Privacy Policy

1. General information

1. Personal data (Art. 4 No. 1 GDPR)

The subject of privacy is personal data (hereinafter referred to as "data"). This means any information relating to an identified or identifiable natural person. Examples of such information include name, address, occupation, e-mail address, state of health, income, marital status, genetic characteristics, telephone number and, if applicable, user data such as IP address.

1.2 Controller (Art. 4 No. 7 GDPR)

The controller responsible for processing your personal data in the context of using the website www.hwi-group.de/ (hereinafter referred to as the "website") is HWI pharma services GmbH (hereinafter referred to as the "operator" or "controller"). The contact details are as follows:

Telephone: +49 7272 7767-0
Telefax: +49 7272 7767-11
Email: info(at)hwi-group.de

1.3 Data protection officer

The controller has appointed an external data protection officer, who can be contacted at:

heyData GmbH
Schützenstr. 5
10117 Berlin
Email: datenschutz@heydata.eu
www.heydata.eu

1.4 Right to object

If you want to object to the processing of your data by the operator in accordance with this privacy policy in all or for individual measures, you can use the contact details which are mentioned under the imprint. Please note that in the event of such an objection, the use of the website and access to the services offered may be limited or not possible at all.

1.5. Data processing outside the EEA

Insofar as we transfer data to service providers or other third parties outside the EEA, the EU Commission's adequacy decisions under Art. 45 para. 3 GDPR guarantee the security of the data when it is passed on, insofar as these are available, as is the case for example for Great Britain, Canada, and Israel.
When data is transferred to service providers in the USA, the legal basis for the data transfer is an adequacy decision by the EU Commission if the service provider has also certified itself under the EU US Data Privacy Framework.
In other cases (e.g. if there is no adequacy decision), the legal basis for the data transfer is, as a rule, standard contractual clauses, unless we provide a note to the contrary. These are a set of rules adopted by the EU Commission and are part of the contract with the respective third party. According to Art. 46 (2) (b) GDPR, they ensure the security of data transfer. Many of the providers have provided contractual guarantees that go beyond the standard contractual clauses, which protect the data beyond the standard contractual clauses. These are, for example, guarantees regarding the encryption of data or regarding the third party's obligation to notify data subjects if law enforcement agencies wish to access data.

1.6 Obligation to provide data

Customers, interested parties, or third parties must only provide us with the personal data that is necessary for the establishment, execution, and termination of the business relationship or for the other relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude a contract or provide a service or will no longer be able to execute an existing contract or other relationship.
Mandatory information is marked as such.

1.7. No automated individual decision-making

In principle, we do not use any fully automated decision-making pursuant to Article 22 GDPR to establish and carry out a business relationship or other relationship. Should we use these procedures in individual cases, we will provide separate information about this if this is required by law.

1.8. Contact

When you contact us, e.g. by email or telephone, we store the data you provide us with (e.g. names and email addresses) in order to answer your questions. The legal basis for the processing is our legitimate interest (Art. 6 (1) (1) (f) GDPR) in answering inquiries addressed to us. We delete the data collected in this context once it no longer needs to be stored, or we restrict the processing of it if there are statutory retention requirements.

1.9. Customer surveys

We occasionally conduct customer surveys to get to know our customers and their needs better. In doing so, we collect the data requested in each case. It is in our legitimate interest to get to know our customers and their needs better, so the legal basis for the associated data processing is Art. 6 (1) 1 lit.f GDPR. We delete the data once the results of the surveys have been evaluated.

2. Scope and purposes of data processing, legal bases, provision of data and storage period

2.1 Information for website visitors from Germany

Our website stores information in the end device of website visitors (e.g. cookies) or accesses information that is already stored in the end device (e.g. IP addresses). The following sections provide details of what information this is in detail.

This storage and access is based on the following provisions:
Insofar as this storage or access is absolutely necessary for us to provide the service of our website that has been expressly requested by website visitors (e.g. to carry out a chatbot used by a website visitor or to ensure the IT security of our website), it is carried out on the basis of Section 25 (2) no. 2 of the Telecommunications Digital Services Data Protection Act (TDDDG).

Otherwise, this storage or access is based on the consent of the website visitors (Section 25 (1) TDDDG).
The subsequent data processing is carried out in accordance with the following sections and based on the provisions of the GDPR.

2.2 Access and use of the website

Each time the website and its subpages are accessed, usage data is transferred by the respective internet browser and stored in server log files. The stored data records contain the following data:

  • Date and time of access
  • Name of the subpage which is accessed
  • IP address
  • Referrer URL (original URL from which you have accessed the website)
  • Product and version information for the browser used

The log files are evaluated by the operator in anonymised form in order to further improve the website and make it more user-friendly, find and rectify faults more quickly and control server capacities. For example, it can be understood at which time use of the website is particularly popular and the operator can make an appropriate data volume available.

The admissibility of this processing is based on Art. 6 para. 1 lit. f) GDPR stating that the processing is lawful if it is necessary for the purposes of preserving the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The legitimate interest of the operator lies in providing a website with information and offering services to its customers and optimising the operation of the website.

The data processed by the operator is required to enable you to access and to use the website. This data must necessarily be processed while using a telemedia. Otherwise, you are not able to access the website.

Your IP address will be deleted or anonymised after termination of use. In the case of anonymisation, the IP addresses are changed in such a way that they can no longer be assigned to an identified or identifiable natural person or can only be assigned with a disproportionate large amount of time, costs and effort.

2.3 Web hosting and provision of the website

Our website is hosted by Mittwald. The provider is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp. The provider processes the personal data transmitted via the website, e.g. content, usage, meta/communication data or contact data, in the EU. Further information can be found in the provider's privacy policy at https://www.mittwald.de/datenschutz.

It is in our legitimate interest to provide a website, so the legal basis for the described data processing is Art. 6 (1) 1 lit. f GDPR.

2.4 E-mail at a click, contact form and other contacts

If you would like to get in touch with the operator, a contact form is available therefor. You need to enter the following information in this form:

  • E-mail address
  • Salutation
  • First name
  • Last name
  • Subject
  • Message
  • Declaration on the knowledge of privacy

In addition, you can voluntarily provide the following information:

  • Titel
  • Telephone number

Furthermore, you have the option to open an e-mail directed to the operator at just one click on different areas of the website. The e-mail address linked to your e-mail program will automatically be used as the sender here. If you do not want your e-mail address to be retrieved in this way, you can change it in the settings of your respective e-mail program.

In addition, you have the possibility to contact us by mail, telephone or fax. The data provided here will be processed for the purpose of processing your contact request.

The admissibility of this processing is based on Art. 6 para. 1 b) GDPR stating that the processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

The provision of your data is necessary, otherwise you will not be able to send a message to the operator.

The processed personal data will be deleted after expiry of the legal retention periods, unless the controller has a legitimate interest in further storage. In any case, only those data will continue to be stored that are necessary to achieve the corresponding purpose. Wherever possible, the personal data will be anonymised.

2.5 Advertising

The operator uses your data for postal advertising purposes.

The admissibility of this processing is based on Art. 6 para. 1 lit. f) GDPR stating that the processing is lawful if it is necessary for the purposes of preserving the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The use of data for advertising purposes constitutes a legitimate interest of the operator according to Art. 6 para. 1 lit. f) GDPR. The operator is ordered to actively present its services to new and existing customers.

As a customer of the operator, you will regularly receive product recommendations by e-mail which are based on the products or services which you have already ordered. By doing this, the operator would like to provide you with information about its services that may be of interest to you based on your most recent order.

The admissibility of this processing is based on Art. 6 para. 1. lit. f) GDPR in connection with § 7 para. 3 German Act Against Unfair Competition (UWG).
The personal data processed for the purpose of advertising will be deleted unless the controller has a legitimate interest in further storage. In any case, only those data will continue to be stored that are necessary to achieve the corresponding purpose.

You can revoke the processing at any time by contacting us at hwi-kontakte@hwi-group.de.

2.6 Newsletter

You can additionally subscribe to an e-mail newsletter in order to obtain further information about the operator’s services. The newsletter is sent out using the so-called double opt-in process, i.e. you will only receive a newsletter by e-mail if you have previously explicitly confirmed that the newsletter service is to be activated. Once you have activated the newsletter, you will receive a notification e-mail containing a link for activation. You will only receive the newsletter if you click on this link. You can deactivate the newsletter at any time.

For this purpose, please contact the operator at hwi-kontakte@hwi-group.de or use the unsubscribe link provided in each newsletter.

By means of an analysis technology ("click tracking") it can be determined whether a newsletter message has been opened. Furthermore, the operator can determine whether and which links in the newsletter message were clicked. All links in the e-mail are so-called tracking links, which can be used to count your clicks. If you do not want this, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message.

The admissibility of this processing is based on Art. 6 para. 1 lit. a) GDPR stating that the processing is lawful if the data subject has given consent to the processing of his or her personal data for one or more specific purposes. The provision of your data is voluntary, but necessary for the receipt of the newsletter.

The data you provide in order to receive the newsletter will be stored by the operator or provider (so-called processor according to Art. 28 GDPR) until you unsubscribe from the newsletter and will be deleted from the newsletter list after you unsubscribe. Data that has been stored for other purposes with the operator remains unaffected in this regard. In any case, only those data will continue to be stored that are absolutely necessary to achieve the corresponding purpose.

You can withdraw your consent to this processing at any time: For this purpose, contact the operator at hwi-kontakte@hwi-group.de or use the unsubscribe link provided in each newsletter.

After you have unsubscribed from the newsletter list, your e-mail address will be stored by the operator or provider in a blacklist, if necessary, in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and the interest of the operator in complying with legal requirements when sending newsletters (legitimate interest according to Art. 6 para. 1 lit. f) GDPR).

We send our newsletter using the rapidmail tool from rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau. The provider processes content, usage, meta/communication and contact data in the EU. Further information can be found in the provider's data protection declaration at https://www.rapidmail.de/datenschutz.

2.7 Job advertisements

We publish job advertisements on our website, on pages linked to our website or on third-party websites.

The data provided in the context of the application is processed for the purpose of conducting the application process. Insofar as this data is necessary for our decision to establish an employment relationship, the legal basis is Art. 88 (1) GDPR in conjunction with Section 26 (1) of the German Federal Data Protection Act (BDSG). We have marked or indicated the data required to carry out the application process. If applicants do not provide this data, we will not be able to process the application.

Further data is provided on a voluntary basis and is not required for an application. If applicants provide further information, this is based on their consent (Art. 6 (1) (a) GDPR).

We ask applicants to refrain from including information on political opinions, religious beliefs and similar sensitive data in their CV and cover letter. This information is not required for an application. However, if applicants do provide such information, we cannot prevent its processing when we process the CV or cover letter. In this case, the processing of this information is also based on the consent of the applicants (Art. 9 (2) (a) GDPR).

Finally, we process applicants‘ data for further application procedures if they have given us their consent to do so. In this case, the legal basis is Art. 6 (1) 1 lit. a GDPR.
We pass on applicants’ data to the responsible employees in the human resources department, to our processors in recruiting and to the employees otherwise involved in the application process.

If we enter into an employment relationship with the applicant following the application process, we will only delete the data after the employment relationship has ended. Otherwise, we will delete the data no later than six months after rejecting an applicant.
If applicants have given us their consent to use their data for further application procedures, we will delete their data two years after receiving the application.

2.8 Use of cookies

Our website uses cookies. Cookies are small text files that are stored in the web browser on a site visitor's device. Cookies help to make the site more user-friendly, effective and secure. Insofar as these cookies are necessary for the operation of our website or its functions (hereinafter ‘technically necessary cookies’), the legal basis for the associated data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in providing customers and other site visitors with a functional website.

Specifically, we use technically necessary cookies for the following purpose or purposes:

  • PHP session ID, whereas the actual session data is stored on the server and is deleted when the page is closed.
  • CSRF token, which is used to protect against attacks.

Both a PHP session ID and a CSFR token simply consist of a character string (letters & numbers) generated for the respective purpose and accordingly contain no sensitive data and no personal data.

2.9 Matomo Analytics

The operator uses the web analysis service Matomo. Matomo collects your user data by using session cookies by means of JavaScript when you access and use the website, including the date and time of your visit to the website, your click behaviour on the website and the browser used.

The operator will use this information to evaluate the use of the website and to constantly improve the user experience based on the evaluations.

The admissibility with regard to access to the end device and setting of cookies is based on Section 25 (1) German Telecommunications-Telemedia Data Protection Act (TTDSG) (consent). Furthermore, the admissibility of the evaluation of usage data is based on Art. 6 para. 1 lit. a) GDPR stating that the processing is lawful if the data subject has given consent to the processing of his or her personal data for one or more specific purposes. The provision of your personal data is voluntary and is not required for the use of the website.

The personal data collected during the use of Matomo will be stored for an unlimited period of time. Wherever possible, the personal data will be anonymised.

You can revoke your consent at any time here.

2.10 Google Maps

The operator uses the mapping service Google Maps. This is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Through its use, information about the use of the website (e.g. date and time of access, IP address, etc.) is transmitted to Google servers in Ireland and stored. If necessary, data may also be transferred to the USA. Data transfer to a third country, such as the USA, is permitted under the conditions of Art. 46 DS-GVO and on the basis of the standard contractual clauses effectively included in the contractual relationship with Google. These have been approved by the European Commission and guarantee you an appropriate level of protection for your personal data. Further information can be found directly at Google https://policies.google.com/privacy/frameworks?hl=de.

The data is used by Google for the purposes of advertising, market research and/or the needs-based design of its website. This may also involve a link to your user account if you are logged in there. If you do not want this to happen, you must log out before using the service. Google's terms of use and privacy policy apply. If you disable or block JavaScript in your browser settings, you can prevent Google Maps from running. The provision of data is neither required by law nor necessary for the conclusion of a contract. Not providing the data means that you will not be able to use the function.

The operator uses Google Maps to enable you to use the interactive maps for route planning. The legal basis for the use of Google Maps with regard to access to the end device is Section 25 (1) TTDSG (consent). The permissibility of using the interactive maps for route planning is also based on Art. 6 (1) (a) GDPR, according to which processing is permissible if the data subject has given consent to the processing of his or her personal data for one or more specific purposes. The provision of data is neither required by law nor necessary for the conclusion of a contract. If you do not provide the data, you will not be able to use the function.

The operator does not store any personal data through the integration of Google Maps. The personal data collected by Google will be deleted unless Google has a legitimate interest in further storage. In any case, only the data that is absolutely necessary to achieve the corresponding purpose will continue to be stored. As far as possible, the personal data will be anonymised. The data is stored by Google according to its own data protection regulations. Further information can be found in Google's privacy policy and terms of use.

You can revoke your consent at any time here.

2.11 YouTube

The operator uses videos from YouTube on the website. YouTube is a service from YouTube LLC ("YouTube"), 901 Cherry Ave., San Bruno, CA 94066, USA, and is provided by it. YouTube LLC is a subsidiary of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

The integration of YouTube videos takes place in the so-called extended privacy by means of a so-called iFrame. This means that YouTube or Google does not set any cookies to record your usage behaviour on our website when implementing the videos. If you click or tap on an implemented video and, as a result, are redirected to another website or app, your user behaviour may be recorded there in accordance with the policies and terms of use of that website or app.

When loading this iFrame, YouTube or Google may collect and process information (including personal information). It cannot be ruled out that YouTube or Google may also transfer the information to a server in a third country (such as the USA). This occurs regardless of whether YouTube provides a user account that you are logged in or whether there is no user account.

The data transfer to a third country, such as the USA, is authorised under the conditions of Art. 46 GDPR and on the basis of the standard contractual clauses effectively included in the contractual relationship with Google. These have been approved by the European Commission and ensure an adequate level of protection with regard to your personal data. You can find further information directly at Google https://policies.google.com/privacy/frameworks?hl=de.

The data may be used by YouTube or Google for the purposes of advertising, market research and/or designing its website to meet specific needs. This may also include a link to your account if you are logged in there. If you do not wish this, you need to log out before use.

The operator uses YouTube videos to provide you with different videos on various topics. The legal basis for using YouTube with regard to access to the end device is Section 25 (1) German Telecommunications-Telemedia Data Protection Act (TTDSG) (consent). In addition, the admissibility for the evaluation and further processing of your personal data is based on Art. 6 para. 1 lit. a) GDPR stating that the processing is lawful if the data subject has given consent to the processing of his or her personal data for one or more specific purposes. Furthermore, the admissibility is based on Art. 6 para. lit. 1 f) GDPR, which states that the processing is lawful if it is necessary for the purposes of preserving the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The use of data for the purpose of making videos available to illustrate our services and products constitutes a legitimate interest according to Art. 6 para. 1 f) GDPR.

The provision of the data is neither prescribed by law nor necessary for the conclusion of a contract. The consequence of not providing personal data is that you will not be able to use the website or will not be able to use it to its full extent.

For more information about the purpose and scope of data collection and processing by YouTube, please see Google's Privacy Policy and Terms of Use (see section 2.6 above).

You can withdraw your consent at any time here.

2.12 Web presence on social media (Xing, LinkedIn, Youtube)

In addition to this website, we also maintain presences on social networks (Xing, LinkedIn) which you can access via the corresponding buttons on our website (linking). As soon as you visit such a presence, these services store and process personal user data in accordance with the applicable terms of use. Please note that we have no control over the collection and use of data by social networks.

If you follow the links during your visit to our website and are logged into your personal user account, the information that you have visited our website may be forwarded to the respective social network and stored there. The visit to this website can then be assigned to your user account. You need to log out of your account before clicking on the link to prevent this.

The purpose and scope of the data collection by the respective service and the further processing of your data there as well as your rights in this regard are stated in the respective privacy provisions of the following providers:

Xing: https://privacy.xing.com/de/datenschutzerklaerung
LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
Youtube: https://policies.google.com/privacy?hl=de

3. Right of access, to rectification, erasure, restriction, object and data portability

3.1 Right of access (Art. 15 GDPR)

Upon request, the operator will provide you with information as to whether data is processed concerning you. The operator makes every effort to process requests for information as quickly as possible.

3.2 Right to rectification (Art. 16 GDPR)

You have the right to obtain from the controller an immediate rectification of inaccurate personal data concerning you.

3.3 Right to erasure (Art. 17 GDPR)

You have the right to obtain from the operator the erasure of personal data concerning you immediately and the operator is obliged to erase personal data immediately if one of the grounds stated in Art. 17 para. 1 lit. a)-f) GDPR applies.

3.4 Right to restriction (Art. 18 GDPR)

You have the right to obtain from the controller restriction of processing if one of the grounds stated in Art. 18 para. 1 a)-d) GDPR applies.

3.5 Right to object (Art. 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 para. 1 lit. e) or (f) GDPR, including profiling based on those provisions. The operator shall no longer process your personal data unless the operator demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of you or for the establishment, exercise or defence of legal claims.

If personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

You have the right to object, on grounds relating to your particular situation, to processing of your personal data for scientific or historical research purposes pursuant to Art. 89 para. 1 GDPR unless the processing is necessary for the performance of a task in the public interest.

Please use the contact address specified in the imprint for your notification.

3.6 Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data, which you provided to the operator, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the operator to which the personal data have been provided, unless the processing is based on a consent pursuant to Art. 6 para. 1 lit. a) GDPR, Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and the processing by automated means.

4. Withdrawal of consent

If you have given your consent to the processing of your personal data and withdraw it, the processing shall not be affected before its withdrawal.

5. Right to complain

You have the right to lodge a complaint with a supervisory authority at any time (Art. 77 GDPR).

6. Recipients

The data collected when you accessing and using the website and the information you provided when contacting will be transmitted to the server and stored there. In addition, your data can be transferred to the following categories of recipients:

  • Persons working for the controller who are engaged in the processing (e.g. marketing department, personnel management, customer service, secretariat)
  • Processor (e.g. computer centre, IT service provider, software support)
  • Operator's contractual partners (e.g. shipping providers, banks, tax advisers)
  • Public bodies (e.g. authorities)

7. Links to third-party websites

When visiting the website, content linked to third-party websites may be displayed. The operator has neither access to the cookies or other functions used by third parties nor can control them. Such third-party websites are not subject to the operator's privacy provisions.

Latest version: 10.02.2025

 

How to find us

Rülzheim site

Frankfurt site

Appenweier site

Contact

Contact form


+49 7272 7767-0

Newsletter

Register now &
stay up to date!

Hotline

Monday - Friday

+49 7272 7767-0