Privacy statement

Privacy statement

Thank you for your interest in our company and our products. Miltenyi Biotec takes the protection of your personal data very seriously. Due to statutory provisions, we are obliged to inform you about the type, scope and purpose of the collection and use of personal data. Therefore, we would kindly ask you to acknowledge the following information.
This Privacy Statement describes and governs the information collection, use, and sharing practices of Miltenyi Biotec and its corporate affiliates, subsidiaries, and divisions as may change from time to time (collectively, “Miltenyi,” “we,” “us,” and “our”) with respect to Miltenyi’s websites, mobile applications, and other services, irrespective of digital or analog, that link to this Privacy Statement (together, the “Services”).
Before you submit any information on or through the Services, please carefully read this Privacy Statement. By using any part of the Services, you consent to the collection, use, and disclosure of your information as further outlined in this Privacy Statement. We will continue to evaluate this Privacy Statement as we update and expand the Services and our offerings, and we may make changes to the Privacy Statement accordingly. Any changes will be posted here and you should check this page periodically for updates. Your continued use of the Services will signify acceptance of the terms of the updated Privacy Statement.
Please note that this Privacy Statement applies to information collected through the Services and to information collected offline but not to information you may provide to any third-party sites to which Miltenyi may link, except as expressly provided herein. This Privacy Statement applies regardless of the device used to access the Services (e.g., personal computer, mobile device, consumer electronics device, or any other technology or software known today or developed in the future). Some services offered by or affiliated with Miltenyi may be governed by a separate privacy statement. In those instances, the product-specific privacy statement shall apply to that service.

1. Name and address of the controller

The following body is responsible according to the statutory provisions related to data privacy and data protection:

Miltenyi Biotec B.V. & Co. KG
Friedrich-Ebert-Straße 68
51429 Bergisch Gladbach
Germany

Phone: +49-2204-8306-0
Fax: +49-2204-85197
E-Mail: macs@miltenyibiotec.de

2. Name and address of the data protection officer

The following person is the designated data protection officer of the controller: If you have any problems, questions or ideas, please contact:

Data Privacy Officer / Datenschutzbeauftragter
Miltenyi Biotec B.V. & Co. KG
Friedrich-Ebert-Strasse 68
51429 Bergisch Gladbach
Germany
E-Mail: dataprivacy-MiltenyiBiotec@legitimis.com

If you like to know what data we have stored about you please forward your request to this mail box:
dataprivacyRfI@miltenyibiotec.de.

3. General Information on data processing

a. Scope of the processing of personal data

We collect and use personal data of our users only to an extent which is necessary to provide a functional website as well as display our content and provide our Services. The collection and usage of personal data of our users is generally based on the consent of the user. An exemption is made in these cases where obtaining consent is not possible based on factual grounds or where statutory provisions allow the usage of personal data.

b. Legal basis for the processing of personal data

Where the data subject gives a consent, this consent is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. a Regulation(EU) 2016/679)

Where the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, this necessity is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. b Regulation(EU) 2016/679)

Where the processing is necessary for compliance with a legal obligation to which the controller is subject, this necessity is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. c Regulation(EU) 2016/679)

Where the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party and where the interests or fundamental rights and freedoms of the data subject which require protection of personal data are not outweighed, this necessity is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. f Regulation(EU) 2016/679).

c. Processing of special categories of personal data

If we need to process special categories of personal data (i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation) and will ask for your consent in each case separately.

d. Transfer of personal data within the Miltenyi Group

Miltenyi processes personal data, like customer data and employee’s personal data, outside the EU and the EEA, so called third countries, in particular in the countries where our affiliated companies are seated, if required for internal administrative purposes or for the performance of a contract. We process the personal data according to a group company data processing agreement based on the EU Standard contractual clauses and in compliance with applicable laws. If we use service providers in a third country, they are obligated to comply with the data protection level in the EU by agreement of the EU standard contractual clauses. The transmitting personal data within the Miltenyi group for internal administrative purposes, including the processing of customers’ or employees’ personal data is our legitimate interest. This necessity is the legal basis for the processing of personal data (Art. 6 Abs. 1 lit. f and recital 48 Regulation(EU) 2016/679).

e. Erasure and storage period

The personal data of the data subject is erased or the processing is restricted as soon as the data is no longer necessary in relation to the purposes for which they were collected.
Personal data may also be stored where Union law or Member State law to which the controller is subject allows such storage. The personal data of the data subject is erased or the processing is restricted as soon as a storage period runs out except for the cases where there is a necessity of storage of the personal data for the performance of a contract or to comply with statutory law requirements.

4. Provision of the Services and the creation of logfiles

Whenever you use our Services, our webserver automatically stores data of the client computer. The following data is collected

  • Information on the browser and its version
  • The computer operating system
  • The Internet Service Provider
  • The IP-address
  • Date and time
  • Referring website
  • Websites which are visited through our system

This data is stored in the logfiles of our webserver. This data is not combined with other personal data of our users.

The legal basis for this storage are our legitimate interests in such storage (Art. 6 Abs. 1 lit. f Regulation(EU) 2016/679).

The data is stored to maintain the functionality of our Services. The data is also used to optimize our Services and maintain the security of our webserver. The data is erased after 10 days. A longer storage may occur, but in this case IP-addresses of the user are anonymized or deleted.

The collection and storage of personal data is necessary to provide our Services. Thus, an objection by the data subject is not possible.

Furthermore, the IP-address is used to automatically detect the geographical region of the user. Based on this localization, the Services are automatically tailored to the user, i.e. language settings for the region of the user. This usage of the data creates a better user experience on our Services.

5. Usage of Cookies

Our website uses Cookies. Cookies are small text files that are stored in the browser of the user or stored by the browser on the computer system of the user. Whenever a user visits our website, a cookie may be stored. This cookie contains of a characteristic string which allows the identification of the user the next time he visits our website.

The following data is stored in our cookies:

Cookie group Name Description Duration
Technically required
cookieConsent Saves information which cookies and cookie groups have been accepted. 1 year
Statistics
_ga Used by Google Analytics to distinguish users 2 years
_gid Used by Google Analytics to distinguish users 1 day
_gat Used by Google Analytics to throttle request rate. 1 minute
dc_gtm_UA-XXX (equivalent to _gat) Google Analytics 1 minute
mf_[session] Cookie for identifying the browser session. Session
mf_user Checking if the user is a new or returning visitor. 90 days
_cfduid Collects and anonymizes End User IP addresses using a one-way hash of certain values so they cannot be personally identified. 30 days
_ga_XXXXXXXXXX Google Analytics 2 years

The legal basis for the usage of these cookies are our legitimate interests in such usage (Art. 6 Abs. 1 lit. f Regulation(EU) 2016/679).

We use cookies to provide a more user-friendly experience. Some elements on our website require the browser to be identified after the user visits different pages on our website. Some functions of our website may not be operational if such cookies are not stored.

Cookies are not stored by us, but by the user on his device. Thus, the user has full control of the cookies stored on his device and may delete them at any time. The user can also control which cookies are stored on his device.

6. Rights of the data subject

Every data subject has a right of access (Art. 15 Regulation(EU) 2016/679), a right to rectification (Art. 16 Regulation(EU) 2016/679), a right to erasure (Art. 17 Regulation (EU) 2016/679), a right to restriction of processing (Art. 18 Regulation(EU) 2016/679), a right to object (Art. 21 Regulation(EU) 2016/679) and a right to data portability (Art. 20 Regulation(EU) 2016/679). The right of access and right to erasure are subject to the restrictions under sections 34 and 35 BDSG. Data subjects also have a right to lodge a complaint with a supervisory authority (Art. 77 Regulation(EU) 2016/679 in conjunction with section 19 BDSG).

You have the right at any time to revoke your consent to the use of your personal data in the future. This also applies to consents that are granted prior to the entry into force of the EU General Data Protection Regulation, i. e., prior to 25 May 2018. Please be advised that the revocation will only take effect in the future. Any processing that was carried out prior to the revocation shall not be affected thereby.

Again, just send an e-mail to the address given in the imprint or contact the Data Security Officer at the address above.

For example if you have provided contact information through the Services and decide that you do not want Miltenyi to use that information for marketing purposes in accordance with this Privacy Statement, you can opt-out of future use at any time by: (i) going to the link provided at the bottom of any email you receive and opting out of receiving future information; or (ii) by sending us an email at macs@miltenyibiotec.de. Please note that you may not be able to opt out of emails about your transactions and relationship with us, such as emails regarding your account, requests or inquiries, and purchases of products and/or services.

7. Information on the right to object under Art. 21 Regulation (EU) 2016/679

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on a task carried out in the public interest (Art. 6 (1) e) Regulation (EU) 2016/679) or on legitimate interests (Art. 6 (1) f) Regulation (EU) 2016/679), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.