Privacy Statement

It is very important to us to protect your privacy when your personal data are processed.

In our privacy statement we describe how we collect, use and disclose your personal data generally and in particular when you visit our website www.mckesson.eu (hereafter: “Website”).

1.  Controller

The Controller pursuant to data protection law is:

McKesson Europe AG

Stockholmer Platz 1
70173 Stuttgart
Telephone: +49 711 5001-00
Fax: +49 711 5001-1260
Email: service@mckesson.eu

2. Data Protection Officer

Our Data Protection Officer will be happy to assist you with any concerns regarding data protection.

– Data Protection Officer –

McKesson Europe AG
Stockholmer Platz 1
70173 Stuttgart
Telephone: +49 711 5001-00
Fax: +49 711 5001-1260
Email: privacy@mckesson.eu

3. Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is a data subject who can be identified, directly or indirectly, in particular by reference to an identifier. Identifiers can include, for example, a name, an identification number, location data, an online identifier, an IP address or one or more factors specific to the physical, physiological, genetic, psychological , economic, cultural or social identity of that natural person (hereafter referred to jointly as “data”).

4. Purposes and legal bases of data processing

4.1 General

We process your data in accordance with the provisions of the General Data Protection Regulation, the German Federal Data Protection Act (Bundesdatenschutzgesetz) and other applicable data protection provisions. Data are processed only insofar as is necessary and permitted under data protection law, for example to enable a visit to the website, to fulfil contractual purposes or to the extent that you consent to data processing. The purposes for which the data are processed and the corresponding legal bases are set out below.

4.2 Use of the website for information purposes

You can visit our website without disclosing any personal details. If you are using our website solely to obtain information, we do not collect any data from you. The exception to this is data transmitted by your browser to enable you to visit the website and information transmitted to us by cookies used.

4.2.1 Technical functions of the website

4.2.1.1 Scope of processing and purpose

From a technical perspective, in order for us to make this website available, we need to process certain automatically transmitted information about you, so that your browser will display our website and you are able to use the website. This information is automatically recorded each time our website is accessed, and stored in our server log files. This information relates to the computer system of the computer used to access the website. The following information is collected:

  • IP address;
  • Browser type/version (e.g.: Internet Explorer 6.0);
  • Browser language (e.g.: German);
  • Operating system used (e.g.: Windows XP);
  • Resolution of the browser window;
  • Screen resolution;
  • Whether JavaScript is enabled;
  • Java on/off;
  • Cookies on/off;
  • Colour depth;
  • Time of access.

We also use cookies in order to make our website available to you. Cookies are text files that are stored in or by the Internet browser when a website is accessed on your computer system. A cookie contains a string of characters that uniquely identify the browser on subsequent visits to the website. We use these cookies solely in order to make our website and its technical functions available to you. Almost all browsers allow all cookies to be blocked, existing cookies to be removed or a cookie alert to be displayed to prevent them being placed on your device. More information about cookies can be found in the documentation, in your browser’s help file, or at www.aboutcookies.org.

Please be aware that blocking cookies may considerably impede the use of the website. Furthermore, we are unable to provide some functions of our website without the use of cookies. The following information is stored in the cookies and shared with us:

Name
Description
Lifetime
BIGipServerpool_
serverproxies_80
This cookie name is associated with the BIG-IP product suite from company F5. Usually associated with managing sessions on load balanced servers, to ensure user requests are routed consistently to the correct server. The common root is BIGipServer most commonly followed by a domain name, usually the one that it is hosted on.
Session
JSESSIONID

General purpose platform session cookie, used by sites written in JSP. Usually used to maintain an anonymous user session by the server.

Session

We will not use your information that we have collected via the aforementioned cookies, which are necessary for technical purposes, in order to create user profiles or to analyse your surfing habits.

4.2.1.2  Legal basis

We process your data in order to make the technical functions of our website available to you on the following legal bases:

  • For the performance of a contract or in order to take steps prior to entering into a contract pursuant to Art. 6, para. 1(b) GDPR, if you visit our website to find out about the products we offer or our events ; and
  • For the purposes of our legitimate interests pursuant to Art. 6, para. 1(f) GDPR, in order to enable us to make the website technically available to you. It is our legitimate interest to provide you an attractive, user-friendly, technically functioning website of our Homepage.

4.2.2 Statistical analysis of the use of the website, increase of coverage, and duration of storage

4.2.2.1 Scope of processing and purpose

For the purpose of statistical analysis of the use of our website, we use Google Analytics and therefore cookies that allow analysis of your surfing habits. This enables us to improve the quality of our website and its content. We learn how the website is used and can continually optimise our service. 

The information obtained from the statistical analysis of our website will not be associated with your other data that we obtain on the website.

4.2.2.2 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”: text files which are stored on your computer and permit analysis of your use of the website. The information about your use of this website generated by the cookie is usually transferred to and stored on a Google server in the USA. However, if IP masking is enabled on this website, Google will first truncate your IP address in member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to and truncated on a Google server in the USA. Google will use this information on behalf of the operator of this website to analyse your use of the website, compile reports on website activities and provide the website operator with other services relating to website use and Internet use. The IP address transferred by your browser for the purposes of Google Analytics will not be associated with other data held by Google.

This website uses Google Analytics with the extension “_anonymizeIp()”. This truncates IP addresses before further processing, making it impossible to link them to a specific individual.

The following information is stored in the cookies and shared with us:

NameDescriptionLifetime
__utmb
This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behaviour and measure site performance. This cookie determines new sessions and visits and expires after 30 minutes. The cookie is updated every time data is sent to Google Analytics. Any activity by a user within the 30 minute life span will count as a single visit, even if the user leaves and then returns to the site. A return after 30 minutes will count as a new visit, but a returning visitor.
29 minutes
__utma
This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behaviour and measure site performance. This cookie lasts for 1 year by default and distinguishes between users and sessions. It is used to calculate new and returning visitor statistics. The cookie is updated every time data is sent to Google Analytics. The lifespan of the cookie can be customised by website owners.

1 year

__utmz
This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behaviour measure of site performance. This cookie identifies the source of traffic to the site - so Google Analytics can tell site owners where visitors came from when arriving on the site. The cookie has a life span of 6 months and is updated every time data is sent to Google Analytics.

6 months

__utmc
This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behaviour and measure site performance. It is set to enable interoperability with the older version of Google Analytics code known as Urchin. In this older versions this was used in combination with the __utmb cookie to identify new sessions/visits for returning visitors. When used by Google Analytics this is always a Session cookie which is destroyed when the user closes their browser.

Session

__utmt_UA-nnnnnnnn

This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the __utmt cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
7 minutes

You may prevent the storage of cookies by altering the settings in your browser software; however, please be aware that, if you do this, you may not be able to make full use of all the functions of this website.

You may prevent Google from collecting and processing the data generated by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB

As an alternative to the browser plugin, you can click on this link to prevent the collection of your data by Google Analytics on this website in future. Doing this will place an opt-out cookie on your device. If you delete your cookies, you will have to click on the link again.

Further information on terms of use and data protection by/at Google Analytics can be found at http://www.google.com/analytics/terms/gb.html or at https://policies.google.com/?hl=en-GB.

4.2.2.3  Legal basis

We process your personal data for the purposes of statistical analysis of the use of our website on the following legal bases:

  • for the purposes of our legitimate interests pursuant to Art. 6, para. 1(f) GDPR, in conjunction with Section 15, para. 3 TMG; we have a legitimate interest in designing our website to suit users’ needs.
  • If you have consented to the processing of data using cookies for analysis purposes, in accordance with Art. 6, para. 1(a) GDPR.

4.3 Active use of the website – Recruitment

Apart from using our website purely for information purposes, you may also use our website to submit an application to us. In addition to the processing of your personal data as outlined above we will collect and process further personal data about you, which we will use to process your application or respond to your enquiry. In this case, your data and documents will be encrypted for transmission.

If you would like to use our eRecruiting facility and apply to McKesson Europe AG, please note the Privacy Statement for Online Applications (PDF 165 KB).

4.4 Processing of your data as shareholders

We process personal data (name, address, e-mail addresses, number of shares, class of shares, type of ownership of shares and number of the admission ticket) on the basis of applicable data protection regulations in order to enable the shareholders to exercise their rights at the Annual General Meeting.

The processing of personal data is mandatory for the participation of shareholders in the Annual General Meeting. The legal basis for processing is Article 6 (1) lit. c) General Data Protection Regulation (GDPR). Our service providers, who are commissioned to execute the Annual General Meeting, only receive personal data that is necessary for the execution of the ordered service and process the data exclusively according to instructions from us.

4.5 Other processing of your data

We place great value on protecting the data of our business partners, customers and employees. Insofar as personal data are collected (eg name or other contact data), processing and use shall be carried out exclusively in accordance with the applicable data protection provisions, in particular the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). In order to protect your data against manipulation and unauthorised access, we have taken technical and organisational measures according to the current state of the art. If you contact us by email, your details will be stored for the purpose of processing the request as well as in the event that follow-up questions arise.

5. Links

Some sections of our website contain links to the websites of third-party providers. These websites are subject to their own privacy policies. We are not responsible for their operation, including the handling of data by third-party providers. If you send information to or via such third-party websites, you should check their privacy statements before sending them information that can be traced back to you as an individual.

6. Recipients of the data

Your data will only be shared with the internal departments or organisational units and other companies affiliated with us under company law which have need of it, in order to fulfil our contractual and legal obligations or to the extent that we require the data in order to process and implement our legitimate interests.

Your data will be passed on to external recipients in order to process contracts if we are obliged by legal requirements to provide information, report or share data or you have given us your consent to your data being shared with third parties, or to external service providers who are acting as processors on our behalf or who perform functions for us (e.g. IT service providers, service provider we use for our online-recruiting tool, data centres, companies that destroy data or courier services).

7. Transfers to third countries

We transfer your data to parties based in states outside the European Union (EU) or the European Economic Area (EEA) (“third countries”) who are acting as processors on our behalf (e.g. IT service providers or data centres). As part of the use of Google Analytics, we transfer your truncated IP address to the USA. Furthermore, your data may be transferred to providers of social plugins; for more information please refer to their privacy statements.

If there is no decision of the EU Commission regarding an adequate level of data protection in the country concerned, we conclude contracts in accordance with EU data protection rules, which ensure that your rights and freedoms are adequately protected and safeguarded. Alternatively, the data transfer is based on Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield. We will be happy to provide you with the relevant, detailed information on request.

We do not otherwise transfer your personal data to countries outside the EU or the EEA or to international organisations.

8. Your rights as a data subject

You may assert your rights listed below against the entity named in Section 1 at any time.

8.1 Right of access

You are entitled, pursuant to Art. 15 GDPR, to obtain following information from us at any time and free of charge:  your data  we process, the purposes of the processing, the categories of recipients, the envisaged period for which the data will be stored or, in the case of transfer to a third country, the appropriate safeguards. You are also entitled to obtain a copy of your data.

8.2 Right to rectification, erasure, restriction of processing

Should the data we process of you be inaccurate or incomplete or if their processing is unlawful, you can request that we rectify, supplement or restrict the processing of your data or erase the data to the extent permitted by law, Art. 16, 17 and 18 GDPR.

There is no right to erasure if the processing of the personal data is necessary (i) for the exercise of the right of freedom of expression and information, (ii) for compliance with a legal obligation to which we are subject (e.g. statutory retention periods) or (iii) for the establishment, exercise or defence of legal claims. 

8.3 Right to data portability

If you have provided us with your data on the basis of your consent or as part of an existing contractual relationship with us, we will, at your request, make the data available to you in a structured, commonly used and machine-readable format or, where technically feasible, will transmit them to a third party named by you.

8.4 Right to object

If we process your data in order to pursue a legitimate interest, you may object to this processing on grounds relating to your particular situation, Art. 21 GDPR. The right to object may be exercised only within the confines of Art. 21 GDPR. Moreover, our interests may override the cessation of processing, meaning that, despite your objection, we are entitled to process your personal data.

8.5 Right to lodge a complaint

You are welcome to contact our Data Protection Officer (see Section 2) with questions, suggestions and criticisms.

You are also entitled, subject to Art. 77 GDPR, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The right to lodge a complaint applies regardless of any other administrative or judicial remedies.

The supervisory authority responsible for us is:

The State Data Protection and Freedom of Information Officer
Postfach 10 29 32, 70025 Stuttgart
Tel.: +49 711 615541-0
Fax: +49 711 615541-15
Email: poststelle@lfdi.bwl.de

We recommend first contacting our Data Protection Officer with any complaints.

9. Obligation to provide data

In principle, you are under no obligation to provide us with data. However, if you do not provide us with data, we cannot make our website available to you or process your application or respond to enquiries that you send us.

10. Automated decision-making/profiling

No automated decision-making takes place. If need be, we may process your data with the aim of evaluating certain personal aspects (profiling). In particular, we may, if need be, use evaluation tools to enable us to provide you with appropriate information and advice on products. These enable us to design our products, communication and advertising to meet your needs

11. Consent/rights of withdrawal

In the event that you give or have given us your consent to the collection, processing or use of your data, you can withdraw this consent at any time by notifying the entity named in Section 1. An email is sufficient.

You also have the right, on grounds relating to your particular situation, to object to the processing of data concerning you on the basis of Art. 6, para. 1(e) (performance of a task carried out in the public interest) or Art. 6, para. 1(f) GDPR (legitimate interests pursued by the controller); the same applies to profiling pursuant to those provisions. In this event, we will no longer process the data concerning you, unless we can demonstrate compelling and legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

If the data concerning you are processed in order to engage in direct marketing, you have the right to object at any time to the processing of this data for the purposes of such marketing. If you object to the processing for direct marketing purposes, the data will no longer be processed for those purposes.

Please send notification of withdrawal to the address indicated in Section 1.

12.  Amendments

We reserve the right to amend this privacy statement at any time. Any changes will be announced by the publication of the revised privacy statement on our website. Unless specified to the contrary, such amendments take effect immediately. Please therefore regularly check this privacy statement to make sure you are aware of the latest version.

Last updated in May 2018