1. Data privacy at a glance
Data collection on this website
Who is responsible for data collection on this website?
How do we capture your data?
Your data is gathered, on the one hand, through your sharing it with us. This may be data you enter in a contact form, for example.
Other data are captured by our IT systems automatically or following your consent when you visit our website. These are primarily technical data (e.g. internet browser, operating system or time the page was viewed). This data is captured automatically, as soon as you access the website.
What do we use your data for?
Some of the data is captured for the purpose of ensuring the website is made available free of any glitches. Other data may be used to analyse your user behaviour.
What rights do you have in relation to your data?
You have the right at any time to receive information on the source, recipients and purpose of the personal data we have stored about you. You also have the right to request the rectification or erasure of that data. If you have given your consent to this data being processed, you may withdraw such consent at any time with future effect. In addition, you have the right, in certain circumstances to request that the processing of your personal data is restricted.
Furthermore, you have the right to lodge a complaint with the responsible supervisory authority. On that, and for any other questions on the subject of data privacy, please contact us at any time.
Analytics and tools of third-party providers
When you visit this website your surfing behaviour may be statistically evaluated. This primarily occurs using “analytics” programs.
This website is hosted by an external service provider (host). The personal data that are captured on this website are stored on the host’s servers. These can include IP addresses, contact requests, meta- and communications data, contract data, contact data, names, website hits and other data that are generated about a website. The host is deployed in performance of a contract to which our potential and existing customers are parties (Art. 6(1)(b) GDPR) and in the interests of the secure, fast and efficient provision of our website by a professional provider (Art. 6(1)(f) GDPR). Our host will only process your data to the extent necessary to meet its performance obligations and follow our instructions in relation to these data.
We use the following host:
Mittwald CM Service GmbH & Co. KG
Königsberger Strasse 4-6
We have entered into an order processing agreement (OPA) with the above provider. This is a contract that is required under data privacy law which ensures that the provider only processes the personal data of visitors to our website in line with our instructions and in compliance with the GDPR.
3. General advice and mandatory information
We refer to the fact that the transfer of data on the internet (for example, in e-mail communications) may not be fully secure. It is not possible to completely protect data against access by third parties.
Information on the Controller
The controller of the data processing on this website is:
Wachter’s Naturheilmittel GmbH
Rheinzaberner Str. 8
Tel.: 0049-(0)7272 – 77 67 29 64
The controller is the natural or legal person who decides, alone or with others, on the purposes for which personal data (for example, names, e-mail addresses etc.) are processed and the means used to do this.
Storage time limit
Information on data transfer to the USA and other third countries
Among other things, we use tools of companies based in the USA or other third countries that are not secure in terms of data protection laws. Where these tools are in use, your personal data can be transferred to these third countries and processed there. We remind you that in these countries there can be no guarantee of a level of data privacy comparable to that within the EU.
For example, US companies have an obligation to share personal data with security agencies without you as the data subject being able to take legal action against this. It is therefore impossible to rule out the possibility of US agencies (for example, intelligence agencies) processing, evaluating and permanently storing any data of yours located on US servers for surveillance purposes. We have no influence over such processing.
Withdrawal of your consent to data processing
Many aspects of data processing are only possible with your express consent. You may at any time withdraw any consent previously given. The legality of the data processing that occurred up until consent was withdrawn is not prejudiced by such withdrawal of consent.
Right to object to data collection in certain cases and to direct marketing (Art. 21 GDPR)
WHERE YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING; THIS INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT YOUR PERSONAL DATA IS THEN NO LONGER USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).
Right to lodge a complaint with the responsible supervisory authority
In case of breaches of the GDPR, data subjects have a right to complain to a supervisory authority, specifically in the member state in which they are habitually resident, that of their workplace or the place where the alleged breach occurred. The right of complaint exists irrespective of any other remedies under administrative law or through the courts.
Right to data portability
You have the right to have data that we process by automated means, based on your consent or in performance of a contract, transmitted to a third party in a commonly used and machine-readable format.
Where you request the direct transfer of the data to another controller, this only happens to the extent this is technically feasible.
SSL- or TLS encryption
For security reasons and to protect the transfer of confidential content, such as orders or requests that you send us or the webpage operator, this webpage uses SSL- or TLS encryption.
You can recognise an encrypted connection by the fact that the address line in the browser changes from “http://” to “https://” and the padlock symbol in your browser line.
If the SSL- or TLS encryption is activated, the data you send us cannot be read by third parties.
Information, erasure and rectification
Within the framework of the applicable legal provisions, you have the right at any time to information free of charge about your stored personal data, its source and recipients and the purpose for which the data is processed and, where relevant, a right to rectify or erase that data. On that, and for any other questions on the subject of personal data, please contact us at any time.
Right to restrict the processing of data
You have the right to request that the processing of your personal data is restricted.
On that, please contact us at any time. The right to restrict the processing of data arises in the following circumstances:
If you challenge the accuracy of your personal data stored with us, we normally required time to review this.
While the review is ongoing, you have the right to request that the processing of your personal data is restricted.
If your personal data is/was processed illegitimately, you can request that the data processing is restricted instead of the data being erased.
If we no longer need your personal data, but you still need it to establish, exercise or defend your legal claims, you have the right to request the restriction of the processing of your personal data instead of your data being erased.
If you have made an objection under Art. 21(1) GDPR, a balancing needs to be undertaken of your and our interests. Until it is ascertained whose interests prevail, you have the right to request that the processing of your personal data is restricted.
Where you have restricted the processing of your personal data, apart from their storage, these data may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
4. Data collection on this website
Our internet pages use “cookies”. Cookies are small text files and do not damage your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are erased automatically when you leave the website. Permanent cookies remain stored on your end device until you erase them yourself or they are automatically deleted by your web browser. In some cases, cookies belonging to third parties can be stored on your end device if you access our site (third-party cookies). These enable you or us to use certain services of the third party (e.g. cookies for the processing of payments). Cookies have a variety of functions. Many cookies are required for technical reasons as certain website functions would not work without them (e.g. the goods basket function or the showing of videos). Other cookies serve to evaluate user behaviour or to show advertising. Cookies that are necessary for the implementation of the electronic communications process (essential cookies) or for the provision of certain functions you require (functionality cookies, e.g. for the goods basket function) or for website optimisation (e.g. cookies to measure the online audience) are stored on the basis of Art. 6(1)(f) GDPR unless a different legal ground is indicated. The website provider has a legitimate interest in the storage of cookies for the purpose of optimised delivery of its services free of technical errors. Where consent to the storage of cookies is requested, the relevant cookies are stored solely on the basis of that consent (Art. 6(1)(a) GDPR); consent may be withdrawn at any time.
You can set your browser to notify you when cookies are installed and you only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic erasure of cookies when the browser closes down. Where cookies are deactivated, this may limit the functionality of this website.
Cookie consent with Cookiebot
Our website uses the Cookiebot cookie consent technology to obtain your consent to the storage of certain cookies on your end device and to document them in compliance with data privacy requirements.The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (“Cookiebot”). When you access our website, a connection is created with the Cookiebot servers for the purpose of obtaining your consents and other statements in relation to cookie use. Cookiebot then stores a cookie in your browser to be able to allocate the consents or, if relevant, their withdrawal to you. The data captured in this way are stored until you ask us to delete them, you delete the Cookiebot cookie itself or the purpose of the data storage ceases to apply. This is without prejudice to mandatory legal retention obligations.
Cookiebot is used to obtain the legally prescribed consents to the deployment of cookies. The legal ground for this is Art. 6(1)(c) GDPR.
Server log files
The webpage provider collects and automatically stores information in “server log files” that your browser sends us automatically. These are:
Browser type and browser
Version of the operating system used
Hostname of the accessing computer
Time of the server request
These data are not merged with other data sources.
These data are captured on the basis of Art. 6(1)(f) GDPR. The website provider has a legitimate interest in the presentation of its website free of technical glitches and in the optimisation of its website – which means server log files need to be captured.
Where you send us requests via a contact form your information from the contact form, including the contact data provided by you, is stored for the purpose of processing the request and in case of follow-up questions. We do not share these data without your consent.
These data are processed on the basis of Art. 6(1)(b) GDPR to the extent your request is connected with the performance of a contract or with steps preceding entry into a contract.
In all other cases, processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) where this was requested.
The data you enter in the contact form remain with us until you ask us to erase it, withdraw your consent to its storage or the purposes of the data storage cease to apply (e.g. once your request has been fully processed). This is without prejudice to mandatory legal requirements, particularly retention periods.
5. Analytics and marketing
Google Tag Manager
We use Google Tag Manager. Its provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool we use to integrate tracking or statistics tools and other technologies onto our website. Google Tag Manager itself does not create any user profiles, store any cookies or carry out any independent analyses. It serves solely to manage and present the tools that are embedded though it. However, Google Tag Manager does capture your IP address which can also be transferred to Google’s parent company in the United States.
Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website provider has a legitimate interest in the rapid and straightforward integration and operation of different tools on its website. Where such consent has been requested, processing occurs solely on the basis of Art. 6(1)(a) GDPR; consent may be withdrawn at any time.
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website provider to analyse the behaviour of visitors to the website.This means the website provider obtains a variety of usage data such as, or example, page views, length of time spent on the website, operating systems used and where the user comes from. Google consolidates these data into a profile which is allocated to the particular user or the latter’s end device.
Google Analytics uses technologies that enable the re-recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information captured by Google about the use of this website are normally transferred to a Google server in the USA and stored there.
These analysis tools are used on the basis of Art. 6(1)(f) GDPR. The website provider has a legitimate interest in analysing user behaviour in order both to improve its online presence and its marketing. Where such consent has been requested (e.g. consent to the storage of cookies), processing occurs solely on the basis of Art. 6(1)(a) GDPR; consent may be withdrawn at any time.
The transfer of data to the USA is based on the standard contractual clauses of the EU Commission.
You can find details here:
We have activated the IP anonymisation function on this website. This means that Google abbreviates your IP address within the European Union member states or in other signatories to the Agreement on the European Economic Area prior to it being sent to the USA. Only in exceptional cases is the full IP address transferred to a Google server in the USA and abbreviated there. On behalf of the provider of this website, Google will use this information to evaluate your usage of the website, compile reports on website operations and to carry out further services for the website operator associated with the use of the website and of the internet. Google does not merge the IP address sent from your browser as part of the operation of Google Analytics with any other data.
You can prevent Google from capturing and processing your data by downloading and installing the browser plugin available via the following link:
We have entered into a contract with Google for the processing of orders and fully comply with the strict requirements of the German data privacy authorities in our use of Google Analytics.
Storage time limit
Data stored with Google at user and event level that are linked to cookies, user recognition (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, android advertising ID) are anonymised or erased after 14 months. Please see the details under the following link:
Google AdSense (non-personalised)
This website uses Google AdSense, a service that embeds advertisements. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use Google AdSense in its “non-personalised” version. Unlike the personalised version the advertisements therefore do not depend on your user history and no user profile is created for you. Instead, “context information” is used in the choice of advertising.
The selected advertisements are then targeted, for example, at your location, the content of the website you are on or your current search terms. For more information on the differences between personalised and non-personalised targeting using Google AdSense, see:
Please note that when using Google Adsense in its non-personalised version, cookies or similar recognition techniques (e.g. device fingerprinting) may be used. According to Google, these are used to combat scams and abuse.
AdSense is used on the basis of Art. 6(1)(f) GDPR. The website provider has a legitimate interest in the most efficient marketing of its website. Where such consent has been requested, processing occurs solely on the basis of Art. 6(1)(a) GDPR; consent may be withdrawn at any time.
The transfer of data to the USA is based on the standard contractual clauses of the EU Commission.
You can find details here:
You can adjust your advertising settings yourself within your user account. Just click on the following link and log in:
Vigilanz bedeutet die Erkennung, Bewertung, das Nachvollziehen und die Vorbeugung von Nebenwirkungen oder anderen medizinischen Problemen.
Wenn Sie unerwünschte Ereignisse oder andere vigilanzrelevante Informationen durch ein Produkt melden, werden wir diese Daten ausschließlich zum Zwecke der Vigilanz verwenden und anonymisiert weitergeben. Hierzu ist ein standardisiertes Vorgehen mittels SOP („Standard Operating Procedure“) verbindlich und ein Verzeichnis der Verarbeitungstätigkeiten gem. DS-GVO gültig.
Die Gesellschaft ist verpflichtet, vigilanzrelevante Informationen an die europäischen Gesundheitsbehörden zu melden. Rechtsgrundlage: Art. 6 (1) c) und für Überweisungen außerhalb der EU Art. 6 (1) f) und Art. 49 (1) e) DSGVO.
Die Meldungen werden die Details über den Vorfall enthalten, jedoch nur begrenzte personenbezogene Daten:
- Meldequelle: Initialen, Organisationsart (Apotheke, Klinik etc.), Qualifikation (Apotheker, Arzt, Patient etc.), Ort, Land
- Patient: Initialen, Geburtsdatum, Alter, Geschlecht, Größe, Gewicht, ggf. Informationen zu Schwangerschaft, Krankheitshistorie, Reaktion