These Privacy Notices provide information on the processing of your personal data in connection with your use of 싸토리우스 Online Offerings, Business Partners and Marketing Communication. The personal data that we collect about you depends on the context of your interactions with us, the products, services, and features that you use, your location, and applicable law.
include any information related to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.1 Controller and Data Protection Officer
싸토리우스 AG, Otto-Brenner-Straße 20, 37079 Göttingen, Germany, e-mail: info@싸토리우스.com ("싸토리우스", "we", "our" or "us"), as controller of personal data, is responsible for the processing of your personal data in connection with your use of a 싸토리우스 website, 어플리케이션 or online service (each a 싸토리우스 Online Offering).
The Data Protection Officer of 싸토리우스 and the 싸토리우스 Group Data Protection Organization is available to you as a contact for all data protection-related matters and for exercising your rights. They may be contacted at dataprotection@싸토리우스.com.
1.2 Processing Purposes, Categories of Personal Data and Legal Basis plus Sources
When visiting a 싸토리우스 Online Offering, 싸토리우스 may process information which you have actively and volun-tarily provided about yourself, or which has been generated by us in connection with your use of 싸토리우스 Online Offerings, and includes the following categories of personal data for the purposes and on the legal bases specified below:
Processing Purposes
Categories of Personal Data
Legal Basis for Processing
1.3 Cookies
In the context of 싸토리우스 Online Offerings, cookies and tracking mechanisms ("Cookies") may be used. If used by us without your consent, these cookies are strictly necessary to provide certain functionalities of an 싸토리우스 Online Offering to you or to provide you with a service that you requested via the 싸토리우스 Online Offering. Other cookies (e.g., cookies for marketing purposes) will only be used if you have given your consent. You can find further information about the use of cookies by 싸토리우스 in the 싸토리우스 Cookie Notice.
1.4 External links
싸토리우스 Online Offerings may provide links to the websites or applications offered and operated bythird parties − providers who are not affiliated with us. After you click the link, we no longer have any influence on the collec-tion, processing and utilization of any personal data that is transferred to third parties after clicking the link (for example, the IP address or the URL of the site on which the link is located), as our control of the conduct of third parties is then naturally withdrawn. We are not responsible for privacy practices or the content of external web-sites or applications.
2.1 Controller and Data Protection Officer
The 싸토리우스 Group company that you are or have, on behalf of yourself or your employer, bought or rented a product or a service from ("싸토리우스 Group company"), as controller of personal data, is responsible for the processing of personal data of (prospective) customers, suppliers, vendors and partners and their representa-tives (each a Business Partner Representative).
For the purpose of this notice, the "싸토리우스 Group" means 싸토리우스 AG and entities directly or indirectly con-trolled by 싸토리우스 AG.
The Data Protection Officer of 싸토리우스 Group company, if appointed, and the 싸토리우스 Group Data Protection Organization are available to you as a contact for all data protection-related matters and for exercising your rights. They may be contacted at dataprotection@싸토리우스.com.
2.2 Processing Purposes, Categories of Personal Data and Legal Bases plus Sources
In the context of your business relationship with the 싸토리우스 Group company, it may process information which you have actively and voluntarily provided about yourself as a Business Partner Representative, or which has been generated by us, and includes the following categories of personal data for the purposes and on the legal bases specified below:
Initiating contact to prepare for, perform, and end a business relationship between 싸토리우스 and the business partner for which you work or possibly with you yourself such as
such as
and
Fraud and money laundering
3.1 Controller and Data Protection Officer
싸토리우스 AG, Otto-Brenner-Straße 20, 37079 Göttingen, Germany, e-mail: info@싸토리우스.com ("싸토리우스", "we", "our" or "us"), as controller of personal data, is responsible for the processing of your personal data if you wish to receive information about our products and services and you subscribe to such marketing communications.
The Data Protection Officer of 싸토리우스 and the 싸토리우스 Group Data Protection Organization is available to you as a contact for all data protection-related matters and for exercising your rights. They may be contacted at .
3.2 Processing Purposes, Categories of Personal Data and Legal Bases plus Sources
Where and as permitted under applicable law, 싸토리우스 may process information which you have actively and voluntarily provided about yourself, or which has been generated by us for marketing communications purposes, and includes the following categories of personal data for the purposes and on the legal bases specified below:
(including satisfaction surveys)
e.g.
as a basis for marketing and market research
싸토리우스 may transfer your Data for the above-mentioned purposes to its Affiliated Companies listed . The provider of the 싸토리우스 marketing automation platform also has the technical ability to access your Data.
You have the right to revoke your consent at any time with effect for the future, for example by using the opt-out mechanism provided in the respective communication you received .
As our business evolves, we may change the structure of our business by changing its legal form, establishing, buying or selling subsidiaries, divisions or components. In such transactions, customer information may be transferred along with the part of the company being transferred. In any transfer of personal information to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Notice and applicable data protection law.
Any disclosure of personal data is justified on the grounds that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary and that your rights and interests in the protection of your personal data are not overridden.
For the purposes mentioned above, 싸토리우스 may transfer or disclose your personal data to:
The recipients of your personal data may be located outside of the country in which you reside. Personal data published by you on 싸토리우스 Online Offerings may be globally accessible to other registered users of the respective 싸토리우스 Online Offering.
싸토리우스 will retain your personal data for as long as reasonably necessary to fulfill the purposes we collected or otherwise process it, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Under applicable data protection law, you may have specific rights in relation to your personal data. In particular, and subject to the statutory requirements, you may have the following data protection rights:
7.1 Applicable law
This section applies and provides you with further information if your personal data is processed by one of our companies located in the European Economic Area.
In these cases the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR), inter alia, applies to the processing of your personal data and the following additions and/or deviations apply to this Privacy Notice:
The legal basis in accordance with the GDPR for the processing of personal data, unless otherwise specified upon collection of the personal data, is:
If we transfer personal data to service providers or 싸토리우스 Group companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU 표준 contractual clauses) are in place. You can request information on this and on the level of data protection at our service providers in third countries using the contact information above.
This section applies and provides you with further information if the processing by one of our companies (i) occurs in Brazilian territory, (ii) concerns the data of individuals located in Brazilian territory, (iii) comprises personal data collected in Brazilian territory or (iv) has as its objective the offer or supply of goods or services to individuals located in Brazilian territory.
In these cases the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados - LGPD) applies to the processing of your personal data and the following additions and/or deviations apply to this Privacy Notice:
8.2 Retention Periods
As allowed under 게시물 16 of LGPD we may retain your personal data to comply with legal or regulatory obligations (such as retention obligations under tax or commercial laws), during the legal statute of limitation period, or for the regular exercise of rights in judicial, administrative or arbitration proceedings.
Additionally to the rights mentioned in this Privacy Notice, you are entitled under LGPD to:
The legal basis in accordance with the LGPD for the processing of personal data, unless otherwise specified upon collection of the personal data, is:
Following the requirements 규명된 in the 게시물 33 of LGPD, in the event that we transfer your personal data outside the Brazilian territory, we ensure that your data is protected in a manner which is consistent with the Brazilian General Data Protection Law, we will follow the applicable law and decisions imposed by the proper authority.
If this section applies, you may also contact our Brazilian Data Privacy Organization at dataprotection.br@싸토리우스.com.
Each 싸토리우스 company established in Canada (“싸토리우스 in Canada Entity“) maintains your personal data on secure servers that are accessible to authorized employees, representatives or agents who require access for the purposes descried in this privacy notice. If you have any questions about how a 싸토리우스 in Canada Entity processes your personal data, including with respect to its use of service providers outside of Canada, or if you would like to exercise any of your rights in respect of your personal data under the control of a 싸토리우스 in Canada Entity, you may contact the 싸토리우스 Group Data Protection Office at .
10.1 Applicable law
This section applies and provides you with further information if the processing by one of our companies is located within the borders of People’s Republic of China (“PRC“) or concerns the data of individuals within the borders of PRC.
In these cases the People’s Republic of China Personal Information Protection Law (PIPL) applies to the processing of your personal data and the following additions and/or deviations apply to this Privacy Notice:
10.2 Processing of sensitive personal information
According to the PIPL, sensitive personal information means personal information that, once leaked or illegally used, may easily cause harm to the dignity of natural persons grave harm to personal or property security, including information on biometric characteristics, religious beliefs, specially-designated status, medical health, financial accounts, individual location tracking, etc. as well as the personal information of minors under the age of 14.
In addition to payment data we will, in principle, not process your sensitive personal information. In case your sensitive personal information will be processed, we will notify you about the necessity of processing and effects on the individual’s rights and interests, and obtain your specific consent if applicable.
10.3 Transfer and disclosure of personal data
Following the requirements 규명된 in the 게시물 23 of PIPL, additionally to the contents mentioned in section 3, we, in principle, will not transfer or share your personal information to third party controllers, unless (1) obtain your specific consent if applicable, or (2) to fulfill the statutory duties under local laws and regulations.
10.4 International Transfer
You acknowledge that your data will be transferred and proceed outside of PRC. We will follow the applicable laws and decisions imposed by the competent authority and ensure that your data is protected in a manner which is consistent with the PIPL. If you or the company you work for is a Business Partner, please be aware that 싸토리우스 is a multi-national company, and for the purpose of concluding or fulfilling the contract/agreement with you or the company you work for, you understand and agree that we may transfer your personal information to foreign affiliated companies.
10.5 Legal Basis of the processing
The legal basis in accordance with the PIPL for the processing of personal data, unless otherwise specified upon collection of the personal data, is:
10.6 Usage by Children
This 싸토리우스 Online Offering is not directed to children under the age of fourteen (14). We will not knowingly collect personal data from children under the age of fourteen (14) without prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent, pursuant to local law and regulations or to protect children.
11.1 Applicable law
This section applies and provides you with further information if the processing by one of our companies is (i) located within the borders of South Africa or (ii) is carried out in South Africa, unless it is only forwarding personal information through South Africa.
In these cases South Africa’s Protection of Personal Information Act, 2013 (POPIA) applies to the processing of your personal data and the following additions and/or deviations apply to this Privacy Notice:
11.2 Processing your personal data
In terms of section 1 of POPIA, “personal data“ or “personal information“ includes “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing, juristic person.“
11.3 Legal Basis of the processing
The corresponding legal grounds and conditions for lawful processing of personal data in South Africa are contained in Sections 8 to 25 of POPIA, and relate to “Accountability“; “Processing limitation“; “Purpose specification“; “Further processing limitation“; “Information quality“; “Openness“; “Security safeguards“ and “Data subject participation“.
The legal basis in accordance with the POPIA for the processing of personal data, unless otherwise specified upon collection of the personal data, is:
11.4 International Transfer
We may transfer your personal data to a place of jurisdiction other than the one in which it was collected and/or need to save it there, and we hereby inform you that this place of jurisdiction may not have comparable data protection legislation.
11.5 Your right to lodge a complain
You have the right to lodge a complaint regarding a breach of POPIA with the information regulator under:
Complaints: complaints.IR@justice.gov.za
General enquiries: inforeg@justice.gov.za
12.1 Applicable law
This section applies and provides you with further information if your personal data is processed by one of our companies located in the United Kingdom under the Data Protection Act 2018 and/or the UK GDPR (meaning Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018).
In these cases the Data Protection Act 2018 and/or the UK GDPR applies to the processing of your personal data and the following additions and/or deviations apply to this Privacy Notice:
12.2 Data Controller
The specific company identified on this page as being the operator of this website is the data controller in the meaning of the UK GDPR for the processing activities described in this Privacy Notice.In the course of our business relationship with you, we may share Business Partner contact information with affiliated 싸토리우스 companies. We and these 싸토리우스 companies are jointly responsible for the proper protection of your personal data (Art. 26 UK GDPR). To allow you to effectively exercise your data subject rights in the context of this joint controllership, we entered into an agreement with these 싸토리우스 companies granting you the right to centrally exercise your data subject rights against 싸토리우스 Aktiengesellschaft, Germany.
To exercise your rights, you may reach out to:.
12.3 Legal basis of the processing
12.4 International data transfers
In the event that we transfer your personal data outside the United Kingdom, we ensure that your data is protected in a manner which is consistent with the UK GDPR. Therefore, and if required by applicable law, we take the following measures:
We transfer personal data to recipients outside the United Kingdom only if the recipient has (i) entered into UK with us, or (ii) implemented in its organization. You may request further information about the safeguards implemented in relation to specific transfers by contacting .
12.5 Your competent data protection authority
In case of data privacy related concerns and requests, we encourage you to contact our Data Privacy Organization at . Besides contacting the Data Privacy Organization, you always have the right to approach the competent data protection authority with your request or complaint. A list and contact details of local data protection authorities is available .
13.1 US residents
If you are a U.S. resident, then please take note of the following:
13.1.1 Do Not Track
At this time our 싸토리우스 Online Offerings do not recognize or respond to “Do Not Track“ browser signals. For more information on “Do Not Track“, please visit your browser’s support page.
13.1.2 Usage by Children
This 싸토리우스 Online Offering is not directed to children under the age of thirteen. We will not knowingly collect personal data from children under the age of thirteen without insisting that they seek prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent, pursuant to local law and regulations or to protect a child.
13.1.3 State Rights
Depending on the US state in which you reside, you may have special rights with respect to your personal data. For information regarding any of those rights, please read below:
13.2 Rights for specific States
13.2.1.1 Scope
This section supplements the above Privacy Notice and sets forth information and describes rights that may be applicable to residents of the following US states:
The purpose of this section is to provide information to residents of these US states, and to notify them of their rights under the law of their state of residence. This section is not applicable to and may not be relied upon by anyone who resides outside of the listed US states. If you reside in one of the listed US states, (a) you may have additional rights with respect to your personal data, and (b) you should note the following.
The Company may, through a variety of online and offline sources, collect the categories of personal information identified below and in the above Privacy Notice:
Such collected information may be used for the purposes described elsewhere within the above Privacy Notice.
We disclose personal information for business purposes. The categories of personal information that we have disclosed for business purposes within the preceding 12 months include:
The categories of third parties with which we may share personal data are described in the above Privacy Notice. Please note that we do not engage in the sale of personal data to third parties at this time.
In order to exercise any rights that may be available to you under the law of the state in which you reside (for example, any rights to deletion or disclosure of personal data or to appeal a decision that we have made with respect to your request), please contact us via .
Please note that any requests may be subject to verification of the identification of the requestor. The method we would use to verify your identity will be different depending on the manner and context in which your data was collected, and may require the provision by you of such personal information as may be necessary to match you to our records of you (if any). Depending on the laws of your state, you may be entitled to use an authorized agent to exercise your rights on your behalf and, if you choose to do so, such an agent may contact us in the same manner as described above, and will also be required to verify their own identity and their authority to act on your behalf.
13.2.2 California
13.2.2.1 Scope
This section applies and provides further information to California residents and notifies them of their rights under California law. This section is not applicable to and may not be relied upon by anyone else besides California residents.
California’s “Shine The Light“ law permits those of our customers who are California residents to annually request a list of their personal data (if any) that we have disclosed to third parties for direct marketing purposes in the preceding calendar year, and the names and addresses of those third parties. At this time, we currently do not share any personal data with third parties for their direct marketing purposes.
The sources from which the personal information may be collected may include:
13.2.2.4 Rights
California residents have the right to request that we delete the personal data that we have collected about that resident. Please note that there are circumstances under which such a right of deletion does not apply, such as where it is reasonable for us to maintain the personal information to:
California residents have the right to request that we disclose, with respect to that resident,
California residents have the right to request correction of inaccurate personal information.
To exercise the rights that may be available to you as described above, please contact us at .
You have the right not to be discriminated against by us for exercising any of these rights.
Status of this Privacy Notice: July 2023
Please select your country so we can show you products that are available for you.
The content of our website is always available in English and partly in other languages. Choose your preferred language and we will show you the content in that language, if available.