Handling of personal data
At Grünenthal, we believe transparency is the foundation of trustful collaboration. Below we’ll provide you with information on how we handle your personal data when you use our website. We handle your personal data because this is necessary to make certain functionalities of our website available and give you the best possible experience. Unless otherwise indicated, the legal basis for the handling of your personal data results from our legitimate interest to make available the functionalities of the Website requested by you and to promote our business interests, according to (Art. 6(1)(f) General Data Protection Regulation).
Using our Website
1.1.1 Accessing our Website
When you call up our Website, your browser will transfer certain data to our web server. This is done for technical reasons so that we can make the information you request available. In particular, the following data are collected, briefly stored and used:
- IP address
- Date and time of access
- Time zone difference to Greenwich Mean Time (GMT)
- Content of request (specific site)
- Status of access/HTTP status code
- Transferred volume of data
- Website requesting access
- Browser, language settings, version of browser software operating system and surface
We will also store such data for a limited period of time so that we are able to initiate a tracking of personal data in the event of actual or attempted unauthorized access to our servers (Art. 6(1)(f) General Data Protection Regulation).
1.1.2 Setting of cookies
What are cookies?
Our website uses so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser. They store certain information (for example your preferred language or site settings). Your browser may retransmit these to us when you revisit our website, depending on the lifespan of the cookie.
What cookies do we use?
We differentiate between two categories of cookies: (1) functional cookies which are necessary for the functionality of our website and (2) optional cookies. These are used for website analysis and marketing purposes.
The following overview contains a detailed description of the optional cookies we use:
|Tool||Purpose and content||Lifespan|
|Website analysis with Sitecore Experience Analytics||These cookies assign a randomly generated ID to your device when you login to the website and accept tracking on the cookie pop-up banner. This enables us to recognize your device next time you visit, so that you do not have to login multiple times during one session. For details on website analysis please see the respective chapter below.||Duration of session: This cookie is deleted as soon as your browser is closed|
|Tool||Purpose and content||Lifespan|
|Website analysis with Google Analytics (GRT-tracking-consent):||Website analysis with Google Analytics:
These cookies assign a randomly generated ID to your device when you accept tracking on the cookie pop-up banner. They track the user on the website and feed back to Google Analytics. This enables us to recognize your device next time you visit. For details on website analysis please see the respective chapter below.
|Cookie||Purpose and content||Lifespan|
|grt-tracking-consent||Tracking cookie used for Google Analytics||12 months|
Subject to your consent
We only use optional cookies if we have obtained your prior consent (Art. 6(1)(a) General Data Protection Regulation). When you visit our website for the first time, a banner will appear asking you to give us your consent to the setting of optional cookies. If you consent, we will place a cookie on your computer and the banner will not appear again as long as the cookie is active. After expiration of the cookie’s lifespan, or if you actively delete the cookie, the banner will reappear the next time you visit our website and will again ask you for your consent.
How to prevent the setting of cookies in general
1.1.3 Website Analysis
This Website uses the web analytics service “Sitecore Experience Analytics” in order to help us continually improve the customer friendliness of our Website. Sitecore uses "cookies" that are stored on your computer and allow your use of the Website to be analysed. The information generated by the cookie on your use of this Website is transmitted to and stored by state of the art secured EU based cloud servers (Azure Cloud, Dublin). You can use a corresponding setting in your browser software to prevent cookies from being saved; we would, however, like to draw your attention to the fact that, if you do so, you may not be able to use all of the functions offered by the website in full.
Google Tag Manager
This Website uses GTM (Google Tag Manager) to initiate and control the connection to Google Analytics. It is used most of all to minimize administrative effort and to analyse reporting problems.
On our Website we use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (hereinafter “Google”). Google will analyse your use of our website on our behalf. To this purpose we use, among others, the cookies described in more detail in the above table. The information collected by Google in connection with your use of our website (for example the referring URL, our webpages visited by you, your browser type, your language settings, your operating system, your screen resolution) will be transmitted to a server of Google in the USA, where it will be stored and analysed. The respective results will then be made available to us in anonymized form. Your usage data will not be connected to your full IP address during this process. We have activated on our Website the IP anonymizing function offered by Google, which will delete the last 8 digits (type IPv4) or the last 80 bits (type IPv6) of your IP address. Moreover, Google is certified under the EU-US Privacy Shield, which ensures that an adequate level of data protection is maintained with respect to the processing of data by Google in the US.
The Google Analytics tracking code implemented on this website supports display advertising. The remarketing function is used for Google Analytics display advertising on this website.
The ads are displayed on the websites by third-party providers including Google. The combined use of first-party cookies (e.g. Google Analytics) and third-party cookies (e.g. DoubleClick cookies) enables us to personalise, adapt and optimise the ads we display on this website based on your previous visits. You can use the Ads Preferences Manager to deactivate Google Analytics for display advertising and adapt ads in the Google Display Network. The following Google AdWords functions are used on this website:
- Interest categories
- Similar target groups
- Other types of interest-based advertising
We use these Google AdWords functions in order to make visitors to this website aware of websites of third-party providers or to address internet users with specific interest profiles, based on their internet usage. We do not gather personal information with our cookies, remarketing lists or other anonymous IDs.
All analytics and remarketing functions are based in your explicit consent and can be managed by the cookie management tool as explained above.
1.1.4 Use of contact forms
You can contact us directly by using the contact forms available on our website. In particular, you may provide us with the following information:
- Name, surname and title
- Address (Street, Postal Code, City)
- Contact data (e.g. e-mail address, phone number)
We collect, process and use the information you provide via the contact forms exclusively for the processing of your specific request. We will store the information you provide to us in contact forms for as long as we are legally obliged to or we can claim a legitimate interest.
The same applies to data you send to us when using one of the designated email addresses indicated on our website.
1.1.5 Subscription to our newsletter
You may subscribe to receive our newsletter from our website. Based on your prior consent, we will collect and use the email address you indicate for providing you with the newsletter (Art. 6(1)(a) General Data Protection Regulation). If you wish to receive a customized newsletter, you may, on a voluntary basis, provide us with the following additional information:
- Name and surname
- Media, Department
- City, Country
- Subject(s) of interest
For subscription to our newsletter we use the so-called double opt-in procedure. After you subscribe to the newsletter, we will send you a message to the indicated email address asking for your confirmation. If you do not confirm your subscription, your subscription will automatically be deleted. In order to prevent any misuse of your personal data, we will log your subscription and confirmation, filing the IP address you use when subscribing, the time of your subscription and confirmation, the messages sent by us regarding your subscription, and the wording of your subscription and confirmation.
You may revoke your consent to receive our newsletter at any time with future effect. To declare that you wish to unsubscribe, you may use the respective link included in all newsletters, or refer to the contacts indicated below.
1.1.6 Limited access for HCPs
Specific information such as details on our treatment modalities are on a protected part of the website that can only be accessed by healthcare professionals (HCPs). Data processing mentioned in this section refers to creating and maintaining personal accounts and the authentication procedure for these accounts. In order to be able to access the content you will have to create an account and identify as HCPs using one of the 3 options, depending on your country of practice:
- Automated third-party systems to approve user access: Doccheck (see their Privacy Statement), Swiss RX (see their Privacy Statement)
- Automated third-party systems that scan a trusted database to validate log-ins: IQVIA/OWA/Onekey (see their Privacy Statement), Big Diploma (see their Privacy Statement)
- Manual check of HCP-status in countries where previous two options are not available)
If your HCP status is confirmed you will receive a confirmation email and you will be able to access the content on the protected part of the website. If the your HCP status is not confirmed by one of the above mentioned methods you will receive a rejection email and you won’t be able to access the content on the protected part of the website.
You will be required to register by entering personal data such as:
- Name and surname (optional)
- Gender (optional)
- User name and password
- Email address
- Organisation name, Address 1, Address 2, Town/city, State/province/county, Postal/zip code, Telephone number, Mobile number, Website (optional)
We process this personal data in order to provide you with an access to our website. They will be deleted in case you ask us to deactivate your user account. Legal basis for this kind of processing of personal data is section 10 of the German Act on the Advertising of Medicinal Products (Heilmittelwerbegesetz) and corresponding laws in the EU.
1.1.7 Subscription to the Pain Toolkit
You may subscribe to receive the Pain Toolkit series of emails from our website. Based on your prior consent, we will collect the information you indicate below for providing you with the Pain Toolkit series of emails and other educational resources (Art. 6(1)(a) General Data Protection Regulation):
- First Name
- Last name
- Email address
- Country of residence
- Preferred language
We are storing this information on secure Grünenthal infrastructure. You may revoke your consent to receive our newsletter at any time with future effect. To declare that you wish to unsubscribe, you may use the respective link included in all newsletters, or refer to the contacts indicated below.
1.1.8 External services or content on our Website
We include third-party services and/or content on our website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons. The respective provider of the services or content may also process your data for own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for own purposes in such a way that either any communication for other purposes than to present their services or content on our website is blocked, or communication only takes place once you have actively opted to use the respective service. However, since we have no control over data collected and processed by third parties, we are not in a position to provide binding information regarding the scope and purpose of such processing of your data.
For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context:
For the purpose of an interactive design of our website third-party content from YouTube and Vimeo is integrated into this website. This serves to safeguard our predominant legitimate interests in a multimedia presentation of our services and our activities in accordance with Art. 6(1)(f) GDPR.
For the purpose of protection against misuse of our web forms as well as against spam we use the Google reCAPTCHA service as part of some forms on this website.
By checking a manual entry, this service prevents automated software (so-called bots) from performing abusive activity on the site. In accordance with Art. 6(1)(f) GDPR the preservation of our justified legitimate interests in the protection of our website against misuse as well as an interference-free representation of our online presence. Google reCAPTCHA is an offer from Google LLC (www.google.com).
Google LLC is headquartered in the United States. This country has an adequacy ruling from the European Commission. This goes back to the EU US Privacy Shield, under which Google LLC is certified. A current certificate can be viewed here: https://www.privacyshield.gov/list.
1.1.9 Information on side effects and quality complaints
Please note that the CHANGE PAIN website is not intended or designed for communications regarding side effects, lack of therapeutic effect, medication errors, grey market products/counterfeit medicine, incorrect or off-label use, quality complaints and/or other issues regarding the safeness or quality of our products. We understand you may wish to report side effects or make a quality complaint. You can do this by either contacting your health care professional (e.g. physician or pharmacist) or your local health authority, or by using the reporting form on our portal dedicated to the reporting of suspected adverse drug. (https://drug-safety.grunenthal.com/ or you may directly contact email@example.com) If you nevertheless report undesirable side effects or other issues regarding the safeness or quality of our products, we will be legally bound to deal with your communication and may have to contact you for clarification purposes. Subsequently, we may have to notify the health authorities and in this context, your information will be forwarded in pseudonymized form, that means no information by which you may be directly identified will be passed on. We may also have to forward these pseudonymized notifications to our group companies and cooperation partners, to the extent these are likewise obliged to notify their respective health authorities.
Legal basis for this kind of processing of personal data is Art. 6(1)(c) GDPR and Art. 9(2)(i) GDPR in conjunction with § 63b of the German Medicinal Products Act (“Arzneimittelgesetz”).
1.1.10 User Surveys
We sometimes conduct user surveys on our website. Participation is voluntary, of course. We use functional cookies to carry out the user surveys. The technical information recorded by the user survey is the same information that is recorded when users visit the website (see above). Your responses submitted during the user survey will not be linked to your personal data such as your IP address.
1.2 Transfer of data for data processing
We will to some extent use specialized service contractors for the processing of your data. We carefully select and regularly monitor such service contractors. They will only process personal data upon our instruction and strictly in accordance with our directives, based on respective data processor agreements.
1.3 Processing of data outside the EU/the EEA
Your data will partly be processed in countries outside the European Union (“EU”) or the European Economic Area (“EEA”). The respective countries may have a lower data protection level than European countries. In such cases, we will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with our contractual partners, or we will ask for your explicit consent to such processing.
2. Information regarding your rights
You have the following rights according to applicable data privacy laws:
- right of information about your personal data stored by us;
- right to request the correction, deletion (provided that we are not legally obliged to keep the data) or restricted processing of your personal data;
- right to object to a processing for reasons of our own legitimate interest, public interest or profiling, unless we are able to proof that compelling, warranted reasons overruling your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defence of legal claims;
- right to data portability;
- right to file a complaint with a data protection authority.
- You may revoke your consent to the collection, processing and use of your personal data at any time with future effect. For further information please refer to the chapters above describing the processing of data based on your consent.
Do you have any questions regarding our data privacy or do you wish to exercise your rights? Then please let us know! You can either use our contact form or get in touch with our company data protection team at the following address: firstname.lastname@example.org
Requests and complaints
If, as the data subject, you have any questions regarding our data privacy or if you do not agree with the way in which Grünenthal or persons at Grünenthal process your data you can get in touch with Grünenthal’s Data Protection Officer by using the following email address: email@example.com
Data Protection Supervisory Authority
You may address questions and complaints also to the Data Protection Supervisory Authority in charge:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
4. Amendment of Privacy Statement
We may update our Data Privacy Statement from time to time and we will publish these updates on our website. They become effective upon publication. So we recommend you regularly visit the site to keep yourself informed on possible amendments.
This Data Privacy Statement was last updated on 24 June 2020.