Welcome to HERPOtherm®, brought to you in the UK by Mibe Pharma UK Ltd.
What is HERPOtherm®?
HERPOtherm® is an over the counter medical device distributed by Mibe Pharma UK Ltd (“Mibe Pharma”) in the UK. HERPOtherm® is a patented electronic medical device for the local treatment of the accompanying symptoms of cold sores (herpes simplex labialis). It can provide fast and effective relief of itching, tingling, pain, tightness, and burning symptoms. If HERPOtherm® is applied early enough, the development of cold sores can usually be prevented.
If applied later, the severity of symptoms may be lessened, or they may fade sooner. HERPOtherm® works solely by concentrated heat and is completely free from chemicals. The application of concentrated heat (local hyperthermia) is a physical mode of action based on a brief, concentrated application of heat to a small limited area of skin. This localised pulse of heat may be sufficient to trigger a response from the body that reduces itching and pain and subsequently causes any swelling to go down.
- IMPORTANT INFORMATION AND WHO WE ARE
- THE DATA WE COLLECT ABOUT YOU
- HOW IS YOUR PERSONAL DATA COLLECTED
- HOW WE USE YOUR PERSONAL DATA
- DISCLOSURES OF PERSONAL DATA
- INTERNATIONAL TRANSFERS
- DATA SECURITY
- DATA RETENTION
- YOUR LEGAL RIGHTS
- IMPORTANT INFORMATION AND WHO WE ARE
All references to ‘our’, ‘us’ or ‘we’ within this policy are deemed to refer to Mibe Pharma UK Ltd our subsidiaries or affiliates (including Dermapharm AG). Mibe Pharma is a subsidiary company within the Dermapharm AG group of companies. Dermapharm is a family-run pharmaceutical company founded in 1991, has its headquarters in Grünwald near Munich and its main production site in Brehna near Leipzig.
Mibe Pharma UK Ltd is the data controller with responsibility for the proper functioning of the Mibe Pharma business in the UK and is responsible for this website. The website is accessible at www.myHERPOtherm.co.uk
- THE DATA WE COLLECT ABOUT YOU
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
- Identity Data includes first name, last name or similar identifier and title.
- Contact Data includes address, delivery address if different, email address, potentially your social media handles (twitter / LinkedIn) and telephone numbers.
- Financial Data may from time to time include data, which enables us to run an e-commerce proposition for you or in conjunction with Amazon or other pharmacies or suppliers (in which case we may collect a mix of data such as bank account, transaction data and payment card details).
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Usage Data includes information about how you use our website, when you make an order and when you make a formal contact via the contact tab on the website.
- Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
- HOW IS YOUR PERSONAL DATA COLLECTED?
By accessing or browsing our website, making orders or contacting us, using the HERPOtherm® product you are providing your data to us, we inevitably collect your personal data. We collect your data in two main ways:
(i) User Provided Information
Mibe Pharma obtains the information you provide when you become a customer, browse on this website, use the contact form, communicate via email or subscribe for a newsletter, or otherwise contact us.
Typically, you will provide
- your name
- email address
- user name
- other registration information
- information you provide us when you contact us for help
- credit/debit card information for purchase and use of the additional Application features
- information you enter into our system when using Mibe Pharma, such as contact information
We may use the information you provided us to contact your from time to time to provide you with important information, required notices and marketing promotions.
(ii) Automatically Collected Information
Through our technology, and upon each access by a user to a page of our website and upon each retrieval of a file, access data concerning this process is stored in a log file on our server.
Each dataset is comprised of:
- the page from which the file was requested (referrer URL)
- the name of the file
- the date and time of the request (“time stamp”)
- the amount of data transferred
- the access status (file transferred, file not found, etc.)
- the access method used (get, head, post) and violations of it (trace, flurp, etc.)
- encryption algorithm used (TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3) and cipher suite
- violations of HPKP
- HTTP protocol used (HTTP1.0, HTTP1.1, HTTP2.0) and violations of the RFC definition of the protocol
- transmission compression used (gzip, deflate, brotli)
- browser cache status during recurring visit
- server cache responses and changes
- violations of CSP (content security policy)
- violations of distributed denial-of-service (DDOS)
- violations of access restrictions of server directories
We store IP addresses for a maximum period of 180 days in server log files (depending on the log file created).
Further use or transmission of this data happens only with the developer of the website in the event of an error. The analysis acts as function testing of the web server or the website.
In addition, Mibe Pharma may collect other information automatically, including, but not limited to, the type of mobile device you use, your mobile devices unique device ID, your mobile operating system, the type of mobile internet browsers you use, and information about the way you use the HERPOtherm® website.
- HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. We have set out below a visual depiction of all the ways we are allowed to process your personal data under the GDPR, followed by a summary of the key “lawful bases” which apply most to Mibe Pharma.
Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate business interests (or those of a third party) when providing and improving the HERPOtherm®website (providing your interests and fundamental rights do not override our interests). Much of the analytics applied to the automatically collected information results in storage of certain personal data. It is our view and the view of our website developer that this is important for reasons of data security in order to guarantee the stability and reliability of our website.
- Generally, we do not rely on consent as a legal basis for processing your personal data although we will endeavour to obtain your (opt-in) consent before sending third party direct marketing communications to you via email or text message. This would apply to any newsletter or information service we or our affiliates provide. You have the right to withdraw consent to marketing at any time by contacting us.
- DISCLOSURES OF YOUR PERSONAL DATA
With respect to non-personal data, aggregated and anonymized data is periodically transmitted to external service providers to help us improve the HERPOtherm® product and website. We may work with analytics companies to help us understand how Mibe Pharma is being used, such as the frequency and duration of usage. We work with advertisers and third-party advertising networks, who need to know how you interact with advertising provided in Mibe Pharma, which helps us keep the cost of Mibe Pharma low.
Advertisers and advertising networks use some of the information collected by Mibe Pharma, including, but not limited to, the unique identification ID of your mobile device and your mobile telephone number. To protect the anonymity of this information, we use an encryption technology to help ensure that these third parties cannot identify you personally.
These third parties may also obtain anonymous information about other applications you’ve downloaded to your mobile device, the mobile websites you visit, your non-precise location information (e.g., your post code), and other non- precise location information in order to help analyse and serve anonymous targeted advertising on Mibe Pharma and elsewhere. We may also share encrypted versions of information you have provided in order to enable our partners to append other available information about you for analysis or advertising related use.
With respect to personal data, we will share your information internally as you would expect – this is so we can run our business and the service to you smoothly and efficiently. We shall share your information with third parties only in the limited ways that are described in this privacy statement:
- when we believe in good faith that disclosure is necessary to protect our rights, protect your vital interests, your safety or the vital interests and safety of others;
- we reserve the right in exceptional cases — for example, in case of queries on the products HERPOtherm® and bite away®— to share your personal data with the currently notified and responsible manufacturer.
- where we need to share some personal data with our trusted services providers and strategic partners (cloud hosts, Xero the accounting platform, website maintenance, IT security experts, software providers) who may need to do work for us or on our behalf. These parties will not have an independent or different purpose for using the personal data we give them;
- where we need to comply with a legal obligation (such as a regulatory request from the Information Commissioner, help investigate a fraud, or respond to a government or judicial request);
- when we grow as a business and may need in future to expose certain data sets to purchasers or investors in the event of future corporate activity of different kinds. Subject to confidentiality restrictions and other rules, which apply in such tightly guarded circumstances, we will do our best to notify you– especially in the event of a change in ownership or a change to the uses and purposes of the personal information.
Use of Amazon
As you can see from our website, we partner with Amazon for purpose of sales, distribution, marketing and brand awareness. Amazon take privacy very seriously and we rely on their privacy notice to enable and protect HERPOtherm® customers and website visitors in their use of Amazon’s services when engaging with our product. https://www.amazon.com/gp/help/customer/display.html?nodeId=201909010
Use of Google Analytics
We use Google Analytics to analyse website usage. The data that is acquired in this way is used to optimize our website and advertising efforts.
Google Analytics is a web analysis service that is operated and provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google processes the data on website usage for us and contractually undertakes to take measures to ensure the confidentiality of the processed data. If you should not agree with the collection, you can prevent this with the one-time installation of the browser add-ons for the deactivation of Google Analytics.
Use of Google AdWords & Tags
This website also uses Google Conversion Tracking. In the process, Google AdWords sets a cookie on your computer if you have reached our website through a Google ad. You can find Google’s privacy notice on conversion tracking here.
Use of YouTube
This website may include at least one plug-in from YouTube, which is owned by Google, Inc. and domiciled in San Bruno, California, USA. The moment you visit pages of our website that are equipped with a YouTube plug-in, a connection to the servers of YouTube is established. The YouTube server is thereby notified about which specific page of our website you visited. If, in addition, you are logged into your YouTube account, you would enable YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this possibility of association if you log out of your account in advance. You can obtain further information on the collection and use of your data by YouTube in the discussion of data privacy at www.youtube.com.
Use of Facebook
This website uses social plug-ins of the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). Plug-ins can be recognized by one of the Facebook logos (white “f” on a blue tile, the term “like” or a “thumbs up” symbol) or are denoted with the suffix “Facebook Social Plugin”. According to Facebook, only anonymized IP addresses are stored in Germany. Users can find the purpose and scope of the collection of data and the further processing and use of the data by Facebook as well as the relevant rights and setting options for protecting the user's privacy in the Data Policy of Facebook.
If you wish to object to the use of Facebook Website Custom Audiences, you can do this here.
We also utilise the Conversion Pixel or Tracking Pixel of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. By accessing this Pixel from your browser, Facebook can subsequently recognize whether a Facebook ad was successful—in other words, resulted in an online transaction, for example. To this end, we receive exclusively statistical data from Facebook without a reference to a specific person. This enables us to track the effectiveness of Facebook ads for statistical and marketing research purposes. If you are signed in at Facebook, we also expressly refer to its Data Policy. If you wish to revoke your consent to Conversion Pixel, please go to
Use of Twitter
This website uses the buttons of the service Twitter. These buttons are offered through Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. They are recognizable by terms such as “Twitter” or “Follow” combined with a stylized blue bird. With the aid of the buttons, it is possible to share an article or page from this website with Twitter or to follow the provider at Twitter.
- INTERNATIONAL TRANSFERS
We comply with applicable requirements attaching to what are known as “restricted transfers” of personal data (i.e. transfers of data internationally outside of those permitted territories, which are part of the European Economic Area (EEA) or are otherwise deemed to benefit from an “adequacy decision” in its favour). We will take the necessary precautions such as entering into data sharing agreements as and when required. As a UK domiciled business, we will keep the situation under review when the transitional arrangements governing the UK’s withdrawal from the EU (and removal from the EEA) cease to apply after 31 December 2020 and shall follow all relevant government guidance such as that found here: https://www.gov.uk/guidance/using-personal-data-after-brexit
As you have noted with our extensive use of global partners for HERPOtherm®, many based in the United States, certain data is transmitted to a server in the United States. For this, our partners adhere to the data protection provisions of the “EU-US Privacy Shield” agreement.
- DATA SECURITY
We are vigilant about safeguarding the confidentiality of your information and this is why confidentiality is a key component of our contractual relationships with consultants, contractors and distributors. We deploy provide a range of “technical and organisational” measures (as required by article 32 of the GDPR including physical, electronic, and procedural safeguards to protect information). For example, we limit access to this information to authorised employees and contractors who need to know that information in order to operate, develop or improve the HERPOtherm® website. Please be aware that, although we endeavour provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches. This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
MIBE PHARMA BEARS NO RESPONSIBILITY FOR INFORMATION SHARED OR PAYMENT TRANSACTIONS MADE ON ANOTHER PARTY’S WEBSITE OR DOMAIN – EVEN IF WE HAVE FACILITATED YOUR REFERRAL TO THAT OTHER PARTY.
In the event there is an occasion in future where there is an unauthorised use or breach with respect to personal data (such as a mis-sent email regarding your order for HERPOtherm® or a cyber-hack that affects Dermapharm’s wider systems or servers), Mibe Pharma has a best practice “data breach response protocol” which will immediately kick-in to mitigate the risk to individual’s rights and freedoms arising from the breach.
The protection of children also forms a part of our consideration. We do not use HERPOtherm® to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at Enquiry.mibeUK@dermapharm.com We will delete such information from our files as soon as is reasonably practicable.
- DATA RETENTION
We will retain certain User data for as long as you use the HERPOtherm® product and/or website. We will retain Automatically Collected information for up to 24 months and thereafter may store it in aggregate for the purpose of analytics and our legitimate business interests. If you would like us to delete your User data that you have provided via the HERPOtherm® website, please contact us at Enquiry.mibeUK@dermapharm.com and we will respond when we are able. Please note that some or all of the User data may be required in order for Mibe Pharma to function properly. As a corporately responsible business, mindful of the data protection principle of storage-limitation and data-minimisation, Mibe Pharma will also perform a disposal and archiving exercise at least once per annum, at which all data sets will be reviewed and obsolete data will be deleted from our systems (including our back up facilities).
A cookie is a piece of code or text stored on the hard drive of your computer, mobile phone or other portable device by your web browser. When a User retrieves a website, a cookie can be stored on the operating system of the user. In the case of a login, this cookie contains a string of characters that guarantees clear identification of the browser for the duration of the log-in. Normally, cookies are used to administer metadata of the website and contain no personal data.
Through technical precautions, the data collected from you in this manner is pseudonymized. It is therefore no longer possible for us as the website operator to associate the data with you as a person. The data is not stored together with other personal data of yours that we have collected.
- YOUR LEGAL RIGHTS
It is important to remember you have rights when it comes to your personal data and your rights under this and other privacy policies. You can opt out of marketing at any time by letting us know. You can stop all collection of information by Mibe Pharma easily by not visiting our website any more or ordering our HERPOtherm® product. You may use the contact button on the website to expedite such request. You may also contact us directly at Enquiry.mibeUK@dermapharm.com
You have enshrined rights under the GDPR as applicable in the UK, which are summarised below:
- The right to be informed about our use of your data. This is met by this Policy.
- The right to access information we hold about you and to obtain information about how we process it (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Please note that we may ask you to specify what you wish to see in order to focus our search, and we may have to verify your identity/authority.
- In some circumstances, the right to withdraw your consent to our processing of your information, which you can do at any time. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- In some circumstances, the right to receive certain information you have provided to us in an electronic format and/or request that we transmit it to a third party;
- The right to request that we rectify your information if it is inaccurate or incomplete though we may need to verify the accuracy of the new data you provide to us.
- In some circumstances, the right to request that we erase your information where there is no good reason for us continuing to process it. We may continue to retain your information if we are entitled or required to retain it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
- The right to object to, and to request that we restrict, our processing of your information in some circumstances for example where we are relying on our legitimate interests or using it for direct marketing. Again, there may be situations where you object to, or ask us to restrict, our processing of your information but we are entitled to continue processing it and/or to refuse your request.
- In principle, we use no fully automated decision-making or profiling pursuant to Article 22 GDPR. If we should employ these procedures in individual cases, we will inform you separately of this if this is required by law.
- Individuals have a right to complain to the UK Information Commissioner’s Office by visiting www.ico.org.uk, or to the data protection regulator in the country where they live or work. Information Commissioner's Office:
- Telephone: 0303 123 1113
Fax: 01625 524510
- Telephone: 0303 123 1113
If you have any questions regarding privacy while using the HERPOtherm® website or have questions about our practices, please contact us via email at Enquiry.mibeUK@dermapharm.com
 All references to the GDPR’s application in the UK shall refer to its application through the Data Protection Act 2018 or any other successor instrument or equivalent national rule, which applies during and beyond the transitional arrangements governing the UK’s withdrawal from the EU.