Privacy Policy regarding the Facebook Fanpage

1. General information and scope of this privacy policy

This privacy policy applies to the processing of personal data in the context of our Facebook fanpage.

This fanpage is an account of our company, which is provided to us by Facebook Ireland Ldt. (hereinafter "Facebook"). Through this platform, our company offers a platform for the users of Facebook and other people who visit our Facebook fanpage. We also use this fanpage to get in touch with potential customers as well as followers to our fanpage.

When using the fanpage, as it is often called Insights Data are collected through the “Page Insights”-application.

By using this application, personal data are collected with the help of which we, the controller, are able to view statistical evaluations on the use of our fanpage.

When collecting this Insights Data, personal data are processed. This processing is jointly handled by Facebook and us within the meaning of Art. 26 GDPR. The essential content and respective obligations set out in the agreement between Facebook and us is explained below.

 

1.1 Personal data (Art. 4 No. 1 GDPR)

The subject of data protection is personal data (hereinafter also data). That means any information relating to an identified or identifiable natural person. That includes, for example, information such as name, address, profession, e-mail address, health status, income, marital status, genetic characteristics, phone number and possibly also user data such as the IP address.

 

1.2 Controller (Art. 4 No. 7 GDPR, Art. 26 GDPR)

Controller of processing personal data in the context of the use of the Facebook fanpage (hereinafter fanpage) is the Sebapharma GmbH & Co. KG (hereinafter we, operator or controller) jointly together with Facebook.

Our contact details are:

Sebapharma GmbH & Co. KG

Represented by: Dr. Rüdiger Mittendorff

Binger Str. 80

56154 Boppard

Phone: +49 (0) 6742 – 9000

Fax: +49 (0) 6742 - 9001 76

E-Mail: info@sebamed.de

 

The contact details of Facebook are:

Facebook Ireland Ltd.

Represented by: Gareth Lambe, Shane Crehan

4 Grand Canal Square

Dublin 2, Irland

Company registration: 462932

Registered in Ireland (Companies Registration Office)

 

1.3 Data protection officer:

We have appointed a data protection officer. He can be contacted under: datenschutz@m-consecom.de.

Facebook did appoint a data protection officer. You are able to contact the data protection officer via this link.

 

1.4 Grade of responsibility

Facebook agrees to take primary responsibility under the GDPR for the processing of Insights Data and to comply with all applicable obligations under GDPR with respect to the processing of Insights Data. Facebook lines out the essence of this Page Insights Addendum available to you under the following link.

Facebook solely determines the purposes and means of data processing in the context of Page Insights.

For further information, please use the following link.

 

 

1.5 Right to object

You have, at any time, the right to object to the processing of your data.

For your objection you can choose to contact either us or Facebook. If you chose to contact us, please use the e-mail set out in the contact details. We will forward all relevant information promptly to Facebook.

Please note that in the event of your objection, the use and access of the fanpage may be limited or fully restricted.

 

2. Use and access of the fanpage, purpose and legal basis for the processing

2.1 Page-Insights

When accessing this fanpage, Facebook Insights Data (statistics on access to our fanpage) will be provided to us by Facebook. Those statistics do not allow us to identify you personally and / or to assign you to your Facebook user account.

This feature is an integral part of our User Agreement with Facebook, which means that we cannot unilaterally decide whether the Insights Data are collected or not.

The personal data is collected by cookies. Cookies are small data packets, which usually consist of letters and numbers and which are stored in a browser when visiting the fanpage. Cookies do not contain any personally identifiable information. However, the information about you stored by the operator may be associated with the information received from you.

By using cookies, information about users who do not have a Facebook account can be stored.

Further information about Page Insights can be found here:
www.facebook.com
www.facebook.com
 

You can restrict cookies or modify cookie options by modification of the browser settings. Thereby you can also initiate the automatic deletion of cookies when closing the browser window.

If you use the Facebook app, you can modify the cookie settings through apps in your mobile device settings.

Information on the legal basis and purpose of the processing by Facebook and the respective retention period can be found here:
www.facebook.com
www.facebook.com
 

As far as your data is processed by us in the context of Page Insights, the admissibility of this processing is justified with Art. 6 para. 1 f) GDPR.

The legal justification for such processing is based on Art. 6 para. 1 f) GDPR under which processing is lawful when it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The legitimate interests of the controller involve the evaluation of data gained by Page Insights as well as to understand user traffic on the fanpage and thereby improving the service offered by the fanpage.

The Insights Data are provided to us anonymously. This means that the personal data collected is modified, so that it can only with a disproportionate amount of time, cost and manpower be assigned to a specific or identifiable natural person or your Facebook user account. If you are registered on Facebook, provision of your personal data is contractually required. The provision of your data is therefore mandatory. Consequence of failure to provide is that you cannot use your Facebook account.

If you are not a registered user to Facebook, provision of your personal data is not contractually, nor legally required. However, failure to provide may result in the restriction of the access to our fanpage.

 

2.2 Communication with us via the fanpage

The fanpage also allows you to contact us via the chat function, like buttons and the opportunity to comment on our fanpage. When getting in touch with us, the name is displayed, which is stored in your Facebook profile as a user name. The legal justification for such processing is based on Art. 6 para. 1 f) GDPR under which processing is lawful when it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.  The legitimate interests of the controller involve the processing of data for the purpose of communication with Facebook users.

Under certain circumstances, the data disclosed by you will also be stored in our customer management system. This usually happens whenever you make a request to us to prepare or perform a contract with us. The legal justification for the use of this data processing is based on Art. 6 para. 1 b) GDPR, according to which processing is lawful when it is necessary for fulfilling a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract. The provided data are necessary to perform a contract or to take steps prior to a contract.

The provision of your data is neither statutory, nor contractually required nor required for a contract. You are not required to provide this information. However, provision of the data is required in order to contact the operator in the described way. The processed personal data will be deleted after expiry of the statutory retention periods, unless the controller has a legitimate interest in the further storage. In any case, only those data will be stored that are absolutely necessary for achieving the corresponding purpose. If possible, personal data will be anonymised.

 

3. Right to access, rectification, erasure, restriction, objection and data portability

As part of the use of the fanpage, you have the right to assert all rights described in this chapter both to Facebook and to us. As part of the agreement that exists between us as the controller of the fanpage with Facebook, we will, as far as Facebook alone has to comply with your data subject rights, we will forward your request promptly to Facebook.

3.1 Right to access (Art. 15 GDPR)

You have the right to obtain information as to whether or not personal data concerning you are being processed, and, where that is the case, you have the right to access further information as set out in Art. 15 GDPR.

 

3.2 Right to rectification (Art. 16 GDPR)

You have the right to obtain rectification of your personal data without undue delay.

 

3.3 Right to erasure (Art. 17 GDPR)

You have the right to obtain the deletion of your personal data. The operator is obliged to delete personal data immediately, if one of the requirements set out in Article 17 paragraph 1 a) -f) GDPR applies.

 

3.4 Right to restriction of processing (Art. 18 GDPR)

You have the right to obtain the restriction of processing when one of the requirements of Art. 18 para. 1 a)– d) is met.

 

3.5 Right to objection (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data that is based on Art. 6 para. 1 e) or f), including profiling based on those provisions. We will no longer process your personal data unless that we demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or if processing is used for the establishment, exercise or defence of legal claims.

Where your personal data are processed for advertising purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such advertising. For your objection, please use the e-mail mentioned above.

 

3.6 Right to data portability (Art. 20 GDPR)

You have the right to receive information about your personal data that you have provided to a controller, in a structured, commonly used and machine-readable format. And you also have the right to transmit these data to another controller without hindrance from the controller to which the personal data have been provided, so long as the processing is based on consent pursuant under Art. 6 para. 1 a) GDPR, Art. 9 para. 2 a) GDPR or on a contract pursuant under Art. 6 para. 1 b) GDPR and if the processing is carried out by automated means.

 

4. Revocation of your Consent

If you have provided your consent to the processing of your personal data and withdraw this consent, processing that has taken place until the time of withdrawal remains unaffected.

 

5. Right to appeal

You have, at any time, the right to appeal to the competent supervisory authority.

 

6. Recipients

The data collected when accessing and using the fanpage and the information you provide when contacting us will be transmitted to Facebook and stored there. In certain situations, your data may be shared with the following categories of recipients:

  • Persons / departments under responsibility of the controller (employees / internal departments)
  • Data processors
  • Contractual partners

The controller does not or does not plan to transmit personal data to third-party states.

 

7. Third party content and websites

When visiting the fanpage, linked content to websites of third parties may be displayed. The controller has no access to the cookies or other functions used by this content or third parties. Such third party sites are not subject to this privacy policy.

 

Date of this policy: XX.XX.XXXX

 

Date of the fanpage controller addendum: 26.11.2018