Data Protection Declaration

Responsible body within the meaning of data protection laws, in particular the EU Data Protection Ordinance (DSGVO):

Columbia Labora­to­ries
12423 NE Whitaker Way
Port­land, OR 97230, USA

Phone: +49 30 206 038 230

Contact person: Mrs. Heidorn-Thoß
Email: dataprivacy@tentamus.com

The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Which rights are affected?

You can exercise the following rights at any time using the contact details provided by our data protection officer:

• Information about your data stored with us and their processing,
• Correction of incorrect personal data,
• Deletion of your data stored with us,
• Restriction of data processing if we are not yet allowed to delete your data due to legal obligations,
• objection to the processing of your data with us and
• Data transferability, provided that you have consented to the data processing or have concluded a contract with us.
• If you have given us your consent, you can revoke it at any time with effect for the future.

You can contact your local supervisory authority at any time with a complaint. Your competent supervisory authority depends on your state of residence, your work or the alleged infringement. A list of supervisory authorities in Germany (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_node.html.

Purposes of data processing by the responsible body and third parties

We process your personal data only for the purposes stated in this data protection declaration. Your personal data will not be passed on to third parties for purposes other than those mentioned. We will only pass on your personal data to third parties if:

• you have given your express consent,
• processing is required to process a contract with you,
• the processing is necessary to fulfil a legal obligation,
• the processing is necessary to protect legitimate interests and there is no reason to believe that you have an overriding interest worthy of protection in not disclosing your data.

Collection of general information when you visit our website

When you access our website, information of a general nature is automatically collected by means of a cookie. This information (server log files) includes the type of web browser, the operating system used, the domain name of your Internet service provider and similar information. This is exclusively information which does not allow any conclusions to be drawn about your person.

This information is technically necessary in order to correctly deliver the content you have requested from websites and is mandatory when using the Internet. They are processed in particular for the following purposes:

• Ensuring a trouble-free connection of the website,
• Ensuring a smooth use of our website,
• evaluation of system security and stability as well as
• for other administrative purposes.

The processing of your personal data is based on our legitimate interest from the aforementioned purposes for data collection. We do not use your data to draw conclusions about you personally. The recipients of the data are only the responsible body and, if applicable, the contract processor.

Anonymous information of this kind may be statistically evaluated by us in order to optimize our Internet presence and the technology behind it.

Legal basis for processing personal data?

In order to process your data through the use of cookies, we need your consent. You may revoke your consent in whole or in part at any time by changing your preferences via the appropriate link entitled “Cookies Settings” on any Tentamus website.

Data Storage

Your personal data is stored for the period necessary to fulfil the original purposes for which it was collected. Please note that in certain cases a longer storage period may be required or legally permissible, or to enable us to pursue its business interests, conduct audits, comply with legal obligations, enforce our agreements or settle disputes.

The criteria by which we determine our retention periods include the following:

• How long will the data be needed to provide you with our products or services or to conduct our business?
• Are we subject to a legal, contractual or similar obligation to store your data? Examples include mandatory laws to retain data in accordance with local laws, governmental orders to store data relevant to an investigation, or data that must be retained for contractual purposes or possible litigation.

Cookies

On some of our pages we use so-called “session cookies” to make it easier for you to use our websites. These are small text files which are only stored on your hard disk for the duration of your visit to our website and are deleted when you close your browser, depending on the settings of your browser program. These cookies do not retrieve any information about you stored on your hard disk and do not affect your PC or its files. Of course, you can also view our website without cookies. Most browsers are set to automatically accept cookies. However, you can deactivate the storage of cookies or set your browser so that it notifies you when cookies are sent. Please use the help functions of your Internet browser to find out how you can change these settings. Please note that some features of our website may not work if you have disabled the use of cookies.

Cookies cannot be used to start programs or to transmit viruses to a computer. Based on the information contained in cookies, we can make navigation easier for you and enable the correct display of our web pages.

Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.

SSL encoding

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

Use of Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (following: Google). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will previously be reduced by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services associated with website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

As far as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time here. The legality of the data processing operations already carried out remains unaffected by the revocation.

Further information on data protection at Google is to be found here: https://policies.google.com/privacy

Use of Google Tag Manager

For transparency reasons, we would like to point out that we use the Google Tag Manager of the provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The Google Tag Manager itself does not collect any personal data. The Google Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behavior, track the impact of online advertising and social channels, set up remarketing and targeting, and test and optimize websites. We use the Tag Manager for the Google Analytics service. If you have made a deactivation, this deactivation will be taken into account by Google Tag Manager. For more information on the Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html.

Use of Google Maps

This website uses Google Maps API to display geographical information visually. When using Google Maps, Google also collects, processes and uses data about the use of map functions by visitors. You can find more information about Google’s data processing in the Google Privacy Policy. There you can also change your personal data protection settings in the Data Protection Centre.

Detailed instructions for managing your own data in connection with Google products can be found here.

Embedded YouTube videos

On some of our websites we embed YouTube videos. YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA is the operator of the corresponding plug-ins. When you visit a page with the YouTube plugin, a connection to Youtube servers is established. Youtube will be informed which pages you visit. If you are logged into your Youtube account, Youtube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand.

If a YouTube video is started, the provider uses cookies that collect information about user behavior.

If you have deactivated the storage of cookies for the Google Ad program, you will not have to reckon with such cookies when viewing YouTube videos. Youtube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the saving of cookies in your browser.

Further information on data protection at “Youtube” can be found in the provider’s data protection declaration at: https://www.google.de/intl/de/policies/privacy/

LiveChat

In our live chat you have the opportunity to contact Tentamus employees directly and to clarify your questions in a conversation in the form of a real-time chat.

For our live chat, we use LiveChat Inc. As far as data is processed outside the EU/ EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. LiveChat is headquartered at 101 Arch Street, 8th Floor Boston, MA 02110, USA. A transfer of data to the USA and access by US authorities to the data stored by LiveChat cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

LiveChat Inc. uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to and stored by LiveChat on servers in the United States.

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time here, however please note that if you do this you may not be able to use the full functionality of this website. The legality of the data processing operations already carried out remains unaffected by the revocation.

Further information on data protection at “LiveChat” can be found in the provider’s data protection declaration at: https://www.livechatinc.com/privacy-policy/

Newsletter

If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.

CleverReach

This website uses the services of CleverReach (CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany) to send newsletters.

When you register for our newsletter, we collect and process personal data such as your name and email address. In addition to this, the date and time of your registration and your IP address are stored on CleverReach’s servers. We may also analyze data about your interaction with the newsletter, for example, whether you click on links. CleverReach places great emphasis on data security and therefore carries out regular maintenance and updates systems as needed. In this way, CleverReach ensures high operational stability, performance, and maximum security.

If you do not want your usage of the newsletter to be analyzed by CleverReach, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter by contacting us through the web-formula or by contacting our designated Data Privacy responsible listed at the start of the data privacy statement.

Data processing is based on Art. 6 (1) (a) DSGVO. You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of CleverReach. Data we have stored for other purposes (e.g. email addresses for the members area) remains unaffected.

For details, see the CleverReach privacy policy at https://www.cleverreach.com/en-de/privacy-policy/.

Forwarding of your personal information

Your personal data will be passed on to Tentamus based in Berlin, Germany. We do not sell or disclose any personal data of our website visitors to third parties, except in the following cases:

• Sharing within Tentamus, in accordance with our web privacy policy and taking into account all applicable confidentiality and security measures.
• Passing on to third parties that we have commissioned to provide services for us. These service providers are contractually obligated to use or disclose the information exclusively for the provision of services on our behalf or for the fulfilment of legal obligations.
• Disclosure to companies, organisations or individuals outside Tentamus if we have good reason to believe that access, use, storage or disclosure of the information is necessary for any of the following reasons:
  • Enforcement of applicable terms of use, including investigation of possible violations
  • Compliance with all applicable laws, regulations, court decisions or official orders to be enforced
  • Identification, prevention or other measures in the area of fraud, security problems or technical challenges
  • Protection against interference with the rights, property or safety of Tentamus, our users or the public, in accordance with legal requirements.
  • Disclosure to regulatory or law enforcement authorities when we believe in good faith that we are required by law to disclose information in connection with the discovery of criminal offences, the collection of taxes or duties, compliance with applicable laws or court orders, or in connection with legal proceedings.

Applications

You can apply to our company electronically, especially by e-mail. We will of course use your details exclusively for processing your application and will not pass them on to third parties. Please note that unencrypted e-mails are not transmitted with access protection.

If you have applied for a specific position and it has already been filled or if we consider you suitable for another position, we would be happy to forward your application within the company. Please let us know if you do not agree to a forwarding.

Your personal data will be deleted immediately after completion of the application process or after a maximum of 6 months, unless you have expressly given us your consent for a longer storage of your data or a contract has been concluded. The legal basis is Art. 6 Para. 1 a, b and f DSGVO and § 26 BDSG.

Links to other websites

We provide links to other websites for your orientation and information. These linked websites may have their own privacy statements or policies, and we encourage you to read them. We are not responsible for the content of linked websites or for questions arising from their use.

Changes to our data protection regulations

We reserve the right to adapt this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration will then apply for your next visit.