Privacy Policy

Our handling of your data and your rights according to the EU General Data Protection Regulation (GDPR)

We process your personal data exclusively in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Data Protection Act. In the following, we provide information about us and the nature, scope and purpose of the collection and use of data:

Who we are

Sanova Pharma GesmbH, Haidestraße 4, 1110 Vienna is responsible for the data processing. You can reach us by phone at +43 1401 04 1524.
The Data Protection Officer for our company is Mr. Sebastian Niederauer M.A., phone number +43 1 40104 1524, e-mail address

Collection and processing of data

We process the personal data that you provide us as a customer,  supplier and/or party interested (e.g. doctors) in our services (in particular Logistics 360 °, Health Care, Medical Systems, marketing, competitions, loyalty cards), for example as part of a request or to conclude a contract. On the other hand, we process personal data that we have legitimately obtained from publicly available sources (e.g. pharmacy directory, EUDRA GMP, land register, commercial register, trade register, press, media, websites) or that have been transmitted to us by on of our service provider.

Relevant personal data are personal details (first name and surname, address and other contact information, date of birth, nationality, health-related data, insurance number including date of birth, diagnosis and, if applicable, the insured person's data) and identification information (such as identity card information). In addition, this may also include order data, data from the fulfilment of our contractual obligations (sales data in payment transactions, quantities, sales, prices, delivery dates, payment and reminder data as well as delivery times, credit limits, product information, information about your financial situation (e.g. credit rating), advertising and sales information, data about your use of our offered telecommunications media (e.g. time that our web pages or newsletter were retrieved) as well as any other data similar to the categories mentioned.
As a commission agent in the scope of our business area Logistics 360 °, we are entitled and obligated as contracting party of the respective pharmaceutical enterprise, to transmit the customer data processed by us for business fulfillment, in particular name, address, order, delivery and billing address, order date, ordered or delivered products or services, quantities, sales, prices, delivery dates, payment and reminder data and delivery deadlines for the purpose of fulfilling our contractual and statutory information obligations to the respective contracting party. The respective contracting party uses the above-mentioned data in the area of ​​controlling and for measures in market development, such as, in particular, the control of its sales force and the delivery of product information and offers.

If you as a patient order directly from us in the logistics services Logistics 360 °or we receive the order from your local health insurance, we process your data (especially first and last name, address, social security number including date of birth, diagnosis and possibly the data of the insured person) for the purpose of fulfilling the purchase contract. These data are only forwarded to other contracting parties (such as your local health insurance fund) and contracted service providers for the purpose of billing within the framework of the fulfillment of the contract.

Purpose of the data collection

The data is processed for the following purposes:

  • Contract fulfilment and pre-contractual correspondence
  • Corporate controlling
  • Information about changes to the general terms and conditions or privacy policy
  • Sending marketing information () or invitations to events
  • Notification in the context of a competition
  • Processing of services ()
  • Ensuring IT security and IT operations
  • Video surveillance (used to collect evidence in the event of a criminal offence)
  • Measures for building and plant safety (e.g. access control)
  • Measures for business management and further development of services and products
  • Visiting of our sales and our pharmaceutical representatives for advice on our products and services

The legal bases for the data processing are:

  • Consent pursuant to Art. 6 (1) (a) of the GDPR
  • Contract initiation and fulfilment. In order to process your orders to the fullest satisfaction, we need your data.
  • Marketing and advertising according to Art. 6 (1) (f) of the GDPR. As customers and parties interested in our diverse range of services, we would like to keep you up-to-date and well informed of the latest developments and offers concerning our products and distribution partners.
  • Processing is necessary for health or social care or treatment or for the management of health and social systems and services on the basis of statutory provisions or under contract with a health professional (e.g. Pharmagovigilance).
  • Due to legal obligations pursuant to Art. 6 para. 1 lit. c GDPR

Consent (Article 6 (1) (a) of the GDPR)

If you have given us consent to process your personal data for specific purposes (e.g. approval as part of the customer loyalty card or online on our website ), the lawfulness of such processing is based on your consent.

Withdrawal of consent

We process your personal data in order to operate direct advertising. You have the right to object to the processing of your personal data for the purpose of such advertising at any time; this also applies to profiling if it is associated with such direct advertising.
Every request for information must be accompanied by a proof of identity (e.g. an official photo ID).
Consent that has been granted may be withdrawn at any time in the future. This also applies to the withdrawal of consent granted to us before May 25, 2018. Please notify us of your withdrawal of consent by phone +43 1 40104 1524 or by e-mail to

Use and disclosure of personal data

If you have provided us with personal data, we will use it only for the purpose of processing contracts, invitations to various events, answering your inquiries and for technical administration. As part of our business relationship, you only need to provide the information necessary to establish, conduct, and terminate the relationship, or that we are required to collect by law. Without this data, we would normally have to refuse to execute the contract or fulfil the order, or would be unable to perform an existing contract and would have to terminate it if necessary.
Personal data will only be disclosed or transmitted by us to third parties (in particular health insurance companies, order- and transport service providers) if this is necessary to execute the contract or for billing purposes, or if you have given your prior consent.
Your personal data that has been stored will be deleted if you withdraw your consent to the storage, if your data is no longer necessary for the fulfilment of the purpose pursued with the storage, or if its storage is or becomes prohibited for other legal reasons. Data for billing and accounting purposes will not be deleted on request within the statutory retention obligation.

Data access

Within the company and within the mother company Herba Chemosan Apotheker-AG, the entities that require access to your data to fulfil our contractual and legal obligations, to maintain and uphold operations, and for advertising and marketing purposes (e.g. accounting,  logistics and marketing) are those that have access to your data. Here, the principle of least privilege is used. Order processors employed by us (Art. 28. of the GDPR) may also receive data for these purposes. These are companies in the categories of accounting / tax consultants, IT services, logistics, telecommunications, data security service providers, advice and consulting, as well as sales and marketing).

With regard to the disclosure of your data to recipients outside the company, it should be noted that we only disclose your data if legal provisions permit this, you have given your consent and or if the order service provider has committed itself to us by contract to maintain secrecy and implement data protection measures.

Data retention and data security

The data will be processed in personal form for as long as reasonable for the purposes of its processing, in particular for the duration of our business relationship.
The data is also processed and stored on the basis of various storage and documentation obligations required by the Corporate Code, the Tax Code and other legal obligations. For example, accounting data is stored for a period of eight years. In addition, data is stored until the termination of any litigation in which the data is required as evidence. Personal data that we process in connection with our marketing services will be deleted after four years of the last contact with you.
The data is protected against unauthorised access with appropriate safeguards for each system architecture (privacy by design). The safeguards include, for example, encrypted transmission, encrypted storage, a role authorisation concept, a backup concept, and physical protection measures for the servers.
The security measures are continuously revised according to the technological development and are audited regularly.

Information, rectification, erasure, withdrawal

Each data subject has the right of access to information under Art. 15 of the GDPR, the right to rectification under Art. 16 of the GDPR, the right to erasure under Art. 17 of the GDPR, the right to restriction of processing under Art. 18 of the GDPR and the right to data portability from Art. 20 of the GDPR. The restrictions according to the GDPR apply.
On written request, we will gladly inform you at any time about any personal data stored about you.
Please direct your inquiry to Ms. Anita Fickert, +43 1 40104 1524, e-mail address Every request for information must be accompanied by a proof of identity (e.g. an official photo ID).
If the data about you processed by us is not correct, please inform us accordingly. We will correct it immediately and inform you.
In the event that you no longer wish us to process your data, please advise us using any format at +43 1 40104 1524, e-mail address Of course we will delete your data immediately and inform you. If mandatory legal reasons preclude a deletion, you will be notified immediately.

Profiling (scoring)

We sometimes process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling to provide you with targeted information and advice on products. This allows for needs-based communication and advertising, including market and opinion research.
In any case, the decision-making process is not automated.


Cookies are small text files that are sent when you visit a website and stored on the hard drive of the user of the website. If the corresponding server of our website is visited again by the user of the website, the browser of the user of the website sends the previously received cookie back to the server. The server can then evaluate the information obtained by this procedure in various ways. For example, cookies can be used to control advertisements or facilitate navigation on a website. If the user of the website wishes to prevent the use of cookies, he/she can do so by making his/her changes locally in the Internet browser used on his/her computer, i.e. the program for opening and displaying web pages (for example Internet Explorer, Mozilla Firefox, Opera or safari).

GOOGLE Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about the use of the website by the consumer (including the IP address) is transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate the use of the website, to create reports on website activity for website operators, and to provide additional services associated with the use of the website and of the Internet. Google may also transfer this information to third parties if required by law or if the third parties process this data on behalf of Google. Google will in no case associate the consumer's IP address with other Google data. The consumer can prevent the installation of the cookies by a corresponding setting in the Internet browser; in this case, not all the features of the pharmacy's website may be fully available. By using the website, the consumer agrees to the processing of the data collected about him/her by Google in the manner described above and for the aforementioned purpose.
You may refuse the use of the cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore you can prevent Google's collection and use of your data by downloading and installing the browser plug-in available under
You can also refuse the use of Google Analytics on this website by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website:

disable Google Analytics
Further information concerning Google's terms of use and privacy statement can be found at or at

Opportunity to file a complaint

Finally, please be informed that you have the opportunity to file a complaint with the Data Protection Authority.