Privacy policy
Münchner Leukämielabor GmbH takes data privacy very seriously. We only process personal data in a manner that complies with the appli-cable data protection requirements, in particular those set out in the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act [Bun-desdatenschutzgesetz, BDSG]. You generally do not need to provide any personal information to use the Münchner Leukämielabor website. However, if you wish to use our website to access the company's special services, the processing of personal data may be required. If personal data processing is required and there is no legal basis for this processing, we generally ask for consent from the affected party.
Personal information, for example your name, address, e-mail address or telephone number, is always processed in accordance with the General Data Protection Regulation (pursuant to Article 4(1) EU GDPR) and in compliance with the domestic data privacy laws applicable to Münchner Leukämielabor GmbH (Sec. 46 BDSG-new). We are publishing our data privacy policy to inform the public about the nature, scope and purpose of the personal data collected, used and processed by us. Furthermore, we also inform you of your rights under this data privacy policy.
Münchner Leukämielabor GmbH, as the controller, has implemented numerous technical and organizational measures to ensure the most complete protection of all personal data processed via this website. Nevertheless, transmitting data via the internet can be insecure, so we cannot guarantee absolute protection. For this rea-son, every data subject is free to submit her or his personal information to us by other means, such as by telephone.
Section A of this privacy policy contains information about the controller responsible for the processing of your personal data and the data protection officer of the controller.
Section B provides information about the processing of your personal data.
Section C contains detailed information about the use of cookies and comparable technologies.
Section D provides information about your rights in relation to the processing of your personal data.
The technical terms relating to data protection that are featured in this privacy policy take their meaning from the General Data Protection Regulation. More detailed information is also available in Section D.
A. Information about the controller
I. Name and contact details of the controller
Responsible for the operation of the website www.mll.com:
MLL Münchner Leukämielabor GmbH
Max-Lebsche-Platz 31
D-81377 München
Email: info@mll.com
Tel: +49 (0)89 99017-0
The parties jointly responsible for the processing of personal data in the context of medical diagnostics and scientific research are:
MLL MVZ GmbH
MLL Münchner Leukämielabor GmbH
MLL Dx GmbH
MLLi GmbH
Max-Lebsche-Platz 31
81377 München
E-Mail: info@mll.com
Tel: +49 (0)89 99017-0
II. Contact details of the data protection officer of the controller
Dr. med. Christian Dornes
MLL Münchner Leukämielabor GmbH
Max-Lebsche-Platz 31
D-81377 München
Email: christian.dornes@mll.com
Tel.: +49 (0)89 99017-170
B. Information about the processing of personal data
Online Services
With the provision of our online offers, in particular our website and the offers made available on the website, we process personal data.
You can find more detailed information in the following sections.
Bei der rein informatorischen Nutzung der Website werden durch den auf Ihrem EnWhen using the website purely for information purposes, certain information (such as your IP address) is sent for technical reasons to the server of our website by the browser used on your device. We process this information to make the website content you have requested available. In order to ensure the security of the IT infrastructure used to provide the website, this information is also stored temporarily in what is known as a web server log file.
In order to provide the search functionality on our website, data that you enter into our search tools is temporarily processed on our web server.
In order to provide the functionality for managing cookie consent for the website, data from cookies that are strictly necessary (Section C) is temporarily processed on our web server to determine whether you have already given your consent when you revisit the website.
More detailed information is available below:
1. Details about the personal data processed
| Categories of personal data processed | Personal data included in the categories | Sources of the data | Obligation to provide the data | Retention period |
| HTTP data | Protocol data generated for technical reasons when accessing the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes the IP address, type and version of your internet browser, the operating system used, the page accessed, the previously visited page (referrer URL), and the date and time of access. | Website users | It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available. If the data is not made available, we cannot make the requested website content available. | Data is stored for a maximum period of 7 days in server log files in a form that allows for the identification of data subjects, unless a security-related incident occurs (e.g., a DDoS attack). In the event of a security-related incident, server log files are stored until the security-related incident is eliminated and completely resolved. |
| Search tool data | Data that you enter into the search tools on our website. This includes all the information that you enter as search terms in the relevant search form on the website. | Website users | It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available. If the data is not made available, we cannot provide the requested website functionality. | We process this data only briefly while the website is being used. Once you give your consent to web analysis (see Section B.II in this regard), search terms are also entered into the “Matomo HTTP data” and thus into the web analysis. |
| Opt-in-data | Data that you make available for managing cookie consent for this website and data assigned to your device when using the functionality for managing cookie consent. This includes your consent and, if applicable, your individual selection regarding the use of cookies on your device. (We use cookies that are strictly necessary in order to manage cookie consent. More detailed information about the content of the cookies used is available in Section C.III.) | Website users | It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available. If the data is not made available, we cannot take any consent to the use of cookies on this website into account. | Name of the cookie: cookie_consent The cookies used for managing cookie consent are stored on the user’s device. Information about the validity period of the cookies used is available in Section C.III.) |
2. Details about the processing of personal data
| Purpose of the processing data | Categories of personal data processed | Automated decision-making | Legal basis and, if applicable, legitimate interests | Recipient |
To make the website content requested by the user available: To this end, data is temporarily processed on our web server. | HTTP data | No automated decision-making takes place. | Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests). Our legitimate interest is to make the website content requested by the user available. | Hosting provider |
To provide the search functionality on our website: To this end, data that you enter into our search tools is temporarily processed on our web server.. | Search tool data. | No automated decision-making takes place. | Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests). Our legitimate interest is to provide the search tools accessed by the user on the website. | Hosting provider |
To provide the functionality for managing cookie consent for the website and to document cookie consent: When you revisit the website, we determine whether you have already given your consent and enable cookies together with related analysis and tracking tools in accordance with the consent you have given. (To this end, data from cookies that are strictly necessary is also processed temporarily on our web server. More detailed information about the content and purposes of the cookies used is available in Section C.III.) | Opt-in-data
| No automated decision-making takes place. | Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests). Our legitimate interest is to manage the consent given by the user to the use of cookies for this website. | Hosting provider |
To ensure the security of the IT infrastructure used to provide the website, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks): To this end, data is temporarily stored and analyzed in log files on our web server. | HTTP data
Search tool data
| No automated decision-making takes place. | Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests). Our legitimate interest is to ensure the security of the IT infrastructure used to provide the website, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks). | Hosting provider |
3. Details of the recipients of personal data and the transfer of personal data to third countries and/or international organizations
| Recipient | Role of the recipient | Registered office of the recipient | Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organizations |
Hosting provider (currently: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany) | Processor | EU. | - |
If you give us your consent to do so, we use web analysis technologies to record and analyze usage patterns on our website in order to improve the website and better achieve website goals (e.g., increasing page views).
Your consent to this web analysis remains valid for 12 months. After this time, no further web analysis will take place unless you renew your consent. Naturally, you have the option of withdrawing your consent at any earlier time under “Data protection and cookie settings” (or by deleting the “opt-in cookies”).
For this purpose, we make use of cookies (Section C).
More detailed information is available below:
1. Details about the personal data processed
| Categories of personal data processed | Personal data included in the categories | Sources of the data | Obligation to provide the data | Retention period |
| Matomo HTTP data. | Protocol data generated for technical reasons when using the web analysis tool Matomo used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes the IP address, type and version of your internet browser, the operating system used, the page accessed, the pre-viously visited page (referrer URL), and the date and time of access. | Website users. | It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available. If the data is not made available, we cannot carry out web analysis using Matomo.
| IP anonymization is activated on this website for the use of the web analysis tool Matomo. This means that the IP address transmitted by the browser for technical reasons is anonymized prior to storage by truncating the IP address (by deleting the last octet of the IP ad-dress). We store the remaining data for 12 months.
|
| Matomo device data. | Data assigned to your device by the web analysis tool Matomo. This includes a unique ID for recognizing repeat visitors. (We use cookies in connection with the web analysis tool Matomo. More detailed information about the content of the cookies used is available in Section C.III.) | Website users. | It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available. If the data is not made available, we cannot carry out web analysis using Matomo. | We process this data only for a short time for the duration of the use of the website. (The cookies used in connection with the web analysis tool Matomo are stored on the user’s device. Information about the validity pe-riod of the cookies used is availa-ble in Section C.III.) |
| Matomo profile data. | Data generated by the web analysis tool Matomo and stored in pseudonymous usage profiles. This includes information about the use of the website, in particular page views, frequency of visits, and duration of visits to pages, that is attributed to the respective user’s unique visitor ID contained in the Matomo device data. | Independently generated. | - | We store the remaining data for 12 months. |
2. Details about the processing of personal data
| Purpose of the processing of personal data | Categories of personal data processed | Automated decision-making | Legal basis and, if applicable, legitimate interests | Recipient |
To improve the website and bet-ter achieve website goals (e.g., increasing page views). To this end, the behavior of users on our website is recorded and analyzed in pseudonymized form. Website users are marked in pseudonymous form so that they can be recognized on the website. Pseudonymous usage profiles are created from this information. The pseudonymous usage profiles are not merged with data about the person behind the pseudonym. The aim of the procedure is to investigate where users come from, which areas of the website are visited, and how often and for how long which subpages and categories are viewed. To this end, we make use of the web analysis tool Matomo provided by Innocraft. (To this end, data from cookies is also processed temporarily on our web server. More detailed information about the content and purposes of the cookies used is available in Section C.III.) | Matomo HTTP data, | No automated decision-making takes place. | Article 6(1)(a) of the General Da-ta Protection Regulation (consent). Your consent to this web analysis remains valid for 12 months. After this time, no further web analysis will take place unless you renew your consent. Naturally, you have the option of withdraw-ing your consent at any earlier time under “Data protection and cookie settings” (or by deleting the “opt-in cookies”). | Hosting provider |
3. Details of the recipients of personal data and the transfer of personal data to third countries and/or international organizations
Recipient | Role of the recipient | Registered office of the recipient | Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organizations |
| Matomo | |||
Hosting provider. (currently: | Processor. | EU. | - |
We offer you the opportunity on the website to subscribe to our personalized email newsletter. When subscribing to our newsletter, certain information (such as your email address) is collected. We process this information to confirm your subscription and provide the personalized email newsletter. We also store this information for evidentiary purposes in order to establish, exercise, or defend any legal claims.
When using the form on the website for subscribing to and unsubscribing from our newsletter, certain information (such as your IP address) is sent for technical reasons to the server of our website by the browser used on your device. We process this information to provide the form on the website for subscribing to and unsubscribing from our newsletter.
If you give us your consent to do so, we also analyze the usage patterns of newsletter subscribers in relation to our newsletter and create usage profiles using pseudonyms for the purpose of personalizing the newsletter.
If you give us your consent to do so, we also analyze the usage patterns of newsletter subscribers in our newsletter in a pseudonymized fashion.
More detailed information is available below:
1. Details about the personal data processed
Categories of personal data processed | Personal data included in the categories | Sources of the data | Obligation to provide the data | Retention period |
Newsletter form HTTP data. | Protocol data generated for technical reasons when accessing the form on the website for subscribing to and unsubscribing from our newsletter via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes the IP address, type and version of your internet browser, the operating system used, the page accessed, the previously visited page (referrer URL), and the date and time of access. | Website users. | It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available. If the data is not made available, we cannot make the requested website content available. | Data is stored for a maximum period of 7 days in server log files in a form that allows for the identification of data subjects, unless a security-related incident occurs (e.g., a DDoS attack). In the event of a security-related incident, server log files are stored until the security-related incident is eliminated and completely resolved. The IP address also merges with the “newsletter opt-in data” described below. |
Newsletter subscription data. | Data recorded when subscribing to the newsletter.
This includes the following mandatory information: Email address. This also includes the following optional information: Title/salutation, first name, last name. | Newsletter subscribers. | It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available. If the mandatory information is not provided, you cannot receive our newsletter. | We store this data for as long as you subscribe to our newsletter.
In addition, we also store this data for evidentiary purposes in order to establish, exercise, or defend any legal claims for a transition period of three years from the end of the year in which you unsubscribed from the newsletter, and until any legal disputes that may arise have been settled. |
Newsletter opt-in data. | Protocol data generated for technical reasons when subscribing to or unsubscribing from the newsletter. This includes the date and time of the subscription to the newsletter, date and time the subscription notification was sent as part of the double opt-in process, date and time of the confirmation of the subscription as part of the double opt-in process, IP address(es) of the device used to subscribe and confirm the subscription, and the date and time of any unsubscription from the newsletter. | Newsletter subscribers. | It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available. If the data is not made available, you cannot receive our newsletter. | We store this data for as long as you subscribe to our newsletter. In addition, we also store this data for evidentiary purposes in order to establish, exercise, or defend any legal claims for a transition period of three years from the end of the year in which you unsubscribed from the newsletter, and until any legal disputes that may arise have been settled. |
Newsletter tracking pixel data. | Protocol data generated for technical reasons when accessing our newsletter through the tracking pixels contained in the newsletter via the Hypertext Transfer Protocol (Secure) (HTTP(S)). Tracking pixels are small graphics in HTML emails that make recording and analyzing log files of email views possible. This includes the IP address, type and version of your internet browser, the operating system used, the page accessed, the previously visited page (referrer URL), and the date and time of access. | Newsletter subscribers. | It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available. If the data is not made available, we cannot carry out analysis of newsletter usage patterns. | We store this data only for as long as you subscribe to our newsletter. |
Newsletter profile data. | Data in usage profiles that we create by analyzing newsletter usage patterns using pseudonyms. This includes data about the use of the newsletter, in particular views, frequency of views, and duration of views in relation to viewed newsletters. | Independently generated. | - | We store this data only for as long as you subscribe to our newsletter. |
2. Details about the processing of personal data
Purpose of the processing of personal data | Categories of personal data processed | Automated decision-making | Legal basis and, if applicable, legitimate interests | Recipient |
To provide the form on the website for subscribing to and unsubscribing from our newsletter: To this end, HTTP data is temporarily processed on our web server. | Newsletter form HTTP data. | No automated decision-making takes place. | Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests). Our legitimate interest is to make the website content requested by the user available. | Hosting provider (for the subscription form), Email newsletter provider (for the unsubscribe form). |
To ensure the security of the IT infrastructure used to provide the form, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks): To this end, data is temporarily stored and analyzed in log files on our web server. | Newsletter form HTTP data. | No automated decision-making takes place. | Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests). Our legitimate interest is to ensure the security of the IT infrastructure used to provide the form, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks). | Hosting provider, Email newsletter provider. |
“Double opt-in” process for confirming subscriptions: To this end, we send an email message with a request for confirmation to the email address specified at the time of subscription. A subscription only becomes active if the subscriber confirms the email address by clicking on the confirmation link contained in the email. | Newsletter subscription data, Newsletter opt-in data. | No automated decision-making takes place. | Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests). Our legitimate interest is to document your consent to receive the newsletter in a manner that is legally compliant. | Email newsletter provider. |
To send the newsletter to newsletter subscribers. We use the optional information provided at the time of subscription to personalize how the ad-dressee is addressed in the newsletter. | Newsletter subscription data, Newsletter opt-in data. | No automated decision-making takes place. | Article 6(1)(a) of the General Data Protection Regulation (consent). | Email newsletter provider. |
To store and process the data for evidentiary purposes in order to establish, exercise, or defend any legal claims. | Newsletter subscription data, Newsletter opt-in data. | No automated decision-making takes place. | Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests). Our legitimate interest is to establish, exercise, or defend legal claims. | Email newsletter provider. |
To analyze the usage patterns of newsletter subscribers in relation to our newsletter and create usage profiles using pseudonyms for the purpose of personalizing the newsletter. | Newsletter subscription data, Newsletter opt-in data, Newsletter tracking pixel data, Newsletter profile data. | No automated decision-making takes place. | Article 6(1)(a) of the General Data Protection Regulation (consent). | Email newsletter provider. |
3. Details of the recipients of personal data and the transfer of personal data to third countries and/or international organizations
Recipient | Role of the recipient | Registered office of the recipient | Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organizations |
Hosting provider (currently: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany) | Processor. | EU. | - |
Email newsletter provider. (currently: CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede) | Processor. | EU. | - |
The website features what are known as third-party plug-ins that allow you to make use of features offered by third-party providers on the website. The plug-ins are embedded in the website by means of what is referred to as a “2-click solution.” With this solution, the respective plug-in is not activated directly when visiting the website; this only occurs if you click on the activate button for the respective plug-in.
If you activate a third-party plug-in, you are using a feature offered by the provider of the respective plug-in on its responsibility, which is only optically embedded in the presentation of our website. When activating the respective plug-in, the provider of the respective plug-in may receive personal data from you. In addition, when the respective plug-in is activated, the provider of the respective plug-in may use cookies (Section C).
Our website also contains simple links to our social media profiles (social media links).
More detailed information is available below:
1. Third-party plug-ins and social media links featured on the website
|
Plug-in/social media link |
Third-party provider |
Further information about the provider |
Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organizations |
|
Facebook button. (This is nothing more than a simple social media link.) |
Meta Platforms Ireland Ltd: 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland |
Further information about the processing of data by the provider is available in the provider’s privacy policy: |
Facebook is certified under the EU-U.S. Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. An adequacy decision has been issued by the European Commission in relation to the EU-U.S. Privacy Shield: http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016D1250. |
|
LinkedIn button.
(This is nothing more than a simple social media link.) |
LinkedIn Corporation: 2029 Stierlin Court, Mountain View, CA 94043, USA. |
Further information about the processing of data by the provider is available in the provider’s privacy policy: |
LinkedIn is certified under the EU-U.S. Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0 An adequacy decision has been issued by the European Commission in relation to the EU-U.S. Privacy Shield http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016D1250. |
|
Xing button.
(This is nothing more than a simple social media link.) |
Xing AG: Dammtorstrasse 29-32, 20354 Hamburg, Germany. |
Further information about the processing of data by the provider is available in the provider’s privacy policy: |
- |
|
Vimeo player. |
Vimeo, Inc.: 555 W 18th St, New York, New York 10011, USA |
For more information about the feature, please see the provider’s description: https://vimeo.com/cookie_policy Further information about the processing of data by the provider is available in the provider’s privacy policy: |
Vimeo is certified under the EU-U.S. Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Active An adequacy decision has been issued by the European Commission in relation to the EU-U.S. Privacy Shield: http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016D1250. |
|
Twitter button.
(This is nothing more than a simple social media link.) |
Twitter, Inc.: 1355 Market Street, Suite 900, San Francisco, CA 94103, USA |
Further information about the processing of data by the provider is available in the provider’s privacy policy: |
Twitter is certified under the EU-U.S. Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO An adequacy decision has been issued by the European Commission in relation to the EU-U.S. Privacy Shield: http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016D1250. |
|
Instagram button. (This is nothing more than a simple social media link.) |
Meta Platforms Ireland Ltd: 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland |
Further information about the processing of data by the provider is available in the provider’s privacy policy: |
Facebook is certified under the EU-U.S. Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. An adequacy decision has been issued by the European Commission in relation to the EU-U.S. Privacy Shield: http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016D1250. |
2. Processing of personal data by providers of third-party plug-ins
The third-party plug-ins are embedded in the website by means of what is referred to as a “2-click solution.” With this solution, the respective plug-in is not acti-vated directly when visiting the website; this only occurs if you click on the activate button for the respective plug-in. The activate button features the name of the respective plug-in and, if applicable, a logo of the third-party provider.
The 2-click solution ensures that your internet browser does not initially connect to the server of the respective plug-in provider when visiting the website. This means that the provider of the respective plug-in cannot initially collect any personal data from you via the respective plug-in when you visit the website. It is only by clicking on the activate button for the respective plug-in that the respective plug-in is activated. Activation involves making a connection to the server of the respective plug-in provider. This allows the provider of the activated plug-in to collect personal data from you. Activating the respective plug-in is technically comparable to clicking on a link to an external website, the difference being that the content accessed does not appear in a new window/tab of your internet browser but is instead optically embedded in our website. The data exchange initiated by you through the activation and use of the plug-in takes place exclusive-ly between your internet browser and the servers of the respective plug-in provider. If you activate a third-party plug-in, you are therefore using a feature of-fered by the provider of the respective plug-in on its responsibility, which is optically embedded in the presentation of our website.
When activating the respective plug-in, the provider of the respective plug-in (comparable to accessing an external website through a link) may obtain, in par-ticular, your IP address and the address (URL) of the website from which you initiate the activation process. In addition, the provider of the activated plug-in may obtain information from any cookies of the respective provider stored in your internet browser. By simply initiating the activation process for the respective plug-in, you thus enable the provider of the respective plug-in to obtain, at a minimum, the information that our website was accessed via the IP address as-signed to you at the time of access. If you are registered as a user with the respective third-party provider, the provider of the respective plug-in is also typically able to attribute the data obtained to your user account. Please note that we have no knowledge of the specific data collected by the respective plug-in provider. Nor do we have any knowledge of the specific purposes of the processing of data collected by the provider of the respective plug-in, or of other details about the processing of data by the respective provider. In particular, we do not know whether the respective provider processes the data collected solely to provide the feature associated with the respective plug-in (e.g., sharing certain content or submitting comments) or for any other purposes (e.g., user profiling or personal-ized advertising).
You have the opportunity to order shipping materials on our website. We process personal data of users of the order form for the following purposes:
- To provide the ordering functionality on the website.
- To process orders for shipping materials.
- To retain it as evidence in order to establish, exercise, or defend any legal claims.
- To retain it in order to fulfill legal retention obligations, especially pursuant to commercial law and tax law.
- To ensure the security of the IT infrastructure used to provide the order form, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks).
More detailed information is available below:
1. Details about the personal data processed
Categories of personal data processed | Personal data included in the categories | Sources of the data | Obligation to provide the data | Retention period |
HTTP data. | Protocol data generated for technical reasons when accessing the order form on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes the IP address, type and version of your internet browser, the operating system used, the page accessed, the previously visited page (referrer URL), and the date and time of access. | Users of the order form. | It is not legally or contractually stipulated that data must be made available, nor is it required for the conclusion of a contract. There is no obligation to make this data available. If the data is not made available, we cannot make the requested website content available. | Data is stored for a maximum period of 7 days in server log files in a form that allows for the identification of data subjects, unless a security-related incident occurs (e.g., a DDoS attack). In the event of a security-related incident, server log files are stored until the security-related incident is eliminated and completely resolved. |
Contact details. | Data you provide us with as part of the order process for contact purposes related to the processing of your order. This includes the name of the office/laboratory/firm, title, first name, last name, mailing address, telephone number, email address, fax number. | Users of the order form. If you are logged in to your account when using the order form, this data is taken from your customer account.
| The data is required for free shipment of shipping materials. There is no obligation to make this data available. If the data is not made available, you cannot order any items using our order form. | We store the data until your order has been fully processed, i.e., until the shipping materials have been shipped. In addition, we store this data for evidentiary purposes in order to establish, exercise, or defend any legal claims for a transition period of three years from the end of the year in which you provided us with the data, and until any legal disputes that may arise have been concluded. We also store this data to the extent required by legal retention obligations, especially pursuant to commercial law and tax law. Depending on the type of documents, commercial and tax-related retention obligations of six or ten years may apply (Section 147 of the German Tax Code (AO), Section 257 of the German Commercial Code (HGB)). |
Order data. | Information about your order. This includes details relating to the items (item description, quantity), the date and time of the respective purchase, and the status of your order. | Independently generated. | - | We store the data until your order has been fully processed, i.e., until the shipping materials have been shipped. In addition, we store this data for evidentiary purposes in order to establish, exercise, or defend any legal claims for a transition period of three years from the end of the year in which you provided us with the data, and until any legal disputes that may arise have been concluded. We also store this data to the extent required by legal retention obligations, especially pursuant to commercial law and tax law. Depending on the type of documents, commercial and tax-related retention obligations of six or ten years may apply (Section 147 of the German Tax Code (AO), Section 257 of the German Commercial Code (HGB)). |
Transactional email data. | Data from transactional emails that we send to process/reverse your order (e.g., order placement confirmation). This includes the content and time of the transactional emails. | Independently generated. | - | We store the data until your order has been fully processed, i.e., until the shipping materials have been shipped. In addition, we store this data for evidentiary purposes in order to establish, exercise, or defend any legal claims for a transition period of three years from the end of the year in which you provided us with the data, and until any legal disputes that may arise have been concluded. We also store this data to the extent required by legal retention obligations, especially pursuant to commercial law and tax law. Depending on the type of documents, commercial and tax-related retention obligations of six or ten years may apply (Section 147 of the German Tax Code (AO), Section 257 of the German Commercial Code (HGB)). |
2. Details about the processing of personal data
Purpose of the processing of personal data | Categories of personal data processed | Automated decision-making | Legal basis and, if applicable, legitimate interests | Recipient |
To provide the ordering functionality on our website. To this end, HTTP data is temporarily processed on our web server. | HTTP data. | No automated decision-making takes place. | Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests). Our legitimate interest is to make the website content requested by the user available. | Hosting provider. |
To process orders for shipping materials. This includes the shipment of shipping materials to our existing customers. If an order is placed by a new customer, we start by contacting the customer and clarifying the details for commencing a business relationship. | Contact details, Order data, Transactional email data. | No automated decision-making takes place. | Article 6(1)(b) of the General Data Protection Regulation (fulfilling a contract to which the data subject is a party or taking steps at the request of the data subject prior to entering into a contract). If the orderer is not currently a direct contracting party and not set to become one: Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests). Our legitimate interest is to conclude contracts with our clients and fulfill these contracts. | - |
To retain it as evidence in order to establish, exercise, or defend any legal claims. | Contact details, Order data, Transactional email data. | No automated decision-making takes place. | Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests). Our legitimate interest is to establish, exercise, or defend legal claims. | - |
To retain it in order to fulfill legal retention obligations, especially pursuant to commercial law and tax law. Depending on the type of documents, commercial and tax-related retention obligations of six or ten years may apply (Section 147 of the German Tax Code (AO), Section 257 of the German Commercial Code (HGB)). | Contact details, Order data, Transactional email data. | No automated decision-making takes place. | Article 6(1)(c) of the General Data Protection Regulation (compliance with a legal obligation). | - |
To ensure the security of the IT infrastructure used to provide the order form, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks): To this end, data is temporarily stored and analyzed in log files on our web server. | HTTP data | No automated decision-making takes place. | Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests). Our legitimate interest is to ensure the security of the IT infrastructure used to provide the form, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks). | Hosting provider. |
3. Details of the recipients of personal data and the transfer of personal data to third countries and/or international organizations
Recipient | Role of the recipient | Registered office of the recipient | Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organizations |
Hosting provider. | Processor. | EU. | - |
You have the opportunity to transmit patient data and requests to us digitally on our website. We process personal data for the following purposes:
- To provide the order entry service on our website.
- To process your request including the transmission of patient data.
- To enable the viewing of the processing status of ongoing analyses.
- To retrieve diagnostic data.
- To retain it as evidence in order to establish, exercise, or defend any legal claims.
- To retain it in order to fulfill legal retention obligations, especially pursuant to commercial and tax law and laws governing professions.
- To ensure the security of the IT infrastructure used to provide the order form, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks).
More detailed information is available below:
1. Details about the personal data processed
|
Categories of personal data processed |
Personal data included in the categories |
Sources of the data |
Obligation to provide the data |
Retention period |
|
HTTP data, patient data (master data, contact details), data of the treating physician, insurance details, sample data,
diagnosis, submitter data, billing data, usage data |
Protocol data generated for technical reasons when accessing order entry on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes the IP address, type and version of your internet browser, the operating system used, the page accessed, the previously visited page (referrer URL), and the date and time of access. Patient master data, such as name, date of birth, gender, health insurance, health insurance number, insured type, billing type. Contact details such as private address. Sample data such as indication of material type, e.g., bone marrow, peripheral blood. Submitter data, such as name, address, institution, LA no.
|
Submitting physician |
Protocol data: It is not legally or contractually stipulated that data must be available, nor is it required for the conclusion of a contract. There is no obligation to make this data available. If the data is not made available, we cannot make the requested website content available. Patient data, contact details, sample data and submitter data: Provision is necessary for the fulfillment of the contract. |
Data is stored for a maximum period of 7 days in server log files in a
form that allows for the identification of data subjects, unless a
security-related incident occurs (e.g., a DDoS attack). Patient data, contact details and sample data are stored in accordance with the legal retention requirements. Submitter data is stored for the duration of the existing AIS connection. |
2. Details about the processing of personal data
|
Purpose of the processing of personal data |
Categories of personal data processed |
Automated decision-making |
Legal basis and, if applicable, legitimate interests |
Recipient |
|
To provide order entry on the website.
|
HTTP data. |
No automated decision-making takes place. |
Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests). Our legitimate interest is to make the website content requested by the user available. |
Hosting provider |
|
To process the diagnostics request.
|
Patient data, Contact details, Sample data, Submitter data. |
No automated decision-making takes place. |
Article 9(2)(h) of the General Data Protection Regulation (processing is necessary for the purposes of preventative medicine, medical diagnosis and services). |
MLL |
|
To retain it as evidence in order to establish, exercise, or defend any legal claims. |
Patient data, Contact details, Sample data, Submitter data. |
No automated decision-making takes place. |
Article 6(1)(f) of the General Data Protection Regulation (pursuing a legitimate interest subject to a balancing of interests). Our legitimate interest is to establish, exercise, or defend legal claims. |
MLL |
|
To retain it in order to fulfill legal retention obligations, especially pursuant to commercial law and tax law.
|
Contact details, Patient data, Sample data, Submitter data. |
No automated decision-making takes place. |
Article 6(1)(c) of the General Data Protection Regulation (compliance with a legal obligation). |
MLL |
|
To ensure the security of the IT infrastructure used to provide order entry, in particular for the detection, elimination, and legally admissible documentation of faults/malfunctions (e.g., DDoS attacks):
|
HTTP data. |
No automated decision-making takes place. |
Article 6(1)(f) of the General Data Protection
Regulation (pursuing a legitimate interest subject to a balancing of
interests). |
Hosting provider. |
3. Details of the recipients of personal data and the transfer of personal data to third countries and/or international organizations
|
Recipient |
Role of the recipient |
Registered office of the recipient |
Adequacy decision or suitable or appropriate safeguards for transfers to third countries and/or international organizations |
|
Hosting provider. |
Processor. |
EU. |
- |
C. Information about the use of cookies
We use cookies in connection with providing the website www.mll.com. In doing so, we make use of the processing and storage functionality of your de-vice’s browser and collect information from the memory of your device’s browser.
More detailed information is available below.
Cookies are small text files containing information that can be placed on the user’s device via the browser when visiting a website. When you revisit the website using the same device, the cookie and the information it contains may be retrieved.
1. First- und third-party cookies
Depending on the origin of a cookie, it is possible to distinguish between what are known as first-party cookies and third-party cookies:
| First-party cookies | Cookies that are placed and accessed by the operator of the website as the controller or by a processor commissioned by them. |
| Third-party cookies | Cookies that are placed and accessed by controllers other than the website operator who are not acting as processors on behalf of the website operator. |
2. Transient and persistent cookies
Depending on the period of validity, it is possible to distinguish between transient and persistent cookies:
Transient cookies | Cookies that are automatically erased when you close your browser. |
Persistent cookies | Cookies that remain stored on your device for a certain period of time after you close your browser. |
3. Cookies that require/do not require consent
Depending on their function and purpose, the use of certain cookies may require the user’s consent. To this extent, it is possible to distinguish between cookies based on whether the user’s consent is required for their use:
Cookies that do not | Cookies whose sole purpose is to transmit a message via an electronic communications network. |
Cookies that are strictly necessary for the provider of an information society service that has been expressly requested by the subscriber or user to be able to provide this service (“cookies that are strictly necessary”). | |
Cookies that require consent | Cookies for all other purposes than those mentioned above. |
1. Granting consent to the use of cookies and management of cookies via the cookie dashboard
If the use of certain cookies requires the user’s consent, we will only place these cookies when you use the website if you have given your prior consent. For in-formation about whether consent is required for the use of a cookie, please see the information about the cookies used on this website in Section C.III. of this privacy policy.
When you visit our website, we display what is known as a “cookie banner,” which allows you to declare your consent to the use of cookies on this website by clicking on a button. By clicking on the button provided for this purpose, you have the option to consent to the use of the cookies described in detail in Section C.III. of this privacy policy that require consent. The “Data protection and cookie settings” section of this website also gives you the option to revisit and custom-ize your selection at a later time.
We also store your consent and, if applicable, your individual selection of cookies in the form of a cookie (“opt-in cookie”) on your device in order to determine whether you have already given your consent when you revisit the website. The opt-in cookie, and thus your consent as well, is valid for a limited period of 12 months.
2. Management of cookies via browser settings
You can also manage the use of cookies in your browser settings. Different browsers offer different ways to configure the cookie settings in the browser. Further detailed information is available, for instance, at http://www.allaboutcookies.org/ge/cookies-verwalten/.
Please note, however, that some of the website’s functionality may not or no longer function properly if you generally deactivate cookies in your browser.
The following cookies may be used on this website:
Name | First-party/third-party | Purpose and content | Period of validity | Need for consent |
| Opt-In cookies | ||||
Cookie_consent | First-party | This cookie is strictly necessary for storing your consent and, if applicable, your individual se-lection regarding the use of cookies on your device in order to determine whether you have already given your consent when you revisit the website. | 12 months. | No. |
Matomo cookies These cookies are used by the web analysis tool Matomo to record and analyze usage patterns on our website in order to improve the website | ||||
_pk_ref | First-party | This cookie is used to track from which website the anonymized user proceeded to www.mll.com or to any MLL sub-page. The respective URL is saved as a string, which specifies the referrer, or rather the website from which the respective MLL page was accessed, in a cookie to be able to create and analyze corresponding statistics. | 6 months. | Yes. |
_pk_testcookie | First-party | Integer value—a test cookie created by Matomo to verify whether the website’s cookie functionality and cookie settings are configured correctly for Matomo. | Session. | Yes. |
_pk_id | First-party | This cookie contains a unique, pseudonymized visitor ID internal to Matomo for recognizing repeat visitors. The
_pk_id is an ID that makes it possible to verify which routes a website
visitor has clicked on. A generated identifier is used for this
purpose. On the basis of this ID, http requests can be linked to each
other and corresponding statistics can be generated on e.g. B. the
number of visits, average time a user stays on the website and the
number of pages read. |
| Yes. |
_pk_ses | First-party | The
Matomo session cookie is used to track the visitor's page requests
during the session. The cookie is automatically deleted at the end of
each session (website visit), at the latest after one day. It is not
possible to identify individuals using these cookies. The cookies are
used to compile user statistics that cannot be directly tied to
individuals (“pseudonymous usage profiles”). | 1 day. | Yes. |
Third-party plug-in cookies | ||||
| Third-party plug-in cookies | Third-party | We have no knowledge of the specific purposes, content, and retention period of the cookies used by the provider of the plug-in, includ-ing whether or not they require consent. | ||
D. Information about the rights of data subjects
As a data subject, you have the following rights with regard to the processing of your personal data:
Right of access (Article 15 of the General Data Protection Regulation)
Right to rectification (Article 16 of the General Data Protection Regulation)
Right to erasure (“right to be forgotten”) (Article 17 of the General Data Protection Regulation)
Right to restriction of processing (Article 18 of the General Data Protection Regulation)
Right to data portability (Article 20 of the General Data Protection Regulation)
Right to object (Article 21 of the General Data Protection Regulation)
Right to withdraw consent (Article 7(3) of the General Data Protection Regulation)
Right to lodge a complaint with a supervisory authority (Article 77 of the General Data Protection Regulation)
To exercise your rights, please contact us using the contact details provided in Section A.
For information about any specific procedures and mechanisms that may facilitate the exercise of your rights, in particular the exercise of your rights to data portability and to object, please see the information about the processing of personal data in Section B of this privacy policy.
As a data subject, you have a right of access subject to the conditions set out in Article 15 of the General Data Protection Regulation.
In particular, this means that you have the right to obtain confirmation from us as to whether we are processing personal data concerning you. If this is the case, you also have a right of access to this personal data and the information listed in Article 15(1) of the General Data Protection Regulation. This includes, for in-stance, information about the purposes of the processing, the categories of personal data processed, and the recipients or categories of recipients to whom the personal data has been or will be disclosed (Article 15(1)(a), (b), and (c) of the General Data Protection Regulation).
The full scope of your right of access is set out in Article 15 of the General Data Protection Regulation, which you can access via the following link: eur-lex.europa.eu/legal-content/DE/TXT/HTML/.
As a data subject, you have a right to rectification subject to the conditions set out in Article 16 of the General Data Protection Regulation.
In particular, this means that you have the right to request us to rectify inaccuracies in your personal data and fill in the gaps of incomplete personal data with-out undue delay.
The full scope of your right to rectification is set out in Article 16 of the General Data Protection Regulation, which you can access via the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679 .
As a data subject, you have a right to erasure (“right to be forgotten”) subject to the conditions set out in Article 17 of the General Data Protection Regulation.
This means that you generally have the right to request us to erase personal data concerning you without undue delay, and we are obligated to erase personal data without undue delay if one of the grounds listed in Article 17(1) of the General Data Protection Regulation applies. This may be the case, for instance, if personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed (Article 17(1)(a) of the General Data Protec-tion Regulation).
If we have made the personal data public and are obligated to erase it, we are also obligated, taking account of available technology and the cost of implemen-tation, to take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that a data subject has re-quested that they erase any links to, or copies or replications of, this personal data (Article 17(2) of the General Data Protection Regulation).
The right to erasure (“right to be forgotten”) does not apply to the extent that the processing is necessary on grounds listed in Article 17(3) of the General Data Protection Regulation. This may be the case, for instance, to the extent that the processing is necessary in order to comply with a legal obligation, or establish, exercise, or defend legal claims (Article 17(3)(a) and (e) of the General Data Protection Regulation).
The full scope of your right to erasure is set out in Article 17 of the General Data Protection Regulation, which you can access via the following link: eur-lex.europa.eu/legal-content/DE/TXT/HTML/.
As a data subject, you have a right to restriction of processing subject to the conditions set out in Article 18 of the General Data Protection Regulation.
This means that you have the right to request us to restrict processing if one of the conditions listed in Article 18(1) of the General Data Protection Regulation applies. This may be the case, for instance, if you contest the accuracy of the personal data. In this case, the processing is restricted for a period that enables us to verify the accuracy of the personal data (Article 18(1)(a) of the General Data Protection Regulation).
Restriction of processing means marking of stored personal information so as to limit its future processing (Article 4(3) of the General Data Protection Regula-tion).
The full scope of your right to restriction of processing is set out in Article 18 of the General Data Protection Regulation, which you can access via the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.
As a data subject, you have a right to data portability subject to the conditions set out in Article 20 of the General Data Protection Regulation.
This means that you generally have the right to receive the personal information concerning you that you have made available to us in a structured, commonly used, and machine-readable format, and that you have the right to transmit this data to another controller without hindrance from us if the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation or on a contract pursuant to Article 6(1)(b) of the General Da-ta Protection Regulation, and the processing is carried out by automated means (Article 20(1) of the General Data Protection Regulation).
For information about whether the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation or on a contract pursuant to Article 6(1)(b) of the General Data Protection Regulation, please see the information about the legal bases for the processing in Section B of this privacy policy.
When exercising your right to data portability, you also generally have the right to have the personal data transmitted directly from us to another controller to the extent that this is technically feasible (Article 20(2) of the General Data Protection Regulation).
The full scope of your right to data portability is set out in Article 20 of the General Data Protection Regulation, which you can access via the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.
As a data subject, you have a right to object subject to the conditions set out in Article 21 of the General Data Protection Regulation.
By no later than the time of our first communication with you, we expressly draw the attention of you, as the data subject, to your right to object.
More detailed information is available below:
1. Right to object on grounds relating to the particular situation of the data subject
As a data subject, you have the right to object at any time on grounds relating to your particular situation to personal data concerning you being processed based on Article 6(1)(e) or (f) of the General Data Protection Regulation, including profiling based on these provisions.
For information about whether the processing is based on Article 6(1)(e) or (f) of the General Data Protection Regulation, please see the information about the legal bases for the processing in Section B of this privacy policy.
In the event of an objection on grounds relating to your personal situation, we will cease processing the personal data concerning you unless we can demon-strate compelling, legitimate grounds for the processing that override your interests, rights, and freedoms, or the data is processed in order to establish, exer-cise, or defend legal claims.
The full scope of your right to object is set out in Article 21 of the General Data Protection Regulation, which you can access via the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.
2. Right to object to direct marketing
If personal data is processed for the purposes of direct marketing, then you have the right to object at any time to such processing of personal data concerning you, including profiling to the extent that it is related to such direct marketing.
For information about whether and to what extent personal data is processed for the purposes of direct marketing, please see the information about the purpos-es of the processing in Section B of this privacy policy.
In the event of an objection to processing for the purposes direct marketing, we will cease processing the personal data concerning you for these purposes.
The full scope of your right to object is set out in Article 21 of the General Data Protection Regulation, which you can access via the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.
If the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation, you, as the data subject, have the right to withdraw your consent at any time pursuant to Article 7(3) of the General Data Protection Regulation. Withdrawing your consent does not affect the lawfulness of the processing that took place based on your consent up until the time of withdrawal. We inform you of this before you give your consent.
For information about whether the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the General Data Protection Regulation, please see the information about the legal bases for the processing in Section B of this privacy policy.
As a data subject, you have the right to lodge a complaint with a supervisory body subject to the conditions set out in Article 77 of the General Data Protection Regulation.
Our supervisory authority is:
Bayerisches Landesamt für Datenschutzaufsicht
Postfach 1349
91504 Ansbach
Deutschland
E-Mail: poststelle@lda.bayern.de
Telefon: +49 (0) 981 180093-0
The technical terms featured in this privacy policy take their meaning from the General Data Protection Regulation.
The full scope of the definitions found in the General Data Protection Regulation is set out in Article 4 of the General Data Protection Regulation, which you can access via the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679
More detailed information about the most important technical terms from the General Data Protection Regulation that are featured in this privacy policy is available below:
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
“Data subject” means in each case the identified or identifiable natural person to whom personal data relates;
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;
“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
“Recipient” means a natural or legal person, public authority, agency, or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of this data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
“Third party” means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
“International organization” means an organization and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries;
“Third country” means a country that is not a Member State of the European Union (“EU”) or the European Economic Area (“EEA”);
“Special categories of personal data” means data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.
E. Effective date of and changes to this privacy policy
This privacy policy is valid as of 10th of December 2019.
Due to technical developments and/or changes in legal and/or official requirements, it may become necessary to adapt this privacy policy.