Data protection


Our websites are operated in accordance with the principles set out below:

We undertake to comply with the statutory data protection regulations and endeavour to always take into consideration the principles of data avoidance and data minimisation.

1. Name and address of the controller and of the data protection officer

a)

The controller, as described in the General Data Protection Regulation (GDPR) and in other national data protection laws of the EU member states and in other data protection regulations, is:

Laboklin GmbH & Co. KG
represented by Laboklin Verwaltungs-GmbH which in turn is
represented by the managing director Dr Elisabeth Müller
Steubenstr. 4
97688 Bad Kissingen
Germany
Tel.: 0971/ 72020
Fax: 0971/ 68546
E-Mail: info[at]laboklin.com
Website: www.laboklin.com

b)

The controller’s data protection officer is

SiDIT GmbH
Lisa Scheblein
Unterdürrbacherstr. 8
97080 Würzburg
Germany
Tel.: 0931 / 41726241
Fax: 0931 / 3598711
E-Mail: info[at]sidit.de
Website: https://sidit.de/

2. Definitions

We prepared our privacy notice in accordance with the principles of unambiguity and transparency. For any questions relating to the use of the terms herein, please refer to the definitions at this link [https://dsgvo-gesetz.de/art-4-dsgvo/]

3. Legal basis for the processing of personal data

We shall not process your personal data such as your forename and surname, your e-mail address and IP address, unless there is a legal basis for such processing. In accordance with the General Data Protection Regulation, this includes, without limitation, three items:

a) You gave your consent to the processing of your personal data for one or several purposes, Article 6, para. 1, clause 1, lit. a of the GDPR. In this case, we will inform you in detail of the purpose(s) for which your data will be processed and we will document your express consent thereto.

b) The processing of your personal data is required for the performance of a contract or in order to take steps at your request prior to entering into a contract, Article 6, para. 1, clause 1, lit. b of the GDPR.

c) Processing of your personal data is necessary for the purposes of our legitimate interests, except where such interests are overridden by your interests or your fundamental rights and freedoms, Article 6, para. 1, clause 1, lit. f of the GDPR.

However, we will inform you in each case of the legal basis on which your personal data will be processed.

4. Transfer of personal data

We will not transfer your personal data to any third party for any purpose other than for the purposes listed hereinafter. We will not transfer your personal data to any third party unless:

a) you gave your express consent in accordance with Article 6, para. 1, clause 1, lit. a of the GDPR;

b) processing is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that you have compelling legitimate grounds to prohibit such transfer of your data in accordance with Article 6, para. 1, clause 1, lit. f of the GDPR;

c) there is a legal obligation to transfer such data in accordance with Article 6, para. 1, clause 1, lit. c of the GDPR;

d) the transfer of the data is legally admissible and required for the processing of a contract with you in accordance with Article 6, para. 1, clause 1, lit. b of the GDPR.

5. Term of storage and erasure

We shall store all personal data you transmit to us for as long as they are required in order to fulfil the purpose for which they were transferred or for as long as legally required. After fulfilment of the purpose and/or expiry of the legal storage periods, such data will be erased or made inaccessible.

6. SSL encryption

For security reasons and for the protection of confidential contents, e.g. the requests you send us, this website uses SSL encryption. You will know that a connection is encrypted when the address bar of your browser changes from „http://" to „https://" and when the lock symbol appears in your browser bar.

Once SSL encryption is activated, the data you send to us cannot be read by any third party.

7. Collection and storage of personal data, type of data and purpose for which they are used

a) When you visit our website

When you visit our website, the browser you use on the end-device automatically sends information to our website's server. Such information will be temporarily stored in a so-called logfile. The following information will be automatically collected and stored until it is automatically erased:

• your IP address;

• date and time of access;

• name and URL of the file you retrieved;

• website from which you accessed our website (referrer URL);

• the browser you used and the operating system of your computer and the name of your access provider.

We will process the above-stated information for the following purposes:

• in order to guarantee a smooth connection with our website;

• in order to guarantee that you can comfortably use our website;

• in order to analyse system security and system stability;

• for other administrative purposes.

Data based on which you may be identified, such as your IP address, will be erased after 7 days at the latest. Data that we store beyond such period of time will be pseudonymised so that they cannot be allocated to you personally anymore.

The legal basis for the processing of such data is Article 6, para. 1, clause 1, lit. f of the GDPR. Our legitimate interest is based on the above-listed purposes of data processing. In no event will we use the collected data in order to draw any conclusions about you personally.

b) Contractual relationship

aa) Conclusion of contract

Only the personal data that are strictly mandatory for the establishment of a contractual relationship shall be processed for such purpose in accordance with Article 6, para. 1, clause 1, lit. b of the GDPR.

Any voluntary information you furnish will be processed on the basis of the consent you gave in accordance with Article 6, para. , clause 1, lit. a of the GDPR. We will use such voluntary information in order to offer and continually improve customer-friendly service.

bb) Customer account

You may set up a customer account with us. For such purpose, we will store and process your personal data required for contract processing and the data you voluntarily provide as well as the purchases you made in the past. You may access your purchasing history at any time. Such data will enable you to log in to our website for your next purchase with your login data and to control your purchasing activities.


The legal basis is your consent in accordance with Article 6, para. 1, clause 1, lit. a of the GDPR.

You may change or erase your data within the customer account at any time or erase your entire customer account. In the latter case, your customer account including any and all data contained therein will be erased immediately.

cc) Transfer of data for shipping

We will pass on to the relevant shipment service provider the data required for the shipment of our goods (forename and surname, address, e-mail address, telephone number – to the extent required for cargo shipments) for delivery notifications, delivery arrangements and for the delivery of the goods.

The legal basis for the transfer of such data is Article 6, para. , clause 1, lit. b of the GDPR.

For such purpose, we will pass on your data to one of the following shipment service providers. For more information on the processing of your data, please contact the relevant provider.

DHL

DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany,
Telephone: +49/ (0) 228/ 18 20, E-mail: impressum.paket[at]dhl.com;
https://www.dhl.de/de/toolbar/footer/datenschutz.html

Hermes

Hermes Germany GmbH, Essener Str. 89, D-22419 Hamburg, Germany,
Tel.: +49 / 40 / 53755 – 0, Fax.: +49 / 40 / 53754 – 870, zentrale[at]hermesworld.com;
https://www.myhermes.de/datenschutz/

DPD

DPD Deutschland GmbH, Wailandtstr. 1, 63741 Aschaffenburg, Germany,
info[at]dpd.com, Tel. +49(0)6021 843-0;
https://www.dpd.com/de/siteutilities/data_protection

GLS

General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Str. 1 – 7, 36286 Neuenstein, Germany,
+49(0)6677-646907000, service@gls-germany.com: https://gls-group.eu/DE/de/datenschutz-standard

dd) Transfer of data when using online payment service providers

Should you decide to use the services of one of the online payment service providers we offer for your order, your contact data will be transferred to that provider in connection with your order. Such transfer of data is legitimate in accordance with Article 6, para. , clause 1, lit. b of the GDPR in order to realise the payment method you selected and in accordance with our legitimate interests in accordance with Article 6, para. , clause 1, lit. f of the GDPR in order to facilitate a user-friendly and easy payment process.

The personal data transferred to the online payment service provider usually include forename, surname, address, telephone number, IP address, e-mail address or other data required for order processing as well as data in relation to your order such as number of items, item number, invoice amount and taxes in percent, invoice information, etc.

The transfer of these data is required for the processing or your order and for the payment method you selected, including without limitation in order to confirm your identity, to process your payment and to maintain the customer relationship.

Please note: The online payment service provider may transfer your personal data to service providers, sub-contractors or other affiliated companies to the extent necessary to fulfil the contractual obligations resulting from your order or your personal data may be subject to commissioned data processing.

Depending on the payment method you selected, e.g. invoice or direct debit, the personal data transferred to the service provider will be further transferred to credit agencies in order to check your identity or creditworthiness in relation to your order. For more information on the credit agencies and on the data the service provider will collect, process, store and transfer, please refer to the relevant service provider’s privacy notice.

PayPal

PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

c) Newsletter

Newsletter contents and subscription data

We will not send our newsletter to you unless you subscribe to it and give your consent in accordance with Article 6, para. ,clause 1, lit. a of the GDPR. The contents of the newsletter will be described in more detail upon subscription. For the subscription to our newsletter, you will only have to state your e-mail address. Any additional voluntary information such as your name and/or sex you provide will only be used to address you personally in such newsletter.

Double opt-in and logs

For security reasons, in order to prevent anyone from subscribing to our newsletter with a false e-mail address, we employ the so-called double opt-in process. This means that after you subscribe to our newsletter, you will receive an e-mail with the request to please confirm your subscription. Only upon such confirmation will your subscription be valid.

In addition, your subscription to our newsletter will be logged. This includes storage of the date and time of confirmation, the data you provided and your IP address. Any changes you make to your data will be logged as well.

Withdrawal

f you do not wish to receive our newsletter anymore, you may withdraw your consent at any time with future effect. For such purpose, please use the unsubscribe link at the end of any newsletter or send an e-mail to the following e-mail address: info[at]laboklin.com

The withdrawal of your consent shall not affect the legality of the processing of your data based on your consent up to the time of your withdrawal.

Use of rapidmail

We use rapidmail (rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany), in order to send our newsletter. Therefore, your data will be transmitted to rapidmail GmbH. rapidmail GmbH is prohibited from using your data for any purpose other than sending the newsletter. rapidmail GmbH is not allowed to transfer or sell your data. rapidmail is a German certified newsletter software provider that was carefully selected in accordance with the requirements of the GDPR and of the Federal Data Protection Act.

We concluded a commissioned data processing contract with rapidmail.

For more information on rapidmail’s data protection process, please click hier. [https://www.rapidmail.de/datenschutzbestimmungen]

The use of the newsletter service provider rapidmail GmbH is based on our legitimate interests in accordance with Article 6, para. 1, clause 1, lit. f of the GDPR. Our interest includes the use of a user-friendly and secure newsletter system that serves our business interests and fulfils the users’ requirements.

d) Contact form / e-mail contact

On our website, we provide you with a form with which you may contact us at any time. When you use the contact form, you must state your name, so that we can address you personally, and a valid e-mail address, so that we know where the request comes from and in order to enable us to process your request.

If you send a request via the contact form, the data you state in the contact form, including the stated contact data and your IP address, will be processed in accordance with Article 6, para. , clause 1, lit. b and lit. f of the GDPR to take steps at you request prior to entering into a contract and/or based on our legitimate interests, i.e. the execution of our business activities.

You may also send an e-mail using the e-mail address stated on our website. In this case, we will store and process your e-mail address and the information you provide in the e-mail in order to process your request in accordance with Article 6, para. , clause 1, lit. b and lit. f of the GDPR.

Your requests as well as any related data will be erased three months after receipt unless they are required for another contractual relationship.

e) Google Fonts

On our websites we use Google Fonts, which facilitates the use of fonts. Google Fonts is a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, California, 94043, USA). Google Fonts is embedded by a server connection, generally one of Google’s servers in the USA. The following data may be transferred to and stored by Google:

• name and version of your browser;

• website from which the request was initiated (referrer URL);

• operating system of your computer;

• screen resolution of your computer;

• your IP address;

• language settings of your browser and/or operating system.


For more information, please refer to Google’s privacy notice at:

www.google.com/fonts#AboutPlace:about

www.google.com/policies/privacy/

By using Google Fonts, we would like to make it easier and more agreeable for you to read our website, therefore the basis is our legitimate interest in accordance with Article 6, para. , clause 1, lit. f of the GDPR.

8. Cookies

We use cookies on our website. Cookies are small data files that are automatically created by your browser and that are stored on your end-device when you visit our website. Cookies are to store information in relation to the end-device, but cannot identify you personally.

The data processed by cookies are required for the stipulated purposes for the protection of our legitimate interests and those of third parties in accordance with Article 6, para. , clause 1, lit. f of the GDPR.

Most browsers accept cookies automatically due to the browser setup. However, you may change the setup of your browser so that either no cookies are stored on your end-device at all or that a notification is shown before a new cookie is stored. If you fully deactivate the cookie function on your browser you may not be able to fully use all functions on our website.

Below, we describe the individual types of cookies we use.

a) Session-Cookies

In order to make the use of our website more agreeable, we use so-called session cookies in order to be able to detect that you already visited individual pages of our website.

Session cookies will be automatically erased after you leave our website.

b) Temporary cookies

We also use cookies that enable us to recognise you when you visit our website again and use our services. This means you do not have to make all entries and settings again that you made last time.

Such temporary cookies will be stored on your end-device for a specific pre-determined period of time.

c) Cookies for marketing and optimisation purposes

We also use cookies for marketing and optimisation purposes. Such cookies record statistical data on the use of our website and will be analysed so that we can optimise our website for you. Cookies recognise your internet browser if you visit our website again.

These cookies will be erased automatically after a pre-defined period of time.

9. Rights of data subjects

You have the following rights:

a) Information

In accordance with Article 15 of the GDPR, you are entitled to demand information on your personal data we process. This right to demand information refers to information on:

• the processing purposes;

• the categories of personal data;

• the recipient or categories of recipients to which your data are or will be disclosed;

• the planned storage period or at least the criteria in accordance with which the storage period is stipulated;

• the existence of the right to demand rectification, erasure, limitation of processing or of the right to object;

• the existence of the right to lodge a complaint with a supervisory authority;

• the origin of your personal data to the extent they were not collected by us;

• whether there is automated decision-making including profiling and if so, clear details relating thereto.

b) Rectification

In accordance with Article 16 of the GDPR, you have the right to demand immediate rectification or incorrect or incomplete personal data stored by us.

c) Erasure

In accordance with Article 17 of the GDPR, you are entitled to demand that we immediately erase your personal data unless the processing of such data is required for any of the following reasons:

• for exercising the right of freedom of expression and information;

• for compliance with a legal obligation which requires processing by Union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

• for reasons of public interest in the area of public health in accordance with lit. (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;

• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing;

• for the establishment, exercise or defence of legal claims.

d) Right to restriction of processing

In accordance with Article 18 of the GDPR, you are entitled to demand the restriction of processing of your personal data for any of the following reasons:

• the accuracy of the personal data is contested by you;

• the processing is unlawful and you oppose the erasure of the personal data;

• we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;

• you have objected to processing pursuant to Article 21, para. 1 of the GDPR.

e) Information

If you demanded rectification or erasure of your personal data or the restriction of processing in accordance with Articles 16, 17, para. 1, and Article 18 of the GDPR, we shall communicate this to each recipient to whom the personal data have been disclosed unless this proves impossible or involves excessive effort. You are entitled to demand that we inform you of these recipients’ identity.

f) Portability

You are entitled to receive your personal data you disclosed to us, in a structured, commonly-used and machine-readable format and you have the right to demand that we transmit those data to a third party to the extent automated processes were used for the processing thereof and the processing was based on your consent in accordance with Article 6, para. 1, clause 1, lit. a or Article 9, para. 2, lit. a or on a contract concluded in accordance with Article 6, para. 1, clause 1, lit. b of the GDPR.

g) Withdrawal

In accordance with Article 7, para. 3 of the GDPR, you are entitled to withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal. Thereafter, we are prohibited from processing your data that are subject to your withdrawn consent.

h) Complaint

In accordance with Article 77 of the GDPR, you are entitled to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data infringes the GDPR.

i) Objection

To the extent your personal data are processed based on legitimate interests in accordance with Article 6, para. 1, clause 1, lit. f of the GDPR, you are entitled, in accordance with Article 21 of the GDPR, to object to the processing of your personal data on grounds relating to your particular situation or to the extent your objection relates to direct marketing. In the latter case, you have a general right to object and we will comply without any reasons relating to your particular situation. If you would like to assert your withdrawal or objection rights, please send an e-mail to: info[at]laboklin.com

j) Automated decision-making in the individual case, including profiling

You are entitled to refuse to be subjected to a decision that is exclusively based on automated processing (including profiling), if such decision is to be legally binding for you or will otherwise materially affect you. This shall not apply if such decision:
i) is required for the conclusion or performance of a contract between you and us;

ii) is admissible based on European Union or its member states’ laws which we are subject to and such laws contain suitable measures to protect your rights and freedoms and you legitimate interests;

iii) is made with your express consent.

However, such decisions must not be based on special categories of personal data as described in Article 9, para. 1 of the GDPR unless Article 9, para. 2, lit. a or lit. g of the GDPR applies and suitable measures were taken to protect your rights and freedoms and your legitimate interests.

In the cases stipulated in i) and iii), we will take suitable measures in order to protect your rights and freedoms and your legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.

10. Changes of the privacy policy

Any changes to this privacy policy will be stipulated on our website and registered customers will be informed via e-mail.

Version of 16 May 2018 
Conditions of Use | Data protection GDPR documents |  Imprint |  Site Map
©2018 by webDa Medien GmbH