Diligence and transparency is the basis for a trusting cooperation with our customers. Eurofins respects the privacy of all users of its website and ensures that the personal information received or provided by you through our web forms is treated as confidential.
Herewith we would like to inform you on how we process your personal data and which rights you have concerning those data according to the European General Data Protection Regulation (GDPR). What kind of personal data we proceed is depends upon the respective contractual relationship.
Eurofins Medigenomix Forensik GmbH
Anzinger Str. 7a
Managing Director: Dr. Burkhard Rolf
Dr. Klaus zu Hoene
We process your personal data when you send us a request, order a DNA test kit or sign a contract for a DNA Analysis. Besides, we process your personal data in ordert o submit to legal obligations, to meet a legitimate interest or because your granted your consent.
Depending on the specific operating ground we process the following kind of data:
• Name, Surname
• Postal address
• Data for communication (email address, telephone number)
• Date of birth
• Contract data such as Order ID, Order date, contract details
• Invoice data
• Payment data, account information
• DNA-Data in connection with your ordered DNA analysis
• We do not examine any diagnostic features or any physical characteristics (e.g. hair colour, blood group). These are explicitly excluded from analysis and cannot be examined with the method we use
Please enter billing address and payment method in our shop module. Payment data will not be stored.
As part of our customer satisfaction surveys (“Verified Reviews”), we collect the order number and date, the article and the name of the person who ordered the test.
We only process personal data that we receive from you as our customer.
We process your personal data in compliance with the General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG) as well as all other relevant laws, in particular the Genetic Diagnostics Act.
5.1. based on your consent (acc. to article 6 (1) GDPR)
In case you give your volontary consent to collect, process or transmit your personal data this consent is the legal basis for processing the data.
In the following cases we process your personal data based on your consent:
• Your consent is the legal basis for the data processing in regards with the assessment of a parentage or kinship relationship in accordance with the Genetic Diagnostics Act (Art. 9 Para. 2 a, GDPR)
• Customer satisfaction surveys through external partners
5.2. To fulfill a contract (Art. 6 (1 b) GDPR)
• Reporting a DNA test result as ordered
To comply with legal obligations (Art. 6 (1 c) GDPR)
As a company we are subject tovarious legal obligations. To comply with those obligations we may need to process your personal data.
• Prevention of fraud / of illegal behaviour
5.3. Because of a legitimate interest (Art. 6 (1 f) GDPR)
In some cases we may need to process your personal data to safeguard our or a third party legitimate interest.
• Safeguarding of IT security and IT operations
• Application of strictyl necessary cookies, performance Cookies und functionality Cookies
• Integration of the widget supplied by “Verified Reviews” (Net Reviews SAS)
Your personal data may be disclosed to third party services when you consent or the law permits it:
• GPs, employees of youth welfare centers and health departments who are involved with the witnessed sampling
• Pharmacists, Midwives, Nurses or Notaries
• Embassies, consulates, medical officer of the embassy
External service providers:
• With the exception of the genetic data, your personal data can be disclosed to Google LLC, Mountain View, USA (GSuite)
• Survey data is sent to Net Reviews SAS, 18-20 Avenue Robert Schuman, CS 40494, 13002 Marseille, France.
If you purchase a DNA test online in one of our web shops, the following applies:
- The payment terminal in our shop is based an the payment system created by Wallee (customweb GmbH, General-Guisan- Strasse 47, CH-8400 Winterthur, Switzerland). Through this portal, personal data is sent to the network operator (TeleCash / First Data Corporation, 5565 Glenridge Connector NE, Suite 2000, Atlanta, GA 30342, USA) and payment service provider to accept and settle the payment transactions (TeleCash / First Data GmbH, Marienbader Platz 1, 61348 Bad Homburg vd Höhe). The network operator and the payment service provider further process the data for payment processing, to prevent card misuse, to limit the risk of payment defaults and for statutory purposes, such as anti-money laundering and law enforcement. For these purposes, your data will also be transmitted to other responsible parties, in particular your card-issuing bank.
Countries outside the European Union (and the European Economic Area„EWR“) treat data protection differently from countries within the EU. To process your data we may use service providers from outside the EU. No decision has yet been made by the EU commission that those non-EU countries offer an appropriate protection.
The personal data stored in the GSuite are transmitted to the USA under the EU-US Privacy Shield based on the adequacy decision of the European Commission. You can access the certificate at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. If you want to see the existing guarantees, you can also contact us at email@example.com.
Your personal data will be stored for a limited period of time, to fulfill the purpose for which they have been collected and processed, as listed above.
Once the storage of your data to comply with our legal or contractual obligations is not necessary anymore your data will be deleted. We will only keep them if processing is necessary for one of the following purposes:
• Fulfillment of fiscal and commercial retention requirements according to the German Commercial Code (HGB) and General Fiscal Code (AO).
• The results of DNA analyses need to be saved for 30 years according to §17 German Genetic Diagnostics Act (GenDG)
• Storage of evidence in regards to the statute of limitations. The German Civil (BGB) determines this to be up to 30 years, regularly it is 3 years.
Each person concerned has the right to access the personal data acc. to article 15, GDPR, the right to rectify inaccurate personal data acc. article 16 GDPR, the right to deletion of data acc. to article 17 GDPR, the right to restricting the processing of data acc. to article. 18 GDPR, the right to object to the progressing of data acc. to article 21 GDPR and the right todata portability provided acc. to article 20 GDPR. The right to information and the right to deletion are underlying the constrictions acc. to §§ 34 and 35 GDPR.
9.1 Right of objection
• What right do you possess in regards of the processing of your data in your own or in public interest?
Acc. to article 21 (1) GDPR you have the right to withdraw your consent to process your personal data any time. Reasons to do so are specified in Art. 6 (1 lit. E) GDPR (data processing in public interest) or article Artikel 6 (1 lit. F) GDPR (data processing to protect legitimate interests). This also applies to a profiling based on this rule.
If you withdraw your consent we will not process your personal data anymore unless we may have compelling reasons, worthy of protection, to process your data. Those reasons must predominate your interests, rights and freedom. Also, the processing of your data may serve the enforcement, exertion or defense of legal obligations.
9.2 Withdrawal of consent
You can withdraw your consent in full or in parts at any time. To do so, please send us an email to firstname.lastname@example.org. Please consider that this withdrawal can only be applied for future data processing.
In this case, your personal data must be deleted and destroyed immediately. The assessment of a lineage or kinship can then no longer take place.
9.3 Right of access to personal data
You have the right to ask if we have stored your personal data. You have the right to ask which data we have stored, for which purpose we are processing your data, to whom we disclose your data, how long we store your personal data and which other rights you may executein regards to this data.
9.4 Further rights
Beyond you have the right to ask for rectifying your data and for erasing your data. If there are no more reasons to save your data we will erase them otherwise restrict the processing of your data. You also have the right for the portability of the data you provided us with.
You also have the right to complain to the relevant national data protection authority in case these rights are not complied with. An overview of the national data protection authorities is available at the following link: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
(Article 77 GDPR,. § 19 GDPR).
9.5 Excute your rights
To excute your rights please contact the responsible persons or our privacy security officer: email@example.com We will process your request according to the statutory provisions and will inform you of the measures we seized
To enter into a business relationship you need to provide us with such personal data that is necessary to comply with your order or that we are legally obliged to retrieve. If you do not want to give us that data the processing of your order will not be possible.
We collect your data when you visit our website. This data is partially automatically collected through cookies and saved in server log files. In our cookie notice we give you detailed information which cookies we use for which purposes: https://www.vaterschaftsanalyse.de/en/info/privacy-policy/
In case of a change in the purpose or the way of our processsing of your personal data we will update this information in due time and inform you accordingly.