Privacy Policy


Information about the collection and processing of your personal data

Diligence and transparency is the basis for a trusting cooperation with our customers. Therefore, we inform you about how we process your data and how you can exercise your rights, which you are entitled to under the General Data Protection Regulation. Which personal data we process and for what purpose depends on the respective contractual relationship.

1. who is responsible for data processing?

The responsible party is the respective Eurofins unit with which you have concluded a contract:

Gold Standard Diagnostics CD Kassel GmbH
Otto-Hahn-Str. 16 / 34123 Kassel
Germany

2. how to reach the data protection officer?

You can reach our data protection officer at:

Data Protection Officer

Matthias Stumpf
Eurofins Finance Transactions Germany
GmbH Am Neuländer Gewerbepark 1
21079 Hamburg, Germany
Mobile: +49 160 6265698
mattias.stumpf@sc.eurofinseu.com

3. which of your personal data do we use?

If you have an inquiry, have us prepare an offer or conclude a contract with us, we process your personal data. In addition, we also process your personal data, among other things, for the fulfillment of legal obligations, for the protection of a legitimate interest or based on a consent granted by you.

Depending on the legal basis, these are the following categories of personal data:

  • First name, last name
  • Address
  • Communication data (telephone, e-mail address)
  • Date of birth
  • Nationality
  • Contract master data, in particular contract number, term, period of notice, type of contract
  • Billing data/turnover data
  • Payment data/account information
  • Account information, in particular registration and logins
  • Customer group/interest
  • Customer number
  • Contact history
  • Appointment data
  • Occupation data

In the course of contract initiation, we also make use of data provided to us by third parties. Depending on the type of contract, this involves the following categories of personal data:

  • Information on creditworthiness (via credit agencies)

4. what are the sources of the data?

We process personal data that we receive from our customers, service providers and suppliers.

or/and

We receive personal data from the following entities:

  • Credit bureaus
  • Publicly available sources: Commercial or association registers

5. for what purposes do we process your data and on what legal basis?

We process your personal data in particular in compliance with the General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG) as well as all other applicable laws.

5.1 On the basis of your consent (Art. 6 para.1 a DSGVO)

If you have given us your voluntary consent to the collection, processing or transmission of certain personal data, then this consent forms the legal basis for the processing of this data.

In the following cases, we process your personal data on the basis of consent given by you:

  • sending e-mail newsletters
  • personalized newsletter tracking
  • market research (e.g. customer satisfaction surveys)
  • publication of a customer reference (name and picture)

5.2 For the performance of a contract (Art.6 para. 1 b DSGVO)

Eurofins offers comprehensive analytical and consulting services in the fields of Food, Pharma, Environment, Product Testing, Agroscience and Clinical Diagnostics for the determination of the safety, identity, composition, authenticity, origin and purity of biological substances and products as well as for clinical diagnostics.

5.3. to fulfill legal obligations (Art. 6 para. 1 c DSGVO) or in the public interest (Art. 6 para. 1 e DSGVO)

As a company, we are subject to various legal obligations. In order to fulfill these obligations, the processing of personal data may be necessary.

  • Control and reporting obligations
  • Documentation obligations based on ISO17025 and/or the German Medicines Act

5.4. on the basis of a legitimate interest (Art. 6 para. 1 f DSGVO)

In certain cases, we process your data to protect a legitimate interest of us or a third party.

  • Direct advertising or market and opinion research
  • Central customer data management within the Group
  • Building and plant security measures
  • Video surveillance to safeguard the right of access to the premises
  • Consultation of and data exchange with credit agencies to determine creditworthiness or default risks
  • Ensuring IT security and IT operations

6. with whom will your data be shared?

In order to fulfill our contractual and legal obligations, your personal data will be disclosed to various public or internal bodies, as well as external service providers.

If you have further questions about the individual recipients, please contact us at: info.kassel@eu.goldstandarddiagnostics.com

7. Is your data transferred to countries outside the European Union (so-called third countries)?

Countries outside the European Union (and the European Economic Area "EEA") handle the protection of personal data differently than countries within the European Union. We also use service providers located in third countries outside the European Union to process your data. There is currently no decision by the EU Commission that these third countries generally provide an adequate level of protection.

We have therefore taken special measures to ensure that your data is processed in the third countries as securely as within the European Union. With service providers in third countries, we conclude standard data protection clauses provided by the Commission of the European Union. These clauses provide appropriate safeguards for the protection of your data with service providers in the third country.

Our service providers in the USA are also certified under the EU-US Privacy Shield agreement.

If you wish to inspect the existing guarantees, please contact us at: info.kassel@eu.goldstandarddiagnostics.com

8. how long will your data be stored?

We store your personal data as long as it is necessary for the fulfillment of our legal and contractual obligations.

If storage of the data is no longer necessary for the fulfillment of contractual or legal obligations, your data will be deleted unless its further processing is necessary for the following purposes:

  • Retention obligations based on ISO17025 and/or the German Medicines Act.
  • Fulfillment of retention obligations under commercial and tax law. These include retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO).
  • Preservation of evidence within the framework of statutory limitation provisions. According to the statutes of limitations of the German Civil Code (BGB), these statutes of limitations can be up to 30 years in some cases; the regular statute of limitations is three years.

9. what rights do you have in connection with the processing of your data?

Every data subject has the right to information pursuant to Art. 15 DSGVO, the right to
right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art.18 GDPR, the right of
Objection from Art. 21 DSGVO as well as the right to data portability from Art. 20 DSGVO. With regard to the right to information and the right to erasure, the restrictions according to §§ 34 and 35 BDSG apply.

9.1 Right of objection

You can object to the use of your data for advertising purposes at any time without incurring any costs other than the transmission costs according to the basic rates.

  • What right do you have in case of data processing based on your legitimate or public interest?

Pursuant to Article 21 (1) DSGVO, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) (e) DSGVO (data processing in the public interest) or on the basis of Article 6 (1) (f) DSGVO (data processing for the purposes of safeguarding a legitimate interest); this also applies to profiling based on this provision.

In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

  • What rights do you have in case of data processing for direct marketing?

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing pursuant to Article 21 (2) of the German Data Protection Act (DSGVO); this also applies to profiling, insofar as it is associated with such direct marketing.

In the event of your objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.

9.2 Revocation of consent

You can withdraw your consent to the processing of personal data at any time.
revoke it. Please note that the revocation is only effective for the future.

9.3 Right to information

You can request information about whether we have stored personal data about you. If you wish, we will tell you what data is involved, for what purposes the data is processed, to whom this data is disclosed, how long the data is stored and what other rights you have with regard to this data.

9.4 Further rights

In addition, you have the right to correct incorrect data or to have your data deleted. If there is no reason for further storage, we will delete your data, otherwise we will restrict the processing. You may also request that we provide any personal data you have provided to us in a structured, common and machine-readable format either to you or to a person or company of your choice.

In addition, you have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 DSGVO in conjunction with Section 19 BDSG).

9.5 Exercising your rights

To exercise your rights, you can contact the person responsible or the data protection officer using the contact details provided. We will process your requests promptly and in accordance with the legal requirements and inform you of the measures we have taken.

10. is there an obligation to provide your personal data?

In order to enter into a business relationship, you must provide us with the personal data that is required for the implementation of the contractual relationship or that we must collect due to legal requirements. If you do not provide us with this data, it will not be possible for us to carry out and process the contractual relationship.

11. changes to this information

If there is a significant change in the purpose or manner of processing your personal data, we will update this information in a timely manner and inform you of the changes in a timely manner.