Novatec Immundiagnostica GmbH, Waldstrasse 23, 63128 Dietzenbach, Germany and Virotech Diagnostics GmbH, Waldstrasse 23, 63128 Dietzenbach, Germany (“we” or “us”) are joint controllers (Art. 26 GDPR) of the website www.virotechdiagnostics.com (the “Website”).
B. Identity and contact details of the controllers
The parties responsible for this Website are:
Novatec Immundiagnostica GmbH
Waldstrasse 23 A6
Phone: +49 6074 23698-0
Virotech Diagnostics GmbH
Waldstrasse 23 A2
Phone: +49 6074 23698-0
C. Contact details of the data protection officer
Our data protection officer can be reached at the following contact details:
Data Protection Officer
D. Collection and processing of your personal data
I. What personal data do we collect?
1. Visit of our Website
Whenever you visit our Website the browser you use automatically sends information to the server of our Website. This information is temporarily stored in a so-called log file. The following information is collected and stored until automated deletion:
• IP address,
• date and time of request,
• time zone difference from Greenwich Mean Time (GMT),
• content of the request (specific page),
• access status /HTTP status code,
• amount of data transferred in each case,
• website from which the request originates,
• operating systems and related interface,
• language and version of the browser software,
We process the aforementioned personal data to ensure a smooth connection and user-friendly experience of the website, to ensure network and information security, to evaluate system security and stability, and for administrative purposes. The legal basis for processing the data is Art. 6 para 1 lit. f) GDPR. Our legitimate interest follows from the aforementioned purposes of processing the data. We do not use data to draw conclusions about you as an individual.
2. Contract performance
For the performance of contracts with you we process the following personal data:
• first and last name
• contact data
• information required to fulfil our contractual obligation
The legal basis for our personal data processing is Art. 6 para 1 lit. b) GDPR. Personal data is processed so as to be able to identify you as our customer and to fulfil our contractual obligations, to correspond with you, to issue invoices and to establish, exercise or defend legal claims.
3. Contact form or other contact with us
If you use our contact form offered on our Website or contact us in any other way, the following data is collected by us:
• first and last name
• postal address
• email address
• content of your message
All other information is provided voluntarily and is not required for processing the request. The collection of the personal data is based on your consent according to Art. 6 para 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future. To do so, please send us an
e-mail using our above-mentioned e-mail address. Revoking your consent has the consequences that we will no longer continue the data processing based on this consent for the future and will delete the data unless there is another legal basis or there are statutory retention obligations.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. If you subscribe to our newsletter, the following data will be collected, stored and processed by us:
• page from which page was request (so-called referrer URL)
• date and tome of the request
• description of the type of web browser used
• IP address of the requesting computer
• e-mail address
• date and time of registration and confirmation
The personal data from the newsletter is processed for the purpose of sending the newsletter, you consent to the processing of personal data. The legal basis for this is Art. 6 para 1 lit. a) GDPR. You can revoke your consent at any time due future effect of your data and email address as well as their use for sending the newsletter at any time, e.g., through the "unsubscribe" link in the newsletter.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
If you apply for a job, we process the following categories of personal data from you:
• master data (this includes e.g. name, gender, date of birth),
• contact details (this includes e.g. certificates, curriculum vitae),
• data on professional development and acquired skills (including e.g. education and training, work experience, additional qualifications)
All personal data is processed exclusively for the following purpose:
• initialization, establishment, implementation and termination of the employment relationship,
• declarations and declarations based on legal obligations or otherwise permitted by law,
• protection and enforcement of our legitimate interests,
• Legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. b lit. c and lit. f) GDPR.
If you have provided "special categories of personal data" as defined by Art. 9 GDPR in your application (e.g. a photograph showing your ethnic origin or your eyesight, information on being severely disabled, marital status), this is done on the basis of your consent according to Art. 9 para 2 lit. a) GDPR.
However, we would like to evaluate all applicants on the basis of their qualifications only, therefore we kindly ask that such information be omitted from the application if possible.
Your data will only be passed on to companies within the group of companies, unless we are legally obliged to pass on your data to other bodies.
II. Transfer of personal data to third parties
We will not disclose your personal data to third parties, unless
• you have given us your consent to this according to Art. 6 para 1 lit. a), Art. 9 para 2 lit a) GDPR
• the disclosure is necessary under Art. 6 para 1 lit. f) GDPR in order to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding and legitimate interest in non-disclosure of your personal data,
• in the case there is obligation of disclosure according to Art. 6 para 1 sentence 1 lit. c GDPR, or
• permissible by law and necessary for the performance of contracts with you pursuant to Art. 6 para 1 lit. b) GDPR.
If we process your personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. If there are no legal permissions, we only allow data to be processed in a third country if the special requirements of Art. 44 et GDPR are met.
III. Storage and Deletion of personal data
Your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies.
However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is provided for by legal regulations to which we as the responsible party are subject to. If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
E. What rights do you have regarding your data?
You have the right:
• to ask for information about your personal data processed by us (Art. 15 GDPR). You may specifically ask for information as to the purpose of such processing, the categories of personal data concerned, the categories of recipients to whom your personal data has been or is being disclosed and the length of time that it is intended to be kept, as to the existence of a right to amend, delete or limit such processing or raise an objection, the existence of a right of appeal, the origin of your personal data if it has not been obtained from us and as to the existence of automated decision-making, including profiling, and details of any significant information;
• to require the rectification without undue delay of inaccurate personal data processed by us or the supplementation of personal data processed by us (Art. 16 GDPR);
• to require the erasure of personal data, without undue delay, processed by us unless its processing should be necessary in the exercise of the right of freedom of expression and information, to fulfil a legal requirement, for reasons of public interest or in order to establish, exercise or defend of or defend legal claims (Art. 17 GDPR “right to be forgotten”);
• to require a restriction to be put on the processing of your personal data where the accuracy of the personal data is contested by you, processing is unlawful and (at the same time) you oppose the erasure of the personal data or when we no longer need the data but you require it in order to establish, exercise or defend legal claims or where you have filed an objection to processing under Art. 21 GDPR (Art. 18 GDPR);
• to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to require the data to be transmitted to another data controller (Art. 20 GDPR);
• to withdraw your consent at any time (Art. 7 para 3 GDPR). This means that in future we will no longer be allowed to continue with personal data processing to which your consent relates,;
• to lodge a complaint with a supervisory authority (Art. 77 GDPR):
Der hessische Beauftragte für Datenschutz und Informationsfreiheit
Telephone: +49 611 1408 – 0
F. Right to object
Where your personal data is processed for the purpose of legitimate interests under Art. 6 para 1lit. f) GDPR you have the right under Art. 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation or where the objection is levelled at direct marketing. In the latter case you have a general right to object which will be implemented by us without a particular situation having to be specified.
If you should wish to exercise your right to object or ask for rectification, we kindly ask you to send us an email to the above specified email address.
G. Data security
When our website is visited, we use the SSL method (Secure Socket Layer) in conjunction with the highest level of encryption that is supported by your browser. This will generally be 256-bit encryption. If your browser should not support 256-bit encryption we will have recourse to 128-bit v3 technology. You can see whether a particular page of our website is transmitted encrypted from the closed-form display of the key or padlock icon in the bottom status bar of your browser. We also apply appropriate technical and organisational security measures to safeguard your personal data from accidental or deliberate manipulation, complete or partial loss, destruction or access by unauthorised third parties. Our security measures are continually being improved in line with technological progress.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:
• Technical cookies: these are essential to navigate the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes nor do they record which websites you have visited;
• Performance cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur during use of the website; they do not collect any information that could identify you - all information collected is anonymous and is only used to improve our website and to find out what interests our website users;
• Advertising and targeting cookies: These are used to provide the website user with tailored advertising on the website or third party offers and to measure the effectiveness of these offers; Advertising and Targeting Cookies are stored for a maximum of 13 months;
• Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.