Privacy Policy

Last update: 25.05.2018

We – Bionorica SE – are committed not just to protecting your health, but also to protecting your data and hence your private sphere. This privacy policy explains which personal data we collect, store, process, block and erase (collectively referred to as ‘processing’) when you visit the website and use our online services, what we use these data for, how you can object to their use or withdraw your consent and what your rights as a data subject are, i.e. how you can, e.g., withdraw declared consent and how you can assert your rights to access, rectification, lodging of a complaint and erasure of your data.
Our contact data can be found in the legal notice.

1. Definition of data categories

Within the scope of this privacy policy the following definitions apply to data types:

Type 1: Web usage data

  • IP address;
  • date and time of request;
  • Greenwich Mean Time (GMT) time offset;
  • requested content (concrete page);
  • access status / HTTP status code;
  • respectively transferred data volume;
  • website from which request was made;
  • browser used (including language and version);
  • operating system of device used and its interface.

Type 2: Particulars and contact data

  • name;
  • address;
  • date of birth;
  • marital status;
  • occupation / employment status;
  • nationality;
  • phone number(s);
  • email address;
  • other communicated contact data including social media (e.g. Facebook and/or Twitter) accounts.

Type 3: Electronic communications data (primarily email)

  • content of electronic communications to or with us;
  • metadata, thus, for example, email addresses involved, time and date of email correspondence, details about your opening and click behaviour in our PhytoNews (email newsletter).

2. General website visit

(1) If you use the website for informational purposes only, i.e. if you do not register or otherwise convey any information to us, we will only collect the personal data your browser transmits to our server. If you would like to view our website, we collect the type 1 data which are technically necessary for us to display our website to you and ensure the stability and security (legal basis is Article 6(1)(f) of the GDPR).

(2) In addition to the data mentioned above, the following transient and persistent cookies are saved on your computer when you visit our website:

a) Transient cookies: these cookies are automatically deleted when you close the browser. They particularly include session cookies. A session cookie saves a so-called session ID with which various requests from your browser can be assigned to a given session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you close your browser.

b) Persistent cookies: these cookies are automatically deleted after the expiration time has been reached. Depending on the cookie, the expiration time may differ. You can delete the cookies at any time via the system settings in your browser.

c) You can configure your browser settings as you wish and, e.g., refuse to accept third-party cookies or all cookies. Please be aware that if you disable cookies, you may not be able to use all the features of this website.

3. Google Analytics

(1) The website uses Google Analytics, a web analysis service of Google Inc. (‘Google’). Google Analytics collects data of type 1 and uses cookies for this. To be able to assign your website visit, we anonymise your IP address upon collection and hence we cannot link it to you personally. We also do not merge your IP address with other data from Google.

(2) The information on your use of this website generated by the cookies mentioned above is usually transferred to and saved on a Google server in the US. Google uses this information on our behalf to analyse your use of the website, to compile reports on website activity and to provide additional services associated with the website and internet use to us.

(3) You can prevent cookies being saved by making the appropriate setting in your browser. However, in this case you may not be able to use all the features of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) for Google and the processing of these data by Google by downloading and installing the browser plug-in available at

(4) The legal basis for the use of this service is yielded from Art. 6(1)(f) of the GDPR.

(5) Further information on the use of data by Google for advertising purposes as well as on setting and objection possibilities can be found at

4. Server logs

(1) The web server or servers delivering the website write logs in which the following data are listed:

  • name of requested page;
  • file, date and time of request;
  • transferred data volume;
  • notification of successful retrieval;
  • browser type and version;
  • user’s operating system;
  • URL of last visited website (referrer URL);
  • IP address of user;
  • requesting telecommunications service provider.

(2) We only use log data for statistical analysis for the purpose of operation, security and optimisation of the website and our offering. However, we reserve the right to examine log data retroactively if there is a justified suspicion of unlawful use of the website based on concrete grounds.

(3) The legal basis for maintaining of the server logs is Art. 6(1)(f) of the GDPR. We delete the server logs in normal cases after 14 days or in situations pursuant to Art. 6(2) at a correspondingly later time.

5. Your rights

(1) You can contact our data protection officer with any questions related to the protection of your data by sending an email to or mailing a letter to our mailing address with the additional line ‘Attn: Data Protection Officer’.

(2) You decide what we do with your personal data and we help you with this. You can obtain information about the data we have saved about you and can request rectification of inaccurate data and restriction of processing and erasure of your personal data from us. To do so please send an email to

(3) You also have the right to data portability.

(4) You can withdraw your declared consent at any time. The route we recommend depends on the medium (e.g. you can ‘unsubscribe’ to the newsletter simply by clicking on the ‘Unsubscribe’ link found in every issue of the newsletter). However, you can also use the above-mentioned web form for this. The web form route is not automated and hence can take longer than the fully automated route recommended by us.

(5) You also have the right to lodge a complaint with the responsible data protection supervisory authority.