Thank you for your visit to our website and for your interest in our company and products. We want you to feel secure and comfortable when visiting our website and we take the protection and confidential handling of your personal data very seriously.
1. What Data Do We Collect from You?
1.1 Technical Information
We collect your computer’s domain name or IP address, the client (browser) request to our web server and its response, and the website from which you are visiting us. In addition, we store the date and time of the request, information about the browser type and version used as well as your operating system and the internet service provider you use.
1.3 Usage Profiles
We use tracking services and cookies, called third-party cookies, to process usage profiles under a pseudonym. This kind of usage profile contains information about a visitor's behaviour on websites. It is not possible to draw any direct conclusions about you from this information. You may object to the creation of the usage profile at any time. You can adjust your browser’s settings so that these cookies are not saved or are deleted at the end of your browsing session.
2. How and for what Purpose are Your Data Collected and Processed?
We need this data in order to operate and administer the website, to detect abuse and to rectify any faults. We also need it to improve our offer on the website and to create pseudonymous user profiles, which we use for advertising and market research purposes – unless you object to this.
In some cases, we also use other service providers that support us as a processor to the extent legally permissible.
3. What are your Data Protection Rights?
You have the right to access your personal data, as well as the right to correct it, erase it or restrict its processing, as well as the right to data portability and the right to lodge complaints with a supervisory authority.
To do so, you may contact our service centre or our data protection officer with your request:
Carsten Knoop, Data Protection Officer, appointed for knoell Germany GmbH, Konrad-Zuse-Ring 25, 6163 Mannheim, Germany, E-Mail: email@example.com.
4. More Information about other Data Processing
As a company, we not only process personal data on our website, but also through many other processes. In order to be able to give you, the data subject, as much detailed information as possible on these processing purposes, we have compiled information for the following processing activities here:
- Privacy information on hanlding applicant data
- Privacy information about our communication media
- Privacy information on handling customer data
- Privacy information on newsletter
If you need further information that you are unable to find here, please request this in confidence from your contact partner or our data protection officer.
With the following information, we would like to give you an overview of the collection, use and processing of your personal data by us and your rights under the data protection regulations. If you wish to use special services of our company through our website, it is necessary to process your personal data. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent.
The processing of personal data, such as your name, address or e-mail address, is always in accordance with the General Data Protection Regulation (GDPR) and in accordance with the rules of the knoell Germany GmbH applicable data protection regulations.
1. Name and address of the Controller
The controller, as defined by the law, is:
Cyton Biosciences Ltd.
68 Macrae Road
Bristol, BS20 0DD
Tel.: +44 (0) 117 973-9244
2. Contact Details of the Data Protection Officer
The data protection officer, appointed for knoell Germany GmbH, Konrad-Zuse-Ring 25, 68163 Mannheim, Germany, can be reached at:
audatis Consulting GmbH
If you have any questions or suggestions regarding data protection, you can contact our data protection officer at any time.
This site uses an SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details or contact requests that you send to us as the operator. An encrypted connection can be recognized by the fact that the address bar of the browser contains an "https: //" instead of an "http: //" and the lock symbol in your browser bar.
If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.
4. General Information about Data Processing
This website collects a range of general data and information each time a website is accessed by a data subject or an automated system. This general data and information is stored in the web server’s log files. The browser types and versions used, the operating system used by the accessing system, the website from which an accessing system accesses our website (called a referrer), the sub-pages accessed via an accessing system on our website, the date and time the website is accessed, an internet protocol address (IP address), the accessing system's internet service provider and other similar data and information useful in the event of an attack on our information technology systems may be collected.
No conclusions are drawn with respect to the data subject when using this general data and information. Instead, this information is needed to properly deliver our website content, to optimise the content of the website as well as to advertise it, to ensure the continued functioning of our information technology systems and our website’s technology as well as to provide the information necessary for law enforcement authorities to prosecute in the event of a cyber attack. This anonymously collected data and information is therefore statistically analysed and further analysed with the aim of increasing data protection and data security within the company to ultimately ensure an optimum level of protection for the personal data being processed. The anonymous data from the server log files are stored separately from all personal data provided by a data subject.
4.1 Scope of Processing of Personal Data
We generally collect and use our users’ personal data only to the extent necessary to provide a functional website as well as our content and services. Our users’ personal data are regularly collected and used, but only with the user’s consent. An exception applies to cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.
4.2 Legal Basis for Processing of Personal Data
If and insofar as we obtain the consent of the data subject to process their personal data, Art. 6 Para. 1(a) of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis for the processing of personal data.
When processing personal data that are necessary for the performance of a contract to which the data subject is a party, Art. 6 Para. 1(b) GDPR shall serve as the legal basis. The same shall apply to processing operations required to carry out pre-contractual measures.
If and insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 Para. 1(c) GDPR shall serve as the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or those of a third party, and if the interests and fundamental rights and freedoms of the data subject do not prevail over those interests, Art. 6 Para. 1(f) GDPR shall serve as the legal basis for processing.
5. Provision of the Website and Creation of Log Files
5.1 Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data are collected:
- Information about the browser type and version used
- The user's operation system
- The user's internet service provider
- The user's IP address
- Date and time of access
- Websites from which the user's system is accessing our website
- Websites that are accessed by the user's system through our website
The log files contain IP addresses or other data that can be attributed to a user. This could be the case, for example, if the website from which the user accesses the website or the link to the website the user switches to contains personal data.
The data are also stored in our system’s log files. These data are not stored together with other personal data of the user.
5.2 Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is Art. 6 Para. 1(f) GDPR.
5.3 Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to enable the provision of the website to the user’s computer. To do this, the user's IP address must be stored for the duration of the session. Storage in log files is done to ensure the functionality of the website. In addition, the data are used to optimise the website and to ensure the security of our information technology systems. No data are analysed for marketing purposes in this context. Our legitimate interest in data processing also lies in these purposes pursuant to Art. 6 Para. 1(f) GDPR.
5.4 Period of Storage
Data are erased once they are no longer necessary for the purpose for which they were collected. If data have been collected for the provision of the website, they are erased when the respective session is concluded. When data are stored in log files, they are erased after not more than seven (7) days. It is possible to store the data beyond that time. In this case, the user’s IP addresses will be erased or altered so that the accessing client can no longer be attributed to that user.
5.5 Option to Object and Remove
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. As such, the user has no option to object.
6.1 Description and Scope of Data Processing
The following data are therefore stored and transmitted in the cookies:
- Language settings
- Items in a shopping cart
- Log-in information
Here, the following data may be transmitted:
- Google geographical data
- Unique layer appearance
- Search terms entered
- Language settings
6.2 Legal Basis for Data Processing
The legal basis for the processing of personal data using cookies that are technically necessary is Art. 6 Para. 1(f) GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes after obtaining the user’s consent in this regard is Art. 6 Para. 1(a) GDPR.
6.3 Period of Storage, Option to Object and Remove
7.1 Newsletter for Regular Customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular emails with offers on products or services from our collection similar to those you have already purchased. We do not require your specific consent for such purposes as per article 7, paragraph 3 of the UWG (Unfair Competition Act). The sole basis for the data processing is our legitimate interest in personalised direct marketing in line with article 6, paragraph 1 lit. f GDPR. We will not send you any emails should you expressly object to the use of your email address for that purpose. You are entitled to object to the use of your email address for the aforementioned purpose at any time with immediate effect by notifying the data controllers listed in the opening of this statement. By taking this action, you will incur submission fees only in line with basic rates. After receipt of your objection, your email address will immediately be removed for marketing purposes.
7.2 Marketing Newsletter
You can subscribe to our newsletter via our website. The input screen determines which personal data are shared with us when subscribing to the newsletter.
We use our newsletter to regularly communicate our offers to our customers and business partners. You can, therefore, only receive our company’s newsletter if
- you have a valid email address and
- have registered for the newsletter.
For legal reasons, as part of the double opt-in procedure a confirmation email will be sent to the email address you provided when registering for the newsletter. This confirmation email is sent to check if you are the holder of the email address and have authorised the newsletter.
When you register for the newsletter we also save the IP address used by your IT system at the time of registration, which is issued by your Internet Service Provider (ISP) as well as the date and time of registration. We must collect this data to investigate any (possible) misuse of your email address at a later stage and it is therefore lawful for the purposes of our security.
The personal data collected during registration are used solely for sending our newsletter. Furthermore, subscribers to the newsletter may receive information via email if this is required in order to administer the newsletter service for registration purposes, which may be the case if our newsletter is amended or technical circumstances change. Personal data collected for our newsletter service are not shared with third parties. You may terminate your subscription to our newsletter at any time. You can at any time withdraw your consent to the storage of the personal data you shared during registration. A link is provided in each newsletter to allow you to withdraw your consent. It is also possible to unsubscribe from our newsletter directly through the website or to contact us in another manner.
The legal basis for data processing for the purposes of sending a newsletter is article 6, paragraph 1 lit. a GDPR.
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service which enables the management and analysis of newsletters. The data you have provided for the newsletter (e.g. email address) are saved on CleverReach servers in Germany and/or Ireland.
We can analyse the behaviour of newsletter recipients by sending newsletters through CleverReach. Examples of analyses include determining how many recipients have opened the newsletter email and how often they have clicked on certain links contained within the newsletter. Conversion Tracking can also be used to analyse if clicking on the link led to a pre-determined action (e.g. if a product was purchased on our website). For further information on data analysis through the CleverReach newsletter service, see https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
The legal basis for data processing is your consent (article 6, paragraph 1 lit. a GDPR). You can withdraw your consent at any time by unsubscribing from the newsletter. Withdrawal of consent does not affect the legality of data processing carried out previously.
If you do not want CleverReach to perform the data analysis, you must unsubscribe from the newsletter. We provide a link for this in each newsletter. You can also unsubscribe from the newsletter directly on our website.
We will store your personal data which we retain for the purposes of sending the newsletter until you are removed from the newsletter service and they will be deleted from our servers and the CleverReach servers after you have unsubscribed from the newsletter. Data we retain for other purposes (e.g. email addresses for the members’ area) shall remain unaffected.
For further information on the terms and conditions of data privacy at CleverReach, see https://www.cleverreach.com/en/privacy-policy/
8. Contact Form and Email Contact
8.1 Description and Scope of Date Processing
A contact form is provided on our website, which can be used to engage in electronic contact. If a user avails themselves of this option, the data entered in the input mask are transmitted to us and stored. These data include:
- Email address
- Telephone number
The following data are also stored at the time the message is sent:
- The user's IP address
- Date and time of registration
You may also contact us via the email address provided. In this case, the user’s personal data transmitted with the email are stored.
No data are forwarded to third parties in this regard. These data are used exclusively for processing the conversation.
8.2 Legal Basis for Data Processing
The legal basis for the processing of data upon obtaining the user’s consent is Art. 6 Para. 1(a) GDPR.
The legal basis for the processing of data transmitted when sending an email is Art. 6 Para. 1(f) GDPR. If the aim of the contact via email is to conclude a contract, processing shall also be legally based on Art. 6 Para. 1(b) GDPR.
8.3 Purpose of Data Processing
We only process the personal data from the input mask in order to process the contact. In the case of contact via email, this also includes the required legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent abuse of the contact form and to ensure the security of our information technology systems.
8.4 Period of Storage
Data are erased once they are no longer necessary for the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the relevant facts have been clarified in a conclusive manner.
The other personal data collected during the sending process is normally erased after a period of not more than seven (7) days.
8.5 Option to Object and Remove
The user has the option to revoke their consent in respect to the processing of their personal data at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In such a case, the conversation may not continue.
9. Google Analytics (with anonymisation function)
The processing controller has integrated the Google Analytics component (with anonymisation function) into this website. Google Analytics is a web analysis service. Web analysis is the surveying, collection and analysis of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data on the website from which a person has accessed a website (called a referrer), which sub-pages of the website were accessed or how often and for what length of time a sub-page was viewed. Web analytics is primarily used to optimise a website and provide a cost-benefit analysis of web advertising.
The company operating Google Analytics components is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
The controller uses the “_gat._anonymizeIp” add-on for web analytics via Google Analytics. This add-on allows the data subject’s IP address for their internet connection to be truncated and anonymised by Google if they access our website from a Member State of the European Union or from another country which is a signatory to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us that show activity on our website and to provide other services related to the use of our website.
Google Analytics places a cookie on the data subject’s information technology system. Cookies have already been explained above. The placement of this cookie enables Google to analyse the usage of our website. Each time someone opens an individual page of this website which is run by the controller responsible for processing and on which a Google Analytics component is integrated, the Google Analytics component in question will trigger the browser on the data subject’s information technology system to automatically send data to Google for the purpose of online analysis. As part of this technical process, Google receives information about personal data, such as the data subject’s IP address, which, among other things, enables Google to track the origin of visitors and clicks, and subsequently charge commission.
The cookie stores personally identifiable information, such as the time of access, the location from which access was made and the frequency of site visits by the data subject. Each time someone visits our website, these personal data, including the IP address of the internet connection used by the data subject, are transferred to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may disclose personal data collected through this technical process to third parties.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent detection by Google Analytics by clicking on the following link: Deactivate Google Analytics.
An opt-out cookie will be set that will prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
For the processing of your personal data by Google Analytics, we obtain your consent. Therefore the legal basis for this processing is Art. 6 para. 1 lit. a GDPR.
10. Google-Re/Marketing Services
We have integrated Google Remarketing services on this website. Google Remarketing is a Google AdWords feature that enables a company to display advertisements to Internet users who have previously been on the company's website. The integration of Google Remarketing therefore allows a company to create user-related advertisements and consequently to display advertisements of interest to the Internet user.
Google Remarketing services are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.
The purpose of Google Remarketing is the display of interest-relevant advertising. Google Remarketing enables us to display advertisements via the Google advertising network or on other websites that are tailored to the individual needs and interests of Internet users.
Google Remarketing places a cookie on the IT system of the person concerned. By setting the cookie, Google is able to recognize the visitor to our website who subsequently visits websites that are also members of the Google advertising network. Each time you visit a website on which the Google Remarketing service has been integrated, your Internet browser automatically identifies itself to Google. As part of this technical process, Google obtains knowledge of personal data such as your IP address or surfing behaviour, which Google uses, among other things, to display advertisements of interest.
The cookie is used to store personal information, such as the Internet pages visited by you. Accordingly, each time you visit our website, personal data, including your IP address, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through this technical process to third parties.
User data is processed pseudonymously within the framework of Google marketing services. This means, for example, that Google does not store and process the name or e-mail address of the user, but processes the relevant data cookie-related within pseudonymous user profiles. This means that, from Google's point of view, the ads are not administered and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information Google Marketing Services collects about users is transmitted to Google and stored on Google's servers in the United States.
One of the Google marketing services we use is the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies can therefore not be tracked via the websites of AdWords customers. The information collected through the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were directed to a page tagged with a conversion tracking tag. However, you will not receive any information that personally identifies users.
If you wish to opt out of receiving interest-based advertising through Google Marketing Services, you may use the preferences and opt-outs provided by Google: http://www.google.com/ads/preferences.
Google Analytics Remarketing is used on the basis of your consent in accordance with Art. 6 Para. 1 lit. a DS-GVO.
Further information on the use of data for marketing purposes by Google can be found on the overview page: https://www.google.com/policies/technologies/ads, Google's data protection declaration can be found at https://www.google.com/policies/privacy.
11. Social Media Presence
Our company uses presences within social networks and/or platforms in order to be able to communicate up-to-date with customers, interested parties and users active within these networks and/or platforms and to inform them about our services, offers and current topics.
Your data may be processed within the framework of the use of these networks and/or platforms by the relevant providers outside the territory of the European Union. This can result in certain risks for you as a user. For example, the enforcement of your rights as a data subject may be more difficult. A processing of your data by the platform provider usually takes place for market research and advertising purposes. User profiles can be created from your usage behaviour (of the respective network) and the resulting interests. For example these profiles can be used to place advertisements inside and outside the platforms that match your interests.
For network and/or platform providers from the USA certified according to the Privacy Shield, there is an obligation to comply with the data protection standards of the EU.
The basic legal basis for the processing of your personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interests are based on effective user information and modern communication with you. Insofar as the network and/or platform providers obtain consent for the aforementioned data processing, the legal basis of Art. 6 Para. 1 lit. a in conjunction with Art. 7 GDPR.
We maintain an online presence at the LinkedIn network (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA).
We are present on Twitter. Responsible for data processing within Europe is: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
Twitter has joined the EU-U.S. Privacy Shield Agreement (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active).
11.3 Your rights as data subject / user
The assertion of your rights as a user of the networks and/or platforms is most effective vis-à-vis the respective providers. Only they have access to your data and can take and implement appropriate measures and provide information. Of course you can also contact us for questions and help.
We also use conversion tracking technology and retargeting on our website.
This technology allows visitors to this site to play personalized ads on LinkedIn. It also provides the ability to create anonymous reports on ad performance and website interaction information. To do this, the LinkedIn Insight tag is embedded on this website, connecting to the LinkedIn server when you visit this website and are logged into your LinkedIn account at the same time.
We use the functions mentioned on the basis of our legitimate interests (interest in the analysis, optimisation and economic operation of our online offer) within the meaning of Art. 6 Para. 1 lit. f DS-GVO.
We use the conversion tracking technology and the retargeting function on the basis of your consent in accordance with Art. 6 Para. 1 lit. a DS-GVO.
13. Google Fonts
Our website uses web fonts provided by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States for consistent font representation. When you visit a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.
To do this, the browser you use must connect to Google's servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR.
US-based Google LLC is certified under the US Privacy Shield, which ensures compliance with the level of data protection in the EU.
14. Rights of the Data Subject
If your personal data are being processed, you are the “data subject” as defined by the GDPR, and you are entitled to the following rights with respect to us as the controller. You may exercise your rights by contacting our data protection officer or the service centre staff, indicating your concerns.
14.1 Right to Confirmation
As the data subject, you have the right to ask us for confirmation of your personal data being processed.
14.2 Right to Information Art. 15 GDPR
As the data subject, you have the right to receive free information from us at any time about the personal data stored about you as well as a copy of this data.
14.3 Right to Correction Art. 16 GDPR
Any data subject affected by the processing of personal data has the right to request the immediate correction of any incorrect personal data that relates to them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including through a supplementary declaration, taking into account the purposes of the processing.
14.4 Right to Erasure Art. 17 GDPR
Any data subject affected by the processing of personal data has the right to request that the personal data regarding the data subject be erased if and insofar as one of the reasons stipulated in Art. 17 Para. 1 GDPR applies.
14.5 Right to Restriction of Processing Art. 18 GDPR
Any data subject affected by the processing of personal data has the right to request the controller immediately restricts processing if the conditions stipulated by Art. 18 Para. 1 GDPR are met.
14.6 Right to Data Portability Art. 20 GDPR
Any data subject affected by the processing of personal data has the right obtain personal data relating to the data subject and provided by the same to the controller in a structured, commonly used and machine-readable format. They also have the right to transfer these data to another controller without hindrance by the controller to whom the personal data was provided, provided that the processing is based on the consent pursuant to Art. 6 Para. 1(a) GDPR or Art. 9 Para. 2(a) GDPR or on a contract pursuant to Art. 6 Para. 1(b) GDPR, and the data are processed using automated procedures.
14.7 Right to Object Art. 21 GDPR
Any data subject affected by the processing of personal data has the right to lodge an objection to the processing of personal data relating to you for reasons relating to your particular situation where this is done on the basis of Article 6 Para. 1(e) or (f) GDPR. This also applies to profiling based on these provisions.
In the event of an objection, the company will longer process the personal data unless we can demonstrate compelling and legitimate reasons for such processing that outweigh the interests, rights and freedoms of the data subject, or where processing serves the assertion, exercise or defence of legal claims.
If the company processes personal data in order to run a direct mail campaign, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling where this is connected to this kind of direct marketing. Should the data subject object to the processing of their data for direct marketing purposes, we will no longer process their personal data for this purpose.
15. Revocation of a Data Protection Consent
You have the right to revoke your consent to the processing of personal data at any time with future effect.
16. Deletion of Data and Period of Storage
The data subject’s personal data are erased or blocked as soon as the purpose of the storage no longer applies. The data may continue to be stored if this is stipulated by European or national legislation in EU regulations, laws or other provisions to which the controller is subject. Data are also blocked or erased upon the expiry of a storage deadline stipulated by the standards mentioned above, unless further storage of the data is necessary to conclude or fulfil a contract.