Privacy Policy

Version date: 3 Nov 2020

1. General information

The protection of your personal data is very important to us. We process your personal data only on the basis of the legal provisions (GDPR, Swiss Federal Law on Data Protection, Austrian Telecommunications Act 2003).

We use information about you, i.e. personal data (“data” in the following) to provide you with our website, for processing sales of our products, and to provide our services. The term “processing” refers to any use of the data, such as the collection, storage, handling or deletion of personal data.

With this Privacy Policy, we are happy to tell you about the processing of your personal data and about the claims and rights you have according to data protection law.

The person responsible for processing your personal data is:

LENUS Pharma GesmbH

Seeböckgasse 59

1160 Vienna

Tel .: +43 (1) 405 14 19

Fax: +43 (1) 405 14 19-20

office@lenuspharma.com

www.lenuspharma.com

For all complaints, questions and suggestions on the topic of data protection, you can contact us at any time using the contact details provided.

2. Data processing within the framework of our websites and our online shop

2.1. General information

On our websites and in our online shop, we process the data that you provide us with (e.g. when you order something), logs (our servers logs inquiries for security reasons) and cookies (small text files that are stored on your device and contain information that help us to recognize you).

The server our website runs on is operated by CureIT – Alexander Kacer, who is thus the data processor.

Some cookies are provided by third parties. You can block these third-party cookies in your browser. Instructions for the main browsers can be found here:

Firefox: here

Chrome: here

Internet Explorer: here

Safari: In Apple Safari, third-party cookies are blocked by default.

2.2. Data processing for the operation and security of our websites and our web shop (server logs):

2.2.1.Server logs

Purpose of data processing: When you visit our website, the server collects usage data. These data are called server logs. This technology makes it possible for you to connect to our server and use our website. This data is also used to prevent and analyze attacks.

The following server logs are collected: The IP address of the device requesting a connection, plus the date, the time, the request, name and URL of the file being requested, the amount of data sent to you, a message providing information as to whether the request was successful, data identifying the browser and operating system used, and the website from which the request was made (if a link was used to access our website). The unique device numbers (IMEI numbers) of mobile devices are may also be recorded.

The legal basis for data processing: Your data is processed based on our legitimate interest in ensuring service operation and system security.

Recipient of the data: The server our website runs on is operated CureIT – Alexander Kacer’s IT service center, which is therefore the data processor. In the event of a hacker attack, data from the server logs will be given to the crime investigation authorities. This data is not otherwise passed on to third parties.

Further information: The server logs are stored for no longer than 6 months.

2.3. Data processing for marketing purposes:

2.3.1.Web analysis

We use the service providers listed below to process data about how you use our websites and our online shop so that we can adapt them as best as possible to your interests.

  • Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analytics stores the following cookies on your device:

Name: Duration: Purpose:
_ga 2 years Contains a randomly generated user ID. Using this ID, Google Analytics can recognize returning users on this website and merge the data from previous visits.
_gid 24 hours Contains a randomly generated user ID. Using this ID, Google Analytics can recognize returning users on this website and merge the data from previous visits.
_gat 1 minute Certain data is only sent to Google Analytics a maximum of once per minute. The cookie has a lifespan of one minute. As long as it is set, certain data transfers are prevented.
_dc_gtm_xxx 1 minute Certain data are only sent to Google Analytics a maximum of once per minute. The cookie has a lifespan of one minute. As long as it is set, certain data transfers are prevented.
_gat_gtag_xxx 1 minute Certain data is only sent to Google Analytics a maximum of once per minute. The cookie has a lifespan of one minute. As long as it is set, certain data transfers are prevented.
_gac_xxx 90 days This cookie is set when a user clicks on a Google ad on the website. It contains information about which ad was clicked, so that achieved successes such as Orders or contact requests can be assigned to the ad.
IDE 1 year Contains a randomly generated user ID. Using this ID, Google can recognize the user across different domains across different websites and display personalized advertising.

Purpose of data processing: Google Analytics stores cookies so that it can recognize you and create personalized user statistics about what you do on a website. We have also activated Google’s “anonymize IP” module. With this, the IP address assigned to you in the EU is anonymized by Google.

Google Analytics stores the following cookies on your device: 

The legal basis for data processing: The data is processed based on your consent. You can use your browser settings to opt out of cookies. If you do not do this, we will assume you have consented to the use of cookies.

Recipient of the data: The information generated by the cookie about your use of the website is usually transferred to a Google server in the USA and stored there. The level of protection used to transfer the cookies is based on the standard contractual clauses per Article 46 of GDPR. You can find more information about the standard contractual clauses and suitable/appropriate guarantees by visiting https://privacy.google.com/businesses/processorterms/. Google acts on our behalf as a data processor and is only permitted to use the transmitted data for processing of specific tasks. It is contractually obliged by us to comply with data protection law.

Further information: You may prevent cookies being stored by setting your browser software accordingly; however, we would like to point out that if you do this, you may not be able to use all functions of the websites in their entirety. Furthermore, you can prevent the websites using data generated by the cookie (including your anonymized IP address) from being recorded by Google, and thus also the processing of such data by Google, by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en).

  • Google Tag Manager

On our website, we use the Google Tag Manager tool provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Tag Manager makes it possible for us to manage website tags via an interface. Google Tag Manager itself (which implements the tags) is a domain that does not use cookies. The tool triggers other tags. These in turn may collect data. Google Tag Manager does not access these data. If deactivated at the domain or cookie level, it will persist for all Google Tag Manager tracking tags. The data is processed based on your consent. You can use your browser settings to opt out of cookies. If you do not do this, we will assume you have consented to the use of cookies. Data is only sent to Google with your consent.

The IP address transmitted by your browser via Google Tag Manager is not merged with other data. For this website, we have set Google Tag Manger to only transmit your data to Google anonymously. This ensures that your IP address is masked and that all data is collected anonymously. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. The level of protection used to transfer the cookies is based on the standard contractual clauses per Article 46 of GDPR. You can find more information about the standard contractual clauses and suitable/appropriate guarantees by visiting https://privacy.google.com/businesses/processorterms/. Google acts on our behalf as a data processor and is only permitted to use the transmitted data for processing of specific tasks. It is contractually obliged by us to comply with data protection law.

  • Facebook Pixel

On this website we use Facebook Pixel, an analysis tool by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook Pixel is used to evaluate the behavior of users who have reached our website via a Facebook ad. This can be used to improve and measure the success of our Facebook ads. Our site also uses Facebook Pixel to send advertisements to people who have interacted with our website in the past. The data is processed based on your consent. You can use your browser settings to opt out of cookies. If you do not do this, we will assume you have consented to the use of cookies.

Facebook Pixel stores the following cookies on your device:

Name: Duration: Purpose:
_fbp 3 months Used by Facebook to display a range of advertising products, such as real-time bids from third party advertisers.

With Facebook Pixel, Facebook is notified about a visit to our website so that visitors to Facebook can see relevant ads. If you have a Facebook account and are logged in, your visit to this website will be linked to your Facebook account. The data is processed based on your consent. You can use your browser settings to opt out of cookies. If you do not do this, we will assume you have consented to the use of cookies. Data is only sent to Facebook with your consent.

Facebook Ireland and the site operator are jointly responsible for processing your data. Said data are processed to create site insights regarding a visit or other interaction with a site or associated content, in keeping with Article 26 of GDPR. This applies to the following:

– Facebook Ireland and the site operator have entered into an agreement that defines each party’s respective duties under GDPR. This agreement is available at https://www.facebook.com/legal/terms/page_controller_addendum.

– Facebook Ireland and the site operator have agreed that Facebook Ireland is responsible for providing the information processed for site insights and for ensuring you can exercise the rights granted to you under GDPR. Facebook and the site operator have agreed that Ireland’s Data Protection Commission is the ultimate regulatory body for information processed for site insights. You can find more information about your rights and how to exercise them on https://www.facebook.com/policy.php.

More information on Facebook Pixel and the precise scope and purpose of the data processing can be found in Facebook’s privacy policy at https://www.facebook.com/policies/cookies.

You must be logged in to Facebook to change your Facebook ad settings on https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

  • Amazon Pay

We use Amazon Pay in our online shop. This is an online payment service provided by Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg (“Amazon Payments”). With Amazon Pay, we offer an additional payment option to our online customers. With Amazon Pay, customers on our online shop can pay without having to create a customer account or enter their account details. Amazon customers can use the details already stored in their Amazon account. This makes the ordering and payment process significantly simpler. We contract Amazon Pay to process your payments to us.

Amazon Pay stores the following cookies on your device:

Name: Duration: Purpose:
amazon-pay-connectedAuth session These cookies are necessary so that we can offer you the Amazon Pay payment method.
apay-session-set 1 year This cookie is used in connection with the payment window. The cookie is required for secure transactions on the website.

The legal basis for data processing: The data is processed based on your consent. You can use your browser settings to opt out of cookies. If you do not do this, we will assume you have consented to the use of cookies.

Recipient of the data: The information generated by the cookie about your use of this online shop is transferred to Amazon Pay and used to process the payment.

More information on Amazon Pay and the precise scope and purpose of the data processing can be found in Amazon Pay’s privacy policy at https://pay.amazon.co.uk/help/201212490?ld=NSGoogle.

  • Paypal

We use PayPal on our online shop. It is an online payment service provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg (“PayPal”). With PayPal, we offer an additional payment option to our online customers. With PayPal, customers on our online shop can pay without having to create a customer account or enter their account details. PayPal customers can use the details already stored in their PayPal account. This makes the ordering and payment process significantly simpler. We contract PayPal to process your payments to us.

PayPal stores the following cookies on your device:

Name: Duration: Purpose:
akavpau_ppsd session This cookie is provided by PayPal. The cookie is used in connection with transactions on the website and is necessary for secure transactions.
paypal-offers—country 2 days Used by PayPal to implement payments. The cookie facilitates financing offers that are presented when checking out and paying.
ts session Used in connection with the PayPal payment function on the website. The cookie is necessary to enable a secure transaction via PayPal.
ts_c session Is used in connection with the PayPal payment function on the website. The cookie is necessary to enable a secure transaction via PayPal.

The legal basis for data processing: The data is processed based on your consent. You can use your browser settings to opt out of cookies. If you do not do this, we will assume you have consented to the use of cookies.

Recipient of the data: The information generated by the cookie about your use of this online shop is transferred to PayPal and used to process the payment.More information on PayPal and the precise scope and purpose of the data processing can be found in PayPal’s privacy policy at https://www.paypal.com/at/webapps/mpp/ua/privacy-full

2.4. Data processing as part of our social media activities:

We use social media plugins. These enable us to display interactive elements or content (e.g. text, graphics, images and videos) from social media services. With these plugins, data – including personal data – can be transmitted to the social media service providers and used by them if required.

The data is processed based on your consent. You can use your browser settings to opt out of cookies. If you do not do this, we will assume you have consented to the use of cookies.

We are currently using social media plugins for the following services:

YouTube: We use YouTube plugins on our website. The plugins are able to display interactive elements or content (e.g. videos, graphics or text). With these plugins, data may be transmitted to and used by YouTube. Data is only sent to YouTube with your consent.

YouTube stores the following cookies on your device:

Name: Dauer: Purpose:
__Secure-3PSID 2 years YouTube is a platform for the provision and publication of videos and belongs to Google. YouTube collects user data through videos embedded in websites that are merged with profile data from other Google services. In this way, website visitors can be shown targeted advertising via a wide range of own and third-party websites.
__Secure-3PAPISID 2 years YouTube is a platform for the provision and publication of videos and belongs to Google. YouTube collects user data via videos embedded in websites that are merged with profile data from other Google services. In this way, website visitors can be shown targeted advertising via a wide range of own and third-party websites.
IDE 1 year YouTube is a platform for providing and publishing videos and is owned by Google. YouTube collects user data through videos embedded in websites that are merged with profile data from other Google services. In this way, website visitors can be shown targeted advertising via a wide range of own and external websites.
YSC session YouTube is a platform for the provision and publication of videos and belongs to Google. YouTube collects user data via videos embedded in websites that are merged with profile data from other Google services. In this way, website visitors can be shown targeted advertising via a wide range of own and third-party websites.
PREF 2 years YouTube is a platform for providing and publishing videos and is owned by Google. YouTube collects user data via videos embedded in websites that are merged with profile data from other Google services. In this way, website visitors can be shown targeted advertising via a wide range of own and third-party websites.
GPS 1 month YouTube is a platform for providing and publishing videos and is owned by Google. YouTube collects user data via videos embedded in websites that are merged with profile data from other Google services. In this way, website visitors can be shown targeted advertising via a wide range of own and third-party websites.
VISITOR_INFO1_LIVE 6 months YouTube is a platform for the provision and publication of videos and belongs to Google. YouTube collects user data via videos embedded in websites that are merged with profile data from other Google services. In this way, website visitors can be shown targeted advertising via a wide range of own and third-party websites.

More information on YouTube and the precise scope and purpose of the data processing can be found in Google’s privacy policy at https://policies.google.com/privacy. The data processor is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

2.5. Other third party providers

We also use the following third-party providers to improve our website:

  • Google Maps: By integrating Google Maps, we can show you Google’s maps service directly on our website, making it possible for you to use the map feature. Via Google Maps integration, data can be sent to and in some cases used by Google. Data is not automatically transmitted to Google when you visit our website.

The data is processed based on your consent. You can use your browser settings to opt out of cookies. If you do not do this, we will assume you have consented to the use of cookies. Data is only sent to Google if you consent to its use.

More information on Google Maps and the precise scope and purpose of the data processing by Google can be found in Google Inc.’s privacy policy at https://policies.google.com/privacy. The data processor for the transfer recipient is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

  • Issuu: By integrating Issuu, we can show you Issuu Inc’s publication service directly on our website, making it possible to show you online magazines and articles. The goal here is to communicate with readers via an attractive design. Via Issuu integration, data may be sent to and used by Issuu.

The data is processed based on your consent. You can use your browser settings to opt out of cookies. If you do not do this, we will assume you have consented to the use of cookies. Data is only sent to Issuu with your consent.

Issuu stores the following cookies on your device:

Name: Duration: Purpose:
Iutk 10 years Issuu’s analytics system uses cookies, log file data and embedded codes to collect data on visitor activity on Issuu products. Issuu uses this data to improve the services it offers to its users.

You can find more information on this at https://issuu.com/legal/privacy.

More information on Issuu and the precise scope and purpose of the data processing can be found in Issuu’s privacy policy at https://issuu.com/legal/privacy. The data processor is Issuu Inc 131 Lytton Ave, Palo Alto, CA 94301, United States.

3. Data processing in the context of business operations:

3.1. We process your personal data as provided to us by you as follows (information provision duty per Article 13 of GDPR):

3.1.1 Data processing for contact:

Purpose of data processing: If you contact us (e.g. by email or telephone), we will process the data thus provided by you only to the degree necessary to process and respond to your inquiry.

The legal basis for data processing: Your data is processed as part of contractual and/or pre-contractual activities or is based on our legitimate interest, in this case to organize a response to your inquiry.

Recipient of the data: The data will be transferred only if required for responding to your inquiry.

Further information: We process your data only as required for responding to your inquiry and then, in case of any follow-up inquiry, for a further seven years after your most recent contact.

3.1.2. Data processing in the context of the customer account:

Purpose of data processing: When you register on our website, we process the data thus provided to establish a contractual business relationship and to provide the services we offer.

The legal basis for data processing: Your data is processed as part of contractual and/or pre-contractual activities.

Recipient of the data: The data will only be transferred to third parties under the condition that you have given your separate consent to the transfer.

Further information: You can delete your account at any time. When your account is delete, we will delete your data.

3.1.3. General data processing for customer orders:

Purpose of data processing: If you order something from us, we process your data to process the order, to grant discounts, to respond to questions you sent to us as part of the order, and for formal handling of business matters we must take care of as part of the business relationship.

The legal basis for data processing: Your data is processed as part of contractual activities or on the legal basis of a business relationship (and/or the execution of the latter). Data you provide as part of a discount program is processed by us based on our legitimate interest. Our legitimate interest is the promotion of product sales.

Recipient of the data: In those cases in which transfer of your relevant data is required for performance of the contract or for legal reasons, the recipients fall into the following categories:

  • Banks
  • Legal representatives
  • Chartered accountants, auditors and tax advisors
  • Courts
  • Supervisory authorities
  • Debt collection agencies
  • External financers
  • Contract and business partners
  • Insurers
  • Statistik Austria
  • Transport companies
  • Suppliers
  • Data center as the data processor

Further information: We process your data only for the period contractually or legally required (e.g. tax and company law rata retention requirements). We generally retain data for seven years.

3.2. We process your personal data as provided to us by third parties as follows (information provision duty per Article 14 of GDPR): 

3.2.1. Data processing for evaluation of medical data:

Source of the data: We receive the data via sale of our products to our clients.

Purpose of data processing: To evaluate the products prescribed by doctors and to compile statistics.

We process the following categories of data: Name and contact information of the prescribing doctor and prescribed products.

The legal basis for data processing: The data is processed based on our legitimate interest in improving and supporting product sales.

Further information: We generally retain these data for three years.

4. Your rights

4.1. The right to information about the stored data per Article 15 of GDPR

You have the right request confirmation of whether we process your personal data. If this is the case, you have the right to receive information about said personal data and other information relating to said processing.

4.2. 4.2. The right to rectification of inaccurate data per Article 16 of GDPR

If we process your personal data and said data is no longer correct or is incomplete, you can request correction or completion of said data.

4.3. Right to deletion of data per Article 17 of GDPR

If the legal preconditions are met, you can request the deletion of your personal data.

4.4. Right to restriction of processing per Article 18 of GDPR

If the legal preconditions are met, you may request the restriction of the processing of your personal data.

4.5. Right to data portability per Article 20 of GDPR

If the legal preconditions are met, you can request the transfer of your personal data in a structured, common and machine-readable format.

4.6. The right to object to data processing that is unreasonable per Article 21 of GDPR

On grounds relating to your particular situation, you have at all times the right to object to the processing of your personal data as processed by us either as part of a task in the public interest or based on legitimate interest per Article 6 (1)(f) of GDPR.

4.7. Right to revoke consent 

If the data is processed based on a declaration of consent, you may opt out at any time without affecting the lawfulness of the processing carried out on the basis of the consent prior to revocation.

4.8. Right to Complain to a Data Protection Authority

If you believe that the processing of your personal data by us violates applicable data protection law or if your data protection rights have otherwise been violated in any other way, you can complain to the supervisory authority (Austrian Data Protection Authority). The address is:

Austrian Data Protection Authority

Barichgasse 40-42

1030 Vienna, Austria

Telephone: +43 1 52 152-0

Email: dsb@dsb.gv.at

5. Further information:

We ask you to provide these data as we need them for the contractual processing of sales of our goods and provision of our services and/or to provide you with information you have requested from us or to send our newsletter and other information.

If you do not provide the data, we cannot provide our services.

Required information is marked with an asterisk (*). All other information is optional. If you do not provide your personal data – that marked with an asterisk or otherwise marked as required – it will mean that we cannot provide our service or the product requested.

Automated decision making – including profiling – is not used. In the event that we process your personal data for purposes other than the ones for which they were collected, we will notify you and inform you of this other purpose.