Privacy Policy

In our view, protection of personal data and privacy should be transparent, easily understandable and above all fair to all concerned. For that reason and in compliance with the General Data Protection Regulation (hereinafter referred to as “GDPR”), we would like to inform you in this privacy policy about which personal data we collect and use, whether these data are passed on to third parties, and if so, which data, how long we store the data and what your rights are if you are not convinced that we handle your data responsibly. Should any questions nevertheless remain unanswered, please do not hesitate to contact us using the details provided further below.

Definitions
To make sure we are on the same page, we wish to clarify some definitions at this point. This ensures that all those involved know what we are talking about and what assumptions we are making in the following statements.

Personal data: ‘Personal data’ means any information relating to an identified or identifiable natural person (referred to in the following as the ‘data subject’). An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier, or to one or more features specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity. 

Processing: ‘Processing of personal data’ means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or other making available, alignment or combination, blocking, erasure or destruction.

Restricted processing: This is understood as the marking of stored personal data with the aim of restricting how they are processed in future.

Profiling: Any kind of automated processing of personal data that consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects of that individual’s work performance, financial situation, health, personal preferences, interests, reliability, behaviour, location or movements, is called ‘profiling’.

Pseudonymisation: ‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such data is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller: This is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Recipient: Any natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party: This is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent: This is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


1. Name and contact details of the controller

The controller for data processing is
InProcess Instruments GmbH
represented by its directors, Dr. Ernst Schröder, Carsten Laser
Sophie-Germain-Strasse 1
28201 Bremen
Germany
You can contact us by post, by E-Mail under data.protection@in-process.com or by telephone under +49 (0)421 52593-0.

The data protection officer for the controller for data processing is
IT-Kanzlei Lutz
Teerhof 59
28199 Bremen
Germany
Phone: +49 (0)421 40 892 66 - 0
Fax: +49 (0)421 40 892 66 - 9
www.hb-law.de
info@hb-law.de

2. Collection of personal data when using website for information
Except for the data that your browser sends to enable you to visit the website, we do not collect any personal data when the website is merely used to obtain information, in other words when you do not log in, register or send us information in order to use the website. The legal basis is Article 6 (1) f) GDPR.
The data collected are:
– IP address
– Date and time of the request
– Time zone difference from Greenwich Mean Time (GMT)
– Content of the request (specific web page)
– Access status/HTTP status code
– Volume of data transferred
– Website from which the request comes
– Browser
– Operating system and its interface
– Language and version of the browser software.
The IP address is used to identify the computer or the internet connection and is technically necessary for the website to be delivered to you. The legal basis for processing your IP address is Article 6 (1) b) GDPR.

3. Use of cookies
(1) On our websites we use cookies on the legal basis of Article 6 (1) f) GDPR. Cookies are small text files that are stored on your hard disk according to the browser you use and by means of which the entity placing the cookie (in this case us) collects certain kinds of information. Cookies cannot execute any programs or infect your computer with viruses. They are used to make the portal more user-friendly and efficient.
This website uses cookies to the following extent:
    – Transient cookies (temporary use)
    – Persistent cookies (use for a limited period)
a) Transient cookies are automatically deleted when you close your browser. These include session cookies, in particular. Session cookies store a ‘session ID with which various requests by your browser can be associated with the joint session. This allows your computer to be recognised when you return to the website. Session cookies are deleted when you log out or when you close your browser.
b) Persistent cookies are deleted automatically after a predefined period that may vary according to cookie. You can delete such cookies in your browser’s security settings.
(2) This stored information is stored separately from any further details provided to us. In particular, the data contained in the cookies are not linked to any other data.
(3) You can refuse your consent to such data processing at any time with effect for the future by preventing the storage of cookies through a corresponding setting in your browser software. However, please note that in such a case you might not be able to use all the functions of this website.

4. Use of functions provided by our website
(1) In addition to use of our website purely for information purposes, we also offer various services which you may use if they are of interest. To do so, you generally have to provide additional personal data, which we use to provide the respective service. If it is possible to provide additional details voluntarily, these are marked accordingly.
(2) When you contact us by email or by using the contact form, your email address and, if provided, your name and telephone number, will be stored by us so that we can answer your questions. The legal basis is Article 6 (1) b) GDPR.

5. Transfer of data to third parties
In some cases we use external service providers to process your data according to Article 28 GDPR. These have been carefully selected by us and commissioned in writing. They are bound by our instructions and are monitored by us on a regular basis. The service providers will not transfer any of these data to third parties.

6. Recipients or categories of recipients
If and insofar as we transfer your personal data to third parties, you will be notified explicitly thereof in the description of the respective data processing (e.g. when using our contact form in accordance with Article 6 (1) b) GDPR). We also, of course, use external providers for technical and organisational handling, with whom we have concluded processor contracts within the meaning of Article 28 GDPR. Examples of such processors include service providers for web hosting, for servicing and maintenance of our IT systems, etc.


7. Duration of storage
Your data are stored for as long as they are needed to achieve the respective purpose, but no longer than we are required by statutory regulations to keep them (e.g. we are obligated under commercial law to keep business letters, which can also include emails, for a period of ten years).


8. Your rights
In this section, we would like to give you full details of your rights.

8.1. Right to information
In accordance with Article 15 GDPR, you have the right to be informed by us at any time on request about whether personal data relating to you are processed by us.

8.2. Right to correction
In accordance with Article 16 GDPR, you also have the right to insist that any incorrect personal data relating to you are rectified without undue delay. Considering the purposes of the processing, your also have the right to require that incomplete personal data be completed, including by means of a supplementary statement.

8.3. Right to erasure (‘right to be forgotten’)
In accordance with Article 17 GDPR, you also have the right to insist that we erase without undue delay any personal data relating to you. We are obligated to comply with your request and to erase your personal data unless we are legally obligated or entitled to continue processing your data.

8.4. Right to restriction of processing
You have the right to require that we restrict processing of your data, if the statutory conditions in Article 18 GDPR are met.

8.5. Right to notification
If you have asserted the right to rectification, erasure or restriction of processing in accordance with Article 19 GDPR, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about those recipients.

8.6. Right to data portability
If your data are processed by us with your consent, or based on a contract, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller if and insofar as the statutory conditions specified in Article 20 GDPR are satisfied.

8.7. Right to object
Right to object in individual cases
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point e) or f) of Article 6 (1) GDPR, including profiling based on those provisions. We shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to object to processing of data for direct marketing purposes
Where personal data are processed for direct marketing purposes, in accordance with Article 21 GDPR you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8.8. Automated individual decision-making, including profiling
In accordance with Article 22 GDPR you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on you or significantly affects you in a similar way.
This shall not apply if the decision
a) is necessary for entering into, or performance of, a contract between you and a data controller;
b) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
c) is based on your explicit consent.

8.9. Right to revoke the declaration of consent under data protection law
According to Article 7 (3) GDPR you have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that took place based on your consent until revocation.

8.10. Right of complaint
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringe this Regulation.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

The competent supervisory authority for us is:
Die Landesbeauftragte für Datenschutz und Informationsfreiheit
Arndtstrasse 1
27570 Bremerhaven
Germany
Phone: +49 421 3612010 or +49 471 5962010
Fax: +49 421 49618495
E-Mail: office@datenschutz.bremen.de

 

Last update July 2020