The protection of personal data of users of this website is a major concern of Desitin Pharma OY ("Desitin", "we", "us"). When processing your personal data, we comply with the applicable provisions of the EU General Data Protection Regulation ("GDPR"), the Finland Federal Data Protection Act ("FDPA") and tele media law. The following privacy notice describes which personal data of users are collected on the website and how they are processed.
The controller for processing your personal data in connection with this website is the Desitin Pharma OY ("Desitin"). Our contact data are:
Desitin Pharma OY
Unioninkatu 32 B
Tel.: +358 50 3102969
Desitin Pharma Oy
- Data Protection Officer -
Unioninkatu 32 B
Personal data are all information referring to an identified or identifiable natural person, such as names, addresses, telephone numbers, email addresses, photos or online identifiers. When we process personal data, this means – for example – that we collect, store, use, transmit or delete such data. In the following, we will first specify the processing purposes and legal bases of processing; thereafter we will explain details regarding the individual categories of personal data that we collect.
We and/or the service providers commissioned by us process your personal data for the processing purposes listed below. We point out that, according to the "legitimate interest" as legal basis, you are entitled to exercise a special right to object to processing (see section 9 "Your rights as a data subject").
|No.||Processing purpose||Legal basis of processing||Description of the legitimate interest in processing, where relevant|
|2||Collecting statistical information about the use of the website (so-called web analysis)||Legitimate interest||We have a legitimate interest in obtaining information about the website use, especially in order to improve our offer.|
|3||Webtracking by use of common web analysis tools and services (Google Analytics).||Consent|
|4||Tracking malfunctions and safeguarding system security, including the detection and tracing of unauthorized access attempts and accesses to our web server.||Compliance with our legal obligations regarding data security, and legitimate interest||We have a legitimate interest in removing malfunctions, guaranteeing the system security, as well as detecting and tracing unauthorised accesses or access attempts.|
|5||Safeguarding and defending our rights||Legitimate interest||We have a legitimate interest in safegarding and defending our rights and legal claims.|
|6||Answering a request via the contact form||Performance of contract|
During your visit to the website, Desitin automatically collects access data, which are relevant for system security and data security, in the so-called log files of the web server. This involves the following data in particular:
The log files are stored for up to seven days for the purpose of tracking malfunctions and guaranteeing system security, including detecting and tracing unauthorized access attempts and accesses to our web servers and are deleted after this period unless a suspect case of unlawful access to our web servers has occurred until then. The log files are only analyzed in such suspect cases and only by authorized persons. Log files which must continue to be stored for evidentiary purposes are excluded from deletion until final clarification of the particular case and may be forwarded to investigation authorities or lawyers to the required extent.
The log files are additionally also stored for the web analysis, however without (complete) IP addresses so they do not enable conclusions regarding a specific user. For web analysis purposes, the files are evaluated in aggregated form only (for details see section 5 "web analysis")
Other personal data, including business related data, are only collected from you if you provide them to us voluntarily, for example when you send a request to Desitin via a contact form. These personal data are only processed to the extent necessary for the particular purpose (e.g. performance of a contract) and legally permitted, or subject to your consent. This information is not linked to other data.
Your personal data are in principle only transferred to the extent required for the particular purpose and to other controllers only in cases where this is necessary for contract performance, where we or the third party have a legitimate interest in such disclosure, or where you have given your consent. Furthermore, personal data may be transferred to other controllers to the extent we are obligated to make such disclosure due to statutory provisions or enforceable orders issued by public authorities or courts.
Desitin may use service providers for data processing. In these cases Desitin will enter into data processing agreements with the service providers to the extent necessary.
In particular, we use the following types of service providers:
We might disclose your personal data to recipients that are located outside of the European Union ("EU") or the European Economic Area ("EEA") in so-called third countries (e.g. service providers which act as processors on our behalf). In this case, we implement safeguards before the data transfer to make sure that there is an adequate level of data protection at the recipient or that you have consented to the transfer of your data explicitly. An adequate level of data protection may be ensured, for example, by the existence of an adequacy decision by the EU Commission for the respective third country, in which the recipient is located, or by the existence of other appropriate safeguards, e.g. if we have agreed on EU standard contractual clauses with the recipient.
You can request from us an overview of the data recipients in third countries and a copy of the specific provisions to safeguard an appropriate data protection level. Please use the contact data named in the contact form if you wish to do so.
In principle, we store your data as long as necessary for providing this website and the related services, or as long as we have a legitimate interest in further storage (for example we might still have a legitimate interest in postal marketing even after performance of a contract). In all other cases we delete your personal data, except for personal data that we must continue to store in order to comply with statutory obligations (due to retention periods set forth by tax and commercial law we are, for example, obliged to preserve documents such as contracts for a certain period of time up to 10 years).
The following specific retention periods apply:
Some pages of the Desitin website use so-called cookies. Cookies are small files that are stored on the user's computer or in the browser when visiting a website. Cookies can store various types of data and help to provide additional functions (and thus make the website as a whole more user-friendly, effective and secure).
We use so-called "session cookies", which are automatically deleted when you close the browser.
Desitin also uses a so-called analysis cookie in relation to the web analysis (see section 5 "Web analysis").
Hereinafter you find a summary of cookies used by us, which shall inform you about the purpose and type of the cookie concerned, and the respective storage duration.
|Purpose of Cookie||Type of Cookie||Application name||Name of the Cookie||Storage period|
|Essential Cookie||Permanent||Cookie banner||cb-enabled||1 year|
|Functional Cookie||Session||Google Analytics|
|Analysis||Session||Google Analytics (performance: if used via the Google day manager function)||dc_gtm||1 minute|
(distinction between users)
(distinction between users)
Essential Cookies are processed on the basis of our legitimate interest. All non-essential cookies are only processed on the basis of you consent.
The settings options do not cover cookies set by other providers during your visit to web pages of third parties.
With your consent, we process information about your use of our website via the analysis tool "Google Analytics". Google Analytics is a common web analysis tool to evaluate the usage of websites and is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The information on your use of the website generated by the cookie are usually submitted to and stored at a Google server in the USA. We use Google Analytics with the additional function offered by Google for anonymizing IP addresses. Here, the IP address is normally shortened by Google within the EU already and only in exceptional cases shortened in the USA, and is at all events stored in a shortened form only.
According to the provider, your IP address submitted by your browser in connection with Google Analytics is not combined with other data by Google.
You can prevent the collection and analysis of your data by Google by downloading and installing the browser plugin available here. In addition, you may prevent the storage of cookies by your respective browser settings (see section 4 "Cookies").
Our website may include links to web pages of third parties. We have no influence on the processing of any personal data transferred to third parties by clicking the link (e.g. your IP address or the URL of our website including the link). We take no liability for the processing of such personal data by third parties. The third party's respective privacy notices shall apply.
Our employees and the service providers commissioned by us and their employees are obliged to maintain secrecy and comply with the regulations of the applicable data protection laws.
We take all necessary technical and organizational measures in order to guarantee a level of protection appropriate to the risk involved with the data processing and to protect your personal data processed by us, especially against risks arising from unintended or unlawful destruction, loss, change or unauthorized disclosure or unauthorized access. Our security measures are continuously being improved in line with the technological development.
If you send an email to Desitin via the contact form, these data are transmitted in encrypted form.
Automated decision-making, including profiling that is based solely on automated processing, which produces legal effects concerning you or similarly significantly affects you does not take place.
Exercising of your rights: In order to exercise your rights according to Art. 12-22 GDPR, please use the contact details provided in the contact form. Please make sure for this purpose that we can identify you clearly. Alternatively, you may send us a message to exercise your rights via post or e-mail, e.g. via the contact details of our data protection officer.
Right to information and access (Art. 13, 14, 15 GDPR): You have the right to access your personal data processed by us. You also have the right to receive a copy of the personal data undergoing processing.
Right of rectification and erasure (Art. 16, 17 GDPR): If your personal data are inaccurate or incomplete, you may request that your personal data are rectified or completed. If we have disclosed your personal data to third parties, we will inform them about the rectification to the extent set forth by law. You have the right to obtain erasure of your personal data from us, if the respective legal conditions are fulfilled. This particularly applies in cases where:
When we disclose your personal data to third parties, we inform them about the deletion to the extent prescribed by law. Please note that your right of deletion is subject to restrictions. For example, we are not committed or permitted to delete any personal data which we must continue to store due to statutory retention periods. Also, personal data which we need in order to establish, exercise or defend legal claims are excluded from your right of deletion.
Restriction of processing (Art. 18 GDPR): You may request restriction of the processing of your personal data, if the respective legal conditions are fulfilled. This particularly applies in cases where:
If you have the right to restriction of processing, we flag the personal data concerned in order to make sure that these data only continue to be processed within the narrow limits applying to such restricted data (i.e. especially in order to defend legal claims or with your consent).
Right to data portability (Art. 20 GDPR): You also have the right to receive your personal data provided to us in a structured, commonly used and machine-readable format, or to request – if technically feasible – that the personal data are transmitted to a third party without hindrance from us.
Right to object (Art. 21 GDPR): You have the right to object to data processing on grounds relating to your particular situation, if such processing is based on legitimate interest as legal basis. You can also always object to the processing of your personal data for marketing purposes.
Withdrawal of consent (Art. 7(3) GDPR): If you have consented to the processing of your personal data, you may withdraw such consent at any time and without reason. The lawfulness of processing your data remains unaffected until the withdrawal.
Right to lodge a complaint with the Supervisory Authorithy: You have the right to lodge a complaint with a Supervisory Authority. For this purpose you may particularly contact the Supervisory Authority competent for your place of residence, or the Supervisory Authority competent for us. The latter is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit ("The Hamburg Officer for Data Protection and Freedom of Information") (www. Datenschutz.hamburg.de, only German)
Desitin reserves the right to amend the contents of this privacy notice in accordance with legal requirements. Please keep yourself informed regularly about updates of this privacy notice.
If you wish to contact us, you can do so under the contact data specified in section 1.
Last update: January 2023