Data Protection Declaration

Data Protection Declaration

In accordance with Art. 12-14 of the General Data Protection Regulation, the CytoTools AG (hereinafter: CytoTools) submits the following data protection declaration:

  1. General information

Personal data is all data which relate to an identified or identifiable natural person. Processing of personal data means any operation or set of operations, whether automated or not, performed upon personal data, such as collection, storage, organization and well as data erasure.  Details here can be seen in Art. 4 No. 1 and 2 GDPR.

When you visit our website, your data is accessed by our IT system. These are principally technical data (IP-address, date, time). The acquisition of this data takes place automatically as soon as you use our website, in order to guarantee an error-free provision of the website. Please consult the individual explanations in the text below for detailed information on the subject of data protection. With this data protection declaration we fulfill our obligations to you according to  Art. 12  - Art. 14 GDPR. The text of the GDPR can be accessed under the following web address:

http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN

  1. Controller

Many legal obligations regarding data protection lie with the so-called “responsible persons” called controllers. These are any natural or legal person who, alone or together with others, take decisions regarding the purposes and means of processing personal data. The controller for data processing on this website is:

CytoTools AG
Klappacher Straße 126
D-64285 Darmstadt

Telephone 06151 951 58 12
Telefax 06151 951 58 13

E-Mail kontakt@cytotools.de

Internet: http://www.cytotools.de

 

  1. Web hosting

Our site is hosted by the company 1&1 Internet SE, Elgendorfer Str. 57, D-56410 Montabaur. All data which is acquired from visitors to our website, and which we store, is therefore on the servers of 1&1 Internet SE. The servers of 1&1 are located in Montabaur. 1&1 handles the user data which occurs strictly according to the instructions of CytoTools as the controller. We dictate the purpose and means of processing in the sense of  Art. 28 GDPR.

  1. Cookies and analysis software

Our website does not use either cookies or an analysis software.

  1. Collection of data in the system and creation of log files
    1. Collection of data in the system and in the log files

When our internet site is accessed, our system automatically collects information about the computer system which your browser transmits to us and stores this temporarily. This is:

  • browser type and version
  • operating system used
  • referrer URL (the site visited previously),
  • IP-address of the requesting computer,
  • Access date and time of the server request and the
  • The file inquiry of the client (file name and URL).

 

A combination of these data with other data sources is not carried out.

Furthermore, these data are stored in the server log files of our system and are located in the 1&1 server. A storage of these data together with other personal data of the user does not occur here either.

  1. Legal basis for processing

The legal basis for the temporary data and log file storage is Art. 6 para. 1 lit. f GDPR.

 

  1. Purpose of processing

The purposes of our processing of user data are as follows:

The temporary storage by the system of the information, described previously, is necessary in order to be able to transmit the website to the computer of the user. To this end, the IP-address of the user must remain stored for the duration of the session.

The storage in log files is carried out to ensure the functionality of the website. Furthermore, the data help us to improve the website and safeguard the safety of our technical information systems. No evaluation of the data for marketing purposes takes place here.

This is also the purpose of our legitimate interest in the data processing according to  Art. 6 para. 1 lit. f  GDPR.   

  1. Storage time of the data in the system and the log files

The data are erased as soon as they are no longer necessary to fulfill the purpose of their acquisition.

In the case of data acquisition to enable the presentation of the website, this occurs as soon as the session in question is terminated.

In the case of storage of data in log files, this occurs at the latest  after 28 days. The IP-address of the user is anonymized already after 14 days.

The data can also temporarily remain stored without anonymization as long as this is necessary to pursue legal rights or to defend these rights.

  1. Contradiction and disposal possibility

The acquisition of the data for the presentation of the website and the storage of the data in log files is absolutely necessary for the operation of the internet site. Therefore, on the user side, there is no contradiction possibility.

  1. Making contact by E-mail

It is possible to contact CytoTools via the E-mail address provided.

Scope of data collection

In this case, the personal data of the user transmitted by E-mail will be stored. However, here too, there will be no transfer of data to third parties. The data are used exclusively for the processing of the conversation.

  1. Legal basis of data processing

The legal basis for the processing of data which are transferred when sending an E-mail is Art. 6 para. 1 lit. f GDPR. If the E-mail contact is intended to conclude a contract, then the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

  1. Purpose of data processing

Our processing of personal data contained in the E-mail serves exclusively  the purpose of  processing the contact which you have initiated. This includes the required legitimate interest in processing the data which you have sent by E-mail.

  1. Storage duration

The data which you have sent by E-mail will be deleted as soon as we have taken note of your inquiry or we have given a final answer to your request, so that the conversation has terminated. The conversation is then terminated when the circumstances show that the matter in question has been finally decided. The data can however remain temporarily stored as long as this is necessary for claims enforcement or the defense of legal rights, or when there is a statutory retention requirement. The latter can be the case in particular when a contract has been made by E-mail. Then, Cyto Tools can store the E-mail as long as this is necessary for the contract implementation, and after this, e.g. for the enforcement of, or  defensive measures against, guarantee claims.

  1. Opposition and removal possibilities

If you contact us by E-mail, you can contradict the storage of your personal data at any time. In such a case however, it would not be possible to continue the conversation. If you wish to contradict, please contact us by E-mail. In this case, all personal data which have been stored in the course of the contact will be deleted. The data can however remain temporarily stored as long as this is necessary for claims enforcement or the defense of legal rights, or when there is a statutory retention requirement.

  1. What rights do you have with regard to your data?

At any time, free of charge, you have the right to obtain information concerning the source, recipient and purpose of your stored personal data. Furthermore, in particular you have the right to demand the correction, blocking, erasure or limitation of the data. Regarding this, and any other matters concerned with data protection, you can contact us at any time at the address given in the legal notice. Furthermore, you have the right of appeal to the responsible authorities. In detail, you have the following rights:

  1. Right to information

You can demand a confirmation from the controller as to whether personal data which concern you are being processed by us. If this is the case you can demand the following information from the controller:

(1)      the purposes of the processing;

(2)      the categories of personal data which are being processed;

  • the recipient or the categories of recipients to whom the personal data concerned has been, or will be, revealed;

(4)      the planned duration of storage of your personal data or, in case concrete times are not possible here, the criteria for determining the storage duration;

(5)      the existence of a right to rectification or erasure of your personal data, of a right to limitation of the processing by the controller, or a right of objection to this processing;

(6)      the existence of a right of objection with a supervisory authority;

  • all available information about the origin of the data, if the personal data has not been obtained from the person concerned;

(8)      the existence of automated individual decision-making or profiling, according to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and intended effects of such a processing for the person concerned.

You have the right to demand information about whether your personal data has been transferred to a third country or an international organization. In this connection, you can demand that there are appropriate safeguards in connection with data transfer according to Art. 46 GDPR and that you are informed.

  1. Right to rectification

You have right to demand corrections from the controller, to the extent that your personal data which is being processed is incorrect. If they are incomplete, you have the right to demand completion. The controller must make any corrections without delay.

  1. Right to limitation of processing

The GDPR also provides a right to the limitation of personal data. If the processing of your personal data has been limited, then these data - apart from their storage -  may only be processed with your explicit approval, or for the enforcement or defense of legal rights, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.

If there is a limitation of processing, according to the prerequisites described above, you will be informed by the controller before the limitation is lifted.

You can demand a limitation of processing from us under the following conditions:

(1)      If you dispute the accuracy of the personal data concerning yourself for a certain period which makes it impossible for us, as the controller, to verify the accuracy of this personal data;

(2)      if the processing is illegitimate and you refuse the erasure of the personal data, and instead, you request us to limit the use of the personal data;

(3)      when we as the controller no longer need the personal data for the processing purpose, you however, need the personal data for the purpose of claims enforcement or the defense of legal rights, or

(4)      if you have entered an objection against the processing according to  Art. 21 para. 1 GDPR, but it has not yet been determined whether the  justified reasons of the controller prevail over your grounds.

  1. Right to delete

Erasure obligation

You can demand from us, as the controller, that personal data concerning yourself is erased without delay, and we are obliged to erase this data without delay, in case one of the following reasons applies:

(1)      The personal data which concern you are no longer necessary for the purpose for which they were acquired or otherwise processed.

(2)      You revoke your consent, which is the basis for the processing according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for processing.

(3)      According to Art. 21 para. 1 GDPR, you submit an objection to the processing and there are no primary justified grounds for processing, or you object to the processing according to Art. 21 para. 2 GDPR.

(4)      Your personal data were illegally processed.

(5)      The erasure of your personal data is necessary in order to fulfill a legal obligation according to the law of the EU, or the law of a member state to which the controller is subject.

(6)                Your personal data were gathered in relation to offered society information services according to Art. 8 para. 1 GDPR.

Information to third parties

If the controller has made your personal data public, and according to Art. 17 para. 1 GDPR he is obliged to erase the data, so, taking into account the available technology and the implementation costs, he will take suitable measures – also of a technical nature – so that those responsible for the processing of the data are informed that you, as the person affected, demand that they erase all links to your data, as well as all copies or duplicates of this personal data.

Exceptions

The right of erasure does not exist to the extent that the processing is necessary:

(1)      to exercise the right of freedom of expression and information;

  • to fulfill a legal obligation which is required from the controller who is subject to the law of the European Union or a member state, or who takes on a task in the public interest or  who is exercising official authority with which the controller has been assigned;

(3)      for reasons of public interest in the field of public health according to  Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;

(4)      for archiving purposes in the public interest, for scientific or historical research reasons, or for statistical purposes according to Art. 89 para. 1 GDPR, in so  far as the right stated under section a), in all probability, would prevent or seriously endanger the realization of the aims of this processing, or

(5)      for the purpose of exercising, enforcement of, or the defense of, legal rights .

  1. Right of information

If you have exercised the right to correction, erasure or limitation of the processing vis-à-vis the controller, he is obligated to inform all recipients who have had access to your personal data of this correction, erasure or limitation. Unless, however, this is impossible or involves disproportionate expense. Vis-à-vis the controller, you have the right to be informed about these recipients.

  1. Right to data portability

You have the right to receive the personal data, which you have made available to the controller, in a structured, widely available machine-readable format. Furthermore, you have the right to transmit these data to another controller without hindrance from the controller to whom you first made the data available – to the extent that

(1)      the processing is based on a declaration of consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, or on a contract according to Art. 6 para. 1 lit. b GDPR and

(2)      the processing is carried out using automated methods.

When exercising this right, you can furthermore demand that the personal data in question is passed on directly from one controller to another controller, to the extent that this is technically possible. Freedoms and rights of other persons may not be negatively affected by this.

The right of data portability does not apply to processing of personal data, which is necessary for performing a task in the public interest or for exercising official authority which lies in the responsibility of the controller.

  1. Right of objection

You have the right, for reasons which arise from your particular situation, to object, at any time, to the processing of your personal data, according to Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these regulations. The controller does not process the personal data any longer, unless he can demonstrate compelling and legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves the purpose of exercising, enforcement of, or the defense of legal rights. If the personal data which concern you are processed, in order to provide direct advertising, you have the right, at any time, to object to data processing for this kind of advertising. This also applies to profiling to the extent that it is connected with this kind of advertising.

If you object to having your personal data processed for the purpose of direct advertising, then the relevant personal data will no longer be processed for this purpose.

You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – of implementing your objection right with an automatic method, whereby technical specifications are used.

  1. Right to revoke the declaration of consent under data protection law

You have the right, at any time, to revoke your declaration of consent under data protection law. By revoking the consent, the legitimacy of the processing carried out under the declaration of consent before the revoke occurred remains unaffected.

  1. Automated decision in individual cases including profiling

You have the right not to be subject to a decision of exclusively automated processing – including profiling - which produces legal effects on you, or severely adversely  affects  you in a similar way. This does not apply when the decision

(1)      is necessary for the closure or performance of a contract between you and the controller,

(2)      is permitted, due to legal requirements of the Union or the member states to which the controller is subject, and these legal stipulations contain adequate measures safeguarding your rights and freedoms as well as your legitimate interests or

(3)      takes place with your specific consent.

However, these decisions must not be based on particular categories of personal data, according to Art. 9 para. 1 GDPR, unless Art. 9 para 2 lit. a or g applies, and appropriate measures for the protection of rights and freedoms as well as your justified interests have been taken.

With regard to the cases described in (1) and (3), the controller takes appropriate measures to safeguard rights and freedoms as well as your justified interests, which involves at least the right to obtain an intervention of a person on the part of the controller to explain your own point of view and to challenge the decision.

  1. Right of complaint to a supervising authority

Without prejudice to any other administrative or judicial remedies,  you have the right to complain to a supervising authority, in particular in the member state of your place of residence, your place of work or the location of the suspected infringement, if you are of the opinion that the processing of personal data concerning you is in breach of  GDPR.

The supervising authority to which the complaint was submitted  informs the complainant about the status and the results of the complaint including the possibility of judicial proceedings according to Art. 78 GDPR.

The responsible supervisory authority in questions of data protection is the Data Protection Office of a federal German state. In our case , it is the state where our company is domiciled. A list of data protection officers as well as contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

 

Additional Information concerning data protection

Processing of personal data of shareholders and their representatives outside this website

Please note: The following information only relates to personal data of shareholders and their representatives which are processed outside our website. The data protection declaration which provides information about the processing of personal data on our website can be accessed an any time under https://cytotools.de/datenschutz.html .

The CytoTools AG is responsible as the controller. The contact data of the controller are:

 

CytoTools AG
Klappacher Straße 126
D-64285 Darmstadt

Tel.: 06151 951 58 12

E-Mail: kontakt@cytotools.de

 

Within the scope of administering investor business, the CytoTools AG processes the following categories of your personal data: contact data (e.g. name or the E-mail address), information about your shares (e.g. number of shares, type of shares) and information about general meetings (list of participants at a GM, which, if you participated, contains your name).

The CytoTools AG only processes those personal data which are necessary to fulfill their legal obligations contained in the German Corporation Act and other laws. Beyond this, personal data, in particular Email and postal addresses, are necessary for the dispatch of information to the company shareholders within the scope of newsletters etc. This data processing is permitted according to Art. 6 para. 1 lit. c of the General Data Protection Regulation  (GDPR).

As a fundamental rule, data which concern you will not be passed on to third parties. In exceptional cases, third parties do have access to this data to the extent that they have been commissioned by the CytoTools AG to carry out services within the scope of the administration of investor business. Those involved here are auditors, consultants and general meeting agencies. The servicing companies only receive personal data which is necessary for them to perform their services.

The data described above will be erased when this is no longer necessary to fulfill legal obligations and no legal retention period applies. The participants list of a general meeting is first erased two years after the meeting has taken place, certain powers of attorney, first after three years.

Upon application, you have the right, free of charge, to receive information about which of your personal data are stored. Additionally, you have the right to demand rectification of any incorrect data and the right to demand limitation of the processing of excessively processed data. Furthermore, you have the right to demand the erasure of illegally processed data or personal data which have been stored for too long (insofar as there are no legal retention periods or any other reasons according to Art. 17 para. 3 GDPR which prevent this). Moreover, you have the right to have all data submitted to us transferred to you in a common file format (right to data portability).

A corresponding E-mail to kontakt@cytotools.de. is all that is necessary for you to exercise your rights.

Furthermore, you also have the right to lodge a complaint with a supervisory data protection authority.