Privacy policy
Notes and information on data protection according to Art. 13 of the European Data Protection Regulation (DS-GVO)
We - CLS Cell Lines GmbH - are the operator of the website https://www.cls.shop. We take the protection of your personal data very seriously. For this reason, we hereby inform you about the processing of personal data concerning you and about your rights under the General Data Protection Regulation (EU-DSGVO No. 2016/679, hereinafter referred to as "DS-GVO").
In the following, we would like to explain which personal data is processed in connection with a visit to our website, a contact request, an order via an order form, an order in our online store, and when a newsletter is sent. In this context, we would like to explain to you, among other things, to what extent, for what purpose and on what legal basis the data processing takes place and the rights you are entitled to.
According to Art. 4 No. 1 of the DS-GVO, personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly. Further information on this can be found in Art. 4 No. 1 DS-GVO, among others. IP addresses are also considered personal data, which are transmitted (anonymized) to our web server when our website is accessed. You can find out more about this below.
This privacy policy can be accessed, saved, and printed out at any time under Privacy Policy.
1. Responsible person; contact details
The person responsible within the meaning of Art. 4 No. 7 DS-GVO for the processing of personal data is:
CLS Cell Lines Service GmbH
Managing Director: Dr. Rosemarie Steubing
Dr. Eckener-Str. 8
69214 Eppelheim
Phone: +49 6221 405780
Fax: +49 (0)6221 700717
E-Mail: info@cls.shop
Please direct any privacy questions to info@cls.shop
2. Processing of your personal data and data protection
In this section, we describe the type, scope, purposes and legal basis, recipients, and storage period of automated data processing and whether data is transferred to third countries, if applicable.
2.1 Websites and online storage
2.1.1. Server-Base collection of usage data in log files during surfing
When you access our website https://www.cls.shop, a request is sent from your web browser via the end device you are using (e.g., PC, tablet, or smartphone) to our web server. The web server used for this purpose creates an event log in text format about the requests or the communication between your web browser and our website or the web server (e.g., when calling up an image or HTML file on our website), the so-called log files. Only that information is logged which your web browser transmits to our web server as part of the request or which must be exchanged for technical reasons, e.g., for network communication (so-called usage data). The following information is stored in the log files:
- IP address of the requesting internet connection (anonymized),
- Date and time of access,
- Referring website (referrer URL), i.e., the page from which the request to load the file was sent,
- Requested element or file (e.g., image.jpg) and protocol used (e.g., HTTP/1.1.),
- Response code,
- Amount of data transferred in bytes,
- Browser software used to send the request (e.g., Firefox version 3.6.6),
- Type of the operating system (e.g., Windows XP).
Under certain circumstances, the usage data can lead to the possibility of tracing you as a user via the web browser requests of your end device via the IP address and possibly other data stored in the log files. Therefore, the use of our website involves the processing of personal data.
The (anonymized) IP address is required so that your web browser can establish a connection to our website. The collection of further information on usage, in particular on the web browser and the operating system used, is technically necessary for the following reasons:
- Ensuring a smooth connection of the website,
- Ensuring a comfortable use of our website,
- Evaluation of system security and stability (e.g., to defend against attempted attacks on our web server).
The legal basis for data processing when using log files is Art. 6 para. 1 lit. c DS-GVO, as the usage data is necessary for the implementation of the use of our online offer to enable secure communication between our web server and your terminal device and to ward off attacks by hackers on our web server.
To detect attacks, we store non-anonymized IP addresses for a maximum of 14 days, after which they are deleted. Log files whose further storage is required for evidentiary purposes are exempt from deletion until the final clarification of the respective incident and may be passed on to investigating authorities in individual cases.
2.1.2. Client-based collection of usage data through cookies and services based on them
At various points on our website, in addition to the server-side log files, we use so-called cookies, via which we process usage data directly via your web browser of the end device you are using (e.g., PC, tablet, smartphone). Cookies are small files in text format that are either sent from the web server to the web browser with the help of your internet browser or generated in the web browser by a script (e.g., JavaScript) and then, when you visit the website again with the same terminal device, they are either sent back to the website that generated them (provider cookies/first-party cookies) or sent to another website or to an external provider of online services (e.g. via a plug-in) to which it belongs (third-party cookies/3rd-party cookies). As a result, the website automatically recognizes that it has communicated with this browser before and identifies the web browser used.
Some cookies are technically necessary, as they enable the use of our website in the first place and thus make it usable. Other cookies are not necessary but improve certain functions or support you the next time you visit our website by saving the settings of the web browser when you call up a website again that you have already visited several times, or by generating analyses of your surfing behavior to help us design tailored advertising for our products or the products of other providers (so-called performance/analysis cookies).
The cookies we use can be divided into the following different categories:
- Necessary cookies,
- Statistic / Analysis Cookies
- Marketing cookies
- Store search
- Comfort cookies
We use cookies from third-party providers, in particular from "Google".
You can find more detailed information on this in our cookie settings on our website under "Cookie Preference".
(1) Configuration and elimination of cookies in the web browser of your terminal device
You have the option to configure the setting of cookies on your end device yourself at any time. You can restrict or completely prevent the setting of cookies in your browser settings. You can also arrange for the automatic deletion of cookies when closing the browser window. You can find out how to delete cookies in the most common web browsers and change the cookie settings here, among other things:
In addition, you can configure the settings for the cookies used on our website (apart from the technically mandatory cookies) on our website ("cookie settings"). You can find out more about this below under (2) (Configuration of cookies) and (3) (Categories of cookies).
Note: The settings you make on your end device only apply to the web browser used on the end device you are using.
(2) Configuration and elimination of cookies in the cookie settings on our website
You can - apart from the technically necessary cookies - decide for yourself whether to allow further cookies. In this respect, you will be informed about our cookie categories via a cookie layer on our websites and asked whether you want to give us your consent for the statistics/analysis cookies.
We use the consent management service of ACRIS E-Commerce GmbH for this purpose. This allows us to obtain and manage the consent of website users for data processing.
The functionality of our website is not guaranteed without the processing, insofar as we are required by law to obtain and prove consent under data protection law in certain cases.
When you visit our website, the cookie settings are initially displayed in the navigation menu. Functional cookies, which maintain the functionality of the website, are always necessarily active, and marketing, statistics, analysis, store search, and comfort cookies are all activated via the "ACTIVE" button; if you click the "ACCEPT ALL" button, you consent to the setting of the marketing, statistics, analysis, store search, and comfort cookies and the associated data processing. However, you can also reject individual cookie categories via the "ACTIVE/INACTIVE" button and then click the "Save" button. In this case, your consent refers to the respective selected category of cookies.
On our website, you can subsequently change or completely revoke your consent at any time in the navigation menu under "Cookie settings" by restricting the selection of cookies accordingly ("INACTIVE").
For more details on the cookies used in general, please refer to the sections below.
(3) Categories of cookies and legal basis
Cookies are used on this website. Cookies are small text files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar). In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we thereby gain immediate knowledge of your identity. Some of the cookies we use are deleted at the end of the browser session (so-called session cookies).
The details of the cookies we use can be found in our cookie settings under "COOKIE SETTINGS".
Technically necessary cookies
The use of technically necessary cookies is necessary to ensure the proper and secure operation of our websites and their functionalities, and to make our website available as a whole. These cookies are set, for example, to enable basic functions of the website, to store the setting of your cookie preferences, to provide secure authentication that allows you to log into your customer account, to enable the completion of forms. A necessity is given, for example, with regards to ensuring the following functionalities / achieving the following purposes:
- Displaying the order form and input,
- Enabling and maintaining log-in,
- Ensuring system security,
- Storage of your consent in "cookies".
The legal basis for this data processing is Art. 6 para. 1 lit. b (contract initiation, contract conclusion) DS-GVO, § 25 para. 2 no. 2 TTDSG.
In regard to data processing that is necessary for the operation of the website, you do not have the right to object.
Marketing, statistics/analysis cookies
According to legal requirements, the storage of information on end devices (desktops, cell phones, tablets, etc.) - e.g., by setting cookies that are not technically necessary - and the retrieval of information from end devices for the purpose of tracking is generally only permitted if you have given your prior consent. We obtain this consent via the cookie settings.
The legal basis for this data processing is Art. 6 para. 1 lit. a (consent) DS-GVO, § 25 para. 1 TTDSG.
Right of revocation: You have the right to revoke your consent to the use of personal data obtained through marketing, statistics/analysis cookies for the future. To do this, you can make the necessary changes in the cookie settings in the navigation menu ("INACTIVE") or change the settings in your browser.
Withdrawal of consent means that no more data will be transmitted to our website on the terminal device used by you when you submitted your objection.
2.1.3. Collection of usage data by third-party web analytics services and search technologies
(1) Google Analytics
For the purpose of demand-oriented design and continuous optimization of our websites, further processing of data collected on the basis of consent given is carried out by the use of Google Analytics. Google Analytics is a web analytics service provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called "cookies" (text files), which are stored on your computer, and which enable an analysis of your use of the website (e.g., _ga_R7E5LJ3DQN). Google uses this information to evaluate your use of the website and to compile reports on website activity.
In particular, the following data are processed:
- IP address of the requesting end device,
- Browser type / version,
- Operating system used,
- Website from which the store is accessed (so-called origin or referrer URL),
- Date and time of the request,
- Cookie ID,
- Usage data,
- Downloads,
- Clicked ads,
- Click path (interaction with the web page),
- Location information,
- Language settings,
The legal basis for this data processing is Art. 6 para. 1 lit. a (consent) DS-GVO, § 25 para. 1 TTDSG.
You can prevent the collection of data by Google Analytics here.
Right of revocation: You have the right to revoke your consent to the use of personal data obtained by Google Analytics for the future. You can revoke here or go to our cookie settings in the navigation menu to make the necessary changes ("INACTIVE") or change the settings in your browser.
Withdrawal of consent means that Google Analytics will no longer collect data on the terminal device used by you on our website when you object.
The anonymized user and event data is stored for 2 years by default and then deleted.
According to Google, the data processing takes place in the EEA/EU.
Through the integration of Google services, Google may collect information (including personal data) and process it. It cannot be ruled out that Google also transmits the information to a server in a third country.
The transmission to the USA depends on the function in which personal data is transmitted. As the responsible party, we ourselves may transfer data to Google in the USA for further use.
Currently, there is no adequacy decision according to Art. 45 DS-GVO.
However, the transfer can be based on standard contractual clauses. Google has committed to comply with the Standard Contractual Clauses for the transfer of personal data to third countries under Directive 95/46/EC (Standard Contractual Clauses - SCC).
For more information on the standard contractual clauses, please visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractuals-clauses-scc_de and https://policies.google.com/privacy/frameworks?hl=de.
Google Ads is an online advertising program from Google. It allows us to create online ads to reach users at the exact moment they show interest in our products or services. Our goal is to increase awareness of our products and services and to generate more traffic to our website.
Through the integration of Google services, Google may collect information (including personal data) and process it. It cannot be ruled out that Google also transmits the information to a server in a third country.
The transmission to the USA depends on the function in which personal data is transmitted. As the responsible party, we ourselves may transfer data to Google in the USA for further use.
Currently, there is no adequate decision according to Art. 45 DS-GVO.
However, the transfer can be based on standard contractual clauses. Google has committed to comply with the Standard Contractual Clauses for the transfer of personal data to third countries under Directive 95/46/EC (Standard Contractual Clauses - SCC).
For more information on the standard contractual clauses, please visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractuals-clauses-scc_de and https://policies.google.com/privacy/frameworks?hl=de.
We ourselves cannot influence which data Google collects and processes. However, Google states that, in principle, the following information (including personal data) may be processed, among others:
- Log data (especially the IP address),
- Site-related information,
- Unique application numbers,
- Cookies and similar technologies.
Information on the types of cookies used by Google can be found at https://policies.google.com/technologies/types .
If you are logged into your Google account, Google may add the processed information to your account and treat it as personal data, depending on your account settings. Google states the following about this, among other things:
"If you are not signed into a Google account, we store the data we collect with unique identifiers associated with the browser, app, or device you are using. This allows us to ensure, for example, that your language settings are maintained across all browsing sessions.
If you are logged into a Google account, we also collect data that we store in your Google account and that we consider to be personal data (https://privacy.google.com/take-control.html).
You can prevent this data from being added directly by logging out of your Google account or also by making the corresponding account settings in your Google account.
For more information, please see Google's privacy policy, which you can access here: https://www.google.com/policies/privacy/.
For information on Google's privacy settings, please visit https://privacy.google.com/take-control.html.
(3) Doofinder
For the purpose of demand-oriented design and continuous optimization of our websites and to present you with suitable search results more quickly, we use the cloud-based software "Doofinder".
To identify individual users, the search technology uses so-called "cookies" (text files) set on your computer (see above Cookies 2.1.2.). In particular, the following data is processed:
- IP address of the requesting end device,
- Browser type / version,
- Operating system used,
- Date and time of the request, the amount of data transferred and the requesting provider (access data),
- Individual numerical identifier that is used to recognize the user as a returning visitor when the website is visited again.
Your data will be merged with those of Doofinder and processed there pseudonymously by our service provider, namely on their server, e.g., when using our store search, by automatically saving a so-called server log file, which contains, for example, your IP address, browser type/version, date and time of the retrieval, the amount of data transferred and the requesting provider (access data) and documents the retrieval.
The legal basis for this data processing is Art. 6 para. 1 lit. a (consent) DS-GVO, § 25 para. 1 TTDSG.
Right of withdrawal: You have the right to withdraw your consent to the use of personal data obtained by us and Doofinder-Cookies for the future. To do this, you can change the cookie settings Cookies in the navigation menu ("INACTIVE") or change the settings in your browser.
Withdrawal of consent means that no more data will be transmitted to our website on the terminal device used by you when you submitted your objection.
The recipient of the data is our search technology service provider Doofinder S.L., Madrid 28037, Rufino González 23 bis, 1º 1, Spain (EU), which operates under a commissioned data agreement. The data processing takes place in the EU/EEA. There is no data transfer to third countries.
Session cookies are stored for 24 hours and then deleted.
According to Google, the data processing takes place in the EEA/EU.
For more information on Doofinder search, please visit https://www.doofinder.com/de/ and read Doofinder's privacy policy: https://www.doofinder.com/de/privacy-policy.
(4) ACRIS Cookie Consent Tool
For the purpose of consent management, we use the software ACRIS, as shown above under 2.1.2. (2). As soon as you enter our website, so-called "cookies" (text files) are set, which are stored on your computer (see above cookies under 2.1.2.). In particular, the following data is processed:
- IP address of the requesting terminal (the last three digits are set to '0'),
- Browser type / version,
- Operating system used,
- Website from which the store is accessed (so-called origin or referrer URL),
- User settings,
- Date and time of consent,
- The cookies allowed by the user with cookie ID,
- An anonymous, random, and encrypted key your end-user consent status as proof of consent.
In addition to the necessary session cookies, an ACRIS cookie stores for 30 days which cookies you have allowed as a user. This means that your cookie preference is retained for subsequent page requests.
The consent data (consent given and revocation of consent) is stored for three years. The data will then be deleted immediately.
The processing by us is necessary for the fulfillment of a legal obligation (Art. 7 para. 1 DS-GVO) to which we are subject (Art. 6 para. 1 p. 1 lit. c DS-GVO).
The recipient of the data is our service provider Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (EU), which operates under a commissioned data agreement
Your personal data will be deleted consecutively after 12 months or immediately after the termination of the contract between us and Cybot.
The data processing takes place in the EU/EEA. A data transfer to third countries does not take place.
2.2 Collection of data when contacting us
You have the option of contacting us or our service providers by mail, telephone, or e-mail or via the form provided in the footer navigation menu on our website. This includes the following information:
- First name and last name,
- Company name,
- Homepage,
- E-mail,
- Subject and/or order number,
- Content of the conversation or contact request.
When submitting the online contact form, mandatory data is collected (your e-mail address, subject, and message). In addition, the following data is stored:
- Your IP address,
- Date and time of submitting the form.
In addition, you can add further data as voluntary information (e.g., messages).
In addition, you can send us orders via an order form (pdf) by e-mail or fax. For this purpose, the following information is collected in particular:
- Date and time of the order,
- Customer number (if available),
- Company name,
- Billing address / delivery address or different delivery billing address,
- E-mail address,
- Ordered goods,
- billing and payment information, if applicable.
The purpose of the processing of the personal data within the scope of the mandatory data as well as the voluntary data is to process the contact request, to be able to contact you for the purpose of your request, or to accept an order.
The other personal data processed during the submission of the contact form (IP address, date, and time of submission) are used to prevent misuse of our contact form.
The legal basis for the processing of personal data provided by you in the context of the use of our contact form is Art. 6 para. 1 lit. b (contract initiation, contract conclusion) DS-GVO and our legitimate interest pursuant to Art. 6 para. 1 lit. f DS-GVO. We have a legitimate interest in preventing or being able to prove misuse of our contact form on our website.
Right of objection: You have the right to object to data processing pursuant to Art. 6 (1) f DS-GVO. You can send or inform us of your objection at any time (e.g., by e-mail to info@cls.shop).
The personal data collected during your contact request or order will generally only be stored as long as necessary to process your request. In all other cases, we will delete your personal data, provided that the deletion does not conflict with any statutory retention/storage obligations.
2.3 Collection of data when creating a customer account
A connection to the internet is required for registration. When calling up the respective website, the following personal data is processed:
- IP address of the requesting end device,
- Name and URL of the retrieved file,
- Website from which the store is accessed (referrer URL),
- Date and time of connection establishment and login,
- Language and version of the browser software used,
- Choice between company or university / non-profit organization,
- Company name,
- First and last name of the orderer,
- The displayed/entered account address/delivery address or different delivery address,
- E-mail address.
After successful registration you will be logged in and can fully use the customer account. Your access data is stored in the so-called Shopware backend. The password is not visible and not stored in plain text format but as a so-called hash value.
A registration of the user or the opening of a customer account is necessary for identification and for the administration of your orders in our store and accordingly serves the implementation of pre-contractual measures as well as the fulfillment and execution of a contract, of which you as the user are a contracting party.
The legal basis for the processing of data when creating a customer account is Art. 6 (1) b DS-GVO, i.e. you provide us with the data based on the agreement to use our free customer account. After setting up a customer account, no new data entry is required. In addition, you can view the data stored about you in your customer account at any time.
Changing the data is possible either directly or after contacting us.
You have the option of having your customer account deleted by contacting us. If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion - in particular retention periods under tax and commercial law. In this case, your data will be archived for the clarification of any billing-relevant issues and within the framework of the statutory retention periods.
2.4. Collection of data for orders in the store (with registration in the customer account)
When you register, we process the data necessary for the conclusion, execution, or termination of a contract. For this purpose, the following information is collected in particular:
- the IP address of the user,
- Date and time of the order,
- User ID (if available),
- Customer number (if available),
- Company name,
- First and last name of the orderer,
- The displayed/entered account address/delivery address or different delivery address,
- E-mail address,
- Fax number and telephone number if applicable,
- Ordered goods,
- Billing and payment information.
Payment data will be passed on to an external payment service provider when the additional payment function is used (see 3.1.2. Data transfer to external payment service providers).
The legal basis for this is the fulfillment of the contract pursuant to Art. 6 (1) b DS-GVO, i.e. you provide us with the data on the basis of the respective contractual relationship (e.g. processing of an order). In order to process your e-mail address, we are obligated, among other things, due to legal regulations of the German Civil Code (BGB), to send an electronic order confirmation, so that Art. 6 para. 1 c DS-GVO also represents the legal basis for data processing. In addition, data processing only takes place with your consent in accordance with Art. 6 para. 1 a DS-GVO.
2.5 E-mail advertising
We may - even without your express consent - send you promotional content by e-mail that includes such goods / services that are similar to those that you have already purchased from us in the past. You will be informed about the possibility of using your e-mail address for this purpose and about your right to object in this respect when you open a customer account.
The legal basis for this outlined data processing is the in § 7 paragraph 3 UWG as well as the in Art. 6 paragraph 1 f DS-GVO.
Right of objection: At the end of each e-mail, you will be given the opportunity to object to the further use of your e-mail address by us for the aforementioned purpose (advertising of comparable goods and services) in the future. In addition, you can send or inform us of your objection at any time (e.g. by e-mail to info@cls.shop).
We also offer an e-mail newsletter. The sending of a newsletter will only take place if you have consented to its receipt by providing your e-mail address. The consent text, which indicates the scope of the consent to be given, is as follows:
‘Yes, I would like to subscribe to the free CLS Cell Lines Service GmbH newsletter. (I may unsubscribe at any time.)’
To be able to ensure that no mistakes have been made when entering the e-mail address, we use the so-called double opt-in procedure (DOI procedure): After you have entered your e-mail address in the registration field and given your consent to receive the newsletter, we will send you a confirmation link to the e-mail address you provided. Only when you click on this confirmation link will your e-mail address be added to our distribution list for sending the newsletter.
The legal basis for this data processing is Art. 6 para. 1 lit. a DS-GVO.
Right of withdrawal: You have the right to withdraw your consent to not receive the newsletter for the future. You can revoke at www.cls.shop/newsletter-cancellation or at the end of each e-mail.
The recipient of the data is our service provider and e-mail host, which operates under a commissioned data agreement. The data processing takes place in the EU/EEA. A data transfer to third countries does not take place.
2.6 Links to third party websites, social media plugins, and other plugins
Websites and services of other providers linked to our website have been designed and are provided by third parties. We have no influence on the design, content, and function of these third-party services. We expressly distance ourselves from all content of all linked third-party services. Please note that the third-party services linked from our website may install their own cookies on your end device or collect personal data. We have no influence on this. If necessary, please inform yourself directly at the providers of these third-party providers.
The respective provider and responsible party can be seen via the imprint and the respective data protection notices on the corresponding websites.
By logging out of the pages of social networks beforehand and deleting cookies that have been set, you can prevent social networks from assigning the information collected about you to your user account with the respective social network during your visit. If you do not want social networks to assign the data collected via our website directly to your profile, you must log out of the corresponding social networks before visiting our website.
LinkedIn
LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). An overview of LinkedIn's plugins and their appearance can be found here: https://developer.linkedin.com/plugins; information on data protection at LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy.
3. Recipients of personal data
In this section, we once again describe the basic handling of the transfer of data and give you an overview of the processing operations for which we use service providers.
Internal recipients are only those bodies that require them for the stated purposes. We only pass on your data to external recipients if this is necessary for the handling or processing of your request or for the fulfillment of the underlying contract if there is another legal permission, or if we have your consent for this. We have already informed you about this above under 2. Regarding the individual data processing procedures. Below you will again receive an overview of possible external recipients.
3.1 Processor
For the implementation and operation of our website and the processing of your orders, we work with service providers. We have carefully selected this service provider and concluded an order processing agreement in accordance with Art. 28 (3) DS-GVO to protect your data.
3.1.1. Website service provider
The recipient of the data is our service provider and server host, who works for us under an order data agreement.
The data processing takes place in the EU/EEA. A data transfer to third countries does not take place.
3.1.2. Service provider for the shipment of goods
To be able to execute your order, logistics and transport companies are commissioned for the purpose of delivering the goods. In some cases, manufacturers and suppliers also make direct deliveries to you. We may pass on the information necessary for delivery (e.g., first name, last name, postal address, e-mail address) to these companies, which are responsible for processing the data in accordance with data protection law.
The legal basis for the data processing is Art. 6 para. 1 b DS-GVO.
3.2 Service provider for video conferences
We use the Microsoft Teams tool to conduct conference calls online meetings, video conferences and/or webinars. Microsoft Teams is a service of Microsoft Corporation. The processing is carried out on behalf of CLS by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521 Ireland.
When using "Microsoft Teams", various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an "online meeting". The following personal data is subject to processing when you use Microsoft Teams:
- IP address
- User information: username, display name, email address, profile picture, information (optional), preferred language, etc., if applicable.
- Meeting metadata: Meeting ID, attendee IP addresses, service data about the particular session and use of the system (data from devices/hardware used, operating system, time zone), phone numbers (if dialing in with phone), location, name of meeting and password from organizer if applicable, date, time and duration, activities recorded in the meeting (such as attending and leaving), including activities related to third-party integrations, along with date, time, person participating in the activity and other participants in the meeting with date, time, duration.
- Chat, audio and video data: In order for audio and video to take place, the application needs access to your microphone or video camera. You can mute or unmute them yourself at any time. Any text you enter in the chat is also processed and stored.
Microsoft Teams also uses temporary and permanent cookies:
([*.]microsoft.com
[*.]microsoftonline.com
[*.]teams.skype.com
[*.]teams.microsoft.com
[*.]sfbassets.com
[*.]skypeforbusiness.com.
For information about Microsoft's use of cookies, see Microsoft Privacy Policy - Microsoft Privacy .
We use the above and anonymized data to monitor the quality of the service and to identify possible sources of errors in the operation. Content data such as chat logs and files are not viewable.
You can disable the storage of cookies via your browser settings and delete already stored cookies in your browser at any time. However, please note that this online offer will only function to a limited extent without cookies.
The legal basis for this processing is Art. 6 (1) b DS-GVO (contract performance) and the protection of legitimate interests of us or third parties with regard to the analysis of error sources and IT security in accordance with Art. 6 (1) f DS-GVO.
Right to object: You are given the opportunity to object for the future with regard to the further use of your data in the context of error analysis in relation to the use of MS Teams us on the basis of a legitimate interest. In addition, you can send or notify us of your objection at any time (e.g. by e-mail to info@cls.shop).
Data processing takes place within the EU/EEA, as we have limited our storage location to data centers in the European Union. However, we cannot exclude that routing of data takes place via internet servers that are located outside the EU. This may be the case in particular if participants in "Online Meeting" are located in a third country. Also, in the case of support and maintenance in individual cases, as well as in the case of processing by Microsoft for business purposes, an inspection of data from the third country cannot be ruled out. The transfer to the USA depends on the function in which personal data is transferred. As the responsible party, we ourselves may transfer data to Google in the USA for further use. Currently, there is no adequacy decision according to Art. 45 DS-GVO. However, the transfer can be based on standard contractual clauses. Google has committed to comply with the standard contractual clauses for the transfer of personal data to third countries under Directive 95/46/EC (Standard Contractual Cla-ses - SCC).
For more information about the standard contractual clauses, please visit https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractuals-clauses-scc_de and https://policies.google.com/privacy/frameworks?hl=de.
If your personal data is no longer required for the above-mentioned purposes, it will be deleted on a regular basis. Anonymized log data is stored for up to 30 days for access by DATEV. Access is exclusively for the purpose of identifying system errors, troubleshooting, clarifying security issues and checking for manipulation or other misuse. It is only accessible to administrators of the M365 platform.
Chat messages sent within a team video conference can also be viewed by the participants after the 30 days. However, after 30 days, the external participant will be displayed in the chat as an "Unknown User". This means that it is no longer possible to track who wrote the chat.
3.3 Public bodies
With regard to the goods offered by us, which represent animal by-products within the meaning of the Animal By-products Act, we are required by law to keep the name, address, registration court, date of delivery and type of raw material (animal by-products) in a business register and to pass them on to the competent authority upon official request in accordance with the registration notice. The legal basis for data processing is § 9 in conjunction with Appendix 1 of the Animal By-products Ordinance.
The purpose of the data transfer is the legislator's wish to ensure traceability of the transport of animal by-products or products. The farm register is kept for the duration of the official order and then deleted.
In addition, authorities and state institutions, such as tax authorities, public prosecutors or courts, to which we (must) transfer personal data for legally compelling reasons or to protect legitimate interests. The transfer is then based on Art. 6 para. 1 c DS-GVO, insofar as we are entitled to transfer data due to legal obligations.
3.4 Transfer to recipients outside the EU/EEA in third countries
If data is transferred to entities whose registered office or place of data processing is not located in a member state of the European Union or in another state party to the Agreement on the European Economic Area, we will ensure prior to the transfer that, except in exceptional cases permitted by law, either an adequate level of data protection is in place at the recipient (e.g., through an adequacy decision of the European Commission, appropriate safeguards, or an agreement on so-called EU standard contractual clauses of the European Union (SSCs) with the recipient and the application of additional technical and legal safeguards). (e.g., by an adequacy decision of the European Commission, by appropriate safeguards or the agreement of so-called EU standard contractual clauses of the European Union (SSCs) with the recipient) and by the application of additional technical and organizational security measures, or you give your consent to the data transfer.
The basis of a data transfer to our US subsidiary, Cell Lines Service LLC, 140 N. Phillips Ave., 4th Floor, Sioux Falls, SD 57104 (USA) is a data protection agreement concluded with the company in accordance with the EU standard contractual clauses and additional technical and organizational security measures. We will disclose your data if this is necessary for the execution of contracts with your company and/or for the initiation of a business relationship with your consent.
The legal basis for data processing is Art. 6 para. 1 b DS-GVO (contract performance) and, if applicable, the protection of legitimate interests in the context of the execution of deliveries and services by CLS LLC pursuant to Art. 6 para. 1 f DS-GVO.
4. Deletion and storage period
Insofar as no information is provided on the specific storage period or deletion of the data in the description of the data processing given under 2. above, the following shall apply:
We store your personal data only as long as this is necessary for the fulfillment of the intended purposes or - in the case of consent - as long as you have not revoked your consent. In the event of an objection to processing, we will delete your personal data unless its further processing is permitted under the relevant legal provisions. We will also delete your personal data if we are obliged to do so for other legal reasons.
Applying these general principles, we will generally delete your personal data without undue delay.
- After the legal basis ceases to apply and provided that no other legal basis (e.g. commercial and tax retention periods) applies. If the latter applies, we delete the data after the other legal basis ceases to apply.
- If they are no longer required for the purposes pursued by us for the preparation and execution of a contract or legitimate interests and no other legal basis (e.g. retention periods under commercial and tax law) applies. If the latter applies, we delete the data after the other legal basis no longer applies.
- If the purpose of the collection pursued by us ceases to apply and no other legal basis (e.g. retention periods under commercial and tax law) applies. If the latter applies, we delete the data after the other legal basis ceases to apply.
5. Data subject rights
Brief summary
In connection with the processing of personal data by us, you are entitled to data subject rights. For example, you have the right to assert information with regard to the data we have stored about you. You may also revoke any consent given to us and object to individual data processing. Furthermore, you have the right to have incorrect data corrected and may request that we send you certain data in a standard electronic format. You also have the right to have the data we have stored about you deleted. Please note in this regard that we may be obliged for legal reasons to continue to store the data despite the assertion of your right to deletion. In addition, in certain constellations we have an interest in continuing to store your data that outweighs your interest in deleting it (e.g. if we still have outstanding claims against you).
5.1 Right to information and disclosure
You have the right to receive information from us about the processing of your data. For this purpose, you may assert a right of access in relation to the personal data we process about you.
5.2 Right of correction and deletion
You may request us to correct incorrect data. Insofar as the legal requirements are met, you can request the completion or deletion of your data.
This does not apply to data that is required for billing and accounting purposes or is subject to the legal obligation to retain data. However, to the extent that access to such data is not required, its processing will be restricted (see below).
5.3 Restriction of processing
You may request us - provided that the legal requirements are met - to restrict the processing of your data.
5.4 Data portability
Insofar as the legal requirements are met, you may request that data which you have provided to us be transmitted in a structured, common, and machine-readable format or - insofar as technically feasible - that the data be transmitted to a third party.
5.5 Right of objection and revocation
5.5.1. Objection to data processing on the legal basis of "legitimate interest": You have the right to object to data processing by us at any time for reasons arising from your situation, insofar as this is based on the legal basis of "legitimate interest". If you exercise your right to object, we will stop processing your data unless we can demonstrate - in accordance with the legal requirements - compelling legitimate grounds for further processing that override your rights.
5.5.2. Objection to data processing for the purpose of direct marketing: If we should process your personal data on the legal basis of "legitimate interest" to carry out direct marketing, you have the right to object to this processing at any time.
5.5.3. Revocation of consent: If you have given us consent to process your data, you can revoke this consent at any time with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected.
5.6. Right of appeal to the supervisory authority (Art. 77 DS-GVO): You have the right to file a complaint with a data protection supervisory authority. To do so, you can contact the data protection supervisory authority responsible for your place of residence or your federal state or the data protection supervisory authority responsible for us:
6. Data security
We use an encrypted connection via TLS protocol for data transmission via our online contact form. Your data transmitted to us is confidential, authentic and integrity-protecting via end-to-end data transmission. As a rule, this involves 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data, against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
To contact you by e-mail and to protect your personal data, we send e-mails in transport-encrypted form, provided your mail server supports this. To ensure the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL) via HTTPS.
7. Up-to-dateness and modification of this data protection notice
This privacy policy is currently valid and has the status September 2022.
Due to the further development of our website and the expansion and/or restriction of our offers or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. You should therefore review this privacy statement from time to time to stay informed about how we are protecting your data.