The VisioNize Lab Suite is a cloud solution that is intended for the connection and management of IoT-enabled lab equipment (hereinafter called “VNLS” or “Application”).
With the following Privacy Statement, we would like to inform you what personal data concerning you (hereinafter called “data”) will be processed, and for what purposes, in connection with the use of the VNLS and what are your rights pursuant to the European General Data Protection Regulation (GDPR).
To our business contacts, our Privacy Statement for Business Contacts will apply in addition. It can be found here.
Unless otherwise stated in this Privacy Statement, the joint controllers within the meaning of Art. 26.1, Sentence 1, GDPR (i.e. parties jointly responsible for data processing) for all data processing procedures in connection with your use of the VNLS which are mentioned below are:
|
Eppendorf SE |
Eppendorf Instrumente GmbH |
If you have any questions about the processing of your data in this context, do not hesitate to contact us at the above contact information or by email at datenschutz@eppendorf.de. You can also use this contact channel if you wish to receive a copy of the main excerpts of the joint controllers' agreement between Eppendorf SE and Eppendorf Instrumente GmbH.
Should you have any questions or suggestions on data protection or this Privacy Statement in general, you may also contact us at the above contact information or by email at datenschutz@eppendorf.de.
Please note that we are only responsible for the data processing procedures described below. For all other data processing procedures in connection with the VNLS, the company that makes the Application available to you for use (which is usually your employer) is responsible. For information on the data processing procedures which are the responsibility of the company that makes the Application available to you for use, please read the privacy statement provided to you by the company concerned.
You can contact our Data Protection Officer at datenschutzbeauftragter@eppendorf.de.
When the VNLS website is accessed, the browser used on your terminal device will, automatically and without any action from your part, transmit the following information:
We will save the above data in a so-called log file for the following purposes:
The processing takes place on the basis of our above-mentioned legitimate interest (Art. 6.1 (f) GDPR).
The data will be stored for a period of up to 60 days and then deleted automatically.
In order to ensure the correct operation of the Application, we will collect the following data after you have logged into the VNLS, automatically and without any action from your part: your VNLS user ID, device and device usage data of the IoT devices connected by you (date and time of usage), and your IP address; we will store the data temporarily in a so-called log file. This information will enable us to determine when exactly and under what circumstances any errors occurred. The information will help us to find the cause of the errors efficiently.
The legal basis of the processing is Article 6.1 (f) GDPR. The processing of the above data is necessary for the correct operation of the VNLS. This is also what our legitimate interest lies in.
Your data will be stored for this purpose for a period of up to 60 days.
If you submit a technical support inquiry to us at the indicated support email address, e.g. to ask for an invitation to use the VNLS to be sent again, we will process your email address, your first and last name, the subject of your inquiry, the time and date of your inquiry, any other data which you may provide to us in your inquiry, and possibly other data (depending on the support inquiry).
The legal basis of the processing is Art. 6.1 (f) GDPR. The processing is necessary for the performance of the contractual relationship with the company which makes this Application available to you for use. This is also what our legitimate interest lies in.
Depending on your support inquiry, we may transmit your inquiry to other companies of the Eppendorf Group for further handling. The legal basis of the transmission of your data is Art. 6.1 (f) GDPR. We have a legitimate interest in enabling your request to be handled properly.
Within the Application we provide an Artificial Intelligence (“AI”) Chatbot to quickly obtain technical support for operating your connected devices or using the Application. You can communicate with the AI Chatbot in natural language, and the AI Chatbot will automatically answer your questions based on the database prepared by Eppendorf. The AI technology is used to understand your spoken input in a machine-readable way and to generate a linguistically appropriate answer based on the available database. The provision of personal data is not required for the use of the chatbot and should be avoided.
The AI Application is based on the Azure OpenAI provided by Microsoft Ireland Operations Limited, The Atrium Building, Block B, Carmanhall Road, Sandyford Business Estate, Dublin 18, Ireland (“Microsoft”). Microsoft processes your personal data on our behalf and in accordance with our instructions (see Article 4(8) and Article 28 GDPR).
If you use the AI Chatbot within the application, your prompts, i.e., your questions – including any personal data you may have provided – as well as the responses generated by the AI Chatbot will be processed in order to answer your inquiry. Please note that the provision of personal data is not required for the use of the chatbot and should be avoided. In addition, a so-called session ID is generated for the duration of your browser session and stored locally in your browser along with the communication content. This allows prompts you enter within a single browser session to be handled in a shared context, if needed, and allows you to view your chat history.
In connection with our cooperation with Microsoft, personal data may be transferred to third countries outside the European Union (EU) / European Economic Area (EEA) for which an adequacy decision from the European Commission does not exist. For data transfers to the United States, an adequacy decision by the European Commission exists pursuant to Article 45(1) GDPR for the EU-U.S. Data Privacy Framework, which serves as the basis for data transfers to certified companies and organizations in the United States.
Microsoft’s parent company, the “Microsoft Corporation” in the United States, to whose servers Microsoft may transmit personal data, is certified under the Data Privacy Framework. In addition, we have agreed to the Standard Contractual Clauses approved by the EU Commission pursuant to Article 46(2)(c) GDPR with Microsoft and taken additional measures in accordance with the criteria of the Court of Justice of the European Union (Schrems II judgment). You can access the current Standard Contractual Clauses of the European Commission at the following link: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en. You can also request a copy of those standard contractual clauses via any of the contact channels mentioned in Section 2.
The processing of your personal data is based on our legitimate interests, Article 6.1 (f) GDPR. We have a legitimate interest in providing the chatbot and in efficiently and user‑friendly answering your inquiries and providing information.
In addition to the aforementioned purposes, we process your chat histories to investigate attempted or successful attacks on the system and to optimize the Application. For this purpose, we store and evaluate your chat histories in the Application’s backend to identify attack patterns and to determine problems frequently reported by users with VNLS. If you have refrained from providing personal data in your prompts, the data processing will be carried out without any personal reference. Please note that the provision of personal data is not required for the use of the chatbot and should be avoided.
The processing of your personal data is based on our legitimate interests, Article 6.1 (f) GDPR. We have a legitimate interest in ensuring and improving the functionality and security of the Application.
The chat histories will be stored for a period of up to 60 days.
In connection with the VNLS, we use cookies and/or similar technologies (hereinafter collectively referred to as “cookies”). “Cookies” are small files that are stored on your terminal device via your web browser. Similar technologies may, for example, include pixels, scripts, local storage or other comparable technologies for storing information on your terminal device or reading information which has already been stored on it (hereinafter collectively referred to as “cookies”).
Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the inclusion of certain services of third-party companies in websites (e.g. the performance of analyses).
With regard to the storage period, the following types can be distinguished: So-called session cookies are only stored for the duration of a single browser session and deleted as soon as you close the browser. So-called persistent cookies, however, remain on your terminal device until they either reach a preset expiry date or are deleted from your terminal device by you, e.g. via your browser settings.
We actually use the following categories of cookies in connection with the VNLS:
This category includes cookies which are necessary for the operation and the functionalities of the VNLS (so-called “essential” cookies). A purpose of these cookies is to make the VNLS technically accessible and usable and to provide essential and basic functionalities, which includes guaranteeing the security of the Application. Another purpose of these cookies is to store your preferences for cookies and for the related data processing – including your given, refused or revoked consent – for a cookie consent management in conformity with the law.
Details on the cookies of the “essential” category which are actually used can be found under “Cookie Info” or on the cookie banner under “Cookie settings”.
The use of the cookies and the related storage of information on your terminal device as well as the access to this information for the above purposes is permitted without your consent, pursuant to Art. 25.2 of the German Telecommunications and Digital Services Data Protection Act (hereinafter referred to as “TDDDG”). The cookies are essential for guaranteeing the securi-ty of the Application.
Information on the processing of your personal data that is associated with these cookies can be found in Section 9.
By using these cookies, we are able to track and analyze your use of the VNLS and, based on the obtained findings, to better understand the needs of the VNLS users and to improve our Application accordingly. In this context, your user behavior can be traced back even across different browsers, sessions or terminal devices on the basis of a unique user ID.
Details on the cookies of the “analytical cookies” category which are actually used can be found under “Cookie Info” or on the cookie banner under “Cookie settings”.
The use of the analytical cookies and the related storage of information on your terminal device as well as the access to this information will, pursuant to Art. 25.1 TDDDG, only take place on the basis of your consent (Art. 6.1 (a) GDPR).
Information on the processing of your personal data that is associated with these cookies can be found in Section 10.
To obtain, manage and document your consent in conformity with the law, we use the OneTrust Consent Manager of our service provider OneTrust LLC, 110 Southwark St, SE1 0SU London, England.
One our behalf, OneTrust will process your IP address – in order to carry out the performance management technically – as well as your chosen cookie preferences – including your given, refused or revoked consent – for a cookie consent management which is in conformity with the law. In order to store your cookie preferences, including the status of your consent, OneTrust will store the cookies that are essential for this purpose on your terminal device.
The use the essential cookies which are used for this purpose and the related storage of information on your terminal device as well as the access to this information for the above purposes is permitted without your consent, pursuant to Art. 25.2 TDDDG.
In addition, we will process the above data as well as the date of your consent in order to prove that you have given your consent. The legal basis of this processing is Art. 6.1 (c) GDPR in connection with Art. 7.1 GDPR.
We will delete information that we have stored in order to prove your consent after the end of the period of limitation, i.e. after three years from the end of the year in which we have received your revocation.
If you have given us your consent to it, we will use the analytics service “Pendo” provided by Pendo.io Inc., 150 Fayetteville St 1400 Raleigh, NC 27601, USA (“Pendo”) in connection with your use of the VNLS. We make use of that service in order to analyze your use of the Application, to determine customer preferences and needs as a result, and to optimize the VNLS Application on the basis of the obtained findings.
For this purpose, when you use the VNLS, Pendo will collect information on your user behavior – together with your email address and your VNLS user ID – using analytical cookies, e.g. when and from where you accessed the Application, what functions were used within the VNLS and how long you were active on each page.
In doing so, Pendo also processes data for its own purposes and is therefore a controller itself. More information on Pendo's handling of your data can be found on the following website: https://www.pendo.io/legal/privacy-policy/
In connection with our cooperation with Pendo, personal data are transmitted to the USA. Therefore, we have agreed the standard data protection clauses approved by the EU commission (pursuant to Art. 46.2 (c) GDPR) with Pendo and taken additional measures in accordance with the criteria of the European Court of Justice (Schrems II judgment). The current standard date protection clauses of the European Commission can be found at the following URL: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en. You can also request a copy of those standard contractual clauses via any of the contact channels mentioned in Section 2.
The use of the analytical cookies and the related storage of information on your terminal device as well as the access to this information will, pursuant to Art. 25.1 TDDDG, only take place on the basis of your consent. The associated processing of information on your user behavior and the processing of your email address and user ID are also based on your consent (Art. 6.1 (a) GDPR).
You may revoke your consent with effect for the future at any time by making the appropriate changes in your cookie settings (https://visionize.com/cookie-list) or deleting cookies completely via your browser settings.
Your data will be stored for a period of 24 months.
We will process the data which we have collected for the above-mentioned purposes also for the following purposes:
The processing takes place on the basis of our legitimate interest in keeping up our business activities, performing our tasks and asserting, exercising or defending claims (Art. 6.1 (f) GDPR) or on the basis of a legal obligation pursuant to Art. 6.1 (c) GDPR.
You are neither contractually nor legally obligated to provide your data. However, the provision of your data is necessary to a certain extent so that you can access the VNLS and use it as intended.
Furthermore, the processing of your data is necessary so that we can guarantee the security and functionality of the VNLS and so that we can accept and handle your (support) inquiries.
To the extent that the provision of your data is necessary and you provide them yourself, we indicate this to you by marking the appropriate fields as required. The provision of further data is optional. If data which are necessary are not provided, this will result in us being unable to provide the above-mentioned functions and services of the VNLS to you. In particular, without you providing your data, we will be unable, for practical reasons, to accept your (support) inquiries.
In other cases, the result of you not providing your data may be that we will be unable to provide the relevant functions or services – or to provide them to the usual extent – or that we will not be able to answer your (support) inquiries completely and properly.
In addition to the cases described in this Privacy Statement, your personal data will be disclosed without your prior consent in the following cases only:
If it is necessary for clearing up any unlawful use of our Application or for prosecution, personal data will be forwarded to external consultants (e.g. lawyers), to the prosecuting authorities or, if applicable, to aggrieved third parties. However, this will only be done if actual indications of unlawful or abusive conduct exist.
A disclosure may also take place if it serves the purpose of asserting, exercising or defending claims. In addition, we are legally obligated to provide information to certain public authorities on request. These are prosecuting authorities, authorities prosecuting infractions penalized with a fine, and the fiscal authorities. Furthermore, a disclosure of your personal data may also occur if we are exposed to other claims of third parties that may include the provision of information about your data. In particular, this may be claims of data subjects in connection with the exercise of your rights pursuant to Chapter III GDPR.
The disclosure of the above data takes place on the basis of our legitimate interest in combating abuse, prosecuting crimes and asserting, exercising or defending claims (Art. 6.1 (f) GDPR) or on the basis of a legal obligations pursuant to Art. 6.1 (c) GDPR.
In connection with administrative processes, the organization of our business, financial accounting and the compliance with legal obligations (such as archiving), we will disclose and transmit your data to the fiscal authorities and to consultants such as tax consultants or auditors.
The disclosure of these data takes place on the basis of our legitimate interest in keeping up our business activities, performing our tasks and asserting, exercising or defending claims (Art. 6.1 (f) GDPR) or on the basis of a legal obligation pursuant to Art. 6.1 (c) GDPR.
Furthermore, we reserve the right to assign third-party contractors and external service providers – so-called processors (cf. Art. 4, Item 8, and Art 28 GDPR) – in order to fulfill the purpose described in this Privacy Statement. In such cases, personal data will be disclosed to these processors in order to enable them to process the data further. These processors will process personal data on our behalf and upon our instructions. In addition to the processors already mentioned in this Privacy Statement, we assign the following categories of processors:
In connection with the further development of our business, the structure of our company may change due to the legal form change, foundation, acquisition or sale of subsidiaries, business units or components. During such transactions, information will be shared with the part of the company to be transferred. For each disclosure of personal data to third parties to the extent described above, we will ensure that it will take place in accordance with the relevant data protection laws.
The disclosure of personal data is justified by the fact that we have a legitimate interest in adjusting our corporate structure to the economic and legal situation (Art. 6.1 (f) GDPR).
Some of the recipients of your data who are mentioned in this Privacy Statement are based in countries outside the European Union and the European Economic Area (so-called third countries). In those cases, we guarantee that one of the following conditions is fulfilled:
Further information, including a copy of the standard contractual clauses, can be requested at the contact information mentioned in Section 2.
Unless otherwise stated in this Privacy Statement, we will delete or anonymize your data as soon as they are no longer necessary for the purposes for which they were collected or further processed in accordance with this Privacy Statement. As a rule, we will store your data for the duration of the contractual relationship with the company which makes the Application available to you. In the case of any processing which we perform on the basis of your consent, we will store your data until you revoke your consent. If the purpose of the processing ceases to exists before any revocation, we will store your data until that date.
A storage beyond that date will only take place
To the extent that data must be retained for legal reasons, their processing will be restricted. The data will then no longer be available for further use.
With regard to the processing of your personal data, you are entitled to the rights described below. In addition to the possibilities already mentioned in this Privacy Statement, you may claim your rights by sending a request by mail or email at the contact information mentioned in Section 2 above.
You have the right to access the personal data concerning you that we process at any time upon request within the scope of Art. 15 GDPR as well as Section 34 of the German Federal Data Protection Act (BDSG).
As stipulated in Art. 16 GDPR, you have the right to request that we rectify personal data about you where this data is inaccurate. Furthermore, you have the right to request the completion of incomplete personal data by us.
In the circumstances described in Art. 17 GDPR and Section 35 BDSG, you have the right to request that we erase personal data concerning you.
You have the right to request that we restrict processing as per Art. 18 GDPR.
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format pursuant to Art. 20 GDPR
According to Art. 21 GDPR, you have the right to object to the processing of personal data concerning you based on Art. 6.1 (f) GDPR at any time on grounds relating to your particular situation. We will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is for asserting, exercising or defending legal claims.
If we process your personal data for direct marketing purposes, you have the right to object to the processing of your personal data for these purposes, including any profiling, at any time. Following your objection, we will no longer process your personal data.
You have the right to withdraw your consent at any time in accordance with Art. 7.3, sentence 1 GDPR. Withdrawal of your consent does not affect the lawfulness of the processing performed on the basis of your consent prior to its withdrawal.
You have the right to lodge a complaint with a supervisory authority of your choice if you believe that the processing of your data breaches applicable data protection law.
Finally, we point to the fact that when you exercise your rights pursuant to Art. 7.3, Sentence 1, GDPR and Art. 15 to 22 GDPR, we will store personal data transmitted by you in order to implement these requests and keep evidence of it, and in order to defend legal positions in the case of disputes. In connection with this, we will store your data until the end of the period of limitation running from the complete fulfillment of your request to exercise your data subject rights, i.e. for three years from the end of the year in which you made your request.
The legal basis of this processing for the purposes of implementing your request and proving the implementation of your request to exercise your data subject rights in conformity with the law is Art. 6.1 (c) GDPR in connection with Art. 7.3, Sentence 1, GDPR and Art. 15 to 22 GDPR as well as Art. 34.2 BDSG. To the extent that we process the personal data for purposes of legal defense, this is also what our legitimate interest lies in (Art. 6.1 (f) GDPR).
You are neither contractually nor legally obligated to provide your personal data; however, we may refuse the fulfillment of your request to exercise your data subject rights pursuant to Art. 12.2, Sentence 2, GDPR if you do not provide us, on request if applicable, with the data required for your clear identification.
The current version of this Privacy Statement is available at https://visionize.com/privacypolicy.html at any time.