Grünenthal uses its own and third-party cookies to improve the browsing experience, offer personalized content and improve its services. We use analytics scripts which set tracking cookie, but we will activate these services only with your consent. If you press the button “Accept”, you consent to the use of these analytics scripts.

You can withdraw your consent at any time. To do so, please modify your configurations on this website by following this link to our privacy statement with the configuration options:
Go to settings

Accept

;

Data Privacy Statement

This website, www.grunenthal.com, (hereinafter “website”) is provided by Grünenthal GmbH (hereinafter “we”, “our” or “us”). We respect your privacy and are committed to protecting your information. The privacy policy below discloses our practices regarding information collection and usage solely for the website located at www.grunenthal.com. If you are looking for further information on the provider of this website, please refer to our imprint.

Handling of personal data

At Grünenthal, we believe transparency is the foundation of trustful collaboration. Below we will provide you with information on how we handle your personal data when you use our website. We handle your personal data because this is necessary to make certain functionalities of our website available and give you the best possible experience. Unless otherwise indicated, the legal basis for the handling of your personal data results from our legitimate interest to make available the functionalities of the website requested by you and to promote our business interests, according to (Art. 6(1)(f) General Data Protection Regulation).

Using our Website

1.1.1 Accessing our Website

When you call up our website, your browser will transfer certain data to our web server. This is done for technical reasons so that we can make the information you request available. In particular, the following data are collected, briefly stored and used:

  • IP address
  • Date and time of access
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of request (specific site)
  • Status of access/HTTP status code
  • Transferred volume of data
  • Website requesting access
  • Browser, language settings, version of browser software operating system and surface

We will also store such data for a limited period of time so that we are able to initiate a tracking of personal data in the event of actual or attempted unauthorised access to our servers (Art. 6(1)(f) General Data Protection Regulation).

1.1.2 Setting of cookies

What are cookies?
Our website uses so-called “cookies”. Cookies are small text files that are stored in the memory of your terminal via your browser. They store certain information (for example your preferred language or site settings). Your browser may retransmit these to us when you revisit our website, depending on the lifespan of the cookie.

What cookies do we use?
We differentiate between two categories of cookies: (1) functional cookies which are necessary for the functionality of our website and (2) optional cookies. These are used for website analysis and marketing purposes. The following overview contains a detailed description of the optional cookies we use:

Tool Purpose and content
Website analysis with Matomo, formerly Piwik Analytics These cookies assign a randomly generated ID to your device. This enables us to recognize your device next time you visit.
Cookie Purpose and content Lifespan
Pk_id Used to recognize users who visit the website again. 13 months
pk_session Short lived cookies used to temporarily store data for the visit. 30 minutes

You can enable or disable all the tracking analytics described in this section by clicking the toggle below:

Analytics Tracking: Disable Enable

How to prevent the setting of cookies in general
In your browser, you can configure or completely deactivate the use of cookies at any time. Check out the Help menu of your browser for detailed and up-to-date instructions on how to activate the “no-track” option.

1.1.3 Website Analysis

Matomo

This website uses the web analysis software of Matomo (www.matomo.org).

This software enables us to collect and store data on the basis of our legitimate interest in statistical analysis of user behaviour for purposes of optimisation and marketing. For example, we can see in which sequence certain media content is selected, which webpage a user accesses after using the internal search function and how often a specific device is used to visit our website. Pseudonymous user profiles can be created and evaluated from these data for the same purpose.

We have configured the tool in a way that your IP address is anonymised. We do not create a User ID which would allow us to recognise a user across several devices. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the website visitor and is not combined with personal data about the bearer of the pseudonym. If you do not agree to the storage and evaluation of these data on your visit, you can object to their storage and use at any time.

The data collected with Matomo technology (including your pseudonymised IP address) are processed entirely on our servers. The data is not shared with third parties and neither do we receive information on our visitors from third parties.

We process the data only with your consent. The legal basis for the processing of your personal data for this purpose is Art. 6(1)(a) GDPR. The data will be stored on your device until you choose to delete the cookie or until the cookie expires.

You can prevent the use of this software at any time. To make that choice, please configure the toggle switch above accordingly. In this case, a so-called opt-out cookie will be stored in your browser, which means that Matomo will not collect any session data. Please note that a complete deletion of your cookies will result in the opt-out cookie also being deleted and possibly having to be activated again by you.

LinkedIn

Our online presence uses the “LinkedIn Insight Tag”, an advertising cookie, provided by LinkedIn Corporation (1000 W Maude Ave, Sunnyvale, CA 94085, USA).

We use the LinkedIn Insight Tag to track conversions, retarget website visitors, and unlock additional insights about members interacting with our LinkedIn ads. The LinkedIn Insight Tag enables the collection of metadata such as IP address information, timestamp, and events such as page views. All data is encrypted. The LinkedIn browser cookie is stored in a visitor’s browser until they delete the cookie or the cookie expires. With the help of the LinkedIn Insight Tag we are able to analyse the success of our campaigns within the LinkedIn platform or determine target groups for them based on the interaction of the users with our website. If you are registered with LinkedIn, it is possible for LinkedIn to associate your interaction with our online services with your user account. You can permanently opt out on this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

For more information on the LinkedIn Privacy Policy, go to: https://www.linkedin.com/legal/privacy-policy.

LinkedIn advertising cookie is used on the basis of your consent according to Art. 6 (1) (a) GDPR.

1.1.4 Use of contact forms

You can contact us directly by using the contact forms available on our website. In particular, you may provide us with the following information:

  • Name, surname and title
  • Address (street, postal code, city)
  • Country
  • Contact data (e.g. e-mail address, phone number)
  • Message

We collect, process and use the information you provide via the contact forms exclusively for the processing of your specific request. We will store the information you provide to us in contact forms for as long as we are legally obliged to or we can claim a legitimate interest. The same applies to data you send to us when using one of the designated email addresses indicated on our website.

1.1.5 External services or content on our website

We include third-party services and/or content on our website. When you use such third-party services or when third-party content is displayed, communication data are exchanged between you and the respective provider for technical reasons. The respective provider of the services or content may also process your data for own additional purposes. To the best of our knowledge, we have configured the services and content of providers known to process data for own purposes in such a way that either any communication for other purposes than to present their services or content on our website is blocked, or communication only takes place once you have actively opted to use the respective service. However, since we have no control over data collected and processed by third parties, we are not in a position to provide binding information regarding the scope and purpose of such processing of your data.

For further information regarding the scope and purpose of such collection and processing of your data, please consult the privacy statements of the providers whose services and/or content we include and who are responsible for the protection of your data in this context:

For the purpose of an interactive design of our website third-party content from Youtube and Vimeo is integrated into this website. This serves to safeguard our predominant legitimate interests in a multimedia presentation of our services and our activities in accordance with Art. 6(1)(f) GDPR.

YouTube (videos)

This website uses plug-ins from the American company Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google") which Youtube is operated by.

As a consequence, log information may be transmitted from our website to Google. Google’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Google features, the browser type and settings, the date and time of your request, information about your use of Google, and cookies.

You can find out more information about data collection, how you data is evaluated and processed by Youtube and your rights relating to this in Youtube’s / Google’s Privacy Policy: https://www.google.com/intl/en/policies/privacy/

Vimeo (videos)

This website uses plug-ins from the American company Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA.

As a consequence, log information may be transmitted from our website to Vimeo. Vimeo’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Vimeo features, the browser type and settings, the date and time of your request, information about your use of Vimeo, and cookies.
You can find out more information about data collection, how you data is evaluated and processed by Vimeo, and your rights relating to this in Vimeo’s Privacy Policy: http://vimeo.com/privacy.

Google reCAPTCHA

For the purpose of protection against misuse of our web forms, as well as to protect against spam, we use the Google reCAPTCHA service as part of some forms on this website.

By checking a manual entry, this service prevents automated software (so-called bots) from performing abusive activity on the site. In accordance with Art. 6(1)(f) GDPR the preservation of our justified legitimate interests in the protection of our website against misuse as well as an interference-free representation of our online presence
Google reCAPTCHA is an offer from Google LLC (www.google.com).

Google LLC is headquartered in the United States, where there is a lower level of data protection than in the EU.  

Google reCAPTCHA uses a code embedded in the website, a so-called JavaScript, as part of the review methods that allow an analysis of your use of the website, such as cookies. The automatically collected information about your use of this website, including your IP address, is usually transmitted to a Google server in the USA and stored there. In addition, other cookies stored by Google services in your browser are evaluated by Google reCAPTCHA.

There is no readout or storage of personal data from the input fields of the respective form. For more information about Google's privacy policy, visit https://www.google.com/policies/privacy/.

1.1.6 “Zoom” Online Meetings

Grünenthal uses the tool "Zoom" to enable online meetings with our customers and business partners. "Zoom" is a service of Zoom Video Communications, Inc., 55 Almaden Blvd. Suite 600, San Jose, CA 95113, USA.

With regards to visiting "Zoom´s" internet presence, the provider of "Zoom" is responsible for any processing of personal data related thereto.

The scope of the data that we process when you participate in an online meeting with “Zoom” depends on the functionalities you will use and what kind of data you will provide to us in the meeting. Usually, the following categories of personal data will be processed by Grünenthal when using “Zoom”:

User details: first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), department, entity or occupation (optional)

Meeting data: Topic, description (optional), attendee IP addresses, device/hardware information.

In case of recordings (only optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.

If you participate via telephone, the following data will be processed to make this possible: information about the incoming and outgoing call number, country name, start and end time.

Content data: If you make use of the chat or survey functions, the text entries you make are processed in order to display them and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Zoom" applications.

If we want to record “Zoom” meetings, we will transparently inform you in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed to you in the "Zoom" app.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will generally not be the case.

In the case of webinars, we may also process questions asked by webinar participants for purposes of recording and following up on webinars. If you are registered as a user with "Zoom", the reports of online meetings (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored at "Zoom" for up to one month.

The legal basis for the processing of your personal data as outlined above is Art. 6 (1) lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships, e.g if you are a Healthcare Professional in a contractual relationship with us.

Should no contractual relationship exist, the legal basis is Art. 6 (1) lit. f) GDPR. Here, too, our interest is in the effective implementation of "online meetings". In these cases, our interest is in the effective implementation of online meetings.

"Zoom" is a service hosted by an US-based provider. We have concluded an order processing agreement with the provider of "Zoom" that meets the requirements of Art. 28 (3) GDPR.

As we cannot exclude the possibility that parts of the data processed in “Zoom” meetings will be transferred to the US, an adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses. As an additional safeguard, we have also configured “Zoom” in a way that only data centers in the EU, the EEA or secure third countries are used to conduct online meetings.

1.1.7 Webinars with GoToWebinar and similar solutions

Grünenthal uses the services of LogMeIn Ireland Unlimited Company, The Reflector 10 Hanover Quay, Dublin 2, D02R73, Ireland (“LogMeIn”) to facilitate webinar sessions via the tools “GoToWebinar” or “GoToMeeting” in which our customers and business partners can voluntarily participate.

With regards to visiting LogMeIn´s internet presence, the provider responsible for any processing of personal data related thereto, e.g. when you download the GoToWebinar app. Please refer to LogMeIn´s privacy statement which can be found under this link: LogMeIn International Privacy Policy.

The scope of the data that we process when you participate in a webinar session with us depends on the functionalities you will use and what kind of data you will provide to us in the webinar. Usually, the following categories of personal data will be processed by Grünenthal:

User details: first name, last name, telephone (optional), e-mail address, password (if "single sign-on" is not used), profile picture (optional), department, entity or occupation (optional).

Meeting data: Topic, description (optional), attendee IP addresses, device/hardware information.

In case of recordings (only optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.

If you participate via telephone, the following data will be processed to make this possible: information about the incoming and outgoing call number, country name, start and end time.

Content data: If you make use of the chat or survey functions, the text entries you make are processed in order to display them and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the LogMeIn applications.

If we want to record webinars, we will transparently inform you in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed to you in the app.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will generally not be the case.

We may also process questions asked by webinar participants for purposes of recording and following up on webinars. If you are registered as a user with LogMeIn, the reports of online meetings (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored at LogMeIn for up to one month.

The legal basis for the processing of your personal data as outlined above is Art. 6 (1) lit. b) GDPR, insofar as the webinars are conducted in the context of contractual relationships, e.g. if you are an HCP in a contractual relationship with us or have registered for a conference to which the webinar is an integral part.

Should no contractual relationship exist, the legal basis is Art. 6 (1) lit. f) GDPR. In these cases our interest lies in the effective conduct of online sessions and conferences.

We have concluded an order processing agreement with LogMeIn that meets the requirements of Art. 28 (3) GDPR. Processing of your data will usually take place in the European Union but we cannot ensure that some data might be transferred to LogMeIn´s affiliated companies in the United States and the United Kingdom.

In order to guarantee an adequate level of data protection, we have concluded the so-called EU standard contractual clauses with LogMeIn. In addition, LogMeIn provides technical and organizational measures to protect your data when transferred to countries outside the EU. You can find a description of these measures on LogMeIn´s website under this link: https://logmeincdn.azureedge.net/legal/Schrems-II-FAQ.pdf.

1.1.8 Pharmacovigilance (Drug Safety)

If you report any potential adverse events regarding our pharmaceutical products to us, we process your personal data and the personal data of the affected patients in order to investigate the event and to comply with local legislation.

The data we process about the reporter includes their name, profession and contact data, as well as the circumstances of the event itself. The reason that we process contact data is to be able to investigate events and follow-up with the reporters in order to gain additional information if needed. If you do not wish your contact data to be processed, please inform the Grünenthal employee handling your request.

Regarding patients experiencing adverse events, we collect their name or initials, age, gender, details of the Grünenthal products that were applied, as well as other information about the circumstances of the event.

We may be required to share these data with health authorities, licensing partners and other entities of the Grünenthal group. We will not share any personal data that is not necessary for investigating the event with any of these third parties. When possible, we will apply techniques, such as pseudonymization or encryption, to render the personal data unintelligible to any person who does not need to access, or is not authorised to access, the personal data for the purposes described above. We also share your personal data with third parties that help us handle and investigate each case (e. g. our own service providers). We use Grunenthal proprietary and standard industry solutions to process your data in a safe environment. We ensure that all our service providers process personal data securely, both contractually and factually. Some of the data recipients are located in countries outside the European Union, where there is a lower level of data protection. This is justified by Art. 49 (1) lit. d) GDPR. In such cases, Grünenthal will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with these contractual partners. Grünenthal will apply the EU-Standard-Contractual Clauses to such transfers wherever feasible.

Reports about adverse events are stored in our systems at least 10 years after the respective product has been withdrawn from the market.

1.2 Transfer of data for commissioned processing

We will use specialised service contractors for the processing of your data to a certain extent. We carefully select and regularly monitor such service contractors. They will only process personal data upon our instruction and strictly in accordance with our directives, based on respective data processor agreements.

1.3 Processing of data outside the EU/the EEA

Your data will partly be processed in countries outside the European Union (“EU”) or the European Economic Area (“EEA”). The respective countries may have a lower data protection level than European countries. In such cases, we will ensure that a sufficient level of protection is provided for your data, e.g. by concluding specific agreements with our contractual partners. Alternatively, we will ask for your explicit consent to such processing.

2. Information regarding your rights

You have the following rights according to applicable data privacy laws:

  • right of information about your personal data stored by us;
  • right to request the correction, deletion (provided that we are not legally obliged to keep the data) or restricted processing of your personal data;
  • right to object to a processing for reasons of our own legitimate interest, public interest or profiling, unless we are able to prove that compelling, warranted reasons overruling your interests, rights and freedom exist, or that such processing is done for purposes of the assertion, exercise or defense of legal claims;
  • right to data portability;
  • right to file a complaint with a data protection authority.
  • right to revoke your consent to the collection, processing and use of your personal data at any time with future effect. For further information please refer to the chapters above describing the processing of data based on your consent.


3. Contact

Do you have any questions regarding our data privacy or do you wish to exercise your rights? Then please let us know! You can either use our contact form or get in touch with our company data protection team at the following address: dataprivacy.de@grunenthal.com

In addition, if you are a healthcare professional, you might want to check our privacy for healthcare professionals available in this link https://www.grunenthal.com/en/footer-links/privacy-statement-hcp

Requests and complaints

If, as the data subject, you have any questions regarding our data privacy or if you do not agree with the way in which Grünenthal or persons at Grünenthal process your data you can get in touch with Grünenthal’s Global Data Protection officer by using the following email address: datenschutz.grunenthal@two-towers.eu

Data Protection Supervisory Authority

You may address questions and complaints also to the Data Protection Supervisory Authority in charge:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Telefon: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de

4. Amendment of Privacy Statement

We may update our Data Privacy Statement from time to time and we will publish these updates on our website. They become effective upon publication. So we recommend you regularly visit the site to keep yourself informed on possible amendments.

This Data Privacy Statement was last updated on 1st August 2019.