lifespin® Privacy Statement
Status: July 2024
General information
Compliance with data protection laws is not only a legal obligation for lifespin GmbH but also an im- portant factor of trust. With the following data protection provisions, we want to transparently inform you about the type, scope, and purpose of the personal data processed by you, as well as your rights. Personal data refers to all data that can be directly or indirectly assigned to you (or another natural person). We will treat this data confidentially and in accordance with statutory data protection regu- lations. Such legal provisions are, in particular, Regulation (EU) 2016/679 (General Data Protection Regulation "GDPR"), the German Federal Data Protection Act ("BDSG"), and the Telecommunications and Telemedia Data Protection Act ("TTDSG").
This privacy policy is not part of the General Terms and Conditions but serves to inform you in accord- ance with Articles 13 and 14 of the GDPR.Controller/Data Protection Officer Responsibility for Data Processing
lifespin GmbH, Am BioPark 13, 93053 Regensburg, Germany (hereinafter referred to as "we" or "lifespin"), is the controller as defined by Article 4 No. 7 GDPR for the operation of the website https://lifespin.health/de and the provision of the services offered on this website. If you have any questions, you can contact us at the email address info@lifespin.health.
Data Protectin Officer
We hope that this privacy information answers your questions about the processing of your personal data. If you have further questions, you can always reach us at the address above or contact our Data Protection Officer. Our Data Protection Officer is Süddeutsche Datenschutzgesellschaft mbH, Von- Brettreich-Straße 4, 93049 Regensburg, tel: +49 (0) 941 - 38177070, email: verwaltung@sddsg.de.
Categories of Personal Data
We process the following categories of personal data from you or other persons when you – for example, as a (hospital) doctor or patient – use our services and/or visit this website:
- Contact data (name, email address, address, phone number, job title, professional group, age, gender, date of birth, payment information) - Health data (human biological samples, metabolic profiles, information provided on our order form, or metadata transmitted, such as diagnoses, therapies, side effects, dietary and lifestyle habits) - Digital data (generated by your use of our website, such as IP address, browser type and version, time zone setting, user dwell time on a single page, internal path analysis, and/or other parameters related to the user’s operating system and computer environment, browser plug-in types and versions, oper- ating system and platform, and other data transmitted via cookies. These data are collected and used only in aggregated form and are not immediately identifiable; they may be used, among other things, to determine responsibility in the case of hypothetical crimes against the website or at the request of authorities)Purposes and Legal Bases for Data Processing and Legitimate Interests Pursued
We process your data to the extent described below for the respective purposes and on the respective legal basis. Processing may be based on multiple legal bases. Should one of the legal bases cease to apply, for example, because you withdraw your consent or object to the processing of personal data, the processing of your personal data may still be lawful because it is based on another legal basis.
You are not obliged to provide us with your personal data. However, if you decide not to provide us with your data or only provide it in part, you may not be able to use our services or only use them to a limited extent.
Use of Our Website
When you access our website, the following digital data is automatically transmitted to lifespin for technical reasons: the time and date of your visit to the website, your IP address, the type and version of your browser, and the time zone setting. These data are processed for technical reasons to provide our services and to ensure system security and stability. We also use your data to monitor and further develop the proper functioning of the website and the information about its use to ensure that content from the website is displayed as efficiently as possible for you and your device.
Our legitimate interest in processing this data is the provision of the functionalities of our services, their proper execution, and system stability and security. The legal basis is Article 6 (1) lit. f GDPR.Ordering and Use of Our Services
We offer you the opportunity to use our services, such as our analytical and data-analytical services (e.g., Metabolomic Profiling, General Health Assessment, Therapeutic Drug Monitoring, and Amino Acid Profile). When you fill out our order forms and use our services, we process your provided contact data.
We collect these data to provide you with our services. The processing is carried out to fulfill the con- tract with you, Article 6 (1) lit. b GDPR, and, if applicable, based on your consent, Article 6 (1) lit. a GDPR.Evaluation of Human Biological Samples and Digital Health Data
For the purposes of our analytical services, we process your health data, transmitted to us in pseudon- ymized form, if you are a patient or donor.
We retain the human biological samples in our biobank after providing our services, to the extent le- gally permissible.
Digital health data received from you for our services are stored free of charge for twelve (12) months unless different legal obligations apply.
Registration on Our Website
You have the opportunity to register on this website to use additional functions of the website. We use the personal data you enter only for the purpose of using the respective offer or service for which you registered. The information requested during registration must be provided in full. Otherwise, registration is not possible.
We use the email address provided during registration to inform you about important changes to the scope of our portfolio or in the event of technical changes.
We process the data entered during registration to fulfill the contract with you, Article 6 (1) lit. b GDPR, and, if applicable, based on your consent, Article 6 (1) lit. a GDPR.
Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.
Contact Form
We offer an exchange via a contact form on our website. If you send us an inquiry via the contact form, we process your provided contact data to respond to your inquiry. The processing of these data is based on Article 6 (1) lit. b GDPR if your inquiry is related to the fulfill- ment of a contract or necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively processing the inquiries addressed to us, Article 6 (1) lit. f GDPR, or on your consent, Article 6 (1) lit. a GDPR.Communication via Conference Tools
We process your contact data for the purpose of communication with you, including the use of online conference tools. These tools collect all information you provide for using the tools (email address and/or phone number). Additionally, online conference tools process information such as the duration of the conference, start and end (time) of participation in the conference, the number of participants, and other “context information” related to the communication process (metadata).
The external providers of the conference tools also process all technical data necessary for online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and connection type. If contents are exchanged, uploaded, or otherwise provided within the tool, they are also stored on the server of the tool provider. These contents include, among others, cloud recordings, chat/instant messages, voicemail, uploaded photos and videos, files, whiteboards, and other information exchanged during the use of the service.
The legal basis for processing your personal data for communication purposes is Article 6 (1) lit. b GDPR. Furthermore, the use of the tools serves to generally simplify and accelerate communication with us. We have a legitimate interest in data processing, Article 6 (1) lit. f GDPR.
Support Requests
If you send us email inquiries (e.g., regarding support issues or our services) or contact our support by phone, we use the data you provide to process and respond to your inquiry, Article 6 (1) lit. b and lit. f GDPR.
Improvement of Our Services
We process data about your use of our website and services, as well as your contact data if provided during an order or support inquiry, to improve our services. When we use your data for this purpose, we use it in aggregated form (i.e., examine general user patterns using non-identified data) as much as possible. We process the data by creating statistics about how you use our website and services. For example, we may conduct user satisfaction surveys and market research or analyze your use of the services. We also use your information to make the services more user-friendly, e.g., to fix errors or change the user interface so you can easily access the information you are looking for or highlight functions in our services that are frequently used by our users. For this purpose, we may also process your IP address.
The legal basis for processing personal data for this purpose is our legitimate interest in continuously improving our services, Article 6 (1) lit. f GDPR.
Abuse Prevention
Your personal data may also be used to prevent, deter, or investigate misuse of our services or criminal offences against us. Misuse includes, but is not limited to, fraud, spam, harassment, and other legally prohibited actions.
The legal basis for processing personal data for this purpose is our legitimate interest in preventing and investigating the misuse of our services or criminal offences against us, as well as ensuring that your interests, rights, and freedoms that require the protection of your personal data are not overridden (Article 6(1)(f) GDPR).
Compliance with Legal Obligations
We must also process your personal data when legally required to do so, whether by court orders or regulatory decisions.
The purpose of this data processing is to comply with our legal obligations. The legal basis for this is Article 6(1)(c) GDPR.
Cookies
Cookies are small pieces of information that a website stores on your device. Cookies can be "persistent cookies" or "session cookies" from "first-party" or "third-party" sources. This website uses "cookies" to analyse the usage of our website and provide you with the best possible user experience. Your web browser can notify you when you receive a cookie and allow you to decide whether to accept it or not.
Cookies essential for the proper functioning of this website or the services you have requested are always activated and do not require your consent. Other cookies are not strictly necessary and therefore require your consent. For these cookies (i.e., performance cookies), we request your consent (through the "Allow all cookies" button in our cookie banner or through our cookie settings or your browser's cookie settings) before storing them on your device.
If you do not wish to grant consent for non-essential cookies at any time, you must change your settings in the cookie settings or delete and block cookies through your browser settings. However, this may limit functionality or negatively impact the user-friendliness of our website.
When operating this website, we use the following categories of cookies:
Essential Cookies
Essential cookies are necessary for the website to function and cannot be disabled in our systems. They are typically set in response to your actions that amount to a request for services, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not function as a result. These cookies do not store any personally identifiable information.
Performance Cookies
Performance cookies collect information about how visitors use a website, for instance, which pages visitors go to most often, how long they stay on a page, and whether they get error messages from web pages. These cookies do not collect information that identifies you. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
Advertising and Targeting Cookies
These cookies are used to deliver adverts more relevant to you and your interests, as well as to measure the effectiveness of advertising campaigns. Advertising and targeting cookies are stored for a maximum of 13 months.
Sharing Cookies
These cookies are used to enhance the interactivity of our website with other services (e.g., social networks). Sharing cookies are stored for a maximum of 13 months.
Legal Basis
The legal basis for cookies that are essential to provide you with the service you expressly requested is Article 6(1)(f) GDPR and § 25(2) No. 2 of the Telecommunications Telemedia Data Protection Act (TTDSG). Our legitimate interest lies in providing you with information on the internet.
Any use of cookies that are not technically necessary constitutes data processing that is only permissible with your explicit and active consent (Article 6(1)(a) GDPR and § 25(1) TTDSG). This particularly applies to the use of performance, advertising, targeting, or sharing cookies. Furthermore, we will only disclose your personal data processed through cookies to third parties if you have given explicit con- sent in accordance with Article 6(1)(a) GDPR.
Third-Party Cookies and Plugins
On our website, we use services or software from third parties, such as for advertising analysis. These services may store cookies on your device. Third-party services used by this website include:
- Google services such as Google Analytics, Google Ads, Google Tag Manager, and Google Remarketing
- Microsoft Clarity
- LinkedIn
- YouTube
Our website contains links to our own profiles on social networks such as LinkedIn and other platforms. The respective privacy policies apply to these.
For specific content on our website, we embed content from third parties (so-called plugins), such as videos from YouTube. The respective third parties are responsible for providing the plugins. The specific plugin providers are indicated on our website in direct connection with the relevant content.
We do not accept responsibility for the processing of personal data or the activities or content on third-party websites to which our website provides links. We recommend that you read and be aware of the privacy policy and other policies of any website you visit. Remember that the statements in this privacy policy only apply to the information collected by Lifespin.
The legal basis for data processing associated with the use of web analytics services and plugins is your consent in accordance with Article 6(1)(a) GDPR and § 25(1) TTDSG.
Disclosure of your personal data
Categories of recipients
Your personal data will not be disclosed to unspecified recipients. We will only disclose your personal data to third party recipients to the extent necessary to pursue our legitimate business objectives and as required by applicable law. Your personal data will only be disclosed in accordance with applicable laws and appropriate safeguards will be implemented through contractual agreements to protect your personal data. We only share your data to a limited extent with the following categories of recipients:
- Data processors (Article 28 GDPR) who provide technical services and process personal data on our behalf and under our responsibility, in particular website operators and email providers;- Employees and other staff who need access to the data for their work for us and who process the data under our responsibility;
- Third-party providers that you use to identify you when you log in to your account;
- Third party providers who create plugins on our website, if you have activated them;
- Postal and telecommunications service providers whose services are used to communicate with you;
- Authorities and authorised persons to whom we are obliged to disclose data due to a legal obligation or binding decision;
- Lawyers, tax advisors and other consultants whose services we utilize.
Third Countries
In connection with the use of data processors, your personal data may be transferred to third countries outside the European Economic Area. The same applies if you activate plugins on our website.
We will ensure that data processors or third-party providers are established in a country with an adequate level of data protection or provide appropriate safeguards to protect your personal data (especially in the case of transfers to the United States). If your personal data is transferred to a third country for which no adequacy decision has been issued by the European Commission, lifespin will implement appropriate data transfer mechanisms (such as the EU standard contractual clauses) or other officially authorised data transfer mechanisms for cross-border data transfers to ensure an adequate level of data protection.
If, in addition, a data transfer to third countries is necessary in individual cases (e.g. because you live outside the European Economic Area or maintain your e-mail account with a provider outside the European Economic Area), this will only take place in the cases provided for in Article 49 GDPR.
Storage Duration
We will delete or anonymize your personal data as soon as your data is no longer required for the purposes for which we collected or used your personal data in accordance with the above sections. Your personal data may be retained for longer if required or authorized by applicable laws or regulations. If your personal data is no longer required, it will either be irreversibly anonymized or securely destroyed.
Your Data Protection Rights
Under applicable law and subject to any legal restrictions, you may have the right to request the following from us:
This section describes your rights as a user of our website and services. You can exercise these rights at any time by contacting our Data Protection Officer or us, for example by email at info@lifespin.health
Right to Withdrawal
You have the right to withdraw your consent at any time. Withdrawing your consent does not affect the legitimacy of the processing carried out on the basis of the consent until the withdrawal, Article 7 (3) GDPR.
Right to Access
You have the right to obtain information from us at any time upon request about the personal data relating to you that we process within the scope of Article 15 GDPR. To assert your aforementioned right, please contact us at the address given above. The information will then be provided in the form of an extract stating which personal data we process, the purposes for which we process the data, where the data comes from, to which third parties the data has been transferred and how long the data will be stored.
Right to Rectification
You have the right to request that we rectify your personal data without undue delay if it is incorrect. To do so, please contact us at the contact address given above, Article 16 GDPR.
Right to Erasure
You have the right to obtain from us the erasure of your personal data under the conditions described in Article 17 GDPR. In particular, these conditions provide for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an obligation to erase under Union law or the law of the Member State to which we are subject. To assert your aforementioned right, please contact us at the address given above.
Right to Restriction of Processing
You have the right to obtain from us restriction of processing in accordance with Article 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between you and us, for the period required to verify the accuracy, as well as if you request restricted processing instead of deletion in the case of an existing right to deletion; furthermore, in the event that the data is no longer required for the purposes pursued by us, but you need it for the assertion, exercise or defense of legal claims and if the successful exercise of an objection between us and you is still disputed. To exercise your above right, please contact us at the address given above.
Right to Object
In accordance with Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data relating to you which is based, inter alia, on Article 6(1)(e) or (f) GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate interests for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
You also have the same right in the case of direct advertising, without the need for special reasons. In this case, we will cease processing your personal data for direct marketing in any case upon your ob- jection
Right to Data Portability
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format in accordance with Article 20 GDPR. To assert your above right, please contact us at the address given above.
Right to Lodge a Complaint with a Supervisory Authority
If you have any questions or complaints about the processing of your personal data, you can contact us at any time. You also have the right to lodge a complaint with the competent supervisory authority, Article 77 GDPR.
Status and Changs
We may need to update or amend the privacy policy from time to time. If the changes are significant, we will inform you in an appropriate manner and ask you to take note of the changes made. The latest version of the privacy policy is always available on our website.