Data Controller
Reddy Pharma Iberia, S.A.U.
Avenida Josep Tarradellas, 38
8029 Barcelona Spain
+34 93 355 49 16
informacion@nerivio.es
On this page, we provide you with information regarding the processing of your personal data on our website.
Last Updated: 26th April, 2024
General Information on Data Processing
How we collect and use your personal data will depend on how you interact with us or the services you use on https://www.nerivio.eu/ (“our website”). We only collect, use or share your personal data where we have a legitimate purpose and a legal basis for doing so.
-
Consent
(Art. 6(1) (a) General Data Protection Regulation (“GDPR”), Regulation (EU) 2016/679)– Where you have given us your consent to process your personal data for a specific purpose. To understand the purposes of processing your personal data, please see the subsection ‘Purposes of Processing Personal Data’ of this Privacy Policy. You have the right to withdraw your consent at any time. For further information on how to withdraw consent, please see the ‘Exercising your rights’ subsections in the subsequent sections of this Privacy Policy. -
Performance of a Contract
(Art 6(1) (b) GDPR) – Where we don’t have your explicit consent but have entered into a contract with you, we will use your data to fulfil the obligations under that contract. Alternatively, we will use your data, where necessary, because you have asked us to, or you have taken it on yourself, to undertake specific steps before entering into that contract. -
Performance of a Contract
(Art 6(1) (b) GDPR) – Where we don’t have your explicit consent but have entered into a contract with you, we will use your data to fulfil the obligations under that contract. Alternatively, we will use your data, where necessary, because you have asked us to, or you have taken it on yourself, to undertake specific steps before entering into that contract. -
Legal Obligatio
(Art 6(1) (c) GDPR) – We need to use your personal data if we have to when complying with the law. -
Vital Interests
(Art 6(1) (d) GDPR) – Processing your data is necessary to protect your vital interests or that of another person. For example, to prevent you from serious physical harm or in case of a serious medical emergency where you are otherwise incapable of giving us your consent. -
Public Task
(Art 6(1) (e) GDPR) – Using your data is necessary for the performance of a task carried out in the public interest, or because it is covered by a task set out in law, for example, for a statutory function. -
Legitimate Interests
(Art 6(1) (f) GDPR) – Processing your data is necessary to support a legitimate interest we or another party has, only where this is not outweighed by your own interests.
Please note where your data is processed under the performance of a contract or for a legal obligation, if you do not provide the data requested, we may be unable to provide you with our service.
Personal Data Collected and Processed
When you access our website, we collect the following personal data about you:
- General Identification and Contact Information:
First Name, Last name, Email Address, (enable collection of parent/ legal guardian consent in case the patient is a minor), Log in credentials (Username and password), Mailing address, Billing Address, Phone/ Mobile number, Terms and Conditions & Privacy Policy Consent, Newsletter & Subscription consent. - Health Information:
Details of the Health care professional that prescribed the device to you, your diagnosis and prescribed treatment and any other information such as medical symptoms and date of birth, sex included in the prescription shared by the prescribing health care professional and, any adverse events reported. - Cookies:
When you visit our website, we use technical aids for various functions, in particular cookies, which can be stored on your end device. When you visit our website and at any time thereafter, you can choose whether you want to generally allow the setting of cookies or which individual additional functions you want to select. You can make changes in your browser settings or via our consent manager. Cookies are text files with small pieces of data that our (Nerivio/Reddy Pharma Iberia S.A.U.) websites place on your device as you are browsing. For more information on types of cookies we use, please refer to our Cookie Policy. - Other Electronic Identifiers:
Internet Protocol (IP) address, Geolocation data.
Purposes of Processing Personal Data
We will process your personal data for the following purposes:
- To make the website available to users.
- To allow you to register to our website – https://www.nerivio.eu/.
- Based on your doctor’s prescription, to allow you to purchase the Nerivio device online, this includes to fulfil the contract and the transmission of payment data to payment service providers in order to process your payments; to deliver the product to you by sharing the personal data with our delivery partners, post validation of the prescription shared by you.
- To contact you with essential information regarding your orders, purchases, devices and its use.
- For assisting you with any queries or concerns you share with us through this website in relation to the device, its purchase and delivery.
- For assisting you with any adverse events reported by you. Please note that we will share any Adverse Event reports you send to us to Theranica, an independent data controller as required by the applicable regulations. To learn more on how we share personal data with “Theranica” please see the section in this notice titled “Transfer of Personal data”.
- For the overall improvement of our products and services including how we interact with you directly or through our website.
- To fulfil our legal and regulatory obligations under applicable Laws.
Additional purposes when using optional services/features:
Newsletter
You can voluntarily subscribe to our newsletter. When subscribing for the newsletter, the data from the input mask is transmitted to us. We process your e-mail address in order to provide this service.
Your consent will be obtained for the processing of your data during the registration process and reference will be made to this privacy policy. You have the right to withdraw your consent at any time.
The data will be used exclusively for sending the newsletter. No data will be passed on to third parties in connection with data processing for the dispatch of newsletters.
Contact Form
A contact form is available on our website, which can be used for electronic contact. If you make use of this option, the data entered in the form will be transmitted to us and stored.
If you contact us via the input mask of the contact form or by e-mail, you can object to the storage of your personal data at any time. You can object to the storage of your personal data at any time in the following ways. You can revoke your consent or object to the storage of your personal data by writing to us at.
In this case, all personal data stored during the contact will be deleted.
Patient Support Program
All patients that have purchased the Nerivio Device can choose to participate in the Nerivio Patient Support Program by signing up on the website. If you sign up for the program through our website either at the time of purchasing the device or at a later stage, your personal data will be processed for the purpose of providing you access to this program.
The Patient Support Program is provided in collaboration with our third-party service provider SIASANI (Servicios Integrales de Asistencia Sanitaria S.L.). For such purposes, we may share your personal data with SIASANI. Depending on the service(s) you choose to receive, we may collect, use and share the following categories of personal data:
- your name and contact details (email address, mobile phone number, home address). your date of birth;
- your gender;
- your Device number;
- your medical history and the name of the treatment you have been prescribed;
- details of your communications and interactions regarding the programme; and
- Details of your additional uses of the service (including recording of telephone conversations for staff training and quality purposes);
For details on how we share your personal data with our processors or third parties and the security measures we implement to ensure protection of your personal data please see the sections titled “Transfers/Disclosure of Personal Data” and “Protection of Personal Data” in this Privacy Notice.
Corporate Web Profiles on Social Networks
If you carry out an action on our company social network profiles/pages (e.g. comments, contributions, likes etc.), you may make your personal data (e.g. clear name or photo of your user profile) public.
However, as we generally or to a large extent have no influence on the processing of your personal data by such Social Network companies, we cannot make any binding statements regarding the purpose and scope of the processing of your data.
You can find our corporate social network profiles/pages on: https://in.linkedin.com/company/dr--reddys-laboratories
Our corporate profiles on social networks are used for communication and information exchange with (potential) customers. We use the company's profile for Publications that contain content related to our products and services. We also maintain a corporate presence on professionally oriented social networks where we provide information on available positions with our company, job applications and general company related updates. Every user is free to publish personal data.
As far as we process your personal data to evaluate your online behaviour, to offer you sweepstakes or to conduct lead campaigns, this is done on the basis of your express declaration of consent, Art. 6 (1) (a), Art. 7 GDPR. The legal basis for processing personal data for the purpose of communicating with customers and interested parties is Art. 6 (1) (f) GDPR. Thereby, our legitimate interest is to answer your request optimally or to be able to provide the requested information. If the aim of contacting you is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR. The data generated on the company profile are not stored in our own systems.
You can object at any time to the processing of your personal data that we collect within the framework of your use of our corporate web profiles and assert your rights as a data subject mentioned the "Exercising your Rights" section of this privacy policy.
Specialist Circles
If you are a Health Care Professional (“HCP”) who wishes to access information and receive updates related to the Nerivio device, case studies on migraines and additional medical developments in this field, you may choose to subscribe to the “Specialist Circles” feature on the website.
We will collect your name and email address for the purpose listed above.
For the processing of your personal data in third countries, we have provided appropriate guarantees in form of standard data protection clauses pursuant to Art. 46(2)(c) GDPR. A copy of the standard data protection clauses can be requested from us.
Lawful Basis of Processing
The legal basis for the temporary storage of data and logfiles when loading the website is Art. 6 (1) (f) GDPR.
The legal basis for the processing of the data when ordering the product is Art. 6 (1) (a) GDPR if you have given consent.
If the registration serves the fulfilment of a contract to which you as the user are a party or the execution of precontractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.
Legal basis for the processing of data of a child below the age of 14 years is Art. 6 (1) (a), Art. 8 (1)(2) GDPR and will be considered to be valid only if the consent is given or authorised by the holder of parental responsibility over the child.
Exercising Your Rights
When your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights:
Right of access (Art. 15 GDPR)
You have the right to request us, the data controller, to confirm whether your personal data is being processed by us. If such processing occurs, you can request the following information from us:
- The purposes for which we process your personal data.
- Categories of personal data that are being processed.
- Recipients or categories of recipients to whom the personal data has been or will be disclosed.
- Planned storage period or the criteria for determining this period.
- The existence of the rights of rectification, erasure or restriction or opposition.
- The existence of the right to lodge a complaint with a supervisory authority.
- If applicable, the origin of the data (if collected from a third party).
- If applicable, the existence of any automated decision-making including profiling with meaningful information about the logic involved, the scope and the effects to be expected.
- If applicable, the transfer of personal data to a third country or international organization.
If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.
Right to rectification (Art. 16 GDPR)
You have a right to request that we rectify and/or modify the data about you, if your processed personal data is incorrect or incomplete. Upon receiving such a request, we will correct the data without any undue delay.
Right to erasure (“Right to be forgotten”) (Art. 17 GDPR)
You have the right to request us to delete your personal data without undue delay. We will fulfil this obligation immediately if one of the following applies:
- Personal data concerning you is no longer necessary for the purposes for which it was collected or processed.
- You withdraw your consent on which the processing is based pursuant to and where there is no other legal basis for processing the data.
- You object to the processing of the data and there are no longer overriding legitimate grounds for processing, or you object pursuant to Art. 21(2) GDPR.
- Your personal data has been processed unlawfully.
- We have a legal obligation to delete your personal data in order to comply with a legal obligation in Union law or Member State law to which we are subject.
- A child’s personal data was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
Note that, the right to erasure or to be forgotten does not exist if:
- the processing is necessary to exercise the right to freedom of speech and information;
- we are using the personal data to comply with legal ruling or obligation required by the law of the Union or Member States to which we are subject;
- we are using the personal data to perform a task of public interest or in the exercise of public authority delegated to the representative;
- for reasons of public interest in the field of public health;
- your personal data represents important information that serves the public interest, scientific research, historical research, or statistical purposes where erasure of the data would likely to impair or halt progress towards the achievement that was the goal of the processing;
- and your data is being used to enforce, exercise or defend legal claims.
Also note that we may request a “reasonable fee” or deny a request to erase personal data if we can justify that the request was unfounded or excessive.
Right to restriction of process (Art. 18 GDPR)
You may request the restriction of the processing of your personal data by us under the following conditions:
- If you challenge the accuracy of your personal data, you can request us to restrict processing for a period that enables us to verify the accuracy of your personal data.
- The processing is unlawful, you can request us to restrict the use of your personal data if you oppose the erasure of the personal data.
- We or our representative no longer need the personal data for the purpose of processing, but you need it to assert, exercise or defend legal claims.
- If you have objected to the processing of your personal data (under the conditions set out under Article 21 (1)) and it is not yet certain whether our legitimate interests override your interests.
Right to data portability (Art. 20 GDPR)
You have the right to request that we transfer your personal data that we collected on the basis of your consent or under a contractual obligation, in a commonly used structured and machine-readable format. You have the right to request us to make such a transfer directly to you, to another person or to another organization without hindrance by us, under certain conditions.
This right shall not apply if we believe that the processing is necessary for the performance of task we are carrying out in the public interest, in the exercise of an official authority vested upon us or if it adversely affects the rights and freedoms of other.
If you make such a request, we will respond to you within a month.
Right to object (Art. 21, Art. 6(1)(e) or Art. 6(1)(f) GDPR)
For reasons that arise from your particular situation, you have, at any time, the right to object to the processing of your personal data pursuant to Art. 6 (1) (e) or 6 (1) (f) GDPR; this also applies to any profiling activities undertaken by us based on these provisions.
Where we are processing your personal data for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data in regard to such advertising; this also applies to profiling activities associated with direct marketing.
You can exercise your rights by writing to our Data Protection Officer at dataprivacy@drreddys.com.
Right to complain to a supervisory authority (Art. 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a single supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes your rights the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
Duration of storage of personal data
Your personal data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.
This is the case for the data collected during the registration process for the fulfilment of a contract or for the execution of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, it may be necessary for us to store your personal data as the contractual partner in order to comply with our contractual or legal obligations. Your personal data will be deleted as soon as we have complied with these obligations.
Transfer/Disclosure of personal data
Sharing with Data Processors: We may share your personal data with third parties who act as our Data Processors:
- Partners engaged for the implementation and management of eCommerce platform, order management system, warehousing solution, and Customer Relationship Management (“CRM”) system.
- Call centre-based customer care support.
- Other technology providers e.g., those who provide solutions related to Identity and Access Management, Optical Character Recognition for prescriptions, generate automate email notifications and provide other value-added services such as newsletters.
- Partners engaged to process Adverse event reports.
Sharing with other Data Controllers:
We may also share your personal data with third parties who will act as independent Data Controllers:
- Theranica – We ( Reddy Pharma Iberia S.A.U.) have a sales and distribution license to sell Nerivio in Europe (a Theranica’s product).Theranica also owns and manages the Nerivio App that you download. To know more, please visit www.nerivio.com
- Our Payment Service partners. See the section “Payment options” of this notice to know more about the Payment Service Partners with whom we engage.
- Our Delivery and logistics partners. See the section on “Shipping service providers” to know more about the Delivery and logistics Partners with whom we engage.
Please note that your personal data will be processed by such Data Controllers in accordance with their Privacy Policies and we ( Reddy Pharma Iberia S.A.U.) will not be liable for their actions. Our Privacy Policy only applies to the extent that we process the personal data for the purposes listed in this document.
We recommend you read the Privacy Policies of the abovementioned third-parties to understand how they handle your personal data.
Sharing with Dr. Reddy’s Laboratories affiliates and/or subsidiaries:
Reddy Pharma Iberia S.A.U. is part of the international pharmaceutical group Dr. Reddy's Laboratories Ltd.
We may share your personal data with other affiliates or subsidiaries within the Dr. Reddy’s Laboratories group for analytics purposes which will help us improve our products and services. Data for such purposes will be protected with safeguards including pseudonymisation to prevent you from being identified by those who use your data.
Where we or our third parties transfer or allow access to your personal data to jurisdictions outside of the European Economic Area (i.e. the EU Member States plus Iceland, Liechtenstein and Norway, the "EEA"), it is done on the basis of standard contractual clauses, or other secure and lawful methods for transfer, approved by the European Commission.
Protection of Personal Data
We have implemented appropriate technical and organisational measures to provide an adequate level of security and confidentiality to your personal information, based on industry standards. The purpose of these measures is to protect your personal data against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure, or access and against other unlawful forms of processing. Our third parties (Data processors) are contractually obliged to protect the confidentiality and security of your personal information, in compliance with applicable law and our policies and standards.
Payment Options
- Credit card
You can complete the payment process by using your credit card. If you have selected payment by credit card, payment data will be passed on to payment service providers for payment processing. All payment service providers comply with the specifications of the "Payment Card Industry (PCI) Data Security Standards" and have been certified by an independent PCI Qualified Security Assessor.
The following data will be transmitted regularly as part of payment via credit card:
- The purchase amount
- The date and time of purchase
- Your first and last name
- Your physical and email address
- Your telephone number / mobile phone number.
- Your debit or credit card number, debit or credit card validity period, and card validation code (CVC)
- The IP address of your device
Your payment data is further shared with the following payment service providers:
- Mollie
H.Q. Keizersgracht 126, 1015CW Amsterdam, Netherlands PayPal (Europe) S.à r.l. et Cie, S.C.A.22-24 Boulevard Royal L-2449 Luxembourg.
- Paypal of Mollie
Further information on the processing of your data by Mollie and PayPal via Mollie can be found here: https://www.mollie.com/privacy and here: https://www.paypal.com/myaccount/privacy/privacyhub.
- Klarna
You can complete your transactions using the payment service provider Klarna (whose European operating company is Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden).
Klarna is a payment service provider that enables purchase on invoice or payment via instalments. If you choose "Purchase on account" or "Instalment purchase" as payment option within the transaction via Klarna, your personal data will be automatically transferred to Klarna. The following personal data will be shared with Klarna:
- Your first and last name
- Your contact information (physical and email address and phone number)
- Your Date of birth and Gender
- Your device’s IP address
- Your financial information (bank account details, credit card number including its expiry date and CVC number)
- Number of items purchased, transaction amount, tax dues, and product codes
- Information on goods and/or services you have purchased.
The transmission of data is intended in particular for identity verification, payment administration and fraud prevention purposes. The personal data exchanged between Klarna and us may be transferred by Klarna to credit agencies. The purpose of this transmission is a check of identity and credit score. Klarna may also pass on the personal data to affiliated companies (Klarna Group) and service providers or subcontractors if this is necessary to fulfil the contractual obligations or if the data is to be processed on behalf of Klarna. Further information on the processing of your data by Klarna can be found in Klarna's privacy policy at: Klarna's Privacy Notice .
All payment service providers comply with the requirements of the "Payment Card Industry (PCI) Data Security Standards" and have been certified by an independent PCI Qualified Security Assessor.
- Paypal
It is possible to process payment transactions with the payment service provider PayPal. PayPal offers a direct payment method as well as purchase on invoice, direct debit, credit card and instalment payment.
If you choose PayPal as your payment method, your data required for the payment process is automatically transmitted to PayPal. The following personal data is transferred to Paypal:
- Your first and last name
- Your contact information (physical address, email address and telephone and/or mobile number)
- Your device’s IP address
- Your financial information (credit card number, CVC, expiry date, transaction amount and tax dues)
- Information related to the product you’ve purchased (product code and previous purchasing behaviour)
The data transmitted to PayPal may be transmitted by PayPal to credit agencies. The purpose of this transmission is a check of identity and credit score. PayPal may also share your information with third parties to the extent necessary to fulfil your contractual obligations or to process the information on behalf of PayPal. When transferring your personal information within companies affiliated with PayPal, the Binding Corporate Rules, approved by the relevant regulatory authorities, apply. You can find them here: https://www.paypal.com/es/legalhub/bcr
Other data transfers may be based on contractual safeguards. For further information please contact PayPal (PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg).
All PayPal transactions are subject to PayPal's privacy policy. You can find them at: https://www.paypal.com/es/webapps/mpp/ua/privacy-full.
Shipping Service Providers
If you order products or services on our website that are delivered by a shipping service provider, you will receive updates on your order and the shipping confirmation via the email address you provide to us and, depending on the shipping service provider, additional notifications that your shipment has arrived and/or notification of package arrival and possible delivery options. The data will be transmitted to the following shipping service providers:
- DHL Express Spain, S.L.U. Edificio de Servicios Generales, Avda. Central s/n, Centro de Carga Aérea Madrid-Barajas, 28042 Madrid.
Your name, physical address, and email address will be shared with DHL.
DHL acts as an independent controller for the processing of personal data during shipping. Information on data protection can be found here: https://mydhl.express.dhl/content/dam/downloads/global/privacy-notice/express_privacy_notice-v1.2c_es_es.pdf.
Content Delivery Networks
A Content Delivery Network (CDN) is a network of regionally distributed servers connected via the Internet to deliver content, especially large media files such as videos.
- Google Cloud CDN: On our website we use functions of the content delivery network Google Cloud CDN. Google Cloud CDN features are used to deliver and accelerate online applications and content.
Google Cloud CDN provides web optimization and security services that we use to improve the load times of our website and to protect it from misuse. When you visit our website, a connection to the servers of Google Cloud CDN is established, e.g. to retrieve content. This allows your personal data to be stored and evaluated in server log files, including your activity (e.g. which pages have been visited) and your device and browser information (e.g. IP address and operating system).
Further information on the collection and storage of data by Google Cloud CDN can be found here: https://policies.google.com/privacy?hl=es.
Your personal data is collected on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website - and server log files are therefore recorded.
Your personal data will be retained for as long as necessary to fulfil the purposes described in this Privacy Policy or as required by law. Information about objection and removal options regarding Google Cloud CDN can be found at: https://policies.google.com/privacy?hl=es.
Third party services
We use various service providers to deliver the service we offer through the website. Generally, where such services are essential to providing the basic service offered by us, we have a legitimate interest in collecting your data via these third-party providers.
Where such services are required for additional services, enhanced functionalities, or additional purposes, your personal data will only be transferred to service providers if you provide your explicit consent. You have the right to revoke your declaration of consent at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.
Your personal information will be stored for as long as is necessary to fulfil the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.
You can prevent third party-services from collecting and processing your personal data by preventing the storage of third-party cookies on your computer, by using the "Do Not Track" feature of a supporting browser, by disabling the execution of script code in your browser, or by installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
We are using the services of the following third parties for our website:
Google Marketing Platform |
Google places a cookie on your computer. This allows personal data to be stored and evaluated, in particular the user's activity (which pages have been visited and which elements have been clicked on), device and browser information (specifically the IP address and the operating system), data about the advertisements displayed (in particular which advertisements have been displayed and whether you have clicked on them) and also data from advertising partners (in particular pseudonymised user IDs). Based on the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may find out and store your IP address. Further information on the collection and storage of data by Google can be found here: https://policies.google.com/privacy?hl=es |
Google Analytics 4 |
Google Analytics examines, among other things, how website visitors use our site. Google sets cookies on your terminal device. During the visit, your behaviour is recorded in the form of "events". As a result, personal data can be stored and analysed, including: First visit to the website, Interaction with the website, usage path, clicks on external links, video usage, file downloads, advertising impressions and clicks, scroll behaviour (if to end of page), searches on the website, language selection, page visits, location (region), your IP address (in shortened form), technical information about your browser and the end devices you use (e.g. language setting, screen resolution). Your internet provider has IP address anonymisation enabled. This means that your IP address is shortened by Google within the member states of the European Union or other contracting states to the Agreement on the European Economic Area. Exceptionally, only in rare cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google states that the IP address transmitted by your browser will not be merged with other Google data within the scope of Google Analytics. You can obtain further information on the processing of data by Google here: https://policies.google.com/privacy |
Google My Business |
We use Google My Business for customer acquisition with optimized company profiles including the possibility of statistical analysis and contacting users. Cookies from Google are stored on your device. The following personal data is processed by Google My Business:
Further information on the collection and storage of data by Google My Business can be found at: https://policies.google.com/privacy
|
Google Tag Manager |
With Google Tag Manager, tags from Google and third-party services can be managed and bundled and embedded on an online presence. Tags are small code elements on an online presence that are used, among other things, to measure visitor numbers and behaviour, capture the impact of online advertising and social channels, use remarketing and targeting, and test and optimize online presences. When you visit the online presence, the current tag configuration is sent to your browser. It contains statements about which tags are to be triggered. Google Tag Manager triggers other tags that may themselves collect data. For more information about the Google Tag Manager, please visit https://www.google.com/intl/de/tagmanager/faq.html and see Google's privacy policy: https://policies.google.com/privacy?hl=es You will find information on this in the passages of the privacy policies referring to the use of the corresponding services in this data protection declaration. Google Tag Manager does not access this data.
|
Hotjar |
Hotjar uses cookies, i.e. small text files, which are stored locally in the cache of your web browser on your end device and which enable an analysis of the use of our online presence by you. Personal data can thus be stored and evaluated, in particular your activity (specifically which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system) and a tracking code (pseudonymised user ID). The information thus collected will be transferred by Hotjar to a server in Ireland and stored there in an anonymised form. Further information on the collection and storage of data by Hotjar can be found at: https://www.hotjar.com/legal/policies/privacy |
Sendgrid |
We use the service provider Sendgrid of SendGrid, Inc., to send e-mails and notifications. SendGrid is a cloud-based SMTP provider that acts as an email delivery system and allows emails to be sent without its own email server. SendGrid manages the technical details of email delivery, such as infrastructure scaling, reputation monitoring and real-time analytics. Cookies and web beacons (tracking pixels) are used in e- mails sent by Sendgrid. These allow you to see whether the e-mail sent via the SendGrid platform has been delivered, opened, clicked, blocked or treated as spam. As a rule, the following data is processed:
Further information on the collection and storage of data by Sendgrid can be found here: https://sendgrid.com/policies/privacy/services-privacy-policy/ |
Zoho |
Zoho is an US-based software provider for online collaboration and management services, including word processor, spreadsheet, presentation tool, database application, email client, chat client, organizer, customer relationship management customer relationship management and project management application. This is an integrated software solution that we use to cover various aspects of our online marketing; including: Email marketing (newsletters as well as automated mailings, e.g., to provide downloads), social media publishing & reporting, reporting (especially traffic sources, hits, etc.), contact management (especially user segmentation & CRM), landing pages and contact forms. Zoho sets a cookie on your computer. Personal data can be stored and evaluated, especially the activity of the user (in particular which pages have been visited and on which elements have been clicked), device and browser information (in particular the IP address and the operating system), data about the displayed advertisements (in particular which advertisements have been displayed and whether the user has clicked on them) and also data from advertising partners (in particular pseudonymized user IDs). For more information on how ZOHO processes data, please see: https://www.zoho.com/privacy.html |
Cookiebot |
Cookiebot offers a software solution that takes care of the collection of consent about cookie usage and the tracking of online users. Cookiebot informs the users of our website about the cookies used on our website. You also have the possibility to deactivate cookie groups except for essential/necessary cookies (which are necessary for the smooth display of our website). We are obliged to document your consent or refusal in accordance with Art. 7 para. 1 GDPR. The following personal data will be processed by Cookiebot:
Cookies of Cookiebot are stored on your device. The key and consent status are also stored in your browser in the cookie of Cookiebot called "CookieConsent". This enables the website to automatically read and follow your consent in all subsequent page requests and future user sessions for up to 12 months. The key will be used for the proof of consent and for an additional option to check if the consent status stored your browser is unmodified compared to the original consent sent to Cookiebot. If the "Collective Consent-feature" is enabled to control the consent for multiple web pages through a single user consent, Cookiebot will also store another separate, random, unique ID with the user's consent. If all the following criteria are met, this key will be stored in an encrypted form in the cookie "CookieConsentBulkTicket" in your browser. All data is hosted in an Azure data centre of the cloud provider Microsoft Ireland Operations Ltd, South County Business Park, One Microsoft Court, Carmanhall and Leopardstown, Dublin, D18 P521, Ireland. For further information on the processing of data by Cookiebot, please click here: |
Integration of plugins via external service providers
We integrate certain plugins on our website via external service providers in the form of content delivery networks. When you access our website, a connection is established to the servers of the providers used by us to retrieve content and store it in the cache of your browser. This allows personal data to be stored and evaluated in server log files, in particular device and browser information (e.g. IP address and operating system). We use the following services:
- Google Hosted Libraries
- Zoho (for CRM), Auth0 (for Customer Identity Access Management)
The use of the functions of these services serves the delivery and acceleration of online applications and content. You can find information on objection and removal options regarding Google at: https://policies.google.com/privacy?hl=en; Zoho at: http://www.zoho.com/privacy.html; and Auth0 at: https://auth0.com/privacy.
Changes to this Privacy Notice
We may change or update this notice from time to time by posting a new privacy notice on our website (https://www.nerivio.eu/). Please keep checking this notice occasionally so that you are aware of any changes.