Privacy Policy

This privacy policy is intended to explain to you in a comprehensible, transparent and clear manner how we process your personal data and to provide you with further relevant information in this context. Your personal rights are our top priority and we do our utmost to protect and guarantee these rights. This privacy policy was last updated on 18.05.2021. If you have any questions regarding understanding or other queries about data protection in our company, please feel free to contact us at info@ocuforte.com.

1. responsible person

OCUforte AMD is a product of MOLOGEN AG. MOLOGEN AG, Johnsallee 30, 20148 Hamburg (hereinafter referred to as "we" or "MOLOGEN"), is therefore the controller within the meaning of the EU General Data Protection Regulation ("GDPR").

2. contact

For all questions relating to the processing of your personal data and the exercise of your rights under the GDPR, please contact info@ocuforte.com.

3. what rights do you have?

Depending on the situation in each individual case, you have the following data protection rights, which you can exercise at any time by contacting us at the address given in Section. 3.1 Information You have the right to obtain information about your personal data processed by us and to request access to your personal data and/or copies of this data. This includes information about the purpose of use, the category of data used, its recipients and authorized persons and, if possible, the planned duration of data storage or, if this is not possible, the criteria for determining this duration. 3.2 Rectification You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement. 3.3 Right to object Insofar as the processing of personal data concerning you is based on Art. 6 para. 1 p. 1 lit. f GDPR, you have the right to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. 3.4 Right to withdraw consent If the processing is based on consent (Art. 6 para.1 S. 1 lit. a, or Art. 9 para. 2 lit. a GDPR), you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can contact us at any time using the details above. 3.5 Right to erasure You have the right to demand that we erase the personal data concerned without undue delay. We are also obliged to delete personal data immediately if one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You object to the processing in accordance with point 3.3 above and there are no overriding legitimate grounds for the processing.
  • The personal data was processed unlawfully.
  • The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which we are subject.

This does not apply if the processing is necessary:

  • for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject.
  • for the assertion, exercise or defense of legal claims.

3.6 Right to restriction of processing You have the right to obtain from us restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data,
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
  • you have objected to processing pursuant to point 3.3 above pending the verification whether our legitimate grounds override yours. Where processing has been restricted in accordance with this Section 3.6, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you have obtained a restriction of processing, we will inform you before the restriction is lifted.

3.7 Right to lodge a complaint Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

4. purpose and legal basis of the processing of personal data

4.1 When visiting our website When visiting our website, the following data is collected from website visitors, which is anonymized immediately upon collection:

  • Referrer (previously visited website)
  • Requested web page or file
  • Browser type and browser version
  • Operating system used
  • Device type used
  • Time of access
  • IP address in anonymized form (only used to determine the location of access)

We are supported in this by our technical service providers, which we use as processors. The data is collected on the basis of legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in order to ensure the security and stability of the website and to be able to provide website visitors with the highest level of quality. This anonymized data is stored for 8 weeks and is not passed on to third parties, not even outside the EU in third countries. In addition, processing by WebAnalytics takes place. The data is collected exclusively for statistical evaluation and technical optimization of the website. The data is determined either by a pixel or by a log file. To protect personal data, WebAnalytics does not use cookies. 4.2 When ordering in the online store as a guest If you order a product via our website, we process the following personal data:

  • First name, last name
  • E-mail address
  • Address
  • Payment information (depending on the payment option selected)

This data is processed for the purpose of identifying the contractual partner, fulfilling contractual services such as delivery and payment processing and handling any warranty claims. The data processing is carried out at your request and is permitted under Art. 6 para. 1 S.1 lit. b GDPR for the purposes mentioned for the fulfillment of the purchase contract and pre-contractual measures. In addition, the data collected will also be processed to the extent required by law to fulfill the archiving and retention obligations under German commercial and tax law (e.g. AO, HGB, StGB). In order to ensure smooth and easy processing of your order and for faster clarification of any queries, you can also provide additional data:

  • Your telephone number
  • an alternative delivery address
  • an order note

The provision of this data is voluntary. The personal data collected by us for the order will be stored until the expiry of the statutory warranty obligation and then automatically deleted, unless we are obliged to do so under Article 6 para. 1 p. 1 lit. c GDPR due to retention and documentation obligations under tax and commercial law or you have consented to longer storage in accordance with Art. 6 para. 1 p. 1 lit. a GDPR have consented. 4.3 When creating a user account You have the option of setting up a password-protected user account with us, in which we store your personal data. The purpose of this is to provide you with the greatest possible convenience when processing your orders by making the purchase process easier and faster. If you would like to set up a password-protected user account with us, we need the following information from you:

  • First name, last name
  • E-mail address
  • Address
  • Payment information (depending on the selected payment option)

You must also enter a password of your choice to set up a user account. Together with your e-mail address, this enables access to your user account. You can view and change your saved data at any time in your user account. We only store your personal data in a user account if you have given us permission to do so in accordance with Art. 6 para. 1 p. 1 lit. a GDPR have voluntarily given your consent. It is not necessary to create a user account to use our website or to place orders with us. We also offer you the option of placing your order as a guest (see 4.2.) In this case, however, you must enter your data completely anew for each order. After deletion of your user account, your data will be automatically deleted for further use, unless we are obliged to do so in accordance with Article 6 para. 1 p. 1 lit. c GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have consented to storage beyond this period in accordance with Art. 6 Para. 1 p. 1 lit. a DSGVO have consented. 4.4 Contacting us via our website If you contact us via our contact form (name, e-mail address, message) or by e-mail or telephone, your details will be processed voluntarily and with your knowledge for the purpose of processing the contact request and its handling within the framework of contractual or pre-contractual relationships in accordance with Art. 6 para. 1 lit. a GDPR. 1 lit. b. GDPR and by our legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR is processed. The data collected will first be stored and then used to respond to your request for contact. As soon as processing is complete, the data will be deleted unless retention is required by law. You have the right to withdraw your consent to data processing with future effect at any time. Persons under the age of 16 may not transmit data without parental consent. We ensure that we do not knowingly collect personal data from children, use it in any way or disclose it to third parties without authorization. 4.5 Google Analytics This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. You can find more information on deactivating cookies under 4.5.2. 4.5.1 IP anonymization We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. 4.5.2 Browser plug-in You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. 4.5.3 Objection to data collection You can prevent the collection of your data by Google Analytics by clicking on the "Deactivate Google Analytics" link at the bottom of the page. An opt-out cookie is set to prevent the collection of your data on future visits to this website. You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de. 4.5.4 Contract data processing We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics. 4.5.5 Demographic characteristics with Google Analytics This website uses the "demographic features" function of Google Analytics. This allows reports to be created that contain information on the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section "Objection to data collection". 4.6 Use of cookies This website collects and stores usage data in anonymized form. So-called "cookies" can be used for this purpose. These are text files that are stored on your computer and enable your use of the website to be analyzed. However, these collect and store the data exclusively in pseudonymized form. They are not used to identify you personally and are not combined with data about the bearer of the pseudonym. We use this information to determine the attractiveness of our website and to continuously improve its content. Cookies remain stored at the end of a browser session and can be called up again when you visit the site again. We only use cookies that are not absolutely necessary for the function of our website with your prior express consent (see cookie banner/individual data protection settings). You can also control the installation of cookies yourself at any time by changing the settings in your browser and/or deleting all cookies.

5. disclosure of personal data

Your personal data will not be transferred to third parties for purposes other than those listed below.

  1. a) For contract processing

Insofar as this is legally permissible and in accordance with Art. 6 para. 1 p. 1 lit. b GDPR is required for the processing of contractual relationships with you, your personal data will be passed on to third parties. This includes in particular the transfer to shipping companies for the purpose of delivering the goods you have ordered and the transfer of payment data to payment service providers or credit institutions in order to carry out a payment transaction. The data passed on may be processed by the third party exclusively for the purposes listed.

  1. b) For billing purposes

On the basis of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR), we may also transfer your data to our partners. The transmission of your data to our partners is necessary for general billing purposes. This economic interest is a legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f GDPR must be considered.

  1. c) For other purposes

In addition, we will only pass on your personal data to third parties if: You have given your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR have expressly consented to this,

  • the disclosure pursuant to Art. 6 para. 1 p. 1 lit. f GDPR is necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data, and
  • in the event that the disclosure pursuant to Art. 6 para. 1 p. 1 lit. c GDPR there is a legal obligation.

6. Data protection information Facebook fan page and Instagram profile

6.1 Responsibilities, data protection officer and processing by Facebook and Instagram By using our Facebook fan page ("fan page") or our Instagram profile, MOLOGEN AG, Johnsallee 30, 20148 Hamburg, Germany (hereinafter referred to as "we" or "MOLOGEN") is the controller within the meaning of Art.4 Abs. 7 EU General Data Protection Regulation ("GDPR") for the provision of the service. This does not apply to data processing in connection with the so-called "Site Insights", for which we are responsible together with Facebook Ireland Limited ("Facebook"). Please note that the use of our fan page or our Instagram profile also leads to further processing of your personal data by Facebook, which is not limited to the "Site Insights" option. Facebook describes what information Facebook collects and processes when you use Facebook and Instagram in its Data Policy, Cookie Policy and Insight Data Policy. There you will also find information on how to contact Facebook. Below you will find a list of these Facebook guidelines:

Note: The data collected about you may be transferred by Facebook and Instagram to countries outside the European Union. If you have any questions about data protection on our fan page, you can contact our data protection officer at: info@ocuforte.com. 6.2 Your rights Depending on the situation, you have different data protection rights in individual cases (see section 3.) 6.3 Categories and purposes of the processed personal data In the following, we explain which data MOLOGEN receives from the users and/or from Facebook when using the Facebook fan page and the Instagram profile. 6.2.1. Provision of statistical evaluations of page usage by Facebook Some of the data collected by Facebook during use is also made available to MOLOGEN as a statistical evaluation in anonymized form. This statistical analysis only relates to visitors to our fan page or Instagram profile. These are aggregated values that do not allow any conclusions to be drawn about individual users, so we have no access to personal data processed by Facebook. However, this does not necessarily mean that data processing on Facebook itself is anonymized (see Facebook's data policy in 6.1). 6.2.2. Visibility of users' personal data for MOLOGEN and other users When using certain interactive functions on Facebook (e.g. the comment function or the "Like" button), further personal information is also visible to MOLOGEN, as comments or likes from users are visible to other users and the provider of the fan page and Instagram profile. This allows a direct user assignment to be made. MOLOGEN has no influence on the interactive functionalities or the visibility of comments, likes or other user activities on the fan page or Instagram profile. MOLOGEN is not responsible in this respect within the meaning of data protection law. The type, scope and duration of data storage of "likes" and comment interactions are determined by Facebook, and Facebook is also responsible for the legality of this processing. The type and scope of the collection of personal data when visiting a fan page or an Instagram profile also depends on the user's behavior and can be partially influenced by the user. For example, it is possible to visit our fan page or our Instagram profile without leaving comments or clicking on "Like". It is also possible to reduce the personal processing of data when using our fan page or our Instagram profile by logging out of Facebook or deactivating the "stay logged in" function, deleting the cookies on the end device and closing and restarting the browser. In this way, information that can be used to directly identify the user can be deleted to a large extent. In this way, our fan page and Instagram profile can be used without revealing the Facebook ID. Please note that it is generally only possible to use the interactive functions of the fan page or Instagram profile after logging in to Facebook. When you access interactive functions on the site (like, comment, share, message, etc.), a Facebook login screen appears. After logging in, you will again be recognizable to Facebook or Instagram as a specific user. 6.2.3. Communication with MOLOGEN via private or public message You can send us a public or private message on our fan page and via our Instagram profile. You can contact us with questions about MOLOGEN and Ocuforte, our fan page or Instagram profile and other inquiries. When you contact us, we process your user name and the text of your request as well as other information you have provided in the message in order to process your request and answer your questions. Processing is carried out on the basis of legal provisions that enable us to process personal data insofar as this is necessary to answer your request (e.g. Art. 6 para. 1 b) GDPR) or out of our legitimate interest in providing you with the requested information (Art. 6 para. 1 f) GDPR). In the case of a public message, the data you provide will also be visible to all other visitors to our fan page. The data collected in the course of your inquiry/contact will be deleted by us six months after the last message. Insofar as statutory retention obligations exist, the data will be stored for the duration of the statutory retention obligation. A public message can only be deleted by you.

7. safety precautions

Your personal data is transmitted securely through encryption. This applies to your order and also to the customer login. We use the SSL (Secure Socket Layer) coding system. Furthermore, we use technical and organizational security measures to protect the personal data you provide to us from manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved and adapted in line with the state of the art. It cannot be ruled out that unencrypted data can be viewed by third parties. Please note that data transmission via the Internet (e.g. communication by e-mail) cannot be guaranteed to be secure. Sensitive data should therefore either not be transmitted at all or only via a secure connection (SSL).

8. links to other websites

This privacy policy applies to the website of MOLOGEN AG at ocuforte.com. When you leave the OCUforte website of MOLOGEN AG, it is recommended that you carefully read the privacy policy of each website that collects personal data.