We appreciate your interest in our website. The protection of your personal data is very important to us. We would like to inform you here about the collection and use of personal data on our website.
Collection of personal data
For the use of our website, it is generally not necessary that you give us personal data, such as your name or your e-mail address, unless you want to use products offered on our website such as offers or services in our online shop. In this case, you will need to provide certain data.
This website uses Google Analytics or other technology to collect and store data for marketing and optimization purposes. From this data, usage profiles can be created under a pseudonym. Cookies may be used. Cookies are small text files stored locally in the cache of the site visitor’s internet browser. Cookies enable recognition of the internet browser. The data collected with the etracker technologies will not be used to personally identify the visitor to this website without the special consent of the data subject. A merger with personal data regarding the bearer of the pseudonym does not take place.
The data collected by the technologies will not be used to personally identify the visitor to this website or be combined with personal data about the bearer of the pseudonym without the specific consent of the data subject. Data collection and storage can be objected to at any time with effect for the future.We use your personal data for needs-based (direct) advertising purposes. This means that after you purchase goods or services from us, we will send you information emails for similar goods or services in the future. These emails will only be sent after an order has been completed.
The legal basis for the processing of your personal data is Art. 6 para. 1 p. 1 lit. f GDPR. You can request to no longer receive such information emails from us at any time. To do so, please contact us by e-mail at firstname.lastname@example.org.
Use and transfer of personal data
Collection, processing and storage of your information, insofar as you have provided it, is done only for the purposes for which you have contacted us, e.g. for the processing of the purchase.
Transfer of your data to third parties does not occur without your express consent.
Privacy notice when using our Facebook Fanpage
Our website contains programs or plug-ins of the social network Facebook. This is the button with the Facebook logo and the associated link “Like” button. The social network is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereafter Facebook). A so-called fan page is hosted there for us. All data processing in this context is not carried out by us, but by Facebook. Which data processing operations Facebook undertakes during and after the visit of a fan page by a user is not known exactly. We can therefore only provide the following information based on the currently available level of knowledge:
Even if you are not logged in to Facebook, Facebook stores and uses data about the operating system used, the browser version, the IP address and the origin location that can be derived from it.
In addition, Facebook can recognize you via so-called “cookies” as a non-logged in/unregistered user and use the statistical data obtained from the page request on your next login or your first registration on Facebook for profile creation.
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. We will not share this data without your consent.
If you would like to receive the newsletter offered on the website, we need an e-mail address from you, as well as information that allows us to verify that you are the owner of the specified e-mail address and that you agree to receive the newsletter. Further data is not collected. We use this data exclusively for the delivery of the requested information and do not pass it on to third parties.
The granted consent to the storage of the data, the e-mail address and their use for sending the newsletter can be revoked at any time, for example via the “unsubscribe” link in the newsletter.
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google Analytics uses so-called “cookies.” These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
1. Scope of processing of personal data
We use functionalities of the web analysis and optimization service Google Optimize of Google LLC, 1600 Amphitheatre Parkway, CA 94043, Mountain View, USA (and its representative in the Union Google LLC, Gordon House, Barrow Street, 4, Dublin, Ireland, hereinafter referred to as Google).
Google Optimize is used to increase the attractiveness, functionality and content of websites by statistically evaluating changes in usage.
Cookies are stored by Google on your device.
The following personal data is thereby processed by Google:
- IP address (anonymized)
- User ID
DaHowever, since we generally or to a large extent have no influence on the processing of your personal data by Google, we cannot provide any binding information on the purpose and scope of the processing of your data.
More information on the processing of data by Google can be found here:
2. Purpose of data processing:
The use of Google Optimize serves us to increase the attractiveness of web content.
3. Legal basis for the processing of personal data
RechThe legal basis for data processing is Art. 6 (1) (1) (f) GDPR. Our legitimate interest lies in the purposes of data processing mentioned under 2.
4. Duration of storage
5. Possibility of objection and removal
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.
You can prevent the collection and processing of your personal data by Google by preventing the storage of cookies from third parties on your computer, by using the “Do Not Track” function of a supporting browser, by deactivating the execution of script code in your browser or by using a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser
Further information on objection and removal options against Google can be found at:
We have activated the function IP anonymization on this website. As a result, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the US and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by your browser to Google Analytics within the framework of Google Analytics will not be merged with other data from Google.
Use of Google Web Fonts
1. Amount of processing of personal data
Google Webfonts are used to improve the visual presentation of different information on this website. When the page is opened, the web fonts are transferred to the browser’s cache so that they can be used for display. If the browser does not support Google web fonts or does not allow access, then the text will be displayed in a default font. When opening the page, no cookies are saved with the website visitor. Data transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.
2. Rechtsgrundlage für die Verarbeitung personenbezogener Daten
The legal basis for data processing is Art. 6 Para. 1 Letter f GDPR. The justified interest consists in a faultless functioning of the Internet page.
3. Legal basis for the processing of personal data
This is necessary so that your browser can display our texts in a visually improved manner. If your browser does not support this feature, your computer will use a default font for the display.
4. Duration of storage
We do not currently have any information about how long data is retained by our processor.
5. Right of contradiction and elimination
You can set your browser so that the fonts are not loaded by the Google servers (e.g. by installing add-ons like NoScript or Ghostery for Firefox). If your browser does not support Google fonts or if you block access to the Google servers, then the text will be displayed in the system’s default font.
Browser Plug in
You may refuse to have cookies saved by selecting the appropriate settings in your browser software; however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing the data, by downloading and installing the browser plug in available under this link.
Objection to data collection
Contracted data processing
We have concluded a contract with Google for contracted data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographics reports for Google Analytics
This website uses the “demographics reports” function of Google Analytics. This therefore enables the generation of reports regarding the age, gender and interests of the site visitors. This data comes from interest-related advertising by Google and from third-party visitor data. It is impossible to attribute this data to any specific person. You can deactivate this function at any time via the advertising settings in your Google account or generally prohibit the collection of your data by Google Analytics as described under “Objection to data collection”.
Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our pages that contains LinkedIn features, a connection is established to LinkedIn servers. LinkedIn will be informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, then LinkedIn will be able to associate your visit to our website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data as well as its use by LinkedIn.
Safety and security
We attach great importance to the greatest possible security of our system and use modern data storage and security techniques to protect your data optimally. This includes measures such as antivirus software or a firewall. It goes without saying that our security measures are continuously improved in line with technological developments.
HubSpot is a software company from the USA with a subsidiary in Ireland.
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 1 5187500. HubSpot is subject to the TRUSTe Privacy Seal and the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework.
Your personal data will only be passed on to third parties with your express consent, unless we are obliged to do so by court order or within the framework of criminal prosecution.
We also use the analysis service Hotjar to make our website better and more user-friendly. The analysis service is provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, +1 (855) 464-6788, email@example.com)
This tool records movements on the observed web pages in so-called heat maps. All data is collected without us being able to assign it to specific users. We can only understand how the mouse moves, where it clicks and how far it scrolls. This allows us to make our website better and more customer friendly. The screen size of the device, the device type, information about the browser, the country from which it was accessed and the preferred language are also recorded. When a website displays personal information, Hotjar automatically hides it. They are therefore not comprehensible to us.
To analyse your usage behaviour, so-called “cookies” (see the “Cookies” section above) are used, which are stored on your computer and enable an analysis of your use of the website. The information generated by the “Tracking Code” and “Cookie” about your visit to our website is transmitted to the Hotjar servers and stored there. The tracking code collects the following information about your device such as IP address, device type and browser information, geographic location (country only), preferred language to display our website, pages visited, date and time when the website was accessed. Hotjar shortens your IP address before it is further processed. If the data collected about you has a personal reference, this is immediately excluded and the personal data is deleted immediately.
Hotjar will use this information for the purpose of evaluating your use of our website, compiling reports on such use and providing other services relating to website use and internet evaluation of the website. Hotjar also uses third-party services such as Google Analytics and Optimizely to provide services. These third party companies may store information that your browser sends when you visit the website, such as cookies or IP requests. For more information on how Google Analytics and Optimizely store and use data, please refer to their respective privacy statements.
The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. f) DSGVO. The cookies that Hotjar uses have different storage periods. Some remain valid for up to 365 days, some remain valid only during the current visit. You can find an overview of the storage period at: https://www.hotjar.com/legal/policies/cookie-information. Further information about hotjar Ltd. and about the hotjar tool can be found at: https://www.hotjar.com/legal/policies/privacy.
You can object to the processing. Your right to object exists for reasons arising from your particular situation. We will not further process your data unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves to assert and exercise or defend against legal claims (Art. 21 para. 1 DSGVO).
You can object to the processing in various ways:
- if you click on this Opt-Out link.
- by activating the Do-Not-Track function in your browser software, which is supported by Hotjar. For instructions on activating the Do-Not-Track feature, visit: https://www.hotjar.com/legal/compliance/opt-out
- by setting your browser software accordingly, in particular by suppressing third party cookies, you will not receive advertisements from third parties, or
- by opening the used browser in “private mode” to prevent the tracking of your usage process.
Use of Google Ads Remarketing
- Extent of processing of personal data
We use Google Ads Remarketing of Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). Google Remarketing is used for the renewed addressing of visitors to the website for advertising purposes via Google Ads advertisements. Google Ads Remarketing can be used to create target groups (“similar target groups”) who, for example, have visited certain pages. This makes it possible to identify the user on other websites and to display targeted advertising. During this process, Google places a cookie on the user’s computer. This allows personal data to be stored and analyzed, especially the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data on the advertisements displayed (in particular which advertisements have been displayed and whether the user has clicked on them) and also data on advertising partners (in particular pseudonymized user IDs). Further information on the collection and storage of data by Google can be found here.
- Purpose of data processing
The purpose of processing personal data is to address a specific target group. The cookies stored on the user’s terminal device recognize the user who is visiting a website and are therefore able to display advertisements in line with the user’s interests.
- Legal basis for the processing of personal data
The legal basis for the processing is Article 6, Section 1, Clause 1, Letter f of the GDPR.
- Duration of data retention
- Options of opting out and removal
- You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer; by using the “Do Not Track” function of a supporting browser; by deactivating the execution of script code in your browser; or by installing a script blocker such as NoScript or Ghostery in your browser. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under this link. You can deactivate Google’s use of your personal data by clicking on this link. You can find further information on opting out and removal options relating to Google here. In addition, Google has signed and is certified under the privacy shield agreement concluded between the European Union and the USA. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found under this link.
Our websites may contain links to websites of other providers which are not covered by this data protection declaration.
Data protection officer
Status as of May 26, 2018
I. Name and address of the party responsible for the processing
This data protection declaration applies to data processing by the following Controller pursuant to Art. 4 No. 7 GDPR:
BIOMES NGS GmbH
II. Name and contact details of the company data protection representative
The data protection officer of BIOMES NGS GmbH is the external service provider DataGuard.
III. Principles of personal data processing
BIOMES NGS GmbH undertakes to protect and respect the principles of data processing in accordance with Art. 5 Para. 1 GDPR. These include the lawfulness of processing, fairness of processing, transparency, purpose limitation, minimization of data, accuracy of data processing, limitation of storage, and the integrity and confidentiality of data. These principles apply whenever we process personal data, i.e. any information relating to an identified or identifiable natural person. A special category of personal data is health data, the processing of which we refer to in particular. Health data is personal data relating to the physical or mental health of a natural person including the provision of health services, and which reveals information about that person’s state of health. Each of our employees who processes personal data undertakes in writing to observe data secrecy when starting work.
IV. g personal data during the ordering process
Within the framework of the ordering process, personal data is processed for the processing of the order. These include
- Name of the customer
- Company name (optional)
- Street and house number
- Zip code and place of residence
- Telephone (optional)
- E-mail address
- Order note (optional)
- Payment method (PayPal, Klarna, credit card)
The data processing serves for the execution of the order. The legal basis is Art. 6 Para. 1 Letter b GDPR. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case if you no longer wish to use the services and products of biomes.world or if you no longer wish to view the analysis results of your tested samples and wish to have your data deleted.
V. Registration and activation of the record on my.biomes.world
Registration and activation of the data set at my.biomes.world, you must register once and activate your data set. The following personal data is collected during registration:
- Surname and first name
- Company (optional)
After registration, the collected data set of the sample that was sent in and analyzed is activated. For this purpose, the following further aspects of the sample provider are queried:
- Profile name or sample identifier
- Activation code
- Comment (optional)
- Date of birth (optional)
- Age (optional)
- Height (optional)
- Weight (optional)
- Gender (optional)
- Nutrition type (optional)
- Sport activities (optional)
- Ingestion of probiotics (optional)
- Time of last antibiotic treatment (optional)
Some of the collected data relates to health. You provided the data voluntarily and the legal basis for data processing is the consent you gave according to Art. 9 Para. 2 Letter a GDPR. You can revoke this at any time. However, this does not affect the lawfulness of data processing carried out on the basis of consent prior to revocation. The data is used to attribute the sample to your person and for the customer-specific analysis of the sample you sent in. With this data, the analysis result can be presented in a more precise and personalized way, since it can be compared to a suitable subgroup and not with the whole cohort. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case if you no longer wish to use the services and products of biomes.world or if you no longer wish to view the analysis results of your tested samples and wish to have your data deleted.
VI. Processing of health data in the primary analysis process
In the primary analysis process, we examine the microbial DNA of your stool sample. The analysis process starts with the activation of the sample collection kit and ends when the analysis results are made available by e-mail and/or access to the dedicated dashboard, which you can reach at my.biomes.world. We examine your sample with sequencing methods and can thereby analyze microorganisms. Through a comparison with our scientific database, we can create your individual intestinal flora profile. This profile is analyzed with algorithms so that it is possible to draw conclusions about every bacterium living in your intestine. This in turn permits conclusions to be drawn about your state of health, which means that the results of the analysis constitute health data. Personal and analysis data is linked via encrypted pseudonymization. The personal data and the data of the analysis results are stored on two different, physically separated database systems and can only be attributed with the help of the cryptic pseudonymization ID.
The legal basis for the processing is your consent pursuant to Art. 9 Para. 2 Letter a GDPR and the purpose of the processing is the analysis of your intestinal flora. You can revoke your consent at any time, but the legality of the processing carried out on the basis of your consent up to the point of revocation will not be affected by this. We will delete your data if it is no longer necessary to achieve the purpose for which it has been collected. This is the case if you no longer wish to use the services and products of biomes.world or if you no longer wish to view the analysis results of your tested samples and wish to have your data deleted.
VII. Purchase of INTEST.pro from a business partner
If you purchase the INTEST.pro self-test from a pharmacy or another business partner, then the respective business partner will also process the personal data you provide (see V.) and will also have access to the dashboard and can view your analysis results. Your personal details are used for registration by the business partner at www.biomes.world. The business partner requires access to the analysis result in order to make the analysis results available in an advisory function.
The legal basis for data processing is the consent you gave according to Art. 9 Para. 2 Letter a GDPR. You can revoke this at any time. However, this does not affect the lawfulness of data processing carried out on the basis of consent prior to revocation. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case if you no longer wish to use the services and products of biomes.world or if you no longer wish to view the analysis results of your tested samples and wish to have your data deleted.
VIII. Secondary analysis process
The data from the primary analysis process will, with your permission, be used for a better and more understandable presentation in the dashboard or exported reports. This is done by anonymizing the data needed to evaluate the analysis results. No personal data will be processed in this context. In addition, the anonymized data is fed into a database with which other samples are cross-checked so that the overall analytical results can be continuously improved. It is not possible to draw conclusions about your person within the framework of the secondary analysis process.
IX. Rights of the data subject
If your personal data is processed, then you are a data subject within the meaning of the GDPR. You have the right
- To request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right of correction, deletion, limitation of processing or objection, the existence of a right of appeal, the origin of your data if it has not been collected by us, and the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details;
- To request the immediate correction of incorrect or incomplete personal data stored by us in accordance with Art. 16 GDPR;
- To demand the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for asserting, exercising or defending legal claims;
- To demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- To receive your personal data which you have provided to us in a structured, current and machine-readable format or to request transfer to another responsible person in accordance with Art. 20 GDPR.
X. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or of our company headquarters for this purpose.