We appreciate your interest in our website. The protection of your personal data is very important to us. We would like to inform you here about the collection and use of personal data on our website.
Collection of personal data
For the use of our website, it is generally not necessary that you give us personal data, such as your name or your e-mail address, unless you want to use products offered on our website such as offers or services in our online shop. In this case, you will need to provide certain data.
This website uses Google Analytics or other technology to collect and store data for marketing and optimization purposes. From this data, usage profiles can be created under a pseudonym. Cookies may be used. Cookies are small text files stored locally in the cache of the site visitor’s internet browser. Cookies enable recognition of the internet browser. The data collected with the etracker technologies will not be used to personally identify the visitor to this website without the special consent of the data subject. A merger with personal data regarding the bearer of the pseudonym does not take place.
The data collected by the technologies will not be used to personally identify the visitor to this website or be combined with personal data about the bearer of the pseudonym without the specific consent of the data subject. Data collection and storage can be objected to at any time with effect for the future.
Use and transfer of personal data
Collection, processing and storage of your information, insofar as you have provided it, is done only for the purposes for which you have contacted us, e.g. for the processing of the purchase.
Transfer of your data to third parties does not occur without your express consent.
Privacy notice when using our Facebook Fanpage
Our website contains programs or plug-ins of the social network Facebook. This is the button with the Facebook logo and the associated link “Like” button. The social network is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereafter Facebook). A so-called fan page is hosted there for us. All data processing in this context is not carried out by us, but by Facebook. Which data processing operations Facebook undertakes during and after the visit of a fan page by a user is not known exactly. We can therefore only provide the following information based on the currently available level of knowledge:
Even if you are not logged in to Facebook, Facebook stores and uses data about the operating system used, the browser version, the IP address and the origin location that can be derived from it.
In addition, Facebook can recognize you via so-called “cookies” as a non-logged in/unregistered user and use the statistical data obtained from the page request on your next login or your first registration on Facebook for profile creation.
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. We will not share this data without your consent.
If you would like to receive the newsletter offered on the website, we need an e-mail address from you, as well as information that allows us to verify that you are the owner of the specified e-mail address and that you agree to receive the newsletter. Further data is not collected. We use this data exclusively for the delivery of the requested information and do not pass it on to third parties.
The granted consent to the storage of the data, the e-mail address and their use for sending the newsletter can be revoked at any time, for example via the “unsubscribe” link in the newsletter.
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google Analytics uses so-called “cookies.” These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
We have activated the function IP anonymization on this website. As a result, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the US and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by your browser to Google Analytics within the framework of Google Analytics will not be merged with other data from Google.
Use of Google Web Fonts
1. Amount of processing of personal data
Google Webfonts are used to improve the visual presentation of different information on this website. When the page is opened, the web fonts are transferred to the browser’s cache so that they can be used for display. If the browser does not support Google web fonts or does not allow access, then the text will be displayed in a default font. When opening the page, no cookies are saved with the website visitor. Data transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.
2. Rechtsgrundlage für die Verarbeitung personenbezogener Daten
The legal basis for data processing is Art. 6 Para. 1 Letter f GDPR. The justified interest consists in a faultless functioning of the Internet page.
3. Legal basis for the processing of personal data
This is necessary so that your browser can display our texts in a visually improved manner. If your browser does not support this feature, your computer will use a default font for the display.
4. Duration of storage
We do not currently have any information about how long data is retained by our processor.
5. Right of contradiction and elimination
You can set your browser so that the fonts are not loaded by the Google servers (e.g. by installing add-ons like NoScript or Ghostery for Firefox). If your browser does not support Google fonts or if you block access to the Google servers, then the text will be displayed in the system’s default font.
Browser Plug in
You may refuse to have cookies saved by selecting the appropriate settings in your browser software; however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing the data, by downloading and installing the browser plug in available under this link.
Objection to data collection
Contracted data processing
We have concluded a contract with Google for contracted data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographics reports for Google Analytics
This website uses the “demographics reports” function of Google Analytics. This therefore enables the generation of reports regarding the age, gender and interests of the site visitors. This data comes from interest-related advertising by Google and from third-party visitor data. It is impossible to attribute this data to any specific person. You can deactivate this function at any time via the advertising settings in your Google account or generally prohibit the collection of your data by Google Analytics as described under “Objection to data collection”.
Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our pages that contains LinkedIn features, a connection is established to LinkedIn servers. LinkedIn will be informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, then LinkedIn will be able to associate your visit to our website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data as well as its use by LinkedIn.
Safety and security
We attach great importance to the greatest possible security of our system and use modern data storage and security techniques to protect your data optimally. This includes measures such as antivirus software or a firewall. It goes without saying that our security measures are continuously improved in line with technological developments.
HubSpot is a software company from the USA with a subsidiary in Ireland.
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 1 5187500. HubSpot is subject to the TRUSTe Privacy Seal and the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework.
Your personal data will only be passed on to third parties with your express consent, unless we are obliged to do so by court order or within the framework of criminal prosecution.
Use of Google Ads Remarketing
- Extent of processing of personal data
We use Google Ads Remarketing of Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). Google Remarketing is used for the renewed addressing of visitors to the website for advertising purposes via Google Ads advertisements. Google Ads Remarketing can be used to create target groups (“similar target groups”) who, for example, have visited certain pages. This makes it possible to identify the user on other websites and to display targeted advertising. During this process, Google places a cookie on the user’s computer. This allows personal data to be stored and analyzed, especially the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data on the advertisements displayed (in particular which advertisements have been displayed and whether the user has clicked on them) and also data on advertising partners (in particular pseudonymized user IDs). Further information on the collection and storage of data by Google can be found here.
- Purpose of data processing
The purpose of processing personal data is to address a specific target group. The cookies stored on the user’s terminal device recognize the user who is visiting a website and are therefore able to display advertisements in line with the user’s interests.
- Legal basis for the processing of personal data
The legal basis for the processing is Article 6, Section 1, Clause 1, Letter f of the GDPR.
- Duration of data retention
- Options of opting out and removal
- You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer; by using the “Do Not Track” function of a supporting browser; by deactivating the execution of script code in your browser; or by installing a script blocker such as NoScript or Ghostery in your browser. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under this link. You can deactivate Google’s use of your personal data by clicking on this link. You can find further information on opting out and removal options relating to Google here. In addition, Google has signed and is certified under the privacy shield agreement concluded between the European Union and the USA. By doing so, Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found under this link.
Data protection module GiroCheckout
As a service to their customers, GiroSolution GmbH makes this data protection module available for use in their customers’ own data protection declarations. The purpose of this module is to explain how GiroCheckout works. By providing this component, GiroSolution GmbH does not provide any legal advice and assumes no responsibility for the correctness and enforceability of the component or its own compliance with data protection laws. Every customer needs to check this module for themselves legally and accept it or modify it accordingly before using it in their data protection declaration.
For the use of payment systems on our e-commerce portal, we use GiroSolution GmbH as payment service provider. By means of an interface to its “GiroCheckout” system, GiroSolution GmbH ensures the system connection of our e-commerce portal to the following payment procedures:
- a) Giropay
- b) EPS
- c) iDEAL
- d) paydirekt
- e) Credit cards
- f) GiroCode
- g) Direct debit
- h) PayPal
- i) Immediate transfer
Depending on the payment procedure, the following data is initially passed on to or retrieved by GiroSolution GmbH via GiroCheckout and then passed to the respective payment system and its service provider for processing the payments:
- a) Surname and first name
- b) IBAN
- c) E-Mail address
- d) Information regarding age of majority at Giropay ID – age verification (the date of birth is not passed on)
- e) Information to confirm the account details with Giropay ID – account verification (IBAN and BIC as well as the first and last name of the associated account holder)
Further information can be found in the General Terms and Conditions of GiroSolution GmbH.
The legal basis for data processing and the transfer of data to the above-mentioned third parties is Art. 6 Para. 1 Letter b GDPR. In addition, Art. 6 Para. 1 Letter f GDPR is the legal basis for data processing.
The transfer of the data and its processing is necessary in order to make the payment associated with the transaction carried out by you on our e-commerce portal with the method of payment chosen by you and thereby to complete the transaction.
The integration of many different payment methods is complex and cost-intensive. We therefore use a service provider for the technical integration, which explains our justified interest in the above-mentioned data processing by GiroSolution GmbH according to Art. 6 Para. 1 Letter f GDPR.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the above-mentioned data, this is the case when the contract has been settled and there are no further claims for reversal, i.e. after expiry of the statutory warranty service or granted warranty periods. The data will then be deleted subject to statutory retention periods beyond this point in time.
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
Our websites may contain links to websites of other providers which are not covered by this data protection declaration.
Data protection officer
Status as of May 26, 2018
I. Name and address of the party responsible for the processing
This data protection declaration applies to data processing by the following Controller pursuant to Art. 4 No. 7 GDPR:
BIOMES NGS GmbH
c/o TH Wildau
II. Name and contact details of the company data protection representative
The data protection officer of BIOMES NGS GmbH is the external service provider DataGuard.
III. Principles of personal data processing
BIOMES NGS GmbH undertakes to protect and respect the principles of data processing in accordance with Art. 5 Para. 1 GDPR. These include the lawfulness of processing, fairness of processing, transparency, purpose limitation, minimization of data, accuracy of data processing, limitation of storage, and the integrity and confidentiality of data. These principles apply whenever we process personal data, i.e. any information relating to an identified or identifiable natural person. A special category of personal data is health data, the processing of which we refer to in particular. Health data is personal data relating to the physical or mental health of a natural person including the provision of health services, and which reveals information about that person’s state of health. Each of our employees who processes personal data undertakes in writing to observe data secrecy when starting work.
IV. g personal data during the ordering process
Within the framework of the ordering process, personal data is processed for the processing of the order. These include
- Name of the customer
- Company name (optional)
- Street and house number
- Zip code and place of residence
- Telephone (optional)
- E-mail address
- Order note (optional)
- Payment method (PayPal, Giropay, EPS, credit card)
The data processing serves for the execution of the order. The legal basis is Art. 6 Para. 1 Letter b GDPR. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case if you no longer wish to use the services and products of biomes.world or if you no longer wish to view the analysis results of your tested samples and wish to have your data deleted.
V. Registration and activation of the record on my.biomes.world
Registration and activation of the data set at my.biomes.world, you must register once and activate your data set. The following personal data is collected during registration:
- Surname and first name
- Company (optional)
After registration, the collected data set of the sample that was sent in and analyzed is activated. For this purpose, the following further aspects of the sample provider are queried:
- Profile name or sample identifier
- Activation code
- Comment (optional)
- Date of birth (optional)
- Age (optional)
- Height (optional)
- Weight (optional)
- Gender (optional)
- Nutrition type (optional)
- Sport activities (optional)
- Ingestion of probiotics (optional)
- Time of last antibiotic treatment (optional)
Some of the collected data relates to health. You provided the data voluntarily and the legal basis for data processing is the consent you gave according to Art. 9 Para. 2 Letter a GDPR. You can revoke this at any time. However, this does not affect the lawfulness of data processing carried out on the basis of consent prior to revocation. The data is used to attribute the sample to your person and for the customer-specific analysis of the sample you sent in. With this data, the analysis result can be presented in a more precise and personalized way, since it can be compared to a suitable subgroup and not with the whole cohort. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case if you no longer wish to use the services and products of biomes.world or if you no longer wish to view the analysis results of your tested samples and wish to have your data deleted.
VI. Processing of health data in the primary analysis process
In the primary analysis process, we examine the microbial DNA of your stool sample. The analysis process starts with the activation of the sample collection kit and ends when the analysis results are made available by e-mail and/or access to the dedicated dashboard, which you can reach at my.biomes.world. We examine your sample with sequencing methods and can thereby analyze microorganisms. Through a comparison with our scientific database, we can create your individual intestinal flora profile. This profile is analyzed with algorithms so that it is possible to draw conclusions about every bacterium living in your intestine. This in turn permits conclusions to be drawn about your state of health, which means that the results of the analysis constitute health data. Personal and analysis data is linked via encrypted pseudonymization. The personal data and the data of the analysis results are stored on two different, physically separated database systems and can only be attributed with the help of the cryptic pseudonymization ID.
The legal basis for the processing is your consent pursuant to Art. 9 Para. 2 Letter a GDPR and the purpose of the processing is the analysis of your intestinal flora. You can revoke your consent at any time, but the legality of the processing carried out on the basis of your consent up to the point of revocation will not be affected by this. We will delete your data if it is no longer necessary to achieve the purpose for which it has been collected. This is the case if you no longer wish to use the services and products of biomes.world or if you no longer wish to view the analysis results of your tested samples and wish to have your data deleted.
VII. Purchase of INTEST.pro from a business partner
If you purchase the INTEST.pro self-test from a pharmacy or another business partner, then the respective business partner will also process the personal data you provide (see V.) and will also have access to the dashboard and can view your analysis results. Your personal details are used for registration by the business partner at www.biomes.world. The business partner requires access to the analysis result in order to make the analysis results available in an advisory function.
The legal basis for data processing is the consent you gave according to Art. 9 Para. 2 Letter a GDPR. You can revoke this at any time. However, this does not affect the lawfulness of data processing carried out on the basis of consent prior to revocation. The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case if you no longer wish to use the services and products of biomes.world or if you no longer wish to view the analysis results of your tested samples and wish to have your data deleted.
VIII. Secondary analysis process
The data from the primary analysis process will, with your permission, be used for a better and more understandable presentation in the dashboard or exported reports. This is done by anonymizing the data needed to evaluate the analysis results. No personal data will be processed in this context. In addition, the anonymized data is fed into a database with which other samples are cross-checked so that the overall analytical results can be continuously improved. It is not possible to draw conclusions about your person within the framework of the secondary analysis process.
IX. Rights of the data subject
If your personal data is processed, then you are a data subject within the meaning of the GDPR. You have the right
- To request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right of correction, deletion, limitation of processing or objection, the existence of a right of appeal, the origin of your data if it has not been collected by us, and the existence of an automated decision making process including profiling and, if applicable, meaningful information on its details;
- To request the immediate correction of incorrect or incomplete personal data stored by us in accordance with Art. 16 GDPR;
- To demand the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for asserting, exercising or defending legal claims;
- To demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
- To receive your personal data which you have provided to us in a structured, current and machine-readable format or to request transfer to another responsible person in accordance with Art. 20 GDPR.
X. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or of our company headquarters for this purpose.