NEW on-site collection concept at 360Grad Pharmacy: Find out now →
cs_CZ Czech
cs_CZ Czech

Privacy Policy

1. Responsible person:

360Grad-Apotheke
Jan Preuss e.K.
Bonner Straße 237
40589 Düsseldorf

Legal form: e.K.
Phone: (0211) 4187 3252
Fax: (0211) 69549020
HRA Number: HRA 27134

E-Mail: [email protected]

2. Pharmacy Data Protection Officer:

Krause Security Technology & Data Protection GmbH

Michael Illhardt
Alter Weg 25
58091 Hagen
Phone: 02337 911778
Fax: 02337 911779
E-Mail: [email protected]
Homepage: https://www.dk-buero.de

3. Categories Disability

  1. Visitors to the site
  2. Stakeholders
  3. Customers
  4. Business partners (natural persons)
  5. Employees of business partners (for companies)

4. Purposes of processing and legal basis for processing

  1. Performance of a contract or performance of pre-contractual measures pursuant to Article 6(1)(b) GDPR.
  2. The fulfilment of a legal obligation to which the controller is subject in accordance with Article 6(1)(c) GDPR.
  3. Processing for the purposes of health care and health care or treatment in accordance with Article 9(2)(h) of the GDPR.
  4. Representing the legitimate interests of the responsible person or third party in accordance with Article 6(1)(f) of the GDPR, as opposed to the conflicting interests of the data subject. Such legitimate interests are in particular:
    • Protection against misuse, fraud and other criminal or administrative offences by the person concerned to the detriment of the responsible person or a third party;
    • Risk management, security;
    • Security measures taken in the operation of the website and the provision of our services;
    • Investigating and, if necessary, asserting, defending and enforcing our legal claims (including debt recovery procedures), in particular communicating with lawyers, auditors, tax advisors, etc.
    • Sending direct mail in accordance with the requirements of Section 7(2) and (3) of the Unfair Competition Law (UWG).
    • Analysis and optimization of our service provision;
    • Processing of our contractual relationship with the employer of the person concerned, if the person concerned is an employee of our contractual partner.
    • Customer analysis, management of our services and internal operations such as troubleshooting, data analysis, testing, research and statistical purposes.
    • Communicate with you about our services.
    • Assessing your creditworthiness
    • Managing payments and customer relations and compliance with internal procedures
  5. Consent in accordance with Article 6(1)(a) GDPR, for example, when sending newsletters and other advertising materials that do not fall within the scope of Section 7(2) and (3) UWG.

5. Categories of personal data processed:

  1. To the extent that we have a contractual relationship with the data subject or the data subject's employer or the contractual relationship is in the process of being established, we generally process the following categories of personal data: master data (e.g. names and addresses),
    • Master data (name, address)
    • Contact details (e.g. email addresses and phone numbers),
    • Contract details (e.g. services used, other content of the contract, contractual communications, names of contact persons)
    • Payment details (e.g. IBAN, etc.).
  2. In particular, we process special categories of personal data, in particular health data in accordance with Article 9 of the GDPR. This applies not only when the person concerned sends us a prescription, but also when selling over-the-counter medicines or other medicinal products, as the necessity of the preparation may in certain circumstances indicate the respective health situation of the person concerned.
  3. Once you provide us with a prescription (upload, paper prescription), we process the data contained therein. This usually includes your master data and insurance details (address, date of birth, insurance number, health insurance company, insurance status); the prescribed medicine; instructions for taking the prescribed medicine; details of the dispenser (doctor, hospital, practice); notes on interchangeability (the so-called Aut-Idem field); In the case of a change (substitution) of the medicine, we will supplement the prescription with information about the medicine (actually) dispensed to you.
    • The provision of the categories of personal data listed under (a) to (c) is contractually required and in some cases also required by law if you wish to purchase medicines. Failure to provide the information may mean that we are unable to fulfil your order or request.
  4. We also process personal data that you send us as part of enquiries or other communication requests. In this respect, Article 13(5) GDPR applies.
  5. Collection of access data and log files: we (or our web hosting provider) collect data about each access to the server (so-called server log files). Server log files include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, the URL of the referring page (the previously visited page) and usually include the IP address and the requesting provider.

Server log files can be used for security purposes, e.g. to prevent server overloading (especially in case of misuse attacks, so-called DDoS attacks) and on the other hand to ensure server utilization and utilization. stability.

6. Categories of data recipients:

  1. Suppliers,
  2. Payment service providers, in particular:
    • Total Processing Ltd, 111 Piccadilly, Manchester, M1 2HY Company number: 09841252, Website: https://www.totalprocessing.com/ Privacy Policy: https://www.totalprocessing.com/privacy-notice/ Any legal disputes in connection with the processing of the Card shall be governed by German law.
    • PrivatCard AG, Mörsenbroicher Weg 200, 40470 Düsseldorf, the pharmacy's billing centre, the data (name, address, date of birth and date of delivery of the prescription) will be forwarded. Information on data protection
  3. IT service providers, in particular:
    • Klavyo Inc., for sending newsletters. Since receiving newsletters requires your consent in accordance with Article (1) (a) GDPR, we provide information about Klavyo Inc. separately in the context of obtaining consent.
  4. Logistics companies, in particular:

    4. The appropriate treating physician (if any questions about the prescription are necessary).

    In addition, we use processor-bound instructions in the framework of contracts pursuant to Article 28 GDPR.

    7. Special features when concluding a contract for the shipment of goods

    If you order medication from us, your personal data will be passed on to the shipping company responsible for delivery. Only the data that the respective service provider needs to perform its task will be transferred. The legal basis is Article 1 paragraph 1 letter b GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures. If you have given your consent according to Article 6 paragraph 1 letter a GDPR, we will forward your email address to the contracted shipping company so that they can inform you by email about the shipping status of your order. You can withdraw your consent at any time.

    In the event of loss or damage to the delivered medicine, we will forward your billing information to the contracted shipping company for investigation and determination of the value of the goods. The medicine to be delivered together with your contact details may potentially allow conclusions to be drawn about your medical condition. The legal basis for the processing is Article 9(2)(h) in conjunction with Article 9(2)(f) GDPR.

    8. Transfer to a third country

    The provision of our services does not in principle require the international transfer of personal data outside the European Union/European Economic Area. However, we work with partners who are based or at least have their parent company in a third country where the level of data protection is considered inadequate by the EU Commission. In this regard, the relevant contractual documentation between us and the relevant partner complies with the requirements of Chapter V of the GDPR. If you have any specific questions, please contact our Data Protection Officer.

    9. Storage time

    In principle, we only retain the relevant personal data for as long as the relevant statutory retention period obliges us to do so.

    In the absence of specific statutory retention periods, we retain your personal data for the normal limitation period of 3 years.

    When processing personal data on the basis of explicit consent pursuant to Article 6(1)(a) GDPR, the data will be stored until the data subject withdraws his or her consent.

    If there are statutory retention periods for data that are processed under legal obligations or obligations similar to transactions based on Article 6(1)(b) GDPR, these data will normally be deleted after the expiry of the retention periods, provided that we are no longer obliged to perform the contract or initiate the contract and/or we have no legitimate interest in further storage.

    When processing personal data on the basis of Article 6(1)(f) GDPR, the data will be retained until the data subject exercises his or her right to object in accordance with Article 21(1) GDPR, unless we can provide compelling legitimate grounds for the processing to demonstrate that the interests, rights and freedoms of the data subject override those of the data subject or the processing is for the establishment, exercise or defence of legal claims.

    When processing personal data for the purpose of direct advertising on the basis of Article 6(1)(f) GDPR, the data will be stored until the data subject exercises his or her right to object in accordance with Article 21(2) GDPR. .

    Unless otherwise stated in other information in this statement about specific processing situations, the stored personal data will be deleted as soon as they are no longer needed for the purposes for which they were collected or otherwise processed.

    10. Cookies and tracking tools

    For a detailed description of the cookies and tracking tools we use on the site, please refer to our Consent Management Tool, which is immediately displayed when you first visit the site so that you can set your data processing preferences. You can access the Consent Management Tool again at any time (scroll to the bottom of the site) to change your preferences or to re-read individual information.

    11. Shopping in the online pharmacy store

    If there is a link to the shop via this website, please note the shop's data protection regulations.

    12. Rights of the disabled

    As a data subject, you have various rights under the GDPR, in particular under Articles 15 to 21 of the GDPR:

    • Right to object: You have the right to object at any time to the processing of your personal data carried out on the basis of Article 1(e) or (f) of the GDPR for reasons arising from your particular situation.
    • Right to withdraw consent: You have the right to withdraw your consent at any time.
    • Right to information: you have the right to request confirmation of whether the relevant data is being processed and to receive information about that data, as well as other information and a copy of the data in accordance with legal requirements.
    • Right to correction: In accordance with legal requirements, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.
    • Right to erasure and restriction of processing: you have the right to request the immediate erasure of the data concerning you or, where applicable, to request restriction of processing in accordance with legal requirements.
    • Right to data portability: you have the right to receive the data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with legal requirements or to request that it be transferred to another responsible person.
    • Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedies, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of your data concerning your personal data violates the requirements of the GDPR.

    Responsible supervisory authority for data protection:

    State Commissioner for Data Protection and Freedom of Information for North Rhine-Westphalia

    Kavalleriestraße 2-4
    40213 Düsseldorf
    Phone: 02 11/384 24-0
    Fax: 02 11/384 24-999
    E-Mail: poststelle{at}ldi.nrw{dot}de
    Homepage: https://www.ldi.nrw.de

    13. Changes to the Privacy Policy

    This data protection declaration may be amended as required by legal requirements or changed processing practices.

    Medical cannabis delivered to your home. Get your cannabis prescription filled at our cannabis dispensary.
    CONTACT
    Naturecan LTD Bank Chambers,
    St. Petersgate, Stockport,
    England SK1 1AR

    EU Phone number: 0203 808 6988

    Operating hours: 9am - 5pm, Monday to Friday
    Naturecan LTD Bank Chambers, St. Petersgate, Stockport, England SK1 1AR