Information about the use of your personal data on our website
We take the privacy of your personal data seriously and comply with applicable data protection law. We would like to inform you about the processing of your personal data. You can review this information at any time at the bottom of each page of our website under the heading "Legal Information & Data Privacy Statement".
1. The controller and data protection officers
The controller for purposes of Article 4 number 7 General Data Protection Regulation ("GDPR") is
(also referred to in this Data Privacy Statement as "Eppendorf", "we" or "us").
If you have any questions or suggestions about data protection, you can also contact us by email at the address firstname.lastname@example.org.
You can contact our data protection officer at email@example.com.
2. Subject of data protection and processed data
Data protection involves personal data. Pursuant to Art. 4 no. 1 GDPR these personal data consist of all information which relate to an identified or identifiable natural person; such as, for example, the name or identification number.
Many data we process result directly from the respective context of the processing:
As soon as you visit our website, we automatically collect and store certain use data. This includes the IP address assigned to your computer which we need in order to transmit the content of our website you accessed to your computer or other end-device, (e.g. text, images, games and product information, as well as data files made available for downloading, etc.).
We also collect and store information about the use of the website, for example, the type of browser and operating system that are used as well as the data and time when you use the website as well as the URL of the previously visited website. We process your data, in order to provide the website and the related functions to you.
When you use specific functions, for example, placing an order on our website, we also process the data which are required to provide the function. In the case of an order, for example, we process the data you have entered to fill the order. When you complete the contact form, we use the data to conduct correspondence with you.
We also describe in this Data Privacy Statement the other categories of personal data we process with regard to the respective topic.
3. Purposes and legal basis of the processing
3.1 We process your data on the basis of a consent you have issued (Art. 6 para. 1 lit. a GDPR) in the scope described in the respective consent and for the purposes explained there.
3.2 We process your personal data for the following purposes on the basis of performing a contract or carrying out a pre-contractual measure (Art. 6 para. 1 lit. b GDPR):
- to display our website
- to process your orders, including payment as well as providing customer service (for example, returns)
- to carry out our special functions involving myEppendorf (e.g. epPoints, product registration)
- for the purpose of ordering or cancelling subscriptions, newsletters and webinars
- to process online applications
- to carry out competitions or contests
3.3 We process your personal data for the following purposes in our legitimate interests, especially the protection of our IT infrastructure, assuring satisfactory customer communications and promoting the sales of our products (Art. 6 para. 1 lit. f GDPR):
- to get to know our customers better
- to process other contact from you (e.g. in the case of questions, suggestions or other notifications)
- to protect against fraud
- to optimize our offering (especially also to structure our website appropriately for the demand)
- to maintain IT security
- to send you information about products and activities which might be of interest to you
We process these data only to the extent your interests, fundamental rights or fundamental freedoms (especially protection of your personal data) do not outweigh our legitimate interests described above.
3.4 In exceptional situations, it is also possible that we process your data to fulfill a legal obligation (Art. 6 para. 1 lit. c), to protect vital interests (Art. 6 para. 1 lit. d) or to carry out a task in the public interest (Art. 6 para. 1 lit. e).
4. Other collection and use of your data
4.1 Session cookies
We store so-called "cookies", in order to offer to you comprehensive functionality and to make the use of our websites (for example, online purchasing) more comfortable for you. "Cookies" are small data files which are stored on your computer by your internet browser. If you do not want to use "cookies", you can prevent the storage of "cookies" on your computer with corresponding settings in your internet browser. Please note that the functionality and extent of the functions in our offering can then be limited.
4.2 Data analysis using pseudonymized use profiles
4.2.1 Data analysis using Google services
We use the web analysis services Google Analytics, AdWords Conversion-Tracking, DoubleClick Campaign Manager, DoubleClick Bid Manager and Invisible reCAPTCHA of Google LLC ("Google"). These Google services use "cookies", i.e. text data files stored on your device which enable an analysis of how you use the website. The information about your use of this website produced by the cookie (including your IP address abbreviated with the last octet) are transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, compile statistical reports about website activities for us and to provide additional services related to the use of our website and the internet. For example, we can see with the "remarketing" function in Google Analytics which visitors have accessed specific pages and placed specific items in the shopping cart. The remarketing function allows us to present to users of our website advertisements based on their interests on other websites within the Google advertising network (in Google search or on YouTube, so-called "Google ads" or on other websites).
According to Google's own statements, Google does not merge the data collected in the context of remarketing with your personal data, which may be stored by Google. According to Google, in particular pseudonymisation is used for remarketing.
Google will also transmit this information as needed to third parties if this is required by law or to the extent third parties process these data at the order of Google. More further information about how Google uses your data can be found in the Google data privacy statement: https://policies.google.com/privacy.
You can deactivate the Google services with a browser add-on if you do not want website analysis. You can download this add-on here: http://tools.google.com/dlpage/gaoptout.
As an alternative, you can regulate the use of individual cookies also with the privacy settings in your browser or at the following website: http://www.youronlinechoices.com/uk/your-ad-choices.
4.2.2 Use of MediaMath
We also use MediaMath Analytics & Insights, a web analysis service of Media-Math, Inc. ("MediaMath"). MediaMath uses so-called "cookies", i.e. text data files which are stored on your device and enable an analysis of how you use the website. The data stored here can, for example, include the type of browser, the operating system, the browser language, the IP address and the internet provider.
MediaMath processes the data linked with your end-device to create a pseudonym, a so-called "MediaMath-ID". This unique MediaMath-ID is then potentially stored in a cookie on your website and helps to provide relevant advertisements for you. The MediaMath-ID and other information collected through the platform can also help us to measure your activity on our website and, thus, determine the effectiveness of the advertisements provided through the platform. This enables us to better meet your needs. This also enables us to display advertisements for those types of products which might interest you.
If you do not want MediaMath to process your described personal data in connection with this website, you can opt out, for example, using the privacy settings of your web browser or here: http://www.mediamath.com/ad-choices-opt-out/.
In the alternative, you can opt out of cookies here: http://www.youronlinechoices.com/uk/your-ad-choices.
4.2.3 Use of Dynamic Yield
We use the services of Dynamic Yield Ltd. With the personalization tool Dynamic Yield our website is optimized in order to make your website visit a personal experience through tailor-made recommendations and content. We use the page content you call up to recommend relevant content to you. Dynamic Yield collects pseudonymized information about your usage activities on our site. Cookies are used to store exclusively pseudonymized information under a randomly generated ID (pseudonym). A direct personal reference is therefore not possible. You can object to this recording at any time by clicking on this link and activating the opt-out (https://www.dynamicyield.com/privacy-policy/#optinout). An opt-out cookie is set to prevent the future collection of data from your visit to this website. Further information on Dynamic Yield and DSGVO: https://www.dynamicyield.com/gdpr/.
4.3 Use of Google Maps
We use the Google Maps API (an interface to include Google Maps in our website), a service of Google LLC ("Google"). This has the purpose on our website of enabling you for example to plan how to get to us.
When using Google Maps, information about your use of our website (including your IP address) can be transmitted to a Google server in the USA and stored there. We do not know the details about how the data are processed.
When you are logged in with Google, your data can be attributed by Google to your account. Google can store these data as use profiles and use these data for purposes of advertising, market research and/or designing its website to meet demand.
Google will also transfer this information as needed to third parties if this is required by law or to the extent third parties process these data at the order of Google. You can find more information about how Google uses your data in the data privacy statement of Google: https://policies.google.com/privacy.
You can deactivate the Google services by means of a browser add-on if you do not want the website analysis. You can download this here: http://tools.google.com/dlpage/gaoptout. As an alternative, you can deactivate the Java script function in your browser or object to the use of your data directly to Google.
4.4 Involvement of payment service providers in Australia, Canada and USA
We use service providers to help us processing payments (for example, when you buy products from us). Our online store in Australia uses CyberSource Corporation HQ ("CyberSource"), our online stores in Canada and the US use Paymetric Inc. ("Paymetric").
If necessary, CyberSource and Paymetric use the data entered by you when placing your order to process the respective order on our behalf.
For more information on the purpose and scope of CyberSource's processing of your personal information, please visit: https://www.cybersource.com/privacy/.
For more information on the purpose and scope of Paymetric's processing of your personal information, please visit: https://www.paymetric.com/privacy-policy-2/.
5. Consequences of potentially not providing data
In addition to the data used to perform the contract (for example, your name, the delivery address, the ordered product, payment data etc.), we collect some data, in order to be able to provide for you the corresponding functions on our website or respond to your inquiries, for example, if you use our contact form for questions.
If you provide these data yourself, you are not required to provide this above-mentioned voluntary information. However, we are not able to provide the corresponding functions of our website to you or process your inquiries without these data.
6. Disclosure of data
6.1 Forwarding data to contract data processors
We need third party companies and external service providers bound by contract in order to render the services (the "Contract Processors"). In such situations, personal data are forwarded to these Contract Processors for further processing. These Contract Processors are carefully selected by us and regularly checked in order to make sure that your privacy is preserved. The Contract Processors can only use the data for the purposes we determine and are furthermore required by us under the contract to handle your data exclusively in accordance with this Data Privacy Statement as well as applicable data protection laws.
6.2 Other transmission of data
Aside from this, we forward your personal data without your consent only in the situations permitted by law. Such a transfer of data can especially be permissible in the following situations:
- The processing is necessary to fulfill a legal obligation or is in the legitimate interests of Eppendorf, for example, due to corresponding demands for transfer by public authorities.
- The processing is necessary to perform a task in the public interest or in the exercise of official authority vested in Eppendorf.
6.3 Data transfer to Third Countries
We potentially transmit your personal data in the context of a business relationship to the respectively responsible local company in the Eppendorf Group. You can find a complete list of our branches here.
We assure a reasonable level of data protection in corresponding data transmissions by concluding so-called standard agreements published by the European Commission. You can access those agreements here.
Through the use of the analysis tools, data are transferred to countries outside the European Economic Area ("Third Countries"), e.g. to the USA. In order to assure the protection of your rights of privacy also in this regard, Eppendorf will never transmit your data to Third Countries if a level of data privacy equivalent to the GDPR is not assured there.
The European Commission decided by a resolution dated 12 July 2016 with regard to the USA that a reasonable level of data protection exists under the provisions in the EU-U.S. Privacy Shield (the so-called "adequacy decision" pursuant to Art. 45 GDPR). We use the following service providers certified under the EU-U.S. Privacy Shield:
- Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- MediaMath, Inc., 4 World Trade Center 150 Greenwich Street, 45th Floor, New York, NY 10007
In addition, when structuring contractual relationships with service providers in Third Countries, we use the standard agreements of the EU Commission in accordance with Art. 46 para. 2 lit. c DSGVO. These are available here.
7. Erasure of your data
We store your personal data no longer than is necessary to achieve the respective purposes of the data processing (see point 3). Especially the following time periods apply in this regard:
- If you have concluded a contract with us or use our services, we generally process your data as long as necessary to perform the respective contract or provide the respective service and, if applicable, plus the period of time for any warranty or guarantee periods. If you have purchased a product from us, this period is normally two years after receiving the product.
- If you send us a message or we send you a message which is classified as a commercial or business letter, we delete the message six years after the end of the year in which the letter was received.
- It is possible when using some applications on our website that we retain back-up copies of certain information for a very limited period of time. When the related interest has expired (for example, by correction of the error or defending against cyber-attacks), we delete these data.
8. Your rights as the data subject
8.1 Right to information
You have the right to obtain information from us at any time on request about your personal data we have processed as set forth in Art. 15 GDPR.
This right is limited by the exceptions in § 34 German Data Protection Act (Bundesdatenschutzgesetz, "BDSG"), according to which the right to obtain information especially does not exist if the data are stored solely on the basis of retention requirements in the law or to secure data and monitor data privacy or if granting the information would require a disproportionate effort and improper use of the data processing is prevented by appropriate technical and organizational measures.
8.2 Right to correction
You have the right to demand from us the correction without undue delay of your personal data if these data are incorrect.
8.3 Right to erasure
You have the right to demand from us the erasure of your personal data under the prerequisites set forth in Art. 17 GDPR. These prerequisites are especially satisfied if the respective purpose of the processing has been achieved or otherwise no longer applies as well as if we have illegally processed your data or if you have cancelled a consent and the data processing cannot be continued on another legal basis or if you have successfully objected to the data processing (see point 7.6), and in cases where there is a duty to erase on the basis of the law of the European Union or the law of a EU Member State to which we are subject.
This right is subject to the limitations in § 35 BDSG, according to which the right to erasure can especially not exist if there is a disproportionately high effort for erasure in the case of non-automated data processing and your interest in the erasure is considered to be low.
8.4 Right to restrict processing
You can demand from us pursuant to Art. 18 GDPR that we only process your personal data within certain restrictions. This right exists especially if the accuracy of the personal data is in dispute, if you demand restricted processing instead of erasure when the prerequisites for a legitimate demand for erasure exist (point 7.3); also in the event that the data are no longer needed for our purposes, but you require the data for the assertion, exercise or defense of legal claims as well as if the result of an objection is still in dispute.
8.5 Right to data portability
You have the right under Art. 20 GDPR to receive from us the relevant personal data you have provided to us in a structured, common, machine-readable format as well as the transfer of these data to another controller.
8.6 Right to object
You have the right to object at any time to the processing of your personal data carried out either in the public interest or to preserve our legitimate interests for reasons resulting from your specific situation. We will stop processing your personal data unless we can prove that there are material grounds for the processing which are deserving of protection and outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend against legal claims.
If you object to the processing of your data for advertising purposes, we will, in any event, stop this processing.
8.7 Exercise of these rights
Please, contact us if you would like to exercise these rights, for example, by email to: firstname.lastname@example.org.
8.8 Right to object
If you have issued a consent to the processing of your personal data, you can revoke this consent at any time, for example, at email@example.com. We will stop the processing of your personal data covered by the consent starting at that point in time unless we carry out the respective data processing on another legal basis (e.g. in order to continue to be able to fulfill contracts with you).
8.9 Right to raise complaints
If you are of the view that the processing of your personal data violates the GDPR, you also have the right to raise complaints with a supervisory authority, especially in the Member State where you have your domicile, your place of employment or at the location of a suspected violation.
9. Amendments to this Data Privacy Statement
The services provided by Eppendorf can be changed from time to time, especially to further improve the functionality of our website. Such changes can also have an effect on the use of your personal data. Eppendorf accordingly reserves the right to amend this Data Privacy Statement. You can find the respectively current version at our website under the heading "Legal Information & Data Privacy Statement". Please use this to regularly inform yourself about the current status of the Data Privacy Statement.
This present version of the Data Privacy Statement applies starting on 23 May 2019.