Privacy policy

Overview

General privacy policy
Privacy policy for website users
Privacy policy for customers (incl. interested parties) and other data subjects
Privacy policy for employees
Privacy policy for applicants
Privacy policy for the public authority portal

1. overarching privacy policy

Information on the EU General Data Protection Regulation

Data protection information in accordance with the EU General Data Protection Regulation - Status: September 2025

General information

We take the protection of your personal data very seriously. Your privacy is an important concern for us.

The following provisions are intended to inform you about the processing of personal data in accordance with the requirements of the General Data ProtectionRegulation (GDPR). In particular, taking into account the information obligations under Art. 12 to 14 GDPR, as well as to inform you about the rights of data subjects under the GDPR in accordance with Art. 15 to 22 and Art. 34 GDPR.

Please note that due to the ECJ ruling C-394/23, the aforementioned legitimate interests include not only those for whose implementation processing is already taking place, but also those that are planned in the foreseeable future in order to comply with a prior transparency obligation. We assume that you do not want to constantly take note of an amended privacy policy.

Information on the controller

Responsible for the processing of your personal data is

securPharm e.V.
Hamburger Allee 26-28
60486 Frankfurt am Main

Telephone: +49 69 979 919 12
E-mail: info@securPharm.de

Information about us as the responsible body and our contact details can be found in the
IMPRINT.

Contact details of the data protection officer

We have appointed a data protection officer for our company. You can reach him at datenschutz@securpharm.de or by post (see imprint)

General information

We process your personal data in accordance with the applicable statutory data protection requirements for the purposes listed below for each group of data subjects:

General privacy policy
Privacy policy for website users
Privacy policy for customers (incl. interested parties) and other data subjects
Privacy policy for employees
Privacy policy for applicants
Privacy policy for the public authority portal

Use of service providers

Some of the aforementioned processes or services are carried out by carefully selected and commissioned service providers. We transmit or receive personal data from these service providers solely on the basis of a processing contract. If the registered office of a service provider is located outside the European Union or the European Economic Area, a third country transfer takes place. With these service providers, data protection agreements corresponding to the legal requirements are contractually defined to establish an appropriate level of data protection and corresponding guarantees are agreed.

Information on your rights

You have the right

to request confirmation from us as to whether personal data concerning you is being processed by us; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
to demand the publication of the data concerning you in the restrictions of Art. 20 GDPR in a common electronic, machine-readable data format. This also includes the transfer (where possible) to another controller named directly by you.
to demand that we rectify your data if it is incorrect, inaccurate and/or incomplete. Rectification also includes completion by means of declarations or notification.
to demand that we delete personal data concerning you immediately if one of the reasons listed in Art. 17 GDPR applies. Unfortunately, we are not permitted to erase data that is subject to a statutory retention period. If you no longer wish us to contact you by newsletter or other means, we will store your contact details on a blacklist.
to revoke any consent you have given with effect for the future without any disadvantages for you.
to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR applies
to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you.
We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims(Art. 21 GDPR).
without prejudice to any other administrative or judicial remedy, and if you consider that the processing of personal data relating to you infringes the GDPR, to lodge a complaint with
- our data protection officer: datenschutz@securpharm.de or by post (see legal notice)
- a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

Deletion of your data

Unless otherwise stipulated in the more detailed privacy policies, we will erase your personal data once the contractual relationship with you has ended, you have exercised your right to erasure, all mutual claims have been satisfied and there are no other statutory retention obligations or legal justifications for storage. Commercial law retention periods for financially relevant data are generally up to 10 years. In addition, we may retain data for as long as is necessary to protect us from claims that could be asserted against us. These periods can be up to 30 years.

Definitions

Personal data - any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples are contact data, communication data, billing data.
Controller - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor - a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient - a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
Employees - employees, including temporary workers in relation to the hirer, persons employed for their vocational training, participants in benefits for participation in working life as well as in clarifications of professional aptitude or work trials (rehabilitants), persons employed in recognized workshops for disabled persons, volunteers who perform a service in accordance with the Youth Volunteer Service Act or the Federal Volunteer Service Act, persons who are to be regarded as employee-like persons due to their economic independence. These also include persons working from home and those treated as such, civil servants of the Federal Government, judges of the Federal Government, soldiers and persons performing civilian service. As well as applicants for employment and persons whose employment has ended.
Third party - a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Profiling - any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.
In particular, to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or relocation of that natural person.
Restriction of processing - the marking of stored personal data with the aim of restricting its future processing.

Changes to the privacy policy

We reserve the right to change our privacy policy if necessary and to publish it here. Please check this page regularly. The updated statement will enter into force upon publication, subject to the applicable legal provisions. If we have already collected data about you that is affected by the change and/or is subject to a legal obligation to provide information, we will also inform you of any significant changes to our privacy policy.

back to the overview

2. privacy policy for website users

Scope of application

This data protection declaration applies to all pages of our online network that link to this declaration. The general information can be found on our main data protection page.

Purpose of data collection

The purposes of data collection are

Provision and optimization of the website
- to ensure the security and functionality of the website
- error detection and analysis, in particular the use of forensic procedures to analyze malfunctions (“bug hunting”) to detect, prevent and prosecute security incidents and (attempted) criminal offenses or misuse
User-oriented design and service
- the individual adaptation of our customization to your needs in terms of form, content and function
- the offer and implementation of contact establishment and qualification
- the processing of incoming inquiries via the communication channels provided or other customer support (see also privacy policy for customers)
Contract fulfillment and business processing
- the processing of orders and payments

General information on data processing

We collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services or to the extent that you as a user provide us with this data voluntarily. The collection and use of personal data by you as a user takes place regularly only with your consent or for the establishment and execution of a legal transaction. An exception applies in cases where prior consent cannot be obtained for factual reasons or is disproportionate and the processing of the data is permitted by another legal provision.

Legal bases for the processing of your data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art.
person concerned, Art. 6 para. 1 lit. a EU General Data Protection Regulation
(GDPR) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

Legitimate interests can be in particular

Responding to inquiries;
the implementation of direct marketing measures;
the provision of services and/or information intended for you
the processing and transfer of personal data for internal or administrative purposes
the operation and administration of our website
the technical support of users;
the prevention and detection of fraud and criminal offenses;
protection against payment defaults when obtaining credit information for requests for deliveries and services; and/or
ensuring network and data security, insofar as these interests are consistent with the applicable law and with the rights and freedom of the user;
achieving efficiency gains by bundling services in individual Group companies (in particular marketing, IT, procurement)

Categories of recipients

Service providers for website optimization, service companies for information and communication technology, companies for software and device maintenance, some of which are described in more detail below
Social networks and communities
Internal recipients according to the “need to know” principle

Usage data/server log files

Each time our website is accessed, our systems automatically collect data and information from the computer system of the accessing computer.

The following types of data are collected: Browser type, version used, user’s operating system, host name, internet service provider, user’s IP address, date and time of access, websites from which the user’s system has accessed our website or to which the user has accessed from our website.

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR with the above-mentioned legitimate interests.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website.
In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context. Our legitimate interest in data processing also lies in these purposes. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. We also reserve the right to check the files if there is a justified suspicion of unlawful use or a specific attack on the pages based on concrete evidence. In this case, our legitimate interest is processing for the purpose of investigating and prosecuting such attacks and unlawful use.

Use of cookies

We use cookies. Cookies are data that can be stored in the Internet browser or by the Internet browser on the user’s computer system and retrieved again when visiting a website. Cookies may contain a characteristic string of characters that enables the browser to be uniquely identified when the website or an integrated service is called up again. We use cookies to enable the operation of our website (technically necessary cookies), to make our website more user-friendly (functional cookies) and for marketing and advertising purposes (advertising cookies).

Technical cookies: Some elements of our website require that the accessing browser can be identified even after a page change. The purpose of their use is to enable the website to function at all. Examples of technically necessary cookies are the provision of a shopping cart or logging in as a registered user. The processing is therefore carried out on the basis of Art. 6 para. 1 lit. b or f GDPR.

Functional cookies: There may be functions that are not absolutely technically necessary for the operation of our website, but which considerably simplify its use, such as the adoption of language settings or font sizes, the remembering of search terms, etc.. The processing is also carried out on the basis of Art. 6 para. 1 lit. b or f GDPR.

Advertising cookies: We also use cookies on some of our websites that enable us to analyze the surfing behavior of users. In this way, for example: search terms entered in search engines, frequency of page views, use of website functions, and information about the operating system and browser, etc. are transmitted. The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the user. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has given consent to this - e.g. by selecting it in a cookie opt-in banner - otherwise Art. 6 para. 1 lit. f GDPR in conjunction with EC 47. If third-party services are integrated, processing by them is governed by their respective data protection provisions, which are mentioned and/or linked below.

Note on cookies and tracking in connection with processing

Insofar as we use cookies, comparable technologies or tracking procedures, they are used for the purposes stated in each case, such as for the analysis of user behavior, the optimization of our offer, the implementation of advertising campaigns, A/B tests or conversion optimizations as well as the creation of target groups (lookalike audiences) using third-party data. The legal basis for this is regularly your consent pursuant to Art. 6 para. 1 lit. a GDPR, alternatively the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR for the optimization of our website, analysis and for marketing and sales purposes (in conjunction with EG47 GDPR). Insofar as the use serves to ensure functionality, error analysis or the detection and prosecution of criminal offenses, the processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Complianz cookie consent

The Complianz GDPR/CCPA Cookie Consent service is used on our website. We use the consent service to obtain appropriate consent.
When you visit our website, the consents or refusals are stored with a time stamp and IP address. We store your browser data in the process.

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. c GDPR (processing is necessary for compliance with a legal obligation).
Further information on Complianz’s privacy policy. You can find it at:
https://complianz.io/privacy-statement.

Content from external providers

We use active JavaScript content and fonts on our website, which may also originate from external providers such as Google. By accessing our website, these providers may receive information about your visit to our website, for example by transmitting your IP address. You can prevent this transmission by installing a JavaScript blocker such as the browser plugin ‘NoScript’ or by deactivating JavaScript in your browser.
However, this can lead to functional restrictions.

Some of our websites incorporate third-party content, such as videos from YouTube, maps from Google Maps, images, texts and multimedia files, RSS feeds or other services from other websites. This always requires your IP address to be transmitted to the providers of this content. We cannot make any statement about the use of your data by these providers and also have no influence on further processing. In particular, we have no control over whether the data is used for other purposes, such as profiling. Please refer to the relevant data protection notices of the respective third-party providers. You can protect yourself against further tracking by tracking pixels from these providers by deactivating the acceptance of third-party cookies in your browser settings. The legal basis for the transfer of personal data when integrating third-party providers is Art. 6 para. 1 lit. a GDPR if the user has given their consent - e.g. by selecting this in a cookie opt-in banner - otherwise Art. 6 para. 1 lit. f GDPR in conjunction with EC 47.

Use of hCaptcha

We use the hCaptcha service of Intuition Machines, Inc, 350 Alabama Street, San Francisco,
CA 94110, USA (“hCaptcha”). hCaptcha is used to check whether the data input on
our websites (e.g. in a contact form) is made by a natural person or by automated programs (bots). For this purpose, hCaptcha analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the visitor accesses the website.

As part of the analysis, hCaptcha evaluates various information (e.g. IP address, time spent on the website by the visitor, mouse movements or other technical information). The data collected during the analysis is transmitted to hCaptcha and processed there. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR: The website operator has a legitimate interest in protecting its offers from abusive automated spying and spam.

If a corresponding consent has been requested (e.g. via a consent banner), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Further information about hCaptcha and the privacy policy of Intuition Machines, Inc.
can be found at: https://www.hcaptcha.com/privacy

Google reCAPTCHA

In order to ensure data security when submitting forms and to protect us from SPAM, we use the reCAPTCHA service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This is primarily used to distinguish whether the input is made by a natural person or abusively by machine and automated processing. After entering and pressing the corresponding confirm button, your IP address and any other data required for the reCAPTCHA service will be sent to Google. The legal basis for the processing of your IP address and the use of reCAPTCHA is Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.

For the exceptional cases in which personal data is transferred to the USA, the EU-U.S. Data Privacy Framework applies, according to which Google is certified. Furthermore, deviating data protection regulations of Google Inc. apply. Further information on the data protection guidelines of Google Inc. can be found at http://www.google.de/intl/de/privacy
or https://www.google.com/intl/de/policies/privacy/.

E-mail contact

You can contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.

The legal basis for the processing is:

For the receipt of the data on the basis of the sending of the contact form as consent pursuant to Art. 6 para. 1 lit. a in conjunction with. Art. 5 (expectable processing) GDPR or alternatively on the basis of the legitimate interest of answering your contact request
in accordance with Art. 6 para. 1 lit. f GDPR.
For the processing of data transmitted in the course of sending an e-mail, Art. 6 para. 1 lit. f GDPR with the above-mentioned legitimate interests.
If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended and there is no reason for further storage. The conversation has ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. There may be retention periods under commercial and tax law.

The user has the option of withdrawing their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

Data collection during registration and registered use

Some of our websites require or offer registration. The data collected is used for the purpose of using the respective websites and services, unless otherwise described and explicitly consented to during registration. The data collected results from the input mask during registration, the processing is based on Art. 6 para. 1 lit. b GDPR. All other data that you can enter at a later date to complete your profile is optional and voluntary and is based on the legal basis of Art. 6 para. 1 lit. a GDPR. After registration, we may inform you about relevant circumstances related to our offer for which you have registered by means of the e-mail address you have provided.

Data transmission via the internet

Data transmission via the Internet is generally associated with certain risks. Data is not specially encrypted, in particular messages from the contact form on our website and messages in the service chat are transmitted unencrypted. Please bear this in mind when transmitting data. If you wish to communicate with us by encrypted e-mail, this is possible via SMIME encryption. Please inform us of your request for encryption, as we regularly send unencrypted e-mails due to the currently low market penetration of e-mail encryption methods.

Data transfer

If you provide us with personal data, it will only be passed on to third parties if this is necessary to process the contractual relationship or if another legal reason legitimizes this transfer. However, we provide certain services with the assistance of service providers. We have carefully selected these service providers and taken appropriate measures to protect your personal data.

Storage periods

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Back to the overview

3. privacy policy for customers (incl. interested parties) and other data subjects

Information on data processing

As a customer and as an interested party or other data subject, we process your personal data primarily to establish and fulfill a contractual relationship concluded with you or on the basis of our legitimate interest. Your data will be collected, stored and, if necessary, passed on by us to the extent necessary to provide the contractually agreed service, to provide information, to carry out direct marketing activities or other activities of our business operations. Failure to provide this data may mean that the contract cannot be concluded. In addition, we only process your data if you have consented to the processing or another legal permission exists.

Purposes of data processing

We process your personal data to achieve the following purposes in connection with the initiation and execution of a contractual relationship or other activities in the interests of our organization:

contract processing, including customer service
communication about products, services and projects and to respond to inquiries
advertising to existing customers, use as a selection criterion for direct marketing in order to be able to offer you a customized service
the management of our business relationships
quality management
the improvement and development of intelligent and innovative services
Customer analysis for market and opinion research
the organization of events and trade fair appearances
reporting on our organization and events held and attended by us as well as trade fair appearances/visits in electronic and non-electronic media
Compliance with legal or contractual requirements
the settlement of legal disputes, enforcement of contracts and the assertion, defense and exercise of legal claims, detection and prosecution of fraudulent and other unlawful acts

In addition, we only process your data with your express consent.

Types of data that we process

The following personal data is processed

Contact data: e.g. name, address, telephone number;
Identification/payment data: e.g. account number, VAT ID no.
Image data: Photo and video recordings
Other data: Other information required in the context of the business relationship, provided voluntarily or available from public sources

Categories of recipients

The personal data will be transmitted to supervisory authorities, legal service providers/auditors as required. If we are subject to a legal obligation to do so, we will disclose your data to the competent authority upon request.

In some cases, we use external service providers to process your data. If these service providers are not based in the European Economic Area, we ensure that the data transfer is permissible under data protection law by means of data protection agreements that comply with the legal requirements and, if necessary, other measures to ensure an appropriate level of data protection.

These service providers have been carefully selected by us, commissioned in writing and are bound by our instructions. Our service providers are subject to random checks by us. The service providers will not pass this data on to third parties, but will delete it after the contract has been fulfilled and the statutory storage periods have expired, unless you have consented to further storage.

These are e.g:

Bank, payment service providers
IT service providers
Marketing service providers
Further education/training providers/company consultants
etc.

Legal bases of the processing

The legal bases for the processing of your data are in particular

Art. 6 para. 1 lit. a) on the basis of your consent. This can also be given verbally or through an unambiguous act of consent.
Art. 6 para. 1 lit. b) for the establishment, performance and termination of a contractual relationship
Art. 6 para. 1 lit. c) for the fulfillment of a legal obligation
Art. 6 para. 1 lit. f) for the protection of a legitimate interest

Legitimate interests

Our legitimate interests lie in achieving the above-mentioned purposes and also, for example, in

Increasing efficiency and effectiveness potential, also in cooperation with partners and, if applicable, affiliated companies,
ensuring compliance with safety regulations, requirements, industry standards and contractual obligations
the assertion, exercise or defense of legal claims,
avoiding damage and/or liability of the company through appropriate measures,
the implementation of information and communication measures, including of an advertising nature and
the reporting of company information.

Customer analysis

In the context of customer analysis - this also includes customer satisfaction surveys carried out by us - your data is processed either in anonymous form or, if complete anonymization is not possible or does not make sense for factual reasons, in pseudonymized form. In the case of surveys after training courses, participants can voluntarily provide anonymous feedback or state their name, for example if they wish to receive personal feedback from us. In this case, the information can be assigned to a specific person. However, the overall evaluation of the survey results is carried out exclusively in the form of an anonymized summary, so that it is no longer possible to draw conclusions about individual persons in the context of the presentation of results.

Some of the aforementioned processes or services are carried out by carefully selected and commissioned service providers. Personal data is transmitted or processed by them exclusively on the basis of a processing contract. If the registered office of a service provider is located outside the European Union or the European Economic Area, a so-called third country transfer takes place. In these cases, data protection agreements are concluded in accordance with the legal requirements and suitable guarantees are agreed to ensure an appropriate level of data protection.

Data collected by third parties

Data may be made available to us by third parties, e.g. by trade fair organizers or as part of recommendations. In this case, this is usually contact data in connection with data on specific product or service requirements or interests.

Storage period

Once the respective purpose no longer applies, your data will be deleted in compliance with statutory retention periods. We delete your business contact data after termination of the business relationship. We store image data permanently.

back to the overview

4. privacy policy for employees

Information on data processing

We would like to inform our employees about how we handle their personal data in the context of the employment relationship.

Purpose of data collection

During the period of your employment, your personal data will mainly be processed for the performance and/or termination of the contractual relationship, including the tasks associated with the respective activity. Other purposes may include processing for the purposes of complying with legal regulations (including third-party claims for information) or measures for corporate development or communication.

Types of data that we process

We process the following personal data as part of your employment relationship:

Applicant data: Name Date of birth, CV, certificates, certificate of enrollment for students, work permit if applicable, driver’s license for the entry process;
Private contact details: address, telephone number, e-mail;
business contact data: e.g. telephone numbers, e-mail, place of work, job title;
Image data: Photo for identification and photographs taken as part of company events;
Identification/payment data: ID card data or work permit for identification and determination of the legitimacy of employment, place of birth, marital status, in the case of parental status, proof by birth certificate(s) of the child(ren), tax identification number, health insurance membership, social security number (copy of social security card or letter from pension insurance provider), income tax class, allowances, denominational affiliation for church tax, account number, any wage garnishments (for the purpose of payroll accounting and fulfillment of social security, tax andother legal obligations);
Health data: Periods of absence/incapacity for work, e.g. in the context of payroll accounting, for settlement with health insurance companies or employers’ liability insurance associations or in the context of legal obligations as an employer such as company integration management or the fulfillment of duties in the protection of severely disabled persons or in the context of company self-monitoring such as occupational health and safety or company medical examinations;
Time recording, access and usage data: Vacation times, working time accounts, if applicable
shift schedules, closing times or access logs, time logs relating to the activities carried out, including electronic logs relating to the use of our IT infrastructure, etc;
Data in the context of personnel screening: if within the scope of the information management system: e.g. police clearance certificate;
Data on suitability and performance/behavioral control: training and further training information, data for the purpose of measuring target achievement, e.g. for variable remuneration components, data on incidents relevant to employment law; data on violations of road traffic regulations (“parking tickets”);
other data in personnel administration: secondary employment, data in the context of company health care and company health management, occupational health and safety, copy of severely disabled person’s pass if applicable, copy of driving license if applicable, BAV, capital-forming benefits, RMV Deutschlandticket, internet cost reimbursement.

Categories of recipients

We send your personal data to the following recipients, e.g. to comply with legal obligations or obligations arising from the employment relationship:

internal departments according to the “need-to-know principle”,
Bank service providers, financial service providers, service providers for the calculation of pension provisions, if applicable,
Service providers for payroll accounting - tax consultants, auditors, service providers for information and communication technology, software and equipment maintenance companies,
Health, social, pension and accident insurance providers as well as other insurance companies and providers of capital-forming benefits,
Authorities such as tax authorities, social security funds, employment agencies, safety, health, road traffic and related fine authorities, customs authorities and
monitoring bodies for undeclared work and minimum wage; other authorities,
company medical service,
Third-party debtors in the event of wage garnishment, insolvency administrator in the event of personal insolvency
Business partners and customers (business contact details)

Legal basis for processing

When processing your personal data, we naturally comply with applicable law. Processing therefore only takes place on a legal basis. The following legal bases come into consideration in particular in the employment relationship:

Art. 6 para. 1 lit. a) on the basis of your consent, whereby none is generally required for the conclusion of a contract or the continuation of an existing contract: this applies in particular to such data that is neither legally nor factually necessary for the performance of the employment relationship and has been voluntarily provided to us by you or in respect of which you have consented to processing.
Art. 6 para. 1 lit.b) i.V.m. § Section 26 BDSG for the establishment, execution and termination of a contractual relationship: all data that establish the employment relationship such as curriculum vitae and proof of qualifications, employee master data required for the execution of the contract, from other insurances, on status in the context of disability and pregnancy protection, to prove the provision of the contractually owed service (e.g. time sheets, vacation planning) and, if applicable, in accordance with Section 26 BDSG, data in connection with internal investigations to clarify a concrete suspicion of criminal offenses or serious breaches of duty.
Art. 6 para. 1 lit.c) to fulfill a legal obligation: information on tax circumstances, health and social insurance, other records on legally required training and instruction, possibly data within the framework of the Infection Protection Act (if applicable).
Art. 6 para. 1 lit. f) to safeguard a legitimate interest: all other data such as log files, internal coordination data and planning, internal correspondence and in the context of internal IT systems. Some processing operations are regulated by a (company agreement) BV. In accordance with Art. 88 GDPR, collective agreements (works agreements) may give rise to a presumption of overriding legitimate interest with regard to the processing regulated in the works agreements.

Legitimate interests

If we process your data within the scope of our legitimate interest, this lies, for example, in

the implementation of electronic access controls,
the optimization of personnel planning,
ensuring compliance with safety regulations, requirements, industry standards and contractual obligations
the assertion, exercise or defense of legal claims, including data for the documentation of service flows
the avoidance of damage and/or liability of the company through appropriate measures
the implementation of internal information and communication measures.
reporting on company information.

You have the right to object to the processing of personal data within the scope of a legitimate interest on grounds relating to your particular situation. We will then no longer process your data unless we can demonstrate compelling legitimate grounds on our part that outweigh your rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

We do not use the personal data provided by you to make automated decisions concerning you.

Data collected by third parties

We collect data for payroll accounting via the ELSTAM procedure, which is provided to us by the tax authorities for correct accounting. This applies in particular to the payroll accounting data listed below.

From 2021, due to the introduction of the electronic certificate of incapacity for work, we are obliged to retrieve the sick leave data (i.e. start and duration of incapacity for work, as well as the time of termination of continued payment of remuneration in the event of illness) from your health insurance company on the basis of a sick note from you.

Note: The general information can be found on our main data protection page.

Storage period

Once the respective purpose has been achieved, your data will be deleted in compliance with the statutory retention periods, generally 6 or 10 years, and 30 years or longer for various data categories such as occupational pension provision.

Back to the overview

5. privacy policy for applicants

Information on data processing

When you apply for a position in our company, we process and store your personal data. We take your privacy very seriously and would therefore like to take this opportunity to inform you about how we handle your applicant data.

Purpose of data collection

Before you join our company or during the application process, we process your personal data exclusively for the purpose of establishing a contractual relationship to the extent necessary.

Types of data that we process

The following types of personal data are regularly processed:

Applicant data: Name, date of birth, CV, certificates, nationality/work permit, etc. for the selection, recruitment process, entry and exit management,
private contact data: Address, telephone number, e-mail (for the purpose of contacting you)
Data in the context of personnel screening: e.g. police clearance certificate, background check (ZUP)
If applicable, data subject to professional secrecy: e.g. data on health suitability and any restrictions
Other data in personnel administration: severe disability (if relevant), driving license holder

We do not require any information from you that is not usable under the General Equal Treatment Act (AGG) (race, ethnic origin, gender, pregnancy, information on physical or mental illness, membership of a trade union, religion or belief, disability, age, sexual identity or sex life), unless relevant to the advertised position.

We ask that you do not send us such data. The same applies to content that is likely to infringe the rights of third parties (e.g. copyrights, ancillary copyrights or other intellectual property rights, personal rights, press law or general rights of third parties).

Legal bases of the processing

for the establishment, execution and termination of a contractual relationship pursuant to Art. 6 para. 1 lit. b GDPR i.V.m. § Section 26 BDSG (version from 25.5.2018),
to fulfill a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR,
in the case of processing to safeguard a legitimate interest pursuant to Art. 6 para. 1
lit. f GDPR,
as well as on the basis of your consent by voluntarily providing data that is not absolutely necessary for the purpose, such as hobbies in your CV.
However, such consent is generally not required for the conclusion of a contract or the continuation of an existing contract. The legal basis is Art. 6 para. 1 lit. a GDPR.

Legitimate interests

Our legitimate interests lie, for example, in

the optimization of application processes,
achieving efficiency gains by bundling services in individual Group companies (in particular HR, IT)
ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
the assertion, exercise or defense of legal claims,
the avoidance of damage and/or liability of the company through appropriate measures.

Categories of recipients

Internal recipients according to the “need to know” principle, generally on the basis of necessity for the performance of the employment relationship and on the basis of an overriding legitimate interest;
Service providers who support us professionally or technically in the application process.

Deletion periods

Your data will be deleted once the respective purpose has been achieved. However, data will be stored for as long as is necessary for the defense of legal claims. The retention period is generally 6 months. If your profile has been transmitted to us by a personnel service provider and there are commission claims from this service provider, the storage period may be up to their fulfillment or the statute of limitations. If processing relevant to accounting has been carried out, such as the reimbursement of travel expenses, the data required for this will be deleted in compliance with the statutory retention periods, usually 6 or 10 years. If the application was successful and we conclude a contract with you, we will transfer the data collected during the application process to our personnel file.

Back to the overview

6. privacy policy for the public authorities portal

Thank you for your interest in the public authorities portal. Compliance with data protection regulations is of particular importance to us. The aim of this privacy policy is to inform you as a user of the public authorities portal about the type, scope and purpose of the processing of personal data and your existing rights, insofar as you are a data subject within the meaning of Art. 4 No. 1 of the General Data Protection Regulation.

This privacy policy applies to the public authority portal (available at
https://www.securpharm.de/datenschutzerklaerung-behoerdenportal/) and provides you with an
overview of the type, scope and purpose of the collection, use and processing of personal data by securPharm e.V. Furthermore, we inform you in this privacy policy about the rights to which you are entitled vis-à-vis securPharm e.V. with regard to your personal data. Under no circumstances will your personal data be passed on to third parties, unless otherwise stated below

Responsible body

For the public authority portal and the range of services

securPharm e.V.
Hamburger Allee 26-28
60486 Frankfurt am Main

Phone: +49 69 979 919 12
E-mail: info@securPharm.de

Responsible within the meaning of the GDPR.

Information about us as the responsible body and our contact details can be found in the
IMPRINT.

Contact details of the data protection officer

We have appointed a data protection officer for our company. You can reach him at datenschutz@securpharm.de or by post (see imprint)

General information

The public authority portal is designed to collect as little data as possible from you.
We always ensure that your personal data is only processed in accordance with a legal basis or with your consent. We comply with the provisions of the General Data Protection Regulation (GDPR) and the applicable national regulations, such as the Federal Data Protection Act, the Telecommunications Digital Services Data Protection Act or other more specific data protection laws.

Purpose and legal basis for the processing of personal data

We process your personal data for the following purposes:

For the technical realization of the authority portal and to be able to provide you with our information (e.g. IP address, cookies, browser information)
To contact you and process your request (e.g. first and last name, organization)
To provide our ticket system with which you can send us inquiries about technical faults (e.g. email address)

We process personal data that is required for the establishment, implementation or processing of our range of services (contract processing) on the legal basis of Art. 6 para. 1 lit. b GDPR. Insofar as we obtain your consent for the processing of your personal data, the consent pursuant to Art. 6 para. 1 lit. a GDPR forms the legal basis for data processing. Data processing is also permitted if we process your data to protect our legitimate interests and your interests or fundamental rights and freedoms with regard to the processing of personal data do not prevail. (Art. 6 para. 1 lit. f GDPR) If we use external service providers as part of commissioned data processing, the processing is carried out in accordance with Art. 28 GDPR.

Collection of personal data when using the public authority portal

When you use the public authority portal, we collect the data that is technically necessary for us to ensure the stability and security of the application:

IP address
Date and time of access
Date and time of the report query
Time zone difference to Greenwich Mean Time (GMT)
Access status/HTTP status code
Type of access (user interface or API interface)

Cookies

Cookies are small text files that are stored on your data carrier and save certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent, as well as information about the age of the cookie and an alphanumeric identifier. Only technically necessary cookies are set when the authority portal is accessed.

Registration process

In order to be able to use our public authority portal, we collect personal data when you apply for access to the public authority portal. The following data categories are required for the application: The following data is collected in the role of contact person:

Name of the contractual partner (ministry / authority)
Address of the contractual partner
Salutation, first name and surname
Official e-mail address
Work telephone number
Official address

The following data is collected in the role of the user contact person:

Name of the contractual partner (ministry / authority)
Federal state of the contractual partner
Salutation, first name and surname
Official e-mail address
Name of the authority (for which the contact person may report authority users)
Address of the authority

The following data is collected in the role of the authority user:

Name of the authority
State of the authority
Salutation, first name and surname
Official e-mail address
Address (where the user can receive letters by post)

We process the personal data to provide the public authority portal and handle business interactions. The processing of the aforementioned personal data for the purposes stated here takes place on the legal basis of Art. 6 para. 1 lit. b GDPR.

We may also process the data you provide in order to inform you about further functionalities of the public authority portal, reminders about access authorizations or to send you e-mails with technical information or satisfaction surveys. For the latter, we do not need to obtain separate consent from you in accordance with Section 7 (3) UWG.

Management of customer master data

We use the customer relationship management system Bigin to manage customer master data for the purpose of business processing. This is operated by Zoho Corporation GmbH, Trinkaustraße 7, 40213 Düsseldorf, Germany.

Bigin is used on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the most efficient customer management and customer communication possible.
With regard to the storage period, we delete personal data as soon as its storage is no longer necessary for the fulfillment of the original purpose and there are no longer any legal retention periods. We have concluded an order processing contract with Zoho. Data transfer to third countries outside the European Union is based on the standard contractual clauses of the EU Commission. Details
c

Find a contact

Do you have any questions or need help? Don't worry, we are here to help you. Simply use our contact form and we will forward your request to the right contact person, who will get back to you as quickly as possible. Your stress is our concern – let us help you.

Pri­va­cy poli­cy

Over­view

1. over­ar­ching pri­va­cy poli­cy

Infor­ma­ti­on on the EU Gene­ral Data Pro­tec­tion Regu­la­ti­on

Gene­ral infor­ma­ti­on

Infor­ma­ti­on on the con­trol­ler

Cont­act details of the data pro­tec­tion offi­cer

Gene­ral infor­ma­ti­on

Use of ser­vice pro­vi­ders

Infor­ma­ti­on on your rights

Dele­ti­on of your data

Defi­ni­ti­ons

Chan­ges to the pri­va­cy poli­cy

2. pri­va­cy poli­cy for web­site users

Scope of appli­ca­ti­on

Pur­po­se of data coll­ec­tion

Gene­ral infor­ma­ti­on on data pro­ces­sing

Legal bases for the pro­ces­sing of your data

Legi­ti­ma­te inte­rests can be in par­ti­cu­lar

Cate­go­ries of reci­pi­ents

Usa­ge data/server log files

Use of coo­kies

Note on coo­kies and track­ing in con­nec­tion with pro­ces­sing

Com­pli­anz coo­kie con­sent

Con­tent from exter­nal pro­vi­ders

Use of hCaptcha

Goog­le reCAPTCHA

E-mail cont­act

Data coll­ec­tion during regis­tra­ti­on and regis­tered use

Data trans­mis­si­on via the inter­net

Data trans­fer

Sto­rage peri­ods

3. pri­va­cy poli­cy for cus­to­mers (incl. inte­res­ted par­ties) and other data sub­jects

Infor­ma­ti­on on data pro­ces­sing

Pur­po­ses of data pro­ces­sing

Types of data that we pro­cess

Cate­go­ries of reci­pi­ents

Legal bases of the pro­ces­sing

Legi­ti­ma­te inte­rests

Cus­to­mer ana­ly­sis

Data coll­ec­ted by third par­ties

Sto­rage peri­od

4. pri­va­cy poli­cy for employees

Infor­ma­ti­on on data pro­ces­sing

Pur­po­se of data coll­ec­tion

Types of data that we pro­cess

Cate­go­ries of reci­pi­ents

Legal basis for pro­ces­sing

Legi­ti­ma­te inte­rests

Data coll­ec­ted by third par­ties

Sto­rage peri­od

5. pri­va­cy poli­cy for appli­cants

Infor­ma­ti­on on data pro­ces­sing

Pur­po­se of data coll­ec­tion

Types of data that we pro­cess

Legal bases of the pro­ces­sing

Legi­ti­ma­te inte­rests

Cate­go­ries of reci­pi­ents

Dele­ti­on peri­ods

6. pri­va­cy poli­cy for the public aut­ho­ri­ties por­tal

Respon­si­ble body

Cont­act details of the data pro­tec­tion offi­cer

Gene­ral infor­ma­ti­on

Pur­po­se and legal basis for the pro­ces­sing of per­so­nal data

Coll­ec­tion of per­so­nal data when using the public aut­ho­ri­ty por­tal

Coo­kies

Regis­tra­ti­on pro­cess

Manage­ment of cus­to­mer mas­ter data

Find a contact

Contact

Privacy policy

Overview

1. overarching privacy policy

Information on the EU General Data Protection Regulation

General information

Information on the controller

Contact details of the data protection officer

General information

Use of service providers

Information on your rights

Deletion of your data

Definitions

Changes to the privacy policy

2. privacy policy for website users

Scope of application

Purpose of data collection

General information on data processing

Legal bases for the processing of your data

Legitimate interests can be in particular

Categories of recipients

Usage data/server log files

Use of cookies

Note on cookies and tracking in connection with processing

Complianz cookie consent

Content from external providers

Google reCAPTCHA

E-mail contact

Data collection during registration and registered use

Data transmission via the internet

Data transfer

Storage periods

3. privacy policy for customers (incl. interested parties) and other data subjects

Information on data processing

Purposes of data processing

Types of data that we process

Categories of recipients

Legal bases of the processing

Legitimate interests

Customer analysis

Data collected by third parties

Storage period

4. privacy policy for employees

Information on data processing

Purpose of data collection

Types of data that we process

Categories of recipients

Legal basis for processing

Legitimate interests

Data collected by third parties

Storage period

5. privacy policy for applicants

Information on data processing

Purpose of data collection

Types of data that we process

Legal bases of the processing

Legitimate interests

Categories of recipients

Deletion periods

6. privacy policy for the public authorities portal

Responsible body

Contact details of the data protection officer

General information

Purpose and legal basis for the processing of personal data

Collection of personal data when using the public authority portal

Cookies

Registration process

Management of customer master data