DATA PROTECTION
The protection and security of your personal data is of particular concern to us. We are therefore committed to treating and protecting your data confidentially and strictly complying with the General Data Protection Regulation (GDPR) and the Data Protection Act (DSG) when collecting, processing and storing your data. Below we will inform you about which of your personal data we collect and for what purposes it is used. All personal terms used in this data protection declaration apply equally to persons of the female and male gender.
The person responsible within the meaning of the GDPR is Nikolaus Apotheke Längenfeld KG, Mag. pharm. Laura Canov, 6444 Längenfeld, Oberlängenfeld 6/01B, Austria.
Inquiries regarding data protection and the processing of personal data can be sent to the following email address: office@nikolaus-apotheke.at
The person responsible has not appointed a data protection officer because the legal requirements for a mandatory appointment do not exist.
Data collected, purpose of processing, legal basis, storage period, recipients and recipient categories of data
The categories of personal data we process and the purposes pursued by processing these personal data are described below. Here you will also receive information on the storage period of the respective data or the criteria for determining the duration if information on the storage period is not possible, and on recipients and recipient categories of data.
The following data from our customers is generally processed on the basis of Sections 1 and 10 of the Pharmacy Operating Regulations 2005. When you purchase medicines and medical devices based on a doctor’s prescription and a health insurance prescription, we save the respective prescription with the following data :
This data is collected, processed and stored for the purpose of billing the patient’s statutory health insurance for the medicines and medical devices dispensed: In this case, the patient only bears part of the costs (prescription fee or share of the costs), the remaining costs for medicines and medical devices are borne by covered by the patient’s statutory health insurance. For this purpose, the pharmacy must bill the health insurance company electronically and transmit the data to the statutory health insurance company.
The processing of this data takes place in particular on a legal basisof Art. 9 Para. 2 lit. The provision of the above-mentioned data is necessary as part of electronic billing to the health insurance company in accordance with Section 7 Paragraph 2 of the overall pharmacist contract concluded between the Main Association of Austrian Social Insurance Institutions and the Austrian Chamber of Pharmacists. Otherwise, the pharmacy cannot bill the patient’s statutory health insurance provider for the remaining costs of the medicines and medical devices prescribed based on a health insurance prescription.
Our records of business transactions and electronic prescription invoices with the statutory health insurance companies, which contain the data mentioned, are stored in accordance with the retention period regulated in Section 132 Paragraph 1 of the Federal Tax Code (which is currently the last seven financial years). After this retention period has expired, this data will be automatically deleted.
If a data subject exercises their data protection right to deletion, the records of business transactions and electronic prescription invoices with the statutory health insurance companies will be retained for the retention period regulated in Section 132 Paragraph 1 of the Federal Tax Code, but the social security number of the data subject will be anonymized in these data. “Anonymization” means that the affected individual’s Social Security number is replaced with a randomized, invalid Social Security number from which the original Social Security number can no longer be recalculated.
Excluded from this anonymization are the prescription billing data that fall within the period specified in Appendix IV § 13 of the overall pharmacist contract concluded between the Main Association of Austrian Social Insurance Institutions and the Austrian Chamber of Pharmacists (this is currently six months from the billing of a prescription). As a result, the social security numbers remain unchanged in the prescription billing data for the past six months.
Furthermore, within the framework of electronic prescription billing, the Pharmazeutische Lohnkasse für Österreich, Spitalgasse 31, 1090 Vienna ( www.lohnskasse.at ) is acting as a clearing point between the pharmacy and the statutory health insurance in accordance with Section 7 Paragraph 1 of the overall pharmacist agreement concluded between the Main Association of Austrian Social Insurance Institutions and the Austrian Chamber of Pharmacists of the patient interposed. The pharmacy’s original prescription data must be retained by the Pharmazeutische salary fund for Austria for the period specified in Annex IV § 4 paragraph 3 of the overall pharmacist contract concluded between the Main Association of Austrian Social Insurance Institutions and the Austrian Chamber of Pharmacists (which is currently nine months).
For purchases on account (target purchases using credit invoicing), we collect the following customer data :
This data is processed for the purpose of fulfilling and processing the contract with the customer. The legal basis for data processing is therefore Article 6 Paragraph 1 lit b GDPR and Section 11 of the Sales Tax Act, which standardizes obligations with regard to the issuance of invoices.
Our records of such business transactions are stored in accordance with the retention period regulated in Section 132 Paragraph 1 of the Federal Tax Code (currently the last seven financial years). After this retention period has expired, this data will be automatically deleted.
The right to deletion does not apply to these business cases, as the data is automatically deleted after the statutory retention period has expired and deletion or anonymization of the data before the statutory retention period has expired is not permitted in accordance with Section 11 of the Sales Tax Act and Section 131 of the Federal Tax Code (“erasure ban”).
If a customer does not want to disclose the data mentioned and have it processed electronically under the conditions mentioned, we cannot carry out target purchases using credit invoicing. However, the customer can purchase the desired products on an anonymous receipt in compliance with the relevant regulations on prescription requirements and pay in cash or by debit or credit card.
We offer our customers to record them in our regular customer file. The prerequisite for inclusion in our regular customer file is the written consent of the customer through their own declaration of consent. Consent to be included in our regular customer file requires the customer to be of legal age and legally competent. We collect the following data from our regular customers:
This data is processed for the following purposes :
This data is processed on the legal basis of Article 6 Paragraph 1 Letter a (consent) and Article 9 Paragraph 2 Letter a of the General Data Protection Regulation.
Records of business transactions with regular customers are stored in accordance with the retention period regulated in Section 132 Paragraph 1 of the Federal Tax Code(that is currently the last seven financial years). After this retention period has expired, this data will be automatically deleted. Regular customers are automatically deleted from our regular customer file if no business transactions have been recorded with the regular customer and the new regular customer was created more than three years ago. If a regular customer exercises his right to deletion, the records of business transactions will be retained for the retention period regulated in Section 132 Paragraph 1 of the Federal Tax Code, but the regular customer will be deleted and the affected business cases will be anonymized. Delivery notes and invoices in accordance with point 2.1.2 of this data protection declaration are excluded from this anonymization. Furthermore, the data remains in accordance with point 2.1.
There is no legal or contractual requirement to be listed as a regular customer in our pharmacy, to disclose the data mentioned or to use the services mentioned for regular customers. If a customer does not want to be listed as a regular customer in our pharmacy, the services mentioned as processing purposes cannot be provided.
Every time the website is accessed, access data is stored in a log file, the server log. The data record stored contains the following information: date and time of access, IP address, session ID, website accessed, name of the website from which the website was accessed and information about the website used.
We only evaluate these log files in the event of misuse of the website and therefore reserve the right to subsequently check the log files of users who are specifically suspected of using our website illegally and/or in breach of contract. In general, we cannot assign this data to a specific person. If such an assignment is possible, we will only use this data in cases where there is a corresponding legal basis (balancing of interests in individual cases). This data is processed in particular on the legal basis of Article 6 Paragraph 1 lit f GDPR (legitimate interests of the controller). The data in the server log is generally processed for a period of 30 days.
In connection with the operation of the website, the following processors work for the controller:
In addition to the specifically listed recipients, other processors may also be used in connection with the provision of this website in the future (e.g. hosting providers, shop operators, payment service providers) if they offer sufficient guarantees for lawful and secure data use and contractually undertake to do so to comply with the principles and legal regulations described in this data protection declaration. If necessary, the data from the server log can be transmitted to the responsible courts and/or (security) authorities as well as professional party representatives.
We use cookies on our website to enable the use of certain functions of the website. Cookies are small text files that are stored on your computer. We use cookies to make our offering user-friendly. Some of the cookies we use are deleted from your hard drive at the end of the browser session (session cookies). Other cookies remain on your computer and enable us to recognize your computer on your next visit (long-term cookies).
You can completely prevent the storage of cookies by setting your browser accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
If you do not want cookies to be stored on your computer, please deactivate the storage of cookies in your browser for our website or set your browser so that cookies are generally not stored on your computer. Cookies that have already been saved can also be deleted in your browser.
The following categories of cookies are used on our website:
To make it easier for you to browse our website, we may use a so-called session ID (English: session identifier ), which is assigned to each visitor at the beginning of each use of the website. This session ID is used by our server to recognize you or your computer/browser as the same visitor, despite your IP address possibly having changed in the meantime. This session ID enables several related requests from a user to be assigned to a session.
Storage period: The session ID cookie we use is only valid until the end of a session. It is automatically deleted when you close your browser.
If you confirm the cookie notice displayed on our website with “OK”, the fact of this confirmation will be saved in a separate cookie. As long as this cookie is stored on your device, the cookie notice will not be displayed again. It is still possible to access the relevant information in our data protection declaration.
Storage period: 400 days
Third-party services are also linked on our website. With regard to these services, personal data may only be used by the providers mentioned below, who are not the responsibility of the provider of this website. Further information can be found in the data protection declaration of the respective provider:
Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
https://www.facebook.com/privacy/explanation
Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland
https://privacy.google.com/businesses/controllerterms/mccs/
Further information about these cookies, their use and storage period can be found in your “privacy settings” in the Consent Manager – the links to them can be found above under 2.2.3 of this data protection declaration.
If you use the contact form on our website, we process the data you provide (name, email address, telephone number, content of your request) to process your request and any follow-up questions. The legal basis for the use of this data is the fulfillment of the contract or the implementation of pre-contractual measures within the meaning of Art. 6 Para. 1 lit. b GDPR and our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR. The data mentioned will be stored for as long as necessary for the purposes mentioned. We will not pass on the data processed in this context to third parties without your consent, unless this is necessary to fulfill the contract or to carry out pre-contractual measures. If your inquiry does not result in an order,
If you send us an inquiry by email, we will process the data you provide (name, email address, content of your inquiry) to process your inquiry and any follow-up questions. The personal data you provide is necessary to fulfill the contract or to carry out pre-contractual measures. The legal basis for data processing is therefore Article 6 Paragraph 1 lit b GDPR. If your request does not result in an order being placed, this data will be deleted after three months at the latest.
You have the option of subscribing to our newsletter, emails and other electronic messages (collectively “newsletter”). For this we need your name and email address. The purpose of the processing is advertising and direct marketing for us, our offers and our services (e.g. by email or post). We send newsletters exclusively on the basis of the recipient’s consent or other legal permission. When registering for the newsletter, you declare that you agree to receive the newsletter and the processing of the required data. The content specifically described when registering for the newsletter, which in particular includes information about promotions and offers, our services and us, is decisive for the consent of the recipient. The legal basis for this data processing is therefore consent in accordance with Article 6 Paragraph 1 lit a GDPR. As soon as you have registered for the newsletter, we will send you a confirmation email with a link to confirm your registration (double opt-in). Your confirmation prevents anyone from logging in with a third-party email address. In order to prove that our registration process complies with legal requirements, we log your registration for the newsletter. For this purpose, we store your IP address including the time of registration and confirmation as well as any changes to data from your shipping service provider. We will send you a confirmation email with a link to confirm your registration (double opt-in). Your confirmation prevents anyone from logging in with a third-party email address. In order to prove that our registration process complies with legal requirements, we log your registration for the newsletter. For this purpose, we store your IP address including the time of registration and confirmation as well as any changes to data from your shipping service provider. We will send you a confirmation email with a link to confirm your registration (double opt-in). Your confirmation prevents anyone from logging in with a third-party email address. In order to prove that our registration process complies with legal requirements, we log your registration for the newsletter. For this purpose, we store your IP address including the time of registration and confirmation as well as any changes to data from your shipping service provider.
If consent is not required, the newsletter will be sent on the basis of our legitimate interests in direct marketing to the extent permitted by law (existing customer advertising). The commissioning of a service provider to send emails is based on our legitimate interests in secure and efficient newsletter delivery. The registration process is recorded based on our legitimate interests to demonstrate that it was carried out in accordance with the law. The legal basis in this case is our legitimate interests (Article 6 (1) (f) GDPR).
In order to optimize our offer, we evaluate which contents of the newsletter are particularly interesting based on the recipient. As part of individual profiling, the opening of certain content or click behavior in the newsletter is recorded and evaluated. In order to provide you with targeted information, we also collect and process voluntarily provided information about areas of interest, birthday, zip code, etc.
In connection with sending the newsletter, the following processor works for us:
CleverReach GmbH & Co. KG, //CRASH Building
Schafjückenweg 2, 26180 Rastede, Germany
www.cleverreach.com/de
www.cleverreach.com/de/datenschutz
The registration process is recorded on the basis of our legitimate interests for the purpose of providing evidence of its proper execution.
The data will be processed while consent is valid. You can of course unsubscribe from the newsletter and your consent to the storage of the data as well as its use to send the newsletter at any time, i.e. revoke your consent and/or object to further receipt. The revocation can be done via a link at the end of each newsletter or by sending a message to the contact options listed here. We will then immediately delete your data in connection with sending the newsletter, but we are entitled to store your email address for up to three years in order to prove your original consent. In this case, your email address will only be processed to defend against any claims.
We use, among other things, tools from companies based in the USA or other third countries that are not secure in terms of data protection. When these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that a level of data protection comparable to the EU cannot be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.
If and to the extent that we use personal data concerning you, you are particularly entitled to the following rights in relation to such data:
Separately, we would like to point out your right to object (Article 21 GDPR) : If your particular situation gives rise to reasons that make the use of your personal data, which we use on the basis of a balance of interests, inadmissible, you have the right to object to this data usage. If your personal data is used for direct advertising, you have the right to object.
If you have any questions or uncertainties regarding your rights or your personal data, you can contact us at any time at the following email address: office@nikolaus-apotheke.at
To protect your data, we have taken appropriate technical and organizational data security measures, which are regularly reviewed and adapted to technological progress. Our entire data collection and processing is characterized by data protection-friendly default settings through appropriate technical design (data minimization). These measures include, among other things, ensuring the confidentiality, integrity and availability of data by ensuring and monitoring physical and electronic data access and handling, as well as data entry, distribution and separation. We have also implemented measures to ensure the availability of data, internal processes for rapid, Complete and legally compliant processing and safeguarding of the rights of those affected have been implemented and a procedure for data leaks (“data breach”) has been established. We also take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
All of your personal data is transmitted to our server encrypted using the Secure Socket Layers (SSL) security process. This protects the information from unauthorized access when transmitted over the Internet. This technology offers the highest level of security and is therefore also used by banks, for example, for data protection in online banking. You can tell that data is being transmitted encrypted by the closed display of a key or lock symbol in the bottom status bar of your browser.
However, we would like to point out that due to the technical conditions of the Internet, it cannot be ruled out that the rules of data protection and data security are not observed by other people or organizations whose actions are not within our sphere of influence and responsibility.
This website contains links to other websites. If you click on such a link that leads to third party websites, please note that these websites have their own data protection regulations. Please check the privacy policy when using these websites as we accept no responsibility or liability whatsoever for third party websites.
Since changes to the law or changes to our internal company processes may require an adjustment to these data protection regulations, which we reserve the right to do, we ask you to read this data protection declaration regularly with regard to any changes.
Shipment
Austria
Pick up at the pharmacy
Free delivery (from EUR 80,- order value) Shipping by parcel service: € 15.00
Germany
Shipping by parcel service: € 20.00
Free shipping (from EUR 100,- order value)
Benelux countries
Shipping by parcel service: € 20.00
Free shipping (from EUR 120,- order value)
Switzerland Shipping Austrian Post: € 30.00
Monday - Friday:
8:30 – 12:30 Hrs &
14:30 – 18:30 Hrs
Saturday:
8:30 – 12:30 Hrs
Sundays and holidays:
16:00 – 18:00 Hrs
Tel.: +43 5253 43310
Fax: +43 5253 43310 4
office@nikolaus-apotheke.at