Privacy Statement

It is very important to us that the protection of your privacy is strictly observed when processing personal data.

In the following we would like to inform you about the handling of your personal data by us in general and in particular when you use our website www.mckesson.eu (hereinafter: "website").

For a simpler overview, we have divided our Privacy Statement into the following areas:

A: General information
Contains all the information that we are obliged to provide you with, such as our contact details, the contact details of our Data Protection Officer and your rights as data subjects.

B: Data processing when visiting our website
Contains all the information related to visiting or actively using our website, for example in the context of using our online application portal.

C: Data processing not related to website use
Contains all the information about data processing, if you are in a business relationship with us, if you visit us on site or if you contact us via other means.

A. General information

1. Controller

Controller in terms of data protection law is:

McKesson Europe AG
Stockholmer Platz 1
70173 Stuttgart, Germany
Telephone: +49 711 5001-00
Fax: +49 711 5001-1260
E-mail: service@mckesson.eu 

2. Data Protection Officer 

For all concerns regarding data protection, our Data Protection Officer is at your disposal:

– Data Protection Officer –
McKesson Europe AG
Stockholmer Platz 1
70173 Stuttgart, Germany
Telephone: +49 711 5001-00
Fax: +49 711 5001-1260
E-mail: privacy@mckesson.eu 

3. Personal Data

Personal data refers to all information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is a data subject who can be identified, directly or indirectly, in particular by association with an identifier. An identifier may be, for example, a name, an identification number, location data, an online identifier, the IP address or other specific features that are the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (hereinafter collectively referred to as "data").

4. Data processing by us

In general, we process your data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other applicable data protection regulations. Processing only takes place to the extent necessary and that is permitted according to data protection law, for example for the fulfilment of contractual purposes, for the protection of our legitimate interests, for the fulfilment of legal requirements or insofar as you consent to the data processing. The specific nature and extent of the data processing and the corresponding legal bases can be found in the sections "B: Data processing when visiting our website" and "C: Data processing not related to website use".

5. Data recipients

In general, only those internal departments or organisational units as well as other companies affiliated with us shall receive your data, insofar as this is necessary for the fulfilment of our contractual and legal obligations or if said data is required in the course of processing and implementing our legitimate interests.

Your data may be transferred to external recipients in connection with contract processing, provided that we are obliged to fulfil legal requirements for information, notification or disclosure of data, you have granted us your consent for the transfer to third parties or to external service providers that render services on behalf of us as data processors or assume functions for us on behalf of us (for example IT service provider, the service provider we use when using our online application portal, data centres, data shredders or courier services). For the sections "B: Data processing when visiting our website" and "C: Data processing not related to website use" you can find case-specific examples of data recipients.

6. Third country transfer

In the course of the matrix structure of our Group, your data will also be processed within our Group companies that are based in third countries, meaning in countries outside the European Economic Area. These data transfers are covered by an adequacy decision of the European Commission (Article 45 GDPR), the adequacy decision concerning the EU-US Privacy Shield, by standard data protection clauses/standard contractual clauses on the basis of the guidelines adopted by the European Commission (Article 46 Para. 2 lit. c, Para. 5 S. 2 GDPR) or by an exemption according to Article 49 GDPR.

The same applies to external service providers who work on behalf of us (for example IT service providers or data centres) or third parties, insofar as they come into contact with your personal data and are based in third countries. This means that we transfer your IP address, for example, as part of the use of the TrustArc and Google Analytics tools, or your shortened IP address to countries outside the European Union, among others in the USA.

Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organisations. 

Upon request, we will gladly provide you with appropriate detailed information.

7. Data deletion and storage duration

For the purely informational use of our website, we store your data in accordance with the regulations in Section B.1.1.

If you actively use our website or in the event of data processing not related to website use, we will store your data for as long as is required, for example, for the provision of the respective service, for example the implementation of the application process. If you have given your consent to the processing of your data, we will store your data until the consent is withdrawn. For details, please refer to the regulations in Section B.1.2 or Section C.

In addition, we will always store your personal data until the expiration of the limitation period of any legal claims arising from the relationship with you, if necessary, in order to use it as means of evidence. The limitation period is usually between 12 and 36 months. Once the limitation period has expired, we will delete your personal data, unless there is a statutory storage obligation, for example, deriving from the German Commercial Code (Sections 238, 257 Para. 4 HGB) or from the Tax Code (Section 147 Para. 3, 4 AO). These storage requirements can last between two and ten years.

8. Your rights as a data subject

You may exercise your rights listed hereafter at any time, towards the body that is designated under Section A.1.

8.1 Right to information

Within the framework of Article 15 GDPR, you are entitled to request information free of charge and at any time regarding the data that is processed by us, the processing purposes, the categories of recipients, the planned storage period or, in the case of third-country transfers, the appropriate guarantees. You are also entitled to receive a copy of your data.

8.2 Right to rectification, deletion, restriction of processing

If your data  processed by us is incorrect, incomplete or their processing is inadmissible, you may ask us to correct your data, to supplement it, restrict processing or to delete the data to the extent permitted by law, according to Article 16, 17 and 18 GDPR.
The right to deletion does not exist, among other reasons, if the processing of personal data is required for (i) the exercise of the right to freedom of expression and information, (ii) the fulfilment of a legal obligation to which we are subject (for example statutory storage obligations) or (iii) enforcement, exercise or defence of legal claims.

8.3 Right to data portability

If you provide us with your data based on your consent or contractual relationship with us, upon request we will provide you with that data in a structured, current and machine-readable format or, if technically possible, submit the data to a third party that you have appointed. 

8.4 Right of objection

If we process your data on the basis of a legitimate interest, you can object to this processing for reasons that arise from your particular situation, according to Article 21 GDPR. The right of objection only exists within the limits provided for in Article 21 GDPR. In addition, our interests may preclude termination of processing, so we may, despite your opposition, still be entitled to process your personal data. 

8.5 Right of appeal

If you have any questions, suggestions or criticism, please feel free to contact our Data Protection Officer (see Section A.2).

You are also entitled, under the provisions of Article 77 GDPR, to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged breach, if you believe that the processing of data concerning you violates the GDPR. The right of appeal is without prejudice to any other administrative or judicial remedy.

The competent supervisory authority for us is: 

The State Commissioner for Data Protection and Freedom of Information
PO box 10 29 32, 70025 Stuttgart, Germany
Tel.: +49 (0) 711/615541-0
Fax: +49 (0) 711/615541-15
E-mail: poststelle@lfdi.bwl.de 

However, we recommend that you always lodge a complaint with our Data Protection Officer first.

9. Obligation to provide data

In principle, you are not obliged to provide us with your data. However, if you do not do so, we will not be able to make our website available to you, we cannot guarantee the active use of the website and we cannot process requests outside the website. Personal data that we do not necessarily need for the aforementioned processing purposes, are identified as voluntary information by "optional" or some other indication. In principle, you are not obliged to provide us with your data.

10. Automated decision making/profiling

We do not use an automated decision making process. We may partially process your information with the goal of evaluating certain personal aspects (profiling). In particular, we may use evaluation tools to provide you with targeted information and advice on products. These enable needs-based communication and advertising.

11. Consent/withdrawal rights

In the event that you give or have granted us consent for the collection, processing or use of your data, you may withdraw this consent at any time, with future effect, by notifying  the body appointed in Section A.1. An e-mail is sufficient.

You also have the right, for reasons arising from your particular situation, to object at any time to the processing of data concerning you by us, pursuant to Article 6 Para. 1 lit. e GDPR (exercise of a task in the public interest) or Article 6 Para. 1 lit. f GDPR (legitimate interest of the person in charge); this also applies to profiling based on these provisions. In this case, we no longer process data about you, unless we can demonstrate compelling legitimate grounds for processing the data that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.

If the data about you is processed for direct marketing purposes, you have the right to object at any time to the processing of this data for the purpose of such advertising. If you object to processing for direct marketing purposes, that data will no longer be processed for these purposes.

Any withdrawal should be directed to the address indicated in Section 1.

12. Amendments

We reserve the right to change this Privacy Statement at any time. Any amendments will be announced by means of publication of the amended Privacy Statement on our website. Unless otherwise specified, such amendments will take effect immediately. Therefore, please check this Privacy Statement regularly to view the latest version.

B. Data processing when visiting our website

1. Nature and scope of data processing

1.1 Informative use of the website

You can visit our website without the need to provide any personal information. If you use our website only for informational purposes, we will not collect any data from you. This excludes the data that your browser transmits to enable you to visit the website, as well as information provided by cookies. 

1.1.1 Technical provision of the website 

1.1.1.1 Scope of processing, purpose and storage duration

For the technical provision of the website it is necessary that we process certain, automatically transmitted information from you so that your browser can display our website and you can use the website. This information is automatically collected each time you visit our website and stored in our server log files. This information relates to the computer system of the visiting computer. In the process, the following information is collected:

  • IP address;
  • Date and time of access
  • Name and URL of the visited website
  • Website/application from which access was made (referrer URL)
  • Operating system and information about the internet browser used (for example, browser version, language settings, and installed add-ons)
  • Name of the access provider

In addition to ensuring a smooth connection establishment and convenient use of our website, the collected data is also used to ensure the system security of the website.

For a purely informative use of the website, we store your personal data on our servers for a period of 14 days. 

The storage period for cookies may differ from the aforementioned information and is explained in more detail in Section "B.1.1.2 Cookies and similar technologies".

1.1.1.2 Legal basis

We process your data for the technical provision of our website on the basis of the following legal bases:

  • to fulfil a contract or to carry out pre-contractual measures in accordance with Article 6 Para. 1 lit. b GDPR, insofar as you visit our website, to inform yourself about our product range or our services; 
  • to ensure the proper operation of the website, in particular for the implementation of appropriate technical and organisational measures and the fulfilment of a legal obligation to which we are subject, Article 6 Para. 1 lit. c GDPR and
  • to safeguard our legitimate interests in accordance with Article 6 Para. 1 lit. f GDPR. Our legitimate interest is to provide you with an attractive, technically functional, high-performance and user-friendly company website and to ensure the system security of the website.

1.1.2 Cookies and similar technologies

1.1.2.1 Scope of processing, purpose and storage duration

When using our website, cookies, pixels and similar technologies (hereinafter referred to as "cookies") may be used. Cookies are text files that are stored in the internet browser or by the internet browser when you visit a website on your computer system. A cookie contains a characteristic string that allows the browser to be uniquely identified when the website is visited again. 

When using cookies, we primarily distinguish between three categories:

  1. Necessary cookies: Necessary cookies are required for the use and navigation of the website. Without the use of necessary cookies, the technical availability and function of our website cannot be guaranteed.
  2. Functional and performance cookies: Functional cookies make it easier for you to visit our website by offering enhanced personal functions. For example, already activated settings (for example language setting) are stored by the cookie. In addition, functional cookies enable the execution of requested functions, such as playing videos on the website.
    Performance cookies collect information that allow us to analyse the use of the website in order to constantly optimise our website and to provide additional functions that make it easier to visit our website.
  3. Marketing cookies: Marketing cookies are used to target advertisements that are more relevant to you and tailored to your interests, and to measure the effectiveness of advertising campaigns. Information can also be shared with other advertisers (third parties).

To manage your cookie preferences, we use the Cookie Management solution from the company TrustArc. With this solution you can always inform us about your cookie preferences.

In addition, almost all browsers allow you to completely block cookies, remove existing cookies, or alert you to cookies, to prevent them from being placed on your device. You can find more information in the documentation or in the help file of your browser or at www.aboutcookies.org.

Please note that blocking cookies can significantly affect the use of the website. Some of our website functions cannot be offered without the use of cookies.

When storing cookies, a distinction is made between so-called session cookies and persistent cookies. Session cookies are deleted after leaving our website. Persistent cookies have different lifespans, which you can find in the overview of the cookies used on our website. You can always delete cookies set in your browser via your browser settings.

1.1.2.2 Legal basis

Unless otherwise described in the following paragraphs, we process your data within the context of the use of cookies on the basis of the following legal bases:

  • to safeguard our legitimate interests in accordance with Article 6 Para. 1 lit. f GDPR. Our legitimate interest is to provide you with an attractive, technically functional, high-performance and user-friendly company website and to ensure the system security of the website. Our legitimate interest includes the regular analysis of website visits, in order to tailor the website to your needs;
  • to ensure the proper operation of the website, in particular for the implementation of appropriate technical and organisational measures and the fulfilment of a legal obligation to which we are subject, Article 6 Para. 1 lit. c GDPR and
  • if you have granted your consent for data processing, in accordance with Article 6 Para. 1 lit. a GDPR. This applies in particular to marketing cookies and tracking methods from third parties.

1.1.3 Akamai

1.1.3.1 Scope of processing, purpose and storage duration

To speed up our websites, we use the Content Delivery Network (CDN) from Akamai Technologies Inc., 150 Broadway, Cambridge, MA 02142, USA, (Akamai). A CDN is a service that helps deliver content faster from our website, in particular large media files such as graphics or scripts, using regionally distributed and internet-connected servers. The processing of your data is solely for the aforementioned purposes and to maintain the security and functionality of the CDN.

Akamai transfers personal data from the log files (such as IP addresses) to the United States for each data processing, as certain servers for processing log files are only available in the United States. Akamai is subject to the Privacy Shield Agreement between the European Union and the United States and is certified accordingly. As a result, Akamai has committed itself to complying with the standards and regulations of European data protection law. For more information on data protection or Akamai, see https://www.akamai.com/de/de/privacy-policies/

Akamai stores data for up to 24 hours, so that content can be delivered faster when you visit our website. 

Akamai cookies are classified as necessary cookies.

1.1.3.2 Legal basis

We process your data to speed up our website on the basis of the following legal basis:

  • to safeguard our legitimate interests in accordance with Article 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the high-performance provision of our website.

1.1.4 Google Analytics

1.1.4.1 Scope of processing, purpose and storage duration

For the purpose of statistical analysis of the use of our website, we use Google Analytics, which allows an analysis of your browsing behaviour. This will help us to improve the quality of our website and its content. We learn how the website is used and therefore we can constantly improve our offer.

Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, (Parent: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), (Google), which uses cookies. The information generated by the cookie about your use of this website is usually transferred to and stored by Google on servers in the United States. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or other Contracting States of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the United States and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data.

This website uses Google Analytics with the extension "_anonymizeIp ()". As a result, IP addresses are processed further in shortened form, any direct links to individual persons can therefore be excluded.

The information obtained as part of the static analysis of our website will not be merged with your other data collected on the website.

You can prevent the collection of the data that are generated by the cookie and related to your use of the website as well as the processing of these data by:

However, please be aware that in this case you may not be able to use the full functionality of this website.

For more information about Terms of Use and Privacy from or at Google Analytics, see http://www.google.com/analytics/terms/de.html or https://policies.google.com/privacy

Google Analytics stores data for up to 12 months. After the anonymisation of the IP address the information can no longer be traced back to you personally. There are no personal references in the reports that are created on the basis of Google Analytics.

Google Analytics cookies are classified as functional and performance cookies.

1.1.4.2 Legal basis

We process your personal data for statistical analysis of the use of our website on the basis of the following legal bases:

  • to safeguard our legitimate interests in accordance with Article 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the needs-based design of our website and
  • if you have granted your consent for the processing of data using cookies for analysis purposes, in accordance with Article 6 Para. 1 lit. a GDPR.

1.1.5 Google Tag Manager

1.1.5.1 Scope of processing, purpose and storage duration

For the purpose of managing website tags on our website, we use the Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), (Google). This service allows website tags to be managed through a single interface. The Google Tag Manager only implements tags. This means: No cookies are used and no personal data is collected. Google Tag Manager activates other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain in effect for all tracking tags as far as they are implemented with the Google Tag Manager.

Google Tag Manager does not use cookies.

1.1.5.2 Legal basis

We process your data to implement the management of your cookie preferences on the basis of the following legal bases:

  • to safeguard our legitimate interests in accordance with Article 6 Para. 1 lit. f GDPR. Our legitimate interest is to take your cookie preferences into account when making our website available, thereby ensuring the protection of your privacy and your personal data according to your wishes, and
  • to ensure the proper operation of the website, in particular to implement appropriate technical and organisational measures and to fulfill a legal obligation to which we are subject, Article 6 Para. 1 lit. c GDPR. 

1.1.6 TrustArc

1.1.6.1 Scope of processing, purpose and storage duration

For the purpose of managing your personal cookie preferences, we use the TrustArc Cookie Preference Manager of TrustArc Inc, 835 Market Street, Suite 800, San Francisco, CA, USA (TrustArc). This tool manages and stores the cookie preference settings according to your wishes. For this purpose you will be asked for your cookie preferences when you first visit our website and may agree to the use of cookies or reject them.

If you delete your internet browsing history, all cookies (including opt-out cookies) will be deleted. In this case you will be asked again for your cookie preferences when you visit our website again.

The Cookie Preference Manager used on the website only shows the status of the last settings made by you in the Cookie Preference Manager. Any other cookie settings set by you will not be shown (for example, general blocking of all cookies via your internet browser settings).

Your IP address will be used so that the Cookie Preference Manager can process your cookie preferences accordingly. When using mobile devices (for example smartphone), the advertising identifier stored there is used.

TrustArc stores your cookie preferences for a maximum of 12 months or until you delete the internet browsing history. 

TrustArc cookies are classified as necessary cookies.

1.1.6.2 Legal basis

We process your data to implement the management of your cookie preferences on the basis of the following legal bases:

  • to safeguard our legitimate interests in accordance with Article 6 Para. 1 lit. f GDPR. Our legitimate interest is to take your cookie preferences into account when making our website available, thereby ensuring the protection of your privacy and your personal data according to your wishes, and
  • to ensure the proper operation of the website, in particular to implement appropriate technical and organisational measures and to fulfill a legal obligation to which we are subject, Article 6 Para. 1 lit. c GDPR.

1.2 Active use of the website

Apart from using our website purely for information purposes, you may also actively use our website to contact us or to submit an application. In addition to the processing of your personal data as outlined above for purely informational use, we then collect and process further personal data.

1.2.1 Contact us via our website

Our website does not contain an integrated contact form, but you can contact us via the contact e-mail addresses provided on the website (for example, in "Contact") or by telephone. For more information on how we process your data when you contact us, please refer to the Section "C.2.4 - Processing your data in the context of business relationships (customers, suppliers and business partners) and general business communication".

1.2.2 Use of our eRecruiting option

If you use our eRecruiting option and apply to McKesson Europe AG, we ask you to note the Privacy Statement for Online Applications (PDF 196 KB)

2. Links and social networks

2.1 Links to third-party websites

Some sections of our website contain links to third-party websites. These websites are subject to their own data protection principles. We are not responsible for their operation, including data handling by third parties. If you send information to or by means of these third-party sites, you should review the privacy statements of those sites before providing any information that may be associated with you.

2.2 Social media sites/our activity in social media

In addition to this website, we also maintain presences in various social media sites, which you can only reach via direct links on our website. Social plugins are not used. If you visit one of our presences on social media, personal data may be transferred to the provider of this social network. It is possible that in addition to storing the data you have concretely entered in this social media, also further information may be processed by the provider of the social network. If you are logged in with your personal user account of the respective network while visiting such a website, this network can match the visit to this account.

The data that you have entered on our social media presences and are publicly accessible data (for example, comments, pictures, likes, messages to us, etc.) are exclusively used by us to interact with you. Our legitimate interest is based on Article 6 Para. 1 lit. f GDPR and is to provide you with appropriate platforms, on which we can share current information with you and you can contact you. Comments, pictures and likes made by you on our social media presences are stored by the operator of the social media presence, as long as our social media presence account exists or alternatively directly by the operator of the respective site for the given duration. In addition, the operators of social media networks can process the information that you have entered. This further processing cannot be influenced by us. For information on the purpose and scope of the data collection as well as the storage duration by the operator of the social media network, as well as your rights in this regard, please refer to the regulations of the responsible party:

C. Data processing not related to website use

1. Processing your data as shareholders

We process personal data of shareholders, in order to enable them to exercise their rights in the context of the Annual General Meeting. You will find more information on which data is involved and how it is processed under the following link: Information on data protection for shareholders of McKesson Europe AG (PDF 95 KB)

2. Processing of your data in the context of business relationships (customers, suppliers and business partners) and general business communication

2.1 Scope of processing, purpose and storage duration

If you contact us, for example in the context of a contract initiation or a contractual relationship with us, your personal data is processed by us. This also applies if you act as a contact person in a business relationship with us and are not a contracting party.

Depending on the processing operation, different data can be processed. For example, relevant personal data may be: Contact data (e.g. name, address, telephone number, e-mail address), legitimation data (for example commercial register extracts and ID data), data in the context of our business relationship (for example position, job and department in the company, supervisor, order data, payment data, creditworthiness data), photos and video recordings (for example at events or visit of our headquarters), system data (for example  user name and ID or user ID, log data), date of birth and other data comparable with these categories.

In principle, we collect personal data from you directly. However, in certain cases, it is also possible that data are collected via third parties. This may be, for example, data from other companies, authorities or other third parties (e.g. information agency). This may include personal data that we process using our compliance management system (for example whistleblowing hotline, anti-terror screening, prevention of money laundering).

In order to protect your data from manipulation and unauthorised access, we have implemented current state-of-the-art technical and organisational measures in our processing procedures and IT systems.

The data will be stored until the processing of the request has been completed or within the framework of our contractual relationship with you until the end of the contractual relationship and then according to Section A.7, for example until expiry of the statutory limitation or archiving periods.

2.2 Legal basis

We process your data in the context of business relationships and general business communication on the basis of the following legal bases:

  • to fulfil a contract or to carry out pre-contractual measures in accordance with Article 6 Para. 1 lit. b GDPR; 
  • to fulfil a legal obligation pursuant to Article 6 Para. 1 lit. c GDPR; and
  • to safeguard our legitimate interests in accordance with Article 6 Para. 1 lit. f GDPR. Our legitimate interest is to select and manage suitable business partners and to guard against dangers and liability claims and avoid (legal) risks. It also includes the protection of our property (e.g. video surveillance) and the clarification of potential compliance breaches, as well as the prevention of crime and the regulation of damages resulting from the business relationship. Additionally, it includes compliance obligations we need to align with (e.g. SOX requirements, test data management, system security).

3. Law enforcement

3.1 Scope of processing, purpose and storage duration

In addition, we process your personal data to assert our rights and to be able to enforce our legal claims. We also process your personal data to be able to defend ourselves against legal claims. Finally, we process your personal data insofar as this is necessary to prevent or prosecute crimes.

The data will be stored until the completion of the enforcement and, if applicable, according to Section A.7, for example until the expiry of the statutory limitation or archiving periods.

3.2 Legal basis

We process your personal data for this purpose on the basis of the following legal basis:

  • to safeguard our legitimate interests in accordance with Article 6 Para. 1 lit. f GDPR, insofar as we assert legal claims or defend ourselves in legal disputes or to prevent or clarify criminal offences;
  • to fulfil a legal obligation to which we are subject, in accordance with Article 6 Para. 1 lit. c GDPR in conjunction with commercial, trade or tax law, as far as we are obliged to record and store your data.

4. Processing of your data when you visit us on site

4.1 Scope of processing, purpose and storage duration

If you visit us on site, you will be given a visitor badge. For frequent visits or visits over a longer period, the visitor badge is personalised with your name and a current profile picture. In addition, visitors are registered at our reception and recorded on a visitor list, which in case of using our visitor parking also includes the visitor’s vehicle number plate. The visitor badge and the recording of visitors' names an vehicles’ number plate on a visitor list serve the protection of our owner rights and the purpose to determine that only authorised individuals are present on our premises. 

The data will be stored in the framework of our contractual relationship with you until the end of the contractual relationship, and then according to Section A.7, for example until expiry of the statutory limitation or archiving periods.

4.2 Legal basis

We process your data when you visit us on the basis of the following legal bases:

  • to fulfil a legal obligation pursuant to Article 6 Para. 1 lit. c GDPR; and
  • to safeguard our legitimate interests in accordance with Article 6 Para. 1 lit. f GDPR. Our legitimate interest consists in the defence against dangers and liability claims and avoidance of (legal) risks. This includes the protection of our property and the clarification of any potential compliance breaches.

5. Video surveillance at our headquarters

Our corporate headquarter has video surveillance. Video surveillance is carried out for the purposes of maintaining owner rights, for the purpose of deterring theft and vandalism, the investigation of theft and damage to property and also the implementation of the necessary technical and organisational measures relating to data security.
The Privacy Statement for video surveillance can be viewed at https://www.mckesson.eu/privacy.

Last updated February 2020