Privacy

Table of Content

1. Identity of labfolder
2. What information do we collect?
3. What do we use your information for?
4. Legal basis
5. How do we protect your information?
6. Do we disclose any information to outside parties?
7. Third party links
8. Where do we store the information?
9. Access, data portability, migration, and transfer back assistance
10. Request for rectification, restriction or erasure of the personal data
11. Data retention
12. Accountability
13. Cooperation
14. Terms of Service
15. Your consent
16. Changes to our privacy policy
17. Complaint

Your privacy is important to labfolder GmbH (“labfolder”). This Privacy Policy covers what we collect and how we use, disclose, transfer and store your information.

__________________________________________________________________________________________________________________________________________

1. Identity of labfolder

If there are any questions regarding this Privacy Policy you may contact us using the information below.

labfolder GmbH
Elsenstrasse 106
12435 Berlin
Germany
Company registered at Amtsgericht Charlottenburg – HRB 149204 B

You may submit inquiries regarding personal data protection, privacy and security matters to our Data Protection Officer by emailing dataprotection@labfolder.com.

__________________________________________________________________________________________________________________________________________

2. What information do we collect?

If you choose to visit, register on our website, or use our electronic lab notebook (“Service”), the following categories of data to and on behalf of you will be processed:

“Cookie configuration data”

Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser that enables the sites or service providers systems to recognize your browser and capture and remember certain information. Cookies help us to make your website visit easier, more comfortable, more informative, and useful.

When you first visit our website, you will be asked to review our Cookie declaration, and then either accept or reject our cookies. We collect your input through our cookie consent manager (“Cookiebot”).

Our cookie declaration gets updated every month and can be reviewed at https://www.labfolder.com/cookies/. You can also withdraw your consent at any time on the same page.

“Website visitor data”

If you choose to accept cookies on our website, the following information will be temporarily stored:

Your IP address, which will never be linked to other personal user information. IP addresses will be anonymised to make any assignment of IP address data to user data impossible (IP masking).
Your language preferences your location (country & city)
Which pages on labfolder you visit
How long you stay on each visited page
Whether you have been to this page before
Your device and operating system settings (browser type, operating system, service provider, screen resolution)
Date and time of server requests
Referrer-URL (previously visited web page)

“Account data”

If you choose to register for an account of our Service, place an order, subscribe to our newsletter or contact us via email or contact form, basic contact details are collected such as:

E-mail address
Name of your contact person
Job title
Gender
Company name
Address
Phone number
VAT number
Preferred language and currency
Timezone
Any purchase order number
Any e-mail address of invoice receivers
Masked credit card or bank account details

You will be informed by labfolder about important changes concerning the Service, such as the implementation of additional functions, by e-mail, if you are a labfolder user or subscribe to labfolder’s newsletter.

“System data”

If you choose to register for and use our Service, you will be automatically generating system data related to the usage of labfolder’s Service. These are being collected for statistical information and to provide smooth functionality of our Service. These collected data include:

Duration of membership/registration
Number of uploaded files
Number of entries
Number of group entries
Last date of activity on labfolder
Further statistical data, if applicable.

“File and content data”

If you choose to register for and use our Service, you may be creating content or upload files of different formats (Excel, Word, pdf, other). labfolder and its employees do not have viewing rights to the content of any data or files that you enter, upload, download, administer, or handle in any other way within the digital lab notebook provided by labfolder. Exceptions will be made only with your explicit consent or after your explicit request, or after you explicitly granted access to your content by publication of your data.

__________________________________________________________________________________________________________________________________________

3. What do we use your information for?

Any of the information we collect from you may be used for one or more of the following purposes:

3.1. To personalize your experience (the information will help labfolder better respond to your individual needs);

3.2. To improve our website (labfolder continually strives to improve our website offerings based on the information and feedback we receive from our customers);

3.3. To identify you as a contracting party; and for fulfilling the contract with you;

3.4. To enable secure login to and secure usage of our Service;

3.5. To establish a primary channel of communication with you;

3.6. To enable labfolder to issue valid invoices and to process transactions;

3.7. To send periodic e-mails (The e-mail address you provide, may be used to send you information and updates pertaining to your order (if relevant), in addition to receiving occasional newsletters (if accepted), company news, updates, related product or service information, etc.)

If at any time you would like to unsubscribe from receiving newsletters, you can unsubscribe via a link at the bottom of each newsletter or via www.labfolder.com/unsubscribe.

__________________________________________________________________________________________________________________________________________

4. Legal basis

4.1. EU General Data Protection Regulation (GDPR)

The processing of your data is either based

on your consent,
on the necessity of the data for the performance of a contract to which you are a party,
on the necessity to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).

If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information in clause 1.

In order to enter into a contract regarding the use of labfolder’s Service, you must provide us with the required personal data. If you do not to provide us with all the required information, we will not be able to deliver the Service.

4.2. California Online Privacy Protection Act Compliance

Because labfolder values your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute any personal information to outside parties without your consent except as stated in clause 6.

4.3. Children’s Online Privacy Protection

labfolder will not intentionally collect any information from anyone under 16 years of age. Our website, products and services are all directed at people who are at least 16 years old or older.

__________________________________________________________________________________________________________________________________________

5. How do we protect your information?

labfolder implements the following technical, physical and organizational measures to maintain the safety of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access and against all other unlawful forms of processing.

5.1. Availability

The Service utilizes the extensive features of the cloud environment to ensure high availability, like full redundancy, load balancing, automatic capacity scaling, automated data backup with a traffic manager for automatic geographical failover on datacenter level disasters. All failover mechanisms are fully automated.

No personal data is stored permanently outside labfolder’s cloud platforms. The physical security is thereby maintained by labfolder’s subcontractors, see clause 6.

5.2. Integrity

To ensure integrity, all data transits are encrypted to align with best practices for protecting confidentiality and data integrity. For data in transit, the Service uses industry-standard transport protocols between devices and datacenters and within datacenters themselves.

All supplied credit card information is transmitted via TLS (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those who are authorized to access such systems and who are required to keep the information confidential.

Nonetheless, we cannot guarantee that transmissions of your credit or debit card account information or your other information will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by labfolder or our third-party service providers.

5.3. Confidentiality

All labfolder personnel are subject to full confidentiality and any subcontractors and subprocessors are required to agree to confidentiality in the agreement between the parties.

5.4. Transparency

labfolder will at all times keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used.

5.5. The ability to intervene

labfolder enables your rights of access, rectification, erasure, blocking and objection, by offering the option to send instructions through labfolder’s Data Protection Officer (dataprotection@labfolder.com), and also by informing about and offering the customer the possibility of objection when labfolder is planning to implement changes to relevant practices and policies.

5.6. Monitoring

System performance and availability is monitored from both internal and external monitoring services. Administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made.

5.7. Personal Data breach notification

In the event that any personal data is compromised, labfolder will notify competent Supervisory Authority(ies) within 72 hours of becoming aware of the event, by e-mail with information about the extent of the breach, affected data, any impact on the Service and labfolder’s action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.

In the event the personal data breach is likely to result in a high risk to your rights and freedoms, labfolder shall communicate the personal data breach to you via e-mail without undue delay.

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the Service.

5.8 Keeping your information secure

You play an important role in keeping your information secure. You should not share your user name, password, or other security information for your labfolder account with anyone. If we receive instructions using your user name and password, we will consider that you have authorized the instructions.

If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please contact us immediately.

Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third-party access, or other causes beyond our control.

__________________________________________________________________________________________________________________________________________

6. Do we disclose any information to outside parties?

labfolder does not sell, trade or otherwise transfer to outside parties any personally identifiable information.

This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.

We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety. Furthermore, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

6.1 Legally required disclosure

labfolder will not disclose the customer’s data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from labfolder, labfolder strives to limit the disclosure. labfolder will only release specific data mandated by the relevant legal demand.

If compelled to disclose your data, labfolder will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.

__________________________________________________________________________________________________________________________________________

7. Third party links

Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our website and welcome any feedback about these websites.

__________________________________________________________________________________________________________________________________________

8. Where do we store the information?

No stored data will be transferred, backed up and/or recovered by labfolder outside of the European Union. labfolder also requires its subcontractors and subprocessors to either store data in the European Union, or to adhere to the EU-US Privacy Shield.

8.1. Account data location

labfolder stores Account data, System data and File Data associated with its Service in databases and file repositories hosted in an Amazon Web Services data center in Germany. Databases are backed up every day with a retention period of 30 days. Backups are stored on file storage at the same geographical location as the database.

8.2. Installation of software on cloud customer’s system

No installation of software is required to use the Service. The login-protected Service is accessible through a supported standard web browser, automatically using an encrypted https-connection for all communications between your browser and labfolder’s server to protect any data from being intercepted during network transfers.

__________________________________________________________________________________________________________________________________________

9. Access, data portability, migration, and transfer back assistance

You may at any time obtain confirmation from labfolder as to whether or not personal data concerning you are being processed.
You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered within 28 days of the receipt of the request by labfolder as spreadsheet files in CSV-format. labfolder reserves the right to charge for any excessively repeated requests.

__________________________________________________________________________________________________________________________________________

10. Request for rectification, restriction or erasure of the personal data

10.1. Rectification

You may at any time obtain without undue delay rectification of inaccurate personal data concerning you, cf. clause 5.5.

10.2. Restriction of processing personal data

You may at any time request labfolder to restrict the processing of personal data when one of the following applies:

a. if you contest the accuracy of the personal data, for a period enabling labfolder to verify the accuracy of the personal data;

b. if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or

c. if labfolder no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.

10.3. Erasure

You may without undue delay request the erasure of personal data concerning you, and labfolder shall erase the personal data without undue delay when one of the following applies:

a. if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

b. if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;

c. if you object to the processing in case the processing is for direct marketing purposes;

d. if the personal data have been unlawfully processed; or

e. if the personal data have to be erased for compliance with a legal obligation in EU or national law.

__________________________________________________________________________________________________________________________________________

11. Data retention

Cookie configuration data and Website visitor data will be retained as per our cookie declaration. Consent can be withdrawn at any time.

Personal Data which is no longer necessary for retention will be deleted or anonymised without undue delay if requested by the data subject or when identified by labfolder during a quarterly data retention audit. Data is considered to be not necessary for retention if:

There is no legal requirement to retain the data (ex. Tax law)
A contract has been completed or cannot be performed anymore
A created account of labfolder’s Service has been deleted
The data is no longer up to date

You can delete all your labfolder user profile and its associated private data any time by using the respective option in your account settings or by contacting us via https://www.labfolder.com/contact/. After deleting your account data, usage of our services will not be possible with the respective account.

Please note that for scientific data integrity purposes, that shared content and file data that has been created in the context of a group can only be deleted with the permission of the group administrator.

__________________________________________________________________________________________________________________________________________

12. Accountability

labfolder uses the extensive range of built-in logging features and audits trails provided by third party platforms. labfolder also logs all system updates, configuration changes and access to provide an audit-trail if unauthorized or accidental changes are made.

__________________________________________________________________________________________________________________________________________

13. Cooperation

labfolder will cooperate with you in order to ensure compliance with applicable data protection provisions, e.g. to enable you to effectively guarantee the exercise of data subjects’ rights (right of access, rectification, erasure, blocking, opposition), to manage incidents including forensic analysis in case of security breach.

__________________________________________________________________________________________________________________________________________

14. Terms of Service

Please also visit our General Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our Service at www.labfolder.com/terms-of-use.

__________________________________________________________________________________________________________________________________________

15. Your consent

By using our site and/or our Service, you consent to this Privacy Policy.

__________________________________________________________________________________________________________________________________________

16. Changes to our Privacy Policy

If we decide to change our Privacy Policy, we will post those changes on this page, and/or update the Privacy Policy modification date below.

This Privacy Policy was last modified on May 16th, 2018.

__________________________________________________________________________________________________________________________________________

17. Complaint

You may at any time lodge a complaint with the Berlin commissioner for data protection and freedom of information regarding labfolder’s collection and processing of your personal data.