Eurofins Genomics Privacy Policy

Information regarding the collection and processing of your personal data

Accuracy and transparency form the basis of our interaction with customers: a collaborative approach that is based on trust. We are therefore providing you with information on how we use your data and how you can exercise your rights under the General Data Protection Regulation. The personal data that we use and the purpose for which it is used depend on the applicable contractual relationship.

1. Who is responsible for processing the data?

The party responsible is the respective Eurofins entity with whom you have entered into a contract:

• Eurofins Genomics Germany GmbH
• Eurofins Genomics Sweden AB
• Eurofins Genomics France SAS
• Eurofins Genomics UK Limited
• Eurofins Genomics Italy Srl
• Eurofins Genomics AT GmbH
• Eurofins Genomics Denmark AS

2. How can you contact the Data Protection Officer?

Our Data Protection Officer’s contact details are:

Alexander Spanier
Datenschutzbeauftragter
Fischmarkt 15
78462 Konstanz
Germany

as@spanier-datenschutz.de

3. Which personal data do we use?

We process your personal information if you submit a query, receive a quote from us or sign a contract with us. We also process your personal data for purposes, which include fulfilling our legal obligations, safeguarding a legitimate interest, or on the basis of the consent that you have granted us.

Depending on the legal basis, this concerns the following categories of personal data:

• First name, surname
• Address
• Communication data (telephone number, e-mail address)
• Date of birth
• Nationality
• Contract-related master data, in particular contract number, duration, cancellation period, type of contract
• Invoice data/sales data
• Payment data/account details
• Account information, especially registration and logins
• Customer group/interests
• Customer number
• Contact history
• Appointment data
• Occupation-related information

In the course of initiating the contract, we also make use of data that has been supplied to us by third parties. Depending on the type of contract, this concerns the following categories of personal data:

• Information on creditworthiness (obtained from credit agencies)

4. Which sources are used to obtain the data?

We process personal data that we receive from our customers, service providers and suppliers.

and/or

We receive personal data from the following sources:

• Credit agencies
• Publicly accessible sources: commercial or association registers

5. What do we use your data for and what is our legal basis for doing so?

We process your personal data with particular consideration of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), as well as in accordance with all further relevant legislation.

5.1 On the basis of the consent that you have granted (Art. 6 (1a) GDPR)

Where you have expressed your voluntary consent for us to collect process or transmit certain personal data, this consent then forms the legal foundation for the processing of this data.

In the following instances, we will process your personal data on the basis of your consent:

• Sending out e-mail newsletters
• Personalised newsletter tracking
• Market research (e.g. customer satisfaction surveys)
• Publishing a customer reference (name and photo)

5.2. To fulfil a contract (Art. 6 (1b) GDPR)

Eurofins offers extensive analysis, synthesis and consultancy services in the pharmaceuticals, clinical diagnostics, environment, product testing, agroscience and lifescience sectors to determine the safety, identity, composition, authenticity, origin and purity of biological substances and products, as well as the clinical diagnostics.

5.3. To fulfil legal obligations (Art. 6 (1c) GDPR) or if it is in the public interest (Art. 6 (1e) GDPR)

As a business, we are subject to a number of legal obligations. In order to fulfil these obligations it may be necessary to process personal data.

• Control-related and reporting requirements
• Documentation requirements in accordance with ISO17025 and/or the German Medicines Act (AMG)

5.4. Due to a legitimate interest (Art. 6 (1f) GDPR)

In certain cases we may process your data to safeguard our or a third party’s legitimate interest.

• Direct advertising or market research and opinion polling
• Central customer data management within the Group
• Measures for the safety of buildings or facilities
• Video surveillance to protect domiciliary rights
• Consultation and data exchange with credit agencies for the purpose of establishing credit and default risks
• Guaranteeing IT security and IT operation

6. To whom do we forward your data?

To fulfil our contractual and legal obligations your personal data is disclosed to various public or internal bodies, as well as to external service providers.

Service providers within the Group:

• Eurofins Genomics Europe Shared Services GmbH
• Eurofins Finance Transactions Germany GmbH
• Eurofins GSC Lux Sarl
• Eurofins Information Systems GmbH
• Eurofins IT Solutions India Pvt Ltd
• Eurofins NSC Finance Germany GmbH
• Eurofins NSC IT-Infrastructure Germany GmbH
• Eurofins Scientific SE

Production entities within the Group:

• Eurofins Genomics Europe Sequencing GmbH
• Eurofins Genomics Europe Applied Genomics GmbH
• Eurofins Genomics Europe Synthesis GmbH

External service providers:

• Internet service providers as well as IT providers (e.g. maintenance and hosting providers)
• Service providers for file and data destruction
• Telecommunication
• Payment service providers
• Advisory and consulting services
• Credit agencies
• Web hosting service providers
• Auditors

Public bodies:

In addition, we may be required to pass on your personal data to other entities, such as to authorities for the fulfilment of legal reporting obligations.

• Financial authorities
• Customs authorities
• Social insurance agencies

Should you have further questions regarding the individual recipients, please contact us at privacy@eurofins.com

7. Will your data be transmitted to countries outside the European Union (known as ‘third countries’)?

Countries outside the European Union (and the European Economic Area, the EEA) manage the protection of personal data differently to countries within the European Union. To process your data we also use service providers who are located in third countries outside the European Union. There is currently no proclamation from the EU Commission that these third countries in general provide an appropriate level of protection.

We have therefore taken specific measures to ensure that your data is processed equally as securely in third countries as within the European Union. With service providers in third countries, we conclude the standard privacy clauses provided by the Commission of the European Union. These clauses provide appropriate safeguards for the protection of your data with service providers located in the third country.

Our service providers in the USA are, moreover, certified in accordance with the EU-US Privacy Shield agreement.

If you would like to inspect the existing guarantees in detail, please contact us at privacy@eurofins.com.

8. How long will my data be stored for?

We store your personal data for as long as is required to allow us to fulfil our legal and contractual obligations.

Should it no longer be necessary to store the data for the purposes of fulfilling contractual or legal obligations, your data will be deleted, unless further processing is necessary due to the following reasons:

• Retention requirements in accordance with ISO17025
• Fulfilling commercial and tax retention obligations. This includes retention periods from the German Commercial Code (HGB) or the General Fiscal Code (AO).
• Preserving evidence in the context of the regulatory statute of limitations. According to the statute of limitations of the German Civil Code (BGB), these limitation periods can, in some cases, be up to 30 years; the regular limitation period is three years.

9. What rights do you have regarding the processing of your data?

Each individual affected has the right to information as per Art. 15 GDPR, the right to correction as per Art. 16 GDPR, the right to deletion as per Art. 17 GDPR, the right to limiting the processing as per Art. 18 GDPR, the right to appeal as per Art. 21 GDPR and the right to data portability as per Art. 20 GDPR. With regard to the right to information and the right to deletion, restrictions apply in accordance with §§ 34 and 35 BDSG.

9.1. Right to appeal

You may veto the use of your data for advertising purposes at any time without incurring anything other than the transmission costs based on the basic tariffs.

• What are your rights in the event of data processing for your legitimate or public interest?
  In accordance with Art. 21 (1) GDPR, due to reasons that arise from your particular situation, you have the right at any time to file an objection against the processing of personal data concerning you that takes place on the basis of Art. 6 (1e) GDPR (data processing in the public interest), or Art. 6 (1f) GDPR (data processing for the purposes of safeguarding a legitimate interest) this also applies to profiling based on this provision.
  In the event of your objecting we will no longer process your personal data, unless we can prove that we have compelling legitimate reasons for doing so, which outweigh your interests, rights and freedoms; or if processing serves to enforce, exercise or defend legal claims.

• What rights do you have in the event of data being processed for the purposes of direct mail advertising?
  If we process your personal data for the purposes of direct mail advertising, you have the right, in accordance with Art. 21 (2) GDPR, to file an objection at any time against the processing of personal data pertaining to yourself for the purposes of this type of advertising; this also applies to profiling, insofar as it is associated with this direct mail advertising.
  In the event of your objecting to processing for the purposes of direct mail advertising, we will no longer process your personal data for this purpose.

9.2. Revoking consent

You can revoke your consent for the processing of your personal data at any time. Please be aware that the revocation is only effective for the future.

9.3. Right to information

You can request information regarding whether we have stored personal data about you. Should you so wish, we will inform you what data we hold on you, what the data is being used for, to whom the data has been disclosed, how long the data will be stored and what further rights you have in relation to this data.

9.4. Other rights

In addition, you have the right to correct data that is incorrect or to have your data deleted. Where there is no reason to store it, further we will delete your data; otherwise, we will limit the processing of it. You can also demand that we provide you, or a person or company of your choice, with all personal data that you have provided us with, in a structured, commonly acceptable and machine-readable format.

Furthermore, you have a right of appeal to the data protection supervisory authority responsible (Art. 77 GDPR in conjunction with § 19 BDSG).

9.5. Being aware of your rights

To find out your rights you can contact those officials responsible or the data protection authorities using the contact details provided. We will process your requests promptly and in accordance with the legal requirements and inform you of the measures we have taken.

10. Is there an obligation to provide your personal data?

To enter into a business relationship you must provide us with the personal data required to implement the contractual relationship, or that we are required to collect due to legal stipulations. If you do not provide us with this data, we will not be able to implement or perform the contractual relationship.

11. Changes to this information

If the purpose or methods of the processing of your personal data are subject to significant changes, we will update this information in a timely manner and communicate the changes promptly.

Last updated: [6 February 2019]

Thank you for visiting our website.

1. Controller information
The entities in charge of the control of any information obtained through the use of first-party cookies on this website (together referred hereinafter as the “controller” or “Eurofins” or “we”) are:

Eurofins Genomics GmbH
Anzinger Str. 7a
85560 Ebersberg
Germany

This Cookie Notice sets out the basis on which all data that Eurofins collects on you through tracking technologies like cookies will be processed by Eurofins and provides you with information about these tracking technologies and especially about cookies. This information is intended to give you a better understanding of what cookies are and the role they play in your visit to our website. European legislation requires all sites that use cookies to ensure that you are well informed about this and that you give your express permission to collect and store information collected through the use of cookies.

If you have any questions regarding this Cookie Notice or if you want to lodge a request in relation to your personal information, please contact us via our contact point:

privacy@eurofins.com

2 Data Protection Officer information
To ensure compliance with applicable privacy laws and regulations, we have appointed a Data Protection Officer:

Alexander Spanier
Datenschutzbeauftragter
Fischmarkt 15
78462 Konstanz
Germany

as@spanier-datenschutz.de

3 Which information does Eurofins collect about me?
Eurofins may obtain information about you when you use this website.

The information we collect about you includes:

• your identity (such as Internet Protocol Address);
• device event information such as browser type, browser language, the date and time of your request and referral URL;
• your preferences such as language settings, website notifications, or alerts;
• your location;
• what content you view or pages you visit;
• search enquiries you make using our site search.

4 How does Eurofins collect information about me?

4.1. We collect information about you via our website, through the use of cookies
We collect information about you when you use our website or view content provided by Eurofins. Part of this information is automatically collected through cookies and stored in server logs. We also use various technologies to determine location, including IP address that may, for example, provide Eurofins with information on what country or city you are in.

4.1.1 What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the website. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you do not have to keep re-entering them whenever you come back to the site or browse from one page to another.

There are various sorts of cookies. Some cookies, as narrated below, extend the functionalities of our website and enhance your experience using our website, others are critical to its proper functioning and the website may not work without them.

4.1.2 What cookies does Eurofins’ website use, for which purposes and how long are they kept for?
Strictly necessary cookies: These cookies are essential to move around a website and use its features, such as accessing secure areas. Without these cookies, services website users ask for, like shopping baskets or e-billing, cannot be provided. Strictly necessary cookies are used to store a unique identifier to manage and identify the user as unique to other users currently viewing the website, in order to provide a consistent and accurate service to the user.

These cookies enable services the website’s users have specifically asked for.

These cookies are first-party cookies, which are set by the web server of the visited page and share the same domain. They are persistent and erased after one year.

Performance cookies: These cookies collect information about users such as page load speeds, internet connection speeds, browser type, device type, screen size, etc. for the purpose of assessing the performance of a website and allowing its improvement. Once collected, the information is directly anonymised. They are set by a third party service called Google Analytics. It collects information in an aggregated (i.e., anonymous) form, including the number of visitors to the site, where visitors come from and the pages they visited. These cookies are divided into session cookies, which are erased when the user closes the browser and persistent cookies, which remains on the user's computer/device for a pre-defined period of time (usually two years).

Functionality cookies: These are cookies that automatically remember choices that users have previously made in order to improve their experience next time they visit the website (where users select their preferred language or remember settings such as whether or not they have logged in already for example). These cookies are also used to prevent a user being offered a service that had previously been offered and rejected. These cookies are persistent ones and generally kept for one year. Some are set after the appearance of a feature popup window to prevent it from appearing again on a specific page whereas others determine whether a banner appears centred at the bottom on all pages across the website, intended to advertise the presence of feature web pages for Eurofins 30th Anniversary. Absence of this latter cookie displays the banner.

These cookies are first-party cookies, which are set by the web server of the visited page and share the same domain.

Targeting or advertising cookies: These cookies track users’ browsing activities on websites and collect information about user’s browsing habits. These cookies are used to deliver advertisements more relevant to the website users and their interests; to limit the number of times users see an advertisement and to help measure the effectiveness of advertising campaigns. These cookies contain a unique key that is able to distinguish individual users’ browsing habits or store code that can be translated into a set of browsing habits or preferences using information stored elsewhere. They remember that a user has visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisations. The data contained in these cookies is generally set and controlled by these third party organisations.

All cookies will only be used for the purposes stated above and to provide better services to all our website visitors so we can present our website, services and products to you in the most appropriate manner.

Please note that on this website, Google Analytics code is supplemented by “anonymizeIP” to ensure an anonymized collection of IP addresses (so called IP-masking).

Youtube
We are interested in providing you with a wide range of multimedia information. That's why we embed videos from YouTube (YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066 USA). The legal basis for this is Art. 6 para. 1 lit. f) GDPR.
The integration works in the enhanced privacy mode, also referred to as no-cookie solution, which means that only when the video is actually played YouTube will place cookies and pixel tags for the personalization of advertising and search results.
When you play the YouTube video, the following data is transmitted to Google as a YouTube operator:

• the IP address,
• the specific address of the page visited,
• the transferred ID of the browser,
• system date and time of the call,
• existing cookies that can be used to uniquely identify your browser.

This data processing is under the exclusive responsibility of Google as the operator of YouTube. We neither have knowledge nor can we influence which data (and how they) are processed there. More information can be found here. Please note that Google may receive further information via cookies already stored on your computer. We neither have knowledge nor can we influence which data (and how they) are processed there. The privacy policy of YouTube can be found here.

4.1.3 How to control cookies?
You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

For more general information about cookies and how to disable them through your browser, visit http://www.allaboutcookies.org/.

You can easily accept or reject each of the cookies on this site by adjusting your preferences on the relevant link provided on each of Eurofins webpages titled “Cookies Preferences”.

4.2 We collect information about you via web beacons and parameter tracking

We also use software similar to cookies known as web beacons. A web beacon is one of a number of techniques used to track who is reading a web page or email, when, and from which computer. It can also be used to redirect the user client to a third party web service for tracking purposes.
It is not possible to refuse the use of web beacons. However, because they are used in conjunction with cookies, you can effectively disable them by setting your browser to restrict or block cookies.

We also use ETag, which is an HTTP protocol header field mainly used to validate web caches and allow more efficient browsing. It has also been used for cookie-like purposes.
We also use Scripts (such e.g. JavaScript code) and components (such as browsers plugins like Adobe Flash) used to generate Web pages and to automate computer processes. You can disable the Scripts, such as JavaScript, through your browser (see your browser's settings).

4.3 We collect information about you via third parties

We use Google Analytics’ 3rd-party audience data such as age, gender and interests to work with companies that collect information about your online activities to provide advertising targeted to suit your interests and preferences. For example, you may see certain ads on this website or other website because we contract with Google and other similar companies to target our ads based on information we or they have collected, including information that was collected through automated means (such as cookies and web beacons). These companies also use automated technologies to collect information when you click on our ads, which helps track and manage the effectiveness of our marketing efforts.

You may opt out of the automated collection of information by third-party ad networks for the purpose of delivering advertisements tailored to your interests, by visiting the consumer opt-out page for the Self-Regulatory Principles for Online Behavioural Advertising at http://www.aboutads.info/choices/ and edit or opt-out your Google Display Network ads’ preferences at http://www.google.com/ads/preferences/. Because those opt-out and preference control pages are specific to the individual browser used to visit it, and because that page is not operated by Eurofins, we are unable to perform the opt-outs on your behalf.

5 Which processing ground(s) do you rely upon for processing my personal information?
In order to use cookies and process your data collected through the use of cookies, we rely on your consent. You can withdraw your consent in full or in parts at any time by adjusting your preferences on the relevant link provided on each of Eurofins webpages titled “Cookie Preferences”.

6 Who will my personal information be transferred to?
Your personal data might be transferred to any Eurofins affiliates (which can be found at https://www.eurofins.com/). We do not sell or otherwise disclose personal information about our website visitors to third parties except as described below:

• to trusted businesses or persons to process your personal information for us, based on our instructions and in compliance with applicable data privacy regulations;
• to service providers we have retained to perform services on our behalf;
  to companies, organizations or individuals outside of Eurofins if we have a good reason to believe that access, use, preservation or disclosure of the information is reasonably necessary to:
  • execute and enforce contractual terms;
  • meet any applicable law, regulation, legal process or enforceable governmental request;
  • detect, prevent, or otherwise address fraud, security or technical issues;
  • protect against harm to the rights, property or safety of Eurofins, our users or the public as required or permitted by law;

• to regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, or in connection with legal proceedings;
• to third parties as part of a merger, acquisition or bankruptcy, in the event we sell or transfer all or a portion of our business or assets (including through bankruptcy).

7 Will my information be transferred outside the European Union?
Your personal data might be transferred outside the EU in case one of the recipients stated above is located outside the EU and only to countries for which:

• the European Commission has issued an adequacy decision (which guarantees that an adequate level of protection of personal data is offered in that country);
• you have given explicit consent;
• appropriate safeguards have been provided, such as standard data protection clauses (that can be found at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en) or Privacy Shield Certification (companies benefitting from this certification can be found at https://www.privacyshield.gov/list).

8 Which rights do I have over my personal data?
You have the right to ask for:

• accessing your data;
• rectifying your data;
• restricting the processing of your data;
• withdrawing your consent at any time as explained above;
• erasing your data.

You also have the right to complain to the relevant national data protection authority in case these rights are not complied with. An overview of the national data protection authorities is available at the following link: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

9 Links to other sites
We provide links to other websites for your convenience and information. If you follow such links, this Cookie Notice will no longer apply. These websites may have their own privacy notice or policies in place, which we recommend you review if you visit any linked websites. We are not responsible for the content of linked websites or their use.

10 Changes to this Cookie Notice
We recognise that transparency is an ongoing responsibility so we will keep this Cookie Notice under regular review. We will always update this Cookie Notice on our website, so please try to read it when you visit the website (the ‘last updated’ reference on the top right tells you when we last updated this Cookie Notice).