Privacy Statement

Privacy Policy for Customers and Business Partners

Information about the use of your personal data on our website

We are very serious about protecting your personal data, and we comply with applicable data protection law. We would like to inform you here about how we process your personal data. You can review this information at any time below on each page of our website under the heading "Legal Notice & Privacy Statement".

1 Data controller and data protection officer

The controller of the data within the meaning of Article 4 number 7 General Data Protection Regulation ("GDPR") is

Eppendorf SE
Barkhausenweg 1
22339 Hamburg

(hereinafter referred to in this Privacy Statement also as "Eppendorf", "we" or "us").

If you have questions or suggestions with regard to data protection, please also feel free to contact us by email at the address privacy@eppendorf.com.

You can reach our data protection officer at dataprotectionofficer@eppendorf.com.

If the website you have accessed is operated by another company in the Eppendorf Group, that company is responsible for the data processing that takes place on the relevant website. The following information about the use of your personal data applies accordingly. If you have questions or if you would like to assert any rights, please use the contact information set forth in the publisher's information for the relevant website.

2 Subject of data protection and processed data

The subject of data protection consists of personal data. These are all information according to Art. 4 no. 1 GDPR which relate to an identified or identifiable natural person, such as the name or an identification number.

Many of the data we process result directly from the respective context of the processing.

As soon as you visit our website, we automatically collect and store certain user data. This includes the IP address assigned to your computer which we need for transmitting the content of our website you have accessed to your computer or other end-device (a "device") (e.g. texts, images, games and product information as well as data files provided for download etc.).

We also collect and store information about the use of the website such as e.g. the used type of browser and the used operating system as well as the date and time of day when you have used the website as well as the URL of the previously visited website. We process your data, in order to provide to you the website and the related functions.

If you use special functions, for example, submitting an order on our website, we also process the data needed for providing the function. In the context of an order, we process the data you have entered, for example, for processing the order. If you fill out the contact form, we use the data to conduct correspondence with you.

In addition, we will describe additional categories of personal data we process in the context of this Privacy Statement when we discuss the respective topics.

3 Purposes of processing and legal basis

3.1 We process your data on the basis of a consent you have issued (Art. 6 para. 1 lit. a GDPR) in the extent set forth in the respective consent and for the purposes of the processing explained there.

3.2 We process your personal data for the following purposes on the basis of fulfilling a contract or performing a pre-contractual measure (Art. 6 para. 1 lit. b GDPR):

  • to present our website
  • to process your orders, including payment as well as providing customer service (for example, returns)
  • to carry out our special functions in the area of myEppendorf (e.g. epPoints, product registration) 
  • to implement orders or cancellation of orders for subscriptions, email newsletters and webinars
  • to process online applications
  • to conduct competitions, contests and surveys

3.3 We process your personal data for the following purposes, in order to preserve our legitimate interests especially for protection of our IT infrastructure, assuring satisfactory customer communications and promoting the sale of our products (Art. 6 para. 1 lit. f GDPR):

  • to get to know our customers better
  • to process other contacts you have made (e.g. in the case of questions, suggestions or other notifications, also in the context of our social media presence)
  • to operate our social media presence and optimize our social media activities
  • for protection against fraud
  • to optimize our offering (especially also designing our website so that it meets the needs)
  • to maintain IT security
  • to be able to send you information about products and activities which might interest you
  • to display online advertising that corresponds to your interests

We process these data unless your interests, fundamental rights or fundamental freedoms (especially for protection of your personal data) outweigh our above-described legitimate interests.

3.4 A situation can also arise in exceptional circumstances under which we process your data to fulfill a legal obligation (Art. 6 para. 1 lit. c GDPR), to protect interests that are important for life (Art. 6 para. 1 lit. d GDPR) or to carry out a responsibility in the public interest (Art. 6 para. 1 lit. e GDPR).

 

4 Further collection and use of your data

4.1 Cookies

We store so-called "cookies", in order to offer you an extensive scope of functions and design the use of our websites (for example, the online purchases) in a manner which is more comfortable for you. "Cookies" are small data files which are stored on your computer with the assistance of your internet browser.

You can regulate the use of individual cookies through your privacy settings on your browser.

4.2 Google services

We use various services from Google on our website. These services – to the extent not stated otherwise – are provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. You can find further information about how Google uses your data in the privacy policy of Google: https://policies.google.com/privacy?hl=de. Based on the Google services that are used, your browser automatically establishes a direct connection to the server of Google. As a result of including Google services, Google receives, for example, the information that you have accessed a corresponding section of our internet presence or have clicked on one of our advertisements. If you are registered at a service of Google, Google can attribute the visit to your account. Even if you are not registered with Google and have not logged in, there is a possibility that the provider can learn about and store your IP address. Please also note that Google might combine the data collected through this website with other information if you are logged in in your Google account at the time of use. Google may transmit personal data to third parties if this required by law or to the extent third parties process these data on behalf of Google.

4.2.1 Google Analytics

We also Google Analytics, a web analysis service of Google Ireland Limited ("Google"). This Google service uses "cookies" which permit an analysis of your use of the website. The information produced by the cookie with regard to your use of this website (including your IP address which is shortened to the last octet and, thus, anonymized) are transmitted to a server of Google in Ireland and stored there. Google will use this information at our instruction, in order to analyze your use of the website, compile statistical reports for us about the activity on the website and to provide other services involved with using our website and the internet.

You can deactivate the data storage by Google Analytics by means of a browser add-on if you do not wish to have website analysis. You can download this add-on here: http://tools.google.com/dlpage/gaoptout?hl=de. You can also object to the use of Google Analytics by clicking on the following link: Click here to be excluded from the collection via Google Tag Manager. Please note that you may have to repeat this step after cancelling the cookies on your end-device. Aside from this, we erase the data collected with Google Analytics after 14 months.

4.2.2 Google Remarketing

We use the application Google Remarketing. Under this application, Google uses cookies to record your use of our website and to display to you on other pages in the Google Display Network as well as in the world wide web interest-based online advertising for our products in the form of display adds using Display & Video 360. The information is transmitted accordingly to Google and the partners of Google. Any further data processing only takes places if you have granted consent to Google to link your browser use on Google to a Google account and to the extent that information from the Google account is used for personalizing advertisements which you see in the internet. If you are logged in at Google in this situation during the visit to our visit, Google uses your data together with Google Analytics data, in order to produce and define target group lists for remarketing that is independent of the device. Your personal data are temporarily linked for this purpose with Google Analytics data to establish the target groups.

If you do not want Google to record your surfing in order to display advertising, you also have the following possibilities to the privacy settings in your browser and the choice of cookie preferences (see on this point above in Section 4.1):

Please note that you may have to repeat this step after erasing the cookies on your end-device.

4.2.3 Google Ads

We use the service Google Ads in order to activate search displays in the search results of Google as well as advertising based on your interests within the Google advertising network by means of the remarketing function in Google Ads.

4.2.3.1 Google Ads Conversion Tracking

We use the service Google Ads Conversion Tracking to analyze and improve the success and effectiveness of our advertising measures in the Google network. As soon as you have clicked on one of our advertisements in the Google network, a cookie is placed on your end-device for this purpose. This cookie enables Google to recognize your internet browser. The information obtained by means of the conversion cookie serve the purpose of producing conversion statistics for us in Google Ads. These cookies, which are set through our website, become invalid after 90 days and are automatically erased.

If you do not want Google to record your surfing in order to display advertising, you also have the following possibilities to the privacy settings in your browser and the choice of cookie preferences (see on this point above in Section 4.1):

Please note that you may have to repeat this step after erasing the cookies on your end-device.

4.2.3.2 Google Ads Remarketing

We use the remarketing function in the Google Ads service. We can present to you on other websites within the Google advertising network by means of this remarketing function (in Google search or on YouTube, so-called "Google advertisements" or on other websites) advertisements which are based on your interests. Your surfing behavior on our website is analyzed in an anonymized manner for Eppendorf, e.g. with regard to which products or offerings you have viewed on our website. This enables us to display on the online search engine Google itself so-called "Google advertisements" and individualized advertising on other third-party websites even after your visit to our website.

As soon as you arrive at our website through a display activated on Google, Google Ads places a cookie on your computer. These cookies which are placed through our website lose their validity after 90 days. In some cases this timeframe can be extended to 24 months. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognize that you have clicked on the advertisement and have been forwarded to that page.

If you do not want Google to record your surfing in order to display advertising, you also have the following possibilities to the privacy settings in your browser and the choice of cookie preferences (see on this point above in Section 4.1):

Please note that you may have to repeat this step after erasing the cookies on your end-device.

4.2.4 Google Display & Video 360

We use Google Display & Video 360 to activate banner advertisements (also referred to "displays") in the internet as well as to activate banner advertisements based on your interests. We use targeting functions within the Google Display & Video 360 service for this purpose, including the remarketing function.

Display & Video 360 places cookies in order to present relevant advertisements to you which improve the reporting on campaign performance or in order to avoid you from seeing the same advertisements multiple times. Google uses cookie ID to determine which advertisements are activated in which browser, and Google can accordingly prevent these advertisements from being displayed multiple times.

4.2.4.1 Google Display & Video 360 Remarketing

We use the remarketing function within Google Display & Video 360 service. We can use the remarketing function to present to you advertisements based on your interests on other websites. Your surfing pattern on our website is analyzed in an anonymized manner for this purpose on behalf of Eppendorf to see e.g. which products or offerings you have looked at after you have accessed one of our display/video advertisements on Google or on another platform using Display & Video 360 or if you have clicked on such advertisements (conversion tracking). Display & Video 360 uses cookies to understand the content which you have interacted with on our websites, in order to be able to be sent to you targeted advertising later.

Users who reach our website through banner advertising of Eppendorf which was activated by means of Google Display & Video 360 receive a cookie placed on their computer from Google Display & Video 360. These cookies which are placed through our website lose their validity after 90 days. In some cases this timeframe can be extended to 24 months. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognize that you have clicked on the advertisement and have been forwarded to that page.

If you do not want Google to record your surfing in order to display advertising, you also have the following possibilities to the privacy settings in your browser and the choice of cookie preferences (see on this point above in Section 4.1):

Please note that you may have to repeat this step after erasing the cookies on your end-device.

4.2.5 Google (Invisible) reCAPTCHA

We use the service "Google (Invisible) reCAPTCHA" of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google") in our internet presence. Google (Invisible) reCAPTCHA processes information about your usage in our internet appearance.

We use Google (Invisible) reCAPTCHA to examine whether the entry is made by a human being or in an improper manner by automated, mechanical processing. The process serves to defend against spam, DDoS attacks and similar automated harmful access. The use of Google (Invisible) reCAPTCHA accordingly directly serves to secure the integrity and functionality of our systems. This also constitutes our legitimate interest. The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR.

The IP address transmitted in the context of Google (Invisible) reCAPTCHA is not combined with other Google data unless you are logged into your Google account at the point in time when Google (Invisible) reCAPTCHA is used. If you want to prevent this transmission and storage of data about you and your usage on our website by Google, you must log out in Google before you visit our site or use Google (Invisible) reCAPTCHA. You can find additional information on the processing of your data by Google at: https://policies.google.com/privacy

4.2.6Google MyBusiness

We operate a so-called Google MyBusiness profile. If you have your normal place of abode in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, "Google") is the controller responsible for the data processed in the context of this service. If you have your normal place of abode in the United Kingdom, Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, "Google") is the controller for your data processed in the context of this service.

We have the possibility to present our company to you through Google MyBusiness. You also have the possibility to contact us and evaluate our company as well as upload photographs with regard to our company. We wish to inform you that you use our Google MyBusiness profile and your function at your own responsibility. This applies especially for using the social and interactive functions, e.g. commenting, sharing, evaluating, direct messaging). During a visit and interaction with our Google MyBusiness profile, Google also collects your IP address as well as other information available on your end-device in the form of so-called cookies. The data collected about you in this context are processed by Google and may be transmitted to countries outside the European Union.

The purpose and scope of the data collection and the further processing and use of the data by Google as well as your corresponding rights and possibilities for settings to protect your privacy can be found in the data protection information from Google: https://www.google.com/intl/de/policies/privacy/

If you want to contact us through our Google MyBusiness profile, we would like to refer you to our corresponding information "Contact Form / Contact by Email". We use your data in order to respond to your inquiry through Google MyBusiness or to react to your evaluation. The legal basis for this is our legitimate interest under Art. 6 para. 1 sentence 1 lit. f) GDPR. Aside from this, we do not process any other data from your use of Google MyBusiness. 

4.2.7 Google Maps

We use the Google Maps API (an interface to Google Maps to our website). This serves on our website, for example, to enable you to plan how to drive to us. When using Google Maps, information about your use of our website (including your IP address) is transmitted to Google. Google Maps is linked through the programming language JavaScript. You can interrupt the connection and the data transmission to Google by installing a JavaScript blocker.

4.3 Additional data analysis with pseudonymized use profiles

4.3.1 MediaMath

We use MediaMath Analytics & Insights, a web analysis service from MediaMath, Inc. ("MediaMath"). MediaMath uses cookies which are stored on your end device and which make it possible to analyze how you use the website. The data storage here can e.g. include the type of browser, the operating system, the browser language, the IP address and the internet provider.

MediaMath processes the data linked to your end-device to make a pseudonym, a so-called "MediaMath-ID". This unique MediaMath-ID is then possibly stored in a cookie in your end-device and then helps to provide relevant advertisements for you. The MediaMath-ID and other information collected through the platform can also help us to measure your activity on our website and accordingly determine the effectiveness of the advertisements provided through the platform. Your needs can be better fulfilled in this manner. Furthermore, we can show you advertisements for the types of products for which you might have an interest.

MediaMath will transfer this information as needed to third parties if this is required by law or to the extent third parties process these data at the instruction of MediaMath. More detailed information about how MediaMath uses your data as well as about the possibility to prevent the use of cookies by MediaMath can be found in the data protection statement of MediaMath at: http://www.mediamath.com/de/datenschutzrichtlinien/. If you do not want MediaMath to process your described personal data in the context of this website, you can also, for example, opt out using the privacy settings on your web browser or here: http://www.mediamath.com/ad-choices-opt-out/.

4.3.2 Dynamic Yield

We use the services of Dynamic Yield Ltd., Highlands House Basingstoke Road, Spencers Wood, Reading, Berkshire, England, RG7 1NT, ("Dynamic Yield"). Our web offering is optimized with Dynamic Yield, in order to make your visit to our website a personal experience by providing fitting recommendations and content. We use for this purpose the page content you have accessed, in order to recommend to you equivalent or related content or other content that is relevant for you. Dynamic Yield collects for this purpose pseudonymized information about your activity when using our site. Cookies are used through which the exclusively anonymize information is stored under a random generated ID (pseudonym). Your IP addresses are stored exclusively in anonymized form. A direct connection to a person is accordingly not possible. You can object at any time to the collection of information by Dynamic Yield by clicking on the following link and confirming the opt out: https://www.dynamicyield.com/privacy-policy/#optinout. This place is an opt-out cookie which prevents the future collection of data when you visit this website. You can find more detailed information about the used tracking technology at the following link: https://www.dynamicyield.com/privacy-policy/

4.3.3 Algolia

We use the search technology "Algolia" of Algolia SAS (55 Rue Amsterdam, 75008 Paris, France) on our website through an API. This involves a real time search service with which the visitor receives a direct response to the visitor's search request. Algolia search is used in the interest of being able to reach and easily find our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The relevant data protection provisions of Algolia can be accessed at https://www.algolia.com/policies/privacy.

4.3.4 etracker

The provider of this website uses the services of etracker GmbH, Hamburg, Germany https://www.etracker.com/en/home-en/ to analyse usage data. We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.

The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.

The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.

You can object to the outlined data processing at any time by clicking on the slider. The objection has no disadvantageous consequences. If no slider is displayed, the data collection is already prevented by other blocking means.

Further information on data protection with etracker can be found here.

4.4 Including payment service providers in Australia, Canada and the USA

We use various service providers who support us when processing payments (e.g. when you purchase products from us). Our online shop in Australia uses the provider CyberSource Corporation HQ ("CyberSource"), our online shops in Canada and the USA use the provider Paymetric Inc. ("Paymetric").

CyberSource and Paymetric also use data entered by you when you order, in order to process the respective order at our instruction.

Other information about the purpose and extent of processing of your personal data by CyberSource can be found at: https://www.cybersource.com/privacy/.

You can find additional information about the purpose and scope of the processing of your personal data by Paymetric at: https://www.paymetric.com/privacy-policy-2/.

4.5 Social media remarketing

We have placed various remarketing services on our website. By using these services – if applicable, for multiple devices – we collect information about which pages and which products you have viewed on our website, in order to display to you advertising in accordance with your interests on social networks. The corresponding information is collected and accessed through cookies and similar technologies. You can prevent the use of these services by corresponding settings on your internet browser or using ad-blockers.

We specifically use the following services:

4.5.1 Facebook-Pixel

The Facebook-Pixel is integrated on our website. This involves Javascript code. The Facebook-Pixel is used to collect information when you perform certain actions on our website or visit certain areas on our website. By using the Facebook-Pixel we also collect use data (such as the URL, referrer URL, IP address, device and browser characteristics as well as a time stamp). The Facebook-Pixel generates a test value (hash-value) using this information and transmits this hash-value to Facebook Ireland Ltd., Ireland, or to Facebook Inc., USA, as well as possibly to other Facebook companies. To the extent available, the Facebook cookie is also addressed and your Facebook ID is transmitted. If you have a Facebook profile and log in there, individualized advertising for our products can be presented to you by using the data transmitted through the pixel. Data of users who do not have a Facebook profile are discarded by Facebook without using the data.

Additional information about the purpose and extent of collecting data and the further processing and use of the data by Facebook as well as your possibilities for settings to protect your privacy in the case of Facebook can be found in the data protection guidelines of Facebook at https://de-de.facebook.com/privacy/explanation. You will find information about how you can prevent data processing in connection with the Facebook-Pixel at: https://de-de.facebook.com/help/769828729705201/. Aside from this, the information collected using the Facebook-Pixel is erased after 30 days.

Facebook is operated for users in the EU by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, and by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, for users in the USA. Your data can also be provided to other Facebook companies. This can result in transmission of personal data to the USA or other third party countries outside the European Economic Area. In order to preserve a reasonable level of data protection within the meaning of the GDPR, Facebook Ireland, according to its own statements, uses the standard contract clauses approved at the EU Commission, which constitute a suitable guarantee for transmission to third party countries pursuant to Art. 46 para. 2 lit. c GDPR.

4.5.2 LinkedIn Insight Tag

The LinkedIn Insight Tag is a piece of lightweight JavaScript code, which is integrated in our website. The LinkedIn Insight Tag collects information if you conduct certain actions on our website or visit certain areas on our website. The LinkedIn Insight Tag also collects usage data (such as the URL, referrer URL, IP address, device and browser features as well as a time stamp). This data is transmitted encrypted to LinkedIn so that LinkedIn can play targeted advertising on the own platform.

You can find information about your possibilities for settings at LinkedIn and about how you can prevent the use of the LinkedIn Insight Tags in the settings in your LinkedIn account. The indirect designations of the members are removed within seven days, in order to pseudonymize the data. The remaining pseudonymized data are erased then within 180 days.

In the case of users domiciled in the European Economic Area in Switzerland, LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, ("LinkedIn Ireland") and, in the case of users domiciled in the USA, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. You can find the data protection guideline of LinkedIn Ireland here: https://www.linkedin.com/legal/privacy-policy?trk=organization-guest_footer-privacy-policy. You can also find information about the possibilities for settings in your LinkedIn profile. LinkedIn Ireland transmits personal data also to third party countries outside the European Economic Area. You can find corresponding information at: https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de. LinkedIn accordingly regularly secures a reasonable level of data protection by concluding standard contract clauses approved by the EU Commission which represent a suitable guarantee for transmission to third party countries pursuant to Art. 46 para. 2 lit. c GDPR.

4.6 Marketo

We use Adobe Marketo Engage ("Marketo"), a software platform of Marketo EMEA Limited with its headquarters in Ireland. Marketo serves the purpose of marketing automatization and makes it possible for us to optimize marketing strategies and processes.

The purposes of processing personal data with Marketo consist of personalized marketing automatization (4.6.1) as well as improving lead management (4.6.2).

We process the following categories of personal data with Marketo: contact data (salutation, first name and last name, title if applicable, email address, telephone number), specific professional information (position, professional designation, company, section or department), behavioral data (website activities, interactions with received emails), event data (participation in events and webinars), additional information which are provided by the data subjects (e.g. using web forms). We do not process sensitive information. We accordingly ask you not to also communicate any information with potential contact forms or other communications channels with regard to your ethnic origin, political opinions, religious or philosophical convictions, membership in unions as well as data about health or data about sexual life or sexual orientation.

4.6.1 Personalized marketing automatization

We use Marketo as a communications service, but also to optimize our services. This includes sending personalized email newsletters as well as personalized advertising of web content on our website, customized for likely preferences of the potential customers. As a result of using a tracking pixel, we can measure the interaction with newsletters we have sent. We use JavaScript-Snippet on our website to record whether certain pages are visited or certain actions are executed.

This processing takes place on the basis of your consent (Art. 6 para. 1 lit. a) GDPR). Your consent is voluntary and can be revoked at any time with effect for the future.

We also use Marketo for answering inquiries and registration and cancelling registration for webinars. Depending on the content of your inquiry, this takes place on the basis of developing a contract or performing a contract (Art. 6 para. 1 lit. b) GDPR) or on the basis of our overriding legitimate interests. Our legitimate interest results from the processing of your matter.

4.6.2 Lead management

Leads are information about potential new customers as well as inquiries from existing customers with a possible intent to purchase. Lead management is directed towards the effective administration of leads by segmenting and assessing them. Lead scoring is the basis for segmentation.

Lead scoring makes it possible to assess the leads, in order to be able to classify the willingness to purchase. The standard is a measurement of the interest of a person in Eppendorf. The weighting and definition of the criteria for the storing are based on empirical assumptions which correlate to the probability of interest in making a purchase. The weighting takes place by assigning points in which a certain value is attributed to each criterion. The sum of the points then results in the total number of points for the lead which serves as a basis for classifying the lead. To the extent a threshold is reached, the lead is classified as a "Qualified Lead". A check can subsequently be carried out with regard to whether these persons can legally be approached with advertising.

The score can consist of the following information from offline sources:

Registration for an event, participation in an event, participation in a roadshow, a user group, a table top event, visiting a trade fair stand, indicating interest after visiting the trade fair, participation in a webinar, viewing a recorded webinar. This information is imported into Marketo from various events.

The reactions to emails also are included in developing the value as follows: opening an email, selecting a link in the email. A link is chosen which leads to social media content. This information is collected using a tracking pixel.

The activity on our website is also recorded and included in the score: Downloading a white paper, user instructions for products as well as a catalog, downloading information brochures, certificates, visiting relevant sub-pages.

We sometimes use cookies to collect the above-mentioned information. The use of cookies and the subsequent data processing only take place with your consent g (§ 25 para. 1 German Telecommunications-Telemedia Data Protection Act [Telekommunikation-Telemedien-Datenschutz-Gesetz, "TTDSG"], Art. 6 para. 1 lit. a) GDPR). If you have granted additional consent, we use your personal data also to develop a profile (Art. 6 para. 1 lit. a) GDPR). Your consent is voluntary and can be revoked at any time with effect for the future.

Information is also collected which reduces the score. This information correlates with a person's lack of interest and, therefore, is also taken into account. An email cannot be delivered because the email address no longer exists, or an email cannot be delivered temporarily for technical reasons, or there has been absolutely no activity within the last sixty days, and cancelling registration for events or cancelling a newsletter.

Adding the individual values requires that data are combined from various sources. If a data subject has already had contact with us, e.g. in the context of a purchase that has already been carried out, this information is also linked to the score.

5 Our presence on social media

We operate pages and profiles on various social media platforms. This presence serves to have better, active communication with our customers and interested parties. The following described processing of personal data occurs in this context.

If you interact with our social media presence or our articles, we will collect and process the information you have provided, if applicable, together with your user name and any profile photos, for example, if you mark a contribution with "like" or if you share or "retweet" or comment or provide other content. Please also note that this content is published in accordance with your account settings on our relevant social media presence and can be accessed by everyone worldwide. We can conduct additional data processing, in order to receive and be able to respond to inquiries or messages through or social media presence. Finally, your publicly disclosed profile data can be processed to the extent we have a legitimate interest in doing so.

Furthermore, the respective operators collect and process personal data from you under their own responsibility under their data protection law if you visit one of our social media presences and/or interact with the presence or our contributions. This applies especially if you are registered and logged in at the corresponding social media platform. Even if you are not registered at the respective platform, the operators collect certain personal data when the site is accessed, for example, clear designations which are linked to your browser or your device. Please note that these data might possibly be combined through various platforms and services if they are operated by the same operator. For example, both Facebook as well as Instagram are operated by Facebook Ireland Limited. You can find additional information in the data protection statements of the respective operators to which we refer below.

We operate specifically the following presences in social media:

5.1 Facebook

Eppendorf maintains various Facebook presences, including at https://www.facebook.com/eppendorf/ 

Facebook is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland Ltd.”). You can find the data protection guideline of Facebook at: https://de-de.facebook.com/policy.php. You will also find their information about the possibilities for settings in your Facebook account.

Your personal data can also be provided to other Facebook companies. This can result in a transmission of personal data to the USA or other third party countries outside the European Economic Area. In order to preserve a reasonable level of data protection in the sense of the GDPR, Facebook Ireland, according to the own statements, uses standard contract clauses approved by the EU Commission which constitute an appropriate guarantee for transmission to third party countries pursuant to Art. 46 para. 2 lit. c GDPR.

We are also responsible together with Facebook Ireland for the processing of so-called page insights in the course of operating our Facebook page. Facebook Ireland uses these page insights to analyze the activity on our Facebook page and provides us this information in a form which does not relate to the specific person. We have concluded for this purpose an agreement with Facebook Ireland about joint responsibility under data protection law which you can see at the following link: https://de-de.facebook.com/legal/terms/page_controller_addendum. Facebook Ireland undertakes in this agreement, among other points, to assume the primary responsibility under the GDPR for the processing of page insights and to fulfill all duties under GDPR with regard to the processing of the page insights.

We use a chatbot for our Facebook page to answer your questions and your concerns. This chatbot is provided by knowhere GmbH, Hamburg, Germany. To the extent knowhere GmbH has access to personal data, knowhere GmbH acts as a contract data processer for us (see on this point also Section 7.1 of this Privacy Statement).

5.2 Instagram

Eppendorf has various presences on Instagram, including at www.instagram.com/eppendorfuk/ and https://www.instagram.com/eppendorf_usa.   

Instagram is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland"). The Instagram data protection statement can be found at: https://help.instagram.com/519522125107875. You will also find their information about the possibilities for settings in your account.

Your personal data can also be provided to other Facebook companies. This can result in a transmission of personal data to the USA or other third party countries outside the European Economic Area. . In order to preserve a reasonable level of data protection in the sense of the GDPR, Facebook Ireland, according to the own statements, uses standard contract clauses approved by the EU Commission which constitute an appropriate guarantee for transmission to third party countries pursuant to Art. 46 para. 2 lit. c GDPR.

We also use the function Instagram Insights. Under this function, we receive from Facebook Ireland data about the use of our account which are not personal data. We can use this information to analyze and optimize the effectiveness of our Instagram activities.

5.3 Twitter

Eppendorf has various presences on Twitter, including at https://twitter.com/eppendorf_group.

Twitter is operated by Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland ("Twitter International") for users outside the USA. The data protection statement of Twitter can be found at: https://twitter.com/de/privacy. You will also find information there about possibilities for settings in your Twitter Account.

Please note that Twitter International transmits personal data also to third party countries outside the European Economic Area. To the extent there is such transmission and no reasonable level of data protection has been identified by the EU Commission in the country where the data are received, Twitter International provides a reasonable level of data protection by using the standard contract clauses approved by the EU Commission which represent an appropriate guarantee under Art. 46 para. 2 lit. c GDPR for the transmission to third party countries. Twitter also transmit personal data to US companies which are certified under the EU-U.S. Privacy Shield. The European Commission made the decision in a resolution dated 12 July 2016 with regard to the USA that a reasonable level of data protection exists under the provisions in the EU-U.S. Privacy Shield (resolution on reasonableness, Art. 45 GDPR).

We also use the function Twitter Analytics. We receive with this function from Twitter International data about the use of our account which are not personal data. We can use this information to analyze and optimize the effectiveness of our Twitter activities.

5.4 YouTube

You can find our YouTube channel at https://www.youtube.com/user/Eppendorf.

YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google Ireland"). You can find the data protection statement of Google Ireland here: https://policies.google.com/privacy?hl=de. You will also find their information about the possibilities for settings in your Google account. Please note that your Google account might be used for various Google services (e.g. Gmail, YouTube, Google Search) and that Google Ireland can combine personal data for the Google services you use in accordance with the settings in your Google account.

This can also result in processing by US American Company Google LLC and its subsidiaries. Google LLC is certified under the EU-U.S. Privacy Shield. One hundred percent subsidiaries of Google LLC are also covered by the certification. With regard to the USA, the EU Commission has made the decision with a resolution dated 12 July 2016 that a reasonable level of data protection exists under the provisions in the EU-U.S. Privacy Shield (resolution on reasonableness, Art. 45 GDPR). You can obtain further information about the certification of Google LLC here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

Finally, Google Ireland receives information and analyses about the use of our account and interactions with our videos which do not include personal data. We can use this information to analyze and optimize the effectiveness of our YouTube activities.

5.5 LinkedIn

Eppendorf has various presences on LinkedIn, especially at https://de.linkedin.com/company/eppendorf-ag .

LinkedIn is operated for users domiciled in the European Economic Area and Switzerland by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, ("LinkedIn Ireland") and for users domiciled in the USA by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. The data protection statement of LinkedIn Ireland can be found here: https://www.linkedin.com/legal/privacy-policy?trk=organization-guest_footer-privacy-policy. Your also find their information about the possibilities for settings in your LinkedIn profile.

LinkedIn Ireland transmits personal data also to third party countries outside the European Economic Area. You can find corresponding information at https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de. LinkedIn accordingly regularly secures a reasonable level of data protection by including standard contract clauses approved by the EU Commission which represent an appropriate guarantee for the transmission to third party countries pursuant to Art. 46 para. 2 lit. GDPR.

Finally, we receive from LinkedIn Ireland information and analyses about the use of our accounts and interaction with our contributions which do not include personal data. We can use this information to analyze and optimize the effectiveness of our LinkedIn activities.

5.6 Social Media Management Tool

In order to manage our presence on various social media, we use the service "Falcon" provided by Falcon.io ApS, H.C. Andersens Boulevard 27, 1., 1553 Copenhagen V, Denmark. We use this service, for example, to prepare, plan, publish, like and share contributions. We also use the service to observe relevant discussion in the social web concerning our company, brands and our services and products. Falcon.io ApS is active as our contract data processor and can accordingly only process your personal data in accordance with our instructions (see on this aspect, Section 7.1 of this Privacy Statement).

5.7 Social Data Intelligence Tool

We use the Social Data Intelligence Tool "Talkwalker" provided by Talkwalker S.à r.l., 16, Avenue Monterey L-2163 Luxembourg. We can use this tool to monitor the social media channels and online media to identify when our company and our brands are mentioned and learn what customers are thinking about the brands, our advertising campaigns, products and events. We can also recognize early and observe trends and potential risks by using Talkwalker. The goal is to optimize our marketing measures accordingly. Talkwalker collects and processes the actions executed by your in social media channels and through the data publicly disclosed in your corresponding profiles such as name, user name, user ID, geolocalization data, age, gender, consumption practices, hobbies and interests, professional and educational background as well as photographs and videos. Talkwalker S.à r.l. works as our contract data processor and can accordingly only process your personal data in accordance with our instructions (see on this aspect, Section 7.1 of this Privacy Statement).

6 Advertising communication by email, post or phone

On our websites we offer you the opportunity to request promotional information about Eppendorf Group goods and services.

If you have given us your consent to receive promotional information, we or other companies in the Eppendorf Group will use the data you provide (in particular your email address and name) to send you email newsletters, postal mail or to provide promotional information about the Eppendorf Group's goods and services by telephone.

We verify your consent to receive the email newsletter by using the so-called double opt-in procedure. This means that we first ask you to actively confirm your consent by sending an email to the email address you provided. We use the information about the confirmation and the time of the confirmation to document and prove your consent.

To the extent that it is necessary to achieve the aforementioned purposes, the aforementioned data will be transmitted between the companies of the Eppendorf Group. The legal basis for the transmission and further processing by the companies of the Eppendorf Group is the consent you have given (Art. 6 Para. 1 lit. a GDPR).

In connection with sending our email newsletters, we also use Mailchimp, a service provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (“Rocket Science Group”). The Rocket Science Group processes your personal data on our behalf, i.e. exclusively in accordance with our instructions (see Art. 4 No. 8, 28 GDPR). In order to enable the service provider to provide its services, your personal data will be passed on to them.

The Rocket Science Group and individual companies in the Eppendorf Group to which we may transfer your data are located in countries outside the European Union or the European Economic Area (so-called third countries). With Eppendorf companies in third countries for which there is currently no adequacy decision from the European Union, as well as with The Rocket Science Group in the USA, we have concluded the standard contractual clauses approved by the European Commission in accordance with Art. 46 Para. 2 lit. c GDPR and (where necessary) complementary measures have been taken in accordance with the criteria of the European Court of Justice.

You can request a corresponding copy of these standard contractual clauses via one of the contact channels specified in our data protection declaration. There you can also request information about the appropriate safeguards we have put in place to protect your personal data.

The legal basis for the processing of your data for the above-mentioned purposes, including transmission and further processing by the companies in the Eppendorf Group, is the consent you have given (Art. 6 Para. 1 lit. a GDPR).

You can revoke your consent in whole or in part at any time with future effect, either via the unsubscribe link contained at the end of each email newsletter or by sending us an email to privacy@eppendorf.com.

The legal basis for the processing of your personal data for the purpose of the double opt-in or to prove your consent to receive the email newsletter is Art. 6 Para. 1 lit. c) GDPR in conjunction with Art. 7 Para. 1 Sentence 3 GDPR. We are legally obliged to provide evidence of your consent.

Your data will be processed until the purpose of processing no longer applies or you withdraw your consent. If you revoke your consent to receive the email newsletter, your email address will be blocked from receiving the newsletter. Your registration data will then be stored to prove that we have complied with the legal requirements and will then be deleted.

7 Contact forms

We provide various contact forms on our website, which you can use to send us inquiries (e.g. about our products and services, your orders or press and PR activities). In order to process your request, you are asked to provide

  • first and last name,
  • email address,
  • company,
  • job title,
  • position in the company
  • as well as information that is required for processing and answering depending on the subject of your request (e.g. product name and number as well as order / invoice numbers or details about your request via free text fields) to be specified as mandatory data.

The provision of further information, e.g. your phone number, is voluntary.

In the case of inquiries in connection with contracts, e.g. in connection with our products and services or support inquiries, the processing takes place to initiate or implement the respective contractual relationship, Art. 6 Para. 1 lit. b GDPR. For other inquiries, processing is based on our legitimate interests in receiving and processing your inquiry, Art. 6 Para. 1 lit. f GDPR. We process voluntary information that you transmit to us in connection with our contact forms on the basis of our legitimate interests in processing your concerns effectively and appropriately, Art. 6 Para. 1 lit. f GDPR. If your request concerns another company of the Eppendorf Group, e.g. questions about certain products and services, we transmit them to the responsible company for further processing. In this case, the further processing of your data is carried out by the relevant Eppendorf company as the person responsible for data protection. The legal basis for the transmission of your data is Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in enabling the responsible company to process your request properly. We use the services of Typeform SL, Calle de Pallars 108 (Aticco), 08018 Barcelona, Spain ("Typeform") and Zapier Inc., 548 Market St. #62411, San Francisco, CA 94104-5401, USA ("Zapier"). Typeform and Zapier process your personal data on our behalf, i.e. exclusively according to our instructions (cf. Art. 4 No. 8, 28 GDPR). When using the service provider Zapier, your data may be transferred to the USA. Therefore, we have concluded the standard data protection clauses approved by the EU Commission with Zapier in accordance with Art. 46 Para. 2 lit. c GDPR and have taken additional measures in accordance with the criteria of the European Court of Justice (Schrems II judgment). The European Commission's standard data protection clauses are available here. You can request a corresponding copy of these Standard Contractual Clauses via one of our contact channels.

We store inquiries about contracts or of potential legal relevance during the general limitation period, i.e. three years from the end of the year in which we received your inquiries, unless statutory provisions require longer storage. We store all other inquiries for a period of one year. The storage takes place on the basis of our legitimate interest, the proper documentation of our business operations and the safeguarding of our legal positions, Art. 6 Para. 1 lit. f DSGVO.

8 Surveys

Our website gives you the opportunity to take part in surveys on a voluntary basis, e.g. about our campaigns, products and services or the user-friendliness of our website. If you participate in one of our customer surveys, we process

  • first and last name,
  • email address,
  • company,
  • feedback,
  • as well as any other information that you provide to us via free text fields.

When using free text fields, please refrain from transmitting personal data about yourself or other people. Your personal data is processed on the basis of our legitimate interest in maintaining and promoting your satisfaction as a customer or user of our website and in considering your feedback and suggestions for our business activities, Art. 6 Para. 1 lit. f GDPR.You are neither contractually nor legally obliged to provide your data. Nor is the provision required for the conclusion of a contract. Without providing the data, however, participation in our surveys is not possible. We use Typeform and Zapier (see above) for processing surveys. We store your survey results for a period of one year.

9 Consequences of potentially not providing data

Aside from the data which serve to fulfill the contract (for example, your name, the delivery address, the ordered product, payment data, etc.), we also collect some data, in order to provide to you the corresponding functions on our website or to be able to react to your inquiries, for example, if you use our contact form for questions.

If you provide these data yourself, you have no obligation to provide the above voluntary information. However, we are not able to provide the corresponding functions on our website or process your inquiries without these data.

10 Forwarding data

10.1 Forwarding data to contract processors

We need third party companies and external processors (“contract processors“) who are tied to us by contract in order to render these services. In such situations, personal data are forwarded to these contract processors, in order to enable the further processing. These contract processors are carefully chosen by us and regularly examined, in order to make sure that your privacy is preserved. The contract processors can use the data exclusively for the purposes we have stated, and the processors are furthermore under a contractual obligation towards us to treat your data exclusively in accordance with this Privacy Statement as well as the applicable data protection laws.

10.2 Other transmission of data

In addition, we only disclose your personal data without your consent in those situations permitted by the law. Such data transmission can especially be legally permissible in the following situations:

  • The processing is necessary to fulfill a legal obligation or is in the legitimate interest of Eppendorf, for example, due to a corresponding demand by public authorities for surrender of the data.
  • The processing is necessary to perform a responsibility which lies in the public interests or the processing takes place in the exercise of governmental power which has been assigned to Eppendorf.

10.3 Data transfers to third party countries

We may potentially transmit your personal data in the context of a business relationship to the relevant local company in the Eppendorf Group. You can find a complete list of our branches here.

When we transmit the data, we regularly secure a reasonable level of data protection by concluding standard contract clauses of proof by the EU Commission which represent a suitable guarantee for transmission to third party countries pursuant to Art. 46 para. 2 lit. c GDPR. You can access these clauses here.

Data are transmitted to countries outside the European Area (“third party countries“), e.g. in the USA, when using the analysis tools. In order to also assure protection of your privacy rights in this regard, Eppendorf never transmits your data to third party countries if there is no security about the level of data protection being equivalent to the level under the GDPR.

The European Commission made the decision for the USA on 12 July 2016 that a reasonable level of data protection exists under the provisions in the EU-U.S. Privacy Shield (so-called ”resolution on reasonableness” under Art. 45 GDPR). We use the following service providers who are certified under the EU-U.S. Privacy Shield.

We also use the standard contract clauses of the EU Commission pursuant to Art. 46 para. 2 lit. c GDPR when structuring contractual relationships with service providers in third party countries. These clauses can be accessed here.

 

11 Erasure of your data

We do not store your personal data any longer than is necessary to achieve the respective purposes of the data processing (see Section 3). The following time periods especially apply:

  • If you have concluded a contract with us and use our services, we generally process your data so long as necessary for the processing of the respective contract and providing the respective service, if applicable, plus the period of time for any warranty or guarantee periods. If you have purchased a product from us, the time period is normally two years after receipt of the product.
  • If you send us a message or if we send you a message which is classified as a commercial letter or business letter, we erase the message six years after the end of the year in which the letter was received.
  • When some applications on our website are used, it is possible that we retain back-up copies with regard to certain information for a very limited period of time. When the related interest no longer applies (for example, when the error is corrected or when defending against cyber-attacks), we erase these data.

 

12 Your rights as a data subject

12.1 Right of access by data subject

You have the right to receive from us at any time upon request information about the personal data related to you which we process in accordance with Art. 15 GDPR.

This right is limited by the exceptions set forth in § 34 German Data Protection Act [Bundesdatenschutzgesetz, "BDSG"], according to which the right to information especially does not apply if the data are only stored on the basis of retention requirements in the law or for the purpose of data back-up and monitoring data protection or if providing information would require a disproportionate effort and if improper use of data processing is prevented by appropriate technical and organizational measures.

12.2 Right to rectification

You have the right to demand that we correct personal data related to you without undue delay if the data are incorrect.

12.3 Right to erasure

You have the right, under the prerequisites described in Art. 17 GDPR, to demand from us that we erase the personal data related to you. These prerequisites especially exist if the respective purpose of the processing has been achieved or otherwise no longer applies as well as if your data have been illegally processed or if you have revoked a consent without the data processing being able to be continued on another legal basis and if you have successfully objected to the data processing (see  Section 10.6) and in those cases where there is a duty to erase on the basis of the law of the European Union or the law of an EU Member State to which we are subject.

This right is subject to the restrictions in § 35 BDSG, according to which the right of erasure can especially not apply if there is a disproportionately high effort for the erasure in cases where there is not automated data processing and if your interest in erasure is considered to be small.

12.4 Right to restriction of processing

You can demand from us pursuant to Art. 18 GDPR that we only process your personal data to a limited degree. This right exists especially if the accuracy of the personal data is disputed or if you demand restricted processing instead of erasure under the prerequisites that would justify a request for erasure (Section 10.3); this also applies in the event that the data are no longer needed for the purposes intended by us but if you need the data to assert, exercise or defend against legal claims as well as if the success of an objection is still in dispute.

12.5 Right to data portability

You have the right to receive from us in accordance with Art. 20 GDPR the personal data related to you which you have provided to us in a structured, common, machine-readable format and to transmit these data to another controller.

12.6 Right to object

You have the right to submit an objection against the processing of your personal data conducted in either the public interest or to preserve our legitimate interest for reasons which result from your special situation. We will stop the processing of your personal data unless we can provide proof of mandatory reasons for the processing that deserve protection which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend against legal claims.

If you object to the processing of your personal data for advertising purposes, we will stop this processing, in any event.​​

12.7 Exercise of these rights

If you would like to exercise these rights, please contact us, for example, by email at:  privacy@eppendorf.com.

12.8 Right to object

If you have issued a consent for the processing of your personal data, you can revoke this consent at any time, for example, at privacy@eppendorf.com. Starting at that point in time, we will stop the processing of your personal data covered by the consent unless we conduct the data processing on another legal basis (e.g. in order to continue to be able to fulfill contracts with you).

12.9 Data processing when your rights are exercised

Finally, we wish to inform you that upon the exercise of your rights, your personal data can be processed for the purpose of implementing these rights and to provide proof about this.

12.10 Right to logde a complaint

You also have the right to lodge a complaint with a supervisory authority, especially in the Member State where you are domiciled or where you have your work place or where the suspected violation has occurred if you are of the view that the processing of the personal data related to you violates the GDPR.

13 Amendments to this Privacy Statement

The services provided by Eppendorf can be changed from time to time, especially to continue to improve the functionality of our website. Such changes can also have an effect on the use of your personal data. Eppendorf accordingly reserves the right to amend this Privacy Statement. You will find the respectively current version on each page in our web presence under the heading ”Legal Notice & Privacy Statement”. Please inform yourself regularly about the current status of the Privacy Statement.