Privacy Policy

PERSONAL DATA PROTECTION RULES

Dear Madams and Sirs,

We would like to hereby inform you of the principles and procedures in the processing of personal data, being conducted in accordance with law of Germany Federal Data Protection Act and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR”).

Gold Standard Diagnostics Kassel may revise and update these Personal Data Protection Rules in case of need. Current version of the Personal Data Protection Rules will be available on the website www.kassel.goldstandarddiagnostics.com and in the registered office of Gold Standard Diagnostics Kassel. In case a significant change is made in the way in which personal data are handled, the Gold Standard Diagnostics Kassel will inform about it on the website www.kassel.goldstandarddiagnostics.com.

BASIC INFORMATION REGARDING PERSONAL DATA PROCESSING

Controller’s identification and contact information: Gold Standard Diagnostics Kassel GmbH, with its registered office at Otto-Hahn-Straße 16, D-34123 Kassel, Germany, a company registered in the Commercial Register with the Hesse District court Kassel HRB 5450 (hereinafter also referred to as the „Gold Standard Diagnostics Kassel“), contact email: info.kassel@eu.goldstandarddiagnostics.com, tel.: +49 (0)561 491 742-0.

Data protection officer: Gold Standard Diagnostics Kassel has not appointed a data protection officer, because Gold Standard Diagnostics Kassel is not an obligated person within the meaning of Art. 37 of the GDPR.

Transfer of personal data to a third country or international organization: Gold Standard Diagnostics Kassel does not transfer personal data into third countries nor to international organisations within the meaning of Art. 44 and following of the GDPR. The only exception are processors with seat in the United States of America specified below, that have committed themselves to comply with the conditions of adequate protection through Privacy Shield.

Automated individual decision-making
Matthias Stumpf
Eurofins Finance Transactions Germany GmbH
Am Neuländer Gewerbepark 1
21079 Hamburg
Germany
Mobile: +49 160 6265698
E-Mail: matthias.stumpf@sc.eurofinseu.com

Information on the nature of the provision of data: If personal data are being processed for the purpose of the fulfilment of an agreement or the fulfilment of legal obligations, the provision of data is a statutory requirement. If personal data are being processed on the basis of the consent of the data subject, the provision of data is a contractual requirement.

Supervisory authority: The supervisory authority is an independent public authority entitled to personal data protection in the state. The supervisory authority for Gold Standard Diagnostics Kassel is Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, with registered office at Postfach 3163, 65021 Wiesbaden, Germany, tel.: +49 611 1408 – 0.

ADDITIONAL INFORMATION REGARDING PERSONAL DATA PROCESSING

Purpose and scope of processing: For the purpose of fulfilling an agreement or fulfilling legal obligations, Gold Standard Diagnostics Kassel processes particularly: name, surname, business name, identification number, VAT number, residence/registered address, telephone, email.

Gold Standard Diagnostics Kassel also processes data from subjects through their visit to the website www.kassel.goldstandarddiagnostics.com. It is particularly IP address of a user.

If Gold Standard Diagnostics Kassel intends to process other personal data than as stated in this article, or for other purposes, it can do so only on the basis of a validly granted consent to the processing of personal data. Consent to the processing of personal data is granted by the data subject in a separate document.

Processing of Gold Standard Diagnostics Kassel employees’ personal data is governed by an internal regulation.

Duration of data processing: The personal data of data subject are processed by Gold Standard Diagnostics Kassel for the duration of the contractual relationship and subsequently for a maximum period of 5 years from the termination of the contractual relationship. Personal data being processed in order to fulfil obligations arising from special legal regulations are processed by Gold Standard Diagnostics Kassel for the duration of time as set out in such legal regulations. If it is necessary to use the personal data for the protection of the Gold Standard Diagnostics Kassels legitimate interests, Gold Standard Diagnostics Kassel processes these for the duration of time necessary in order to exercise such rights.

Sources of personal data: Gold Standard Diagnostics Kassel obtains personal data directly from data subjects within the scope of negotiations regarding the execution of the Agreement. Gold Standard Diagnostics Kassel always informs data subjects as to which of the personal they must provide for the purposes of the performance of the Agreement.

Filling of contact and order forms: In order to be able to use immunoSERVICE (testing of food intolerance), a contact and order form must be completed by the client on the website “www.kassel.goldstandarddiagnostics.com”. By completing the contact or order form and submitting this data to Gold Standard Diagnostics Kassel, the client agrees that his personal data will be stored and processed by Gold Standard Diagnostics Kassel. Gold Standard Diagnostics Kassel uses this data only within the scope of the permissible and for the purpose associated with the order.

The data transmitted via the contact and order form will be stored by Gold Standard Diagnostics Kassel and stored until revocation or according to legal provisions and used appropriately.

The following personal data must be provided by the client in order to use immunoSERVICE: Name; Country; E-mail address.

The data transmitted by the client in the contact and order form is used by Gold Standard Diagnostics Kassel for the administrative communication with the client as well as order processes.

RECIPIENTS OF PERSONAL DATA

Gold Standard Diagnostics Kassel does not transfer personal data to any other controllers.

Processors of personal data are:

The area of cooperation Identification of a processor
Providing of logistics Various logistics providers such as DHL, FedEx, etc.
Banking services Kasseler Sparkasse, with seat Wolfsschlucht 9, 34117 Kassel, Germany
E-mail hosting Strato AG, with registered office at Pascalstraße 10, 10587 Berlin, Germany
E-mail hosting Microsoft Corporation, with registered office One Microsoft Way, Redmond, Washington 98052 USA

Processing of personal data may be conducted for Gold Standard Diagnostics Kassel by processors exclusively on the basis of a personal data processing agreement, i.e. with guarantees of the organizational and technical security of such data with a definition of the purpose of processing, whereby processors cannot use the data for other purposes.

Personal data processed in order to fulfil an obligation set out in a special law may Gold Standard Diagnostics Kassel disclose to government authorities to other entities within the scope as set out in a special law.

TECHNICAL SECURITY OF DATA

For the purpose of the security of personal data against their unauthorized or accidental disclosure, Gold Standard Diagnostics Kassel applies reasonable and appropriate technical and organizational measures that are continuously updated. Technical measures consisting in the application of technologies preventing unauthorized access by third parties to personal data. Access authorization to personal data is individual-related. Organizational measures are a set of rules of behaviour for Gold Standard Diagnostics Kassels employees and are a part of the Gold Standard Diagnostics Kassels internal rules. These rules are considered to be confidential on grounds of security.

If Gold Standard Diagnostics Kassels servers are located in a data centre operated by a third party, Gold Standard Diagnostics Kassel takes care to ensure that the technical and organizational measures are implemented by the third party. Gold Standard Diagnostics Kassel proclaims, that all data are located only on servers within the European Union or in countries ensuring personal data protection in a manner equivalent to the protection ensured by the legal regulations of Germany.

RIGHTS OF DATA SUBJECTS

The right to object to processing: The data subject has, on grounds pertaining to the data subject’s specific situation, the right to raise an objection at any time to the processing of personal data pertaining to him/her and which Gold Standard Diagnostics Kassel is processing on grounds of its legitimate interest. In such a case, Gold Standard Diagnostics Kassel does not process the personal data further, unless it proves serious legitimate reasons for processing that override the interests or rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

The data subject has also:

  1. the right to access to personal data: The data subject has the right to obtain a confirmation from Gold Standard Diagnostics Kassel as to whether personal data pertaining to the data subject are or are not being processed, and if so, the data subject has the right to obtain access to such personal data and to the following information: a) the purpose of processing; b) the category of affected personal data; c) the recipients to which personal data have been or will be disclosed; d) the planned time period for which personal data will be stored; e) the existence of the right to require the correction or erasure of personal data from the controller or a restriction of the processing thereof, or to raise an objection to such processing; f) the right to lodge a complaint with supervisory authority; g) all available information on the source of the personal data, if they are not obtained from the data subject; h) the fact that automated decision-making is occurring, including profiling. The data subject also has the right to obtain a copy of the personal data being processed.

  2. the right to the correction of personal data: The data subject has the right to the correction of inaccurate personal data pertaining to the data subject or to the supplementation of incomplete personal data without undue delay by Gold Standard Diagnostics Kassel.

  3. the right to the erasure of personal data The data subject has the right to erasure of the data subject’s personal data pertaining to him/her by Gold Standard Diagnostics Kassel without undue delay, in the event that: a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; b) the data subject withdraws the consent on the basis of which the data were processed, and there is no other legal reason for processing; c) the data subject raises objections to processing and there are no overriding legitimate reasons for processing; d) the personal data were processed unlawfully; e) the personal data must be erased in order to fulfil a legal obligation set out within the law of the Union or of the Czech Republic; f) the personal data were collected in connection with an offer of information society services. The right to erasure shall not apply if the processing is necessary in order to fulfil legal obligations, for the establishment, exercise or defense of legal claims, and in other cases as set out within the GDPR.

  4. the right to the restriction of processing: The data subject has the right to the restriction of processing personal data by Gold Standard Diagnostics Kassel in any of the following cases: a) the data subject contests the accuracy of the personal data, for the time necessary for Gold Standard Diagnostics Kassel to verify the accuracy of the personal data; b) processing is unlawful and the data subject opposes the erasure of the personal data and, instead, requests a restriction of their use; c) Gold Standard Diagnostics Kassel no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defense of legal claims; d) the data subject has raised an objection to processing, until it is verified whether Gold Standard Diagnostics Kassel’s legitimate reasons override the legitimate reasons of the data subject.

  5. the right to data portability: The data subject has the right to obtain personal data pertaining to him/her that the data subject has provided to Gold Standard Diagnostics Kassel, in a structured, commonly used and machine-readable format, and the right to transfer such data to another controller, without Gold Standard Diagnostics Kassel preventing it, in the event that: a) processing is based upon consent and b) processing is being conducted by automated means. When exercising his/her right to data portability, the data subject has the right for personal data to be transferred directly by one controller to another controller, if this is technically feasible.

  6. the right to information regarding the correction or erasure of personal data or a restriction of processing: Gold Standard Diagnostics Kassel is obligated to notify individual recipients to whom personal data have been disclosed of all corrections or erasures of personal data or restrictions on processing, with the exception of cases where this is found to be impossible or it requires a disproportionate effort. If the data subject requests it, Gold Standard Diagnostics Kassel informs the data subject of such recipients.

  7. the right to lodge a complaint with a supervisory authority: If the data subject believes that Gold Standard Diagnostics Kassel is not processing his/her personal data in a lawful manner, the data subject has the right to lodge a complaint with a supervisory authority. The data subject may lodge the complaint especially in the Member state of his or her habitual residence, place of work or place of the alleged infringement.

  8. the right to be informed in the event of a breach of personal data security: If it is likely that a certain case of personal data security breach will result in a high risk to the rights and freedoms of natural persons, Gold Standard Diagnostics Kassel shall notify the data subject of such breach without undue delay.

  9. the right to withdraw consent to the processing of personal data: If Gold Standard Diagnostics Kassel processes any personal data on the basis of consent, the data subject has the right to withdraw its consent to the processing of personal data at any time in writing, by sending a non-consent to the processing of personal data to the email address info.kassel@eu.goldstandarddiagnostics.com.

Gold Standard Diagnostics Kassel shall comply with the request of data subject according to a) – f) or the raised objection within one (1) month at the latest and where necessary within three (3) months from the date of receipt of the proper request. In the event of misuse of this right, in particular where requests from a data subject are manifestly unfounded or excessive, Gold Standard Diagnostics Kassel may to charge a reasonable fee or to refuse to act on the request.

COOKIE FILES

Gold Standard Diagnostics Kassel uses cookie files, that identify the user of the website www.kassel.goldstandarddiagnostics.com and record the user’s activities. The text of a cookie file consists of a series of numbers and letters that uniquely identify the user’s computer, but do not provide any specific personal data regarding the user.

The website www.kassel.goldstandarddiagnostics.com automatically identifies the user’s IP address. The IP address is the number automatically assigned to the user’s computer upon connecting to the internet. All such information is recorded in the activity file by the server, which enables the subsequent processing of data.

Purpose of using cookie files: Gold Standard Diagnostics Kassel uses cookie files and similar technologies for several purposes, which include:

  • Short-term cookies, that are necessary for the function of the website. These cookies are removed once the browser is closed or an operation on the website is completed.

  • Long-term cookies, that remember user-defined settings. These cookies can be removed in browser settings.

Third party cookie files may also be located on the website www.kassel.goldstandarddiagnostics.com For example, this may be so because Gold Standard Diagnostics Kassel has authorized a third party to, for example, conduct a site analysis.

Cookie setting: The majority of web browsers accept cookie files automatically. However, they provide controls that enable them to be blocked or removed. Users of the website www.kassel.goldstandarddiagnostics.com are thus entitled to set their browser in such a way so that the use of cookie files on their computer is prevented. Instructions for blocking or removing cookie files in browsers may usually be found in the user documentation of individual browsers.