Dermapharm Data Protection Policy


The purpose of this Data Protection Policy is to tell you which of your personal data (hereinafter also referred to as "data") we process, for what purpose and to what extent. The Data Protection Policy applies to all personal data processed by us, both during the course of providing our services and, in particular, on our websites and our mobile service and in our external online presences, such as our social media profiles (hereinafter collectively referred to as the "online service").


Schlossstrasse 11-17
79238 Ehrenkirchen, Germany


Authorised representatives: Dr Hans-Georg Feldmeier, Dr Andreas Ebernhorn

Email address:

Data Protection Officer contact details:

The website is a service provided by ANTON HÜBNER GmbH & Co. KG. Therefore, ANTON HÜBNER GmbH & Co KG is the controller for the purposes of Article 5 (2) of the General Data Protection Regulation (GDPR). You can contact our Data Protection Officer at or the address given in the Legal Notice.


This Data Protection Policy uses the terminology of the GDPR. 
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed on personal data, or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Restriction of processing" means the marking of stored personal data with the aim of limiting their processing in the future.

"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

"Filing system" means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

"Controller" means the natural or legal person, public authority, agency or other body, which alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

"Recipient" means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

"Third-party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or order processor, are authorised to process personal data.

"Consent" means the freely given, specific, informed and unambiguous indication of the data subject's wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.

Types of data processed

We gather and process the following personal data about you:

Data sources

We obtain the data from you (including via the devices you use). If we do not collect the personal data directly from you, we will also tell you the source of the personal data and, if applicable, whether it originates from publicly accessible sources. 

Requirement or obligation to provide data

Unless expressly stated at the time of collection, the provision of data is not required or obligatory. Such an obligation may result from legal requirements or contractual provisions.

Purpose of the processing

We process your data for the following purposes:

Lawfulness of Processing under the GDPR

The processing is only lawful if at least one of the following conditions is met. If a more specific legal basis applies in each individual instance, we will inform you of this in the Data Protection Policy.

Legitimate interests

If we base the processing of your personal data on legitimate interests as defined by Article 6 (1) (1f) GDPR, those interests are:

Automated decisions in individual cases

Automated decision-making is performed in individual cases for the following purpose:

Security measures

We take suitable technical and organisational measures to ensure a level of protection that is reasonable in light of the risk in accordance with the legal regulations, taking into account the latest technology, the implementation costs and the nature, scope, circumstances and purpose of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling access to the facilities and systems holding the data, as well as access to the data itself, its entry and disclosure, and ensuring its availability and segregation. We also have procedures in place to safeguard the rights of data subjects and ensure the deletion of data and our responses when there is a risk to the data. Furthermore, we take personal data protection into account when developing or selecting hardware, software, and procedures in accordance with the principle of data protection through technology design and privacy-friendly default settings.

SSL encryption (https): We use SSL encryption to protect your data transmitted via our online service. You can recognise these encrypted connections from the prefix https:// in your browser's address bar.

Personal data recipients or categories of recipients

When processing your data, we work with the following service providers who have access to your data:

Data processing in third countries

If we process data in a third country (in other words, outside the European Union (EU) or the European Economic Area (EEA)), if such processing takes place within the framework of the use of third-party services or if data is disclosed to other persons, bodies or companies, this will only take place in accordance with the statutory regulations.

Subject to express consent or a contractually or legally required transfer, we will only process data, or arrange data processing, in third countries with a recognised level of data protection, a contractual obligation through so-called EU Commission standard protection clauses, with the presence of certifications or binding internal data protection regulations (Articles 44 to 49 GDPR).

Storage period

We will only store your personal data for as long as necessary to achieve the purpose of the processing or comply with a relevant statutory retention period.

We will store your data

Your rights

You have the following rights, partly under certain conditions

Use of cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after visiting an online service. Saved information may include, for example, language settings on a website, the login status, a shopping basket or the location where a video was viewed. The term "cookies" also includes other technologies that perform the same functions as cookies (for example, when user details are stored using pseudonymous online identifiers, also known as "user IDs").

It is necessary to distinguish between the following cookie types and functions:

Information about the legal basis: The legal basis for processing your data in the context of cookies is usually your declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (for example, the commercial operation of our online service and its improvement) or if the use of cookies is necessary to fulfil our contractual obligations.

Storage period: If we do not provide you with specific information about the storage period of permanent cookies (for example, in a so-called cookie opt-in), please assume that the storage period will be up to two years.

General information relating to revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option to revoke your consent or object to the processing of your data through cookie technologies at any time (collectively referred to as "opt-out"). In the first instance, you can declare your objection through your browser settings, for example, by deactivating cookies (this may also restrict the functionality of our online service). You can also object to the use of cookies for online marketing purposes through several services, especially in the case of tracking, via the following websites: and In addition, you can obtain further instructions on how to object below in the information about the service providers and cookies used.

Processing of cookie data on the basis of consent: We ask users for their consent before we process data, or arrange for the processing of the same, as part of our use of cookies. This consent may be revoked at any time. Before this consent is granted, cookies will only be used where strictly necessary to operate our online service.

Cookie settings/right to object:

Consent management

We use a consent management tool on this website. Our consent management platform collects log file data and consent data using JavaScript. This JavaScript enables us to inform users about their consent to certain tags on our website and obtain, administer and document this consent.

The consent ID, which contains the consent data and consent status with timestamp, is saved locally in your browser and on the cloud servers used. Further processing only takes place if you submit a request for information or revoke your consent. In this case, the relevant information is provided in a compact data format in an easy-to-read text form for the purpose of the data exchange.

No user information is saved for statistics on the use of the consent that has been granted or not granted. Only the frequency and locations of the clicks are saved.

The purpose of the data processing is the analysis, management and proof of the consent that has been issued to comply with our consent management obligation under the GDPR.

The specific purposes for the processing of the personal data are:

The legal basis for managing your consent to the processing of your personal data is Article 6 (1)(1c and f) GDPR. Our legitimate interest lies in the legally secure documentation and traceability of consent, the control of marketing measures on the basis of the consent granted and the optimisation of consent rates.

The data is deleted once it is no longer required for our logging.

You may revoke your consent via the consent management tool. Click the fingerprint icon at the bottom right to re-open the consent tool.

You can permanently prevent the execution of JavaScript at any time via the relevant settings in your browser, which would also prevent Usercentrics from executing the JavaScript.

Services used and service providers:

Data in connection with our business activities

We process data from our contracting and business partners, for example, customers and interested parties (collectively referred to as "contracting partners") within the framework of contractual and comparable legal relationships and related measures and during communication with contracting (or pre-contractual) partners, for example to answer enquiries.

We process this data to fulfil our contractual obligations, safeguard our rights, and for the administrative tasks associated with this information and commercial organisation purposes. We only disclose contracting partners' data to third parties within the scope of applicable laws, where necessary for the aforementioned purposes or to fulfil legal obligations or with the consent of the data subjects (for example, to relevant telecommunications, transport and other auxiliary services, and subcontractors, banks, tax and legal advisers, payment service providers or tax authorities). The contracting partners will be informed about any other forms of processing, for example, for marketing purposes, within the framework of this Data Protection Policy.

In addition, we use your email address after responding to contact requests in the context of contractual or pre-contractual relationships to fulfil our contractual obligations or related obligations arising from the original performance of the contract and to follow up on communications in this regard."In addition, we use your email address after responding to contact requests in the context of contractual or pre-contractual relationships to fulfil our contractual obligations or related obligations arising from the original performance of the contract and to follow up on communications in this regard.

You can object to this use of your e-mail address at any time. This will not incur any additional costs to your individual transmission costs, if any. The easiest way to revoke your consent is to send an e-mail with the subject: "Revocation ANTON HÜBNER GmbH & Co. KG" to

The data will be deleted after the expiry of statutory warranty and comparable obligations, i.e. generally after four years, unless the data is stored in a customer account, for example, for as long as it must be retained for legal archiving reasons (for example, for tax purposes, usually ten years). We delete data disclosed to us by our contracting partners within the framework of an order in accordance with the order specifications, generally once the order is complete.

Customer account: Contracting partners can create an account within our online service (for example, a customer or user account, "customer account" for short). If registration of a customer account is required, contracting partners will be informed of this and the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During the registration process and subsequent logins and use of the customer account, we will store customers' IP addresses together with access times so we can prove registration and prevent any misuse of the customer account.

If customers have terminated their customer account, all data relating to the customer account will be deleted, except where the retention of this data is required for legal reasons. Customers are responsible for backing up their data when terminating their account.

Side effects form

If you report undesirable side effects or other aspects related to the safety or quality of medicines or medical devices, we are legally obliged to process your report, which may also contain personal data or health data. This results in particular from Section 63 c) of the German Medicinal Products Act (AMG) due to the statutory obligation to document and report adverse reactions to medicines.

Under certain circumstances, we may process your personal data. You can find information about this data processing at, depending on the contact channel.

Online seminars

When we invite you to participate in an online seminar for our products, we collect your first and last name and your email address. This enables our seminar leader to get an overview of the number of participants and to send you a certificate of attendance after the seminar. We have a data processing agreement with a data processor for our online training courses to ensure compliance with data protection.

Your data will not be forwarded to any third party in conjunction with our online seminars and will be deleted from our seminar system after six (6) months.

Payment service providers

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use other payment service providers in addition to banks and credit institutions for this purpose (collectively referred to as the "payment service providers").

The data processed by the payment service providers includes master data (such as names and addresses), bank data (such as account numbers or credit card numbers, passwords, transaction authentication numbers (TANs) and checksums), and information concerning contracts, amounts and recipients. This information is required to carry out the transactions. However, the data entered will only be processed by the payment service providers and stored by them. We do not receive any account or credit card information, only information about whether or not payments have been confirmed. Under certain circumstances, the payment service providers may transmit the data to credit agencies. This is for the purposes of verification of identity and creditworthiness. Please see the payment service providers' terms and conditions and privacy notices for further details.

The respective payment service providers' terms and conditions and privacy notices, accessible via their respective websites or transaction applications, will apply to the payment transactions. Please see these terms and notices for further details and information on exercising your right of withdrawal, right of access, and other data subject rights.

Services used and service provider(s)

Credit checks

If we make advance payments or enter into similar economic risks (for example, for ordering on account), we reserve the right to obtain identity and creditworthiness information to assess credit risk on the basis of mathematical-statistical procedures from service companies specialising in this area (credit agencies) to protect our legitimate interests.

We process the information received from credit agencies regarding the statistical probability of a payment default as part of an appropriate discretionary decision on the establishment, execution and termination of the contractual relationship. We reserve the right to refuse to offer payment on account or any other advance payment in the event of a negative credit check result.

In accordance with Art. 22 GDPR, the decision on whether or not to provide advance payment services is made on a case-by-case basis solely using an automated decision made by our software based on the information provided by the credit agency.

Where we obtain express consent from contractual partners, the legal basis for the credit check and the transmission of the customer's data to the credit agencies is this consent. If no consent is obtained, the credit information is provided on the basis of our legitimate interests in safeguarding our payment claims from default.

Services used and service provider(s):

Website and web hosting

To provide access to our website securely and efficiently, we use the services of one or more web hosting providers. Our website can be accessed from their servers (or servers managed by them). We may use infrastructure and platform services, computing capacity, storage space, database services, and security and technical maintenance services for these purposes.

The data processed while providing the hosting service may include all information regarding the users of our website generated during the course of the use and any communications. This routinely includes the IP address, which is necessary for delivering the contents of websites to browsers, and all details entered onto our website or from other websites.

Email sending and hosting: The web hosting services we use also include the sending, receiving and storing of emails. The addresses of the recipients and senders are processed for these purposes, along with further information about sending of the email (for example, the providers involved) and the contents of the respective emails. The aforementioned data may also be processed to identify spam. Please note that sending emails across the internet is generally not encrypted. As a rule, emails are encrypted when in transit but (unless a so-called end-to-end encryption process is used) not on the sending and receiving servers. We, therefore, cannot accept any liability for the transmission path of the emails between the sender and receipt on our server.

Collection of access data and log files: We (or our web hosting provider) collect data each time our server is accessed (so-called server log files). These server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.

The server log files may be used, on the one hand, for security purposes, for example, to prevent server overload (especially in the case of malicious attacks, so-called distributed denial-of-service (DDoS) attacks) and, on the other hand, to manage server load and stability.

Services used and service provider(s)

Contacting us

When contacting us (for example, via contact form, email, telephone or social media), information about the inquiring party will be processed where necessary to respond to the inquiries and perform any requested actions.

Responses to contact requests are made to fulfil our contractual obligations or respond to (pre)contractual inquiries within the framework of contractual or pre-contractual relationships and are otherwise made on the basis of legitimate interests in responding to said inquiries.

Services used and service provider(s)

Web analytics, monitoring and optimisation

Web analytics (also referred to as "reach measurement") is used to evaluate the flow of visitors to our website. They may also collect behavioural, interest or demographic information for visitors, such as age or gender, in the form of pseudonymous values. Reach analytics can help us, for example, identify the time at which our website or its functions or content are most frequently used or invite re-use. We can also understand which areas require optimisation.

In addition to web analytics, we may also use testing methods, for example, to test and optimise different versions of our website or its components.

So-called user profiles may be created for these purposes and stored in a file (a so-called "cookie"), or similar methods may be used for the same purpose. This information may include, for example, content viewed, web pages visited, and the elements of them used, technical information such as the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data, this may also be processed, depending on the provider.

Users’ IP addresses are also stored. However, we use an IP masking method (pseudonymisation by shortening the IP address) to protect users. In general, the data stored in the context of web analytics, A/B testing and optimisation is not plain user data (such as email addresses or names) but pseudonyms. This means that we, and the providers of the software used, do not know the actual identity of the users, only the information stored in their profiles for respective procedures.

Information on the legal basis: If we ask users for their consent to the use of third-party providers, the legal basis for the data processing will be this consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. our interest in efficient, profitable and user-friendly services). In this context, please also see the information about the use of cookies in this Privacy Policy.

Services used and service provider(s)

This service allows analysis of the use of our web pages and employs cookies to do this. The information generated by the cookie, such as your anonymised IP address, is transmitted on our behalf to a Google Inc. server in the USA, where it is stored and analysed for this purpose. This is because, on this website, Google Analytics has been appended with the code "gat._anonymizeIp();". This ensures that IP addresses are recorded anonymously. The anonymisation of your IP address is usually done by Google Inc. shortening your IP address within the European Union or in other contracting states of the European Economic Area (EEA). In exceptional cases, your IP address is transferred to a Google Inc. server in the USA and only anonymised there. Your IP address transmitted in this process will not be merged with other Google Inc. data. As part of the Google Analytics advertising function, remarketing and performance reports according to demographic and interests are used. The purpose of these procedures is to tailor advertising measures more closely to the interests of the respective users with the help of information about user behaviour. If you have consented to having your web and app browsing history linked by Google to your Google Account and having information from your Google Account used to personalise ads, Google will use this data for cross-device remarketing. You can object at any time to the collection of your data by Google Analytics. You have the following options to do this:

Most browsers accept cookies automatically. However, you can prevent the use of cookies by adjusting your browser settings accordingly. However, you may not be able to use all of the website’s functions in this case. You must adjust the settings separately for each browser you use. You can also stop Google Inc. from recording and processing this data by downloading and installing the browser add-on available from the following link:

Alternatively, or for browsers on mobile devices, please click on the following link: disable Google Analytics. This will create an opt-out cookie for our websites on your device in your current browser. If you delete your cookies for this browser, you will have to click the link again. The data processing, in particular the storing of cookies, is carried out with your consent on the basis of Art. 6(1)(a) GDPR. You may revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of that consent prior to its revocation.

For more information on terms of use and privacy, please visit or

Online marketing

We process personal data for the purposes of online marketing. This may include, in particular, marketing advertising space or displaying promotional and other content (collectively, "content") based on users' potential interests and measuring its effectiveness.

Facebook pixel: The Facebook pixel, on the one hand, enables Facebook to identify the visitors to our website as a target group for displaying advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of partners cooperating with Facebook (the so-called "Audience Network" who have also shown an interest in our website or who have certain characteristics (for example, interest in certain topics or products that are evident from the websites visited) that we communicate to Facebook (so-called "Custom Audiences"). By using the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and are not unwelcome. With the help of the Facebook pixel, we can further track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion measurement").

Services used and service provider(s)

Social network (social media) presence

We maintain an online presence on social networks and process user data within this context to communicate with users active on them or provide information about us.

Please note that user data may be processed outside the European Union area during this process. This may give rise to risks for users because, for example, it could make it more difficult to enforce users' rights.

Furthermore, user data on social networks is usually processed for market research and advertising purposes. Usage profiles may be created based on usage behaviour and the user interests these demonstrate, for example. The usage profiles may, in turn, be used, for example, to display advertisements that are presumed to correspond to users' interests, both within and outside the networks. For these purposes, cookies recording users' behaviour and interests are generally stored on users' computers. Furthermore, data may also be stored in these usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed explanation of the respective forms of processing and the options for objecting (opting-out), please see the privacy policies of and information provided by the operators of the respective networks.

Requests for information and the assertion of data subject rights would also be best directed to these providers. Only the providers in each case have access to users' data and can take appropriate measures and provide information directly. You can then contact us if you still need help.

Services used and service provider(s)

Plugins and embedded functions and content

Our website contains functional elements and content obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos, social media buttons and posts, for example (hereinafter simply referred to as "content").

Integrating this content requires the third-party providers of said content to always process the user’s IP address since they cannot deliver the content to the user's browser without the IP address. The IP address is therefore required to display this content or functionality. We endeavour only to use content whose respective providers use the IP address for the sole purpose of delivering the content. Third-party providers may also use so-called “pixel tags” (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit, and other information about the use of our website, and may be linked to similar information from other sources.

Information on the legal basis: If we ask users for their consent to the use of third-party providers, the legal basis for the data processing will be this consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. our interest in efficient, profitable and user-friendly services). In this context, please also see the information about the use of cookies in this Privacy Policy.

Services used and service provider(s)

Changes and updates to the Privacy Policy

Please check the content of our Privacy Policy regularly. We will adapt the Privacy Policy whenever changes in our data processing make this necessary. We will inform you if the changes require any action on your part (for example, consent) or other personalised notification.

Where we provide addresses and contact information for companies and organisations in this Privacy Policy, please note that these addresses may change over time. Please check this information before contacting us.

Last updated: 03/07/2023