GDPR-compliant

Privacy Policy

In this privacy notice, in accordance with Articles 13 and 14 of the GDPR, we provide you with information regarding the processing of your personal data by Nexopharm GmbH.

1. Data controller as defined by the GDPR

Nexopharm GmbH

Münsterstr. 477
40470 Düsseldorf

+49 211 97632157: +49 211 97632157

datenschutz@nexopharm.de: datenschutz@nexopharm.de

www.nexopharm.de: www.nexopharm.de

Managing Director: Armin Djabbari

Data Protection Officer

Under Section 38 of the Federal Data Protection Act (BDSG), our company is not required to appoint a data protection officer, as we have fewer than 20 employees who are regularly involved in the automated processing of personal data. If you have any questions regarding data protection, please contact us directly at the address listed above.

2. Definitions

Personal data refers to any information relating to an identified or identifiable natural person. Processing refers to any operation or set of operations performed on personal data, such as collection, recording, storage, use, or erasure. The official definitions can be found in Article 4 of the GDPR.

3. Web Hosting & 4. Server Log Files

Our website is hosted by Vercel Inc. (USA). Personal data (IP addresses, metadata) is processed on the host’s servers. The legal basis for this is our legitimate interest in ensuring secure service provision (Art. 6(1)(f) GDPR). A DPA pursuant to Art. 28 GDPR has been concluded. Vercel is certified under the EU-U.S. Data Privacy Framework.

Server Log Files: When you visit the website, data such as your browser, operating system, referrer URL, IP address, and timestamp is automatically collected. This data is anonymized after 30 days at the latest.

5. Cookies and Consent Management

We use cookies. Technically necessary cookies are based on Section 25(2)(2) of the TTDSG. All other cookies require your consent (Article 6(1)(a) of the GDPR). You can adjust your settings at any time in the footer.

Tools & Services Used

Google Maps

Used to display maps. Your IP address is transmitted to Google. Use is based on consent.

Google Fonts (Local)

Fonts are installed locally. No connection to Google servers.

Google Analytics

We use Google Analytics 4 to analyse user behaviour. Collection is governed by Google Consent Mode v2 and takes place only after your explicit consent (Art. 6(1)(a) GDPR, Section 25(1) TTDSG); no analytics cookies are set without consent. Provider: Google Ireland Ltd. You can withdraw your consent at any time via the cookie settings in the footer.

HubSpot CRM

Used for CRM and marketing. Data (contacts, forms) is processed in the U.S. (Data Privacy Framework certified).

10. Contact Form and Email

Inquiries are stored for processing purposes (Art. 6(1)(f) and (b) of the GDPR). They are deleted once the purpose has been fulfilled, provided that no statutory retention periods apply.

11. Expert Group Credentials

In accordance with Section 10 of the German Medicines Advertising Act (HWG) and Section 52a of the German Medicines Act (AMG), we are permitted to make certain content available only to healthcare professionals.

  • Registration: We verify the pharmacy operating license, controlled substances license, and IDF number.
  • DocCheck: Optional login via DocCheck Medical Services GmbH. Verification takes place on DocCheck servers.

12. Contract Processing & 13. Disclosure

We process order data in our Weclapp ERP system (servers located in Germany) for the purpose of fulfilling the contract (Art. 6(1)(b) GDPR). Data is only shared with third parties when necessary (logistics, payment) or when required by law.

14. Retention Period & 15. Security

Data retention in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO) (6–10 years) and the German Tax Administration Act (BtMVV) (3 years). We use SSL/TLS encryption.

16. Your Rights & 17. Objection

  • Information (Art. 15)
  • Correction (Art. 16)
  • Deletion (Art. 17)
  • Restriction (Art. 18)
  • Data portability (Art. 20)
  • Withdrawal of Consent (Art. 7, para. 3)
  • Right to File a Complaint (LDI NRW)

Right to object (Art. 21 GDPR)

You may object to the processing (based on legitimate interests) at any time. Email: datenschutz@nexopharm.de

As of December 2025. Subject to change.