Privacy Policy
Privacy Policy

Our Privacy Policy

1.  How we protect your personal data

This data protection policy (“Policy”) informs you how we (Reaction Biology Corporation) process your Personal Data when you visit our website, order our products, or receive marketing materials from us. “Personal Data” is any information relating to an identified or identifiable natural person (a data subject), such as your name, physical address, IP or email address that we receive either directly from you, or from our affiliated companies. While this Policy refers to the EU General Data Protection Regulation (“GDPR”), we provide the same standard of protection for Personal Data from individuals outside of the European Economic Area (“EEA”).

Who is responsible for the data collection on this website?

The party responsible for the processing of the Personal Data (data controller) is:

Reaction Biology Corporation
One Great Valley Parkway, Suite 2
Malvern, PA 19355

Attn: Customer Service
Phone: +1 877.347.2368
Email: [email protected]

How do we collect your data?

Some Personal Data are collected when you provide them to us to perform our services to you or sell our products online to you. This could be the case, for example, for Personal Data that you provide via an online contact, email contact, or order form.

Other data sets are collected automatically by our IT systems through cookies etc. when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

Server log files
When using the website for information purposes only (i.e. without registration), we only collect the Personal Data that your browser transmits to our server. When you visit the website, we collect the following data, which are technically necessary for us to enable you to visit the website and to ensure stability and security (legal basis is Art. 6 (1) lit. f GDPR). These data sets are:

• Browser type and browser version

• Operating system used

• Referrer URL

• Host name of the accessing computer

• Time of the server request

• IP address

These data sets will not be combined with data from other sources.

The temporary storage of your IP address is necessary in order to enable the delivery of our website to your device. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. In these purposes lies our legitimate interest in data processing. The IP addresses are retained for 30 days. Error logs, which log erroneous page views, are deleted after 7 days. In addition to the error messages, these logs include the accessing IP address and, depending on the error, the website accessed.

What do we use your data for and where do we store them?

We process the personal data of our users only to the extent necessary for the provision of a functional website, its contents, and to provide our services. We process the personal data of our users unless an exception applies due to applicable law. Some of the data are used to analyze how visitors use the site. We do not use your personal data for profiling.

What is the legal basis for data processing under the Policy?

Insofar as we obtain the prior consent of the data subject for processing of personal data, Art. 6 (1) lit. an EU General Data Protection Regulation (“GDPR”) is the legal basis.

If the processing of personal data is necessary for the performance of an agreement to which the data subject is a party, Art. 6 (1) lit. b GDPR is the legal basis. This also applies to processing operations required to carry out pre-contractual measures.

If the processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 (1) lit. c GDPR is the legal basis.

If the processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights, and fundamental freedoms of the data subject do not outweigh the former interest, Art. 6 (1) lit. f GDPR as the legal basis for processing.

How do we receive Personal Data from our affiliated companies in the EEA?

All Personal Data covered by this Policy is stored with us in the United States. We may receive your Personal Data from our affiliated companies or directly from you (e.g. by contacting us via telephone or email) for the purposes listed in this Policy. In order to provide an adequate level of data protection, we have a (controller-to-controller) data transfer agreement with our EEA-based affiliates in place (Art. 46 GDPR) and also incorporated the Standard Contractual Clauses (SCCs) issued by the EU Commission implementing decision 2021/914 of 4 June 2021. Please contact us if you would like to receive more information about these data transfers.

What rights do you have regarding your data?

Under the GDPR, if you are located in the EEA you always have the right to request information about how we process your personal data, their origin, recipients, the length of the storage, and the purpose of the data processing from us at no charge. You also have the right, always within the applicable law, to request that your Personal Data shall be corrected, blocked, transferred, or deleted (“right-to-be-forgotten”). You can contact us at any time by writing an email to us at [email protected] (phone +1 877.347.2368) if you want to exert any of these rights, or if you have further questions about how we handle privacy and data protection.

What are our Analytics and third-party tools?

When visiting our website, statistical analyses may be made of your surfing behavior by cookies, pixels or similar analytical tools. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information and how you are able to object to the processing can be found in Sections 5 to 10 on cookies and tracking in this Policy below.

Promotional emails from us (opt-out)

We will only send you promotional materials if we have your prior consent or if we have received your e-mail address from you in connection with the sale of a good or service and use the email address for direct mail advertising of your own similar goods or services. In both cases, we will always provide you with a possibility to opt-out of such email marketing or to withdraw your consent by writing us at any time at no cost for you.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. We do not warrant complete protection of your Personal Data from third-party access during and after the transmission.

2. Revocation of your consent to the processing of your data

Many data processing operations rely on your express consent, e.g. when you send us inquiries or set up a user account. You may revoke your consent at any time with future effect. An informal email making this request to us at [email protected]) is sufficient to exert your rights. You can also contact us (att. customer service) via regular mail. The data processed before we receive your request may still be legally processed.

3. Right to file complaints with regulatory authorities

Under the GDPR, any data subject in the EEA believing that his/her rights were violated may file a complaint with the competent data protection authorities where you reside. A list of them and their contact details can be found here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

4. SSL encryption

This site uses SSL encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar. If SSL encryption is activated, the data you transfer to us cannot be read by third parties.

5. Cookies and similar web tools

In order to optimize the functionality and usability of the website, we use so-called cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

Cookies that are necessary to allow electronic communications or to provide certain functions you wish to use are processed by us pursuant to Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. We will inform you separately about all cookies by means of which personal data are processed and which are not technically necessary for the provision of the website (e.g. cookies set by third-party companies or cookies used for analysis purposes) within the scope of this privacy policy and only use these personal data with your prior consent (Art. 6 (1) lit. a GDPR).

We use cookies on our website that allow an analysis of users’ browsing behavior. For this purpose, the following data sets may be processed:

(1) Entered search terms

(2) The frequency of page views

(3) Use of our Website Features.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. For this purpose, it is necessary that the browser is recognized even after the user leaves the page. We use cookies for the following applications:

(1) Shopping Basket

(2) Adoption of language settings

(3) Remembering passwords.

Browser Configuration to Reject Cookies

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or always reject them, or automatically delete cookies when closing your browser. You can also individually administer the cookies of many companies and functions that are used for advertising. Use the relevant user tools, which can be found at https://www.aboutads.info/choices or http://www.youronlinechoices.com/uk/your-ad-choices. Disabling cookies may limit the functionality of this website.
In addition, most browsers offer a so-called “Do-not-track function”, with which you can state that you do not wish to be “tracked” by websites. If this function is activated, the respective browser informs advertising networks, websites, and applications that you do not want to be tracked for the purpose of behavioral advertising.

Google Analytics

This website uses Google Analytics, a web analytics service.  The analytics service is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) as the data controller. We use Google Analytics to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user. Google Analytics uses its own cookies for these purposes. If individuals.  If individuals click pages of our Website, the following data may be processed:

(1) The IP address of the calling system of the user

(2) The website

(3) The website from which the user came to the accessed website (referral)

(4) The subpages that are visited from the called web page

(5) The length of stay on the website

(6) The frequency of the stay the website.

The legal basis for the use of Google Analytics and the processing of the users’ personal data is Article 6 (1) lit. a GDPR. You can revoke your consent in whole or in part at any time with effect for the future by changing your cookie settings.

Google offers an opt-out from Analytics as a visitor in form of a browser plugin. You have to activate it in order to not be tracked on any site using Google Analytics. You find the online tool here (German version): https://tools.google.com/dlpage/gaoptout. You can also prevent the collection of your data by Google Analytics and an opt-out cookie will be set to prevent your data from being collected on future visits to this site Disable Google Analytics.

For more information about how Google Analytics handles user data, see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en. If you disable cookies for our website, it may not be possible to use all the functions of the website to the full extent.

Google Ads (formerly Google Adwords)

Our website uses Google Ads, an online advertising program from Google. For Google Ads, the participating advertisers bid on certain keywords in order for their clickable ads to appear in Google’s search results. Google Ads uses its own cookies. When you are logged-in to your Google account, you can use your Ads Settings to manage the Google ads you see and opt out of Ads Personalization (“turn off”). Even if you opt out of Ads Personalization, you may still see ads based on factors such as your general location derived from your IP address, your browser type, and your search terms. If you do not have a Google account, you can use your browser settings (as described below) to administer your cookies.

As part of Google Ads, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.

In addition, each Google Ads advertiser has a different cookie. Thus, cookies cannot be tracked using the website of a Google Ads advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the Google Ads advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.

The legal basis for the use of Google Ads and the processing of the users’ personal data is Article 6 (1) lit. a GDPR. You can revoke your consent in whole or in part at any time with effect for the future by changing your cookie settings.

No Profiling

We do not create user profiles from the information in cookies.

6. Contact form on our website

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question, and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent pursuant to Art. 6 (1) lit. a GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

7. Registration on our website

You can register on our website in order to access additional functions offered here and to offer our products (user account). On our Website, we have a contact form available, which we use for electronic contacts. If a user enters into contact with us through this form, the personal data entered in the input mask are transmitted to us and stored. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will not process your registration.

To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.

We will process the data provided during registration only based on your consent pursuant to Art. 6 (1) lit. a GDPR or if the processing is necessary for the fulfillment of a contract with the user. The personal data will be deleted or fully anonymized if they are no longer necessary for this purpose You may revoke your consent at any time with future effect by informing us via mail or email [email protected]. The data processed before we receive your request may still be legally processed. Even after the end of the contract, there may be a need for us to store personal data of the contracting party in order to comply with contractual or legal obligations.

We will continue to store the data collected during registration for as long as you remain registered on our website or is necessary to provide you with the purchased products. Statutory retention periods (e.g. for bookkeeping and tax reasons) remain unaffected.

8. Data transmitted when entering into a contract with online shops, retailers, and mail order

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks or credit card companies entrusted to process your payments. We will also use your address and names for sending you invoices. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

9. Newsletter data

If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.

We will process any personal data you enter onto the contact form or that you send to us to contact us only (1) with your consent (Art. 6 (1) lit. a GDPR), or (2) if the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Art. 6 (1) lit. b GDPR).

We may process your email address to send you our newsletters to the extent permitted by law. This allows us to send you these newsletters if (1) we have received the email address in connection with the sale of goods or services, (2) we use the address for direct advertising for our own similar goods or services, and (3) you have not objected to the use. In any event, you can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter or by sending an email to us [email protected]. The data processed before we receive your request may still be legally processed. We will process the data provided for the newsletter to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the member’s area) remain unaffected.

10. MailChimp

This website uses the services of MailChimp to send newsletters. This service is provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service that organizes and analyzes the distribution of newsletters. If you provide data (e.g. your email address) to subscribe to our newsletter, it will be stored on MailChimp servers in the USA.

In order to ensure compliance with European privacy standards in the United States, MailChimp’s Data Processing Annex with EU Standard Contract Clauses (SCCs) is part of MailChimp’s Standard terms of use to which we agreed by entering into a contract with MailChimp. MailChimp agrees to abide by and process EU Data in compliance with the SCCs.

We use MailChimp to analyze our newsletter campaigns. When you open an email sent by MailChimp, a file included in the email (called a web beacon) connects to MailChimp’s servers in the United States. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests.

If you do not want your usage of the newsletter to be analyzed by MailChimp, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly on the website.

This data processing is based on your consent (Art. 6 (1) lit. a GDPR). You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed.

The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of MailChimp. Data we have stored for other purposes (e.g. email addresses for the member’s area) remain unaffected.

For details, see the MailChimp privacy policy at https://mailchimp.com/legal/data-processing-addendum/

11. Plugins and tools

This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This allows us to display interactive maps directly on the website and enables you to use the map function conveniently. To ensure data protection on this website, Google Maps is deactivated when you first enter this website. A direct connection to Google’s servers is only established when you independently activate Google Maps (consent according to Art. 6 (1) lit. a GDPR). This prevents your data from being transferred to Google when you first enter the page. After activation, Google Maps will store your IP address. This information is generally transmitted to a Google server in the USA and stored there. The operator of this website has no influence on this data transfer after the activation of Google Maps.

Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/

12. Salesforce Marketing Cloud

Our customer data are managed using Salesforce Marketing Cloud, a service provided by Salesforce.com Inc, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States of America, and its German subsidiary salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich  (hereinafter collectively referred to as “Salesforce”).

Salesforce Marketing Cloud is a CRM system which makes it possible, e.g., to manage existing and potential customers and customer contact details, and to organize our sales, marketing campaigns and communication processes. Beyond that, the use of the CRM system allows us to analyze our customer-related processes.  The customer data are stored on Salesforce’s servers.  During this process, personal data may also be transferred to servers operated by Salesforce in the United States.  The legal basis for the use of Salesforce’s services is Art. 6(1) lit. f GDPR.  We have a legitimate interest in ensuring that our customers are managed and communicated with as efficiently as possible. Provided that we have asked for your consent, your data will be processed exclusively on the basis of Art. 6(1) lit. a GDPR.  Insofar as your consent also extends to the storage of cookies or the access to any information on your device (e.g. device fingerprinting) as outlined in the TTDSG (German Federal Act on Privacy in Telecommunications and Telemedia), your data will furthermore be processed on the basis of Sec. 25 Sec. 1 TTDSG.  You may revoke your consent at any time.

Salesforce has Binding Corporate Rules (BCR) in place which were approved by the French Data Protection Authority. The provisions of the BCR are binding at company level and intended to legitimize the intra-group transfer of personal data between the Salesforce group companies to third-party countries outside the EU and EEA. The BCR can be found at https://www.reactionbiology.com/wp-content/uploads/2023/06/Salesforce-Processor-BCR.pdf. Further details regarding the processing of personal data when using Salesforce’s services can be found in Salesforce’s Data Protection Impact Assessment (DPIA) available at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Privacy/dpia-and-salesforce-services.pdf and in Salesforce’s data privacy notice available at https://www.salesforce.com/de/company/privacy/.

We have entered into an agreement on the commissioned processing of personal data in accordance with Art. 28(3) GDPR with Salesforce (Data Processing Addendum) which can be found at https://www.reactionbiology.com/wp-content/uploads/2023/06/data-processing-addendum.pdf. Through the Data Processing Addendum, Salesforce undertakes that it will only process the data based on our instructions and in accordance with the provisions of the GDPR and to ensure the protection of the rights of the affected data subjects. The Data Processing Addendum also incorporates the standard contractual clauses (EU/2021/914) issued by the European Commission in accordance with Art. 46(2) lit. c) GDPR for establishing the appropriate safeguards prescribed by the provisions of the GDPR for the transfer of personal data outside the EU and EEA.

[Version of November 2022]