Cytomed OY takes the protection of your data very seriously and maintains our platform in accordance with the applicable data protection law, which includes the guidelines from the EU General Data Protection Regulation (referred to hereinafter as GDPR). The following illustrates how and to what extent your personal data is processed by our company.
General information on data processing
Scope of personal data processing
We process any personal data disclosed to us by our users only in so far as required for providing a working website as well as that of our content as services. Any processing of personal data of our users regularly only takes place after their consent was obtained. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.
Legal basis for processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) a GDPR as the legal basis.
In the processing of personal data required for the performance of a contract of which the data subject is a contacting party, Art. 6 (1) b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 (1) d GDPR serves as the legal basis.
In case that vital interests of the concerned person or another natural person necessitate the processing of personal
data, Art. 6 (1) f GDPR serves as the legal basis.
If the processing is required for safeguarding the legitimate interest of our company or that of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) f GDPR serves as the legal basis for processing.
Duration of storage
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Besides, data may be stored if this has thus been provided for by European or national legislators in EU regulations, laws or other provisions to which the responsible party is subject.
Data shall also be blocked or deleted in cases when a storage period- stipulated by any of the standards mentioned before expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
Collection and processing of personal data when visiting our website With every visit of our website, our system automatically collects data and information from the computer system of the calling computer. We only collect the personal data such as log data that your browser transmits to our server, which are technically necessary for us to display our website to you and to guarantee stability and security.
When you visit our website, we store certain information as follows:
- Information on the used browser, browser version and operating system
- Information on the service provider
- Information on the IP- address
- Information on the date and time of the visit
- Information on the websites from which the user’s system accessed our website
- Information on the websites the user access via our website
These data are also stored in the log files of our system. There is no joint storage of such data together with other personal data of the user.
The legal basis for the temporary storage of data and log files is Art. 6 (1) f GDPR.
Purpose of data processing
The temporary storage of an IP address by the system is necessary to display our website and set up its content. For this purpose, the user’s IP address must be stored for the duration of the session. Furthermore, the data serves to optimize the website and to guarantee the stability and security. No evaluation of the data for marketing purposes is taking place in this context.
Duration of storage
The data is deleted as soon as it has served the purpose of collection. After the termination of the session, the data will not be saved any longer or will be erased 14 days at the latest.
Option of objection and deletion
The collection of data for providing the website and the storage of such data in log files is indispensable for operating the website. Consequently, there is no possibility of objection on the part of the user.
These cookies are automatically deleted after the respectively defined period.
The data processed by cookies is required for the purposes mentioned before in order to protect our legitimate interests and those of third parties pursuant to Art. 6 (1) f GDPR.
You can control cookies by setting your browser to refuse all cookies or to indicate when a cookie is being sent to your computer. Most browsers accept cookies by default. However, a full deactivation of all cookies may prevent our sites or services from working properly. User data collected in this way are pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user will not be possible any longer.
The data will not be stored together with other personal data of the user.
Google Analytics We use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, for customizing and optimizing our website by analyzing the user’s activity.
Google will not associate your IP address collected via Google Analytics with other data held by Google. Furthermore, the Google Analytics code used on this website employs the “anonymizeIP” option. This ensures that your IP address is masked, and all collected data are anonymized. In exceptional cases, your full IP address may be transferred to and truncated on a Google server in the USA. Such information includes your browser type and version, operating system, the referrer URL, IP address and the time of the server request.
Google will use the collected information on our behalf for the purpose of analyzing your use of website, compiling reports on website activity, and providing other services to us relating to website activity and internet usage. You may choose to disable cookies in your browser settings, however, this may affect your experience on our website as all functionality may not be available for you. If you do not want Google to collect and process data created by the cookie relating to your use of our website (including your IP address), you can prevent this by downloading and installing the browser add- on available from https://tools.google.com/dlpage/gaoptout?hl=en.
The legal basis is our legitimate interests according to § 15 (3) TMG and Art. 1 (1) f GDPR.
Any personal data collected are purged after 14 months or anonymized. Further to this, Google is certified under the Privacy Shield Framework, guaranteeing that data are collected in line with the European data protection regulations https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Google Web Fonts
Our website uses Google Web Fonts to represent the fonts as provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. If your browser does not support web fonts, your computer will display standard fonts. For further information, please visit https://developers.google.com/fonts/faq or https://www.google.com/policies/privacy/.
The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. A justified interest pursuant to Art. 6 (1) f GDPR.
Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution operated by Google LLC. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register personal data. The tool causes other tags to be activated which may, for their part, register data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.
Pardot sets first-party cookies for tracking purposes and sets third-party cookies for redundancy. The cookies are used as a unique identifier and do not save personally identifying information.
Campaign Manager (formerly: Google DoubleClick)
A conversion happens if, e.g., a user sees a DoubleClick advertisement and then later visits the advertiser’s website and makes purchase using the same browser. According to Google, DoubleClick cookies do not contain any personal information.
Due to the use of DoubleClick, your browser automatically establishes a direct connection to the Google server. We do not have any influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating DoubleClick, Google receives information that you have accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
There are a number of ways in which you can opt out of participation in Google AdWords and DoubleClick:
By making the appropriate settings in your browser; in particular, suppressing third-party cookies means that you will not receive advertisements from third parties.
By disabling interest-based advertising by providers that participate in the About Ads self-regulatory program at https://www.aboutads.info/choices. This setting will be undone once you delete your cookies.
By permanently opting out: https://www.google.com/settings/ads/plugin_when using Firefox, Internet Explorer or Google Chrome. Please note that you may not be able to use all of the functions on this website if you do this.
The legal basis for processing your data is established in point (f) of Article 6(1) of the GDPR. Our legitimate interest in the use of DoubleClick by Google is to provide advertisements personalized to the interests of users, and to carry out market research in general. If you require further information about the balancing of interests that must be carried out in accordance with point (f) of Article 6(1) of the GDPR, please contact us using the details provided above.
If you have given your consent, we will send you a newsletter to inform you about news on our products and services and to point out offers of our dealers and distributors or other third parties. Your data will not be passed on by us to those third parties to whose offers we refer you through the newsletter, unless you have consented to this.
You can unsubscribe from the newsletter at any time by clicking on the corresponding link at the end of the e-mail. You can also revoke this consent at any time with effect for the future by unsubscribing via email@example.com
Cross border data transfers
Within the scope of our information sharing activities set out above, your personal data may be transferred to other countries (including countries outside the EEA) which may have different data protection standards than your country of residence. We have proper guarantees with the involved third parties in place (e.g. other operating the websites on our behalf) to ensure an adequate level of protection for personal data. Please note that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavor to take reasonable measures to keep up adequate level of data protection also when sharing your personal data with such countries.
In the case of a transfer outside of the EEA, this transfer is safeguarded by EU Standard Contractual Clauses.
Contact form and contact by E-Mail
We provide a contact form which can be used to contact us electronically. If you contact us by using the contact form, we will process the information you provide to contact you and answer your questions and requests.
Description and scope of data processing
Following information must be entered in the contact form “tell us about yourself”:
— First name
— Last name
— Company Name
— Newsletter opt-in
— Buyer or seller
Furthermore, following information will also be saved:
— IP- address
— Date and time of the registration
Alternatively, you can contact us via E-Mail. In this case, all the personal data transmitted via E-Mail will be stored.
Purpose of data processing We will process the personal data provided solely for the purpose of processing your enquiry. The other personal data processed during the dispatching process serve to prevent any misuse of the contact form and ensure the security of our information technology system.
We will only pass on your personal data to third parties if,
— You have given express consent pursuant to Art. 6 (1) a GDPR,
— A legal obligation exists for the disclosure pursuant to Art. 6 (1) c GDPR and
— This is legally permissible and is necessary for the processing of contractual relationships with you pursuant to Art. 6 (1) b GDPR.
The legal basis for the processing of data is Art. 6 (1) a GDPR if the user’s consent has been given and for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) f GDPR.
If the purpose of the e-mail contact is the conclusion of a contract, then the additional legal basis for the processing is Art. 6 (1) f GDPR. If the purpose of the e-mail contact is the conclusion of a contract, or the contact form is used, then the additional legal basis for the processing is Art. 6 (1) b GDPR.
Duration of storage
The data will be deleted as soon as the purpose for which they were collected is fulfilled. That is the case for the personal data from the input mask of the contact form and those sent by e-mail, when the respective conversation with the user is finished. Any conversation is considered as terminated when the inquiry is completely clarified and there is no need for a follow- up. The additional personal data collected during the dispatching process are deleted after a period of 14 days at the latest.
Possibility of objection and elimination
The user has the chance at any time to revoke his consent to the processing of personal data. If the user contacts us by e-mail, he can object the saving of his personal data at any time. Consequently, the conversation cannot be continued and the transmitted data will be erased.
The data provided to us with your application will only be used for the corresponding selection procedure and for the preparation of a possible employment.
Legal basis and consent
The legal basis for processing your personal data during the application procedure are Art. 88 (1) GDPR. Due to Art. 88 (1) GDPR processing your personal data is permissible, if it is relevant for deciding the reasons of an employment.
By sending us your application forms you agree with the processing of the personal data which is included in your application form. You may revoke your consent at any time.
Duration of storage
Personal data included in applications will be deleted after the purpose is fulfilled. Besides, your personal data will be erased after the staffing has been terminated or the application has been revoked as far as no statutory period of time for safeguarding is given. Applicants’ data will be erased after there is no need for further storage. Should you agree to a longer storage time of your personal data, we will store your data until you revoke your consent. Personal data included in applications will be deleted after the purpose is fulfilled.
If your application leads to an employment contract, your personal data will be stored in your personal file. After the termination of the employment contract the data will be deleted as far as no statutory period of time for safeguarding is given.
Your Data Protection Rights
As a data subject, you have the following rights in relation to your personal data:
Right of access (Art. 15 GDPR)
You can ask the responsible party if there is any personal data stored about you and being processed.
If this is the case, you have the right to access, which includes following information:
1. The purposes of the processing,
2. The categories of personal data concerned
3. The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
4. Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
5. The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing,
6. The right to lodge a complaint with a supervisory authority,
7. Where the personal data are not collected from the data subject, any available information as to their source,
8. The existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
9. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Art. 46 relating to the transfer.
10. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
Right to rectification (Art. 16 GDPR)
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure ( Art. 17 GDPR)
1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:
— The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
— The data subject withdraws consent on which the processing is based according to point (a) of Art. 6 (1), or point (a) of Art. 9 (2), and where there is no other legal ground for the processing,
— The data subject objects to the processing pursuant to Art. 21 (1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2)
— The personal data have been unlawfully processed
— The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
— The personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1).
2. Where the controller has made the personal data public and is obliged pursuant to point 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
3. Point 1 and 2 shall not apply to the extent that processing is necessary:
— For exercising the right of freedom of expression and information
— For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller,
— For reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 (2) as well as Art. 9 (3),
— For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) in so far as the right referred to in point 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing or,
— For the establishment, exercise or defence of legal claims.
Right to restriction of processing (Art. 18 GDPR)
1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
— The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
— The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
— The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
— The data subject has objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
2. Where processing has been restricted under 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the right of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A data subject who has obtained restriction of processing pursuant to 1 shall be informed by the controller before the restriction of processing is lifted.
Right to data portability (Art. 20 GDPR)
1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine- readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
— The processing is based on consent pursuant to point (a) of Art. 6 (1) or point (a) of Art. 9 (2) or on a contract pursuant to point (b) of Art. 6 (1) and
— the processing is carried out by automated means.
2. In exercising his or her right to data portability pursuant number 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
3. The exercise of the right referred to in point 1 of this Article shall be without prejudice to Art. 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object (Art. 21 GDPR)
You have the right at any time to object to the processing of personal data concerning you personally under Art. 6 (1) (e) or (f) of the GDPR; for reasons rising from your particular circumstances this also applies to profiling based on these provisions.
The responsible party no longer processes the personal data concerning you personally, unless it can provide compelling legitimate grounds for the processing, which outweigh your interests, rights and freedoms, or else the processing serves to assert, exercise or defend legal claims.
In case that data concerning you personally are processed for direct marketing purposes, you have the right to object at any time to the processing of these data for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such forms direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility to exercise your right of objection- regarding the use of services of the information society- by means of automated procedures using technical specifications, irrespective od Directive 2002/58/EC.
Right to evoke the consent to the data privacy statement
You have the right to revoke your consent to data privacy statement at any time. The revocation of consent shall not affect the legality of the processing carried out based on the consent until its revocation. Please direct your revocation to:
Automated decision making on a case-by-case basis including profiling
You have the right not to be subject to a decision based solely on automated processing- including profiling- that has legal effect on you or that affects your significantly negatively in a similar manner. This does ot apply if the decision
1. Is essential for the conclusion or performance of a contract between you and the responsible party,
2. Is permissible under the legislation of the Union or the Member States to which the responsible party is subject and if that legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or
3. Is taken with your express consent.
However, these decisions may not be based on the special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
Regarding cases referred to in (1) and (3), the responsible party shall take appropriate measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a representative on the part of the responsible party, the right of stating your own point of view and the right to object the decision.
Right of appeal to a supervisory authority
Irrespective of any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State of your residence, workplace or the location of the suspected infringement, if you believe that the processing your personal data is in violation of GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
We use during your website visit the most common SSL (Secure Socket Layer) method along with the highest level of encryption supported by your browser. Usually this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the type of lock/ key pictogram displayed in the lower status bar of your browser. We also use suitable technical and organizational security measures to protect your data from any accidental or intentional manipulation, its partial or complete loss, destruction or from the unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Up-to-dateness and potential amendments of this privacy statement: This privacy statement is currently valid as per August 2020. It may become necessary to change this privacy statement, due to the further development of our website or that of products and services offered via platform or due to legal and official requirements. You can access and print out the current privacy statement at any time on our website under the heading privacy.