1. Identity of Laboperator
2. What information do we collect?
3. What do we use your information for?
4. Legal basis
5. How do we protect your information?
6. Do we disclose any information to outside parties?
7. Third party links
8. Where do we store the information?
9. Access, data portability, migration, and transfer back assistance
10. Request for rectification, restriction or erasure of the personal data
11. Data retention
12. Accountability
13. Cooperation
14. Terms of Service
15. Your consent
16. Changes to our privacy policy
17. Complaint
Your privacy is important to Labforward GmbH (“Labforward”). This Privacy Policy covers what we collect and how we use, disclose, transfer and store your information.
If there are any questions regarding this Privacy Policy you may contact us using the information below.
Labforward GmbH
Elsenstrasse 10
12435 Berlin
Germany
Company registered at Amtsgericht Charlottenburg – HRB 149204 B
You may submit inquiries regarding personal data protection, privacy and security matters to our Data Protection Officer by emailing dataprotection@labforward.io.
If you choose to visit, register on our website, or use our laboratory execution system (“Service”), the following categories of data to and on behalf of you will be processed:
“Cookie configuration data”
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser that enables the sites or service providers systems to recognize your browser and capture and remember certain information. Cookies help us to make your website visit easier, more comfortable, informative, and useful.
When you first visit our website, you will be asked to review our Cookie declaration, and then either accept or reject our cookies. We collect your input through our cookie consent manager (“Cookiebot”).
Our cookie declaration gets updated every month and can be reviewed at https://www.laboperator.com/cookies/. You can also withdraw your consent at any time on the same page.
“Website visitor data”
If you choose to accept cookies on our website, the following information will be temporarily stored:
• Your IP address, which will never be linked to other personal user information. IP addresses will be anonymized to make any assignment of IP address data to user data impossible (IP masking).
• Your language preferences and location (i.e. country & city)
• Which pages on Laboperator you visit
• How long you stay on each page you visit
• Whether you have been to this page before
• Your device and operating system settings (browser type, operating system, service provider, screen resolution)
• Date and time of server requests
• Referrer-URL (previously visited web page)
“Account data”
If you choose to register for an account of our Service, place an order, subscribe to our newsletter or contact us via email or contact form, basic contact details are collected such as:
• E-mail address
• Name of your contact person
• Job title
• Gender
• Company name
• Address
• Phone number
• VAT number
• Preferred language and currency
• Timezone
• Any purchase order number
• Any e-mail address of invoice receivers
• Masked credit card or bank account details
If you are a Laboperator user or subscribe to Laboperator’s newsletter, You will be informed by Labforward about important changes concerning the Service, such as the implementation of additional functions to our software, by e-mail.
“System data”
If you choose to register for and use our Service, you will be automatically generating system data related to the usage of Laboperator’s Service. These are being collected for statistical information and to provide smooth functionality of our Service. These collected data include:
• Duration of membership/registration
• Number of uploaded files
• Number of entries
• Number of group entries
• Last date of activity on Laboperator
• Further statistical data, if applicable.
“File and content data”
If you choose to register for and use our Service, you may be creating content or upload files of different formats (Excel, Word, pdf, other). Labforward and its employees do not have viewing rights to the content of any data or files that you enter, upload, download, administer, or handle in any other way within the laboratory execution system provided by Labforward. Exceptions will be made only with your explicit consent, following your explicit request, or after you explicitly grant access to your content by publishing your data.
Any of the information we collect from you may be used for one or more of the following purposes:
3.1. To personalize your experience (the information will help Labforward better respond to your individual needs);
3.2. To improve our website (Labforward continually strives to improve our website offerings based on the information and feedback we receive from our customers);
3.3. To identify you as a contracting party; and for fulfilling the contract with you;
3.4. To enable secure login to and secure usage of our Service;
3.5. To establish a primary channel of communication with you;
3.6. To enable Labforward to issue valid invoices and to process transactions;
3.7. To send periodic e-mails (The e-mail address you provide, may be used to send you information and updates pertaining to your order (if relevant), in addition to receiving occasional newsletters (if accepted), company news, updates, related product or service information, etc.)
If at any time you would like to unsubscribe from receiving newsletters, you can unsubscribe via a link at the bottom of each newsletter or via www.laboperator.com/unsubscribe.
The processing of your data is either based
• on your consent,
• on the necessity of the data for the performance of a contract to which you are a party,
• on the necessity to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).
If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information in clause 1.
In order to enter into a contract regarding the use of Laboperator’s Service, you must provide us with the required personal data. If you do not provide us with all the required information, we will not be able to deliver the Service.
Because Labforward values your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute any personal information to outside parties without your consent except as stated in clause 6.
Labforward will not intentionally collect any information from anyone under 16 years of age. Our website, products and services are all directed at people who are at least 16 years old or older.
Labforward implements the following technical, physical and organizational measures to maintain the safety of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access and against all other unlawful forms of processing.
The Service utilizes the extensive features of the cloud environment to ensure high availability, such as full redundancy, load balancing, automatic capacity scaling, automated data backup with a traffic manager for automatic geographical failover on datacenter level disasters. All failover mechanisms are fully automated.
No personal data is stored permanently outside Laboperator’s cloud platforms. The physical security is thereby maintained by Labforward’s subcontractors, see clause 6.
To ensure integrity, all data transits are encrypted to align with best practices for protecting confidentiality and data integrity. For data in transit, the Service uses industry-standard transport protocols between devices and data centers and within data centers themselves.
All supplied credit card information is transmitted via TLS (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those who are authorized to access such systems and who are required to keep the information confidential.
Nonetheless, we cannot guarantee that transmissions of your credit or debit card account information or your other information will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by Labforward or our third-party service providers.
All Labforward personnel are subject to full confidentiality and any subcontractors and subprocessors are required to agree to confidentiality in the agreement between the parties.
Labforward will at all times keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used.
Labforward enables your rights of access, rectification, erasure, blocking and objection, by offering the option to send instructions through Labforward’s Data Protection Officer (dataprotection@labforward.io), and also by informing about and offering the customer the possibility of objection when Labforward is planning to implement changes to relevant practices and policies.
System performance and availability is monitored from both internal and external monitoring services. Administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made.
In the event that any personal data is compromised, Labforward will notify competent Supervisory Authority(ies) within 72 hours of becoming aware of the event, by e-mail with information about the extent of the breach, affected data, any impact on the Service and Labforward’s action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.
In the event the personal data breach is likely to result in a high risk to your rights and freedoms, Labforward shall communicate the personal data breach to you via e-mail without undue delay.
“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the Service.
You play an important role in keeping your information secure. You should not share your user name, password, or other security information for your Laboperator account with anyone. If we receive instructions using your user name and password, we will consider that you have authorized the instructions.
If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please contact us immediately.
Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third-party access, or other causes beyond our control.
Labforward does not sell, trade or otherwise transfer to outside parties any personally identifiable information.
This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety. Furthermore, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Labforward will not disclose the customer’s data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from Laboperator, Labforward strives to limit the disclosure. Labforward will only release specific data mandated by the relevant legal demand.
If compelled to disclose your data, Labforward will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our website and welcome any feedback about these websites.
No stored data will be transferred, backed up and/or recovered by Labforward outside of the European Union. Labforward also requires its subcontractors and subprocessors to either store data in the European Union, or to adhere to the EU-US Privacy Shield.
Labforward stores Account data, System data and File Data associated with its Service in databases and file repositories hosted in an Amazon Web Services data center in Germany. Databases are backed up every day with a retention period of 30 days. Backups are stored on file storage at the same geographical location as the database.
No installation of software is required to use the Service. The login-protected Service is accessible through a supported standard web browser, automatically using an encrypted https-connection for all communications between your browser and Laboperator’s server to protect any data from being intercepted during network transfers.
You may at any time obtain confirmation from Labforward as to whether or not personal data concerning you are being processed.
You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered within 28 days of the receipt of the request by Labforward as spreadsheet files in CSV-format. Labforward reserves the right to charge for any excessively repeated requests.
You may at any time obtain without undue delay rectification of inaccurate personal data concerning you, cf. clause 5.5.
You may at any time request Labforward to restrict the processing of personal data when one of the following applies:
a. if you contest the accuracy of the personal data, for a period enabling Labforward to verify the accuracy of the personal data;
b. if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
c. if Labforward no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
You may without undue delay request the erasure of personal data concerning you, and Labforward shall erase the personal data without undue delay when one of the following applies:
a. if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b. if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
c. if you object to the processing in case the processing is for direct marketing purposes;
d. if the personal data have been unlawfully processed; or
e. if the personal data have to be erased for compliance with a legal obligation in EU or national law.
Cookie configuration data and Website visitor data will be retained as per our cookie declaration. Consent can be withdrawn at any time.
Personal Data which is no longer necessary for retention will be deleted or anonymized without undue delay if requested by the data subject or when identified by Labforward during a quarterly data retention audit. Data is considered to be not necessary for retention if:
• There is no legal requirement to retain the data (ex. Tax law)
• A contract has been completed or cannot be performed anymore
• A created account of Laboperator’s Service has been deleted
• The data is no longer up to date
You can delete all your Laboperator user profile and its associated private data any time by using the respective option in your account settings or by contacting us via dev.labforward.io/contact/. After deleting your account data, usage of our services will not be possible with the respective account.
Labforward uses the extensive range of built-in logging features and audits trails provided by third party platforms. Labforward also logs all system updates, configuration changes and access to provide an audit-trail if unauthorized or accidental changes are made.
Labforward will cooperate with you in order to ensure compliance with applicable data protection provisions, e.g. to enable you to effectively guarantee the exercise of data subjects’ rights (right of access, rectification, erasure, blocking, opposition), to manage incidents including forensic analysis in case of security breach.
Please contact your account manager for the General Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our Service at dev.labforward.io/terms-of-use.
By using our site and/or our Service, you consent to this Privacy Policy.
If we decide to change our Privacy Policy, we will post those changes on this page, and/or update the Privacy Policy modification date below.
This Privacy Policy was last modified on August 2nd, 2019.
You may at any time lodge a complaint with the Berlin commissioner for data protection and freedom of information regarding Labforward’s collection and processing of your personal data.