Privacy Policy

Privacy Policy of the B.M.P. Group

This privacy policy applies to the following companies of the B.M.P. Group:
B.M.P. Bulk Medicines &  Pharmaceuticals GmbH,
B.M.P. Pharma Trading AG,
BMP Biotec GmbH,
Alpha Trading GmbH

We process personal data exclusively on the basis of statutory provisions (in particular in accordance with the General Data Protection Regulation (GDPR)/ DSGVO) and for the purpose of contract execution.
We either received this information from you, your company or from public sources (such as your homepage).

The legal basis for the processing of your data is derived from the purpose stated above
(Contract execution) (according to Art. 6 (1) b GDPR).

All employees of our company, our customers and / or suppliers, as well as contract related service providers have access to this data.

Our website is hosted by WebhostOne who can also view this information. In this context, we refer to the privacy policy of WebhostOne, which you can view on their website (

We store the personal data necessary for the fulfillment of the contract for the duration of the entire business relationship as well as in accordance with the legal storage and documentation obligations.



The log files of the web server are anonymized and we do not use any tools.
There is no transfer of the IP address of your computer.

Responsible body for data processing

B.M.P. Pharma Trading AG
Bornbarch 16
DE-22848 Norderstedt

Contact details of the data security officer:

Günter Schnakenbeck
Tel.0049/40/64 55 68-0


Personal data used:

– First name, Last Name
– Address
– Communication data (telephone, fax, e-mail address)
– Contract master data, in particular contract number and type of contract
– Invoice data / sales data
– Payment data / account information
– Customer Number
– Contact History
– Specific dates

Details of the business area As part of the contract, we also rely on data provided to us by third parties. Depending on the type of contract, these are the following categories of personal data:
– Information on creditworthiness (via credit reference agencies)

Data sources

– Customers
– Suppliers
– Service providers
– Credit agencies
– publicly available sources (e.g., commercial or other registers)

Purposes of data processing with appropriate legal basis

  1. Based on your consent (Art. 6 para. 1a GDPR) If you have given us consent to the collection, processing or transmission of certain personal data, that consent constitutes the legal basis for the processing of such data.
  2. For the fulfillment of a contract (Art. 6 para. 1b GDPR)
  3. For the fulfillment of legal obligations (Art. 6 Para. 1c GDPR) or in the public interest (Art. 6 Para. 1e GDPR):
    – Control and reporting requirements
    – Documentation requirements (e.g. ISO standard, (German Pharmaceuticals Act, Commodities Control Act, Controlled Substances Legislation)
  4. Due to a legitimate interest:
    – Consultation and data exchange with credit bureaus (e.g. identification of credit risk)
    – Central customer data management
    – Guarantee of the IT security
    – Payment transactions

Recipient of the data

In order to fulfill our contractual and legal obligations, your personal data will be transmitted to various public or internal bodies as well as external service providers, such as:

– Authorities
– Federal Opium Agency
– Customs and financial administration
– Chamber of Commerce, Lübeck / Hamburg
– Office for Social Services (pharmacovigilance agency), Kiel
– Banks
– Insurance companies
– Payment service providers (e.g. factoring companies)
– Consulting companies
– Credit bureaus (for example credit information)
– Webhosting service provider
– Auditors
– Telecommunications companies

If you have any questions, please contact:

Data transfer to third countries

In third countries, the GDPR has different requirements for the protection of personal data. For the processing of your data we also use service providers in third countries. An adequate level of protection in these countries is not established by any EU decision.
As far as possible, we have taken steps to ensure that your data is processed as safely in these countries as it is within the EU.

Duration of data storage

We store your personal information as long as it is necessary to fulfill our legal and contractual obligations.

If storage of the data is no longer necessary to fulfill these obligations, the data will be deleted unless further processing is required for the following purposes:
– Storage requirements according to ISO and / or legal requirements
– Fulfillment of commercial and tax retention periods (e.g. German Commercial Code, tax code, etc.)
– Preservation of evidence acc. statutory limitation periods
– Limitation periods according to BGB (Civil Code), in some cases up to 30 years

Duty to provide your personal information

In order to enter into a business relationship, you must provide us with the personal data that is necessary for the performance of the contractual relationship or that we must compulsorily ascertain due to legal requirements. If you do not provide us with this data, it is not possible for us to carry out and process the contractual relationship.


You have the following rights as the affected person:

Information about your personal data

According to Art. 15 GDPR you have the right to ask us for a confirmation whether personal data concerning you are collected, processed or stored. If this is the case, you also have the right of information according to Art. 15 GDPR.


On the basis of Art. 16 GDPR, you are entitled to the immediate correction of all incorrect data concerning yourself. You also have the right, under consideration of the purposes of the processing, to request the completion of all data relating to you, even by means of a supplementary statement.


It is your right to demand that we delete your personal data without delay. We are obliged to do so, provided the relevant conditions of Art. 17 DSGVO are met. For further details, please refer to Art. 17 GDPR.

Restriction of processing

According to Art. 18 GDPR you have the right under certain conditions to demand that we restrict the processing.

Right to objection

Pursuant to Art. 21 GDPR, you are entitled, at any time, for objection to your personal situation, to file an objection to the processing of personal data relating to you pursuant to Article 6 (1) (e) or (f) of the GDPR.

If you would like to exercise any of your rights, please contact the responsible person under the contact details provided. You facilitate our processing if you already provide proof that proves your identity, so that your request can be assigned to a specific person. For any questions, please contact us.

Right of appeal to the competent supervisory authority

According to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority. This right exists in the EU member state of your whereabouts, your place of work or the place of the alleged violation if you believe that the processing of your personal data violates the GDPR.

Updating this information

Should the meaning, purpose and method of processing your personal data change significantly, we will update this information in good time and inform you about these changes accordingly.