Data privacy statement
The management of Scienlab electronic systems GmbH (hereinafter referred to as Scienlab) attaches great importance to data privacy. We greatly appreciate your interest in our company. The use of our Internet pages is also possible without the indication of personal data. However, if a visitor to our Internet pages as a data subject wishes to make use of some of our company’s offers via our website, it may be possible that personal data is required for this processing. We generally obtain the consent of the data subject if the processing of personal data is necessary and there is no legal basis for such processing.
Scienlab, as the data controller, guarantees the security of the processed personal data through numerous technical and organizational measures. Nevertheless, data transmissions on the Internet can always have security gaps, so that absolute protection cannot be guaranteed. Each data subject can therefore freely decide to transmit the personal data to us using alternative ways, as for example by telephone.
1. Definitions of terms
a) Personal data
Personal data are individual details about the personal or material circumstances of an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person can be identified, directly or indirectly, in particular by reference to a name, a personnel number, an online identifier or to one or more specific characteristics (e.g. genetic, psychological, economic or cultural characteristics).
b) Data subject
A data subject is any identified or identifiable natural person whose personal data are processed by the controller.
Processing is any operation in connection with personal data, whether or not by automated means, such as storing, modifying, transmitting, blocking and deleting personal data.
Profiling is any form of automated processing of personal data that consists in the use of the personal data collected to identify certain personal relationships that relate to or evaluate a natural person, in particular, relationships relating to performance at work, personal preferences, location or relocation, economic situation, health, reliability, behavior of that natural person that enable a prediction or analysis.
Pseudonymization is the type of processing of personal data by which the personal data can no longer be attributed to a specific data subject without the aid of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures which guarantee that the personal data are not attributed to an identified or identifiable natural person.
f) Controller or responsible for the processing
Controller or responsible for the processing is a natural or legal person, public authority or other body which, alone or jointly with others decides on the purposes of the processing of personal data. Where the purpose and means of such processing of personal data are specified by Union law or by the law of the Member States, the controller or the specific criteria for its nomination may be laid down by Union law or by the law of the Member States.
Processor is a natural or legal person, institution, authority or other body that processes personal data on behalf of the controller.
Recipient is a natural or legal person, institution, public authority or other body to which personal data is disclosed by the data controller, irrespective of whether it is a third party or not. Public authorities which, under Union law or the law of the Member States, may receive personal data from the controller under a particular investigation mandate are not recipients.
i) Third party
A third party is a natural or legal person, institution, public authority or other body which cannot be assigned to the data subject, the controller, the processor and the persons who, under the authority of the controller or the processor, are authorized to process the personal data.
Consent is any declaration or other clear affirmative action given voluntarily and in an informed manner by the data subject for the particular specific case in which the data subject indicates his/her consent to the processing of his/her personal data.
2. Name and address of the controller or responsible for the processing
Controller within the meaning of the General Data Protection Regulation, other data protection laws that apply in the EU Member States and other provisions relating to data protection is:
Scienlab electronic systems GmbH
Tel.: +49 (0)234 - 41 75 78 0
3. Name and address of the data protection officer
The controller’s data protection officer is:
ANKA Rechtsanwaltsgesellschaft mbH
Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
The user can optimize a page and it is stored in the cookie. For example, a user can select his/her preferred language or representation of the page, which is then stored in the cookie. Cookies therefore enable us to display the same optimized pages as before when the user visits the website again. Likewise, it is not always necessary to log on, because this can be done by the website and the cookie stored on the user's computer system.
The data subject can prevent the placing of cookies by our website at any time by making an appropriate setting in the Internet browser used, and thus permanently object to the storage of cookies. Cookies that have already been placed can be deleted via the Internet browser or other software programs. This function is currently offered by all common Internet browsers. If the data subject prohibits the placing of cookies in the Internet browser used, it may not be possible to use the full functionality of our website.
5. Collecting general data and information
Our website collects general data and information every time a data subject accesses the site. These are stored in data on the server. The following can be collected:
(1) Browser types and versions used,
(2) Operating system used by the accessing system,
(3) The website from which an accessing system reaches our website (so-called referrer),
(4) The subpages which are accessed via an accessing system on our website,
(5) Date and time of access to the website,
(6) An Internet Protocol (IP) address,
(7) The accessing system’s Internet service provider, and
(8) Other similar data and information used for security purposes in the event of attacks on our information technology systems.
Scienlab does not draw any conclusions about the data subject when using this general data and information. Instead, this information is needed
(1) to correctly represent the contents of your website,
(2) to optimize the contents of our website as well as its advertisements,
(3) to guarantee the long-term functionality of our systems and our website, as well as
(4) to provide law enforcement agencies with the necessary information for law enforcement. This anonymously collected data and information are statistically evaluated by Scienlab on the one hand, and also with the aim of increasing data protection and data security in our company. We thus ensure an optimal level of protection for personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
6.Contact via the website
Due to legal regulations, Scienlab’s website contains information that enables a quick electronic contact to our company as well as direct communication with us; this also includes a general so-called electronic mail address (e-mail address). If a data subject contacts the controller via e-mail or a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data, voluntarily provided by a data subject to the controller, will be stored for the purpose of processing or contacting the data subject. This personal data is not passed on to third parties.
7. Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only for as long as it is necessary to fulfill the purpose of storage. Further limitation is thereby given, insofar as it was provided for by the European legislator in directives and regulations or another legislator in laws or provisions to which the controller is subject.
If the purpose for storage ceases or a prescribed storage period expires, the personal data will be blocked or deleted routinely and in accordance with legal regulations, unless you have consented to continued storage.
8. Rights of the data subject
a) Right to confirmation
The European legislator of directives and regulations grants every data subject the right to require the controller to confirm whether it processes the data subject’s personal data. If a data subject wishes to make use of this right to confirmation, he/she can contact our data protection officer or another employee at any time.
b) Right to information
Any data subject, whose personal data is processed, is granted the right to obtain, at any time and free of charge, information from the controller concerning the stored personal data referring to him/her. The data subject may receive a copy of this information. Moreover, the European legislator of directives and regulations has granted the data subject access to the following information:
- the purpose of processing the data
- the existence of a right to rectification or deletion of the personal data concerning him/her, or to restriction of the processing by the controller, or a right to object to such processing
- if the personal data are not collected from the data subject: all available information on the origin of the data
- the categories of the personal data that are processed
- the existence of a right to lodge a complaint with a supervisory authority
- the recipients or categories of recipients who obtain or will obtain the personal data, in particular recipients in third countries or international organizations
- the planned duration of the storage of the personal data, if possible; if this is not possible, the criteria for determining the storage period
Moreover, the data subject may request information as to whether the personal data has been transferred to a third country or to an international organization. Where a transfer has been made, the data subject has the right to obtain information on the appropriate guarantees in connection with the transfer. In order to make use of this right to information as a data subject, contact our data protection officer or another employee of the company at any time.
c) Right to rectification
Any data subject, whose personal data is collected, is granted the right to request immediate rectification of false personal data concerning him/her. The data subject also has the right to request the completion of incomplete personal data. In order to make use of this right to rectification, the data subject can contact our data protection officer or another employee of the company at any time.
d) Right to be forgotten
Any data subject has the right to request from the controller the immediate deletion of the personal data concerned, provided that one of the following reasons is given and further processing is no longer necessary:
- The purpose of collection of the personal data has ceased.
- The personal data have been processed unlawfully.
- The data subject revokes its consent on which the processing was based, and there is no other legal basis for the processing.
- The data subject files an objection against the processing of its personal data and there are no overriding legitimate reasons for the processing, or the data subject files an objection against the processing pursuant to Art. 21 para. 2 GDPR.
- The deletion of personal data is necessary to fulfill a legal obligation of a legal basis to which the data controller is subject.
- The data of the data subject have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.
If one of the above points is given and the data subject wishes the deletion of personal data stored at Scienlab, he or she can contact our data protection officer or another employee of the company at any time. The Scienlab data protection officer or another employee will arrange for the deletion to take place as quickly as possible.
If the data subject’s data have been made public by Scienlab and if the company is obliged to delete the personal data pursuant to Art. 17 para. 1 GDPR, Scienlab takes appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other controllers who process the published personal data, that the data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other controllers, insofar as processing is not necessary. The Scienlab data protection officer or another employee will take the necessary steps in each individual case.
e) Right to restriction of processing
Any data subject has the right to request the restriction of processing from the controller if one of the following conditions is given:
- The data subject disputes the accuracy of the personal data and grants the controller rectification of the data.
- The data subject refuses deletion of the personal data and instead requests that the use of the personal data concerned be restricted.
- The data subject can request restriction of the processing from the controller, if the processing is necessary to assert, exercise or defend legal claims.
- The data subject has filed an objection to the processing and the outcome is still open as to whether the grounds of the controller for the processing outweigh those of the data subject.
If a data subject wishes to request the restriction of personal data stored by Scienlab under one of the aforementioned conditions, he or she can contact our data protection officer or another employee of the controller at any time. The controller will take the necessary steps for the restriction of processing.
f) Right to data portability
Any data subject has the right to obtain personal data concerning him/her in a commonly used and machine-readable format. However, this only concerns the data provided by the person.
Furthermore, the data subject may, by virtue of his/her right to data portability, request that the personal data be transferred directly from one controller to another controller, provided that this is technically feasible and that the rights and freedoms of other persons are not infringed. Please contact the data protection officer appointed by Scienlab or another employee at any time.
g) Right to object
Any data subject whose personal data is collected, is granted the right to object at any time to the processing of his/her personal data.
In case of objection, Scienlab will no longer process this data. In exceptional cases, compelling legitimate grounds for the processing may constitute a reason why Scienlab is still authorized to further process the data. These grounds may be that they outweigh the interests, rights and freedoms of the data subject, or that the processing serves to assert, exercise or defend legal claims.
In the case of direct marketing, the data subject may object to the processing of personal data for the purpose of such advertising at any time. Scienlab will then no longer process the personal data for these purposes.
To exercise your right to object, please contact the Scienlab data protection officer or another employee directly. This can be done in writing or electronically.
h) Right to withdraw the consent under the Data Protection Act
The data subject may withdraw his/her consent to the processing of personal data at any time. For this purpose, please contact our data protection officer or another Scienlab employee.
9. Data protection for applications and in the application procedure
In an application process, Scienlab collects and processes personal data of applicants for the purpose of managing the application procedures. Processing may also be done electronically. Applicants may submit appropriate application documents to the controller electronically, by e-mail, for example. If an employment contract is concluded with an applicant after the application procedure, the transmitted data will be stored for the purpose of managing the employment relationship. If no employment contract is concluded with the applicant after the application procedure, the application documents will be deleted no later than two months after notification of the rejection decision. In exceptional cases, other legitimate interests, such as the burden of proof in proceedings under the German General Equal Treatment Act (GETA), may prevent deletion.
Scienlab uses the tool Matomo on this website. Matomo is a software tool for web analysis. Web analysis includes the collection, compilation and evaluation of data on the behavior of website users. Among other things, Matomo collects data that show the original page of the data subject (so-called referrer), which subpages of the website were accessed or how long the dwell time on the respective subpages was. This analysis serves the optimization of the Scienlab website and helps with the cost-benefit analysis of advertising.
This software is operated on the Scienlab server. Data protection-relevant and sensitive files are only stored on this server.
The data protection-relevant purpose of using Matomo is to analyze the flow of visitors on our website. Scienlab uses the data collected to evaluate the use of this website, to compile online reports that show the activities on our website, and to improve the website.
Matomo stores a cookie on the system of the data subject or the visitor of the website. The meaning of a cookie has already been explained above. By placing the cookie we can carry out the analysis of our website. With each visit to our website, Matomo automatically requests the Internet browser on the system of the data subject to transmit data to the Scienlab server for the purpose of online analysis. By using Matomo, we learn personal data such as the IP address of the data subject, which among other things helps us to analyze the origin of the visitor and clicks.
The cookie also provides personal information, such as access time and location, as well as frequency of visits to our website. This personal data is stored by us. We do not pass this personal data on to third parties.
The data subject can prevent data transmission by means of an appropriate setting of the browser used, and thus permanently object to the placing of cookies. Such a setting of the browser used can block Matomo on the system of the data subject. Cookies that have already been placed can be deleted via the browser or other software programs at any time.
The data subject also has the right to object to the collection of data generated by Matomo. To do this, the data subject must place an opt-out cookie under the link http://matomo.org/docs/privacy/. If the data subject erases, formats or reinstalls his/her system, the opt-out cookie must be placed again under http://matomo.org/docs/privacy/.
Certain functions of the Scienlab website, however, cannot be fully used if an opt-out cookie has been placed.
11. Legal basis for the processing
Scienlab uses Art. 6 para 1 lit. a GDPR as the legal basis for its own processing operations, for which consent is obtained for a specific processing purpose. Personal data collected for the performance of a contract, such as for the delivery of goods, etc., are based on Art. 6 para. 1 lit. b GDPR, as they are necessary and required to fulfill the contract. This also applies to pre-contractual obligations of Scienlab, for example, in case of inquiries about our services. According to Art. 6 para. 1 lit. c GDPR, Scienlab may collect data required to meet legal obligations such as tax obligations. In extremely rare cases, it may be necessary to collect data of individuals in order to protect the vital interests of a data subject. This may, for example, be the considered in the event of an accident involving a visitor to our company. During data processing pursuant to Art. 6 para. 1 lit. d GDPR, for example, name, age, health insurance details or similar would then be passed on to doctors or hospitals. Our processing operations could finally be based on Art. 6 para. 1 lit. f GDPR. Processing procedures that do not originate from any of the above-mentioned legal bases may still be necessary to safeguard a legitimate interest of Scienlab or a third party. In this respect, the interests and fundamental rights of the data subject should not prevail. In the opinion of the European legislator, according to recital 47 sentence 2 GDPR such processing procedures are permitted in particular if the data subject is a customer of Scienlab.
12. Justifiable interests in the processing by Scienlab
Any processing of personal data relating to Art. 6 para 1 lit. f GDPR justifies our legitimate interest. This includes conducting our business activities for the benefit of our employees and our shareholders.
13. Storage period of personal data
The legal retention period is the basis for the storage period of personal data by Scienlab. A deletion takes place after expiry of the legal retention period, as far as the personal data are not required for the performance of the contract or in the context of contract initiation.
14. Existence of legal or contractual regulations for the provision of personal data
Finally, we would like to inform you that statutory regulations, for example, by means of tax regulations, must be complied with. For this purpose, information about the contractual partner may also be provided on the grounds of contractual regulations. For the conclusion of a contract, it is necessary for Scienlab to process personal data of and provided by a data subject. Without this personal data, performance of a contract would in part not be possible. For any queries regarding personal data, the data subject must make an inquiry to our data protection officer. The data protection officer shall inform the data subject in a timely manner, whether the provision of personal data is based on a contractual or legal basis, and whether an obligation to provide such data exists. He/she will also provide information about the consequences of non-provision.
15. Changes to the privacy statement
Should Scienlab wish to make changes to the business purpose and/or change the currently available technical and organizational measures, Scienlab reserves the right to adapt the privacy statement accordingly, taking into account the currently applicable legal provisions.
Last change of data privacy statement: 19.06.2018