PERSONAL DATA PROTECTION RULES
Dear Madams and Sirs,
We would like to hereby inform you of the principles and procedures in the processing of personal data, being conducted in accordance with law of Germany Federal Data Protection Act and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR”).
Immunolab may revise and update these Personal Data Protection Rules in case of need. Current version of the Personal Data Protection Rules will be available on the website www.immunolab.de and in the registered office of Immunolab. In case a significant change is made in the way in which personal data are handled, the Immunolab will inform about it on the website www.immunolab.de.
BASIC INFORMATION REGARDING PERSONAL DATA PROCESSING
Controller’s identification and contact information: Immunolab GmbH, with its registered office at Otto-Hahn-Straße 16, D-34123 Kassel, Germany, a company registered in the Commercial Register with the Hesse District court Kassel HRB 5450 (hereinafter also referred to as the „Immunolab“), contact email: firstname.lastname@example.org, tel.: +49 (0)561 491 742-0.
Data protection officer: Immunolab has not appointed a data protection officer, because Immunolab is not an obligated person within the meaning of Art. 37 of the GDPR.
Transfer of personal data to a third country or international organization: Immunolab does not transfer personal data into third countries nor to international organisations within the meaning of Art. 44 and following of the GDPR. The only exception are processors with seat in the United States of America specified below, that have committed themselves to comply with the conditions of adequate protection through Privacy Shield.
Information on the nature of the provision of data: If personal data are being processed for the purpose of the fulfilment of an agreement or the fulfilment of legal obligations, the provision of data is a statutory requirement. If personal data are being processed on the basis of the consent of the data subject, the provision of data is a contractual requirement.
Supervisory authority: The supervisory authority is an independent public authority entitled to personal data protection in the state. The supervisory authority for Immunolab is Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, with registered office at Postfach 3163, 65021 Wiesbaden, Germany, tel.: +49 611 1408 – 0.
Purpose and scope of processing: For the purpose of fulfilling an agreement or fulfilling legal obligations, Immunolab processes particularly: name, surname, business name, identification number, VAT number, residence/registered address, telephone, email.
Immunolab also processes data from subjects through their visit to the website www.immunolab.de. It is particularly IP address of a user.
If Immunolab intends to process other personal data than as stated in this article, or for other purposes, it can do so only on the basis of a validly granted consent to the processing of personal data. Consent to the processing of personal data is granted by the data subject in a separate document.
Processing of Immunolab employees’ personal data is governed by an internal regulation.
Duration of data processing: The personal data of data subject are processed by Immunolab for the duration of the contractual relationship and subsequently for a maximum period of 5 years from the termination of the contractual relationship. Personal data being processed in order to fulfil obligations arising from special legal regulations are processed by Immunolab for the duration of time as set out in such legal regulations. If it is necessary to use the personal data for the protection of the Immunolab’ legitimate interests, Immunolab processes these for the duration of time necessary in order to exercise such rights.
Sources of personal data: Immunolab obtains personal data directly from data subjects within the scope of negotiations regarding the execution of the Agreement. Immunolab always informs data subjects as to which of the personal they must provide for the purposes of the performance of the Agreement.
Filling of contact and order forms: In order to be able to use immunoSERVICE (testing of food intolerance), a contact and order form must be completed by the client on the website “www.immunolab.de”. By completing the contact or order form and submitting this data to Immunolab, the client agrees that his personal data will be stored and processed by Immunolab. Immunolab uses this data only within the scope of the permissible and for the purpose associated with the order.
The data transmitted via the contact and order form will be stored by Immunolab and stored until revocation or according to legal provisions and used appropriately.
The following personal data must be provided by the client in order to use immunoSERVICE: Name; Country; E-mail address.
The data transmitted by the client in the contact and order form is used by Immunolab for the administrative communication with the client as well as order processes.
RECIPIENTS OF PERSONAL DATA
Immunolab does not transfer personal data to any other controllers.
Processors of personal data are:
|The area of cooperation||Identification of a processor|
|Providing of logistics||Various logistics providers such as DHL, FedEx, etc.|
|Banking services||Kasseler Sparkasse, with seat Wolfsschlucht 9, 34117 Kassel, Germany|
|E-mail hosting||Strato AG, with registered office at Pascalstraße 10, 10587 Berlin, Germany|
|E-mail hosting||Microsoft Corporation, with registered office One Microsoft Way, Redmond, Washington 98052 USA|
Processing of personal data may be conducted for Immunolab by processors exclusively on the basis of a personal data processing agreement, i.e. with guarantees of the organizational and technical security of such data with a definition of the purpose of processing, whereby processors cannot use the data for other purposes.
Personal data processed in order to fulfil an obligation set out in a special law may Immunolab disclose to government authorities to other entities within the scope as set out in a special law.
TECHNICAL SECURITY OF DATA
For the purpose of the security of personal data against their unauthorized or accidental disclosure, Immunolab applies reasonable and appropriate technical and organizational measures that are continuously updated. Technical measures consisting in the application of technologies preventing unauthorized access by third parties to personal data. Access authorization to personal data is individual-related. Organizational measures are a set of rules of behaviour for Immunolab’ employees and are a part of the Immunolab’ internal rules. These rules are considered to be confidential on grounds of security.
If Immunolab’ servers are located in a data centre operated by a third party, Immunolab takes care to ensure that the technical and organizational measures are implemented by the third party. Immunolab proclaims, that all data are located only on servers within the European Union or in countries ensuring personal data protection in a manner equivalent to the protection ensured by the legal regulations of Germany.
RIGHTS OF DATA SUBJECTS
The right to object to processing: The data subject has, on grounds pertaining to the data subject’s specific situation, the right to raise an objection at any time to the processing of personal data pertaining to him/her and which Immunolab is processing on grounds of its legitimate interest. In such a case, Immunolab does not process the personal data further, unless it proves serious legitimate reasons for processing that override the interests or rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
The data subject has also:
the right to access to personal data: The data subject has the right to obtain a confirmation from Immunolab as to whether personal data pertaining to the data subject are or are not being processed, and if so, the data subject has the right to obtain access to such personal data and to the following information: a) the purpose of processing; b) the category of affected personal data; c) the recipients to which personal data have been or will be disclosed; d) the planned time period for which personal data will be stored; e) the existence of the right to require the correction or erasure of personal data from the controller or a restriction of the processing thereof, or to raise an objection to such processing; f) the right to lodge a complaint with supervisory authority; g) all available information on the source of the personal data, if they are not obtained from the data subject; h) the fact that automated decision-making is occurring, including profiling. The data subject also has the right to obtain a copy of the personal data being processed.
the right to the correction of personal data: The data subject has the right to the correction of inaccurate personal data pertaining to the data subject or to the supplementation of incomplete personal data without undue delay by Immunolab.
the right to the erasure of personal data The data subject has the right to erasure of the data subject’s personal data pertaining to him/her by Immunolab without undue delay, in the event that: a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; b) the data subject withdraws the consent on the basis of which the data were processed, and there is no other legal reason for processing; c) the data subject raises objections to processing and there are no overriding legitimate reasons for processing; d) the personal data were processed unlawfully; e) the personal data must be erased in order to fulfil a legal obligation set out within the law of the Union or of the Czech Republic; f) the personal data were collected in connection with an offer of information society services. The right to erasure shall not apply if the processing is necessary in order to fulfil legal obligations, for the establishment, exercise or defense of legal claims, and in other cases as set out within the GDPR.
the right to the restriction of processing: The data subject has the right to the restriction of processing personal data by Immunolab in any of the following cases: a) the data subject contests the accuracy of the personal data, for the time necessary for Immunolab to verify the accuracy of the personal data; b) processing is unlawful and the data subject opposes the erasure of the personal data and, instead, requests a restriction of their use; c) Immunolab no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defense of legal claims; d) the data subject has raised an objection to processing, until it is verified whether Immunolab’s legitimate reasons override the legitimate reasons of the data subject.
the right to data portability: The data subject has the right to obtain personal data pertaining to him/her that the data subject has provided to Immunolab, in a structured, commonly used and machine-readable format, and the right to transfer such data to another controller, without Immunolab preventing it, in the event that: a) processing is based upon consent and b) processing is being conducted by automated means. When exercising his/her right to data portability, the data subject has the right for personal data to be transferred directly by one controller to another controller, if this is technically feasible.
the right to information regarding the correction or erasure of personal data or a restriction of processing: Immunolab is obligated to notify individual recipients to whom personal data have been disclosed of all corrections or erasures of personal data or restrictions on processing, with the exception of cases where this is found to be impossible or it requires a disproportionate effort. If the data subject requests it, Immunolab informs the data subject of such recipients.
the right to lodge a complaint with a supervisory authority: If the data subject believes that Immunolab is not processing his/her personal data in a lawful manner, the data subject has the right to lodge a complaint with a supervisory authority. The data subject may lodge the complaint especially in the Member state of his or her habitual residence, place of work or place of the alleged infringement.
the right to be informed in the event of a breach of personal data security: If it is likely that a certain case of personal data security breach will result in a high risk to the rights and freedoms of natural persons, Immunolab shall notify the data subject of such breach without undue delay.
the right to withdraw consent to the processing of personal data: If Immunolab processes any personal data on the basis of consent, the data subject has the right to withdraw its consent to the processing of personal data at any time in writing, by sending a non-consent to the processing of personal data to the email address email@example.com.
Immunolab shall comply with the request of data subject according to a) – f) or the raised objection within one (1) month at the latest and where necessary within three (3) months from the date of receipt of the proper request. In the event of misuse of this right, in particular where requests from a data subject are manifestly unfounded or excessive, Immunolab may to charge a reasonable fee or to refuse to act on the request.
Immunolab uses cookie files, that identify the user of the website www.immunolab.de and record the user’s activities. The text of a cookie file consists of a series of numbers and letters that uniquely identify the user’s computer, but do not provide any specific personal data regarding the user.
The website www.immunolab.de automatically identifies the user’s IP address. The IP address is the number automatically assigned to the user’s computer upon connecting to the internet. All such information is recorded in the activity file by the server, which enables the subsequent processing of data.
Purpose of using cookie files: Immunolab uses cookie files and similar technologies for several purposes, which include:
Short-term cookies, that are necessary for the function of the website. These cookies are removed once the browser is closed or an operation on the website is completed.
Long-term cookies, that remember user-defined settings. These cookies can be removed in browser settings.
Third party cookie files may also be located on the website www.immunolab.de For example, this may be so because Immunolab has authorized a third party to, for example, conduct a site analysis.
Cookie setting: The majority of web browsers accept cookie files automatically. However, they provide controls that enable them to be blocked or removed. Users of the website www.immunolab.de are thus entitled to set their browser in such a way so that the use of cookie files on their computer is prevented. Instructions for blocking or removing cookie files in browsers may usually be found in the user documentation of individual browsers.