Privacy Statement
Thank you for your interest in our company. For us, the management and employees of Specialty Diagnostix GmbH, data protection is particularly important. Basically, the use of our website is possible without providing personal data. However, if a user wishes to use specific services of our company via our website, it may become necessary to process personal data. If the processing of personal data is required and if there is no legal basis for such a step, we will request your consent prior to recording, processing or using your data.
The processing of a user’s personal data, such as name, address, e-mail address or telephone number will always be performed in accordance with the General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to Specialty Diagnostix GmbH. With this privacy statement, we would like to inform you about the type, scope and purpose of the personal data we will collect, use and process. In addition, this privacy statement will inform our users of their rights when using our website.
As the party responsible for data processing (“controller”), Specialty Diagnostix GmbH has implemented numerous technical and organizational measures to ensure that the personal data processed by this website is protected as comprehensively as possible. Nevertheless, it is not possible to guarantee absolute protection, since internet-based data transmissions bear the inherent risk of security gaps. For this reason, each user is free to provide us with personal data using alternative means, e.g. by telephone.
1.) Definition of terms
The privacy statement of Specialty Diagnostix GmbH is based on the terms used by the European Regulators in adopting the General Data Protection Regulation (GDPR). In order to make our privacy statement easy to read and comprehend, we would like to start with an explanation of the terms used in the following paragraphs.
For the purpose of this privacy statement we will use the following terms:
1.1) Personal data
„Personal data“ means any information relating to an identified or identifiable natural person („user“); an identifiable natural person is one who may be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.2) User
A „user“ is any identified or identifiable natural person, whose personal data are processed by the controller.
1.3) Processing
„Processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.4) Restriction of processing
„Restriction of processing“ means the marking of stored personal data with the aim of limiting their future processing.
1.5) Profiling
„Profiling“means any form of automated processing of personal data, consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
1.6) Pseudonymization
„Pseudonymization“ means the processing of personal data in such a manner that the personal data may no longer be attributed to a specific user without the use of additional information, provided such additional information is filed separately and is subject to technical and organizational measures to ensure that the personal data are not attributable to an identified or identifiable natural person.
1.7) Party responsible for processing („controller“)
“Controller” means the natural or legal person, public authority, institution or other body which, alone or jointly with others, will determine the purposes and means for the processing of personal data. If the purposes and means of such processing are determined by Union law or laws of the Member States, the controller or the specific criteria for his nomination may be provided for by Union law or laws of the Member States.
1.8) Processor
„Processor“ means a natural or legal person, public authority, institution or other body which will process personal data on behalf of the controller.
1.9) Recipient
„Recipient“ means a natural or legal person, public authority, institution or other body, whether a third party or not, to whom personal data will be disclosed. However, public authorities that may receive personal data in the course of a specific inquiry according to Union law or laws of the Member States shall not be regarded as recipients.
1.10) Third party
„Third party“ means a natural or legal person, public authority, institution or body other than the user, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
1.11) Consent
„Consent“ means any freely given, specific, informed and unambiguous indication of the user’s wishes by which he or she, by statement or clear affirmative action, signifies his or her agreement to the processing of his or her personal data.
2.) Name and address of the controller
The responsible person („controller“) in accordance with the General Data Protection Regulation (GDPR), other data protection laws in force in the Member States of the European Union and other provisions of data protective nature may be contacted at:
Specialty Diagnostix GmbH
Sailerwöhr 16
94032 Passau
Germany
Phone: +49 (851) 988 49 300
E-Mail: bsd@specialtydiagnostix.de
Website: https://www.specialtydiagnostix.de
3.) Cookies
Specialty Diagnostix GmbH uses cookies for our web pages. Cookies are very small text files that are downloaded on your device and that are stored on a computer system via an internet browser.
Most websites and servers use cookies. Many cookies contain a so-called cookie ID, a unique identifier for the respective cookie consisting of a string of characters which helps to assign web pages and servers to a specific internet browser, where the cookie has been stored. This helps the visited internet pages and servers to distinguish the user’s individual browser from other internet browsers that contain other cookies. A specific internet browser may be recognized and identified by its unique cookie ID.
By using cookies, Specialty Diagnostix GmbH is able to provide the users of this website with more user-friendly services that would be impossible without cookies.
By means of a cookie, the information and offers on our website may be customized for each user. As mentioned above, cookies help us to recognize a user of our website to make it easier for users to use our website. Cookies may be used to remember user name and password information so that the user does not have to re-enter these data every time he or she visits our website, since they are taken from the website and the cookie stored on the user’s computer system.
The user may prevent the setting of cookies by our website at any time with an appropriate setting of the internet browser used and, in doing so, permanently object to the setting of cookies. In addition, cookies that have already been set may be deleted at any time via the internet browser or other software programs. This is possible in all major internet browsers. If the user deactivates the setting of cookies in the internet browser used, however, some of the functions on our website may not be fully usable.
4.) Collection of general data and information
The website of Specialty Diagnostix GmbH collects a series of general data every time a user or an automated system accesses the website. These general data and information are stored in the log files of our server. The data recorded may include (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website through which the accessing system has reached our website (so-called referrers), (4) the sub-websites that are accessed by an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol Address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used for security purposes in the event of attacks on our information technology system.
Specialty Diagnostix GmbH will not draw any conclusions with regard to the user when processing general data and information. Rather, this information is required (1) to correctly deliver the contents of our website, (2) to optimize the contents of and the advertising for our website, (3) to ensure the permanent functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. These anonymously collected data and information are therefore evaluated by Specialty Diagnostix GmbH both statistically and with the aim of increasing data protection and data security in our company, ultimately in order to ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a user.
5.) Registration on our website
The user has the option of registering on the controller’s website by providing personal data. The personal data to be transferred to the controller are determined by the respective input mask used for registration. The personal data entered by the user are collected and stored exclusively for internal use by the data controller and for the user’s own purposes. The controller may arrange for the data to be transferred to one or more processors, such as a forwarder, who will also use the personal data exclusively for internal use attributable to the controller.
In addition, the IP address assigned by the Internet Service Provider (ISP) to the user, the date and time of registration will be stored when a user registers on the controller’s website. These data are stored since this is the only way to prevent misuse of our services, and, if necessary, to enable us to investigate criminal offences. Consequently, the storage of these data is necessary to protect the controller. In general, these data will not be passed on to third parties, unless there is a legal obligation to forward these data or the data are forwarded for the purpose of criminal prosecution.
The registration of the user with the voluntary submission of personal data will help the controller to provide the user with content or services which, due to the nature of things, may only be offered to registered users. Registered users are free to modify their submitted personal data during registration at any time or to have them deleted completely from the data base by the controller.
Upon request, the controller shall at all times inform each user of the personal data stored for him or her. In addition, the controller will correct or delete personal data at the request or notice of the user, unless there are legal obligations to store such data. All employees of the controller are available to the user to answer any questions in this context.
6.) Contact via the website
Due to legal regulations, the website of Specialty Diagnostix GmbH contains information for rapid electronic contact with our company as well as for direct communication with our employees. This also includes a general address for so-called electronic mail (e-mail address). If a user contacts the controller via e-mail or a contact form on the website, the personal data submitted by the user are stored automatically. The personal data voluntarily submitted by the user to the controller will be stored for the purpose of further processing or for contacting the user. Of course, these personal data will not be forwarded to third parties.
7.) Routine deletion and blocking of personal data
The controller shall process and store personal data of the user only for the period necessary to achieve the purpose of storage or as provided for by the European Regulator or another legislator by laws or regulations to which the controller is subject.
If the storage purpose ceases to apply or if a storage period required by the European Regulator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with statutory provisions.
8.) Rights of the user
8.1) Right of confirmation
Each user shall have the right, granted by the European Regulator, to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a user wishes to exercise this right of confirmation, he or she may contact an employee of the controller at any time.
8.2) Right of information
The user shall have the right, granted by the European Regulator, to obtain, at any time and free of charge, information from the controller regarding his or her personal data that have been stored and to receive a copy of this information. In addition, the European Regulator has granted the user the right of access to information on the following subjects:
- the purposes for data processing
- the categories of personal data to be processed
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, specifically recipients in third countries or international organizations.
- where possible, the intended period of time for which the personal data will be stored or, if not possible, the criteria used to determine this period
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data regarding the user or to object to such processing
- the right to lodge a complaint with a supervising authority
- where the personal data has not been collected from the user, any available information as to their source
- the existence of automated decisions including profiling according to Article 22 para.1 and 4 GDPR and — at least in those cases — meaningful information about the logic involved, as well as the significance and the intended effects for the user.
In addition, the user shall have the right to be informed if personal data have been transferred to a third country or to an international organization as well as of the appropriate safeguards pursuant to such a transfer.
If a user wishes to exercise this right of confirmation, he or she may contact an employee of the controller at any time.
8.3) Right to rectification
Each user affected by the processing of personal data shall have the right, granted by the European Regulator, to obtain the immediate rectification of inaccurate personal data regarding him or her. Taking into account the purposes of the processing, the user shall also have the right to have incomplete personal data completed, including by providing a supplementary statement.
If a user wishes to exercise this right of confirmation, he or she may contact an employee of the controller at any time.
8.4) Right to erasure („Right to be forgotten“)
Each user affected by the processing of personal data shall have the right, granted by the European Regulator, to obtain from the controller the erasure of his or her personal data without undue delay, and the controller shall have the obligation to erase such personal data immediately, if one of the following reasons applies and a processing is not required:
- The personal data are no longer necessary in relation to the purposes for which they have been collected or otherwise processed.
- The user withdraws his or her consent on which the processing is based according to Art. 6, para. 1, letter a GDPR or Art. 9 para. 2, letter a GDPR, and if there is no other legal reason for processing.
- The user objects to the processing pursuant to Art. 21, para. 1 GDPR and there are no overriding legitimate reasons for processing, or the user objects to the processing according to Art. 21, para. 2 GDPR.
- The personal data have been processed unlawfully.
- The personal data have to be erased to comply with a legal obligation according to Union law or laws of the Member States to which the controller is subject.
- The personal data have been collected in relation to information society services offered according to Art. 8, para. 1 GDPR.
If one of the reasons mentioned above applies and the user requests the erasure of personal data stored by Specialty Diagnostix GmbH, he may contact an employee of the controller at any time. The employee of Specialty Diagnostix GmbH will arrange for immediate compliance with such a request for erasure.
Where the controller has made personal data public and is obliged, pursuant to paragraph 1, to erase these personal data, the controller, bearing in mind available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the respective personal data that the user has requested the erasure from these controllers of any links to, or copy of or replication of, those personal data, unless the processing is required. An employee of Specialty Diagnostix GmbH will initiate the necessary steps on a case by case basis.
8.5) Right to restriction of processing
Each user affected by the processing of personal data shall have the right, granted by the European Regulator, to obtain from the controller a restriction of processing, if one of the following conditions applies:
- The accuracy of the personal data is contested by the user, for a period enabling the controller to verify the accuracy of these personal data.
- The processing is unlawful and the user opposes the erasure of the personal data, instead requesting their restricted use.
- The controller no longer needs the personal data for purposes of processing, but the user requires them to establish, exercise or defend legal claims.
- The user has objected to the processing of personal data pursuant to Art. 21, para. 1 GDPR, and the verification, whether the legitimate reasons of the controller override those of the user, is still pending.
If one of the reasons mentioned above applies and the user requests the erasure of personal data stored by Specialty Diagnostix GmbH, he or she may contact an employee of the controller at any time. The employee of Specialty Diagnostix GmbH will arrange for immediate compliance with such a request for restriction of processing.
8.6) Right to data portability
Each user affected by the processing of personal data shall have the right, granted by the European Regulator, to receive his or her personal data that he or she has provided to a controller, in a structured, conventional and machine-readable format. In addition, he has the right to transmit these data to another controller without hindrance from the controller to whom the personal data have been originally provided, if the processing is based on consent in accordance with Art. 6, para. 1, letter a GDPR or Art. 9, para. 2, letter a GDPR or on a contract pursuant to Art. 6, para. 1, letter b GDPR and the processing is performed by automated means and, provided the processing is not necessary for the performance of a task in the public interest or in the exercise of official authority, conferred on the controller.
In exercising his or her right to data portability pursuant to Art. 20, para. 1 GDPR, the user shall also have the right to have his or her personal data transmitted directly from one controller to the other, where technically feasible, provided this does not infringe the rights and freedoms of others.
To assert his or her right to data portability, the user may contact an employee of Specialty Diagnostix at any time.
8.7) Right to object
Each user affected by the processing of personal data shall have the right, granted by the European Regulator and based on reasons relating to his or her particular situation, to object, at any time, to the processing of his or her personal data based on Art. 6, para. 1, letters e or f GDPR, including any profiling based on these revisions.
Specialty Diagnostix GmbH will no longer process personal data in case of such an objection, unless the controller has compelling legitimate reasons for the processing which override the interests, rights and freedoms of the user or the processing serves the establishment, exercise or defense of legal claims.
Where Specialty Diagnostix GmbH uses personal data for marketing purposes, the user has the right to object, at any time, to the processing of his or her personal data for direct marketing. This also includes profiling, provided it is related to this direct marketing. If the user informs Specialty Diagnostix GmbH about his objection to the processing for direct marketing purposes, Specialty Diagnostix GmbH will no longer process the respective personal data for such purposes.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 80, para. 1 GDPR, the user, for reasons relating to his or her particular situation, shall also have the right to object to the processing of his or her personal data, unless the processing is necessary for the performance of a task performed for reasons of public interest.
To exercise his right to object, the user may directly contact any employee of Specialty Diagnostix GmbH. The user is also free to exercise his right to object in connection with the use of information society services, and notwithstanding Directive 2002/58/EC, by means of automated procedures that use technical specifications.
8.8) Automated individual decision-making, including profiling
Each user affected by the processing of personal data shall have the right, granted by the European Regulator, not to be subject to a decision based solely on automated processing – including profiling – that produces legal implications concerning said user or affects him or her to a significant extent, unless the decision (1) is necessary for entering into, or a performance of, a contract between the user and the controller, or (2) the decision is authorized by Union law or Member State law to which the controller is subject and this law contains suitable measures to safeguard the user’s rights and freedoms as well as his or her legitimate interests, or (3) is based on the user’s explicit consent.
If the decision (1) is necessary for the conclusion or fulfillment of a contract between the user and the responsible party or (2) is made with the express consent of the user, Specialty Diagnostix GmbH shall take appropriate measures to protect the rights and freedoms as well as the legitimate interests of the user, including at least the right to obtain human intervention on the part of the controller, to express his or her own position and to challenge the decision.
If the user wishes to assert his or her right regarding automated decision-making, the user may contact the controller at any time.
8.9) Right to revoke consent under data protection law
Each user affected by the processing of personal data shall have the right, granted by the European Regulator, to revoke his or her consent to the processing of personal data at any time.
If the user wishes to assert his or her right to withdraw his or her consent, the user may contact an employee of the controller at any time.
9.) Data protection regarding job applications and application procedure
The controller collects and processes the personal data of job applicants for purposes of the application procedure. This data processing may be performed electronically, in particular if an applicant has submitted his or her corresponding application documents to the controller electronically, by e-mail or via the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the work relationship in compliance with statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be deleted automatically two months after the letter of refusal, provided there are no other legitimate interests of the controller that may conflict with the erasure. Other legitimate interests in this sense may include a burden of proof regarding proceedings under the General Equal Treatment Act (AGG).
10.) Legal basis for processing of personal data
Art. 6, para. 1, letter a GDPR provides our Company with the legal basis for processing procedures, for which we obtain consent for specific processing purposes. If the processing of personal data is necessary for the performance of a contract to which the user is a party, e.g. in the case of processing procedures necessary for the delivery of goods or the provision of any other services or considerations, the processing is based on Art. 6, para. 1, letter b GDPR. The same applies to processing procedures that are necessary to perform pre-contractual measures, e.g. inquiries about our products or services. If our company is subject to any legal obligation requiring the processing of personal data, e.g. to fulfill fiscal responsibilities, processing is based on Art. 6, para. 1, letter c GDPR.
In rare cases, the processing of personal data may become necessary to protect the vital interests of the user or another natural person, if, for example, a visitor were injured in our facilities and his or her name, age, health insurance data or other vital information had to be forwarded to a physician, hospital or other third parties. Processing would then be based on Art. 6, para. 1, letter d GDPR. Finally, processing procedures could also be based on Art. 6, para. 1, letter f GDPR. This provision is the basis of all processing procedures that are not covered by any of the aforementioned provisions, if the data processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the user do not prevail. We are allowed to perform any such processing procedure specifically as they have been expressly mentioned by the European Legislator. Accordingly, a legitimate interest may be assumed if the user is a customer of the controller (recital 47, 2ndsentence GDPR).
11.) Legitimate interests in the processing pursued by the controller or a third party
If the processing of personal data is based on Article 6, paragraph 1, letter f GDPR, our legitimate interest is to conduct our business for the well-being of our employees and shareholders.
12.) Storage period of personal data
The criterion for the storage period of personal data is the respective legal retention period. After the expiry of this period, the corresponding data will be deleted routinely, provided they are no longer necessary for the fulfillment or initiation of a contract.
13.) Legal or contractual regulations for the provision of personal data; necessity for conclusion of contract; obligation of the user to provide personal data; potential consequences of the failure to provide data
We would like to inform you that the provision of personal data may in part be a legal requirement (e.g. tax regulations) or may result from contractual regulations (e.g. information on the contractual partner). Sometimes, it may be necessary for the conclusion of a contract that a user provides us with personal data which will subsequently be processed by us, e.g. if the user concludes a contract with our company. If the user fails to provide personal data, a contract cannot be concluded. Prior to submitting personal data, the user should contact one of our employees, who will inform the user, on a case by case basis, whether the provision of personal data is legally or contractually required or necessary for the conclusion of the contract, whether there is an obligation to provide personal data, and what consequences the failure to provide such personal data would have.
14.) Existence of automated decision-making
As a responsible company, we waive the right to an automated decision-making or profiling.