EnglishDeutsch

Privacy policy

Data protection declaration for our website www.galab.com

We appreciate your visit on our website. In the following we would like to inform you about the handling of your data according to Art. 13 General Data Protection Regulation (GDPR).

Liability

GALAB Laboratories GmbH, Am Schleusengraben 7, D-21029 Hamburg, info@galab.de, managing directors Dr. Eckard Jantzen and Dr. Jürgen Kuballa are liable for the data processing shown below.

Data usage

When you visit our website, so-called usage data is temporarily evaluated on our web server for statistical purposes as a log in order to improve the quality of our website. This data set consists of:

  • the name and address of the requested content,
  • the date and time of the query,
  • the amount of data transferred,
  • the access status (content transferred, content not found),
  • the description of the web browser used and the operating system,
  • the referral link, which indicates the page from which you came to ours,
  • the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.

The mentioned log data are only evaluated anonymously.

Processing of IP address

Beyond this we do not process any IP addresses.

Processing of IP address for security purposes

Furthermore, we process the complete IP address transmitted by your web browser strictly for a specific purpose for a maximum of 24 hours, in the interest of being able to detect, limit and eliminate attacks on our website. After this period of time, we delete or anonymize the IP address. The legal basis for the processing is Art. 6 Par.  1 S. 1 lit. f GDPR.

Data security

We take technical and organizational measures to protect your data from unwanted access as comprehensively as possible. We use state-of-the-art encryption on our website. Your details are transmitted from your computer to our server and vice versa via the Internet using TLS encryption. You can usually identify this by the fact that in the status bar of your browser the 🔒 lock symbol is closed and the address line begins with “https://“.

Required cookies

We use cookies on our website, which are necessary for the use of our website.

Cookies are small text files that can be saved and read on your device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

We do not use these required cookies for analysis, tracking or advertising purposes. Some of these cookies only contain information about certain settings and cannot be related to a person.

They may also be necessary to enable user guidance, security and implementation of the site. We use these cookies on the basis of Art. 6 Par. 1 S. 1 lit. f GDPR.

You can adjust your browser settings so that it informs you about the placement of cookies and the use of cookies becomes transparent for you. You can also delete cookies at any time using the appropriate browser setting and prevent new cookies from being set. Please note that our website may then not be displayed and some functions may technically no longer be available.

Manage your Cookie preferences

Google Analytics

We use the web analysis tool “Google Analytics” to tailor our website to our specific needs. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your device and read out by us. In this way we are able to identify returning visitors and count them as such.

Google Ireland Limited and Google LLC support us as part of Google Analytics. (USA) as a data processor according to Art. 28 GDPR. The data processing can therefore also take place outside the EU or the EEA. With regard to Google LLC, no adequate level of data protection can be assumed due to processing in the USA. There is a risk that authorities will access the data for security and monitoring purposes without you being informed of this or being able to appeal. Please take this into account if you decide to give your consent to our use of Google Analytics.

The data processing takes place on the basis of your consent in accordance with. Art. 6 par. 1 sentence 1 lit. a GDPR or Section 15 (3) sentence 1 TMG, provided you have given your consent via our banner. The transfer to a third countries takes place on the basis of Art. 49 Par. 1 lit. a GDPR. You can withdraw your consent at any time. Please follow this link and make the appropriate settings via our banner.

Visitor measurement

We use web analysis tools to tailor our website to our needs. This creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your device and read out by us. In addition, it is possible for us to call up recognition features for your browser or your device (e.g. a so-called browser fingerprint or your unabridged IP address). In this way we are able to recognize returning visitors and count them as such.
In addition, we use the following functions for visitor measurement:

  • We enrich the pseudonymous data with additional data provided to us by third-party providers. In this way, we are able to record demographic characteristics of our visitors, e.g. statements on age, gender and place of residence.We use a detection method that allows us to record the mouse pointer movement of our visitors and to evaluate it afterwards.
  • […]

The data processing takes place on the basis of your consent according to Art. 6 par. 1 sentence 1 lit. a GDPR or section 15 (3) sentence 1 TMG, provided you have given your consent via our banner.

Which third party providers do we use in this context?

Below we name the third-party providers with whom we work in connection with visitor measurement. If the data is processed outside the EU or the EEA in this context, please note that there is a risk that authorities will access the data for security and monitoring purposes without you being informed of this or being able to appeal. If we use providers in insecure third countries and you consent, the transfer to a third country takes place on the basis of Art. 49 Par. 1 lit. a GDPR.

Provider
Technical
Function or
content
Transmission to third countries according to the information provided by the provider and ensuring an adequate level of data protection
Revocation of Consent
Google Analytics Analytics No adequate level of data protection. The transmission takes place on the basis of Art. 49 Para. 1 lit. a GDPR If you want to revoke your consent, please use the Cookie Policy or make the appropriate setting via our banner.
Cloudflare Analytics No adequate level of data protection. The transmission takes place on the basis of Art. 49 Para. 1 lit. a GDPR If you want to revoke your consent, please use the Cookie Policy or make the appropriate setting via our banner.

Third-party tracking technologies for advertising purposes

We use cross-device tracking technologies so that, based on your visit to our website, you can be shown targeted advertising on other websites and we can see how effective our advertising measures were. The data processing takes place on the basis of your consent in accordance with. Art. 6 par. 1 sentence 1 lit. a GDPR or Section 15 (3) sentence 1 TMG, provided you have given your consent via our banner. Your consent is voluntary and can be withdrawn at any time.

How does the tracking work?

When you visit our website, it is possible that the third-party providers named below call up recognition features for your browser or your device (e.g. a so-called browser fingerprint), evaluate your IP address, store or read out recognition features on your device (e.g. cookies) or get access to individual tracking pixels. The individual features can be used by third-party providers to recognize your device on other websites. We can commission the relevant third-party providers to place advertising based on the pages we visit.

What does cross-device tracking mean?

If you log in to the third-party provider with your own user data, the respective recognition features of different browsers and end devices can be linked to one another. So if the third party provider e.g. has created its own characteristic for the laptop, desktop PC or smartphone or tablet you are using, these individual characteristics can be assigned to one another as soon as you use a third-party service with your login data. In this way, the third-party provider can also target our advertising campaigns across different end devices.

Which third-party providers do we use in this context?

Below we name the third-party providers with whom we work for advertising purposes. If the data is processed outside the EU or the EEA in this context, please note that there is a risk that authorities will access the data for security and monitoring purposes without you being informed of this or being able to appeal. If we use providers in insecure third countries and you consent, the transfer to a third country takes place on the basis of Art. 49 Par. 1 lit. a GDPR.

Provider
Technical Function or content
Transmission to third countries according to the information provided by the provider and ensuring an adequate level of data protection
Revocation of Consent
Google Analytics Analytics No adequate level of data protection. The transmission takes place on the basis of Art. 49 Para. 1 lit. a GDPR. If you want to revoke your consent, please use the Cookie Policy or make the appropriate setting via our banner.
Cloudflare Analytics No adequate level of data protection. The transmission takes place on the basis of Art. 49 Para. 1 lit. a GDPR. If you want to revoke your consent, please use the Cookie Policy or make the appropriate setting via our banner.

Hotjar

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

Contact form

You’re welcome to contacting us using the contact form provided for this purpose. To use our contact form, we first need the data marked as mandatory fields from you. We process this data on the basis of Art. 6 Par. 1 S. 1 lit. f GDPR, in order to check your request and, if necessary, to answer it. Your data will only be processed to answer your request. We delete your data if it is no longer required and there are no statutory retention requirements. With regard to the processing according to Art. 6 Par. 1 S. 1 lit. f GDPR, you have the right to object at any time. For this purpose, please contact the email address given in the legal notice.

APPLICATION

You’re very welcome to apply for the positions advertised by us using the email or postal address provided. In order to be able to consider your application, at least the following information is required:

– Covering letter

– CV

– Certificates, references and qualifications

– Further documents and information according to the respective job advertisement.

We process your data exclusively for the purpose of selecting applicants in accordance with Section 26 (1) of the Federal Data Protection Act (BDSG). There is no data processing for other purposes.

In addition, you can decide for yourself whether you want us to provide further information, such as your telephone number, your leisure interests, a picture, etc. for a better assessment of your application or for easier communication. This information is provided voluntarily and is not absolutely necessary for the application. If you include voluntary information in your application, you give your consent that we process this data exclusively for the purpose of applicant selection. You can revoke your consent at any time with effect for the future. Please send your revocation to the office named in the imprint.

Your information will be treated as strictly confidential. If your application is unsuccessful, your documents will be deleted no later than six months after the rejection notification has been sent. The legal basis for this processing is Art. 6 Par. 1 S. 1 lit. f GDPR to fend off any legal claims in the legitimate interest.

In the event that your application should also be considered for other or future job advertisements, this will only be done on the basis of your consent. Please inform us of this in your application letter or no later than 6 months after receipt of your application. We then process your data on the basis of Art. 6 Par. 1 S. 1 lit. a GDPR and delete your application after two years. You can revoke your consent at any time with effect for the future. Please send your revocation to the office named in the imprint.

NEWSLETTER AND – DIRECT MAILING

Direct mailing

If we receive your email address in connection with the sale of a product or service, we will use the address for direct marketing for our own similar goods or services, provided you have not objected to the processing. When collecting the address and each time it is used, we clearly point out that you can object to its use at any time without incurring any costs other than the transmission costs according to the basic tariffs.

It is used on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR and Section 7 (3) of the Fair Trade Law (UWG) and in the interest of promoting the sale of our goods or services. You will get a simple way to object, for example via the unsubscribe link in every email.

 

 Newsletter

In connection with the sale of a product or service, we will ask send an inquiry to the email address you provided as to whether you would like to receive a newsletter in the future. This is also done on the basis of Art. 6 Par. 1 S. 1 lit. f GDPR and Section 7 (3) of the Fair Trade Law (UWG) and in the interest of promoting the sale of our goods or services and keeping you up to date on the latest products and developments. The subsequent registration for the newsletter takes place on the basis of your voluntary consent in accordance with Art. 6 Par. 1 S. 1 lit a GDPR and can be revoked at any time via the corresponding link in the newsletter.

 

Embedded Videos

We embed videos on our websites that are not processed on our servers. Calling up our websites with embedded videos does not automatically result in third-party content being reloaded, in a first step we only display locally saved preview images of the videos. This means that the third-party provider does not receive any information. Only by clicking on the preview image the content of the third-party provider will be reloaded. In this way, the third-party provider receives the information that you have accessed our site and the usage data that is technically required in this context. In addition, the third-party provider is then able to implement tracking technologies. We have no influence on further data processing by the third party provider. By clicking on the preview image, you give us your consent to reload content from the third-party provider. The embedding takes place on the basis of your consent in accordance with Art. 6 par. 1 sentence 1 lit. a GDPR, provided you have given your consent by clicking on the preview image. Please note that the embedding of many videos means that your data will be processed outside the EU or the EEA. In some countries, there is a risk that authorities will access the data for security and surveillance purposes without you being informed or being able to appeal. If we use providers in insecure third countries and you consent, the transfer to an insecure third country takes place on the basis of Art. 49 Par. 1 lit. a GDPR.

Provider
Technical Function or content
Transmission to third countries according to the information provided by the provider and ensuring an adequate level of data protection
Revocation of Consent
Youtube Video Hosting No adequate level of data protection. The transmission takes place on the basis of Art. 49 Par. 1 lit. a GDPR. If you have clicked on a preview image, the content of the third-party provider will be reloaded immediately. If you do not want such a reload on other pages, please do not click on the preview images any more.

Map services

We embed map services on our websites that are not stored on our servers. So that calling up our websites with embedded map services does not automatically result in third-party content being reloaded, in a first step we only show locally saved preview images of the maps. This means that the third-party provider does not receive any information. Only after clicking on the preview image will the content of the third-party provider be reloaded. In this way, the third-party provider receives the information that you have accessed our site and the usage data that is technically required in this context. We have no influence on further data processing by the third party provider. By clicking on the preview image, you give us your consent to reload content from the third-party provider. The embedding takes place on the basis of your consent in accordance with. Art. 6 par. 1 sentence 1 lit. a GDPR, provided that you have previously given your consent by clicking on the preview image.

Provider
Technical Function or content
Adequate level of data protection
Revocation of Consent
Openstreetmap Map Tiles No adequate level of data protection. The transmission takes place on the basis of Art. 49 Par. 1 lit. a GDPR. Once you have clicked on a map, the content of the third-party provider will be reloaded immediately. If you do not want such reloading on other pages, please do not click on the cards again.

Integration of other technical third-party content and functions

We use the technical functions and content of third-party providers mentioned below to display our website. When you visit our website, content from the third-party provider that provides these functions and content is reloaded. In this way, the third-party provider receives the information that you have accessed our site and the usage data that is technically required in this context. We have no influence on further data processing by the third party provider.

The data processing takes place on the basis of your consent acc. Art. 6 par. 1 sentence 1 lit. a GDPR, provided you have given your consent beforehand via our banner solution.

Please note that the use of third-party content and functions can result in your data being processed outside the EU or the EEA. In some countries, there is a risk that authorities will access the data for security and surveillance purposes without you being informed or being able to appeal. If we use providers in insecure third countries and you consent, the transfer to an insecure third country takes place on the basis of Art. 49 Par. 1 lit. a GDPR.

Provider
Technical
Function
Or Content
Transmission to third countries according to the information provided by the provider and ensuring an adequate level of data protection
Revocation of Consent
Cloudflare Content Distribution Network No adequate level of data protection. The transmission takes place on the basis of Art. 49 Par. 1 lit. a GDPR. If you no longer agree to the processing, please stop using our website.

Storage period

Unless we have already informed you in detail about the storage period, we delete personal data when it is no longer required for the aforementioned processing purposes and there are no statutory retention requirements to prevent deletion.

Other processors

In the context of order processing acc. Art. 28 GDPR we hand your data to service providers who support us in the operation of our websites and the associated processes. These are e.g. hosting service provider. Our service providers are strictly bound by our instructions and contractually obliged to do so. In the following, we will name the processors with whom we work, if we have not yet done so in the data protection declaration above. Should data be transferred outside of the EU or the EEA in this context, we will provide information on the appropriate level of data protection:

Data processor
Purpose Web hosting and support
Adequate level of data protection
ratioKontakt GmbH Webhosting and Support Processing only within the EU / EEA

Your rights as a data subject

When processing your personal data, the GDPR grants you as a data subject certain rights:

Right to information (Art. 15 GDPR)

You have the right to request confirmation as to whether personal data relating to you is being processed if this is the case, you have a right to information about this personal data and the information listed in detail in Art. 15 GDPR.

Right to correction (Art. 16 GDPR)

You have the right to immediately request the correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data.

Right to deletion (Art. 17 GDPR)

You have the right to request that personal data relating to you be deleted immediately, provided that one of the reasons detailed in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of the review by the person responsible.

Right to data portability (Art. 20 GDPR)

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

Right of withdrawal (Art. 7 GDPR)

If the processing of data takes place on the basis of your consent, you are entitled according to Art. 7 Par. 3 GDPR to revoke your consent to the use of your personal data at any time. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.

Right of objection (Art. 21 GDPR)

If data is based on Art. 6 Par. 1 S. 1 lit. f GDPR (data processing to safeguard legitimate interests) or on the basis of Art. 6 Par. 1 S. 1 lit. f GDPR (data processing to protect the public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons that arise from your particular situation. We will then no longer process the personal data, unless there are provable compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

You have the right to lodge a complaint with a supervisory authority if you feel that the processing of the data concerning you violates data protection regulations. The right to lodge a complaint can in particular be asserted with a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged violation. Unless otherwise described above, please contact the office named in the imprint to assert your rights.

Contact details of the data protection officer

Our external company data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:

datenschutz nord GmbH

Sechslingspforte 2
22087 Hamburg , Germany

Telefon: +49 40 59 36 160 400
Web: www.datenschutz-nord-gruppe.de

E-Mail: office@datenschutz-nord.de

If you contact our data protection officer, please also indicate the responsible body named in the imprint.