Data Security

Data protection at PHOENIX group

The PHOENIX group takes the protection and security of its employees, business partners and customers’ data seriously. As such PHOENIX has established strong data protection policies and procedures across all 26 European countries within which it operates. The PHOENIX group has implemented measures to meet the requirements of the European General Data Protection Regulation (in EU/EEA-countries), local laws and provisions.

The PHOENIX group has appointed data protection officers and local data protection coordinators in all 26 countries. They are responsible for monitoring the compliance with all relevant provisions concerning data protection.

PHOENIX has developed bespoke data protection training modules for its employees to raise both awareness of this important subject and also to ensure all employees are aware of their responsibilities.

Controller & Data Protection Officer
Responsible Controller for the collection, processing and use of your personal data in the context oft he GDPR is:

PHOENIX Pharmahandel GmbH & Co KG
Pfingstweidstraße 10-12
D-68199 Mannheim

Sitz der Hauptniederlassung: Mannheim
Registergericht: Amtsgericht Mannheim HRA 3551

You can reach our data protection officer at dataprotection(at) or our postal address with the addition "the data protection officer". 

Your data

The respect of privacy is a serious concern to which we pay special attention when processing and using personal data. We therefore attribute great importance to the protection of your personal data. Insofar as personal data is collected (e.g. your name, address, or other contact data), it is processed and used exclusively in accordance with applicable data protection regulations, in particular the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG). To protect your data against manipulation and unauthorised access, we have taken technical and organisational measures (e.g. encrypted transmission) according to the latest technology.

We only use your personal data for the purpose for which it was transferred to us.

For contact via e-mail, your details are saved in order to process the enquiry and in case supplementary questions arise. Please note that the transfer of e-mails is unencrypted.

Technical data processing on this website

Log files recording access to the system are stored on the web servers. Data processing on our website includes the automatic storage of information transferred via browsers. This includes

  • browser type/version
  • operating system
  • referrer URL (last page visited)
  • host name of accessing computer (IP address)
  • time of server request

This data is anonymous and cannot be traced back to individuals. It is not merged with data from other sources. The data is only used for statistical purposes and deleted once the statistical analysis is complete. Other personal data, such as your name, address, telephone number, or e-mail address is not collected unless you voluntarily submit this information, e.g. as part of your registration to access the personal career area.


Our website uses cookies in several places. They are used to make our service more user-friendly, effective, and secure. Cookies are small text files that are deposited on the computer and stored by the browser. Most of the cookies we use are session cookies, which are automatically deleted at the end of your visit. Cookies do not damage your computer and do not contain viruses.

You can block or remove cookies at any time with the relevant browser settings.

Google Analytics

a) The website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics also uses cookies, i.e. text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the U.S.A. and stored there. Through the activation of IP anonymization on the website, however, your IP address will be truncated by Google within Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address transmitted to a Google server in the U.S.A. and truncated there.

b) On behalf of us Google will use this information for the purpose of analyzing your use of the website, compiling reports on website activity and providing with other services relating to website activity and internet usage.

c) Google will not associate the IP address transmitted by your browser with any other data held by Google. Google may also transfer this information to third parties where required to do so by law, or where such third parties process this information on Google's behalf.

d) At any time you may delete cookies placed on your computer by calling up the relevant menu item in your internet browser or deleting the cookies on your hard drive. For details, see the Help menu of your internet browser.

e) You may refuse the use of cookies by selecting the appropriate settings on your browser; we advises, however, that if you do this you may not be able to use the full functionality of this website. You can also prevent the data generated by the cookie about your use of the website (incl. your IP address) being sent to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link:

f) Further information is available at or (general information on Google Analytics and privacy). We advises that the code "_anonymizeIp();" has been added to Google Analytics on the website to guarantee the anonymous collection of IP addresses (so-called IP masking). 

Google Maps

This website uses the product Google Maps from Google Inc. By using this website, you consent to the collection, processing, and use of the data automatically gathered by Google Inc., its representatives, and third parties. You will find the Terms of Service for Google Maps at

Google Fonts

This website uses external typefaces from Google Fonts. Google Fonts is a service provided by Google Inc. (“Google”). These web fonts are embedded by making a request from a server, usually a Google server in the United States. Data about which of our web pages you have visited is then transmitted to the server. Google also stores the IP address of the device browser used by the person visiting these web pages. You will find more detailed information in Google’s data protection notices, which you can view here: and


This website uses plug-ins from the American company Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. As a consequence, log information may be transmitted from our website to Vimeo. Vimeo’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Vimeo features, the browser type and settings, the date and time of your request, information about your use of Vimeo, and cookies.

You can find out more information about data collection, how you data is evaluated and processed by Vimeo, and your rights relating to this in Vimeo’s Privacy Policy:

Career portal

Recommend function

As a registered user, you have access to the recommend function in our career portal, which you can use to recommend PHOENIX group job vacancies to third parties. Any data that you send using the recommend function is used exclusively to transmit the recommendation and is subsequently deleted.

Processing and using your data for job application processes

The personal data that you provide to us with your online application is stored electronically and used by us solely to process the application. Please note that the transfer of any applications via e-mail is unencrypted. We therefore recommend that you submit your application exclusively through our online application program.

Your data is stored for a maximum of 12 months to allow us to contact you again at a later point in time. After expiry of the aforementioned period, your data will be completely deleted. If you wish us to delete your data at an earlier date, we will do so on your written request.

If, based on your profile, we believe that your application may be relevant to other departments within the PHOENIX group, we will forward your application data accordingly. Your data is only forwarded within the PHOENIX group and not to third parties outside the PHOENIX group.

By registering in the personal career area and/or submitting your online application, you agree to the collection, processing, and use of your data as described above.

Use of social plugins from XING, LinkedIn, Facebook, Google+ and Twitter

Our website uses social plugins (“plugins”) from social networks.

To enhance the protection of your data while visiting our website, the plugins are not unrestricted but merely embedded in the page using an HTML link (the so-called “Shariff” solution from German computer magazine c’t). This embedding ensures that when you access a page on our website containing these plugins, no connection is made with the servers of the provider of that social network. If you click on one of the buttons, a new browser window is opened, displaying a page hosted by that service provider, where you can click the Share button, for example (after entering your login details, if required).

To learn more about the purpose and extent of data collection and the further processing and use of the data by providers on their websites, as well as your rights in this respect and settings options to protect your privacy, please consult the following providers’ data policies:

XING AG (Dammtorstr. 30, 20354 Hamburg, Germany)
LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA)
facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA)
Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA)
Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA)

Your Data Privacy Rights
We gladly want to you inform you regarding your rights according to the general data protection regulation:

Right of Access
You have the right to request confirmation whether data concerning you are being processed and to request information regarding these data according to Art. 15 GDPR

Right to rectification
In accordance with Article 16 of the GDPR, you have the right to request the completion or correction of inaccurate data concerning you.

Right to erasure
In accordance with Art. 17 GDPR, you have the right to demand that relevant data may be deleted in case there are no legal obligations preventing the deletion. 

Right to restriction of processing
You may demand a restriction of the processing in accordance with Art. 18

Right of data portability
You have the right to request to receive the data provided to us in accordance with Art. 20 GDPR and additionally to request its transmission to other processors

Right to object
You may object to the future processing according to Art. 21 GDPR at any time.

Right to revocation
You have the right to revoke consent anytime according to Art. 7 Par. 3 GDPR valid for the future.

Right to notify the supervisory authority
In accordance with Art. 77 GDPR you have the right to file a complaint with the competent supervisory authority.

Reporting System

The PHOENIX group has established a web based reporting system which is designed to enable employees, business partners, customers and third parties an easy system by which to report data incidents or concerns. These reports are taken seriously and are reviewed and actioned regularly and are used to improve the protection of personal data. 

If you have any questions or concerns about personal data, please contact the local data protection officer. Central point of contact is dataprotection(at)

You can access this reporting tool at any time via:

Reporting System FAQ's

When should I report an incident?
PHOENIX group has an obligation to notify the supervisory authority within 72 hours of becoming aware of an incident, due to this, all incidents must be reported without delay via the online reporting tool.

What data incidents should be reported and how?
All personal data incidents are to be reported to the Data Protection team via the online reporting tool.

What is a data protection incident?
Data Protection incidents are any event which has, or could have, resulted in the accidental or deliberate loss of personal data (electronic or paper) or destruction of data, or unauthorised access to data (e.g. loss or theft of laptop, smartphone, paper record, prescriptions).

What happens after I submit a report?
The Data Protection team will review the incident report and will contact you for further information or, where necessary, will assist you with the post incident actions.


We retain the right to change our data privacy statement. This may be necessary as a result of technical developments. We therefore ask you to consult the data privacy statement from time to time and to apply the current version.

Should you have any questions about data protection, please contact us here.

Date of last review and update: 24/05/2018