privacy policy

pharmaand GmbH (“pharma&”, hereinafter also referred to as “us”, “we”) is controller of your data in accordance with Art 4 para 7 of the General Data Protection Regulation (“GDPR”) regarding the processing of personal data of visitors of our website

The following Privacy Policy is intended to explain according to article 13 GDPR to you in a comprehensible, transparent and clear manner how your personal data is processed by us, the purpose for which we process the personal data and who are the recipient, who receive the personal data.


I. Controller of your data

Controller according to Art 4 Z 4 GDPR is:

pharmaand GmbH
Taborstraße 1
1020 Wien
FN 480684p

Telephone: +43 1 3560006

II. Which personal data do we process

Personal data are all data which directly or indirectly allow an inference to your person (“data”) Art 4 Z 1 GDPR. This includes, for example, name, address, e-mail address, user behavior. With regard to further terminology, in particular the terms processing’, ‘controller’, ‘processor’ and ‘consent’, we refer to the legal data protection definitions of Art. 4 GDPR.

We process personal data only to the extent necessary to provide a functional website and the content and services offered by us. Personal data is regularly processed only if you have given us your consent within the meaning of Art. 6 (1) a) GDPR or if the processing is permitted by statutory provisions, in particular by one of the legal bases mentioned in Art. 6 (1) b) to f) GDPR.

Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. In addition, storage may take place if this has been provided for by national or European regulations to which we are subject. In this case, the data will be blocked or deleted when the storage period prescribed by the respective regulations has expired. The latter does not apply if further storage of the data is necessary for the conclusion or fulfilment of a contract.

If you use our website, we can use the personal data, which you give us voluntarily (Contact Forms etc).

You can also use our website, without giving us actively information about you. In this case we process only certain data, which your browser will transfer to our website server (Logfiles) as well as data, which will be collected by the use of cookies or similar technologies. We process among others the following data:

  • IP-address
  • Browser type and version
  • Information that the user is providing while filling in a contact form

III. We process your data for the following purposes

1. Use of website

Logfiles: You can visit our website also without providing us actively information. In this case we collect specific data transferred by your browser to our website server.

Cookies: Cookies are small text files that are stored on your computer, tablet computer or smartphone when you visit a website using your browser. These files do no harm and serve only to recognize the website visitor. On your next visit to the website using the same device, the information stored in cookies may subsequently be returned either to the website (“First Party Cookie”) or to another website to which the cookie belongs (“Third Party Cookie”). You can set your browser so that the storage of cookies is generally prevented or you are asked each time whether you agree to the setting of cookies. Once set, you can delete cookies at any time. How this works can be found in the help function of your browser.
Required Cookies: Technically necessary cookies are used to enable the technical operation of a website and make it functional for you. The use is based on our legitimate interest to provide a technically flawless website. However, you can generally disable the use of cookies in your browser.

Hosting: While hosting our website, all data related to operating our website are stored. This is necessary in order to make the operation of the website possible. Thus, all data are processed on the basis of our legitimate interests according to Art. 6 para 1 lit. f GDPR to optimize our website.

Server Log- File: Due to technical reasons, in particular in order to guarantee a functioning and secure web presence, we are processing technical necessary data on accesses on our website in so-called server-log-files. Your browser is transmitting those automatically to us.

The following data are protocolled:

  • Website visited
  • Browser type and version
  • Operating system
  • Hostname of the accessing computers
  • Time of server request
  • Amount of data sent
  • IP address
  • Date and time of the request
  • Time zone difference to GMT
  • Content of the web page
  • Access status (HTTP status)
  • Amount of data transferred

This data are not connected to natural persons and are only used for evaluation and improvement of our website. These data are only transmitted to our Website provider. A connection or aggregation of these data with other data sources does not take place. The processing of data is based on our legitimate interest according to Art. 6 para 1 lit. f GDPR to provide for a technical flawless presentation and optimization of our website.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

We process this data on the basis of our legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR.
Data are deleted after fulfilling the purpose, normally within a few days, in case there is no need to store data as evidence. In this case, data will be stored until the issue is finally resolved.

2. Answering your Inquiries, Requests or Complaints

We process the data that you provide us with in your correspondence or by filling in forms (e.g. name, first name, postal address, e-mail address, telephone number) in order to answer your inquiries, requests or complaints. We obtained your personal data for this purpose based on your freely given consent. The expression of your consent derives neither from legal, nor contractual obligations. However, if you do not provide your personal data, we are unable to answer your inquiries, requests or complaints. (Legal basis Art 6 (1) lit 1 GDPR)

IV. Who receives your data?

In order to operate our website we use external IT Provider, who acts as data processor according to Art 4 Z8 DSGVO. In order to achieve the above under point III stated purposes your data may be shared with the following categories of recipients:

  • Service provider, where we operate our website;
  • Technical maintenance companies.

Transfer of data to foreign countries: As part of the data processing described above, transmitted transmission of personal data to recipients in countries outside the European Union (so-called third countries) may take place. We only transfer your data to (i) countries for which the EU Commission has determined that they provide an adequate level of data protection or (ii) if we take measures to ensure that the respective recipient provides an adequate level of data protection (in particular by concluding EU Standard Contractual Clauses).

V. How long do we store your personal data?

Usually Logfiles will be stored for a period of 14 days. Only in case of investigations due to irregularities or incidents related to our systems the period could exceed the 14 days period.

Regarding the storage period of cookies please refer to point III.1 Use of the website.

We process your personal data as long as reasonably necessary to achieve the under point III mentioned purposes and in addition in accordance with the legal obligations for storage and documentation which result among others from the Austrian Civil Code (ABGB) and the Austrian Business Code (UGB) or for asserting, exercising or defending legal claims.

VI. Your Rights

According to current data protection laws, you enjoy the following rights regarding the processing of personal data:

  • Right of access (information about the data we process about you),
  • Right to rectification (correction of incorrect data),
  • Right to restriction of processing (limitation of data processing),
  • Right to data portability,
  • Right to object and the
  • Right to erasure (data deletion – “right to be forgotten”).

If the processing of your personal data is based on our legitimate interest, you have the right, to object any time to the processing of your data for reasons arising out of the particular situation; this applies in particular to the processing of data for the purpose of direct marketing.

If the processing of your data is based on your consent, you have the right to withdraw the consent at any time with future effect. Such withdrawal shall not affect the lawfulness of the data processing up to the date of withdrawal.

If you believe that our processing of your data is violating applicable data protection laws or if your privacy rights have otherwise been violated, please contact us using the contact details provided in point I above. In this way, we get to know and understand your concerns and can respond accordingly.

You can exercise your aforementioned rights by sending your request via email to
You also have the right to file a complaint with the national competent data protection authority. In Austria it is the Data Protection Authority.

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Österreich
Tel.: +43 1 52 152-0,