← Go to Aesthetic Growth Course
The buyer will voluntarily agree to the electronic processing and use of his personal data and all other data relating to the business relationship. The administrator of personal data will be Croma Pharma GmbH and all entities related to it and dependent on it, both personally and financially, directly or through other entities, and trusted partners. Processed data will be for the purposes of the policy described, among others, to: process orders, manage contracts, process warranty claims, provide comprehensive care and advice, and create advertising materials and offers, as well as for statistical purposes and to meet statutory requirements.
According to the law in force, we can provide data to entities that process them at our request, for example, agencies, subcontractors.
The buyer has the right to request access to data, rectification, deletion or limitation of their processing, the buyer may also withdraw consent to the processing of data, submit an objection.
The consent of the Buyer is voluntary and may be withdrawn by the Buyer at any time, but the withdrawal of consent will not affect the lawfulness of the processing on the basis of consent prior to its withdrawal.
For all matters relating data protection, please contact CROMA’s data protection officer (E-mail: dataprotection@croma.at).
Valid as of January 1st, 2018
tel.: +43/(0)2262/684 68-0 | fax: +43/(0)2262/684 68-165 | e-mail: office@croma.at| web: www.croma.at| FN 92329d/Korneuburg | FG Korneuburg | DVR: 0308129 | VAT (UID): ATU14219503 Erste Bank | bank code (BLZ): 20111 | account nr. (Kto Nr.): 29328144800 IBAN: AT94 2011 1293 2814 4800 | SWIFT (BIC): GIBAATWWXXX Österreichische Apothekerbank | bank code (BLZ): 44220 | account nr. (Kto Nr.): 34440 IBAN: AT 4844 2200 0000 0344 40 SWIFT (BIC):VBOEATWWAPO UniCredit Bank Austria AG | bank code (BLZ) 11000 | account nr. (Kto Nr): 9793179400 IBAN: AT 8611 0000 9793 1794 00 | SWIFT (BIC): BKAUATWWXXX Oberbank AG | bank code (BLZ) 15021 | account nr. (Kto Nr.): 4081020317 | IBAN: AT 7915 0210 4081 0203 17 | SWIFT (BIS): OBKLAT2LXXX
tel.: +43/(0)2262/684 68-0 | fax: +43/(0)2262/684 68-165 | e-mail: office@croma.at| web: www.croma.at| FN 100280x/Korneuburg | FG Korneuburg | DVR: 0809501 | VAT (UID): ATU37604400 Oberbank AG | bank code (BLZ): 15021 | account nr. (Kto Nr.): 4081034136 IBAN: AT28 1502 1040 8103 4136 | SWIFT (BIC): OBKLAT2L
Croma-Pharma GmbH, Industriezeile 6, 2100 Leobendorf, e-mail: office@croma.at (hereinafter “CROMA”, “we” or “us”) is responsible for the processing of personal data described in more detail in this data protection declaration.
The protection of your privacy is very important to us. This data protection declaration provides information about the purposes for which CROMA processes your personal data (hereinafter “your data”), in particular how we use your data and to whom we may transmit them. This data protection declaration also provides you with an overview of your rights in connection with our processing of your data.
We have taken appropriate technical and organizational measures to ensure that all legal requirements of the data protection laws (GDPR, DSG) are observed both by us and by our service providers, whom we use in some areas for the processing of your data (so-called processors) become.
This website is aimed exclusively at users who are older than 14 years. We would like to point out that we use the masculine language form on this data protection declaration for reasons of easier readability.
The permanent technical development of the Internet as well as any changes in the legal framework may make adjustments to our data protection declaration necessary from time to time. We therefore reserve the right to adapt this data protection declaration accordingly. All changes apply from the time the changed data protection declaration is published on our website.
When you visit the websites www.croma.at and www.cromaismore.com , as well as all subpages under these domains, we will collect the following data:
Date and time of access to a page on our website, your IP address, name and version of your web browser, the website (URL) you visited before accessing this website, certain cookies (see also below).
In the course of registering the medical department, we also process the following data:
Name, e-mail address, status as a doctor or pharmacist.
We will process your data for the following purposes:
a) Doctors area (Doctors login)
The regulatory requirements for product advertising in the scope of drug and medical device law make it necessary to grant access to some areas and content of our website exclusively to doctors. In order to be able to access this content, you have to register by entering your name with your e-mail address and confirm that you are a practicing doctor. This data is stored in our database and is used to later prove that you have provided correct information.
b) Cookies
So-called cookies are used on this website. A cookie is a small file that can be stored on your computer when you visit a website. Cookies are used to be able to offer additional functions on a website. For example, they can be used to make it easier for you to navigate a website, to enable you to continue using a website where you left it and / or to save your preferences and settings when you visit the website again. Cookies cannot access, read or change any other data on your computer.
Most of the cookies on this website are so-called session cookies. They are automatically deleted when you leave our website. Permanent cookies, on the other hand, remain on your computer until you manually delete them in your browser. We use such persistent cookies to recognize you when you next visit our website.
If you want to control cookies on your computer, you can choose your browser settings so that you receive a notification when a website wants to save cookies. You can also block or delete cookies if they have already been saved on your computer. If you would like to know more about how you can take these steps, please use the “Help” function in your browser.
Please note that blocking or deleting cookies could affect your online experience and prevent you from fully using this website.
c) Google Analytics
This website uses Google Analytics, a web analysis service from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies that enable your use of the website to be analyzed. We process your data on the basis of our overriding legitimate interest in creating easy-to-use website access statistics in a cost-efficient manner (Art 6 Paragraph 1 lit f General Data Protection Regulation).
The information generated by the cookie about your use of this website (including your IP address and the URLs of the websites you visit) is transmitted to and stored by Google on servers in the United States. We do not save any of your data that is collected in connection with Google Analytics.
This website uses the IP anonymization option offered by Google Analytics. Your IP address will therefore be shortened / anonymized by Google as soon as Google receives your IP address. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data by Google.
You can prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting your data in connection with Google Analytics by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de .
For more information on Google’s terms of use and Google’s privacy policy, see http://www.google.com/analytics/terms/de.html or https://www.google.at/intl/at/policies/ .
d) social plugins
Our website can use so-called social plugins (“plugins”) of the social networks (1) Facebook and (2) Instagram (“social networks”). These are operated by (1) Facebook Inc. and (2) INSTAGRAM, Inc.
Our plugins are deactivated by default. This means that when you visit our website, it does not connect directly to the servers of the respective provider / social network. To use the plugin, you have to click on the respective plugin. By clicking on the respective plugin, you consent to the following data processing:
After clicking a plugin, our browser establishes a direct connection to the servers of the respective provider. The content of the plug-in is transmitted directly to your browser by the respective provider, which integrates it into the website. By embedding the plugin, the corresponding provider receives the information that your browser has accessed our website. This then happens regardless of whether you have a profile on the respective social network or are currently logging in.
If you are logged into the respective social network, it can assign your visit to our website to your profile in the respective social network. If you interact with the plugin, for example with the “Like” button on Facebook or if you enter a comment, the relevant information is sent directly from your browser to the respective provider and stored there.
You can find information about the purpose and scope of the collection, further processing and use of the data by the respective provider as well as your related rights and optional settings to protect your privacy in the data protection declarations of the respective provider.
The legal bases for processing your data are
– When using our website, our overriding legitimate interest (in accordance with Art 6 Paragraph 1 lit f GDPR) to achieve the purposes listed above under point 2 lit bd
– When registering and using the medical area, our legal obligation is to restrict the advertising of our drugs and medical products to laypeople and to be able to prove this restriction (Art 6 Paragraph 1 lit c & lit f GDPR).
Usage data generally for two (2) months. A longer storage only takes place if this is necessary in order to investigate detected attacks on our website.
With regard to the medical area, we process your data for at least one year after the website’s medical area has gone offline in order to defend us in any administrative criminal proceedings pursuant to §§ 111 Z 42 in conjunction with 104 Z 1, 2 MPG (limitation period for prosecution § 31 Abs 1 VStG) can.
e-mail address
Our newsletter provides information about Croma’s entire product portfolio and future events. You can unsubscribe from our newsletter at any time.
Legal basis:
– For new customers, the legal basis is your previously given consent (Art 6 Paragraph 1 lit a GDPR in conjunction with Section 107 TKG).
– For existing customers, the legal basis in accordance with Section 107 (3) TKG is our legitimate interest in providing you as our customer with information and advertising for Croma services or products, other events and other news from the industries in which Croma is active.
We only store your data until you withdraw your consent (consent) or object (legitimate interest) within the framework of the legal provisions for as long as it is necessary to fulfill the purposes for which it was transmitted.
In the course of your application, we typically receive your name, your contact details (e-mail, telephone number, address), your curriculum vitae and the data contained therein and possibly training and service certificates.
– Before deciding on your application:
Upon receipt of your application, we will process your data for the purpose of contract initiation in accordance with Art 6 Paragraph 1 lit b GDPR.
– After deciding on your application:
If you are accepted, the data will be processed within the scope of the employment relationship and you will be informed of this in detail at the latest when you start work.
From the time of rejection, we process your data out of our legitimate interest in defending ourselves in any proceedings based on the Equal Treatment Act (GlBG), which could follow our rejection (Art 6 Paragraph 1 lit f GDPR).
If you have given us your consent for the purpose of keeping your application on record, we will process your data from the time of rejection on the basis of this consent (Art 6 (1) (a) GDPR).
Your data will not be passed on to third parties.
If you are employed, your data will be processed within the framework of this contractual relationship and you will be informed of this separately at the latest when you start work.
In the event of a rejection, the usual storage period is eight (8) months. This results as follows:
The six-month period for asserting claims under the GlBG begins at the time of cancellation. In addition, there is the fictitious mail run for the delivery of a lawsuit, which was only brought to the court towards the end of the period. This is typically no longer than two months. The purpose of processing your data based on our legitimate interest described above will probably end 8 months after the rejection, unless we have gained knowledge of the opening of such a procedure by then. According to Art.17 Paragraph 3 lit e GDPR, you have no right to deletion according to Art.17 Paragraph 1 GDPR until then.
The processing for record keeping based on your consent takes place until it is revoked, but no later than one (1) year after receipt.
Name, age, gender, title / job title, department, address, email address, telephone number, fax, website, ordering behavior (services; products; workshops), bank details
a) Contract management
Data: Name, age, gender, salutation, title, address, email address, telephone number, fax, ordering behavior, bank details
Legal basis: Art 6 para 1 lit b GDPR
b) CRM
Data: Name, date of birth, gender, title, department, address, email address, telephone number, fax, website, ordering behavior, bank details
Legal basis: Insofar as the processing of your data in the course of a customer relationship management system does not fall under the legal basis of contract execution anyway (Art 6 Paragraph 1 lit b GDPR), we process your data out of our predominant legitimate interest in order to process contract management more efficiently to use such CRMs (Art 6 para 1 lit f GDPR).
c) Croma for Creators / Bonus Program
By registering for our Croma For Creators bonus system ( https://c4c-at.croma.at/de/ ).
Data: Name, age, gender, title, address, email address, telephone number, fax, website, ordering behavior
Legal basis: Contract and bonus system processing (Art 6 Paragraph 1 lit b GDPR). Furthermore, we process your data for marketing purposes based on our legitimate interest (Art 6 Paragraph 1 lit f GDPR) to provide you as our customer with information and advertising for similar Croma services or products, other events and other news from the respective product industry (also electronically ).
d) Croma Is More
We process the following of your data for the use of our training program “Croma is More” ( www.cromaismore.com ):
Data: name, address, telephone number, email address, department.
Legal basis: Processing of the training program (Art 6 Paragraph 1 lit b GDPR). Furthermore, we process your data for marketing purposes based on our legitimate interest (Art 6 Paragraph 1 lit f GDPR) to provide you as our customer with information and advertising for similar Croma services or products, other events and other news from the respective product industry (also electronically ).
e) Marketing
Data: name, age, department; Order behavior
Legal basis: Our legitimate interest in carrying out sales analyzes in order to develop and / or improve new services, products, seminars, workshops, etc. (Art 6 Paragraph 1 lit f GDPR).
We store your data, which are processed for contract processing, for at least seven (7) years within the framework of the statutory retention periods.
For other processing purposes, we save your data until revoked (consent) or justified objection (legitimate interest) in the context of other legal provisions only for as long as it is necessary to fulfill the purposes for which they were transmitted. After all purposes of use have ceased to exist (e.g. if the product group with which you were our customer is abandoned) your data will be deleted immediately and completely.
Name, date of birth, address, telephone number, email address; in the case of legal persons, the specified data of the legal person’s contact person, bank details
Contract processing (Art 6 Paragraph 1 lit b GDPR)
In accordance with legal requirements for at least seven (7) years.
Name, age, health data (in pseudonymised form)
As a manufacturer of medical products and pharmaceuticals, we are required by regulatory requirements to commission clinical studies as a sponsor for product registration of medical products and pharmaceuticals in order to maintain the high quality and safety standards.
Legal basis: Consent of the patient (Artt 9 Paragraph 2 lit a in conjunction with 6 Paragraph 1 lit a GDPR), as well as our legal obligations to provide evidence of the quality and safety standards of medical products and pharmaceuticals (Art 9 Paragraph 2 lit in conjunction with 6 Paragraph 1 lit c GDPR ).
We are jointly responsible for data processing with the respective study center, whereby we are primarily responsible for processing in the product approval phase. For this purpose, we have concluded a corresponding agreement in accordance with Art 26 GDPR in order to protect your data.
For the supervision of the study, we use contract research institutes (so-called CROs), which for us as service providers (contract processors) monitor the correct implementation of the study by the study center. We have concluded the necessary agreements with these CROs in accordance with Art. 28 GDPR in order to protect your data.
In accordance with the legal and regulatory retention periods, we store the data for at least twenty (20) years.
If you revoke your consent, this revocation has no effect on activities based on your consent after being informed by the study center before it was revoked, or on the use of the data collected on this basis. In this respect, you have no right to deletion according to Art 17 GDPR (§§ 49 Paragraph 5 MPG, 39 Paragraph 3a AMG).
Unless specifically defined for the processing types about the transmission of your data to third parties, the following applies to the respective processing type:
Croma generally stores your data on Croma servers in Austria. We can transmit your data to the following recipients for the above-mentioned purposes:
– Members of the Croma-Pharma Group (see below).
– External service providers used by us (so-called processors), especially in the areas of debt collection, IT, legal or taxation.
– If necessary for regulatory reasons, to government authorities and notified bodies worldwide, of course only based on a corresponding legal basis.
The Croma-Pharma Group consists of the following companies:
Croma-Pharma GmbH (AT), Croma GmbH (AT), Croma Pharma Produtos Medicos Ltda (BRA), Croma Schweiz GmbH (CH), Croma Deutschland GmbH (DE), Laboratorios Croma Estetica, SL (ESP), Croma France SASU ( FR), Croma Italia Srl (IT), Croma Nederland BV (NL), Croma-Pharma Sp.Z oo (PL), CROMA PORTUGAL – Comércio de Produtos Farmacêuticos, Unipessoal, Lda. (PT), Croma Pharma Romania SRL (RO), Croma USA Inc. (USA) and Croma-Pharma Limited (UK).
If Croma uses external service providers / contract processors to process your data, we have concluded the necessary agreements according to Art 28 GDPR in order to be able to guarantee compliance with our data protection obligations.
Some of the recipients mentioned above are located outside the European Union or process your data there. The level of data protection in non-EU countries may not correspond to that of your country. We therefore only transfer your data to countries for which the EU Commission has passed an adequacy decision ( https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/ adequacy-decisions_en ) and thus decided that they have an adequate level of data protection.
Subject to a legal obligation or an official or court order, we will not pass on your data to third parties unless your express consent has been obtained beforehand or we are legally obliged to do so.
You have the right at any time and free of charge to receive information about your data free of charge and, if necessary, to have it corrected, deleted or restricted, provided that there are no legal storage obligations or other legal interests of Croma.
To the extent permitted by law, you have the right to object to processing that we base on our legitimate interest (Art 6 Paragraph 1 lit f GDPR).
If the data processing is based on your consent (Art 6 Paragraph 1 lit a GDPR), you can revoke this consent at any time without affecting the legality of the processing carried out before the revocation.
Furthermore, under the legal requirements of Art 19 GDPR, you have the right to receive your data in a common, machine-readable format.
You also have the right to lodge a complaint against our processing of your data with the competent Austrian data protection authority.
Correct collection of your data is always of particular concern to us. Please contact our data protection officer to update your data (see contact details below).
Please address your data protection queries, complaints or suggestions to Croma’s data protection officer, either by email
dataprotection@croma.at
or by post to
Croma-Pharma GmbH for the
attention of the data protection
officer Cromazeile 2
2100 Leobendorf
Austria.
The content of external websites to which we refer directly or indirectly on our website (through “hyperlinks” or “deep links”) are outside our sphere of influence and responsibility and are not adopted by us. However, we can state that at the time the respective links are set, we assume that there is no illegal content on the linked websites. We have no influence whatsoever on the current and future design or the content of the linked pages or the related copyright authorization. We therefore expressly distance ourselves from all content on all linked websites that was changed after the link was set. This statement applies to all links and references set within our online presence. For illegal, The provider of the linked website is solely liable for incorrect or incomplete content and, in particular, for damage resulting from the use of the information that can be accessed on the linked websites. If we become aware of illegal, unlawful or incorrect content on websites to which we link, we will remove the link.
Last updated in January 2020