Data protection is of a particularly high priority for the management of the antibodies-online GmbH, the company that operates antibodies-online.com („antibodies-online"or „we").The following privacy policy provides you with information about the personal data that is collected and how it is processed and used.
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This Privacy Policy applies to all services which are offered under the domains:
Unless stated otherwise, this Privacy Policy exclusively regulates how antibodies-online treats your personal data. In case you make use of services provided by third parties, the privacy policy conditions of these third parties apply exclusively. antibodies-online does not revise the privacy policy conditions of third parties.
antibodies-online GmbH
Schloß-Rahe-Str. 15
52072 Aachen
Germany
Contact of the Data Protection Officer:
datenschutz@antikoerper-online.de or
privacy@antibodies-online.com
You shall have the right granted by the European legislator to obtain the confirmation as to whether or not personal data concerning you are being processed. You shall have the right to obtain free of charge information about your personal data stored at any time in writing and to obtain a copy of the personal information stored or processed. In addition you shall have the right of rectification of inaccurate personal data concerning yourself without undue delay. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. You shall have the right of restriction of processing of your personal data and the right of the erasure of personal data. Furthermore, in exercising your right to data portability pursuant to Article 20(1) of the GDPR, you shall have the right to have personal data transmitted directly from us to another company, where technically feasible and when doing so does not adversely affect our rights, duties or freedoms or those of others. On grounds relating to your particular situation, at any time, you shall have the right to object to processing of personal data yourself.
In order to exercise the above stated rights, you may directly contact the Data Protection Officer by E-Mail to datenschutz@antikoerper-online.de or privacy@antibodies-online.com.
Above and beyond you may lodge a complaint with the data protection supervisory authority.
Generally, you can access our web services without disclosing any personal data to us. It is always your choice whether or not to provide us with your personal data.
Your personal data will be stored on specifically secured servers. Access to these servers and the data contained thereon is restricted to a handful of specifically authorized personnel, dedicated to operate and maintain our websites and services. This personnel in their employment contracts has committed to maintain highest care in complying with all relevant data protection regulation and legislation (e.g. GDPR).
Cookies are text files that are stored in a computer system via an Internet browser. Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate your individual browser from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID. Following the rules and regulations of the European GDPR and most recent court rulings on European level, we have decided to eliminate all non-essential cookies from our websites. As to date, we have eliminated all marketing and tracking cookies with the exception of Google Analytics. We are in the last phase of testing a replacement of Google Analytics (cf. 6. Google Analytics) with a cookie-free Matomo (cf. 7 Matomo) tracking solution. The removal of the Google Analytics cookie is scheduled for Q3 2021.
Essential cookies by most recent definitions are those cookies, that are required by our website systems to operate the website. Essential Cookies allow our webservers, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user's computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie.
You may, at any time, prevent the setting of essential cookies through our websites by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of essential cookies. Furthermore, already set essential cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If you deactivate the setting of essential cookies in the Internet browser used, not all functions of our website may be entirely usable.
For the purchase of our products or pre-sales services such as providing offers, it may be necessary in order to conclude the contract or provide adequate advice that you provide us with personal data, which must subsequently be processed by us. We will use personal data such as but not limited to your name, age, E-Mail address and payment information.
Legal basis for the processing
If the processing of personal data is necessary for the performance of a contract to which you or your employer are party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other services, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.
Period for which the personal data will be stored
The criteria used to determine the period of storage of personal data is the respective statutory retention period required by German trading and tax regulations (§§ 147 AO and § 257 HGB) and is 10 (ten) years. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
On our websites, users are given the opportunity to subscribe to our E-mail service providing Information, News and Product Recommendations.
You will only receive such Information, News and Product Recommendations via E-Mail, if you have registered for this service. A confirmation e-mail will be sent to the e-mail address upon initial registration for you to confirm in a double opt-in procedure. You may revoke your consent of receiving Information, News and Product Recommendations via E-Mail at any time. For this purpose, a corresponding link is found in each E-Mail. It is also possible to unsubscribe from the service at any time directly on our websites, or by communicating your revocation to datenschutz@antikoerper-online.de or privacy@antibodies-online.com
For sending out the E-mails to all subscribers and to monitor results, we use SendGrid as an external service provider.
Sendgrid Inc.
1801 California Street
Suite 500
Denver, CO 80202
USA
Our decision to work with Sendgrid Inc. was based on it being registered and certified under the Privacy-Shield-Agreement. On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield Framework. The CJEU’s reasoning for the invalidation of Privacy Shield was twofold: US law gives US authorities the right to collect personal data about EU data subjects without adequate safeguards and EU data subjects lack effective means to seek redress against the U.S. government.
We are currently evaluating replacements for Sendgrid Inc. Beyond what is stated above there will be no transfer of personal data collected by the newsletter service to third parties.
Legal basis for the processing
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. Providing Information, News and Product Recommendations to you via E-Mail is based on your consent.
Period for which the personal data will be stored
Your personal data will be stored until you have removed your consent to this service.
If you contact us e.g. by e-mail or via a contact form, the personal data transmitted are automatically stored. Such personal data transmitted on a voluntary basis by you are stored for the purpose of responding to your request or follow-up requests. There is no transfer of this personal data to third parties.
Legal basis for the processing
The data processing operations when contacting us are based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the user which require protection of personal data. You may object to the use of your personal data at any time by directly contacting the Data Protection Officer by E-Mail to datenschutz@antikoerper-online.de or privacy@antibodies-online.com.
Period for which the personal data will be stored
Your personal data will be stored until your request has been completely answered or resolved and if it can be reasonably assumed that the contact request or any information related to it will not become relevant in the future.
We collect a series of general data and information upon each call up of our websites. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
We do not draw any conclusions about you or combine this data with any other personal data provided when using our websites. Rather, this information is needed to (1) deliver the content of our website correctly, (2) ensure the long-term viability of our information technology systems and website technology, and (3) to prevent cyber-attacks and to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
Legal basis for the processing
The data processing operations when contacting us are based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the user which require protection of personal data. You may object to the use of your personal data at any time by directly contacting the Data Protection Officer by E-Mail to datenschutz@antikoerper-online.de or privacy@antibodies-online.com.
Period for which the personal data will be stored
Our Server Log files will automatically be deleted after 30 days. We reserve the right to temporarily extend the storage of this data if this is required to serve above stated purposes, specifically if we have evidence or suspicion of e.g. an illegal attack on our servers. Anonymized and aggregated data will be stored permanently for statistical purposes.
We use Content Delivery Networks (CDNs) to ensure the stability of our websites and to optimize page load times. All requests to our servers to load content to your browser, specifically the IP-address of the visitor, will be forwarded to the CDN-Serviceproviders we use. Serviceproviders store this data in an aggregated format for statistical purposes. As Serviceproviders we use
Legal basis for the processing
The data processing operations when using CDN Service Providers are based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the user which require protection of personal data.
On our website we use the open source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our users. We use the Matomo Cloud-hosted solution. Our Matomo Cloud instance is running on Servers operated by “InnoCraft Ltd”, a New Zealand company (NZBN 6106769) headquartered at: 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. Innocraft uses Amazon Servers located in Europe to store the collected data.
We have configured Matomo to count website impressions from users without using cookies (cookie-free option). Matomo registers the IP Address of any website page impression and stores that address in a masked format. This means we have no technical means of identifying a user behind the IP address. You will remain anonymous as a user and we will not profile your behavior based on revisits. No personal data with respect to its GDPR related definition is therefore stored in the Matomo Cloud.
We regard the user tracking through Matomo as an integral part of our online service. Its aim is to consistently improve the website and align it more closely with user needs. With respect to European GDRP we are in the last phase of testing a replacement of Google Analytics with the Matomo tracking solution.
The following data is stored when individual pages of our website are accessed within one session:
In our configuration of Matomo, Data is not aggregated across separate sessions of the same user (no user profiling).
Currently your visit to this website is being recorded by Matomo web analysis. If you do not wish your visit to be recorded in future, click here:
Legal basis for the processing
The legal basis for processing personal data of users is Article 6 (1) point (a) of the GDPR.
Purpose of data processing
Matomo enables us to analyse the surfing behaviour of our users without storing personal data. By evaluating the collected data, we are able to generate information about the use of the individual components of our website. This helps us to continually improve our website and its user-friendliness. By using a cookie-free configuration and masking the user’s IP adress, the interests of the users regarding protection of personal data are sufficiently taken into account.
Duration of storage
The data is deleted as soon as it is no longer needed for our record-keeping purposes. The generated statistics and underlying data are not deleted.
Right to objection and deletion
Please refer to https://matomo.org/matomo-cloud-privacy-policy/ for more information. You are hereby reminded of your rights to correction, erasure and objection in terms of Articles 16, 17 and 21 GDPR.
We embed components (videos) of the video hosting service YouTube of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") in our websites. We use components (videos) of YouTube, LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA ("YouTube"), a company of Google Inc., Amphitheatre Parkway, Mountain View CA 94043, USA, ("Google") on our websites. The implementation is based on Art. 6 (1) lit. f GDPR; our legitimate interest in this case is the smooth integration of the videos and the attractive design of our website. We use the option of "privacy-enhanced mode" provided by Google. When you access a page containing an embedded video, a connection to the Google servers is established and the contents are displayed on the Internet page through a notification to your browser.
Pursuant to Google specifications, in the "extended data protection mode" your data - especially which of our Internet pages you have visited as well as device-specific information including the IP address - is sent to the Google servers in the US only when you view the video. By clicking on the video, you give your consent to this transfer.
If you are simultaneously logged on to Google, this information is assigned to your Google member account. You may prevent this by logging out of your member account before visiting our website. In part, information is transmitted to the parent company Google Inc., headquartered in the USA, to other Google-companies and external partners of Google, each of which may be located outside the European Union. Google utilizes standard contractual clauses approved by the European Commission and relies on the European Commission's adequacy decisions about certain countries.
For more information on data protection in connection with YouTube, please refer to the data protection regulations of Google (https://policies.google.com/privacy?hl=en&gl=de).
Our Websites are using marketing services from CrossEngage GmbH, Bertha-Benz-Straße 5, 10557 Berlin. CrossEngage is using cookies to track and register clicks and user behavior on our websites. The definition of cookies is explained above. The purpose of the cookie is the optimization and display of advertising. The cookie is used, inter alia, to display and place user-relevant advertising as well as to create or improve reports on advertising campaigns. If you as a user are logged-in to our websites, the information stored within your CrossEngage cookie is synched to your user profile. The CrossEngage GmbH is certified by ePrivacy and has been awarded the data protection certification ePrivacyseal.
Legal basis for the processing
The data processing operations when using marketing services from CrossEngage GmbH are based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the user which require protection of personal data.
If you do not consent to us providing you with user-relevant advertising, you may object to the use of your personal data at any time by directly contacting the Data Protection Officer by E-Mail to datenschutz@antikoerper-online.de or privacy@antibodies-online.com.
Further information and the applicable data protection provisions of CrossEngage GmbH can be accessed via https://www.crossengage.io/de/datenschutzerklaerung/.
Some of our Landingpages are using services provided by the Cloud-Computing Platform "Azure"from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). For each visit on an individual page using this cloud computing service specifically the IP-address of the visitor will be transmitted to the Microsoft Azure Cloud Servers. This transmission is required by the Microsoft System to enable their servers to load content to your browser. Landingpages are individual pages of our websites that allow you specific and particularly user friendly entry points to our websites.
Legal basis for the processing
The data processing operations when using services provided by the Cloud-Computing Platform "Azure"from Microsoft are based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the user which require protection of personal data.
Our decision to work with Microsoft was based on it being registered and certified under the Privacy-Shield-Agreement. On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield Framework. The CJEU’s reasoning for the invalidation of Privacy Shield was twofold: US law gives US authorities the right to collect personal data about EU data subjects without adequate safeguards and EU data subjects lack effective means to seek redress against the U.S. government.
We are currently evaluating replacements for the Cloud-Computing Platform "Azure" from Microsoft.
Our Websites are using the Google Service „reCaptcha" to differentiate web traffic and form input generated by human beings from server requests generated by computer programs („bots"). The service is provided by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES. Google uses the following data to assess whether the user input is generated by a computer or by a human being:
Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) your Google account if you are logged-in with Google. reCaptcha also uses specific user tasks and tracks your solution to those tasks such as mouse movement and recognition of images.
Legal basis for the processing
The data processing operations when using Google „reCaptcha" are based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the user which require protection of personal data.
Further information and the actual data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.
Our decision to work with Google Inc. was based on it being registered and certified under the Privacy-Shield-Agreement. On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield Framework. The CJEU’s reasoning for the invalidation of Privacy Shield was twofold: US law gives US authorities the right to collect personal data about EU data subjects without adequate safeguards and EU data subjects lack effective means to seek redress against the U.S. government.
We are currently evaluating replacements for the Google Service „reCaptcha".
For payment processing, we use the services of Stripe Payments Europe, Ltd. The One Building ,1 Grand Canal Street Lower, Dublin 2, Ireland ("Stripe"). In connection with the processing of the payment of the purchase, we do not store credit card information. Rather, credit card information is routed directly to Stripe. For more information on data processing by Stripe, please see Stripe's privacy policy at https://stripe.com/en-IT/privacy. For further privacy-related information after the discontinuation of the Privacy Shield, please click here: https://stripe.com/privacy-center/legal#data-transfers.The legal basis for the data processing associated with the use of Stripe is Art. 6 (1) lit. b DSGVO.
Stripe collects additional data for its own purposes, such as for abuse prevention and further development of its products, as well as for marketing purposes. This includes in particular technical usage data (IP address, device identifier or information on the operating system).
The data processing by Stripe partly takes place on servers in the USA. In the event that personal data is transferred to the USA and it must be ensured that an international data transfer is regulated by a data transfer mechanism, we have concluded the EU standard contractual clauses. Stripe has thus undertaken to guarantee the European data protection principles and the local level of data protection also in the context of data processing taking place in the USA.
After processing the payment Stripe notifies us of the receipt of payment and we store in this respect the information on the receipt of payment as well as the information on the ordered shopping cart and the fee, as well as the selected payment method in connection with your antibodies-online purchase, in order to allocate and prove payments received and to be able to send your ordered goods and manage them in your antibodies-online account. The details of payments made are kept for accounting reasons in connection with the registration data for a period of ten years. The legal basis for this storage is Art. 6 Para. 1 lit. c DSGVO in conjunction with §257 HGB and 147 AO.
Our Websites are using other services and tools from third parties to provide technical functionality or a specific user experience that may track, store and if required for the technical performance of the service or tool transmit personal data to servers hosted by these third parties. We will ensure conformity with GDPR of the respective third parties by contractual agreement on data processing and security proceedures.