Privacy Policy

1. Our Privacy Policy at a glance

General Information

The following information provides a simple overview of what happens with your personal data when you visit this website. Personal data is any data by which you can be personally identified. Detailed information on data protection can be found in our Privacy Policy below.

Data collection on this website

Who is responsible for data collection on this website?

Data is processed on this website by the website operator. The operator’s contact details can be found in the website’s legal notice.

How do we collect your data?

Your data will be collected when you communicate it to us. This could, for example, be data you enter in a contact form.

Other data is collected either automatically by our IT systems or with your consent when you visit the website. This data is primarily technical data (such as the browser and operating system you are using or when you accessed the page). This data is collected automatically as soon as you visit this website.

What do we use your data for?

Part of the data is collected to ensure proper functioning of the website. Other data can be used to analyse how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients and the purpose of its collection at no charge. You also have the right to request that it be corrected or deleted. If you have given your consent to data processing, you may revoke this consent at any time. You also have the right to request that the processing of your personal data be restricted under certain circumstances. You also have the right to file a complaint with the competent regulatory authorities.

For this purpose, as well as further questions on the subject of data protection, you can contact us at any time at the address given in the legal notice.

Third-party analytics and tools

When visiting our website, your browsing behaviour may be statistically analysed. This occurs primarily through the use of analytics.

You can find detailed information on these analytics in the following Privacy Policy.

2. Hosting and content delivery networks (CDN)

External hosting

This website is hosted by an external service provider (hosting provider). The personal data collected on this website is stored on the hoster’s servers. This information is primarily IP addresses, contact requests, meta and communication data, contract data, contact details, names, instances of website access, and other data generated via a website.

The hosting provider is used to fulfil the contract with our potential and existing customers (Article 6 Para. 1, lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online service by a professional provider (Article 6, Para. 1 lit. f of the GDPR).

Our hoster will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.

We use the following hoster:

STRATO AG
Pascalstraße 10
D-10587 Berlin

Conclusion of a contract for order processing

To ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

3. General notes and mandatory information

Privacy Policy

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this Privacy Policy.

If you use this website, various pieces of personal data will be collected. Personal data is data with which you can be personally identified. This Privacy Policy explains what information we collect and what we use it for. It also explains how and for what purpose this is done.

Please note that the transfer of data on the internet (e.g. communication via email) may be subject to security gaps. Complete protection of data against access by third parties is not possible.

Note on the data controller

The data controller for this website is:

GALENpharma GmbH
Wittland 13
D-24109 Kiel

Telefon: 0431 58518-0
E-Mail:

The data controller is a physical or legal person who decides on the goals and methods of processing personal data (e.g., names, email addresses) either alone or in tandem with others.

Storage period

Unless a specific storage period is specified in this Privacy Policy, your personal data will remain with us until the purpose for the processing of data no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have any other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, the deletion takes place after these reasons no longer apply.

Information on data transfer to the USA

Tools from companies based in the USA are integrated on our website. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a secure “third country” under EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. As such, it cannot be ruled out that US authorities (for example, intelligence services) process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities.

Withdrawing your consent for the processing of your data

Many data processing operations are only possible with your express consent. You may withdraw your consent at any time. The legality of the data processing performed prior to your withdrawal of consent remains unaffected by said withdrawal.

Right to object to the collection of data in special cases and to direct advertising (Article 21 GDPR)

IF DATA IS PROCESSED ON THE BASIS OF ARTICLE 6 (1) (E) OR (F) OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS SPECIFIC TO YOUR INDIVIDUAL CIRCUMSTANCES. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21, PARA. 1 GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA PERTAINING TO YOU FOR THE PURPOSE OF SUCH ADVERTISING. THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS ASSOCIATED WITH THIS KIND OF DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION UNDER ARTICLE 21 (2) GDPR).

Right to lodge a complaint with the responsible supervisory authority

In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, workplace or place of presumed infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to have data which we process on the basis of your consent or in fulfilment of a contract automatically delivered to you or to a third party in a standard, machine-readable format. If you request the direct transfer of data to another data controller, this will only occur if it is technically feasible.

SSL and TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognise an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Disclosure, deletion, and correction

As permitted by law, you have the right to be provided with information free of charge at any time about your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected or deleted. You can contact us for this at any time at the address given in the legal notice and for further questions regarding personal data.

Right to limitation of the data processing

You have the right to request that the processing of your personal data be restricted. For this purpose, you can contact us at any time at the address given in the legal notice. The right to restrict processing exists in the following cases:

• If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
• If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
• If you have filed an objection pursuant to Article 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

Where processing of your personal data has been restricted, such data, apart from being stored, may be processed only with your consent, or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person, or on the grounds of an important public interest of the European Union or a member state.

Objection to advertising emails

The use of contact details published in accordance with the legal notice requirement for the sending of advertising and information material not expressly requested is hereby objected to. The website operators expressly reserve the right to take legal action in the event of unsolicited sending of promotional material, for example spam emails.

4. Data collection on this website

Cookies

Our websites use so-called cookies. Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

In some cases, cookies from third-party companies can also be stored on your device when you enter our website (third-party cookies). These enable us or you to use certain third-party services (e.g. cookies for processing payment services).

Cookies perform various different functions. Many cookies are necessary for technical reasons, as certain website functions cannot work without them (for example, the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, for example for the shopping basket function) or to enhance the website (for example, cookies to measure web audience) are stored on the basis of Article 6 para. 1, lit. f of the GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies to ensure the fault-free and optimised provision of its services. If consent to the storage of cookies has been requested, the cookies concerned are stored exclusively on the basis of this consent (Article 6 Para. (1) lit. a of the GDPR; consent may be revoked at any time.

You can configure your browser to inform you about the use of cookies so that you can accept or reject cookies on an individual basis, to automatically accept cookies under certain conditions or always reject them, and to automatically delete cookies when you close your browser. Disabling cookies may limit your ability to use some of the functions of this website.

In the event that third party cookies are used or if cookies are used for analytical purposes, we will separately notify you in conjunction with this Data Protection Policy and, if applicable, ask for your consent.

Server log files

The website provider automatically collects and stores information in so-called ‘server log files’, which your browser automatically transmits to us. These are:

• Browser type and version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

These data will not be combined with data from other sources.

These data are collected on the basis of Art. 6 6(1)(f) GDPR. The website operator has a legitimate interest in the technically correct display and optimisation of its website; for this purpose, the server log files must be stored.

Contact form

f you send us enquiries via the contact form, your details from the enquiry form, including the contact details you have provided there, will be stored by us for the purpose of processing the enquiry, as well as in the event of follow-up enquiries. We do not pass on these data without your consent.

This data is processed on the basis of Article 6 (1) (b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6 (1) (f) GDPR) or your consent (Article 6, para. 1 lit. a GDPR) if this was requested.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage is no longer applicable (e.g., after processing your request). Any mandatory statutory provisions – especially those regarding mandatory data retention periods – remain unaffected by this provision.

Contact via email, telephone or fax

If you contact us by email, phone or fax, your request, including all ensuing personal data (name, nature of enquiry), is stored and processed by us for the purposes of processing your request. We do not pass on this data without your consent.

This data is processed on the basis of Article 6 (1) (b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6 (1) (f) GDPR) or your consent (Article 6, para. 1 lit. a GDPR) if this was requested.

We will retain the data you provide in the contact form until its deletion is requested, your consent for storage is revoked or the purpose for its storage is no longer applicable (e.g., after the handling of your enquiry has been completed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

5. Analysis tools and advertising

Matomo (formerly Piwik)

This website uses the open-source web analytics service Matomo. Matomo uses technologies that enable the cross-page recognition of the user to analyse user behaviour (e.g., cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before it is stored.

With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This allows us, among other things, to determine when which pages were accessed and from which region they originate. In addition, we collect various log files (e.g., IP address, referrer, browsers and operating systems used) and can measure whether visitors to our website perform certain actions (e.g., clicks, purchases).

The use of the analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If respective consent has been requested (for example, consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; consent may be revoked at any time.

Hosting

We only host Matomo on our own servers, so all analysis data remains with us and is not passed on.

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that we can use to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create any user profiles, does not save any cookies and does not carry out any independent analyses. It serves only for the administration and display of the tools integrated through it. However, Google Tag Manager records your IP address, which can also be transmitted to Google’s parent company in the United States.

Google Tag Manager is used on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in the quick and easy integration and management of various tools on its website. If a corresponding consent has been requested, processing takes place exclusively on the basis of article 6 para. 1 lit. a GDPR; consent may be revoked at any time.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites if the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed on the basis of the user data available at Google (such as, for example, location data and interests) (target group targeting). As a website operator, we can evaluate this data quantitatively, for example by carrying out an analysis of which search terms have led to the display of our advertisements and how many advertisements have resulted in the corresponding clicks.

The use of Google Ads is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most effective marketing of its service products.

The data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Conversion-Tracking

This website uses Google conversion tracking. The provider is Google Ireland Limited (hereinafter referred to as “Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, we and Google can recognise whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly often. This information is used to generate conversion statistics. We find out the total number of users who clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

Google conversion tracking is used on the basis of Art. 6 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If respective consent has been requested (for example, consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 1 lit. a GDPR; consent may be revoked at any time.

For more information on Google AdWords and Google conversion tracking, please refer to Google’s Privacy Policy at: https://policies.google.com/privacy?hl=de.

Proven Expert

We have integrated rating seals from ProvenExpert on this website. The provider is Expert Systems AG, Quedlinburger Str. 1, 10589 Berlin, https://www.provenexpert.com/de-de/datenschutzbestimmungen/.

The ProvenExpert seal allows us to display customer reviews submitted to our company via ProvenExpert directly on our website in the form of a seal. When visiting our website, a connection is established to ProvenExpert’s servers. As a result, ProvenExpert receives the information that you have accessed our website. In addition, your language settings will be transmitted in order to display the seal in the language that suits you.

The use of ProvenExpert is based on Art. 6 para. 1 lit. f GDPR, as the website operator has a legitimate interest in a transparent and comprehensible presentation of customer reviews. If appropriate consent has been obtained, the processing is also based on Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG (Telecommunications Digital Services Data Protection Act) – in particular if the consent includes the storage of cookies or access to information in the user’s terminal device (e.g., by means of device fingerprinting) in accordance with TDDDG. This consent can be revoked at any time.

Last updated: April 2025