Welcome to Bite-Away, brought to you in the UK by Mibe Pharma UK Ltd. 

This privacy policy is an important legal notice, which governs how we collect, use and secure your personal data when you interact with this website and when you interact with the Bite Away product.

 

What is Bite Away?

Bite-Away is an over the counter medical device distributed by Mibe Pharma UK Ltd (“Mibe Pharma”) in the UK. Bite Away is an electronic device for the symptomatic treatment of itching, pain and swelling caused by insect stings and bites, works solely by concentrated heat and is completely free from chemicals.  The application of concentrated heat (local hyperthermia) is a physical mode of action based on a brief, concentrated application of heat to a small limited area of skin.  This localised pulse of heat may be sufficient to trigger a response from the body that reduces itching and pain and subsequently causes any swelling to go down.

 

We have set out this privacy policy into the following layered tabs or sections

  1. IMPORTANT INFORMATION AND WHO WE ARE
  2. THE DATA WE COLLECT ABOUT YOU
  3. HOW IS YOUR PERSONAL DATA COLLECTED
  4. HOW WE USE YOUR PERSONAL DATA
  5. DISCLOSURES OF PERSONAL DATA
  6. INTERNATIONAL TRANSFERS
  7. DATA SECURITY
  8. DATA RETENTION
  9. YOUR LEGAL RIGHTS

 

  1. IMPORTANT INFORMATION AND WHO WE ARE

All references to ‘our’, ‘us’ or ‘we’ within this policy are deemed to refer to Mibe Pharma UK Ltd our subsidiaries or affiliates (including Dermapharm AG).   Mibe Pharma is a subsidiary company within the Dermapharm AG group of companies.  Dermapharm is a family-run pharmaceutical company founded in 1991, has its headquarters in Grünwald near Munich and its main production site in Brehna near Leipzig.

Mibe Pharma UK Ltd is the data controller with responsibility for the proper functioning of the Mibe Pharma business in the UK and is responsible for this website.  The website is accessible at www.mybiteaway.co.uk

We have appointed a data protection champion for the company who is responsible for overseeing questions in relation to this privacy policy and rolling out staff training and staff awareness programmes. If you have any questions about this privacy policy, including any requests to exercise your legal rights as explained below please contact us at this email address: Enquiry.mibeUK@dermapharm.com

This privacy policy governs your interactions with Mibe Pharma UK Ltd whether you are a consumer of the Bite Away product, or one of our suppliers, or a website visitor, or someone who has been referred to this site having seen Bite Away for sale on Amazon.com and elsewhere.

In all cases, this privacy policy will explain how we interact with you when it comes to your personal data.  It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.  Mibe Pharma operates in accordance with the latest data protection law applicable in the UK – primarily through the Data Protection Act 2018.  We also adhere to the legal principles enshrined in the General Data Protection Regulation (EU) 2016/679 (“GDPR”) as this continues to apply in the UK[1] – and especially Article 5 of the GDPR including the principles of purpose-limitation, storage-limitation, data accuracy, data security and integrity and data minimisation.

 

  1. THE DATA WE COLLECT ABOUT YOU

We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

    • Identity Data includes first name, last name or similar identifier and title.
    • Contact Data includes address, delivery address if different, email address, potentially your social media handles (twitter / linkedin) and telephone numbers.
    • Financial Data may from time to time include data, which enables us to run an e-commerce proposition for you or in conjunction with Amazon or other pharmacies or suppliers (in which case we may collect a mix of data such as bank account, transaction data and payment card details).
    • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
    • Usage Data includes information about how you use our website, when you make an order and when you make a formal contact via the contact tab on the website.
    • Marketing and Communications Data includes your preferences in receiving marketing information from us and your communication preferences.

As a growing business with an online presence, we reserve the right to accumulate, collect, use and share Aggregated Data such as statistical or demographic data for any purpose, which assists our business or the Dermapharm group.  It helpfully informs our future product range.   Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of customers accessing a specific website page or button. However, if we combine or connect Aggregated Data with your personal data so that it can in rare circumstances directly or indirectly identify you, we treat the combined data as personal data, which will be afforded the full protection of this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

 

  1. HOW IS YOUR PERSONAL DATA COLLECTED?

By accessing or browsing our website, making orders or contacting us, using the Bite-Away product you are providing your data to us, we inevitably collect your personal data.  We collect your data in two main ways:

    • User Provided Information

Mibe Pharma obtains the information you provide when you become a customer, browse on this website, use the contact form, communicate via email or subscribe for a newsletter, or otherwise contact us.

Typically, you will provide

    1. your name
    2. email address
    3. age
    4. user name
    5. password
    6. other registration information
    7. information you provide us when you contact us for help
    8. credit/debit card information for purchase and use of the additional Application features
    9. information you enter into our system when using Mibe Pharma, such as contact information

We may use the information you provided us to contact your from time to time to provide you with important information, required notices and marketing promotions.

    • Automatically Collected Information

Through our technology, and upon each access by a user to a page of our website and upon each retrieval of a file, access data concerning this process is stored in a log file on our server.

Each dataset is comprised of:

    • the page from which the file was requested (referrer URL)
    • the name of the file
    • the date and time of the request (“time stamp”)
    • the amount of data transferred
    • the access status (file transferred, file not found, etc.)
    • the access method used (get, head, post) and violations of it (trace, flurp, etc.)
    • encryption algorithm used (TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3) and cipher suite
    • violations of HPKP
    • HTTP protocol used (HTTP1.0, HTTP1.1, HTTP2.0) and violations of the RFC definition of the protocol
    • transmission compression used (gzip, deflate, brotli)
    • browser cache status during recurring visit
    • server cache responses and changes
    • violations of CSP (content security policy)
    • violations of distributed denial-of-service (DDOS)
    • violations of access restrictions of server directories

We store IP addresses for a maximum period of 180 days in server log files (depending on the log file created).

Further use or transmission of this data happens only with the developer of the website in the event of an error. The analysis acts as function testing of the web server or the website.
In addition, Mibe Pharma may collect other information automatically, including, but not limited to, the type of mobile device you use, your mobile devices unique device ID, your mobile operating system, the type of mobile internet browsers you use, and information about the way you use the Bite Away website.

 

  1. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. We have set out below a visual depiction of all the ways we are allowed to process your personal data under the GDPR, followed by a summary of the key “lawful bases” which apply most to Mibe Pharma.

Most commonly, we will use your personal data in the following circumstances:

    1. Where it is a contractual necessity to process personal data – this would cover the order for the Bite Away product and honouring this contract. It also covers the discharge of legal responsibilities in our website terms of use now or in future.
    2. Where it is necessary for our legitimate business interests (or those of a third party) when providing and improving the Bite Away website (providing your interests and fundamental rights do not override our interests). Much of the analytics applied to the automatically collected information results in storage of certain personal data. It is our view and the view of our website developer that this is important for reasons of data security in order to guarantee the stability and reliability of our website.
    3. Generally, we do not rely on consent as a legal basis for processing your personal data although we will endeavour to obtain your (opt-in) consent before sending third party direct marketing communications to you via email or text message. This would apply to any newsletter or information service we or our affiliates provide.  You have the right to withdraw consent to marketing at any time by contacting us.

 

  1. DISCLOSURES OF YOUR PERSONAL DATA

With respect to non-personal data, aggregated and anonymized data is periodically transmitted to external service providers to help us improve the Bite Away product and website.  We may work with analytics companies to help us understand how Mibe Pharma is being used, such as the frequency and duration of usage. We work with advertisers and third-party advertising networks, who need to know how you interact with advertising provided in Mibe Pharma, which helps us keep the cost of Mibe Pharma low.

Advertisers and advertising networks use some of the information collected by Mibe Pharma, including, but not limited to, the unique identification ID of your mobile device and your mobile telephone number. To protect the anonymity of this information, we use an encryption technology to help ensure that these third parties cannot identify you personally.

These third parties may also obtain anonymous information about other applications you’ve downloaded to your mobile device, the mobile websites you visit, your non-precise location information (e.g., your post code), and other non- precise location information in order to help analyse and serve anonymous targeted advertising on Mibe Pharma and elsewhere. We may also share encrypted versions of information you have provided in order to enable our partners to append other available information about you for analysis or advertising related use.

With respect to personal data, we will share your information internally as you would expect – this is so we can run our business and the service to you smoothly and efficiently.  We shall share your information with third parties only in the limited ways that are described in this privacy statement:

    1. when we believe in good faith that disclosure is necessary to protect our rights, protect your vital interests, your safety or the vital interests and safety of others;
    2. we reserve the right in exceptional cases—for example, in case of queries on the products bite away® and HERPOtherm®—to share your personal data with the currently notified and responsible manufacturer.
    3. with our employees and others within our Group (including Dermapharm with whom we share certain resources). Our employees are obligated to confidentiality. If data is shared with service providers in the course of processing, they are likewise obligated to confidentiality and bound to follow the data protection laws, other legal provisions and this privacy policy.
    4. where we need to share some personal data with our trusted services providers and strategic partners (cloud hosts, Xero the accounting platform, website maintenance, IT security experts, software providers) who may need to do work for us or on our behalf. These parties will not have an independent or different purpose for using the personal data we give them;
    5. where we need to comply with a legal obligation (such as a regulatory request from the Information Commissioner, help investigate a fraud, or respond to a government or judicial request);
    6. where we need to honour our terms of use or similar contractual agreements (like processing an ecommerce transaction in future, checking the validity of a website enquiry);
    7. when we grow as a business and may need in future to expose certain data sets to purchasers or investors in the event of future corporate activity of different kinds. Subject to confidentiality restrictions and other rules, which apply in such tightly guarded circumstances, we will do our best to notify you– especially in the event of a change in ownership or a change to the uses and purposes of the personal information.

 

Advertising Channels

Use of Amazon

As you can see from our website, we partner with Amazon for purpose of sales, distribution, marketing and brand awareness.  Amazon take privacy very seriously and we rely on their privacy notice to enable and protect Bite Away customers and website visitors in their use of Amazon’s services when engaging with our product.  https://www.amazon.com/gp/help/customer/display.html?nodeId=201909010

Use of Google Analytics

We use Google Analytics to analyze website usage. The data that is acquired in this way is used to optimize our website and advertising efforts.
Google Analytics is a web analysis service that is operated and provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google processes the data on website usage for us and contractually undertakes to take measures to ensure the confidentiality of the processed data.  If you should not agree with the collection, you can prevent this with the one-time installation of the browser add-ons for the deactivation of Google Analytics.

Use of Google AdWords & Tags

We use Google Remarketing tags. These are services of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google” herein). Google uses cookies that are stored on your computer and facilitate an analysis of your usage of the website. Our website uses Google Tag Manager for purposes of personalized, interest- and location-based online advertising. Google Tag Manager regulates the option to anonymize IP addresses through an internal setting, which is not visible in the source of this page. This internal setting is set in a manner that achieves the required anonymization of the IP addresses.
You can prevent interest-based advertising through the installation of this browser plug-in.

This website also uses Google Conversion Tracking. In the process, Google AdWords sets a cookie on your computer if you have reached our website through a Google ad. You can find Google’s privacy notice on conversion tracking here.

Use of YouTube

This website may include at least one plug-in from YouTube, which is owned by Google, Inc. and domiciled in San Bruno, California, USA. The moment you visit pages of our website that are equipped with a YouTube plug-in, a connection to the servers of YouTube is established. The YouTube server is thereby notified about which specific page of our website you visited. If, in addition, you are logged into your YouTube account, you would enable YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this possibility of association if you log out of your account in advance. You can obtain further information on the collection and use of your data by YouTube in the discussion of data privacy at www.youtube.com.

Use of Facebook

Social plug-in

This website uses social plug-ins of the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). Plug-ins can be recognized by one of the Facebook logos (white “f” on a blue tile, the term “like” or a “thumbs up” symbol) or are denoted with the suffix “Facebook Social Plugin”.   According to Facebook, only anonymized IP addresses are stored in Germany.  Users can find the purpose and scope of the collection of data and the further processing and use of the data by Facebook as well as the relevant rights and setting options for protecting the user’s privacy in the Data Policy of Facebook.

Within our website, we use the “Website Custom Audience” pixel of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. Doing so integrates so-called web bugs into our pages. When you visit our pages, a direct connection is established between your browser and the Facebook server through the web bug. Among other things, Facebook thereby receives the information from your browser that our page was accessed by your terminal. You can find further information on this in the Facebook Privacy Policy.
If you wish to object to the use of Facebook Website Custom Audiences, you can do this here.

We also utilise the Conversion Pixel or Tracking Pixel of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. By accessing this Pixel from your browser, Facebook can subsequently recognize whether a Facebook ad was successful—in other words, resulted in an online transaction, for example. To this end, we receive exclusively statistical data from Facebook without a reference to a specific person. This enables us to track the effectiveness of Facebook ads for statistical and marketing research purposes. If you are signed in at Facebook, we also expressly refer to its Data Policy.
If you wish to revoke your consent to Conversion Pixel, please go to www.facebook.com/settings?tab=ads.

Use of Twitter

This website uses the buttons of the service Twitter. These buttons are offered through Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. They are recognizable by terms such as “Twitter” or “Follow” combined with a stylized blue bird. With the aid of the buttons, it is possible to share an article or page from this website with Twitter or to follow the provider at Twitter.

When a user accesses a page of this website which contains such a button, his browser establishes a direct link with the servers of Twitter. Twitter transmits the content of the Twitter buttons directly to the browser of the user. The provider therefore has no influence on the scope of the data, which Twitter collects by means of this plug-in and informs the user consistent with the state of its knowledge. To the understanding of the provider, when the button is pressed, only the IP address of the user is transmitted along with the URL of the respective website, but it is not used for purposes other than to display the button.
Further information on this can be found in the privacy policy of Twitter at  http://twitter.com/privacy.

 

  1. INTERNATIONAL TRANSFERS

We comply with applicable requirements attaching to what are known as “restricted transfers” of personal data (i.e. transfers of data internationally outside of those permitted territories, which are part of the European Economic Area (EEA) or are otherwise deemed to benefit from an “adequacy decision” in its favour).  We will take the necessary precautions such as entering into data sharing agreements as and when required. As a UK domiciled business, we will keep the situation under review when the transitional arrangements governing the UK’s withdrawal from the EU (and removal from the EEA) cease to apply after 31 December 2020 and shall follow all relevant government guidance such as that found here: https://www.gov.uk/guidance/using-personal-data-after-brexit

As you have noted with our extensive use of global partners for Bite Away, many of which are based in the United States, certain data is transmitted to a server in the United States.  For this, our partners adhere to the data protection provisions of the “EU-US Privacy Shield” agreement.

 

  1. DATA SECURITY

We are vigilant about safeguarding the confidentiality of your information and this is why confidentiality is a key component of our contractual relationships with consultants, contractors and distributors. We deploy provide a range of “technical and organisational” measures (as required by article 32 of the GDPR including physical, electronic, and procedural safeguards to protect information). For example, we limit access to this information to authorised employees and contractors who need to know that information in order to operate, develop or improve the Bite Away website. Please be aware that, although we endeavour to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches. This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

When you leave our website, for example when you make an enquiry through a pharmacist or Amazon, and land on that party’s own site or portal we strongly encourage you to read the privacy policy of those additional websites or portals you visit.

MIBE PHARMA BEARS NO RESPONSIBILITY FOR INFORMATION SHARED OR PAYMENT TRANSACTIONS MADE ON ANOTHER PARTY’S WEBSITE OR DOMAIN – EVEN IF WE HAVE FACILITATED YOUR REFERRAL TO THAT OTHER PARTY.

In the event there is an occasion in future where there is an unauthorised use or breach with respect to personal data (such as a mis-sent email regarding your order for Bite Away or a cyber-hack that affects Dermapharm’s wider systems or servers), Mibe Pharma has a best practice “data breach response protocol” which will immediately kick-in to mitigate the risk to individual’s rights and freedoms arising from the breach.

The protection of children also forms a part of our consideration. We do not use Bite Away to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at Enquiry.mibeUK@dermapharm.com  We will delete such information from our files as soon as is reasonably practicable.

 

  1. DATA RETENTION

We will retain certain User data for as long as you use the Bite Away product and/or website. We will retain Automatically Collected information for up to 24 months and thereafter may store it in aggregate for the purpose of analytics and our legitimate business interests. If you would like us to delete your User data that you have provided via the Bite Away website, please contact us at Enquiry.mibeUK@dermapharm.com and we will respond when we are able. Please note that some or all of the User data may be required in order for Mibe Pharma to function properly.  As a corporately responsible business, mindful of the data protection principle of storage-limitation and data-minimisation, Mibe Pharma will also perform a disposal and archiving exercise at least once per annum, at which all data sets will be reviewed and obsolete data will be deleted from our systems (including our back up facilities).

Cookies

A cookie is a piece of code or text stored on the hard drive of your computer, mobile phone or other portable device by your web browser. When a User retrieves a website, a cookie can be stored on the operating system of the User. In the case of a login, this cookie contains a string of characters that guarantees clear identification of the browser for the duration of the log-in. Normally, cookies are used to administer metadata of the website and contain no personal data.

We use cookies for the purpose of making our website more user-friendly, effective and safe. Some functions of our website cannot be offered without the use of cookies. The processing occurs on the basis of Art. 6 (1) (f) GDPR and arises from the legitimate interest in the aforementioned purposes.

Through technical precautions, the data collected from you in this manner is pseudonymized. It is therefore no longer possible for us as the website operator to associate the data with you as a person. The data is not stored together with other personal data of yours that we have collected.

Cookies are stored on your computer. You therefore have full control over the use of cookies. By choosing appropriate technical settings in your web browser, you can prevent the storage of cookies and transmission of the data received. Already stored cookies can be deleted at any time. We would point out, however, that in such case you may be unable to use all functions of this website to the full extent. At the following links, you can learn how you can administer (including deactivate) cookies in the principal browsers: ChromeInternet ExplorerFirefoxSafari.

 

  1. YOUR LEGAL RIGHTS

It is important to remember you have rights when it comes to your personal data and your rights under this and other privacy policies.  You can opt out of marketing at any time by letting us know. You can stop all collection of information by Mibe Pharma easily by not visiting our website any more or ordering our Bite Away product. You may use the contact button on the website to expedite such request. You may also contact us directly at Enquiry.mibeUK@dermapharm.com

In a large number of cases, it will be more appropriate to contact the relevant seller or distributor of the Bite Away product as the first port of call as they will hold your order data and payment record. Mibe Pharma does not hold transactional data or payment services data on the Bite Away website (but may introduce such payment functionality in future and we will let you know through an update to this privacy policy).

You have enshrined rights under the GDPR as applicable in the UK, which are summarised below:

    • The right to be informed about our use of your data. This is met by this Policy.
    • The right to access information we hold about you and to obtain information about how we process it (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Please note that we may ask you to specify what you wish to see in order to focus our search, and we may have to verify your identity/authority.
    • In some circumstances, the right to withdraw your consent to our processing of your information, which you can do at any time. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
    • In some circumstances, the right to receive certain information you have provided to us in an electronic format and/or request that we transmit it to a third party;
    • The right to request that we rectify your information if it is inaccurate or incomplete though we may need to verify the accuracy of the new data you provide to us.
    • In some circumstances, the right to request that we erase your information where there is no good reason for us continuing to process it. We may continue to retain your information if we are entitled or required to retain it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
    • The right to object to, and to request that we restrict, our processing of your information in some circumstances for example where we are relying on our legitimate interests or using it for direct marketing. Again, there may be situations where you object to, or ask us to restrict, our processing of your information but we are entitled to continue processing it and/or to refuse your request.
    • In principle, we use no fully automated decision-making or profiling pursuant to Article 22 GDPR. If we should employ these procedures in individual cases, we will inform you separately of this if this is required by law.
    • Individuals have a right to complain to the UK Information Commissioner’s Office by visiting www.ico.org.uk, or to the data protection regulator in the country where they live or work. Information Commissioner’s Office:
      Wycliffe House
      Water Lane
      Wilmslow
      Cheshire
      SK9 5AF
    • Telephone: 0303 123 1113
      Fax: 01625 524510

Changes

This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy here. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes. You can check the history of this policy by clicking here.

Consent

By using the Bite Away website or even by browsing its owners’ website or reading into the Bite Away product and specification you are consenting to our website terms of use, and the processing of your information as set forth in this Privacy Policy now and as amended.

Contact us

If you have any questions regarding privacy while using the Bite Away website or have questions about our practices, please contact us via email at Enquiry.mibeUK@dermapharm.com

The practices described in this privacy policy statement are current personal data protection policies, as of 20 May 2020.

[1] All references to the GDPR’s application in the UK shall refer to its application through the Data Protection Act 2018 or any other successor instrument or equivalent national rule, which applies during and beyond the transitional arrangements governing the UK’s withdrawal from the EU.