Diligence and transparency are the basis for a trusting cooperation with our customers. We are therefore informing you about how we process your data and how you can exercise the rights you are entitled to under the General Data Protection Regulation. Which personal data we process and for what purpose depends on the respective contractual relationship.
Eurofins Medigenomix Forensik GmbH
Anzinger Str. 7a
Represented by Managing Director:
Dr. Burkhard Rolf
You can reach our data protection officer at:
Eurofins Finance Transactions Germany GmbH
Am Neuländer Gewerbepark 1
Mobile: +49 160 6265698
If you have an enquiry, order documents for a DNA test or conclude a contract with us, we will process your personal data. In addition, we process your personal data, among other things, to fulfill legal obligations, to protect a legitimate interest or on the basis of your consent.
Depending on the legal basis, the following categories of personal data are involved:
- first name, surname,
- communication data (telephone, e-mail address),
- contract master data, in particular order number, order date, type of contract,
- Invoice data/sales data,
- Payment data/account information,
- from your birth certificate, photographs, copies of ID cards,
- DNA data to create your commissioned analysis,
- Origins acc. to Art 9 I GDPR
- Your health or the properties of your body cells (e.g. blood group properties, hair color) are expressly not examined.
We process personal data that we receive from our customers.
We process your personal data in particular in compliance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as all other relevant laws, in particular the Federal Data Protection Act (BDSG) and all other relevant laws, in particular the Gene Diagnostics Act.
5.1 Based on your consent (Art. 6 Para. 1 a)/Art. 9 Para. 2 a) GDPR)
If you have given us your voluntary consent to the collection, processing or transmission of certain personal data, then this consent forms the legal basis for the processing of this data.
In the following cases, we process your personal data on the basis of your consent:
- The legal basis for data processing to assess a parentage or family relationship in accordance with the Genetic Diagnostics Act is your consent to the processing of genetic data (Art. 9 Para. 2 a ) GDPR),
- The legal basis for data processing in the special categories according to Art. 9 I GDPR is your consent. We need this information in order to be able to statistically secure the result better
- The legal basis for communication via messenger services is your consent
5.2 To fulfill a contract (Art. 6 Para. 1 b GDPR)
- processing and billing of a commissioned DNA report,
5.3 Due to a legitimate interest (Art. 6 Para. 1 f GDPR)
In certain cases we process your data to protect a legitimate interests of us or third parties.
- Ensuring IT security and IT operations,
- Sending invitations to customer satisfaction surveys via external service providers if we receive your information from you in connection with the sale of goods or services have received an electronic mail address.
- Our legitimate interest is to find out what preferences customers have and to process the personal data using automated processes as part of customer surveys.
- Participation in the survey and the resulting provision of your personal data is voluntary. You will not suffer any disadvantages if you do not provide your personal data and if you do not take part in the survey.
We only transfer your personal data to third parties if this is permitted by law or if you have given your consent.
- Physicians, youth workers or health officials involved in obtaining the sample,
- pharmacists, midwives, nurses or notaries,
- embassies/consulates/doctors abroad in cases involving foreign participation.
External service providers:
Countries outside the European Union (and the European Economic Area (“EEA”) handle the protection of personal data differently than countries within the European Union. We also use service providers located in third countries outside the European Union to process your data. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection.
We have therefore taken special measures to ensure that your data is processed just as securely in the third countries as it is within the European Union. With service providers in third countries, we conclude the standard data protection clauses provided by the Commission of the European Union. These clauses provide suitable guarantees for the protection of your data with service providers in third countries.
We store your personal data for as long as it is necessary to fulfill our legal and contractual obligations.
If storage of the data is no longer necessary for the fulfillment of contractual or legal obligations, your data will be deleted, unless their further processing is necessary for the following purposes:
- Fulfillment of commercial and tax storage obligations. Retention periods from the German Commercial Code (HGB) or the Tax Code (AO) should be mentioned. According to § 147 AO, accounting documents in particular must be kept for 10 years.
- The results of the DNA analyzes are stored for 30 years in accordance with Section 17 of the Genetic Diagnostics Act (GenDG).
- Preservation of evidence within the framework of the statutory statute of limitations. According to the statute of limitations of the German Civil Code (BGB), these statutes of limitation can be up to 30 years in some cases, the regular statute of limitations is three years.
- The results of the customer satisfaction survey are stored for 3 years.
Every data subject has the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to object from Art. 21 GDPR and the right to data portability from Art. 20 GDPR. The restrictions under §§ 34 and 35 BDSG apply to the right to information and the right to erasure.
In accordance with Article 21 Paragraph 1 GDPR, you have the right at any time, for reasons arising from your particular situation, to object to the processing of personal data relating to you, which is based on Article 6 Paragraph 1 lit. e GDPR (data processing in the public interest) or based on Article 6 Paragraph 1 lit. f GDPR (data processing to protect a legitimate interest), to object; this also applies to profiling based on this provision.
In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
9.2 Revocation of consent
You can revoke your consent to the processing of personal data at any time. Please note that the revocation only applies to the future.
In this case, your personal data must be deleted and destroyed immediately. An assessment of a parentage or relationship can then no longer be carried out.
9.3 Right information
You can request information as to whether we have stored personal data about you. If you wish, we will tell you what data is involved, for what purposes the data is processed, to whom this data is disclosed, how long the data is stored and what other rights you have in relation to this data.
9.4 Other rights
You also have the right to have incorrect data corrected or your data deleted. If there is no reason for further storage, we will delete your data, otherwise restrict processing. You can also request that we provide any personal data that you have provided to us in a structured, commonly used and machine-readable format, either to you or to a person or company of your choice.
In addition, there is a right of appeal to the competent data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).
9.5 Exercising your rights To exercise your rights
you can contact our data protection officer at firstname.lastname@example.org. We will process your inquiries immediately and in accordance with the legal requirements and inform you of the measures we have taken.
In order to enter into a business relationship, you must provide us with the personal data that is required to carry out the contractual relationship or that we must collect due to legal requirements. If you do not provide us with this data, it is not possible for us to carry out and process the contractual relationship.
Should the purpose or manner of processing your personal data change significantly, we will update this information in good time and inform you about the changes in good time.