Privacy Policy

Preamble

With the following Privacy Policy, we would like to inform you about the types of your personal data (hereinafter also referred to shortly as "Data") that we process, for what purposes, and to what extent. The Privacy Policy applies to all processing of personal data carried out by us, both in the context of providing our services and particularly on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as the "Online Offering").

The terms used are not gender-specific.

Date: June 9, 2023

Table of Contents

• Preamble
• Data Controller
• Overview of Processing Activities
• Relevant Legal Bases
• Security Measures
• Transfer of Personal Data
• Data Erasure/Deletion
• Use of Cookies
• Provision of the Online Offering and Web Hosting
• Registration, Login, and User Accounts
• Contact and Inquiry Management
• Web Analysis, Monitoring, and Optimization
• Plugins and Embedded Functions and Content
• Rights of Users
• Definitions of Terms

Data Controller

mttecc
Michael Meseke
Kantstraße 13
37120 Bovenden

Germany

E-Mail-Adresse:

michael.meseke@lifesciencemarket.com

Phone:

+49 551 3810 3954

Impressum:

www.lifesciencemarket.com/impressum

Overview of Processing Activities

The following overview summarizes the types of processed data, the purposes of their processing, and refers to the individuals affected.

Types of Processed Data

• Inventory Data.
• Contact Data.
• Content Data.
• Usage Data.
• Meta, Communication, and Procedural Data.

Categories of Data Subjects

• Communication Partners.
• Users.

Purposes of Processing

• Provision of contractual services and customer support.
• Handling of contact requests and communication.
• Security measures.
• Measurement of reach and usage statistics.
• Management and response to inquiries.
• Feedback.
• Profiles with user-related information.
• Providing our online offering and user-friendliness.
• IT infrastructure.

Relevant Legal Bases

Below is an overview of the legal bases of the General Data Protection Regulation (GDPR) under which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your respective country of residence or our country of residence. If more specific legal bases are applicable in individual cases, we will inform you about them in the privacy policy.

• Consent (Art. 6(1)(a) GDPR) - The data subject has given consent to the processing of their personal data for a specific purpose or purposes.
• Contractual Performance and Pre-contractual Inquiries (Art. 6(1)(b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or for taking pre-contractual steps at the data subject's request.
• Legitimate Interests (Art. 6(1)(f) GDPR) - The processing is necessary for the purposes of legitimate interests pursued by the data controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG). The BDSG contains specific provisions regarding the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, data transfer, and automated decision-making, including profiling, in individual cases. Furthermore, state data protection laws of the individual federal states may also apply.

Security Measures

We implement appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

These measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as controlling the access, input, disclosure, availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the erasure of data, and responses to data breaches. Additionally, we consider the protection of personal data in the development or selection of hardware, software, and procedures, in accordance with the principles of data protection, through privacy by design and default.

Transfer of Personal Data

As part of our processing of personal data, it may be necessary to transfer or disclose the data to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, IT service providers or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, enter into appropriate contracts or agreements with the recipients of your data to protect your data.

Internal data transfers within the organization: We may transfer personal data to other entities within our organization or grant them access to this data. If such transfers are for administrative purposes, they are based on our legitimate business and operational interests or are necessary for the fulfillment of our contractual obligations. Alternatively, transfers may occur with the consent of the data subjects or if there is a legal permission to do so.

Data Erasure/Deletion

The data we process will be deleted in accordance with legal requirements once the permitted consents for processing have been revoked or if other permissions no longer apply (e.g., when the purpose for processing the data no longer exists or if they are not necessary for the purpose). If the data is not deleted because it is required for other lawful purposes, its processing will be limited to those purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person.

Our privacy policy may also provide additional information regarding the storage and deletion of data that is specific to particular processing activities.

Use of Cookies

Cookies are small text files or other storage mechanisms that store information on devices and retrieve information from devices. For example, they can store the login status in a user account, the contents of a shopping cart in an online shop, the accessed content, or the used functions of an online offering. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as for analyzing visitor traffic.

Information on consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not required by law. Consent is not necessary, in particular, if the storage and retrieval of information, including cookies, are absolutely necessary to provide users with a telemedia service (i.e., our online offering) explicitly requested by them. Essential cookies typically include cookies with functions related to the display and functionality of the online offering, load balancing, security, storage of user preferences and choices, or similar purposes associated with the provision of the main and ancillary functions of the requested online offering. The revocable consent is clearly communicated to users and includes information about the respective use of cookies.

Information on legal basis for data processing: The legal basis for processing users' personal data through the use of cookies depends on whether we ask users for their consent. If users give their consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed through cookies are based on our legitimate interests (e.g., ensuring the operational functioning and improving the usability of our online offering) or, if the use of cookies is necessary to fulfill our contractual obligations, based on the necessity to fulfill our contractual obligations. The purposes for which we process cookies will be clarified in this privacy policy or as part of our consent and processing procedures.

Storage duration: In terms of storage duration, the following types of cookies are distinguished:

Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their device (e.g., browser or mobile application).

Persistent cookies: Persistent cookies remain stored even after closing the device. For example, they can be used to store the login status or display preferred content directly when the user revisits a website. Similarly, data collected through cookies can be used for measuring the reach. Unless we provide explicit information to users regarding the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are persistent and can have a storage duration of up to two years.

General information about revocation and objection (opt-out): Users can revoke their given consent at any time and also object to the processing of their data in accordance with the legal provisions of Article 21 of the GDPR. Users can also declare their objection through the settings of their browser, such as by disabling the use of cookies (which may restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

• Legal basis: Legitimate interests (Art. 6(1)(f) of the GDPR); Consent (Art. 6(1)(a) of the GDPR).

Additional information on processing operations, procedures, and services:

• Processing of cookie data based on consent: We utilize a cookie consent management system that enables us to obtain, manage, and withdraw user consent for the use of cookies, as well as the processing activities and providers mentioned within the cookie consent management process. The consent declaration is stored to avoid repetitive consent requests and to fulfill our legal obligation of demonstrating consent. The storage can be done server-side and/or through a cookie (referred to as an opt-in cookie or similar technologies) to associate the consent with a user or their device. Unless otherwise specified by cookie management service providers, the following information applies: The duration of consent storage can be up to two years. A pseudonymous user identifier is generated and stored along with the timestamp of consent, details about the scope of consent (e.g., categories of cookies and/or service providers), and information about the browser, system, and device used.
  Legal basis: Consent (Art. 6(1)(a) of the GDPR).
  
  
• consentmanager: Cookie consent management;
  
  Service provider:
  Seers, 24 Holborn Viaduct, London. UK. EC1A 2BN;

• Website: https://seersco.com/;

• Privacy policy: https://seersco.com/privacy-policy.html;
• Terms and Conditions: https://seersco.com/terms-and-conditions.html;
  
  
• Additional Information: The following data is stored on the servers of the service provider in the EU: Identification number (for the user, their browser, operating system, and the device used), IP address, date and time, country, language, type, scope, and purpose of the consent, cookie settings of the browser, website where the consent was given, technical information about the browser and operating system.

Provision of the Online Offer and Web Hosting

We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

• Types of data processed: Usage data (e.g., visited web pages, interest in content, access times); meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status); content data (e.g., inputs in online forms).
• Data subjects: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures.
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing procedures, methods, and services:

• Collection of access data and log files: Access to our online services is logged in the form of "server log files." Server log files may include the address and name of accessed web pages and files, date and time of access, transferred data volume, success message of the access, browser type and version, user's operating system, referrer URL (previously visited page), and, in most cases, IP addresses and the requesting provider. Server log files can be used for security purposes, such as preventing server overload (especially in the case of abusive attacks like DDoS attacks), as well as ensuring server performance and stability. Legal basis: Legitimate interests (Art. 6(1)(f) of the GDPR).

• Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident is finally clarified.

• hostNET: Provision of information technology infrastructure and related services (such as storage space and/or computing capacities);

• Service provider: hostNET Medien GmbH, Osterdeich 107, 28205 Bremen, Germany;

• Legal basis: Legitimate interests (Art. 6(1)(f) of the GDPR);

• Website: https://www.hostnet.de/;

• Privacy policy: https://www.hostnet.de/datenschutz.html;

• Data processing agreement: https://www.hostnet.de/support/sla-und-auftragsdatenverarbeitung.html.

Registration, Login, and User Accounts

Users have the option to create a user account. During the registration process, users are provided with the necessary mandatory information and their data is processed for the purpose of providing the user account, based on the fulfillment of contractual obligations. The processed data includes login information (username, password, and email address) in particular.

When users register, log in, or use their user account, we store their IP address and the timestamp of their respective actions. This storage is based on our legitimate interests as well as the users' interests in protecting against misuse and unauthorized use. In general, this data is not shared with third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users can be informed via email about actions relevant to their user account, such as technical changes.

• Processed data types: Master data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., inputs in online forms), meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Affected individuals: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of contractual services and customer support, security measures, management and response to inquiries, provision of our online offering and user-friendliness.
• Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing operations, procedures, and services:

• Registration with real names: Due to the nature of our community, we ask users to use their real names when accessing our services. The use of pseudonyms is not permitted.
• Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Contact and Inquiry Management

When contacting us (e.g., via postal mail, contact form, email, telephone, or social media) or in the context of existing user and business relationships, the information provided by the requesting individuals is processed to the extent necessary to respond to the contact inquiries and any requested actions.

• Processed Data Types: Contact details (e.g., email address, phone numbers), content data (e.g., entries in online forms), usage data (e.g., visited web pages, interests in content, access times), meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Data Subjects: Communication partners.
• Purposes of Processing: Contact inquiries and communication; management and response to inquiries; feedback (e.g., collecting feedback via online forms); provision of our online offerings and user-friendliness.
• Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR); performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).

Additional information on processing procedures, methods, and services:

• Contact Form: When users contact us through our contact form, email, or other communication channels, we process the data provided to us in order to address the inquiry or request.
• The legal basis for this processing is the fulfillment of a contract or pre-contractual inquiries (Art. 6(1)(b) GDPR) and our legitimate interests (Art. 6(1)(f) GDPR) in providing effective customer support and responding to inquiries.

Web Analytics, Monitoring, and Optimization

Web analytics (also referred to as "audience measurement") is used to analyze the visitor traffic of our online offering and can include pseudonymous values related to behavior, interests, or demographic information of visitors, such as age or gender. Through the use of audience analysis, we can, for example, determine the most frequently used time for our online offering, its functions, or content, or identify areas that require optimization.

In addition to web analytics, we may also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise specified below, profiles, i.e., data aggregated for a usage process, may be created and information may be stored and retrieved from a browser or device for these purposes. The collected information includes, in particular, visited web pages and elements used therein, as well as technical information such as the browser used, the computer system used, and information about usage times. If users have consented to the collection of their location data, either to us or to the providers of the services we use, location data may also be processed.

The IP addresses of users are also stored. However, we use IP masking (i.e., pseudonymization through IP address truncation) to protect users. In general, no personally identifiable information of users (such as email addresses or names) is stored in the context of web analytics, A/B testing, and optimization. Instead, pseudonyms are used. This means that neither we nor the providers of the software used have knowledge of the actual identity of users, but only the information stored in their profiles for the purposes of the respective procedures.

• Types of processed data: Usage data (e.g., visited web pages, interests in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Affected individuals: Users (e.g., website visitors, users of online services). Purposes of processing: Audience measurement (e.g., access statistics, identification of recurring visitors); Profiles with user-related information (creation of user profiles); Provision of our online offering and user-friendliness.
• Security measures: IP masking (pseudonymization of IP addresses).
• Legal basis: Consent (Art. 6(1)(a) GDPR).

Further information on processing procedures, methods, and services:

• Google Analytics 4: We use Google Analytics to measure and analyze the usage of our online offering based on a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. Its purpose is to associate analytical information with a device to recognize which content users have accessed within one or multiple usage sessions, which search terms they have used, revisited content, or interacted with our online offering. Additionally, the timing and duration of usage, as well as the sources of users referring to our online offering and technical aspects of their devices and browsers, are stored. Pseudonymous user profiles with information from the usage of various devices are created, and cookies may be used. Analytics provides data on a higher level of geographic location by capturing the following metadata through IP lookup: "city" (and the derived latitude and longitude of the city), "continent," "country," "region," "subcontinent" (and the ID-based counterparts). To ensure the protection of user data in the EU, Google receives and processes all user data through domains and servers within the EU. The users' IP address is not logged and is truncated by default, leaving only the last two digits. The truncation of IP addresses takes place on EU servers for EU users. Additionally, all sensitive data collected from users in the EU is deleted before being captured via EU domains and servers. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Legal basis: Consent (Art. 6(1)(a) GDPR).
• Website: https://marketingplatform.google.com/intl/en/about/analytics/
• Privacy policy: https://policies.google.com/privacy.
• Data processing terms: https://business.safety.google/adsprocessorterms/.
• Standard Contractual Clauses (ensuring an adequate level of data protection for processing in third countries): https://business.safety.google/adsprocessorterms.
• Opt-out possibility (Opt-Out): Opt-Out plugin: https://tools.google.com/dlpage/gaoptout?hl=en,
• settings for displaying advertisements: https://adssettings.google.com/authenticated.

Further information: https://privacy.google.com/businesses/adsservices (Types of processing and processed data).

Plugins and Embedded Functions and Content

We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos, or maps (collectively referred to as "content").

The integration always requires the third-party providers of this content to process the IP address of the users, as they would not be able to send the content to their browsers without the IP address. The IP address is therefore necessary for the display of this content or functionality. We make every effort to only use content from providers who use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the users' device and may include technical information about the browser and operating system, referring websites, visit time, and other information about the use of our online offering, as well as being linked to such information from other sources.

• Processed data types: Usage data (e.g., visited web pages, interests in content, access times); meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
• Affected individuals: Users (e.g., website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness; provision of contractual services and customer support.
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing procedures, methods, and services:

reCAPTCHA: We integrate the "reCAPTCHA" function to determine whether inputs (e.g., in online forms) are made by humans rather than automated machines (known as "bots"). The processed data may include IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keystrokes, duration of stay on web pages, previously visited websites, interactions with reCAPTCHA on other websites, and, in some cases, cookies as well as results of manual recognition processes (e.g., answering questions or selecting objects in images). The data processing is based on our legitimate interest in protecting our online offering against abusive automated crawling and spam. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

• Website: https://www.google.com/recaptcha/
• Privacy policy: https://policies.google.com/privacy
• Opt-out possibility: Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en,
• Ad display settings: https://adssettings.google.com/authenticated.

Rights of the data subjects:

As a data subject under the GDPR, you have various rights that arise particularly from Articles 15 to 21 of the GDPR. These rights include:

1. Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your data for such marketing, including profiling related to such direct marketing.

2. Right to withdraw consent: If you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.

3. Right to information: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and to access information about the processing of your data, as well as to receive a copy of the data in accordance with the legal requirements.

4. Right to rectification: You have the right to request the rectification of inaccurate or incomplete personal data concerning you, in accordance with the legal requirements.

5. Right to erasure and restriction of processing: You have the right to request the erasure of your personal data or the restriction of its processing, in accordance with the legal requirements.

6. Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to have it transmitted to another controller, in accordance with the legal requirements.

7. Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data violates the provisions of the GDPR.

Please note that the exercise of these rights may be subject to certain conditions and exceptions under the GDPR.

Definition of Terms

In this section, you will find an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are primarily defined in Article 4 of the General Data Protection Regulation (GDPR). The legal definitions are binding. The following explanations are primarily intended to aid understanding. The terms are sorted alphabetically.

• Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• Profiles with user-related information: The processing of "profiles with user-related information," or simply "profiles," includes any form of automated processing of personal data that involves using such personal data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information concerning demographics, behavior and interests, such as interaction with websites and their content, etc.). For profiling purposes, cookies and web beacons are often used.
• Reach measurement: Reach measurement (also referred to as web analytics) is used to analyze the flow of visitors to an online service and may encompass the behavior or interests of visitors in certain information, such as website content. Through reach analysis, website owners can, for example, determine when visitors access their website and what content they are interested in. This allows them to better tailor the content of the website to the needs of their visitors. Pseudonymous cookies and web beacons are frequently used for reach analysis to recognize recurring visitors and obtain more precise analyses of the use of an online service.
• Controller: The term "controller" refers to the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
• Processing: "Processing" means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data, including collection, evaluation, storage, transmission, or deletion.