antibodies-online GmbH ("antibodies-online" or "we") takes the protection of your personal data very seriously. The privacy policy set out below informs you which personal data we collect and how it is processed.
Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. This typically includes a name, email address, or telephone number. However, purely technical data that can be associated with a person is also considered personal data.
Scope
This privacy policy applies to all services of antibodies-online GmbH offered under the following domains:
- www.antibodies-online.com
- www.anticorps-enligne.fr
- www.antibodies-online.cn
- www.genomics-online.com
Unless otherwise stated, this privacy policy exclusively governs how antibodies-online handles your personal data. In the event that you make use of services provided by third parties, only the privacy policies of those third parties shall apply. antibodies-online does not review the privacy policies of third parties.
Controller
antibodies-online GmbH
Schloß-Rahe-Str. 15
52072 Aachen
Contact details of our Data Protection Officer:
datenschutz@antikoerper-online.de or
privacy@antibodies-online.com
Your Rights
Upon request, you have the right to receive information free of charge about the personal data stored concerning you. In addition, you have the right to have inaccurate data corrected, the right to request restriction of processing where data has been processed excessively, and the right to deletion of unlawfully processed personal data or personal data stored for too long (unless statutory retention obligations or other reasons pursuant to Art. 17 (3) GDPR prevent deletion). Furthermore, you have the right to receive all data you have provided to us in a commonly used file format (right to data portability).
Where you also have a right to object to processing with regard to individual procedures, we will point this out in the description of the relevant procedure.
To exercise your rights, simply send an email to datenschutz@antikoerper-online.de or privacy@antibodies-online.com.
You also have the right to lodge a complaint with a data protection supervisory authority.
Voluntary Provision of Data
As a rule, you are not obliged to provide personal data on this website.
General Information on Data Storage
Your entries and the data transmitted to us are stored on specially protected servers. Access to these servers and the data they contain is only granted to a small number of specially authorized persons who are responsible for the technical or editorial administration of the web servers. These persons have been obliged in their employment or service contracts to comply with the necessary statutory provisions (including the German Federal Data Protection Act (BDSG) and the EU General Data Protection Regulation (GDPR)).
General information on essential and non-essential cookies Cookies are text files that are stored in a computer system via an internet browser. Many websites and servers use cookies. Cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by means of which websites and servers can assign the specific internet browser in which the cookie was stored. This enables visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies.
A specific internet browser can be recognized and identified via the unique cookie ID. In accordance with the provisions of the European General Data Protection Regulation (GDPR) and the applicable legal requirements, we use non-essential cookies and comparable technologies only to the extent permitted in each case, in particular on the basis of corresponding consent where such consent is required. More detailed information on the cookies and technologies specifically used can be found in our cookie settings and/or cookie banner.
According to the current definition, essential cookies are those cookies required by our web systems for the operation of the website. As already mentioned, essential cookies enable our web servers to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, a website user who uses cookies does not have to re-enter login credentials each time they access the website, because these are taken over by the website and the cookie is thus stored on the user’s computer system. Another example is the cookie of a shopping cart in an online store. The online store uses a cookie to remember the items a customer has placed in the virtual shopping cart.
You can prevent the setting of essential cookies by our websites at any time by means of an appropriate setting in the internet browser used and thus permanently object to the setting of essential cookies. Furthermore, essential cookies already set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If you deactivate the setting of essential cookies in the internet browser used, not all functions of our website may be fully usable under certain circumstances.
Overview of Processing Activities
- Purchase of products
- Information, news, and product recommendations
- Contacting us
- Server log files
- Use of CDN
- You Tube
- Microsoft Azure cloud computing
- Google reCaptcha
- Google Tag Manager
- Google Analytics
- Google Ads
- Google Ads Conversion Tracking
- Stripe
- Microsoft Clarity
- Additional service providers
Purchase of Products
We use the data you provide to us (in particular your name, age, email address, and payment information) for the sale of the products we offer.
Legal basis
The processing of the above-mentioned data is based on Art. 6 (1) lit. b GDPR. This legal basis permits the processing of personal data for the purpose of performing a contract.
Duration of Data Storage
The above-mentioned data will be deleted 10 years after the end of the year in which the contract was concluded and payment was made, due to the statutory commercial and tax retention periods pursuant to Sections 147 AO and 257 HGB.
Information, News, and Product Recommendations
You will receive information, news, and product recommendations by email if you have actively subscribed to this function.
You may object to the use of your email address for the sending of information, news, and product recommendations at any time without incurring any costs other than the transmission costs according to the basic rates. We will also remind you of this each time we use your email address for this purpose. To do so, simply send an email to datenschutz@antikoerper-online.de or privacy@antibodies-online.com or use the “unsubscribe” link in every email.
For the sending of and evaluation of the success of our emails, we use SendGrid as an external service provider:
Sendgrid Inc.
1801 California Street
Suite 500
Denver, CO 80202
USA
A transfer of personal data to the USA cannot be ruled out. Insofar as SendGrid is certified under the EU-US Data Privacy Framework (DPF), the data transfer is based on the adequacy decision of the European Commission. Where no certification exists, the transfer is based on the European Commission’s Standard Contractual Clauses and, where applicable, supplementary measures to ensure an adequate level of data protection.
Your email address will not be disclosed to third parties in any other way.
Legal basis
The sending of emails is based on your consent pursuant to Art. 6 (1) lit. a GDPR.
Duration of Data Storage
Your email address will be used for sending emails until you withdraw your consent.
Contacting Us
When you contact us (for example by email or by using the contact form), the information you provide will be processed for the purpose of handling the inquiry and in case follow-up questions arise.
Legal basis
The information provided when contacting us is processed on the basis of Art. 6 (1) lit. f GDPR. This legal basis permits the processing of personal data within the framework of the controller’s “legitimate interest”, provided that your fundamental rights, freedoms, or interests do not override this. Our legitimate interest lies in processing the contact request. You may object to this data processing at any time if there are reasons relating to your particular situation that speak against the data processing. To do so, simply send an email to datenschutz@antikoerper-online.de or privacy@antibodies-online.com.
Duration of Data Storage
The personal data stored in the course of contacting us will be deleted once the matter connected with the contact has been fully clarified and it is no longer to be expected that the specific contact will be relevant again in the future.
Server Log Files
Each time the website is accessed, we automatically collect a series of technical data, some of which constitutes personal data. These are:
- IP address of the user
- Name of the website or file accessed
- Date and time of access
- Amount of data transferred
- Message indicating successful retrieval
- Browser type and version
- User’s operating system
- User’s device, including MAC address
- Referrer URL (i.e. the previously visited page)
This data is not merged with other personal data that you actively provide as part of your use of the website. We collect server log files for the purpose of administering the website and being able to detect and defend against unauthorized access.
Legal basis
The personal data in log files is processed on the basis of Art. 6 (1) lit. f GDPR. This legal basis permits the processing of personal data within the framework of the controller’s “legitimate interest”, provided that your fundamental rights, freedoms, or interests do not override this. Our legitimate interest lies in easier administration and the possibility of detecting and tracing hacking attempts. You may object to this data processing at any time if there are reasons relating to your particular situation that speak against the data processing. To do so, simply send an email to datenschutz@antikoerper-online.de or privacy@antibodies-online.com.
What are IP addresses?
IP addresses are assigned to every device (e.g. smartphone, tablet, PC) connected to the internet. Which IP address this is depends on the internet access through which your device is currently connected to the internet. This may be the IP address assigned to you by your internet service provider, for example when you are connected to the internet at home via Wi-Fi. However, it may also be an IP address assigned to you by your mobile phone provider or the IP address of a provider of a public or private Wi-Fi network or other internet access. In its most common current form (IPv4), the IP address consists of four blocks of digits. As a private user, you will usually not use a constant IP address, since this is only temporarily assigned to you by your provider (so-called “dynamic IP address”). In the case of a permanently assigned IP address (so-called “static IP address”), a clear assignment of user data is in principle more easily possible. Except for the purpose of tracing impermissible access to our website, we generally do not use this data on a personal basis, but only evaluate it on an anonymized basis, for example to determine which of our websites are preferred, how many accesses occur daily, and similar information.
Our website already supports the new IPv6 addresses. If you already use an IPv6 address, you should also know the following: the IPv6 address consists of eight blocks of four characters. The first four blocks, as with the entire IPv4 address, are typically assigned dynamically for private users. However, the last four blocks of an IPv6 address (the so-called “interface identifier”) are determined by the device you use to browse the website. Unless configured otherwise in your operating system, the so-called MAC address is used for this purpose. The MAC address is a kind of serial number that is assigned uniquely to every IP-capable device worldwide. We therefore do not store the last four blocks of your IPv6 address. In general, we recommend that you activate the so-called “privacy extensions” on your device in order to better anonymize the last four blocks of your IPv6 address. Most common operating systems have a “privacy extensions” function, although in some cases it is not enabled by default.
Duration of Data Storage
The server log files containing the above-mentioned data are automatically deleted after 30 days. We reserve the right to store server log files for a longer period if facts exist that suggest unlawful access (such as an attempted hack or a so-called DDoS attack). We store anonymized and aggregated data from the server log files permanently for statistical purposes.
Use of CDN
To secure our websites and optimize loading times, we use CDNs (Content Delivery Networks). Therefore, all requests, especially the visitor’s IP address, are also routed to the servers of the CDN providers and consolidated there into statistics that cannot be deactivated. We use CDN services provided by DataCamp Limited, 207 Regent Street, London, UK. We have concluded a data processing agreement with this company to ensure that user data is used exclusively in accordance with legal requirements.
Legal basis
We base the processing of personal data by our CDNs on Art. 6 (1) lit. f GDPR. This legal basis permits the processing of personal data within the framework of the controller’s “legitimate interest”, provided that your fundamental rights, freedoms, or interests do not override this. Our legitimate interest lies in the technical optimization and data security of our websites.
Youtube
We integrate components (videos) of the video hosting service YouTube provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") into our websites. We use components (videos) of YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ("YouTube"), a company of Google Inc., headquartered at Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"), on our websites. This is implemented on the basis of Art. 6 (1) lit. f GDPR; in this case, our legitimate interest lies in the smooth integration of videos and the appealing design of our website. We use the "enhanced privacy mode" option provided by Google. When you access a page that contains an embedded video, a connection to the Google servers is established and the content is displayed on the website by way of a notification to your browser.
According to Google, in "enhanced privacy mode" your data – in particular which of our webpages you have visited and device-specific information including the IP address – is only transmitted to Google servers in the USA when you watch the video. By clicking on the video, you consent to this transmission.
If you are logged in to Google at the same time, this information will be assigned to your Google member account. You can prevent this by logging out of your member account before visiting our website. In some cases, information is transmitted to the parent company Google Inc. in the USA, to other Google companies, and to Google’s external partners, which may each be located outside the European Union. Insofar as personal data is transferred to the USA, such transfer takes place on the basis of the EU-US Data Privacy Framework, provided that the respective recipient is certified accordingly. Where no certification exists, the transfer is based on the European Commission’s Standard Contractual Clauses and, where applicable, supplementary measures.
Further information on data protection in connection with YouTube can be found in Google’s privacy policy (https://policies.google.com/privacy?hl=en&gl=de).
Microsoft Azure Cloud Computing
Some of our landing pages use functions of the Azure cloud computing platform provided by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). When a page is accessed, the visitor’s IP address is transmitted to Microsoft’s systems. This transmission is necessary so that the landing pages hosted on Microsoft’s systems can be displayed in your browser. Landing pages are special pages that we tailor specifically to your needs and that are intended to facilitate your entry to our websites.
Legal basis
We base the processing of personal data by Microsoft on Art. 6 (1) lit. f GDPR. This legal basis permits the processing of personal data within the framework of the controller’s “legitimate interest”, provided that your fundamental rights, freedoms, or interests do not override this. Our legitimate interest lies in being able to design our marketing measures optimally according to the interests and wishes of our users.
A transfer of personal data to the USA cannot be ruled out. Insofar as Microsoft is certified under the EU-US Data Privacy Framework (DPF), the data transfer is based on the adequacy decision of the European Commission. Where no certification exists, the transfer is based on the European Commission’s Standard Contractual Clauses and, where applicable, supplementary measures to ensure an adequate level of data protection.
Use of Google reCaptcha
We use the Google service reCaptcha to determine whether a human being or a computer is making a certain entry in our contact forms. Google checks the following data to determine whether you are a human or a computer: the IP address of the device used, the website you visit on our site and on which the captcha is embedded, the date and duration of the visit, the identification data of the browser and operating system type used, your Google account if you are logged into Google, mouse movements on the reCaptcha areas, and tasks in which you have to identify images.
Legal basis:
For the use of the function pursuant to Art. 6 (1) lit. f GDPR, we have a legitimate interest in ensuring the security of our websites. With the help of Google reCaptcha, we protect our websites against automated inputs (e.g. bot attacks) that may serve to manipulate our servers or to steal product information that is only accessible via login.
A transfer of personal data to the USA cannot be ruled out. Insofar as Google is certified under the EU-US Data Privacy Framework (DPF), the data transfer is based on the adequacy decision of the European Commission. Where no certification exists, the transfer is based on the European Commission’s Standard Contractual Clauses and, where applicable, supplementary measures to ensure an adequate level of data protection.
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or carry out any independent analyses. It merely serves to manage and deploy the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transmitted to Google’s parent company in the United States.
The use of Google Tag Manager is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Insofar as personal data is transferred to the USA, such transfer takes place on the basis of the EU-US Data Privacy Framework, provided that Google is certified accordingly. Where no certification exists, the transfer is based on the European Commission’s Standard Contractual Clauses and, where applicable, supplementary measures. Further information is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
Google Analytics
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, time spent on the site, operating systems used, and origin of the user. These data are combined into a user ID and assigned to the respective end device of the website visitor.
In addition, we may use Google Analytics to record, among other things, your mouse and scroll movements and clicks. Google Analytics also uses various modeling approaches to supplement the collected data records and applies machine-learning technologies in data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google regarding the use of this website is generally transmitted to a Google server in the USA and stored there.
This service is used on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent may be revoked at any time.
Insofar as personal data is transferred to the USA, such transfer takes place on the basis of the EU-US Data Privacy Framework, provided that Google is certified accordingly. Where no certification exists, the transfer is based on the European Commission’s Standard Contractual Clauses and, where applicable, supplementary measures. Details on the Standard Contractual Clauses can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
IP Anonymization
Google Analytics IP anonymization is activated. As a result, your IP address is truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide further services related to website and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.
Browser Plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Google Signals
We use Google Signals. When you visit our website, Google Analytics records, among other things, your location, search history, YouTube history, and demographic data (visitor data). These data can be used with the help of Google Signals for personalized advertising. If you have a Google account, Google Signals visitor data is linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.
Google Analytics E-Commerce Measurement
This website uses the “E-Commerce Measurement” function of Google Analytics. With the help of e-commerce measurement, the website operator can analyze the purchasing behavior of website visitors in order to improve its online marketing campaigns. Information such as completed orders, average order values, shipping costs, and the time from viewing to purchasing a product is collected. These data can be summarized by Google under a transaction ID that is assigned to the respective user or their device.
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed on the basis of user data available to Google (e.g. location data and interests) (audience targeting). As the website operator, we can evaluate these data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.
This service is used on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent may be revoked at any time.
Insofar as personal data is transferred to the USA, such transfer takes place on the basis of the EU-US Data Privacy Framework, provided that Google is certified accordingly. Where no certification exists, the transfer is based on the European Commission’s Standard Contractual Clauses and, where applicable, supplementary measures. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.
Google Conversion-Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google Conversion Tracking, Google and we can recognize whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly often. This information is used to compile conversion statistics. We learn the total number of users who clicked on our ads and which actions they carried out. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.
This service is used on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR and Section 25 (1) TDDDG. Consent may be revoked at any time.
More information on Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Insofar as personal data is transferred to the USA, such transfer takes place on the basis of the EU-US Data Privacy Framework, provided that Google is certified accordingly. Where no certification exists, the transfer is based on the European Commission’s Standard Contractual Clauses and, where applicable, supplementary measures. Further information is available at the following link: https://www.dataprivacyframework.gov/participant/5780.
Stripe
We use the services of Stripe Payments Europe, Ltd., The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland ("Stripe") to process payments. In connection with processing payment of the remuneration, we do not store any credit card information. Rather, credit card data or bank details are transmitted directly to Stripe. For more information on data processing by Stripe, please refer to Stripe’s privacy policy at https://stripe.com/en-IT/privacy. Further information relevant to data protection and international data transfers can be found here: https://stripe.com/privacy-center/legal#data-transfers
The legal basis for the data processing associated with the use of Stripe is Art. 6 (1) lit. b GDPR.
Stripe collects additional data for its own purposes, such as fraud prevention, the further development of its products, and marketing purposes. This includes, in particular, technical usage data (IP address, device identifiers, or information about the operating system).
Insofar as personal data is transferred to the USA, such transfer takes place on the basis of the EU-US Data Privacy Framework, provided that Stripe is certified accordingly. Where no certification exists, the transfer is based on the European Commission’s Standard Contractual Clauses and, where applicable, supplementary measures.
After completion of the payment process, Stripe informs us of receipt of payment and we store the information regarding the receipt of payment as well as the details of the ordered shopping cart and the remuneration, together with the chosen payment method in connection with your antibodies-online purchase, in order to be able to assign and verify received payments and to dispatch your ordered goods and manage them in your antibodies-online account. Information about completed payments is retained for accounting reasons together with the registration data for a period of ten years. The legal basis for this retention is Art. 6 (1) lit. c GDPR in conjunction with Section 257 HGB and Section 147 AO.
Microsoft Clarity
This website uses Microsoft Clarity, a web analytics service provided by Microsoft Corporation. Microsoft Clarity uses technologies that enable an analysis of the use of our website (e.g. cookies and session recording technologies). Among other things, mouse movements, clicks, and scrolling behavior are recorded in order to create heatmaps and usage analyses.
The use of Microsoft Clarity is based on your consent pursuant to Art. 6 (1) lit. a GDPR. Consent may be withdrawn at any time with effect for the future.
The information collected may be transmitted to and stored on Microsoft servers. A transfer to the USA cannot be ruled out. Insofar as Microsoft is certified under the EU-US Data Privacy Framework (DPF), the data transfer is based on the adequacy decision of the European Commission. Where no certification exists, the transfer is based on the European Commission’s Standard Contractual Clauses and, where applicable, supplementary measures to ensure an adequate level of data protection.
Further information on data protection at Microsoft can be found at: https://privacy.microsoft.com/
Additional service providers
Our websites may use additional tools and providers to provide technical functions and services for our visitors. Personal data may be transmitted to these providers where strictly necessary. We ensure that a data processing agreement has been concluded with each of these providers to ensure that all transmitted data is stored, processed, and deleted upon request exclusively in compliance with applicable law.
