The VisioNize Lab Suite is a cloud solution that is intended for the connection and management of IoT-enabled lab equipment (hereinafter called “VNLS” or “Application”).
With the following Privacy Statement, we would like to inform you what personal data concerning you (hereinafter called “data”) will be processed, and for what purposes, in connection with the use of the VNLS and what are your rights pursuant to the European General Data Protection Regulation (GDPR).
To our business contacts, our Privacy Statement for Business Contacts will apply in addition. It can be found here.
Unless otherwise stated in this Privacy Statement, the joint controllers within the meaning of Art. 26.1, Sentence 1, GDPR (i.e. parties jointly responsible for data processing) for all data processing procedures in connection with your use of the VNLS which are mentioned below are:
|
Eppendorf SE |
Eppendorf Instrumente GmbH |
If you have any questions about the processing of your data in this context, do not hesitate to contact us at the above contact information or by email at datenschutz@eppendorf.de. You can also use this contact channel if you wish to receive a copy of the main excerpts of the joint controllers' agreement between Eppendorf SE and Eppendorf Instrumente GmbH.
Should you have any questions or suggestions on data protection or this Privacy Statement in general, you may also contact us at the above contact information or by email at datenschutz@eppendorf.de.
Please note that we are only responsible for the data processing procedures described below. For all other data processing procedures in connection with the VNLS, the company that makes the Application available to you for use (which is usually your employer) is responsible. For information on the data processing procedures which are the responsibility of the company that makes the Application available to you for use, please read the privacy statement provided to you by the company concerned.
You can contact our Data Protection Officer at datenschutzbeauftragter@eppendorf.de.
When the VNLS website is accessed, the browser used on your terminal device will, automatically and without any action from your part, transmit the following information:
We will save the above data in a so-called log file for the following purposes:
The processing takes place on the basis of our above-mentioned legitimate interest (Art. 6.1 (f) GDPR).
The data will be stored for a period of up to 60 days and then deleted automatically.
In order to ensure the correct operation of the Application, we will collect the following data after you have logged into the VNLS, automatically and without any action from your part: your VNLS user ID, device and device usage data of the IoT devices connected by you (date and time of usage), and your IP address; we will store the data temporarily in a so-called log file. This information will enable us to determine when exactly and under what circumstances any errors occurred. The information will help us to find the cause of the errors efficiently.
The legal basis of the processing is Article 6.1 (f) GDPR. The processing of the above data is necessary for the correct operation of the VNLS. This is also what our legitimate interest lies in.
Your data will be stored for this purpose for a period of up to 60 days.
If you submit a technical support inquiry to us at the indicated support email address, e.g. to ask for an invitation to use the VNLS to be sent again, we will process your email address, your first and last name, the subject of your inquiry, the time and date of your inquiry, any other data which you may provide to us in your inquiry, and possibly other data (depending on the support inquiry).
The legal basis of the processing is Art. 6.1 (f) GDPR. The processing is necessary for the performance of the contractual relationship with the company which makes this Application available to you for use. This is also what our legitimate interest lies in.
Depending on your support inquiry, we may transmit your inquiry to other companies of the Eppendorf Group for further handling. The legal basis of the transmission of your data is Art. 6.1 (f) GDPR. We have a legitimate interest in enabling your request to be handled properly.
In connection with the VNLS, we use cookies and/or cookie-like technologies. “Cookies” are small files that are stored on your terminal device via your web browser. Cookie-like technolo-gies may, for example, include pixels, scripts, local storage or other comparable technologies for storing information on your terminal device or reading information which has already been stored on it (hereinafter collectively referred to as “cookies”).
Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-parry cookies enable the inclusion of certain services of third-party companies in websites (e.g. the performance of analyses).
With regard to the storage period, the following types can be distinguished: So-called session cookies are only stored for the duration of a single browser session and deleted as soon as you close the browser. So-called persistent cookies, however, remain on your terminal device until they either reach a preset expiry date or are deleted from your terminal device by you, e.g. via your browser settings.
We actually use the following categories of cookies in connection with the VNLS:
This category includes cookies which are necessary for the operation and the functionalities of the VNLS (so-called “essential” cookies). A purpose of these cookies is to make the VNLS technically accessible and usable and to provide essential and basic functionalities, which includes guaranteeing the security of the Application. Another purpose of these cookies is to store your preferences for cookies and for the related data processing – including your given, refused or revoked consent – for a cookie consent management in conformity with the law.
Details on the cookies of the “essential” category which are actually used can be found under “Cookie Info” or on the cookie banner under “Cookie settings”.
The use of the cookies and the related storage of information on your terminal device as well as the access to this information for the above purposes is permitted without your consent, pursuant to Art. 25.2 of the German Telecommunications and Digital Services Data Protection Act (hereinafter referred to as “TDDDG”). The cookies are essential for guaranteeing the securi-ty of the Application.
Information on the processing of your personal data that is associated with these cookies can be found in Section 9.
By using these cookies, we are able to track and analyze your use of the VNLS and, based on the obtained findings, to better understand the needs of the VNLS users and to improve our Application accordingly. In this context, your user behavior can be traced back even across different browsers, sessions or terminal devices on the basis of a unique user ID.
Details on the cookies of the “analytical cookies” category which are actually used can be found under “Cookie Info” or on the cookie banner under “Cookie settings”.
The use of the analytical cookies and the related storage of information on your terminal device as well as the access to this information will, pursuant to Art. 25.1 TDDDG, only take place on the basis of your consent (Art. 6.1 (a) GDPR).
Information on the processing of your personal data that is associated with these cookies can be found in Section 10.
To obtain, manage and document your consent in conformity with the law, we use the OneTrust Consent Manager of our service provider OneTrust LLC, 110 Southwark St, SE1 0SU London, England.
One our behalf, OneTrust will process your IP address – in order to carry out the performance management technically – as well as your chosen cookie preferences – including your given, refused or revoked consent – for a cookie consent management which is in conformity with the law. In order to store your cookie preferences, including the status of your consent, OneTrust will store the cookies that are essential for this purpose on your terminal device.
The use the essential cookies which are used for this purpose and the related storage of information on your terminal device as well as the access to this information for the above purposes is permitted without your consent, pursuant to Art. 25.2 TDDDG.
In addition, we will process the above data as well as the date of your consent in order to prove that you have given your consent. The legal basis of this processing is Art. 6.1 (c) GDPR in connection with Art. 7.1 GDPR.
We will delete information that we have stored in order to prove your consent after the end of the period of limitation, i.e. after three years from the end of the year in which we have received your revocation.
If you have given us your consent to it, we will use the analytics service “Pendo” provided by Pendo.io Inc., 150 Fayetteville St 1400 Raleigh, NC 27601, USA (“Pendo”) in connection with your use of the VNLS. We make use of that service in order to analyze your use of the Application, to determine customer preferences and needs as a result, and to optimize the VNLS Application on the basis of the obtained findings.
For this purpose, when you use the VNLS, Pendo will collect information on your user behavior – together with your email address and your VNLS user ID – using analytical cookies, e.g. when and from where you accessed the Application, what functions were used within the VNLS and how long you were active on each page.
In doing so, Pendo also processes data for its own purposes and is therefore a controller itself. More information on Pendo's handling of your data can be found on the following website: https://www.pendo.io/legal/privacy-policy/
In connection with our cooperation with Pendo, personal data are transmitted to the USA. Therefore, we have agreed the standard data protection clauses approved by the EU commission (pursuant to Art. 46.2 (c) GDPR) with Pendo and taken additional measures in accordance with the criteria of the European Court of Justice (Schrems II judgment). The current standard date protection clauses of the European Commission can be found at the following URL: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en. You can also request a copy of those standard contractual clauses via any of the contact channels mentioned in Section 2.
The use of the analytical cookies and the related storage of information on your terminal device as well as the access to this information will, pursuant to Art. 25.1 TDDDG, only take place on the basis of your consent. The associated processing of information on your user behavior and the processing of your email address and user ID are also based on your consent (Art. 6.1 (a) GDPR).
You may revoke your consent with effect for the future at any time by making the appropriate changes in your cookie settings (https://visionize.com/cookie-list) or deleting cookies completely via your browser settings.
Your data will be stored for a period of 24 months.
We will process the data which we have collected for the above-mentioned purposes also for the following purposes:
The processing takes place on the basis of our legitimate interest in keeping up our business activities, performing our tasks and asserting, exercising or defending claims (Art. 6.1 (f) GDPR) or on the basis of a legal obligation pursuant to Art. 6.1 (c) GDPR.
You are neither contractually nor legally obligated to provide your data. However, the provision of your data is necessary to a certain extent so that you can access the VNLS and use it as intended.
Furthermore, the processing of your data is necessary so that we can guarantee the security and functionality of the VNLS and so that we can accept and handle your (support) inquiries.
To the extent that the provision of your data is necessary and you provide them yourself, we indicate this to you by marking the appropriate fields as required. The provision of further data is optional. If data which are necessary are not provided, this will result in us being unable to provide the above-mentioned functions and services of the VNLS to you. In particular, without you providing your data, we will be unable, for practical reasons, to accept your (support) inquiries.
In other cases, the result of you not providing your data may be that we will be unable to provide the relevant functions or services – or to provide them to the usual extent – or that we will not be able to answer your (support) inquiries completely and properly.
In addition to the cases described in this Privacy Statement, your personal data will be disclosed without your prior consent in the following cases only:
If it is necessary for clearing up any unlawful use of our Application or for prosecution, personal data will be forwarded to external consultants (e.g. lawyers), to the prosecuting authorities or, if applicable, to aggrieved third parties. However, this will only be done if actual indications of unlawful or abusive conduct exist.
A disclosure may also take place if it serves the purpose of asserting, exercising or defending claims. In addition, we are legally obligated to provide information to certain public authorities on request. These are prosecuting authorities, authorities prosecuting infractions penalized with a fine, and the fiscal authorities. Furthermore, a disclosure of your personal data may also occur if we are exposed to other claims of third parties that may include the provision of information about your data. In particular, this may be claims of data subjects in connection with the exercise of your rights pursuant to Chapter III GDPR.
The disclosure of the above data takes place on the basis of our legitimate interest in combating abuse, prosecuting crimes and asserting, exercising or defending claims (Art. 6.1 (f) GDPR) or on the basis of a legal obligations pursuant to Art. 6.1 (c) GDPR.
In connection with administrative processes, the organization of our business, financial accounting and the compliance with legal obligations (such as archiving), we will disclose and transmit your data to the fiscal authorities and to consultants such as tax consultants or auditors.
The disclosure of these data takes place on the basis of our legitimate interest in keeping up our business activities, performing our tasks and asserting, exercising or defending claims (Art. 6.1 (f) GDPR) or on the basis of a legal obligation pursuant to Art. 6.1 (c) GDPR.
Furthermore, we reserve the right to assign third-party contractors and external service providers – so-called processors (cf. Art. 4, Item 8, and Art 28 GDPR) – in order to fulfill the purpose described in this Privacy Statement. In such cases, personal data will be disclosed to these processors in order to enable them to process the data further. These processors will process personal data on our behalf and upon our instructions. In addition to the processors already mentioned in this Privacy Statement, we assign the following categories of processors:
In connection with the further development of our business, the structure of our company may change due to the legal form change, foundation, acquisition or sale of subsidiaries, business units or components. During such transactions, information will be shared with the part of the company to be transferred. For each disclosure of personal data to third parties to the extent described above, we will ensure that it will take place in accordance with the relevant data protection laws.
The disclosure of personal data is justified by the fact that we have a legitimate interest in adjusting our corporate structure to the economic and legal situation (Art. 6.1 (f) GDPR).
Some of the recipients of your data who are mentioned in this Privacy Statement are based in countries outside the European Union and the European Economic Area (so-called third countries). In those cases, we guarantee that one of the following conditions is fulfilled:
Further information, including a copy of the standard contractual clauses, can be requested at the contact information mentioned in Section 2.
Unless otherwise stated in this Privacy Statement, we will delete or anonymize your data as soon as they are no longer necessary for the purposes for which they were collected or further processed in accordance with this Privacy Statement. As a rule, we will store your data for the duration of the contractual relationship with the company which makes the Application available to you. In the case of any processing which we perform on the basis of your consent, we will store your data until you revoke your consent. If the purpose of the processing ceases to exists before any revocation, we will store your data until that date.
A storage beyond that date will only take place
To the extent that data must be retained for legal reasons, their processing will be restricted. The data will then no longer be available for further use.
With regard to the processing of your personal data, you are entitled to the rights described below. In addition to the possibilities already mentioned in this Privacy Statement, you may claim your rights by sending a request by mail or email at the contact information mentioned in Section 2 above.
You have the right to obtain information from us, on request, on the personal data which are processed by us and concern you, to the extent stipulated in Art. 15 GDPR and Art. 34 of the Federal Data Protection Act (BDSG).
You have the right to require us to rectify the personal data concerning you if they should be incorrect.
You have the right to require us to delete the personal data concerning you, provided that the prerequisites described in Art. 17 GDPR and Art. 35 BDSG are fulfilled.
You have the right to require us to restrict the processing of your data, in accordance with Art. 18 GDPR.
You have the right to obtain from us the personal data which concern you and which you have provided to us in a structured standard machine-readable format, in accordance with Art. 20 GDPR.
On grounds related to your particular situation, you have the right to make an objection pursuant to Art. 21 GDPR at any time to the processing of personal data concerning you which may take place, among other things, on the basis of Art. 6.1 (f) GDPR. We will then cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights or freedoms or the processing serves the purpose of asserting, exercising or defending legal claims.
To the extent that we process your personal data for direct marketing purposes, you have the right to object to the processing of your personal data for these purposes at any time. After your objection, we will cease processing the data for these purposes.
Pursuant to Art. 7.3, Sentence 1, GDPR, you have the right to revoke your consent at any time. The revocation of the consent will not affect the legality of the processing which took place until the time of the revocation.
You have the right to turn to a supervisory authority of your choice if you are of the opinion that the processing of your personal data violates applicable data protection law.
Finally, we point to the fact that when you exercise your rights pursuant to Art. 7.3, Sentence 1, GDPR and Art. 15 to 22 GDPR, we will store personal data transmitted by you in order to im-plement these requests and keep evidence of it, and in order to defend legal positions in the case of disputes. In connection with this, we will store your data until the end of the period of limitation running from the complete fulfillment of your request to exercise your data subject rights, i.e. for three years from the end of the year in which you made your request.
The legal basis of this processing for the purposes of implementing your request and proving the implementation of your request to exercise your data subject rights in conformity with the law is Art. 6.1 (c) GDPR in connection with Art. 7.3, Sentence 1, GDPR and Art. 15 to 22 GDPR as well as Art. 34.2 BDSG. To the extent that we process the personal data for purposes of legal defense, this is also what our legitimate interest lies in (Art. 6.1 (f) GDPR).
You are neither contractually nor legally obligated to provide your personal data; however, we may refuse the fulfillment of your request to exercise your data subject rights pursuant to Art. 12.2, Sentence 2, GDPR if you do not provide us, on request if applicable, with the data required for your clear identification.
The current version of this Privacy Statement is available at https://visionize.com/privacypolicy.html at any time.