ibidi Privacy Policy
Privacy Statement
We are pleased that you are visiting our website and would like to thank you for your interest in our company and our products. ibidi takes the protection of your personal data very seriously. Due to statutory provisions, we are obliged to inform you about the type, scope, and purpose of the collection and use of personal data. Therefore, we kindly ask you to acknowledge the following information.
This Privacy Statement describes and governs the information collection, use, and sharing practices of ibidi GmbH and its corporate affiliates, subsidiaries, and divisions as may change from time to time (collectively, “ibidi,” “we,” “us,” and “our”) with respect to ibidi’s websites, mobile applications, and other digital and interactive services that link to this Privacy Statement (together, the “Services”).
Before you submit any information on or through the Services, please carefully read this Privacy Statement. By using any part of the Services, you consent to the collection, use, and disclosure of your information as further outlined in this Privacy Statement. We will continue to evaluate this Privacy Statement as we update and expand the Services and our offerings, and we may make changes to the Privacy Statement accordingly. Any changes will be posted here and you should check this page periodically for updates. Your continued use of the Services will signify acceptance of the terms of the updated Privacy Statement.
Please note that this Privacy Statement applies only to information collected through the Services and not to information collected offline or to information you may provide to any third-party sites to which ibidi may link, except as expressly provided herein. This Privacy Statement applies regardless of the device used to access the Services (e.g., personal computer, mobile device, consumer electronics device, or any other technology or software known today or developed in the future). Some online services offered by or affiliated with ibidi may be governed by a separate privacy statement. In those instances, the product-specific privacy statement shall apply to that online service.
1. Name and Address of the Controller
The following body is responsible according to the statutory provisions related to data privacy and data protection:
ibidi GmbH
Lochhamer Schlag 11
82166 Gräfelfing
Germany
Phone: +49-89 520 46 17 0
Fax: +49-89 520 46 17 59
E-Mail: info@ibidi.de
2. Name and Address of the Data Protection Officer
The following person is the designated data protection officer of the controller. If you have any problems, questions or ideas, please contact:
Maximilian Kruschewsky
letterscan GmbH & Co. KG
Landsberger Straße 234
80687 München
Germany
Phone: +49 89 416118111
E-Mail: dsb-ibidi@letterscan.de
If you like to know what data we have stored about you please forward your request to this mail box: marketing@ibidi.de
3. General Information on Data Processing
a. Scope of the Processing of Personal Data
We collect and use personal data of our users only to an extent which is necessary to provide a functional website as well as display our content and provide our Services. The collection and usage of personal data of our users is generally based on the consent of the user. An exemption is made in these cases where obtaining consent is not possible based on factual grounds or where statutory provisions allow the usage of personal data.
b. Legal Basis for the Processing of Personal Data
Where the data subject gives a consent, this consent is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. a Regulation(EU) 2016/679)
Where the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, this necessity is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. b Regulation(EU) 2016/679)
Where the processing is necessary for compliance with a legal obligation to which the controller is subject, this necessity is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. c Regulation(EU) 2016/679)
Where the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party and where the interests or fundamental rights and freedoms of the data subject which require protection of personal data are not outweighed, this necessity is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. f Regulation(EU) 2016/679).
c. Processing of Special Categories of Personal Data
We do not ask for, save, or process special categories of personal data (i.e., personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation).
d. Transfer of Personal Data Within the ibidi GmbH
ibidi processes personal data, like client data and employee’s data, outside the EU and the EEA, so called third countries, in particular in the countries where our affiliated companies are seated, if required for internal administrative purposes or for the performance of a contract. We process the personal data according to a group company data processing agreement based on the EU Standard contractual clauses and in compliance with applicable laws. If we use service providers in a third country, they are obligated to comply with the data protection level in the EU by agreement of the EU standard contractual clauses. The transmitting personal data within ibidi for internal administrative purposes, including the processing of clients’ or employees’ personal data is our legitimate interest. This necessity is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. f and recital 48 Regulation(EU) 2016/679).
e. Erasure and Storage Period
The personal data of the data subject is erased or the processing is restricted as soon as the data is no longer necessary in relation to the purposes for which they were collected.
Personal data may also be stored where Union law or Member State law to which the controller is subject allows such storage. The personal data of the data subject is erased or the processing is restricted as soon as a storage period runs out except for the cases where there is a necessity of storage of the personal data for the performance of a contract or to comply with statutory law requirements.
4. Provision of the Services and the Creation of Logfiles
Whenever you use our Services, our webserver automatically stores data of the client computer. The following data is collected:
- Information on the browser and its version
- The computer operating system
- The Internet Service Provider
- The IP address
- Date and time
- Referring website
- Websites which are visited through our system
This data is stored in the logfiles of our webserver. This data is not combined with other personal data of our users.
The legal basis for this storage are our legitimate interests in such storage (Art. 6 Abs. 1 lit. f Regulation(EU) 2016/679).
The data is stored to maintain the functionality of our Services. The data is also used to optimize our Services and maintain the security of our webserver. The data is erased after 10 days. A longer storage may occur, but in this case IP-addresses of the user are anonymized or deleted.
The collection and storage of personal data is necessary to provide our Services. Thus, an objection by the data subject is not possible.
Furthermore, the IP-address is used to automatically detect the geographical region of the user. Based on this localization, the Services are automatically tailored to the user, i.e., contact data settings for the region of the user. This usage of the data creates a better user experience on our Services.
5. Usage of Cookies
Our website uses Cookies. Cookies are small text files that are stored in the browser of the user or stored by the browser on the computer system of the user. Whenever a user visits our website, a cookie may be stored. This cookie contains of a characteristic string which allows the identification of the user the next time he visits our website.
The following data is stored in our cookies:
Name | Description | Duration |
tarteaucitron | A cookie for storing the chosen cookie settings | 1 year |
PHPSESSID | A session cookie for identifying the session | Session |
PrestaShop-xxx | Individual identifier required for the function of Prestashop | 20 days |
__cfduid | Cloudflare firewall cookie for security | 30 days |
_gcl_au | Google Tag Manager Conversation Linker cookie | up to 1 year |
1P_JAR | Google DoubleClick Optimization cookie | Session/30 days |
_ga | Google Analytics Cookie for performance measurement | 2 years |
_gid | Google Analytics Cookie for performance measurement | 1 day |
_gat | Google Cookie used to throttle request rate | 1 minute |
NID | Google Cookie for storing your preferences | 6 month |
ANID | Anonymous Google Analytics Advertisement Tracking Cookie | 1 year |
__utmz | Google Visitor Source Tracking | 6 month |
__utmc | Google Visitor cookie for tracking when the page gets closed | Session |
__utma | Google Visitor Tracking | 2 years |
Ajs_anonymous_id | Hotjar cookie to count visitors on website | 1 year |
Ajs_group_id | Hotjar cookie to collect data about user behavior to assign users to a specific visitor group | 1 year |
_hjid | Hotjar cookie to maintain a Hotjar user ID unique to the site in the browser | 1 year |
The legal basis for the usage of these cookies are our legitimate interests in such usage (Art. 6 Abs. 1 lit. f Regulation(EU) 2016/679).
We use cookies to provide a more user friendly experience. Some elements on our website require the browser to be identified after the user visits different pages on our website. Some functions of our website may not be operational if such cookies are not stored.
Cookies are not stored by us, but by the user on his device. Thus, the user has full control of the cookies stored on his device and may delete them at any time. The user can also control which cookies are stored on his device.
6. Newsletter
We offer the double opt-in subscription to our newsletter. If the user decides to subscribe to our newsletter by clicking the subscribe button, a confirmation mail will be sent out to the provided email address. The included unique URL must be confirmed by the user.
The following personal data is collected and stored:
- E-Mail Address
- Salutation
- First Name, Last Name
- Country
- University/Company
- City
The collection of this data is needed to send out the newsletter
The following personal data is also collected and stored:
- Profile ID
- Interests
- Date and time of the subscription
The collection of this data is needed to secure our systems against abuse.
Our newsletter makes use of web beacon technologies to track usage. A tracking pixel in the newsletter and also embedded links within the newsletter containing an identifier link to our webpage allow us to analyze your usage behavior and collect the relevant data to personalize our newsletter offer tailored to your interests.
Your consent is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. a Regulation(EU) 2016/679). The legal basis for the tracking of usage is our legitimate interests in such usage (Art. 6 Abs. 1 lit. f Regulation(EU) 2016/679).
The data is erased whenever a user unsubscribes from our newsletter. A user may unsubscribe at any time by using the unsubscribe link provided.
7. User Accounts
Some of our Services require you to sign up for an ibidi user account. This ibidi user account will serve as a single sign on for the Services provided that require a sign up and may be used to make purchases in our webshop. We may use the name that you provide for your ibidi user account across all of the Services we offer that require an ibidi user account, so that you are represented consistently across all our services.
We collect the following personal data and store it on our servers:
- Salutation
- Title
- First Name, Last Name
- Address
- Country
- E-Mail Address
- Telephone number
- Fax number
The collection of this data is needed to provide the user account. The user may at any time change or delete his personal data.
The following personal data is also collected and stored:
- IP address
- Date and time of the registration
The collection of this data is needed to secure our systems against abuse.
Your consent is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. a Regulation(EU) 2016/679). When the account is used to make purchases in our webshop, the legal basis is the necessity for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 Abs. 1 lit. b Regulation(EU) 2016/679).
The data is erased whenever a user deletes his user account. A user may delete his account at any time.
8. Contact Forms, Live Chat, and E-Mail Contact
Our Services offer contact forms and a website live chat function which may be used to send messages to us. Furthermore, we offer contact forms on our website to provide Poster/AppNote downloads, Quote requests, Sample requests, Demo requests, Product information requests, Software updates/downloads, webinar registrations, and lab course registrations.
Whenever a user chooses to contact us through our forms, following personal data is collected and stored:
- Salutation
- Academic Title
- First Name, Last Name
- E-Mail-Address of the user
- Phone
- University/Company
- Institute/Division
- Department/Principal Investigator
- Building/Floor/Room
- Street
- City, Zip Code
- Country, State/Province
- Applications
- Cell Types
The collection of this data is needed to engage in a conversation with the user. Furthermore we use this data to provide you with product-related information via newsletter.
The following personal data is also collected and stored:
- IP address
- Date and time when sending a message
The collection of this data is needed to secure our systems against abuse.
Your consent is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. a Regulation(EU) 2016/679).
The data is erased whenever the conversation with a user ends. A conversation has ended when we assume that the concern of the user has been solved. Furthermore the data is erased whenever a user unsubscribes from our newsletter. A user may unsubscribe at any time.
A user may request the erasure of his personal data at any time by sending us a message. In this case, the conversation with the user cannot be carried on.
9. E-Commerce
We offer a webshop on our website to make purchases of our products. A user account is mandatory to make such purchases. During the purchase process, we highlight the Information required to make purchases as mandatory. Further personal data may be provided by choice.
The following personal data is also collected and stored:
- IP address
- Date and time of the subscription
The collection of this data is needed to secure our systems against abuse.
The legal basis for the collection and processing of this data is the necessity for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 Abs. 1 lit. b Regulation(EU) 2016/679).
The processing of the personal data is needed to carry out the purchase, deliver the goods, to address warranty claims and due to fiscal requirements. Warranty claims can be made up to two years after the purchase. The fiscal regulations require storage of invoices for ten years. This necessity for compliance with a legal obligation to which the controller is subject is also the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. c Regulation(EU) 2016/679).
A user may request the correction of his personal data at any time. A user may also request the erasure of his personal data at any time. When the user has made purchases in our webshop, the personal data may be erased when there is no more necessity for the performance of the contract to which the data subject is party or when the applicable laws allow such erasure.
When making purchases through our webshop, we may disclose the personal data of a user to third parties. This takes place in the following cases:
To deliver parcels, packages or other mailings, we disclose the name and address of the user to the mail carrier we chose for delivery. The disclosure is necessary to perform the contract with the customer and the legal basis for the disclosure is Art. 6 Abs. 1 lit. b Regulation(EU) 2016/679.
To collect payments, we use third party payment providers. The user discloses his payment data to the provider who uses it to collect the due payment. The necessity arising from the contract with the customer is the legal basis for the disclosure (Art. 6 Abs. 1 lit. b Regulation(EU) 2016/679).
We offer the functionality to forward and share certain content with a friend or colleague. If you choose to use our sharing functionality to refer someone to our content, products or services, we will collect and use your information and that of the individual you are sharing with to send the content or link you request, but we do not store the information relating to the individual you wish to share with other than in connection with your request. Please note that we process the data on your behalf and that you remain the controller by meaning of the applicable Data Protection Law.
Your consent is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. a Regulation(EU) 2016/679).
11. Social Media Plugins
Our website may offer third party social media widgets/tools/buttons. If you use third party sharing functionality, including social media widgets/tools/buttons, such use is subject to the third party’s privacy policy and terms.
The usage of such social media widgets/tools/buttons leads to a disclosure of personal data to the provider of the social media widget/tools/buttons.
We do not actively offer these functionalities. They have to be activated by the user to be used.
Your consent is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. a Regulation(EU) 2016/679).
12. Third Party Content
Our Services may include third party content. Such content may consist of videos or maps. The usage of dedicated providers liberates us from the necessity to provide video streaming or geographical capabilities.
When accessing third party content on our Services, personal data may be collected by the third party provider. This provider may at least be able to collect the following information:
- Information on the browser and its version
- The computer operating system
- The Internet Service Provider
- The IP address
- Date and time
- Referring website
The legal basis for the implementation of third party content are our legitimate interests in such implementation (Art. 6 Abs. 1 lit. f Regulation(EU) 2016/679).
13. Third Party Tracking Services
Our Services may include third party tracking services. Such services allow us to analyze the usage of our site, optimize it for our users and provide a better user experience.
The legal basis for the implementation of third party services are our legitimate interests in such implementation (Art. 6 Abs. 1 lit. f Regulation(EU) 2016/679).
We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the Services analyze how users use the site. The information generated by the cookie about your use of the Services (including your IP address) will be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of the website provider Google will use this information for the purpose of evaluating your use of the Services, compiling reports on Services activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB. This website uses Google Analytics for cross-device tracking by using a feature called User ID. You can deactivate the cross-device tracking in your Google Account: My Account/Your personal info.
You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website:
Click here to opt out of Google Tag Manager tracking.
a. Google Dynamic Remarketing
This website uses Google Remarketing. Google Remarketing is an ad service from Google Inc. that targets specific ads at previous visitors of the website.
Third-party vendors, including Google, place ads on websites on the internet. They make use of cookies to place ads based on the user's previous visits to this website. Users are identified through cookies that are saved in the web browser. With the help of text files the usage of the website is analyzed and then used for specific product recommendations and interest-based advertising.
If you do not want to receive interest-based advertising, you can use the Ads Preferences Manager to deactivate cookies from Google and adjust ads in the Google network by opening the Opt Out page in Google's ad settings(https://www.google.de/settings/u/0/ads?hl=de). Alternatively, users can deactivate the usage of cookies by third-party vendors by opening the Consumer Opt Out page of the Network Advertising Initiative or by deactivating the use of cookies in their browser.
b. Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution operated by Google Inc., that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register personal data. The tool causes other tags to be activated which may, for their part, register data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager. Google Tag Manager does not set up any cookies for itself, only for the tools integrated through it.
c. Google Adwords Conversion Tracking
This website also uses Google Conversion Tracking, an analysis service by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). In this process, a cookie is placed on your computer by Google Adwords (“conversion cookie”) if you have reached our website via a Google advert. These cookies lose their validity after 30 days and do not serve for personal identification. If you visit a specific website of ours and the cookie has not yet expired, we and Google recognize that someone has clicked on the advert and was forwarded to our site. Every AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained with the help of conversion cookies serve to create conversion statistics for AdWords customers who have decided on conversion tracking. AdWords customers are informed of the total number of users that have clicked on their advert and were redirected to page with a conversion tracking tag. They receive no information that could be used to personally identify a user. If you do not want to take part in tracking procedures you can also refuse the necessary cookie settings – via browser settings, which generally disable the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “googleadservices.com” or by clicking on the following link and downloading and installing the plug in provided there: https://www.google.com/settings/ads/plugin. You will then be excluded from the Conversion Tracking statistics. If you do not want to receive interest-based adverts, you can also deactivate the use of cookies by Google for this purpose via the site https://www.google.com/ads/preferences/html/blocked-cookies.html or by clicking on the following link and downloading and installing the plug in provided there. https://www.google.com/settings/ads/plugin
d. Google Fonts
This website uses Google Fonts from Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA).
You do not have to log in or enter a password to use Google Fonts. Furthermore, no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you do not need to worry that your Google account information, while using Google Fonts, will be transmitted to Google. Google records the usage of CSS (Cascading Style Sheets) and the fonts used and stores this data securely.
You can find additional information and the Google data protection declaration at: http://www.google.com/policies/privacy/
e. Hotjar
This website uses Hotjar from Hotjar Limited (Level 2, St. Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta) to statistically analyze visitor data. Hotjar is a service that analyzes user behavior and feedback on the ibidi website through a combination of analytics and feedback tools. On this website, the tool "Heatmaps" from Hotjar is used to visualize data. Reports and visual representations from Hotjar show us where and how you "move" on this site. Personal data is automatically anonymized and never reaches Hotjar's servers. This means that you, as a website user, are not personally identified.
The following data may be collected about your computer or browser:
- IP address of your computer (collected and stored in an anonymous format)
- screen size
- Browser info (which browser, which version, etc.)
- Your location (country only)
- Your preferred language setting
- Visited web pages (sub-pages)
- Date and time of access to one of our subpages (web pages).
In principle, Hotjar does not share any collected data with third parties. However, Hotjar explicitly points out that it is sometimes necessary to share data with Amazon Web Services. Then parts of your information are stored on their servers. However, Amazon is bound by a confidentiality obligation not to disclose this data.
Only a limited number of people (Hotjar employees) have access to the stored data. The Hotjar servers are protected by firewalls and IP restrictions. Furthermore, Hotjar also uses third-party companies, such as Google Analytics or Optimizely. These companies may also store information that your browser sends to our website.
This website includes a tracking code that is transmitted to Hotjar servers in Ireland (EU). This tracking code contacts Hotjar's servers and sends a script to your computer or device that you use to access our site. The script collects certain data related to your interaction with our website. This data is then sent to Hotjar's servers for processing. Hotjar has imposed a 365-day data retention period on itself. This means that all data collected by Hotjar that is older than one year is automatically deleted.
Hotjar does not store any personal data about you. You also always have the option to prevent the collection of your data. To do this, you must go to the "Opt-Out Page" and click on "Disable Hotjar".
14. Rights of the Data Subject
Every data subject has a right of access (Art. 15 Regulation(EU) 2016/679), a right to rectification (Art. 16 Regulation(EU) 2016/679), a right to erasure (Art. 17 Regulation (EU) 2016/679), a right to restriction of processing (Art. 18 Regulation(EU) 2016/679), a right to object (Art. 21 Regulation(EU) 2016/679) and a right to data portability (Art. 20 Regulation(EU) 2016/679). The right of access and right to erasure are subject to the restrictions under sections 34 and 35 BDSG. Data subjects also have a right to lodge a complaint with a supervisory authority (Art. 77 Regulation(EU) 2016/679 in conjunction with section 19 BDSG).
You have the right at any time to revoke your consent to the use of your personal data in the future. This also applies to consents that are granted prior to the entry into force of the EU General Data Protection Regulation, i. e., prior to 25 May 2018. Please be advised that the revocation will only take effect in the future. Any processing that was carried out prior to the revocation shall not be affected thereby.
Again, just send an e-mail to the address given in the imprint or contact the Data Security Officer at the address above.
For example, if you have provided contact information through the Services and decide that you do not want ibidi to use that information for marketing purposes in accordance with this Privacy Statement, you can opt-out of future use at any time by: (i) going to the link provided at the bottom of any email you receive and opting out of receiving future information; or (ii) by sending us an email at marketing@ibidi.de. Please note that you may not be able to opt out of emails about your transactions and relationship with us, such as emails regarding your account, requests or inquiries, and purchases of products and/or services.
15. Information on the Right to Object under Art. 21 Regulation(EU) 2016/679
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on a task carried out in the public interest (Art. 6 (1) e) Regulation (EU) 2016/679) or on legitimate interests (Art. 6 (1) f) Regulation (EU) 2016/679), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.