Who we are
Our website address is: https://bioseet.com.
Data Privacy Guidelines
At bioseet GmbH in Munich, Germany, protecting your personal information is our top priority. Of course, we operate in line with all relevant data protection laws. The following data privacy guidelines are designed to explain just how we use your data.
- DATA PROTECTION NOTICE OF BIOSEET GMBH
- NAME AND ADDRESS OF DATA PROTECTION OFFICER
- GENERAL INFORMATION ON DATA PROCESSING
- PROVISION OF THE WEBSITE AND CREATION OF LOG FILES
- USE OF COOKIES
- CONTACT FORM AND E-MAIL CONTACT
- WEB ANALYSE BY INTERNAL WEB ANALYSIS TOOL
- RIGHTS OF THE DATA SUBJECT
1. Data privacy statement of bioseet GmbH
The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU Member States as well as other regulations on data protection is:
Bioseet GmbH
Kopernikusstrasse 11
81679 München
Germany
Tel.: +49 (0) 89 – 89067673
E-Mail: info@bioseet.com
Website: www.bioseet.com
2. Name and address of the data protection officer
On request, we will provide you with the information about your personal data stored in our systems free of charge and without delay. Please contact us in writing:
Bioseet GmbH
Data Protection Officer
Kopernikusstrasse 11,
81679 München
Or via E-Mail:
info@bioseet.com
3. General information on data processing
Scope of personal data processing
We collect and process personally identifiable information of our users basically only where this is necessary for providing a functional website as well as our content and services. You have the right at any time, for reasons that arise from your particular situation, to prevent the processing of your personal data following Art. 6 (1) lit. (e) or (f) of GDPR for objection.
Legal basis for the processing of data
Insofar as we obtain consent for processing operations of the data subject’s personal data, Art. 6 (1)(a) GDPR serves as the legal basis.
For the processing of personal data required for the performance of a contract the contractual party of which is the data subject, Art. 6 (1)(b) GDPR serves as the legal basis. This also applies to processing operations required for the performance of precontractual measures. Insofar as processing of personal data is required for the fulfilment of a legal obligation applying to our company, Art. 6 (1)(c) GDPR serves as the legal basis.
If the processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 (1)(d) GDPR serves as the legal basis.
If the processing is necessary for the preservation of the legitimate interests pursued by our company or a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 (1)(f) GDPR serves as the legal basis for the processing.
Data deletion and retention period
The personal data of the data subject will be deleted or blocked once the purpose of storing no longer exists. Nonetheless, the data may be stored if this is stipulated by European or national legislature, union regulations, laws or other provisions to which the controller is subject. Blocking or deletion of data may also occur when a stipulated data retention period defined in the said regulations expires, except, the continued data storage is needed for the conclusion or performance of a contract.
4. Provision of the website and creation of log files
Description and scope of the data processing
Like most standard websites, we use log files. Meaning, that our system automatically collects data and information of the visiting computer each time our website is accessed. The following data is collected in this process:
(1) date and time of access
(2) shortened internet protocol (IP) address of the visiting user’s system
(3) a pseudonymous cookie ID
(4) information about the operating system and the browser used
(5) the accessed website
(6) the website from which the user reached the visited website (referrer)
However, none of the information stored in our log files, including but not limited to IP addresses, is linked to personally identifiable information or added together with other personal data of the user.
Legal basis for data processing
Art. 6 (1)(f) GDPR serves as the legal basis for the temporary storage of data.
Purpose of the data processing
The log files are stored in order to ensure the functionality of the website. In addition, the data is used for optimising the website and safeguarding the security of our IT systems. The data is not analysed for marketing purposes in this context.
These purposes also constitute our legitimate interest in the data processing according to Art. 6 (1)(f) GDPR.
Data retention period
The data is deleted once it is no longer required for attaining the purpose of its collection. With regard to the collection of data for the provision of the website, this is the case when the respective session has been finished.
Possibility to object and to withdraw consent
The collection of data for the provision of the website and the storage of data in log files are absolutely necessary for the operation of the website. Users may therefore not object to this
5. Use of cookies
Description and scope of the data processing
Our website uses cookies. Cookies are small text files that are stored in the Internet Browser and/or stored by the Internet Browser on the user’s computer. When a user visits a website, a cookie may be stored in the user’s operating system. This cookie contains a distinctive character string that facilitates the clear identification of the browser when the website is revisited.
Furthermore, we use cookies on our website that facilitate the analysis of the users’ browsing behaviour.
A pseudonymous cookie ID may be transmitted this way.
It is not possible to attribute the data to the visiting user. The data is not stored together with other personal data of the users.
Legal basis of the data processing
Art. 6 (1)(f) GDPR serves as the legal basis for the processing of personal data by using cookies.
Purpose of the data processing
The purpose of using analysis cookies is to improve the quality of our website and its content. Using analysis cookies gives us information on how the website is used so that we can continuously improve our services.
These purposes also constitute our legitimate interest in processing personal data according to Art. 6 (1)(f) GDPR.
Retention period, possibilty to object and withdraw consent
Cookies are stored on the user’s computer and transmitted to our website. Thus, you as user have full control over the use of cookies. You may deactivate or limit the transmission of cookies by changing the settings in your Internet Browser. Already stored cookies can be deleted any time. This may also be performed automatically. Though, if cookies for our website are deactivated, it may not be possible to use the full functionality of all website features.
6. Contact form and e-mail contact
Description and scope of the data processing
Our website includes contact forms, which may be used to contact us electronically. When a user takes advantage of this possibility, the data entered into the input mask is transmitted to us and stored. This includes at least your first and last name as well as your E-Mail address and phone. The time and date of your contact request will also be recorded.
We obtain your consent for processing the data within the scope of the sending process by asking you and referring to this Data Privacy Statement.
Alternatively, you may contact us via the E-Mail address or telephone number provided. In this case, the user’s personal data sent via E-Mail will be stored.
The data is not transferred to third parties in this context but rather used exclusively for the handling of the conversation.
Legal basis of the data processing
Art. 6 (1)(a) GDPR serves as the legal basis for the processing of data after the user’s consent has been obtained.
Art. 6 (1)(f) GDPR serves as the legal basis for the processing of data that is transferred in line with sending an E-Mail.
Purpose of the data processing
The sole purpose of processing personal data from the input mask is to process the contact request. When contacting us via E-Mail, this also constitutes the required legitimate interest in the processing of the data.
Other personal data processed during the sending process serves to prevent misuse of the contact form and to safeguard the security of our IT systems.
Data retention period
The data is deleted once it is no longer required for attaining the purpose of its collection. For personal data from the input mask of the contact form and data submitted via E-Mail, this rule applies if the respective conversation with the user has ended. The conversation is considered completed when the circumstances indicate that the subject matter has been conclusively clarified.
Possibility to object and withdraw consent
The user may withdraw his or her consent to the processing of personal data at any time. This right of withdrawal also applies to the storage of his or her personal data when contacting us via E-Mail. In that case, the conversation can not be continued and all personal data stored in the course of contacting us will be deleted.
7. Web analysis by internal web analysis tool
Scope of Personal Data Processing
We use an internal solution to analyse the traffic data of our website. Data that we analyse for the design of products and websites will not be transferred to third parties. The data is stored exclusively on our servers in Germany.
The software sets a cookie on the user’s computer. When accessing our website, the following data will be stored:
(1) date and time of access
(2) shortened IP address of the visiting user’s system
(3) a pseudonymous cookie ID
(4) information about the operating system and the browser used
(5) the accessed website
(6) the website from which the user reached the visited website (referrer)
Due to the software configuration the IP addresses are anonymised meaning that it is not possible to attribute the shortened IP address to the visitor’s computer.
Those log files are stored for seven days and pseudonymized analysis data for two months.
Legal basis for the processing of personal data
Art. 6 (1)(f) GDPR serves as the legal basis for processing the users’ personal data.
Purpose of the data processing
The processing of our user’s personal data allows us to analyse our users’ browsing behaviour. Evaluating the collected data allows us to compile information on the usage of our website’s unique components. This helps us in continuously improving our website and its user-friendliness. Upon these purposes we constitute our legitimate interest in processing personal data according to Art. 6 (1)(f) GDPR. The anonymization of the IP address sufficiently takes into account the users’ interest in safeguarding their personal data.
Data retention period
The data is deleted once it is no longer required for attaining the purpose of its collection.
Possibility to object and to withdraw consent
Cookies are stored on the user’s computer and hereupon transmitted to our website. Thus, you as user have full control over the use of cookies. You may deactivate or limit the transmission of cookies by changing the settings in your Internet Browser. Already stored cookies can be deleted any time. This may also be performed automatically. Though, if cookies for our website are deactivated, it may not be possible to use the full functionality of all website’s features.
8. Rights of the data subject
Whenever your personal data is processed, you are a data subject within the meaning of the GDPR and entitled to enforce the following rights towards the controller:
Right to access
You may request a confirmation from the data controller for the personal data concerning you processed by us. If such processing is performed, you may request access to the following information from the data controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that are processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) the envisaged period for which the personal data concerning you will be stored, or, if concrete details are not possible in that respect, the criteria used to determine the storage period;
(5) the existence of the right to request rectification or deletion of personal data concerning you or the right to restriction of processing by the data controller or right to object to such processing;
(6) the existence of the right to file a complaint with a supervisory authority;
(7) any available information on the source of the data when the personal data is not collected from the data subject;
You are entitled to request information about whether personal data concerning you is transferred to a third country or an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
Right of rectification
You are entitled to rectification and/or completion towards the controller insofar as the processed data concerning you is incorrect or incomplete. The controller is obligated to perform the rectification without delay.
Right to restriction of processing
Under the following conditions, you may request the restriction of processing of personal data concerning you if:
(1) you contest the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the deletion of the personal data and request the restriction of using the personal data instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but you require this data for the establishment, exercise or defence of legal claims, or
(4) you have objected to the processing pursuant to Art. 21 (1) GDPR pending verification of whether the legitimate reasons of the controller override your reasons.
Where the processing of personal data concerning you has been restricted, this data – with the exception of its storage – may be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the processing was restricted according to the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
Right to deletion
Obligation to Delete
You may request from the controller the immediate delete the personal data concerning you. The controller is obligated to delete this data without undue delay provided that one of the following reasons applies:
(1) the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) you withdraw your consent on which the processing was based according to Art. 6 (1)(a) or Art. 9 (2)(a) and there is no other legal ground for the processing;
(3) you object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR;
(4) the personal data concerning you has been unlawfully processed;
(5) the personal data concerning you has to be deleted for compliance with a legal obligation of Union or Member State law to which the controller is subject;
(6) personal data concerning you has been collected in relation to services offered by information society services according to Article 8(1) GDPR.
Information to Third Parties
Where the controller has made the personal data concerning you public and is obligated pursuant to Art. 17 (1) to delete this data, the controller will take into account available technology and cost of implementation and reasonable technical measures to inform any controllers processing personal data concerning you to delete any links to this personal data including copies or replications of this personal data on your request.
Exceptions
The right to erasure does not apply if the processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing pursuant to EU or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for the establishment, exercise or defence of legal claims.
Right to notification
Insofar as you have enforced your right to rectification, deletion or restriction of processing towards the controller, the controller is obligated to communicate such rectification, deletion or restriction of processing to each recipient to whom the personal data concerning you has been disclosed unless this proves impossible or involves disproportionate effort.
You are entitled to be notified by the controller about those recipients.
Right to data portability
You are entitled to receive the personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format. Furthermore, you are entitled to transmit this data to any other controller without hindrance from the controller to which you provided the personal data insofar as:
(1) the processing is based on consent pursuant to Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR or an agreement pursuant to Art. 6 (1)(b); and
(2) the processing is carried out by automated methods.
In exercising this right, you are also entitled to have the personal data transmitted directly from one controller to another controller insofar as this is technically feasible. The rights and freedoms of other persons must not be affected by this.
This right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority that has been vested in the controller.
Right to object
On grounds arising from your particular situation, you are entitled to object at any time to the processing of personal data concerning you that is based on Art. 6 (1)(e) or (f) GDPR.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the establishment, exercise or defence of legal claims.
If the personal data concerning you is processed for direct marketing purposes, you are entitled to object at any time to the processing of personal data concerning you for the purposes of such marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In the context of the use of information society services – notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.
Right to withdraw declaration of consent under data protection law
You are entitled to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the legality of the performed processing based on the consent up to its withdrawal.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of personal data relating to you infringes the provisions of the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
If we, contrary to expectation, are unable to clarify your data privacy concerns, please contact the supervisory authority responsible for Bioseet:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Bayer (LfDI BAY),
Postfach 22 12 19, 80502 München, Deutschland