Data Security

Data protection at PHOENIX group

The PHOENIX group takes the protection and security of its employees, business partners and customers’ data seriously. As such PHOENIX has established strong data protection policies and procedures across all 26 European countries within which it operates. The PHOENIX group has implemented measures to meet the requirements of the European General Data Protection Regulation (in EU/EEA-countries), local laws and provisions.

The PHOENIX group has appointed data protection officers and local data protection coordinators in all 26 countries. They are responsible for monitoring the compliance with all relevant provisions concerning data protection.

PHOENIX has developed bespoke data protection training modules for its employees to raise both awareness of this important subject and also to ensure all employees are aware of their responsibilities.

Reporting System

The PHOENIX group has established a web based reporting system which is designed to enable employees, business partners, customers and third parties an easy system by which to report data incidents or concerns. These reports are taken seriously and are reviewed and actioned regularly and are used to improve the protection of personal data.

If you have any questions or concerns about personal data, please contact the local data protection officer. Central point of contact is dataprotection(at)
You can access this reporting tool at any time via:

Reporting System FAQ's

When should I report an incident?
PHOENIX group has an obligation to notify the supervisory authority within 72 hours of becoming aware of an incident, due to this, all incidents must be reported without delay via the online reporting tool.

What data incidents should be reported and how?
All personal data incidents are to be reported to the Data Protection team via the online reporting tool.

What is a data protection incident?
Data Protection incidents are any event which has, or could have, resulted in the accidental or deliberate loss of personal data (electronic or paper) or destruction of data, or unauthorised access to data (e.g. loss or theft of laptop, smartphone, paper record, prescriptions).

What happens after I submit a report?
The Data Protection team will review the incident report and will contact you for further information or, where necessary, will assist you with the post incident actions.

Your data

The respect of privacy is a serious concern to which we pay special attention when processing and using personal data. We therefore attribute great importance to the protection of your personal data. Insofar as personal data is collected (e.g. your name, address or other identifying information), it is processed and used exclusively in accordance with applicable data protection regulations, in particular the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG). To protect your data against manipulation and access, we have taken technical measures (e.g. encrypted transmission) according to the latest technology. 

We only use your personal data for the purpose for which it was transferred to us. 

For contact via e-mail, your details are saved in order to process the enquiry and in case supplementary questions arise. Please note that the transfer of e-mails is unencrypted. 

Technical data processing on this website

Log files recording access to the system are stored on the web servers. Data processing on our website includes the automatic storage of information transferred via browsers. This includes

  • browser type/version
  • operating system
  • referrer URL (last page visited)
  • host name of accessing computer (IP address) 
  • time of server request

This data is anonymous and cannot be traced back to individuals. It is not merged with data from other sources. The data is only used for statistical purposes and deleted once the statistical analysis is complete. Other personal data, such as your name, address, telephone number, or e-mail address is not collected unless you voluntarily submit this information, e.g. as part of your registration to access the personal career area. 

All-in-One espresso (Newsletter)

By subscribing to the All-in-One espresso (newsletter), you declare that you agree to receive the All-in-One espresso, a monthly newsletter from PHOENIX Pharmahandel GmbH & Co KG including information about PHOENIX services, products, activities and news. Your personal data (name and e-mail address) will only be processed to the extent necessary for the newsletter submission. You can unsubscribe from your e-mail newsletter at any time free of charge, e.g. by clicking the unsubscribe button contained in any newsletter. Your personal data will not be passed on to third parties.


Our website uses cookies in several places. They are used to make our service more user-friendly, effective, and secure. Cookies are small text files that are deposited on the computer and stored by the browser. Most of the cookies we use are session cookies, which are automatically deleted at the end of your visit. Cookies do not damage your computer and do not contain viruses. 

You can block or remove cookies at any time with the relevant browser settings.

Google Analytics

a) The website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics also uses cookies, i.e. text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the U.S.A. and stored there. Through the activation of IP anonymization on the website, however, your IP address will be truncated by Google within Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address transmitted to a Google server in the U.S.A. and truncated there. 

b) On behalf of us Google will use this information for the purpose of analyzing your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. 

c) Google will not associate the IP address transmitted by your browser with any other data held by Google. Google may also transfer this information to third parties where required to do so by law, or where such third parties process this information on Google's behalf. 

d) At any time you may delete cookies placed on your computer by calling up the relevant menu item in your internet browser or deleting the cookies on your hard drive. For details, see the Help menu of your internet browser. 

e) You may refuse the use of cookies by selecting the appropriate settings on your browser; we advises, however, that if you do this you may not be able to use the full functionality of this website. You can also prevent the data generated by the cookie about your use of the website (incl. your IP address) being sent to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link:

f) Further information is available at or (general information on Google Analytics and privacy). We advise that the code "_anonymizeIp();" has been added to Google Analytics on the website to guarantee the anonymous collection of IP addresses (so-called IP masking). 

Google Maps

This website uses the product Google Maps from Google Inc. By using this website, you consent to the collection, processing, and use of the data automatically gathered by Google Inc., its representatives and third parties. You will find the Terms of Service for Google Maps at

Google Fonts

This website uses external typefaces from Google Fonts. Google Fonts is a service provided by Google Inc. (“Google”). These web fonts are embedded by making a request from a server, usually a Google server in the United States. Data about which of our web pages you have visited is then transmitted to the server. Google also stores the IP address of the device browser used by the person visiting these web pages. You will find more detailed information in Google’s data protection notices, which you can view here: and 


This website uses plug-ins from the American company Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. As a consequence, log information may be transmitted from our website to Vimeo. Vimeo’s server in the United States thus automatically stores information (“log data”), such as the information that your browser sends to a website when you visit, or the information that your mobile app sends when you use it. This log data may contain your IP address, the address of the website you visited that uses Vimeo features, the browser type and settings, the date and time of your request, information about your use of Vimeo, and cookies.

You can find out more information about data collection, how you data is evaluated and processed by Vimeo, and your rights relating to this in Vimeo’s Privacy Policy:


We retain the right to change our data privacy statement. This may be necessary as a result of technical developments. We therefore ask you to consult the data privacy statement from time to time and to apply the current version.

Should you have any questions about data protection, please contact us here

Date of last review and update: 08/03/2017