at any time free of charge. Such a withdrawal will affect the admissibility of the processing of your personal data after you have given it to us. 

You can easily declare the withdrawal of your consent. Depending on the processing operation, the following options are available to you: 

  • Insofar as you have given your consent via the cookie banner (cf. the explanations under Section 5 below), you can declare your withdrawal via the settings in the cookie banner here. To do so, move the slider for individual or multiple services so that the grayed-out "x" is visible in the selection.
  • Insofar as you have given your consent to a newsletter (for example, by registering on the website), you can withdraw your consent by clicking on the unsubscribe link within the newsletter.
  • Insofar as you have given your consent in another way, you can declare your withdrawal by informal declaration to us via a contact option specified in the Legal notice.

4. Use of cookies

(1) General information

We use cookies to make our website attractive and user friendly, to improve it and to make access faster. 

These are small text files that are saved on your computer and which store certain settings and data for exchange with our system via your browser. Cookies cannot damage your computer and do not contain malicious software such as viruses. 

You have the option to change your browser settings so that cookies are not saved or are erased at the end of your Internet session. 

However, please note that in this case you may not be able to use all functions of our website.             

(2) Technically essential cookies (category "essential").

We use cookies that are necessary for operating the website. These enable functions without which the website cannot be used as intended. We have explained the essential cookies individually in the cookie banner. 

Insofar as personal data is processed when essential cookies are used, this is done on the basis of Art. 6 Para. 1 (1) Letter f of the GDPR ("legitimate interest"). Our interests are to provide you with a pleasant user experience. 

(3) Optional cookies (category "functional" or "marketing")

Furthermore, we use optional cookies for the purpose of website analysis and tracking. In Section 5, we describe the analytics and tracking tools used on this website and the optional cookies associated with them in detail. 

We only use optional cookies with your consent (Art. 6 Para. 1 (1) Letter a of the GDPR). If you are visiting our website for the first time, a banner is displayed which we use to ask you for your consent to the use of optional cookies. 

If you give your consent, we save a cookie on your computer and the banner will not be displayed again for the lifetime of the cookie. After this, or if you actively delete the cookie prior to this, the banner will be displayed again on your next visit to our website to obtain your consent again. You can also find a description and your settings options for this by clicking on the "Privacy settings" link at the bottom of our website. 

5. Services on the website (Information from cookie banner)

We use third-party services on our website, such as analytics and marketing technologies. The providers of these technologies may also store information on your end device (e.g. cookies) and/or access information located on your end device (e.g. browser used, operating system, etc.). Personal data can also be processed in the process. 

To give you a better overview of these services, we have divided them into the following categories:       

  • Essential: These technologies are required for the core functionality of the website.
  • Functional: These technologies allow us to analyse website usage in order to measure and improve performance.
  • Marketing: These technologies are used by advertisers to serve ads that are relevant to your interests.

In some cases, technologies also serve multiple purposes. This applies, for example, to analytics technologies, some of which are also used to display marketing content. The same applies to technical solutions to integrate marketing technologies more easily. In these cases, we have assigned the technology within the cookie banner as a whole to the purpose category that we believe is the main focus.

The third-party services and content used are described in this Section. You can also find a description and your settings options for these by clicking on the "Privacy settings" link at the end of our website. If you require further information on the services, please contact us using the contact options specified in Section 1.

Technologies Used


6. Recipient of the personal data; transfer to EU third countries

As a rule, your data will not be transferred to third parties unless explicitly described under Section 2 or 5. In particular, we do not transfer your data to recipients based outside the European Union or the European Economic Area, with the exception of the processing operations described under Section 2 and 5. 

In some cases, we use external service providers to process personal data in the context of third-party processing as per Art. 28 of the GDPR (such as IT service providers). We have selected and commissioned them carefully, and they are bound by our instructions and inspected on a regular basis. 

Your data will only be transferred to bodies such as supervisory authorities and law enforcement agencies within the scope of statutory provisions if doing so is necessary to prevent and detect fraud and other criminal offences or to ensure the security of our data processing systems. 

The legal basis for this is Art. 6 Para. 1 (1) Letter c (“fulfilment of legal obligations”) and Letter f of the GDPR (“protection of legitimate interests”). 

If personal data are processed in a third country, a comparable level of data protection shall be ensured by means of appropriate guarantees in accordance with Art. 44 et seq. of the GDPR. In this case, you will find further information on data transmission in Section 2 or 5. 

As a general rule, when transferring data outside the European Union and the European Economic Area to a country for which an up-to-date adequacy decision is in place as assessed by the European Commission (see listing under https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en), we base our actions on this adequacy decision (see Art. 45 of the GDPR). For a possible data transfer to other countries, we generally base our actions on standard data protection clauses (see Art. 46 Para. 2 Letter c of the GDPR).

7. Notes on reporting side effects

If you intend to report suspected side effects or insufficient efficacy of a medicinal product, medication errors, improper or off-label use or other aspects related to the safety of a Heel product, please contact your physician, pharmacist or naturopathic practitioner, the local health authority or use the direct contact to Heel. 

If you report side effects or other safety-related aspects of our Heel products, we are under legal obligation to process your notification. We may also contact you for clarification for this purpose. We may subsequently need to report the notifications you make to the relevant health authorities, but we will only transfer your information in pseudonymous form so that no information directly identifying you will be transferred. We may also have to transfer these pseudonymous notifications to our subsidiaries and partners if they are obligated to make reports to their competent health authorities. 

More information on data protection and the reporting of side effects can be found in Heel Data protection statement for pharmacovigilance data

8. Your rights

(1) You have the following rights with respect to your personal data: 

  • Right of access (Art. 15 of the GDPR) You can request information about whether we are processing personal data about you. If this is the case, you have a right of access to this personal data as well as to further information related to the processing (see Art. 15 of the GDPR). Please keep in mind that this right to information may be restricted or ruled out in certain cases.
  • Right to rectification (Art. 16 of the GDPR) In case personal data about you is incomplete or is not (or is no longer) accurate, you may request this data to be corrected and, if necessary, completed (see Art. 16 of the GDPR).
  • Right to deletion or restriction (Art. 17 and 18 of the GDPR) If the legal requirements are met, you can request the deletion of your personal data (see Art. 17 of the GDPR) or the restriction of the processing of this data (Art. 18 of the GDPR) if, for instance, the processing of this personal data is no longer necessary for the purposes for which we collected it.
  • Right to data portability (Art. 20 of the GDPR) Under certain conditions, you have the right to receive the personal data about you that you have provided to us in a specific format or to transfer this data to another data controller (see Art. 20 of the GDPR).

Certain legal requirements must be met in order for you to exercise your aforementioned rights, and in certain cases your rights may be limited due to legal exceptions, in particular those under Art. 17(3) and Art. 22(2) of the GDPR, or under national legislation. 

(2) Right to Objection (Art. 21 of the GDPR)

Moreover, you have the right to object to our processing of your personal data at any time (i) in the case of direct marketing or (ii) in other cases on grounds relating to your particular situation if we are processing your personal data to protect our legitimate interests on the basis of Art. 6 Para. 1 (1) Letter f of the GDPR (Art. 21 Para. 1 and Para. 2 of the GDPR). Should you raise an objection, we will cease to process your personal data for the purpose of direct advertising in any case, and, in the case of data processing for other reasons, we will normally cease the processing unless we can demonstrate urgent reasons for the processing which are worthy of protection and override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. 

(3) You may file a complaint against our processing of your personal data with a data protection authority, in particular in the EU member state in which your habitual residence or place of work is located or if a breach of the applicable data protection laws is believed to have taken place (see Art. 77 of the GDPR). 

(4) There is no automated decision-making including profiling as per Art. 22 Paragraphs 1 and 4 of the GDPR. 

9. External links

Our offer contains links to external websites of third parties whose content we have no influence over. For that reason, we are also unable to assume any responsibility for this third-party content. The respective provider or operator of the websites in question assume responsibility for the contents of the linked websites at all times. The linked sites were checked for possible legal violations at the time the links were made. No unlawful content could be detected at the time of linking. 

However, continuous inspection of the contents of the linked pages without specific indications of a legal violation cannot reasonably be expected. Should we gain knowledge of any legal violations, we will remove the links in question without delay. If you notice that the contents of the external providers violate applicable law, please let us know. This data privacy policy only applies to the content on our websites. 

10. Amendments to this data privacy policy

We will revise this data privacy policy from time to time to adapt it to the state-of-the-art or to revised legal frameworks. 

Therefore, we recommend that you regularly inform yourself about changes to this webpage.

 

Status as of: September 2022