Privacy policy
Status: December 2021
Thank you for visiting our website and for your interest in our company. nanoTools is a science driven, product and customer-oriented company providing monoclonal antibody development services and products. Besides providing individually tailored custom solutions, the company develops, manufactures and markets phosphorylation and modification - state specific monoclonal antibodies and other innovative reagents for Cell Biology, Signal Transduction, Autophagy and Alzheimer research, high throughput screening (HTS) and proteomics. To Pharma and Biotech customers, we offer large antibody libraries directed to therapeutically relevant target proteins as a basis for the development of therapeutic antibodies for licensing.
In the following, we inform you in accordance with the applicable national and European data protection regulations about the type and scope of the personal data that we collect in the context of
- of your visit to our website,
- the order in our webshop,
- of contact,
(hereinafter collectively "Website"), for what purposes we use this data, on which legal basis we process data as well as your rights as a data subject.
A. General
1. person in charge
Responsible for data protection in the sense of Art. 4 No. 7 GDPR (General Data Protection Regulation):
nanoTools Antikörpertechnik GmbH & Co KG Tscheulinstr. 21, 79331 Teningen, Germany
registered at the AG Emmendingen HRA 1041
personally liable partner: nanoTools Antikörpertechnik Verwaltungs GmbH
Registered office Teningen, registered at AG Emmendingen HRB 1182
Managing Director: Dr. Petra Schüßler VAT ID No.: DE163481175
Tel. +49 - (0)7641 - 455 670
Fax: +49 - (0)7641 - 455 671
email: info@nanotools.de
Website: http://www.nanotools.de
hereinafter referred to as "nanoTools", "we" or "us". Further information about the provider can be found in our imprint.
2. types of data processed, categories of data subjects
2.1 Nature of the data processed
- Master data (e.g., customer master data, such as names, addresses)
- Account data (login, PW # hash)
- Contact details (e.g., email, phone numbers)
- Communication data and history
- Contract data (e.g., offers, order, subject of contract, customer category)
- Payment data (e.g., bank details, credit card information, payment history)
- CRM data, especially customer history and customer statistics
- Usage data (e.g., pages visited, interest in content, access times)
- Data according to items 4 and 5
2.2 Categories of affected persons
- Visitors and users of the website and online offers
- Customers, prospects and business partners
- Other communication partners
(Hereafter, we also refer to the data subjects collectively as "Users").
3. purpose of processing
We use your personal data
- For the provision of the website and the online offer, its functions and contents.
- For the creation and management of your personal customer account.
- To process your order
- For responding to contact requests and communication with users.
- For the newsletter dispatch
- For the assertion, enforcement, exercise or defense of and against legal claim(s) and legal dispute(s), and for the detection, investigation and prevention of crime
- On security measures
4. provision of the website and log files
(1) During the mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser automatically transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 lit. f) GDPR):
- IP address
- Geolocation
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access status/HTTP status code
- Data volume transferred in each case
- Web page from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software
(2) The IP addresses of the users are deleted or anonymized after termination of use. In the case of anonymization, the IP addresses are changed in such a way that the individual information about personal or factual circumstances can no longer be assigned to a specific or identifiable natural person, or can only be assigned to such a person with a disproportionate amount of time, cost and effort.
5. cookies
(1) In addition to the aforementioned log files data, cookies are stored on your computer when you use our website. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive and through which certain information flows to the body that sets the cookie (here by us). Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective.
(2) Use of cookies:
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Session cookies (for this b)
- Persistent cookies (in addition c).
b) Session cookies store a so-called session ID, with which various requests from your browser can be assigned to the joint session. Session cookies are deleted when you log out or close the browser. If you restart your browser and go back to the website, the website will not recognize you. You will need to log in again (if a login is required) or reset templates and preferences if the website offers these features. Then a new session cookie is generated, which stores your information and remains active until you leave the site again and close your browser.
c) Persistent cookies are automatically deleted after a specified duration, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
(3) Overview
Purpose | Description | storage duration |
---|---|---|
Technically necessary cookies | Technically necessary cookies enable the use of our website by providing basic functions such as page navigation and access to secure areas of the website. Visiting our website cannot function properly without these cookies. | Session cookies - are deleted when the browser is closed. |
Performance (e.g., user's browser), rendering, and preferences. | When using our website, cookies are used (e.g. to recognize the browser) to improve performance (e.g. faster loading of content). When you visit our website, the determined or self-selected country and language selection is stored in cookies to save you from having to select again on subsequent visits. In advance, we check whether your browser supports cookies and this information is stored in another cookie. | Session cookies - are deleted when the browser is closed. |
(4) Control over cookies
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
6. online store
(1) If you would like to order in our online store, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your order. For this purpose, it is necessary that you register. Mandatory information necessary for the processing of contracts is marked, other information is voluntary. After verification by us, the account (customer login) will be activated. We process the data you provide to process your order. The legal basis for this is Art. 6 para. 1 lit. b) GDPR.
(2) In order to process a purchase contract between you and nanoTools via the online store, the following data processing is also required: Your payment data may be passed on to payment service providers commissioned by us to process the payment(s). We pass on details of your delivery address to shipping partners commissioned by us. In order to ensure that the delivery is carried out according to your wishes, we transmit - insofar as this is necessary - your e-mail address and, if applicable, the telephone number to the shipping partner commissioned by us to handle the delivery. The respective data is transmitted solely for the respective purposes and deleted again after delivery has taken place, insofar as our service providers are not themselves obliged to retain the data for legal reasons.
(3) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, we will restrict processing after expiry of the statutory limitation periods, i.e. your data will thereafter be used solely for compliance with the statutory retention obligations.
(4) To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process is encrypted using TLS technology.
7. newsletter
7.1 Newsletter subscription
(1) With your consent, you can subscribe to our e-mail newsletter (hereinafter referred to as "newsletter"), with which we inform you about our products, sales and events.
(2) For the registration to our newsletter subscription, we use the so-called double-opt-in procedure. This means that after your registration, we will send you an email to the email address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 14 days, your information will be automatically deleted. In addition, we store your IP addresses used for registration and confirmation and the times of registration and confirmation. The purpose of this procedure is to prove your registration and, if necessary, to be able to clarify a possible misuse of your personal data.
(3) Mandatory information for sending the newsletter is only your e-mail address. The provision of further information is voluntary and will be used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending the newsletter.
(4) The legal basis for the above-mentioned processing operations within the scope of the newsletter subscription is your consent pursuant to Article 6 (1) p. 1 lit. a) GDPR.
(5) You can revoke your consent to the sending of the newsletter at any time by unsubscribing. You can unsubscribe by clicking on the link provided in each newsletter email or by sending a message to the contact details mentioned above in section 1 of this privacy policy.
(6) The data you provide when registering for the newsletter will be deleted when you unsubscribe from the newsletter.
7.2 Newsletter dispatch after product purchase
(1) If you have purchased products or services, we may send you our newsletter without prior registration for the newsletter subscription, to the email address you provided during the purchase. This concerns newsletters promoting similar products to those you have purchased in our webshop.
(2) The legal basis for the above-mentioned processing operations within the scope of the newsletter dispatch after a purchase is Article 6 (1) lit. f) GDPR. Our legitimate interest in data processing is the direct promotion of our products to our customers as well as your interest in offers and promotions.
(3) You can object to the sending of the newsletter at any time. You can declare your objection by clicking on the link provided in each newsletter e-mail or by sending a message to the contact details mentioned above in section 1 of this privacy policy.
8. contact form
(1) Our website contains a contact form that you can use to contact us electronically. If you contact us via this contact form, the data entered in the input fields will be processed by us. Mandatory fields are marked with *.
(2) When submitting the form, the following data is also stored:
- Your IP address
- Date and time of sending
Please note that the scope of the personal data collected in the context of the contact form also depends on the data you yourself disclose in the contact form.
(3) The purpose of processing the personal data is to process the contact request and to be able to contact you for the purpose of your request. The legal basis for the processing of the personal data provided by you in the context of the contact is Art. 6 para. 1 lit. b) GDPR.
(4) The other personal data processed during submission (IP address, date and time of submission) serve to prevent misuse of our contact form. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in preventing or being able to prove misuse of our contact form.
(5) The data shall be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
(6) The recipient of the data is our server host, which acts for us under a commissioned data agreement.
(7) The provision of personal data is neither legally nor contractually required and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it would possibly result in you not being able to use our contact form.
9. e-mail contact
(1) Contact is possible via the e-mail addresses provided on the website. In this case, the personal data of the user transmitted with the e-mail will be stored. The data will be used exclusively for the processing of the request. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f) GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.
(2) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
(3) Notwithstanding para. 2, the following shall apply: Contact requests from customers that relate to a specific business transaction shall be stored as long as this is necessary for the execution and processing of the contract (Art. 6 para. 1 lit. b) GDPR) or due to statutory retention obligations (Art. 6 para. 1 lit. c) GDPR). Contact requests from customers that do not relate to a specific business transaction are stored as long as the business relationship exists. The legal basis is Art. 6 para. 1 lit. f) GDPR to protect our legitimate interests and those of the customer, in particular support and quality assurance. Customers can object to the processing at any time in individual cases.
10. disclosure to third parties
As part of the hosting of our website, your data processed by us is processed on the basis of an order processing contract.
11. storage period
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. We delete your personal data as soon as it is no longer required for the above-mentioned purposes. In this context, personal data may be retained for the period during which claims can be asserted against our companies (statutory limitation periods of three or up to thirty years). In addition, we store your personal data to the extent that we are required to do so by law. Corresponding obligations to provide proof and to retain data result from commercial, tax and social security regulations.
12. automated decision making, profiling
As a matter of principle, we do not use fully automated decision ?ndings in accordance with Article 22 GDPR to establish and implement the business relationship. We do not engage in profiling.
13. links to other websites
(1) Our website may contain links to websites operated by third parties that are not covered by this privacy statement. These third-party websites have their own privacy policies and may also use cookies or other tracking technologies. The respective operator or the person designated as responsible of the corresponding website is responsible.
(2) The links to external websites are checked by us before linking. However, we have no influence on whether their operators comply with data protection regulations. If we become aware of violations or infringements, we will remove the corresponding links immediately.
B. Rights of the data subjects
14. your rights
If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against us as the controller.
a) Rights according to Art. 15 ff. GDPR
(1) The data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed; if this is the case, he or she has a right of access to such personal data and to the information specified in Article 15 of the GDPR. Under certain legal conditions, you have the right to rectification under Article 16 GDPR, the right to restriction of processing under Article 18 GDPR and the right to erasure ("right to be forgotten") under Article 17 GDPR. In addition, you have the right to receive the data you have provided in a structured, common and machine-readable format (right to data portability) pursuant to Article 20 GDPR, provided that the processing is carried out with the help of automated processes and is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) or on a contract pursuant to Article 6 (1) (b) GDPR.
b) Right to withdraw your consent pursuant to Art. 7 (3) GDPR
If the processing is based on consent, you have the right to withdraw your consent to the processing of personal data at any time. Please note that the withdrawal is only effective for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
c) Right of complaint
You have the option of contacting us or a data protection supervisory authority with a complaint (Article 77 GDPR). In Baden-Württemberg, the competent supervisory authority is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit, Postfach 10 29 32, 70025 Stuttgart, Tel.: +49 711 615541-0, FAX: +49 711 615541-15, E-Mail: poststelle@lfdi.bwl.de .
d) Right of objection according to Article 21 GDPR
In addition to the aforementioned rights, you have the right to object as follows:
Right to object on a case-by-case basis
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to a pro?ling based on this provision within the meaning of Article 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
Right to object to processing of data for advertising purposes
In individual cases, we process your personal data for the purpose of direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to pro?ling insofar as it is related to such direct advertising. If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes.
C. Final provisions
15. safety
We have taken technical and organizational security measures in accordance with Art. 24, 32 GDPR to protect your personal data from loss, destruction, manipulation and unauthorized access. All our employees and all third parties involved in data processing are committed to compliance with the requirements of the GDPR and the confidential handling of personal data.
16. changes to our privacy policy
We reserve the right to change our security and data protection measures, insofar as this becomes necessary due to technical development, the expansion of our services or legal changes. In these cases, we will also adapt our data protection declaration accordingly. Please therefore note the current version of our data protection declaration.