Privacy Policy

1. Controller

MediFirst Pharma GmbH
Königstr. 3
E-Mail: kontakt@medi-first-pharma.de
Telefon: 0049 (0) 351 424 175 33

2. Datenschutzbeauftragter

Medi First Invest Pharma GmbH E-Mail: datenschutz@medi-first-pharma.de

3. General information on data processing

We process personal data only insofar as this is necessary to provide our website, process requests, and fulfill legal obligations.

Legal bases (selection):

  • Art. 6(1)(a) GDPR (consent)
  • Art. 6(1)(b) GDPR (contract / pre-contractual measures)
  • Art. 6(1)(c) GDPR (legal obligation)
  • Art. 6(1)(f) GDPR (legitimate interest)

4. Hosting / server log files

When you access our website, the hosting provider automatically processes information in so-called server log files, e.g.:

  • IP address (possibly truncated/stored truncated, depending on hosting)
  • Date and time of access
  • Page/file accessed
  • Referrer URL
  • Browser type/version, operating system
  • Possibly provider

Purpose ensuring technical operation, security, error analysis.
Legal basis: Art. 6(1)(f) GDPR.
Retention period as long as necessary.
Hosting provider: [Name + Country]
Processing agreement: a data processing agreement pursuant to Art. 28 GDPR is in place.

5. Contact

If you contact us via form or email, we process your details (e.g., name, email, message, possibly organization/position) to handle your request.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual communication/response) and/or Art. 6(1)(f) GDPR (efficient communication).
Retention period: until processing is complete, then in accordance with statutory retention obligations.

6. HCP portal / access

For the access/verification procedure for healthcare professionals, we process the data required for this purpose (e.g., name, professional role/institution, contact data, evidence).

Purpose verification/activation and provision of the portal.
Legal basis: Art. 6(1)(b) GDPR (contract/pre-contractual measures) and Art. 6(1)(c) GDPR (legal requirements, where applicable).
Retention period [e.g., duration of the account + statutory periods].
Note on third-party providers (e.g., DocCheck) (optional):
If an external service is used for verification, data processing is carried out under its conditions; we provide details in the respective process and in this policy under 'Third parties/recipients'.
(To be added later: provider, purpose, legal basis, processing agreement, if applicable third-country transfer.)

7. Cookies and consent management (CMP)

Our website uses cookies and similar technologies. Unless technically necessary, we only use them with your consent.
Legal basis: Art. 6(1)(a) GDPR (consent), if applicable Section 25(1) TTDSG.
Technically necessary cookies: Art. 6(1)(f) GDPR, if applicable Section 25(2) TTDSG.
Consent tool (CMP): [Name of tool]
You can change or revoke your consents at any time via 'Cookie Settings'.

8. Web analytics / marketing (optional - only if you use it)

If we use tools for reach measurement, analysis, or marketing, we will inform you here about:

  • Provider, purpose, data categories
  • Legal basis (usually consent)
  • Retention period
  • If applicable third-country transfer and appropriate safeguards (e.g., standard contractual clauses)

Currently used: [specific tools]

9. Recipients / disclosure

We disclose personal data only if this is necessary (e.g., hosting, IT service providers) or if consent has been given.

Recipients may include: [Hosting], [IT service provider], [Email/CRM system], [Consent tool], [Verification service].

10. Third-country transfer (optional)

If service providers outside the EU/EEA are used, we will inform you about:

  • Country, safeguards (SCCs), additional protective measures
  • Legal basis

11. Your rights

You have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)
  • Withdrawal of consent (Art. 7(3) GDPR)

12. Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is generally the authority at your place of residence or at our company’s registered office.

13. Currency

This privacy policy is up to date as of: [Date].

14. Cookie settings

We use cookies and similar technologies to provide the website technically and - if you consent - for reach measurement, optimization, and possibly marketing.
Required:necessary for operation, security, and basic functions.
Functional (optional): remember settings/preferences.
Statistics (optional): reach measurement/analysis to improve.
Marketing (optional): personalization/marketing (if used).
You can change or revoke your selection at any time.

Open cookie settings'