1. Name and address of the person responsible
The person responsible for the purposes of the Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:
I&L Biosystems GmbH
Königswinterer Str. 409
2. Name and address of the data protection officer
The data protection officer of those who are accountable:
Dachauer Straße 65
3. General information on data processing
3.1. Scope of processing personal data
In principal, we only process the personal data of our users to the extent necessary in order to provide a functioning website with our content and services. The processing of personal data takes place regularly, and only with the consent of the user in question. Exceptions include cases whereby prior consent could not be obtained and that the processing of the data is, nonetheless, permitted by law.
3.2. Legal basis for data processing
sec. 6 para. 1 sentence 1 lit. a EU-GDPR serves as the legal basis to obtain the consent of the data subject for the processing of their data.
As for the processing of personal data required for the performance of a contract of which the data subject is party, sec. 6 para. 1 sentence 1 lit. b serves as a legal basis. This also applies to processing operations required to carry our pre-contractual activities.
When it is necessary to process personal data in order to fulfil a legal obligation to which our company is subject, sec. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.
In the event that the interest or well-being of the data subject or any relevant natural person(s) require the processing of personal data, sec. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.
If the processing of data is necessary to safeguard the legitimate interests of our company or that of a third-party operator, and the fundamental rights and freedoms of the person(s) concerned do not outweigh the interest of the former, sec. 6 para. 1 sentence 1 lit. f GDPR will serve as a legal basis for the processing of data.
3.3. Data removal and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage has been accomplished. In addition, such storage may be provided by the European or national legislator within the EU regulations, law, or other relevant regulations to which the data controller is subject. Blocking or deletion of the data also takes place when the storage period stipulated by the aforementioned standards expires, unless there is a need to prolong the storage of the data for the purpose of concluding or fulfilling the respective contract.
4. Rights of the person concerned
When your personal data is processed, you are subsequently a “person concerned” and have the following rights vis-à-vis the person responsible:
4.1. Right to information
You may ask the person responsible to confirm whether your personal data is processed by us.
If such processing is available, you can request the following information from the person responsible:
- the purpose for which the personal data is processed;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
- the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
- the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the data controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information on the source of the data if the personal data is not collected from the data subject;
- the existence of automated decision-making including profiling under Article 22 (1) and (4) the GDPR and, in certain cases, meaningful information about the data processing system involved, and the scope and intended result of such processing on the data subject.
You have the right to request information on whether your personal information will be transmitted to a third-party country or an international organization. Given that this applies, you can then request for the appropriate guarantees in accordance with sec. 46 GDPR in connection with the transfer.
4.2. Right to rectification
You have a right to rectification and / or completion to the data controller, if the personal data you process is incorrect or incomplete. The responsible person must make the correction without delay.
4.3. Right to the restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
- if you challenge the accuracy of your personal information within a period of time that enables the data controller to verify the accuracy of your personal information;
- the processing is unlawful, and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;
- the representative no longer needs the personal data for the purpose of processing, but you need it to assert, exercise or defend legal claims; or
- if you have objected to the processing pursuant to sec. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may with the exection of data storage only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest, interest to the Union, or a Member State.
If the limitation of the processing after the abovementioned conditions are restricted, you will be informed by the person in charge before the restriction is lifted.
4.4. Right to delete
a) Obligation to delete
If you request from the person responsible to delete your personal data with immediate effect, he/she is required to do so immediately given that one of the following applies:
- Personal data concerning you is no longer necessary for the purposes for which they were collected or processed.
- You revoke your consent, to which the processing is allowed pursuant to sec. 6 para. 1 sentence 1 lit. a oder sec. 9 para. 2 lit. a GDPR and there is no other legal basis for processing the data
- According to sec. 21 para. 1 GDPR you object to the processing of the data given that the processing of the data is justified by a legitimate interest, or you object pursuant to sec. 21 para. 2 GDPR.
- Your personal data have been processed unlawfully.
- The act of deleting your personal data will invoke a legal obligation under the Union law or the law of the Member States to which the data controller is subject.
- Your personal data were collected in relation to information business services offered pursuant to sec. 8 para. 1 GDPR.
b) Information to third parties
If the person responsible has made your personal data public and has to delete the data pursuant to sec. 17 para. 1 GDPR, he/she shall take appropriate measures, including technical means, to inform data controllers who process the personal data that you have been identified as being affected, that a request has been made to delete all links to such personal data or copies or replications of the personal data, taking into account available technology and implementation costs to execute the process.
The right to delete does not exist if the processing is necessary
- to exercise the right to freedom of speech and information;
- to fulfill a legal obligation required by the law of the Union or of the Member States to which the representative is subject, or to perform a task of public interest or in the exercise of public authority delegated to the representative;
- for reasons of public interest in the field of public health pursuant to sec. 9 para. 2 lit. h and i and sec. 9 para. 3 GDPR;
- for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to sec. 89 para. 1 GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
- to enforce, exercise or defend legal claims.
4.5. Right to information
If you have the right of rectification, deletion or restriction of processing over the data controller, he/she is obliged to notify all recipients to whom your personal data have been disclosed of the correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You reserve the right to be informed about the recipients of your data by the data controller.
4.6. Right to Data Portability
You have the right to receive your personal data given to the data controller in a structured, standard and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible who was initially given the data, given that
- the processing is based on a consent in accordance with sec. 6 para. 1 sentence 1 lit. a GDPR or sec. 9 para. 2 lit. a GDPR or on a contract in accordance with sec. 6 para. 1 sentence 1 lit. b GDPR and
- the processing is done by automated means.
In exercising this right, you also have the right to maintain that your personal data relating to you are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons shall not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the data controller.
4.7. Right to object
Subjective to your situation, you have, at any time, the right to object against the processing of your personal data pursuant to sec. 6 para. 1 sentence 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The data controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data in regard to such advertising; this also applies to profiling insofar as it is associated with direct mail.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purpose.
Regardless of Directive 2002/58/EG &ndash, you have the option, in the context of the use of information society services, to exercise your right to object to automated procedures that use technical specifications.
4.8. Right to revoke the data protection consent declaration
You have the right to withdraw your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
4.9. Automated decision on a case-by-case basis, including profiling
You have the right not to subject to a decision based solely on automated processing - including profiling - that will have legal effect or affect you in a similar manner. This does not apply if the decision
- is required for the conclusion or execution of a contract between you and the data controller,
- is permitted by the Union or Member State legislation to which the data controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
- with your expressed consent.
However, these decisions must not be based on special categories of personal data under sec. 9 para. 1 GDPR, unless sec. 9 para. 2 lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the data controller shall take appropriate measures to uphold your rights and freedoms as well as your legitimate interests, including the right to obtain assistance from the data controller or their representative, to express your opinion on the matter, and to contest the decision.
4.10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in the Member State of their residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to sec. 78 GDPR.
5. Provision of website and creation of log files
5.1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and relevant information from the computer system of the calling computer.
The following data is collected:
- Browser type and version used
- The user’s operating system
- The user’s internet service provider
- The IP address of the user
- Date and time of access
- Web pages from which the user’s system accesses our website
- Web pages accessed by the user’s system through our website
The data is also stored in the log files of our system. The data is not stored with the user’s other personal data.
5.2. Legal basis for data processing
The legal basis for the temporary storage of data and logfiles is sec. 6 para. 1 sentence 1 lit. f GDPR.
5.3. Purpose of data processing
The temporary storage of the IP address by the system is necessary for the delivery of the website to the computer of the user. For this purpose, the user’s IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology (IT) systems. In this case, the evaluation of the respective data for marketing purposes does not take place.
For the aforementioned purposes, our legitimate interest lies in the processing of data in compliance with sec. 6 para. 1 sentence 1 lit. f GDPR.
5.4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The session is complete when the collection of data for the provision of the website is accomplished.
The data stored in log files will only be stored for a period of up to seven days. Prolonged storage is possible when the IP addresses of the users are deleted or alienated, and that the assignment of the calling client is no longer possible.
5.5. Objections and removal option
The collection of data for the provision of the website as well as the storage of data in log files are essential for the operation of the website. Therefore, the user may not object to the aforementioned processes
6.1. Description and scope of data processing
The following data is stored and transmitted in the cookies:
- Language settings
- Log-In information
6.2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is sec. 6 para. 1 sentence 1 lit. f GDPR.
Given the consent of the user, the legal basis for the processing of personal data using cookies for analysis purposes is sec. 6 para. 1 sentence 1 lit. a GDPR.
6.3. Purpose of data processing
We require cookies for the following features:
- Applying language settings
- Remembering terms
The data collected through the technically necessary cookies will not be used to create profiles of the users.
In this case, our legitimate interests lie in the processing of personal data in accordance with sec. 6 para. 1 sentence 1 lit. f GDPR.
6.4. Duration of storage, objections and removal option
The transmission of Flash cookies cannot be prevented by the settings on the internet browser, but by changing the setting on the Flash Player instead.
7.1. Description and scope of data processing
You can subscribe to a free newsletter on our website. The data from the input mask are transmitted to us when the user subscribes for the newsletter.
- email address
- IP address of the calling computer
If your purchase goods or services on our website and provide your email address during the process, your email address may subsequently be used for us to send you newsletters. In such an event, the newsletter will only send you mail that are relevant or similar to the goods and/services that your purchased.
When personal data is processed for the purpose of sending newsletters, there will be no disclosure of the said data to third party operators. The data will hence be used solely for the purpose of sending newsletters.
7.2. Legal basis for data processing
The legal basis for the processing of data after the user has subscribed for the newsletter, and given their consent, is sec. 6 para. 1 sentence 1 lit. a GDPR.
The legal basis for sending newsletters as a result of the sale of goods or services is § 7 para. 3 UWG.
7.3. Purpose of data processing
The collection of the user’s email address is to deliver the newsletter.
The collection of other personal data during the subscription process serves to prevent the misuse of services or the misuse of the email address provided.
7.4. Duration of storage
The data will be deleted as soon as they have completed their use for the survey. The user’s email address will be saved for the period at which the newsletter is active.
Other personal data collected during the subscription process are typically deleted after seven days.
7.5. Objections and removal option
Subscription to the newsletter may be terminated at any time by the user concerned. Each newsletter will include a link that offers this option.
The user may also revoke their consent to the storage of their personal data collected during the subscription process.
8. Contact form and email contact
8.1. Description and scope of data processing
A contact form is available on our website, which may be used for electronic communication. If the user chooses this method of communication, the data entered in the input mask will be transmitted to us and saved.
When the message is being sent, the following data will be stored:
- email address
- contact number
- IP address of the calling computer
- date and time of registration
Alternatively, contact via email can also be made, in which case, the user’s personal data transmitted via email will be stored.
For this purpose, your personal data will not be disclosed to third parties. The data will be used exclusively for the purpose of processing the conversation.
8.2. Legal basis for data processing
With the consent of the user, the legal basis for the processing of their data is pursuant to sec. 6 para. 1 sentence 1 lit. a GDPR.
The legal basis for the processing of data transmitted in the course of sending an email is sec. 6 para. 1 sentence 1 lit. f GDPR. If the contact via email is made for the conclusion of a contract, sec. 6 para. 1 sentence 1 lit. b GDPR also applies.
8.3. Purpose of data processing
The processing of personal data obtained from the input mask serves only to process the contact that has been established. If contact is made via email, the legitimate interest of processing the data will be considered.
Other personal data transmitted during the dispatch process is only processed to prevent the misuse of the contact form and to ensure the security of our information technology (IT) systems.
8.4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. As for the data collected from the input mask or contact form, as well as those retrieved via email, the data will be deleted when the conversation with the user has ended. The conversation is considered done when it can be inferred from the content of the conversation that the relevant topics discussed have been clarified.
The additional personal data collected during the dispatch process will be deleted after a period of seven days at most.
8.5. Objections and removal possibility
The user may, at any time, revoke their consent to the processing of their personal data. If the user contacts us via email, they may object to the storage of their personal data at any time. In this case, the conversation cannot continue.
All personal information stored in the course of communication with the user will hence be deleted.
9. Used Plugins
9.1. Scope of personal data processing
Use of Google Analytics
We use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphiteatre Parkway, Mountain View, CA 94043, United States ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer that allow an analysis of your use of the website. The information generated by the cookie on your use of this website is transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be abbreviated by Google beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in specific cases will the full IP address be sent to a Google server in the US and abbreviated there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate your use of this website, compile reports on website activity, and provide other services related to website activity and internet usage. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by changing the settings on your browser software. However, by preventing the storage of cookies, you may not be able to use all the functions on our website to its full potential.
9.2. Purpose of data processing
The purpose of processing personal data is to optimize the approach towards a target group which expresses their initial interest by making their first page visit.
9.3. Legal basis for the processing of personal data
The legal basis for data processing is Art.6 Para. 1 S.1 lit. f GDPR.
9.4. Duration of storage
Advertising data in server logs are anonymized by deleting parts of the Google IP address and cookie information after 9 and 18 months.
9.5. Objections and removal option
In addition, you may prevent the collection of data generated by the cookie, data related to your use of the website (including your IP address), as well as the processing of the respective data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout. For more information, kindly refer to the following link: www.google.com/intl/de/policies/privacy/.
9.6 Use of SalesViewer® technology:
The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.
The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.
9.7 Use of LinkedIn Insight Tag
We use functionalities of the marketing plugin LinkedIn Insight Tag from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin, Ireland (hereinafter referred to as LinkedIn). The plugin allows us to obtain information about the website visitors and maintain detailed campaign reports.
In particular, the following personal data is processed by LinkedIn:
- Referrer URL
- IP address shortened or hashed
- Device and browser properties (User Agent) and timestamps.
Cookies from LinkedIn are stored on your end device. Further information about the cookies used can be found here: https://www.linkedin.com/legal/cookie-policy
LinkedIn does not share any personally identifiable information with us, but only provides aggregated audience reports and advertisements. LinkedIn also offers a remarketing feature that allows us to display targeted personalized advertising outside of our website without revealing your identity.
For more information on how LinkedIn processes the data, please click here: https://www.linkedin.com/legal/privacy-policy
2. Purpose of data processing
We use LinkedIn Insight Tag to collect information about visitors to our website.
3. Legal basis for the processing of personal data
The legal basis for the processing of personal data is the user's given consent in accordance with Art. 6 (1) (1) (a) GDPR.
4. Duration of storage
The direct identifiers of members will be removed within seven days in order to pseudonymize the data. These remaining pseudonymized data will then be deleted within 180 days.
5. Possibility of revocation and removal
You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.
You can prevent LinkedIn from collecting and processing your personal information by preventing third-party cookies from being stored on your computer, by using the "Do Not Track" function of a supporting browser, by disabling the execution of script code in your browser, or by installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
For further information on objection and removal options against Linked Insight Tag, please visit: https://www.linkedin.com/legal/privacy-policy
10. Use of Microsoft Forms
10.1. Scope of the processing of personal data
As part of Microsoft 365, we use Microsoft Forms. Microsoft Forms is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA and its representative in the European Union: Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P52) (hereinafter referred to as: Microsoft).
The use of Microsoft Forms is voluntary.
An evaluation of the survey results is carried out on the basis of the anonymous data. Nevertheless, it cannot be ruled out that the processing of the following personal data makes it possible to establish a link to your person:
- IP address
- Information about your company
- Information about your department
- Microsoft account data (only if you are logged in with a Microsoft account when you fill in the form. To minimise the risk of establishing a personal link, we recommend that you log out of your Microsoft account before completing the form).
We would also like to ask you not to enter any personal data in free text fields of our survey. Personal data of participants entered in free text fields will not be taken into account in the evaluation of the survey results.
Further information on the processing of your personal data by Microsoft can be found here.
10.2. Purpose of data processing
We use Microsoft Forms to conduct customer satisfaction surveys. In doing so, we pursue the following purposes in particular:
- Our business interest in determining the satisfaction of our customers with the products, customer service and employees of I&L Biosystems GmbH.
- Our entrepreneurial interest to develop our products in a customer-oriented way.
- To test and optimise procedures for direct customer contact and needs analysis
- Carrying out market research
10.3. Legal basis for the processing of personal data
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest here lies in the purposes of data processing stated under 10.2.
10.4. Duration of storage
We will delete the data collected as part of the survey as soon as the purposes of data processing stated under 10.2 no longer apply.
10.5. Possibility of objection and elimination
You can prevent the collection and processing of your personal data by Microsoft by preventing third-party cookies from being stored on your computer, by using the "Do Not Track" function of a supporting browser, by deactivating the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
For more information regarding your possibilities to object and opt-out of Microsoft, please visit: https://privacy.microsoft.com/de-de/privacystatement
10.6. Transfer to a third country
In order to ensure appropriate safeguards for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA is carried out on the basis of appropriate safeguards pursuant to Art. 46 et seq DSGVO, in particular by concluding so-called standard data protection clauses pursuant to Art. 46 para. 2 lit. c DSGVO. A copy of the standard data protection clauses can be requested from us.
You can revoke your consent at any time by changing the cookie settings here.