Privacy Policy
Last Updated: 4 June 2026
1. Introduction
Medtravel-R GmbH, operator of the Pharmalogistic brand ("we," "our," or "us"), is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our services, visit our website (pharmalogistic.eu), or interact with our company.
We comply with the General Data Protection Regulation (GDPR), Austrian Data Protection Act, and all applicable EU privacy regulations.
2. Data Controller Information
Data Controller: Medtravel-R GmbH (Brand: Pharmalogistic)
Address: Lazarettgasse 3/4, 1090 Vienna, Austria
Email: contact@pharmalogistic.eu
Phone: +43 660 5464386
Website: https://pharmalogistic.eu
3. Information We Collect
We collect personal data on a voluntary basis when you use our services or visit our website. The information we collect includes:
3.1 Personal Information
- Full name
- Email address
- Phone number
- Age (for verification purposes)
- Delivery address
- Payment and billing information
3.2 Technical Information
- Anonymized visitor data collected through cookies
- Website usage data and analytics
- IP address and browser information
- Device information
3.3 Transaction Information
- Order details and history
- Shipping and delivery information
- Customer service correspondence
4. How We Use Your Information
We process your personal data for the following purposes:
- Communication: To contact you via email regarding your inquiries, orders, and service-related matters
- Service Access: To provide access to our services and content on our website
- Order Processing: To process and fulfill your product orders and manage delivery
- Notifications: To send you information about products, services, and special offers (you can opt out at any time)
- Website Analytics: To analyze site usage and improve the quality of our services
- Legal Compliance: To comply with applicable laws and regulations
- Customer Support: To respond to your questions and provide customer service
4.1 Opt-Out of Marketing Communications
If you wish to stop receiving marketing notifications and special offers, you can opt out at any time by sending an email to contact@pharmalogistic.eu with the subject line "Unsubscribe from notifications" or "Opt-out".
5. Legal Basis for Processing
We process your personal data based on the following legal grounds:
5.1 Consent
The primary legal basis for processing your personal data is your explicit consent, which you provide when submitting forms on our website or using our services. You have the right to withdraw your consent at any time.
5.2 Contractual Necessity
We process your data to fulfill our contractual obligations in providing services, including order processing, delivery, and customer support.
5.3 Legal Obligation
We may be required by law to collect and maintain certain information to comply with applicable regulations, tax requirements, and legal obligations.
5.4 Legitimate Interests
We process data for our legitimate business interests, such as improving our services, preventing fraud, and ensuring website security, always balanced against your privacy rights.
6. Data Sharing and Disclosure
We never share your personal information with third parties without your explicit consent, except as required by law.
6.1 Service Providers
We may work with trusted service providers who assist us in operating our website and conducting our business, such as:
- Courier and logistics companies for delivery
- Payment processors for secure transactions
- IT service providers for website hosting and technical support, including Cloudflare (USA) for hosting, CDN, DDoS protection and Cloudflare Turnstile for contact-form anti-abuse, and Brevo (Belgium/France) for transactional email delivery and CRM
These service providers are contractually obligated to protect your data and may only use it for the specific services they provide to us.
6.2 Legal Requirements
We may disclose your information when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
7. International Data Transfers
Due to the international nature of our services, your data may be transferred to countries outside the EU/EEA. We ensure adequate protection through:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules when applicable
- Certification schemes and codes of conduct
8. Data Security
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, loss, misuse, or alteration.
Our security measures include:
- Secure encryption for data transmission (SSL/TLS)
- Secure servers with access controls
- Regular security updates and monitoring
- Restricted access to personal data on a need-to-know basis
While we strive to protect your personal data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but continually work to improve our security measures.
9. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy. Specific retention periods include:
- Order, transaction, and invoicing records: retained for 7 years following the end of the relevant calendar year, in accordance with the record-keeping obligations of the Austrian Federal Fiscal Code (Bundesabgabenordnung, § 132) and the Austrian Commercial Code (Unternehmensgesetzbuch, § 212).
- General inquiries and customer service correspondence: retained for up to 24 months after the inquiry is resolved, then deleted.
- Marketing consent records: retained until you withdraw consent or request deletion.
- Website analytics data: retained according to the configuration of our analytics providers. Google Analytics user data is retained for 14 months. Yandex.Metrica visitor data is retained for up to 25 months for aggregated reports and 15 months for session recordings (WebVisor), in line with Yandex's default retention settings.
You may request deletion of your personal data at any time by contacting us. Where statutory retention obligations apply, we will restrict further processing of the data and delete it once the legal retention period expires.
10. Your Rights Under GDPR
10.1 Right of Access
You have the right to request a copy of the personal data we hold about you.
10.2 Right to Rectification
You can request correction of inaccurate or incomplete personal data.
10.3 Right to Erasure
You may request deletion of your personal data, subject to legal and regulatory requirements.
10.4 Right to Restrict Processing
You can request limitation of how we process your data in certain circumstances.
10.5 Right to Data Portability
You have the right to receive your data in a structured, machine-readable format.
10.6 Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes.
10.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
11. Cookies and Website Technologies
Our website uses cookies and similar tracking technologies to enhance your experience and analyze site usage. We use Google Analytics and Yandex.Metrica to understand how visitors interact with our site, which helps us improve our services.
11.1 Types of Cookies We Use
- Essential Cookies: Necessary for website functionality, security, and legal compliance.
- Performance Cookies: Used by Google Analytics and Yandex.Metrica to help us understand website usage and improve user experience. These cookies are loaded only after you provide consent.
We do not use marketing, advertising, or retargeting cookies on this website.
You can manage your cookie preferences through our cookie consent banner when you first visit our website, or through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.
11.2 IP-Based Geolocation
To pre-fill the country field in our contact form, your browser briefly sends your IP address to ipapi.co, a US-based geolocation service. ipapi.co returns the country corresponding to your IP, which we use to auto-select an option in the form. We do not store your IP address, and the result is only used client-side to improve form usability. You can manually change the selected country at any time. See ipapi.co's privacy policy for details on their processing.
11.3 Yandex.Metrica and WebVisor Session Recording
To better understand how visitors from Russian-speaking markets use our website, we use Yandex.Metrica, a web-analytics service operated by Yandex LLC (registered in the Russian Federation). Yandex.Metrica is loaded only after you have given consent to performance cookies in our cookie banner.
When active, Yandex.Metrica processes:
- Pages you visit and time spent on each
- Click maps, scroll behavior, and form interactions
- Session recordings (WebVisor): anonymized recordings of mouse movements, scrolls, clicks, and keystrokes. Form-field contents are automatically masked by Yandex.
- Approximate location derived from your IP address (country/region only)
- Browser, device, operating system, and referring source
Data transfer to Russia: Visitor data is collected via the mc.yandex.com endpoint, which routes through Yandex's EU infrastructure for GDPR alignment. Because Yandex LLC is a Russian-jurisdiction company, certain aggregated or backup data may also be processed in the Russian Federation. The Russian Federation does not currently hold an EU adequacy decision under Article 45 GDPR. Where personal data is transferred to Russia, the legal basis is your explicit consent under Article 49(1)(a) GDPR, provided when you accept performance cookies in our banner.
You can withdraw your consent at any time by re-opening our cookie banner and disabling performance cookies, by clearing your browser cookies, or by installing Yandex's official opt-out browser add-on. For full details, see Yandex's privacy policy.
11.4 Cookies Used by This Website
The list below describes the cookies and similar storage technologies that may be set on your device. Performance cookies are set only after you accept them in our cookie banner; essential cookies are always set as they are required for security and basic functionality.
| Cookie | Set by | Purpose | Duration | Category |
|---|---|---|---|---|
pharmalogistic_cookie_consent | this website (localStorage) | Stores your cookie preferences | Persistent | Essential |
__cf_bm | Cloudflare | Bot management / DDoS protection | 30 min | Essential |
cf_clearance | Cloudflare Turnstile | Confirms human verification on contact form | 1 year | Essential |
_ga | Google Analytics | Distinguishes unique visitors | 2 years | Performance |
_ga_LS3NQPKKR1 | Google Analytics | Session state for this property | 2 years | Performance |
_ym_uid | Yandex.Metrica | Distinguishes unique visitors | 1 year | Performance |
_ym_d | Yandex.Metrica | Date of first visit | 1 year | Performance |
_ym_isad | Yandex.Metrica | Detects whether an ad blocker is in use | 1 day | Performance |
_ym_visorc | Yandex.Metrica | WebVisor session state | 30 min | Performance |
Some cookie names include a property identifier (e.g. _ga_LS3NQPKKR1). The structure is identical across all websites using the same provider — only the identifier differs.
12. Children's Privacy
Our services are not intended for use by individuals under 18 years of age. Only persons aged 18 or older may place an order or open a customer account.
Where pharmaceutical products or medical supplies are required for a minor (a person under 18), the order must be placed by a parent or legal guardian acting on the minor's behalf. In such cases, the parent or guardian is the contracting party, provides any required medical or prescription documentation, and is responsible for the lawful use of the products by the minor.
We do not knowingly collect personal data directly from individuals under 18. If we become aware that we have inadvertently collected such data without verified guardian involvement, we will delete it without undue delay.
13. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes through email or website notice. Continued use of our services after changes indicates acceptance of the updated policy.
14. Contact Information
If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us:
Privacy Questions and Requests
Email: contact@pharmalogistic.eu
Phone: +43 660 5464386
Address: Medtravel-R GmbH, Lazarettgasse 3/4, 1090 Vienna, Austria
Website: https://pharmalogistic.eu
15. Supervisory Authority
If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with the relevant supervisory authority:
Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40-42
1030 Vienna, Austria
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Effective Date: This Privacy Policy is effective as of June 2026 and remains in force until superseded by a new version.