1. How we protect your personal data
This data protection policy (“Policy”) informs you how we (Reaction Biology Corporation) process your Personal Data when you visit our website, order our products, or receive marketing materials from us. “Personal Data” is any information relating to an identified or identifiable natural person (a data subject), such as your name, physical address, IP or email address that we receive either directly from you, or from our affiliated companies. While this Policy refers to the EU General Data Protection Regulation (“GDPR”), we provide the same standard of protection for Personal Data from individuals outside of the European Economic Area (“EEA”).
Who is responsible for the data collection on this website?
The party responsible for the processing of the Personal Data (data controller) is:
Reaction Biology Corporation
One Great Valley Parkway, Suite 2
Malvern, PA 19355
Attn: Customer Service
Phone: +1 877.347.2368
Email: dataprotection [at] reactionbiology.de
How do we collect your data?
Some Personal Data are collected when you provide it to us to perform our services to you or sell our products online to you. This could be the case, for example, for Personal Data that you provide via an online contact, email contact, or order form.
Other data sets are collected automatically by our IT systems through cookies etc. when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for and where do we store them?
We process personal data of our users only to the extent necessary for the provision of a functional website, its contents, and to provide our services. We process personal data of our users unless an exception applies due to applicable law. Some of the data are used to analyze how visitors use the site. We do not use your personal data for profiling.
What is the legal basis for data processing under the Policy?
Insofar as we obtain the prior consent of the data subject for processing of personal data, Art. 6 (1) lit. an EU General Data Protection Regulation (“GDPR”) as a legal basis.
If the processing of personal data is necessary for the performance of an agreement to which the data subject is a party, Art. 6 (1) lit. b GDPR is a legal basis. This also applies to processing operations required to carry out pre-contractual measures.
If the processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 (1) lit. c GDPR is a legal basis.
If the processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights, and fundamental freedoms of the data subject do not outweigh the former interest, Art. 6 (1) lit. f GDPR as a legal basis for processing.
How do we receive Personal Data from our affiliated companies in the EEA?
All Personal Data covered by this Policy is stored with us in the United States. We may receive your Personal Data from our affiliated companies or directly from you (e.g. by contacting us via telephone or email) for the purposes listed in this Policy. We have a (controller-to-controller) data protection agreement with our EEA-based affiliates in place (Art. 46 GDPR) to provide an adequate level of data protection. Please contact us if you would like to receive more information about these data transfers.
What rights do you have regarding your data?
Under the GDPR, if you are located in the EEA you always have the right to request information about how we process your personal data, their origin, recipients, the length of the storage, and the purpose of the data processing from us at no charge. You also have the right, always within the applicable law, to request that your Personal Data shall be corrected, blocked, transferred, or deleted (right-to-be-forgotten). You can contact us at any time by writing an email to us at dataprotection [at] reactionbiology.de (phone +1 877.347.2368) if you want to exert any of these rights, or if you have further questions about how we handle privacy and data protection.
What are our Analytics and third-party tools?
When visiting our website, statistical analyses may be made of your surfing behavior by cookies, pixels or similar analytical tools. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information and how you are able to object to the processing can be found in Section 5 to 10 on cookies and tracking in this Policy below.
Promotional emails from us (opt-out)
We will only send you promotional materials if we have your prior consent or if we have received your e-mail address from you in connection with the sale of a good or service and use the email address for direct mail advertising of your own similar goods or services. In both cases, we will always provide you with a possibility to opt-out of such email marketing or to withdraw your consent by writing us at any time at no cost for you.
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. We do not warrant complete protection of your Personal Data from third-party access during and after the transmission.
2. Revocation of your consent to the processing of your data
Many data processing operations rely on your express consent, e.g. when you send us inquiries or set up a user account. You may revoke your consent at any time with future effect. An informal email making this request to us at dataprotection [at] reactionbiology.de) is sufficient to exert your rights. You can also contact us (att. customer service) via regular mail. The data processed before we receive your request may still be legally processed.
3. Right to file complaints with regulatory authorities
Under the GDPR, any data subject in the EEA believing that his/her rights were violated may file a complaint with the competent data protection authorities where you reside. A list of them and their contact details can be found here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
4. SSL encryption
This site uses SSL encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar. If SSL encryption is activated, the data you transfer to us cannot be read by third parties.
5. Cookies and similar web tools
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
(1) Entered search terms
(2) The frequency of page views
(3) Use of our Website Features.
(1) Shopping Basket
(2) Adoption of language settings
(3) Remembering passwords.
This website uses Google Analytics, a web analytics service. The analytics service is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) as the data controller. The legal basis for the processing of the users' personal data is Article 6 (1) lit. f GDPR. If individual click pages of our Website, the following data may be processed:
(1) The IP address of the calling system of the user
(2) The website
(3) The website from which the user came to the accessed website (referral)
(4) The subpages that are visited from the called web page
(5) The length of stay on the website
(6) The frequency of the stay the website.
Google Analytics uses its own "cookies" for these purposes. Google offers an opt-out from Analytics as a visitor in form of a browser plugin. You have to activate it in order to not be tracked on any site using Google Analytics. You find the online tool here (German version): https://tools.google.com/dlpage/gaoptout . You can also prevent the collection of your data by Google Analytics and an opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
Google Ads (formerly Google Adwords)
Our website uses Google AdWords (now Google Ads), an online advertising program from Google. For Google Ads, the participating advertisers bid on certain keywords in order for their clickable ads to appear in Google's search results. Google Ads uses its own cookies. When you are logged-in to your Google account, you can use your Ads Settings to manage the Google ads you see and opt out of Ads Personalization (“turn off”). Even if you opt out of Ads Personalization, you may still see ads based on factors such as your general location derived from your IP address, your browser type, and your search terms. If you do not have a Google account, you can use your browser settings (as described below) to administer your cookies.
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.
In addition, each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.
We do not create user profiles from the information in cookies.
Browser Configuration to Reject Cookies
In addition, most browsers offer a so-called “Do-not-track function”, with which you can state that you do not wished to be “tracked” by websites. If this function is activated, the respective browser informs advertising networks, websites and applications that you do not want to be tracked for the purpose of behavioral advertising.
6. Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These data sets are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data sets will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) lit. b GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
7. Contact form on our website
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question, and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent pursuant to Art. 6 (1) lit. a GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
8. Registration on our website
You can register on our website in order to access additional functions offered here and to offer our products (user account). On our Website, we have a contact form available, which we use for electronic contacts. If a user enter into contact with us through this form, the personal data entered in the input mask are transmitted to us and stored. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will not process your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 (1) lit. a GDPR or if the processing is necessary for the fulfillment of a contract with the user. The personal data will be deleted or fully anonymized if they are no longer necessary for this purpose You may revoke your consent at any time with future effect by informing us via mail or email dataprotection [at] reactionbiology.de. The data processed before we receive your request may still be legally processed. Even after the end of the contract, there may be a need for us to store personal data of the contracting party in order to comply with contractual or legal obligations.
We will continue to store the data collected during registration for as long as you remain registered on our website or is necessary to provide you with the purchased products. Statutory retention periods (e.g. for bookkeeping and tax reasons) remain unaffected.
9. Data transmitted when entering into a contract with online shops, retailers, and mail order
We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks or credit card companies entrusted to process your payments. We will also use your address and names for sending you invoices. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.
The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
10. Newsletter data
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will process any personal data you enter onto the contact form or that you send to us to contact us only (1) with your consent (Art. 6 (1) lit. a GDPR), or (2) if the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Art. 6 (1) lit. b GDPR).
We may process your email address to send you our newsletters to the extent permitted by law. This allows us to send you these newsletters if (1) we have received the email address in connection with the sale of goods or services, (2) we use the address for direct advertising for our own similar goods or services, and (3) you have not objected to the use. In any event, you can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter or by sending an email to us dataprotection [at] reactionbiology.de. The data processed before we receive your request may still be legally processed. We will process the data provided for the newsletter to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the member's area) remain unaffected.
This website uses the services of MailChimp to send newsletters. This service is provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service that organizes and analyzes the distribution of newsletters. If you provide data (e.g. your email address) to subscribe to our newsletter, it will be stored on MailChimp servers in the USA.
MailChimp is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the US to ensure compliance with European privacy standards in the United States.
We use MailChimp to analyze our newsletter campaigns. When you open an email sent by MailChimp, a file included in the email (called a web beacon) connects to MailChimp's servers in the United States. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests.
If you do not want your usage of the newsletter to be analyzed by MailChimp, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly on the website.
This data processing is based on your consent (Art. 6 (1) lit. a GDPR). You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of MailChimp. Data we have stored for other purposes (e.g. email addresses for the member's area) remain unaffected.
12. Plugins and tools
This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) lit. f GDPR.
Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/
[Version of Sept 14th, 2020]