GDPR Compliant

Privacy Policy

In this privacy notice pursuant to Art. 13, 14 GDPR, we inform you about the processing of your personal data by Nexopharm GmbH.

1. Controller under GDPR

Nexopharm GmbH

Am Poth 2a
40625 Düsseldorf

+49 176 32455645: +49 176 32455645

datenschutz@nexopharm.de: datenschutz@nexopharm.de

www.nexopharm.de: www.nexopharm.de

Managing Director: Armin Djabbari

Data Protection Officer

The appointment of a data protection officer is not mandatory for our company under § 38 BDSG, as we employ fewer than 20 persons permanently engaged in automated processing of personal data. For data protection inquiries, please contact the address above directly.

2. Definitions

Personal data means any information relating to an identified or identifiable natural person. Processing means any operation involving personal data such as collection, recording, storage, use, or deletion. Official definitions can be found in Art. 4 GDPR.

3. Web Hosting & 4. Server Log Files

Our website is hosted by Vercel Inc. (USA). Personal data (IP addresses, metadata) is processed on the host's servers. The basis is our legitimate interest in secure provision (Art. 6(1)(f) GDPR). A DPA pursuant to Art. 28 GDPR has been concluded. Vercel is certified under the EU-U.S. Data Privacy Framework.

Server log files: When accessing the website, data such as browser, operating system, referrer URL, IP address, and timestamp are automatically collected. This data is anonymized after 30 days at the latest.

5. Cookies and Consent Management

We use cookies. Technically necessary cookies are based on § 25(2)(2) TTDSG. All other cookies require your consent (Art. 6(1)(a) GDPR). You can adjust your settings at any time in the footer.

Tools & Services Used

Google Maps

Used for map display. IP address is transmitted to Google. Usage based on consent.

Google Fonts (Local)

Fonts are installed locally. No connection to Google servers.

Google Analytics

Currently not active. If activated in the future: analysis of user behavior with IP anonymization. Usage only with explicit consent.

HubSpot CRM

Used for CRM and marketing. Data (contacts, forms) is processed in the USA (Data Privacy Framework certified).

10. Contact Form and Email

Inquiries are stored for processing (Art. 6(1)(f)/(b) GDPR). Deletion after purpose fulfillment, unless statutory retention periods apply.

11. Professional Circle Legitimation

Pursuant to § 10 HWG and § 52a AMG, we may only make certain content accessible to professional circles.

  • Registration: We verify pharmacy operating license, BtM license, and IDF number.
  • DocCheck: Optional login via DocCheck Medical Services GmbH. Verification takes place on DocCheck servers.

12. Contract Processing & 13. Disclosure

We process order data for contract fulfillment (Art. 6(1)(b) GDPR) in our ERP system Weclapp (servers in Germany). Disclosure to third parties only when necessary (logistics, payment) or legally required.

14. Storage Duration & 15. Security

Storage according to HGB/AO (6-10 years) and BtMVV (3 years). We use SSL/TLS encryption.

16. Your Rights & 17. Objection

  • Information (Art. 15)
  • Correction (Art. 16)
  • Deletion (Art. 17)
  • Restriction (Art. 18)
  • Data portability (Art. 20)
  • Withdrawal of consent (Art. 7(3))
  • Right to lodge a complaint (LDI NRW)

Right to Object (Art. 21 GDPR)

You may object to processing (based on legitimate interests) at any time. Email to: datenschutz@nexopharm.de

As of: December 2025. Subject to change.