Data privacy notice website, E-shop
The following information explains how we deal with your personal data.
1. Responsible entity ("Controller")
Who is responsible for data processing and who can I contact?
Otto Brenner Strasse 20
represented by the Executive Board: Dr Joachim Kreuzburg, Rainer Lehmann, Reinhard Vogt
Phone: +49 551 308 0
You can reach our Data Protection Officer at the address shown in the imprint
Sartorius Corporate Administration GmbH
Otto Brenner Strasse 20
2. General information on processing personal data
This data privacy statement applies to data including personal data which Sartorius collects about you. Personal data are data or a combination of individual data which can be used to identify you.
We process your personal data in compliance with the German data protection laws and the European General Data Protection Regulation. We do not, under any circumstances, forward your personal data to third parties outside the Sartorius Group for advertising or marketing purposes without your consent.
As an international company we use external service providers. If the data they process have personal content, contractual agreements have been concluded and organisational measures have been taken to ensure the security of your data.
In our company, compliance with legal provisions and this statement is monitored by our data protection organisation. Our employees are trained in handling personal data and are bound by written agreements to comply with the data protection regulations.
It is normally possible to use our website without needing to provide personal data. If personal data (for example, name, address or e-mail addresses) are collected on our website, this is always done on a voluntary basis, as far as possible.
Please note that data transmission on the internet (e.g. when communicating by e-mail) can be subject to loopholes in security. Protecting your data from unauthorised access through measures such as pseudonymisation, data minimisation, compliance with erasure deadlines and keeping up with the latest technical developments is a very important goal for us. However, despite these protective measures, we cannot entirely rule out illegal processing by third parties.
3. Data collection and processing when accessing the website
Whenever a user accesses a page on our internet services or retrieves a file, access data concerning this is saved in a log on our server.
Each data record consists of:
• the page where the file was requested ("referrer URL")
• name and URL of the retrieved data
• date and time of access ("time stamp")
• data identifying the browser and operating system
• report whether access was successful (file transferred, file not found etc)
• name of your internet browser (e.g. Mozilla Firefox, Google Chrome, etc)
Legal processing (the legal basis for this is Art. 6(1)f GDPR)
This data is collected for the purpose of enabling use of the website (connection), system security, technical administration of the network infrastructure, and optimising our internet services. By agreeing to this data privacy statement you are giving your consent to the collection of these data by us. You may object to this data processing. If you do object to the use of the data, please note that this may restrict your use of our services. Except in the cases described above, these personal data will not be processed unless you explicitly consent to further processing.
We do not forward your data to third parties unless you have given your consent to this. However, in certain areas (e.g. hosting our website) we are dependent on our service providers who we generally oblige contractually to comply with legal requirements
4. Purpose and scope of processing
In accordance with the GDPR’s principles of data reduction and minimisation, we only collect personal data on our website if these are either necessary for your purpose, we are obliged to do so by legal requirements or a contract, we have a legitimate interest in them and/or you have provided them voluntarily.
If you enter personal or business data (e.g. e-mail address, name, address) you explicitly do so on a voluntary basis.We process your contact, business and business-relevant data on the basis of legal provisions within the context of an existing or new business relationship. By entering the data you further declare your willingness to have the data you have entered collected, processed or used for the legitimate purpose or for the purpose you designate. We will only process and save your entered data for as long as the purpose requires this to be done and will erase it after the purpose has been satisfied or after the end of the relevant retention period. There will not be any collection, processing or use for any other purpose. Your consent to use of your data can be withdrawn at any time, with effect for the future. If you do object to the use of the data, please note that this may restrict your use of our services.
The following are possible ways we can use your data:
On the basis of legal requirements: In order to implement our General Terms and Conditions
In order to manage our business and to protect against/investigate possible fraudulent transactions
On the basis of contractual purposes: In order to process payments for purchases and other services
In order to process your job applications
If legally permitted, in order to deliver user-specific unsolicited offers and information about Sartorius products and services,
In order to develop and provide advertising adapted to your interests
- online shop and order processing
On our websites, we offer you the option to open a personal account for our e-shop in accordance with the terms and conditions for use and purposes explained there. You have an opportunity to directly order our products and services there.
If you open an account like this, we will collect your personal data to the extent described there. A personal account cannot be opened without providing this data. If you place an order we wil only collect and use your personal data to the extent required to fulfil and process your order and any queries you have. You need to provide the data in order to conclude the contract.
Processing in order to create and use your personal account is done on the basis of Art. 6(1)b GDPR.
Your data are transmitted and used within the Sartorius Group to complete the order and deliver the goods or services or for accounting and invoicing purposes. No further transfer to third parties takes place without your consent. In all these cases, transfer is in compliance with prevailing national and European data protection provisions; the scope of the transferred data is limited to the necessary minimum. Your data are erased as soon as they are no longer needed to achieve the purpose of their collection, especially our contractual and statutory obligations. This occurs unless further processing of the data (for a limited period) is required for the following purposes: To comply with retention obligations under commercial and tax law and to preserve evidence within the framework of statutory requirements.
Based on your consent: Contacting you, sending samples, prizes, products and information, notifying you at your request of competitions, programmes or offers, supplying other services which we have offered you.
- Contact form (legal basis: Art. 6(1)a GDPR)
There are a several contact forms on our website which can be used for electronic contact. If you use the relevant contact form to write to us, we will process your data entered in the contact form to get in touch with you and respond to your questions and requests. We follow the principles of data minimisation and data reduction by requiring you to only enter the data we absolutely need to make contact with you. These are your first and last name, your e-mail address, postal code, country, choice of topics and the text field itself. All other data are voluntary fields and can be entered optionally (e.g. for a more individual response to your questions).
- Online chat (the legal basis for this is Art. 6(1)a, f GDPR) as an alternative only for the USA and UK
If you contact us through chat, we process the data you have entered solely to contact you and respond to your question. We follow the principles of data minimisation and data reduction by requiring you to only enter the data we need to contact you. These are your name, the selected topic and the text field itself. You have the option of transferring additional information, e.g. images of articles. In addition, your IP address is processed for technical reasons and to ensure legal compliance. All other data are voluntary fields and can be entered optionally (e.g. for a more individual response to your questions).
Based on our legitimate interest: Determining the effectiveness of our advertising, developing new products and services, analysing the use of our products, services and websites, learning how you came to our website
5. How we use your data
We will use the data we store to provide the products and services you request, to inform you of other products and services offered by Sartorius, to administer our websites and services (e.g. newsletter) and to comply with our legal rights and obligations with regard to data processing.
In order to provide you with a comprehensive website presence, your data are transferred and used within the Sartorius Group (you can find information on the Sartorius Group here).
6. Protection of minors
As a general rule, children and individuals under 16 do not provide us with any personal data without the consent of their parents or guardians. We do not ask for any personal data from children and we assure you that we do not knowingly collect personal data on children, use such data in any way or disclose such data to third parties without authorisation.
7. Transfer of data via the internet
The internet is a worldwide open platform. Due to how the internet operates and the systemic risks, all your data transfers are at your own risk. For your security we offer our services exclusively through encrypted transmission.
Our internet pages also use so-called cookies. These are small text files which are stored on your computer, which your browser saves. They do not damage your computer and do not contain any viruses. Cookies help make our service more user-friendly, effective and secure. Some cookies ("session and functionality cookies", e.g. for language setting and order transactions) are essential for ensuring key functions of the website. Without them the website cannot be used as intended.
You can learn more about how to manage cookies on the most popular browsers (including deactivating them) at the following links:
Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
For reasons based on your particular situation, you have the right to object to the processing of your personal data at any time in accordance with Art. 6(1)f GDPR.
9. Security measures
We have taken extensive measures to protect the security of your data. The data you have transferred to us e.g. by entering it in HTML pages (contact forms) is transferred to Sartorius through the public data network in encrypted form (SSL – Secure Socket Layer), and stored and processed there.
This page uses SSL encryption for reasons of security and to protect the transfer of confidential content, e.g. the enquiries you send us as page operator. An encrypted connection is shown by the change in your browser's address line from "http://" to "https://" and the lock symbol in your browser line.
If SSL encryption is activated, any data you transfer to us cannot be read by third parties.
10. Onward transfer to third parties
We do not forward your personal data to third parties (i.e. outside the Sartorius Group) without your prior consent. An exception to this is onward transfer of data to service providers such as a package delivery services or forwarding agents, if the transfer is necessary for processing orders or delivering goods. Logistics service providers receive the data which is necessary for delivery in order to carry out their own processing. We restrict ourselves to only transferring the data which is necessary for delivery.
In addition, other service providers are used in contract preparation and processing, e.g. IT service providers or hosting services for the website. These companies work as processors for Sartorius and may only use personal data in accordance with our instructions.
Sartorius has contractually obliged these service providers to comply with the German data protection level and monitors them
One further exception is the transfer of data within the Sartorius Group in order to process orders, deliver goods, providing services, or for accounting and invoicing purposes. Otherwise there is no transfer of data to third parties without your consent.
In all these cases, transfer is in accordance with the prevailing national and European data protection provisions; the scope of transferred data is limited to the necessary minimum.
11. Newsletter mailing
If you subscribe to a newsletter we have offered, we will store your name and e-mail address, together with information which allows us to check that you are the owner of the e‑mail address entered and agree to receive the newsletter. Your address is also needed for postal mailing. If you order the newsletter through our contact form, we process your request exclusively for the requested newsletter; we do not use your data for other purposes, nor do we transfer your data to third parties. Our registration system sends a registration e-mail with a confirmation link to ensure that you actually want the selected newsletter (double opt-in procedure). Processing is done on the basis of Art. 6(1)a GDPR with your consent.
You can withdraw the consent to store the data and e-mail address and to use it to mail the newsletter at any time, for example with the "Cancel my subscription" link in the newsletter.
12. Use of Google Analytics
Processing is for the purpose of analysing this website and its visitors. For this, Google will use the information that has been obtained to analyse your use of the website on behalf of the operator of this website, to generate reports on website activity and provide other services to the website operator in connection with the website and internet use. Google does not combine the IP address transmitted by your browser in connection with Google Analytics with other data.
You have the right to object at any time for reasons based on your particular situation to this processing of your personal data based on Art. 6(1)f GDPR.
You can also block storage of the cookies by making an appropriate setting on your browser; however, please note that in this case, you may not be able to fully use all the functions of this website. You can also block the transfer of the data generated by the cookie to Google relating to your use of the website (including your IP address) as well as the processing of the data by Google by downloading and installing the browser plugin at the following link [https://tools.google.com/dlpage/gaoptout?hl=en]
13. Use of YouTube
Our website uses plugins from the YouTube site operated by Google. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube is a company affiliated with Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
The function shows videos on YouTube in an iFrame on the website. The "Privacy enhanced mode" option is activated. This means that YouTube will not store any information concerning visitors to the website. If you visit one of our pages with a YouTube plugin, a connection is established with YouTube servers. This notifies the YouTube server which of our pages you visited.
If you are logged in to your YouTube-account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
You can find further information on handling user data in YouTube's privacy statement at: https://policies.google.com/privacy?hl=policies
14. Use of Wistia
Our website has embedded videos from the online video provider Wistia. Wistia is a service of Wistia, Inc., 17 Tudor Street, Cambridge, MA 02139, USA. We use a special mode of the video player ("privacy mode") which only collects anonymised use data, avoids session and cookie tracking and anonymises the user's IP address. You can find further information on data protection and the cookies used on the internet at http://wistia.com/support/account/gdpr#privacy-mode-for-our-video-player.
15. Automated individual decision-making including profiling
There is no automated individual decision-making, including profiling, on our websites.
16. Your rights as a data subject (basic information based on Arts 13, 14 GDPR)
You have the right to obtain information at any time, without charge, concerning your stored personal data, their origin and recipients, the purpose of data processing as well as the right to rectification, blocking, restriction or erasure of this data. You also have the right to receive personal data which you have provided to a responsible entity ("controller") in a structured, commonly used and machine-readable format.
You can also withdraw at any time consentyou have given to the processing and use of your data, unless this is required directly to perform an existing contract or for compliance with an overriding legal obligation. You can contact us about this and with further questions about your personal data at the address given in the Impressum. On request we will notify you in writing in accordance with prevailing law as to what personal data relating to you (if any) we have stored.
17. Contact for questions on data protection
If you have questions about processing of your personal data, you can contact our Data Protection Officer and their team directly, who are also available for requests for information, applications or complaints:
Sartorius Corporate Administration GmbH
Otto Brenner Strasse 20
17.1. Your right to information
Under the General Data Protection Regulation our customers have rights including the right to information without charge on their stored data. On request we will notify you in writing in accordance with prevailing law as to what personal data relating to you (if any) we have stored.
17.2. Your right to complain to a supervisory authority
If you have a complaint, you can contact the responsible supervisory authority:
Die Landesbeauftragte für den Datenschutz Niedersachsen
18. Amendment to data privacy notice
We reserve the right to update this data privacy statement periodically. Updates to this data privacy statement will be published on our website. Amendments take effect on publication on our website. We advise you to visit this page regularly in order to stay informed of any updates.
This is the current data privacy statement as of May 2018