Data protection declaration according to the GDPR
1. Data protection briefly
General information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information about data protection can be found in our data protection declaration listed below this text.
Data collection on this website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. Their contact details can be found in the section “Note on the responsible body” in this data protection declaration.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter in a contact form.
Other data is collected automatically or after your consent when visiting the website by our IT systems. These are mainly technical data (e.g. Internet browser, operating system or time of the page view). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data in certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time if you have any further questions about data protection.
Analytics and third-party tools
When you visit this website, your surfing behaviour can be statistically evaluated. This is mainly done with so-called analysis programs.
Detailed information about these analysis programs can be found in the following privacy policy.
2. Hosting and Content Delivery Networks (CDN)
We host the contents of our website with the following provider:
External hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.
The external hosting takes place for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Our host(s) will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions regarding this data.
We use the following host(s):
DigitalOcean, LLC.
101 6th Ave New York
NY 10013
United States
Order processing
We have concluded a contract for order processing (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Cloudflare
We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as “Cloudflare”).
Cloudflare offers a globally distributed content delivery network with DNS. Technically, the transfer of information between your browser and our website is routed via the Cloudflare network. This enables Cloudflare to analyze traffic between your browser and our website and act as a filter between our servers and potentially malicious traffic from the Internet. Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here.
The use of Cloudflare is based on our legitimate interest in the most error-free and secure provision of our website (Art. 6 para. 1 lit. f GDPR).
The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.cloudflare.com/privacypolicy/.
Learn more about security and privacy at Cloudflare here:
https://www.cloudflare.com/privacypolicy/.
Order processing
We have concluded a contract for order processing (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Note on data transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that no level of data protection comparable to that of the EU can be guaranteed in these countries.
For example, US companies are obliged to hand over personal data to security authorities without you as the data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) process, evaluate and permanently store your data on US servers for surveillance purposes. We have no influence on these processing activities.
3. Name and address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
SRE GmbH
Karl-Breuing-Str. 2
45770 Marl, Germany
Phone: +49 171 835 70 14
Mail: vkunert@symbioresearch.eu
4. Name and address of the data protection officer
The data protection officer of the controller is:
Mr. Christoph Larsen
DS Privacy Policy Christoph Larsen
Nordring 35
51647 Gummersbach, Germany
Phone: +49 22 61 56 09 20
E-mail: datenschutz@symbioresearch.eu
Website: www.symbioresearch.eu
5. Use of cookies
The Internet pages of the SRE GmbH use cookies. Cookies are data stored by the Internet browser on the user’s computer system. The cookies can be transmitted to a page when it is called up and thus enable the user to be assigned. Cookies help to simplify the use of websites for users.
It is possible at any time to object to the setting of cookies by changing the setting in the Internet browser accordingly. Legal cookies can be deleted. Please note that if cookies are deactivated, it may not be possible to use all functions of our website to their full extent.
5.1 Consent with Complianz
Our website uses Complianz’s consent technology to obtain your consent to store certain cookies on your device or for the use of certain technologies and to document this consent in a manner compliant with data protection regulations. The provider of this technology is Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, the Netherlands (hereinafter “Complianz”).
Complianz is hosted on our servers, so no connection to the servers of the provider of Complianz is established. Complianz stores a cookie in your browser in order to be able to allocate the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Complianz cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
Complianz serves to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.
6. Creation of log files
Each time the website is accessed, SRE GmbH collects data and information through an automated system. These are stored in the log files of the server.
The following data may be collected:
- Information about the browser type and version used
- The user’s operating system
- The user’s Internet service provider
- The IP address of the user
- Date and time of access
- Websites from which the user’s system reaches our website (referrer)
- Websites accessed by the user’s system via our website
The processing of the data serves to deliver the contents of our website, to ensure the functionality of our information technology systems and to optimize our website. The data of the log files are always stored separately from other personal data of the users.
7. Ways to contact us
On the website of SRE GmbH there is a contact form that can be used for electronic contact. Alternatively, it is possible to contact us via the e-mail address provided. If the data subject contacts the controller through one of these channels, the personal data transmitted by the data subject shall be stored automatically. The storage serves solely for the purpose of processing or contacting the data subject. A transfer of the data to third parties does not take place.
Request by e-mail, telephone, or fax
If you contact us by e-mail, telephone or fax, your request including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
The processing of this data takes place based on Art. 6 para. 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested; the consent can be revoked at any time.
The data sent by you to us via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – statutory retention periods – remain unaffected.
8. Routine deletion and blocking of personal data
The controller shall process and store personal data of the data subject only for as long as is necessary to achieve the purpose of storage. In addition, storage may take place insofar as this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the person responsible for the processing is subject.
As soon as the storage purpose ceases to apply or a storage period prescribed by the regulations expires, the personal data is routinely blocked or deleted.
9. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
9.1 Right
You may request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing exists, you can request information from the controller about the following information:
a. the purposes for which the personal data are processed;
b. the categories of personal data processed;
c. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
d. the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
e. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
f. the existence of a right of appeal to a supervisory authority;
g. any available information as to the origin of the data, where the personal data are not collected from the data subject;
h. the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
9.2 Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you is incorrect or incomplete. The controller must make the correction without delay.
9. 3 Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of personal data concerning you:
a. if you contest the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;
b. the processing is unlawful, and you oppose the deletion of the personal data and instead request the restriction of the use of the personal data;
c. the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
d. if you object to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, these data may only be processed – except for their storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.
9.4 Right to erasureYou may obtain from the controller the erasure of personal data concerning you without undue delay and the controller is obliged to erase such data without undue delay if one of the following reasons applies:
a. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
b. You revoke your consent, on which the processing pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
c. In accordance with Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or which you submit pursuant to Art. 21 (2) GDPR.
d. The personal data concerning you have been unlawfully processed.
e. The deletion of personal data concerning you is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
f. The personal data concerning you have been processed in relation to the offer of information society services pursuant to Art. 8 (1) GDPR.
- If the person responsible has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR, it shall take reasonable steps, including technical measures, taking into account available technology and the cost of implementation, to inform controllers processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
- The right to erasure does not exist if processing is necessary
a. to exercise the right to freedom of expression and information;
b. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c. for reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit. h and i as well as Art. 9 from. 3 GDPR;
d. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the attainment of the objectives of that processing, or
e. to assert, exercise or defend legal claims.
9.5 Right to information
If you have asserted your right to rectification, erasure, or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right vis-à-vis the controller to be informed about these recipients.
9. 6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that:
a. the processing based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
b. the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be adversely affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
9.7 Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you, unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is associated with such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In connection with the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility to exercise your right to object by automated means using technical specifications.
9.8 Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of the processing carried out based on the consent until the revocation.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This provision shall not apply where the decision
9.9 Automated individual decision-making, including profiling
a. is necessary for the conclusion or performance of a contract between you and the controller,
b. is permitted by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
c. with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in a. and c., the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and contest the decision.
9.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
10. Disclosure of data to third parties
10.1 Analysis tools and advertising
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
10.2 Newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only on a voluntary basis. For the handling of the newsletter, we use newsletter service providers, which are described below.
ActiveCampaign
This website uses ActiveCampaign for sending newsletters. Provider is ActiveCampaign, Inc., 1 N Dearborn, 5th Floor Chicago, Illinois 60602, United States.
ActiveCampaign is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter will be stored on the servers of ActiveCampaign in the United States.
Data analysis by ActiveCampaign
With the help of ActiveCampaign we are able to analyze our newsletter campaigns. For example, we can see if a newsletter message has been opened and which links have been clicked. In this way, we can determine which links have been clicked particularly frequently.
We can also see whether certain previously defined actions were performed after opening / clicking (conversion rate). For example, we can tell if you have made a purchase after clicking on the newsletter.
ActiveCampaign also allows us to classify newsletter recipients into different categories („clusters”). For example, the newsletter recipients can be subdivided according to age, gender, or place of residence. In this way, the newsletters can be better adapted to the respective target groups. If you do not want an analysis by ActiveCampaign, you have to unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can unsubscribe from the newsletter directly on the website.
Detailed information about the functions of ActiveCampaign can be found in the following link:
https://www.activecampaign.com/email-marketing.
The privacy policy of ActiveCampaign can be found at:
https://www.activecampaign.com/privacy-policy.
Legal Basis
Data processing is based on your agreement (Art. 6(1)(a) GDPR). You can revoke this agreement at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://www.activecampaign.com/legal/scc and
https://www.activecampaign.com/de/legal/gdpr-updates/privacy-shield.
Storage period
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
10.3 Plug-ins and Tools
Google Fonts (local embedding)
This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.
For more information on Google Fonts, please follow this link:
https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under:
https://policies.google.com/privacy?hl=en.
11. Legal basis of processing
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) GDPR serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.
If vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1) (f) GDPR serves as the legal basis for the processing. The legitimate interest of our company lies in the execution of our business activities.
12. Duration of storage of personal data
Personal data will be stored for the duration of the respective statutory retention period. After expiry of this period, the data will be routinely deleted, unless there is a need for contract initiation or contract fulfilment.