Privacy Policy

1 General and Legal Basis 

Thank you for your interest in the VALIDOGEN GmbH website. The issue of data protection and confidentiality is a topic we take very seriously, and we follow the applicable national and European data protection regulations. All our staff and all third parties involved in data processing are subject to commitments under the Federal Act concerning the Protection of Personal Data (DSG 2000, EU General Data Protection Regulation, DSG 2018) and are obliged to confidentiality in the use of personal data. Our data protection measures are continually updated, reflecting technical developments. VALIDOGEN uses technical and organizational security measures to protect the stored personal data against accidental or intentional manipulation, loss, or destruction and against access by unauthorized persons. The EU General Data Protection Regulation, the Data Protection Act 2000, and the Data Protection Amendment Act 2018 stipulate the right to protection of personal data. We process your data exclusively on the basis of legal regulations (GDPR, DSG 2018). With this statement on data protection measures, we would therefore like to provide you with information on the kind of data which we – that is, VALIDOGEN GmbH (hereinafter referred to as “VALIDOGEN”) – may wish to save and how we use such data. 

Should you object to the acquisition, processing, or utilization of your data by VALIDOGEN in keeping with the stipulations of these data-protection provisions, whether entirely or for individual measures, you can send your objection via e-mail or by letter using the contact options below. 

E-Mail: 

mailto:office@validogen.com

Address: 

VALIDOGEN GmbH

Parkring 18

8074 Raaba-Grambach

Austria

2 Website 

2.1 Provision of the Website and Creation of Log Files 

2.1.1 Description and Scope of Data Processing 

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. This data is crucial for delivering the content of our website correctly, optimizing the content of our website as well as its advertisement, ensuring the long-term viability of our information technology systems and website technology, and providing law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. The following types of data are collected:

  • Browser type and version: This helps in optimizing our website to provide the best possible user experience compatible with the browsers most used by our visitors.

  • Operating system used: This information allows us to tailor content specific to the operating systems most prevalent among our users.

  • Internet service provider of the user: Knowing the ISPs helps in understanding the geographic distribution of our service use and optimizing our network configuration.

  • IP address: This is critical for connecting the user's computer to our website, and may be used for diagnostic and security purposes, such as identifying the source of malicious activities.

  • Date and time of access: Timestamps help in identifying the time when our services are most used and plan our server capacity accordingly.

  • Websites accessed by the user's system through our website: Tracking the navigation path helps in improving the user interface and the logical structure of our website.

It is important to note that this data is not stored together with other personal data of the user. Our system stores these logs temporarily for a maximum period necessary to achieve the purpose of their collection, after which they are deleted. Storage beyond this period may occur in individual cases if required by law.

2.1.2 Purpose of Data Processing 

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. To do this, the user's IP address must remain stored for the duration of the session. The log files are saved to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context. 

2.1.3 Legal Basis for Data Processing 

The legal basis for the temporary storage of the data is Art 6 para 1 lit f GDPR (legitimate interests). 

2.1.4 Duration of Storage 

Data from log files is retained only as long as necessary to fulfill the specified purposes for which it was collected. Specifically, this data is used to ensure the proper functioning and security of our website, as well as to optimize its performance, which are considered our legitimate interests under GDPR.

To meet these objectives, your data is automatically deleted after a maximum retention period of two months unless a longer retention is legally required or justified. Extended retention may occur in cases such as legal disputes or ongoing investigations where data is held as evidence, or when required by regulatory authorities for audit and compliance purposes.

2.2 Contact Form / Email Contact 

2.2.1 Description and Scope of Data Processing 

When you contact us via the options made available (e.g. contact form, telephone, e-mail, or social media), your information will be processed and stored by us to answer your inquiry. Your data will not be collected or shared without your consent. 

2.2.2 Purpose of Data Processing 

We handle your data to fulfill (pre-) agreed obligations or because of our legitimate interest in processing and answering inquiries from customers, interested parties, and partners. 

2.2.3 Legal Basis for Data Processing 

The statutory basis for the processing of the data is Art 6 para 1 lit a GDPR (consent) as well as Art 6 para 1 lit f GDPR (legitimate interests). 

2.2.4 Duration of Storage 

Your data will be kept for the duration of the handling process depending on the occurrence. 

2.3 Application Process 

2.3.1 Description and Scope of Data Processing 

We process data received from you during the application process. This includes data such as your name, address, contact data (e-mail address, phone number), date of birth, résumé, letter of motivation, and credentials. 

2.3.2 Purpose of Data Processing 

A processing of your data takes place for the purpose of the storage, evaluation, allocation, and transmission of your application. 

2.3.3 Legal Basis for Data Processing 

The legal basis for the temporary storage of the data is Art 6 para 1 lit f GDPR (legitimate interests). 

2.3.4 Duration of Storage 

If your application is rejected, your data will be stored for seven (7) months from the rejection. After this period of time, your data will be deleted. If your application is successful and you are offered an application interview, your data will be deleted after three (3) years. If you are offered a position at VALIDOGEN the necessary data will be adopted into the applicable system. In this case, you will receive a separate data protection notice. 

2.4 Newsletter 

2.4.1 Description and Scope of Data Processing 

You can sign up for our newsletter on the website using the double-opt-in procedure. After registration, you will receive an e-mail requesting confirmation of your registration. You can unsubscribe or change your subscription preferences anytime. You agree that your personal data will be stored and processed by VALIDOGEN GmbH, Parkring 18, 8074 Raaba-Grambach, for the purpose of sending promotional newsletters. This consent can be revoked at any time by writing to VALIDOGEN GmbH, Parkring 18, 8074 Raaba-Grambach, or by e-mail to office@validogen.com

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address is therefore stored for as long as the subscription to the newsletter is active. 

2.4.2 Use of an External Mailing Service Provider 

For sending and managing our newsletters we use processors. These have committed themselves to comply with the applicable data protection regulations. A Data Processing Agreement (according to Article 28 with MailChimp) was concluded. The newsletter is sent using "MailChimp", a newsletter delivery platform from the US provider The Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA. The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on MailChimp's servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. According to its own information, MailChimp can also use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and presentation of the newsletter, or for economic purposes to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them themselves or to pass the data on to third parties. We trust in the reliability and the IT and data security of MailChimp. We have concluded a “data processing agreement” with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process it in accordance with its data protection regulations on our behalf and, in particular, not to pass it on to third parties. You can find more information on MailChimp’s use of cookies at https://mailchimp.com/legal/cookies/, and you can learn more about data protection at MailChimp (Privacy) at https://mailchimp.com/legal/privacy/

 

2.4.3 Purpose of Data Processing

The collection of the user's email address serves to deliver the newsletter. 

2.4.4 Legal Basis

The data processing takes place on the basis of the legal regulations of Art 6 para 1 lit a GDPR (consent), as well as Art 6 para 1 lit b (the necessity of the contract fulfillment). 

2.4.5 Duration of Storage 

Principally, the data stays permanently saved on MailChimp’s servers and is deleted only when you request it. You can have your contact information with us deleted. This permanently removes all your personal data for us and anonymizes you in MailChimp’s reports. However, you can also request the deletion of your data permanently at MailChimp. Then all your data are removed from there and we receive a notification from MailChimp. After we receive the email, we have thirty (30) days to delete your contact from all integrations. 

2.4.6 Objection and Removal Possibility 

Subscription to the newsletter may be terminated at any time by the user concerned. For this purpose, there is a corresponding link in each newsletter.

3 Cookies, Other Tracking Tools, and Web Analytics

3.1 Description and Scope of Data Processing

By visiting our website, you will be prompted to consent to our use of cookies according to the options provided in our cookie consent tool. It is important to note that you have full control over the acceptance of cookies and can refuse them through your browser settings. For detailed instructions, please refer to your browser manufacturer's guidelines. Opting out of certain technical and functional cookies may impact the functionality of our website. Some cookies may remain on your device until you choose to delete them.

3.2 Use of Cookies

Cookies are small text files stored in your device’s local browser cache. They enable our website to recognize your browser to optimize and simplify your experience. They enhance site usability by storing settings and preferences to avoid repetitive input. Importantly, cookies by themselves do not identify you personally; they merely recognize your browser. While most browsers accept cookies by default, you can alter settings to prevent automatic cookie storage, or to receive notifications before a cookie is stored.

3.3 Third-Party Cookies

Third-party cookies are set by external websites whose services we use, such as social sharing buttons that allow you to share content across social networks. While these cookies follow the regulations stated in our privacy policy, it is important to recognize that third-party sites may also collect information about your broader internet usage as part of their own data processing activities.

3.4 Managing Cookies

You have the option to disable or manage cookies through your browser settings:

  • Chrome: Manage cookie settings under the Privacy section of Settings; you can delete specific cookies or clear all cookies, and configure settings to block or allow cookies on a case-by-case basis.

  • Internet Explorer: Cookie settings are available under Internet Options in the Tools menu, via the Privacy tab. The Privacy settings slider allows you to choose from several levels of cookie acceptance from blocking all cookies to accepting all cookies.

  • Firefox: Manage cookie settings in the Options window’s Privacy panel. Firefox allows you to accept or deny cookie storage requests and delete cookies automatically when you close the browser.

For more information on cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org for detailed guidance.

3.5 CCM19 Cookie Consent Tool Privacy Policy

Description and Scope of Data Processing

CCM19 is an advanced cookie consent management tool that we use on our website to manage user consents for cookies and similar tracking technologies. This tool helps ensure that we comply with legal regulations by capturing and storing consent from our users. Data processed by CCM19 typically includes:

  • Consent statuses: Tracks and records users' consent choices regarding cookie use on our website.

  • Timestamps: Logs the time when the consent was given, providing a clear audit trail.

  • User identifiers: Uses anonymized or pseudonymized identifiers to uniquely distinguish between returning users and new users without revealing personal identity.

  • Browser and device information: Collects data about the user's device and browser to ensure the correct functionality of the consent tool across different platforms and environments.

This data is critical for enabling transparent and lawful tracking and analytics on our website.

3.5.1. Purpose of Data Processing

The use of CCM19 enables us to:

  • Ensure legal compliance: Properly managing cookie consents helps us comply with GDPR, ePrivacy Directive, and other relevant data protection regulations.

  • Enhance user trust and transparency: By providing clear choices and consent mechanisms, we foster trust and transparency with our website visitors.

  • Customize user experience: Based on consent preferences, we can customize and optimize the user experience on our website, ensuring users see relevant content without compromising privacy.

3.5.2 Legal Basis

The processing of data via CCM19 is based on Article 6(1)(c) of the GDPR (Legal Obligation), which requires compliance with legal standards for privacy and data protection. Additionally, where applicable, processing is also based on Article 6(1)(a) of the GDPR (Consent) as users explicitly provide their consent through the tool.

3.5.3 Duration of Storage

Consent data collected through CCM19 is stored for as long as necessary to maintain compliance with legal obligations and to provide proof of consent. Typically, this is for a period of up to two years, after which the data is reviewed and deleted if no longer needed.

3.5.4 Data Security

Data collected by CCM19 is protected with industry-standard security measures, including encryption and secure data storage practices. Regular audits are conducted to ensure the integrity and security of the consent data.

3.6 Google Tag Manager Privacy Policy

3.6.1 Description and Scope of Data Processing

Google Tag Manager (GTM) is a tag management system provided by Google LLC, that allows us to quickly and easily update tags and code snippets on our website, such as those intended for traffic analysis and marketing optimization, without needing to modify the underlying code. While GTM itself does not collect or store personal data, it facilitates the triggering of other tags which may collect data.

 

Key functions include:

  • Management of Tags: GTM manages the tags for tracking tools and analytics platforms like Google Analytics.

  • Triggering of Scripts: Based on user interactions, it can trigger specific scripts that may collect data as part of their operations.

  • Handling of Tag Configurations: Stores configurations and settings for the tags it manages, ensuring they operate correctly according to user consents.

3.6.2 Purpose of Data Processing

The primary purpose of using Google Tag Manager is to streamline the process of script and tag management on our website. Specific benefits include:

  • Efficiency: Facilitates faster and more efficient updating of tracking codes and associated scripts, which enhances our ability to collect and analyze user data responsibly.

  • Control and Flexibility: Provides better control over how tracking scripts are deployed and interact with user data, especially concerning user consent preferences.

3.6.3 Legal Basis

The deployment of Google Tag Manager on our website is based on Article 6(1)(f) of the GDPR (Legitimate Interests). Our legitimate interest lies in managing website scripts efficiently, ensuring accurate and effective deployment of functionality that improves user experience, and our understanding of website traffic patterns.

3.6.4 Duration of Storage

As Google Tag Manager does not store personal data, the duration of storage does not apply to this tool directly. However, the tags managed by GTM may collect and store data, and thus, the storage period for the data collected by these tags is determined by the specific settings of each tag.

3.6.5 Data Security

While Google Tag Manager itself does not collect or store personal data, it implements robust security measures to manage the configuration and triggering of tags securely. 

3.7 Google Analytics 4 Privacy Policy

3.7.1 Description and Scope of Data Processing

Google Analytics 4 (GA4) is a powerful web analytics service provided by Google LLC, based in Mountain View, CA, USA. This service is used on our website to collect, compile, and analyze data about the behavior of visitors. By deploying GA4, we can track interactions across our website which includes:

  • User interactions such as page views, button clicks, and other user actions that help us understand user engagement.

  • Device and browser information: Understands what devices and browsers our visitors are using, which helps in optimizing our website accordingly.

  • IP address and geographic location: Although the IP address is anonymized, the approximate location (city level) helps us understand geographical distribution of our audience.

  • Referrer URL: Tracks where users are coming from, whether from search engines, direct links, or website referrals.

  • Data on the source of traffic: Differentiates between the types of traffic, such as organic search, direct visits, and referrals from other websites.

This data is processed on Google’s servers and is used to compile reports on website activity, user interactions, and other metrics.

3.7.2 Purpose of Data Processing

The use of Google Analytics 4 is instrumental for continuous improvement of our website and to better understand how visitors interact with our site. Specifically, GA4 helps to:

  • Enhance user experience: By understanding how users interact with the site, we can make informed decisions on design and functionality improvements.

  • Optimize marketing strategies: Analyzing sources of traffic and user engagement with content helps in refining our marketing efforts.

  • Make data-driven decisions: Aggregate data and insights allow us to adjust our website to better meet the needs of our visitors.

3.7.3 Legal Basis

The processing of data via Google Analytics 4 is based on Article 6(1)(f) of the GDPR (Legitimate Interests). Our legitimate interest lies in having detailed insights into the behavior of website visitors which assists in strategically enhancing our website and its content.

3.7.4 Duration of Storage

Google Analytics 4 data is retained for a period that best serves the purpose of analysis, typically for 14 months, the default retention period for user-level and event-level data stored by Google Analytics. This duration can be adjusted based on our needs and compliance requirements. After this period, the data is deleted automatically or anonymized.

Data privacy and security are paramount, and as such, GA4 is configured to use IP anonymization to protect user privacy. Users can also control the storage of cookies and use browser plugins to opt out of data collection by Google Analytics.

 

3.8 Google Ads Conversion Tracking Privacy Policy

3.8.1 Description and Scope of Data Processing

We utilize Google Ads, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to place advertisements on our website. When a user clicks on one of our Google Ads, a "Conversion" cookie is set by Google Ads. This cookie allows us to collect data related to the user's interactions with the ad, such as:

  • User's name (if provided during the interaction).

  • Actions taken by the user in response to the ad: This includes any clicks on the advertisement that lead to our website.

This data collection enables us to analyze the effectiveness of our advertising campaigns through Google's platform.

3.8.2 Purpose of Data Processing

The primary purpose of using Google Ads Conversion Tracking is to effectively market our products and services online. By analyzing how users interact with our ads, we aim to:

  • Enhance targeting and relevance of our advertisements.

  • Increase the visibility of our offers to potential customers.

  • Optimize our marketing strategies to attract a broader audience based on the performance data from these ads.

3.8.3 Legal Basis

The processing of personal data through Google Ads Conversion Tracking is based on Article 6(1)(f) of the GDPR (legitimate interests). Our legitimate interest lies in the targeted advertising of our products and services, which supports the growth and sustainability of our business.

3.8.4 Duration of Storage

The data collected via the "Conversion" cookie is retained by Google for a period of thirty (30) days, after which it is automatically deleted. This ensures that personal data is not stored indefinitely on Google's servers. Additionally, other cookies used by Google Ads are retained for a maximum of three (3) months, ensuring a balance between effective marketing and data privacy.

3.9 LinkedIn Privacy Policy

3.9.1 Description and Scope of Data Processing

Our website incorporates social plugins from LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. These plugins enhance connectivity and interaction with the LinkedIn social network. When you interact with these plugins (e.g., by clicking a LinkedIn share button), LinkedIn collects information including:

  • IP address: Essential for connecting your device to LinkedIn.

  • Login data: Information related to your session when logged in to LinkedIn.

  • Device information: Details about the device you use, enhancing service compatibility.

  • Internet or cellular provider information: General connectivity data.

  • Active impressions: Data collected when you engage with a plugin, such as sharing content.

If you are logged into your LinkedIn account while interacting with our website, this data is also associated with your personal LinkedIn profile.

3.9.2 Purpose of Data Processing

The integration of LinkedIn plugins allows you to share content directly from our website to your LinkedIn profile or view our LinkedIn page directly. This functionality:

  • Enhances user engagement by simplifying content sharing.

  • Supports our marketing efforts by enabling the dissemination of content on LinkedIn, thereby reaching a broader audience.

  • Targets potential advertising more effectively, ensuring that promotions are displayed to users who have shown interest in our website or similar content.

3.9.3 Legal Basis

The processing of data through LinkedIn plugins is based on Article 6(1)(a) of the GDPR, which involves the user's consent. By interacting with LinkedIn plugins, you consent to the data processing activities described.

3.9.4 Duration of Storage

LinkedIn retains the data collected via its plugins as long as necessary to provide its services effectively. If you delete your LinkedIn account, associated data is typically deleted within thirty (30) days. However, LinkedIn may store some anonymized data indefinitely for analytical and operational purposes.

3.9.5 Access of Account Data

You can view and manage the data LinkedIn collects about you by visiting the Settings & Privacy section under your profile icon on LinkedIn. There, navigate to Data Privacy and review how LinkedIn uses your data. Additionally, you can control data processing preferences directly through your browser settings, including cookie preferences. For more comprehensive information on LinkedIn’s data practices, visit LinkedIn's Privacy Policy.

 

4 Your Rights 

If personal data is processed by you, you are the affected person within the meaning of the GDPR and you are entitled to the rights described below.

4.1 Information 

You have the right to receive information from VALIDOGEN at any time as well as confirmation of personal data stored about you and a copy of this data. 

4.2 Correction 

You have the right to rectification and/or completion if the personal data you process is incorrect or incomplete. 

4.3 Restriction of Processing 

You have the right to request the restriction of processing if one of the following conditions is met: 

• The accuracy of your personal information is contested by you for a period of time that allows VALIDOGEN to verify the accuracy of your personal information. 

• The processing is unlawful, you refuse the deletion of personal data and instead require the restriction of the use of personal data. 

• We no longer need your personal information for processing purposes, but you need it to assert, exercise, or defend your rights. 

• You have objection to the processing according to Art 21 para 1 GDPR and it is not yet clear whether our legitimate reasons prevail over yours. 

 

 

4.4 Deletion 

You have the right to have your personal data deleted without delay, if any of the following is true and if processing is not required: 

• The personal data has been collected for such purposes or otherwise processed for which they are no longer necessary. 

• They revoke their consent on which the processing was based and lack any other legal basis for the processing. 

• You object to the processing in accordance with Art 21 para 1 GDPR, and there are no legitimate reasons for the processing, or you object to the processing in accordance with Art 21 para 2 GDPR. 

• The personal data were processed unlawfully. 

• The deletion of personal data is required to fulfill a legal obligation under EU or national law to which we are subject. 

4.5 Data Portability 

You have the right to receive personally identifiable information you provide VALIDOGEN in a structured, common and, machine-readable format. You also have the right to transfer this data to another person without hindrance. In exercising this right, you also have the right to obtain that personal data relating to you are transmitted directly by VALIDOGEN to another person responsible, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected. 

4.6 Objection 

You have the right to object at any time to the processing of personal data relating to you which is "only" based on legitimate interests of VALIDOGEN or third parties (Art 6 para 1 lit f GDPR). In the event of an objection, we will no longer process personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights, and freedoms, or the processing is for the purpose of asserting, exercising, or defending legal claims.

4.7 Revocation of Consent 

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. 

4.8 Right to File a Complaint 

You also have the right to file a complaint with the Austrian Data Protection Authority (Barichgasse 40-42, 1030 Vienna, e-mail: dsb@dsb.gv.at). 

Please contact VALIDOGEN regarding your rights under office@validogen.com or write to: VALIDOGEN GmbH, Parkring 18, 8074 Raaba-Grambach. 

Ee do not process data of people aged below 14. By submitting your consent, you confirm that you have reached the age of 14 or that the consent of your legal representative has been obtained.

4.9 Changes to this Privacy Policy 

We may need to update this policy from time to time. We will do our best to notify you about significant changes by placing a prominent notice on our site. 

5 Contact 

If you have any problems, questions, or suggestions, please feel to contact us:

Corporate Privacy Officer at VALIDOGEN GmbH 

Thomas Purkarthofer, CEO 

Parkring 18, 8074 Raaba-Grambach, Austria 

phone.: +43 316 4009 4000 

mail: office@validogen.com

© VALIDOGEN GmbH, Raaba-Grambach, Austria, Last Update June 2024