Privacy Policy

Last updated June 2020


The protection of your personal data is important to us ("HERMES"). We always process your personal data such as your name, your address, your e-mail address or your telephone number in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).


With this privacy policy, we would like to inform you about the type, scope and purpose of the personal data collected and processed by us. We will also inform you about your rights as the data subject. If we wish to offer you special services via our website or otherwise, and if there is no legal basis for the data processing for these purposes, we will obtain your consent.


1. Controller and Data Protection Officer

The controller is:

HERMES Arzneimittel GmbH
Georg-Kalb-Straße 5-8


82049 Pullach


Phone: +49 89 79102 261
E-mail: dataprotection@hermes-pharma.com
Website: www.hermes-pharma.com


The contact details of the data protection officer of HERMES Arzneimittel GmbH are:

Mr. Tim Faulhaber
E-mail: datenschutz@hermes-arzneimittel.com 

2. Collection of General Data and Information


This website collects a series of general data and information with each visit. This general data and information is stored in the log files of the server. The following general data and information may be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites which are reached via an accessing system on our website, (5) the date and time of access to the website, (6) the Internet Protocol address (IP address), (7) the Internet service providers of the accessing system, and (8) other similar data and information used for security purposes in the event of attacks to our IT systems.


When using this general data and information, HERMES cannot associate this data to you. Rather, we need this information to correctly deliver the contents of our website, to optimize the contents of our website as well as the advertisements shown on them, to ensure the permanent functionality of our IT systems and of the technology of our website, and to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack.


HERMES statistically evaluates this anonymously collected data and information with the aim of increasing data protection and data security in our company. We store the anonymous data of the server log files separately from all personal data provided by you. The legal basis for the temporary storage of data and log files is Article 6 para. 1 point f) GDPR.


3. Data Processing upon Contact

You can contact us via the contact form provided on this website or via the e-mail address provided. If you contact HERMES through one of these channels, we will automatically store the personal data you submit. Such personal data voluntarily provided to HERMES will be stored for the purpose of processing your request and/or contacting you. In the case of contract initiations or executions, the legal basis for the processing of data is Article 6 para. 1 point b) GDPR. In all other cases the legal basis for the processing is Article 6 para. 1 point f) GDPR.


4. Data Processing for Advertising Purposes, Newsletter

On the HERMES website, users are given the opportunity to order advertising materials and to subscribe to the HERMES newsletter. HERMES may use your data to contact you via email, phone or post with information about e.g. new products and services, scientific publications related to user-friendly dosage forms, new technologies, new available APIs and dosage forms, etc. The personal data transmitted to HERMES when ordering the materials or the newsletter is determined by the input mask used for this purpose.


The newsletter can only be received if (1) the person concerned has a valid e-mail address and (2) the person concerned registers to receive the newsletter. For legal reasons, a confirmation e-mail by way of the double opt-in procedure is sent to the e-mail address entered by the person concerned for the first time for sending the newsletter. This confirmation e-mail serves to check whether the owner of the e-mail address has authorized the receipt of the newsletter. The legal basis for sending the newsletter is Art. 6 para. 1 point a) GDPR.


When registering for the newsletter, we store the IP address of the computer system used by the person concerned at the time of registration assigned by the Internet Service Provider (ISP) as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a person concerned at a later point in time and therefore serves the legal protection of HERMES.


The personal data collected when registering for the newsletter will be used for the following purposes:

  • Sending the newsletter
  • Consulting and advertising services
  • Design of the newsletter according to customers' needs
  • Composition of the topics of the newsletter according to customers' interests


Furthermore, subscribers to the newsletter may be informed by e-mail if this is necessary for the operation of the newsletter service or for registration, as could be the case for changes to the offer of the newsletter or changes in the technical conditions.


The consent to the storage of personal data that you have given us for contacting you with advertising materials or for sending the newsletter can be revoked at any time. For the purpose of revoking your consent, you will find a corresponding link in every newsletter. It is also possible to unsubscribe directly from HERMES at any time by post or e-mail using the contact details listed under no. 1.


5. Cookies


This website uses cookies. Cookies are text files which are stored on a computer system via an Internet browser. By using cookies, we can provide you with more user-friendly services that would not be possible without cookies. Cookies enable us to recognize the users of our website. For example, the user of a website that uses cookies does not have to re-enter his/her access data each time he/she visits the website because this is done by the website and the cookie stored on the user's computer system.


The data is collected and stored for marketing and optimization purposes. These data are used to create user profiles under a pseudonym. Cookies enable the recognition of the Internet browser. The data collected will not be used to personally identify the visitor to this website and will not be combined with personal data about the bearer of the pseudonym without the separately given consent of the person concerned. The collection and storage of data can be revoked at any time with effect for the future. You can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via your Internet browser or other software programs. This is possible in all common internet browsers. If you deactivate the setting of cookies in your Internet browser, not all functions of our website may be fully usable. The legal basis for the processing of personal data when using cookies is Art. 6 para. 1 lit. f) GDPR.


6. Google Analytics


This website uses cookies within the framework of Google Analytics. This is a web analytics service by Google LLC ("Google"). By using the analytics cookies, we learn how the website is used and can thus continuously optimize our offer. The cookie processes data relating to the data specified in Section 2. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.


By anonymizing your IP address on this website, Google will reduce your IP address within the member states of the European Union or in other contracting parties to the Agreement on the European Economic Area prior to transmission to the USA.Google uses this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.


The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en).


The legal basis for the use of google analytics is Article 6 para. 1 point a) GDPR. Google self-certified to the EU-U.S. Privacy Shield. Therefore, the legal basis for the transmission of personal data to the USA is, in accordance with the EU-U.S. Privacy Shield, Article 45 para. 1 GDPR.


7. Usercentrics

This website uses the consent management service of Usercentrics. Recipient of your data within the meaning of Art. 13 Para. 1 lit. e) GDPR is the Usercentrics GmbH. In the context of data processing, HERMES transfers personal data (consent data) to the Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich as the data processor. Consent data includes the following data: date and time of the visit or consent / refusal, device information, anonymized IP address. The data is processed for the purpose of complying with legal obligations (obligation to provide proof in accordance with Art. 7 Para. 1 GDPR) and the associated documentation of consents and thus on the basis of Art. 6 Para. 1 s.1 lit. c) GDPR. Local Storage is used for the storage of the data.

Data Collected
This list represents all (personal) data that is collected by or through the use of this service. The request URLs of the webpage and the page path of the webpage are data collected through the Taglogger. The Taglogger is always active and tracks which technologies are active. Users have access to this data only if the Taglogger Feature has been activated for them. For the transmission of data happens even if the Feature is not activated.

  • Device information
  • Browser Information
  • Anonymized IP Address
  • Opt-in and opt-out data
  • Date and time of visit
  • Request URLs of the webpage
  • Page path of the webpage
  • Geographic location

Legal Basis
according to Art. 6 I 1 GDPR for the processing of personal data is Art. 6 para. 1 s. 1 lit. c GDPR

Location of Processing and Retention Period
The Consent data (given consent and the consent revocation) will be kept for a period of three years. A data export takes place after termination of the contract. The data will only be stored in the European Union, the consent database is located in Belgium.

Further Information and Opt-Out
Click here https://usercentrics.com/privacy-policy/ for further information on the data collected and the privacy policy of the data processor. The email address of the data protection officer of the processing company is datenschutz@usercentrics.com


8. Social Plug-Ins

On our website, we use social plug-ins ("plug-ins") from LinkedIn. In particular, we use plug-ins to enable you to share content from our website with other users of social networks or to draw their attention to such content. You can recognize the provider of the respective plug-in by its logo or initial letter. 


When using plug-ins, we use the so-called "Shariff solution" (more information can be found here): When you visit our website, we do not initially transmit any personal data to the providers of the plug-ins. However, if you click on the marked button, your personal data will be transmitted directly to the provider of the respective plug-in and processed – possibly in third countries, such as the USA – by this provider. After clicking on the plug-in button, a new window of your browser will open and call the page of the provider of the respective social network up. Data will be transmitted to the provider of the respective plug-in, regardless of whether you have an account with the social network of the plug-in provider. If you are logged in at the plug-in provider’s social network, your data collected at our website will be matched to your existing account with the plug-in provider.


We have no influence on the type and scope of data collected and processed through the use of the plug-ins, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. According to the providers of the plug-ins, the transmitted data includes information about your browser, the websites visited and the date and time of your visit. The plug-in providers process this information, for example, in order to create user profiles and to display demand-oriented advertising. You have a right to object to the creation of these user profiles. Please contact the respective plug-in provider to exercise the right to object. For further information, please refer to the websites and data protection information of the respective providers. 


We offer you to use these social plug-ins to interact with social networks and other users, so that we can improve our services and make them more interesting for you as a user. This represents our legitimate interest in using the plug-ins on the legal basis of Article 6 para. 1 point f) GDPR. LinkedIn has self-certified to the EU-U.S. Privacy Shield. Therefore, the legal basis for the transmission of personal data to the USA is, in accordance with the EU-U.S. Privacy Shield, Article 45 para. 1 GDPR.


9. Google Maps


We use the offer of Google Maps on this website. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.


When visiting the website, Google receives the information that you have visited the corresponding subpage of our website. In addition, the data specified in Section 2 will be transmitted. This is regardless of whether you have an account with Google, whether you are logged into such an account, or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such usage takes place in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google to exercise this right. For more information about the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider's privacy policy.


The legal basis for processing your personal data using Google Maps is Article 6 para. 1 point a) GDPR. Google self-certified to the EU-U.S. Privacy Shield. Therefore, the legal basis for the transmission of personal data to the USA is, in accordance with the EU-U.S. Privacy Shield, Article 45 para. 1 GDPR.


10. Data Transmission to Third Parties


Intra group data sharing
We may make your personal data available to other companies of the HERMES Group in accordance with this Privacy Policy. We ensure that your personal data is treated strictly confidentially within the HERMES Group and only used for the above-mentioned purposes.


External service providers
Access to personal data is possible for service providers and contractual partners that we use for the operation of our websites. These external providers are obliged to use your personal data only to provide the services requested by us or otherwise in accordance with our instructions.


Disclosure of data to third parties
Apart from the above mentioned data transmissions, we do not transmit, sell or market your personal data to third parties, such as other companies or organizations, unless you have given your express consent, or the transmission is necessary to fulfil our contractual obligations to you, the user of the website.


11. Duration of Data Storage


We store your personal data according to respective legal retention periods. We routinely delete the corresponding data after these periods expire, provided that it is no longer necessary for the performance or initiation of a contract.


If the storage purpose ceases to apply, or if a compulsory storage period by European Union or national law expires, the personal data is routinely blocked or deleted in compliance with statutory provisions.


12. Your Rights


As the data subject, you are entitled to the rights mentioned in Articles 15-21 GDPR against HERMES if the conditions stated therein are fulfilled. These are the rights of access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), data portability (Article 20 GDPR) and the right to object (Articles 21 and 22 GDPR). Apart from this, you have the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR.