s

Sartorius Commitment to Data Privacy Protection

The protection and security of your personal data is important to the Sartorius (find list of its affiliated companies here). Therefore, Sartorius processes personal data in compliance with applicable laws on data protection and data security.

Responsible for the processing of your data is:

Sartorius AG
Otto-Brenner-Straße 20
37079 Göttingen
Germany
Phone:  +49 551 308 – 0
Email:   info@sartorius.com

​​​​​​2.1. Categories of personal data processed, purpose of the processing and legal basis 

When visiting a Sartorius website or application (each a Sartorius Online Offering), Sartorius may process the following personal data about you:

  • Information that is automatically sent to us by your web browser or device, such as your IP-address, device type, browser type, referring site, sites accessed during your visit, the date and time of each visitor request;
  • Personal data that you actively and voluntarily provide (e.g., when registering, contacting us with your inquiries or participating in surveys etc.), such as name, e-mail address, telephone number, information submitted as part of a support request etc.; and
  • Personal data that you voluntarily may be creating or uploading within files of different formats (images, videos, Excel, Word, pdf, other).

Sartorius processes your personal data for the following purposes:

  • To provide, improve, and develop the Sartorius Online Offerings services and functions and to administer your use of these offerings;
  • To create and maintain a trusted and safer environment, such as to verify or authenticate information or identifications provided by you, to conduct security investigations and risk assessments;
  • To answer and fulfil your specific requests;
  • To process your job applications;
  • To send you marketing information or to contact you in the context of customer satisfaction surveys;
  • To provide, personalize, measure, and improve our advertising and marketing; and
  • As reasonably necessary to enforce our General Terms and Conditions, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on Sartorius information technology systems.

The legal basis for Sartorius processing your personal data may be:

  • Your Consent to us using the personal details you provide to carry out the purposes  identified to you in accordance with this Notice (Art. 6 (1) (a) GDPR),
  • Sartorius exercising its rights and performing its obligations in connection with any contract Sartorius makes with you (Art. 6 (1) (b) GDPR),
  • Compliance with Sartorius’s legal obligations (Art. 6 (1) (c) GDPR), and/or
  • Legitimate interests pursued by Sartorius (Art. 6 (1) (f) GDPR). Generally the legitimate interest pursued by Sartorius in relation to our use of your personal data is the efficient operation, management and support of the Sartorius Online Offerings.

2.2. Cookies

In the context of Sartorius Online Offerings, cookies and tracking mechanisms (“Cookies”) may be used.

On accessing Sartorius Online Offerings the user is notified of the use of cookies and has the opportunity to deselect individual cookies in the banner, except for the session cookies which are required for operation. The default setting for cookies is to accept them. This setting obtains your consent to process the personal data used in this connection before the processing starts. For reasons based on your particular situation, you have the right to object to the processing of your personal data at any time.

You can find further information about the use of cookies by Sartorius in our Cookie Notice.

2.3. Wistia

Sartorius websites use the video hosting service Wistia for delivery of multimedia content. Wistia is a service of Wistia, Inc., 17 Tudor Street, Cambridge, MA 02139, USA.

If you access a corresponding page of our offer, the embedded Wistia player will establish a connection to Wistia so that the video or audio file can be transmitted and played. In the process, data are also transmitted to Wistia as the responsible body. If Wistia processes personal data for the provision of its services, the nature and extent of the processing are communicated in its own privacy policy. Sartorius uses a special mode of the video player ("privacy mode") which only collects anonymised use data, avoids session and cookie tracking and anonymises the user's IP address. You can find further information concerning the extent and purpose of the collected data at: http://wistia.com/support/account/gdpr#privacy-mode-for-our-video-player.

2.4. External links

Sartorius Online Offerings can contain links to the websites of third parties − to providers who are not affiliated with us. After you click the link, we no longer have any influence on the collection, processing and utilization of any personal data that is transferred to third parties after clicking the link (for example, the IP address or the URL of the site on which the link is located), as our control of the conduct of third parties is then naturally withdrawn. We assume no responsibility for the processing of this kind of personal data by third parties.

In the context of your business relationship with Sartorius, Sartorius may process the following categories of personal data of contact persons at (prospective) customers, suppliers, vendors and partners (each a “Business Partner”): 

  • Contact information (such as full name, work address, work telephone number, work mobile phone number, work fax number and work email address); 
  • Payment data (such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information); 
  • Further information necessarily processed in a project or contractual relationship with Sartorius or voluntarily provided by the Business Partner, such as personal data relating to orders placed, payments made, requests, and project milestones; 
  • Personal data collected from publicly available resources, integrity data bases and credit agencies; and
  • If legally required for Business Partner compliance screenings: date of birth, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings against Business Partners.

Sartorius may process the personal data for the following purposes:

  • Communicating with Business Partners about products, services and projects of Sartorius or Business Partners, e.g. by responding to inquiries or requests or providing you with technical information about purchased products;
  • Planning, performing and managing the (contractual) relationship with Business Partners; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services;
  • Administrating and performing marketing campaigns, market analysis, sweepstakes, contests, or other promotional activities or events;
  • Conducting direct marketing activities; 
  • Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities; 
  • Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, Business Partner compliance screening obligations (to prevent white-collar or money laundering crimes), and Sartorius policies or industry standards; and
  • Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.

The legal basis for Sartorius processing data about you is that such processing is necessary for the purposes of:

  • Sartorius exercising its rights and performing its obligations in connection with any contract Sartorius makes with you (Art. 6 (1) (b) GDPR),
  • Compliance with legal obligations of Sartorius (Art. 6 (1) (c) GDPR), and/or
  • Legitimate interests pursued by Sartorius (Art. 6 (1) (f) GDPR).  

Generally the legitimate interest pursued by Sartorius in relation to our use of your personal data is the efficient performance or management of our business relationship with you.

In some cases, Sartorius may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for Sartorius processing that data about you may (in addition or instead) be that you have consented (Art. 6 (1) (a) GDPR).

4.1. Categories of personal data processed, purpose of the processing and legal basis

Where and as permitted under applicable law, Sartorius may process your contact information for direct marketing purposes concerning Sartorius products and services (e.g. event invitations, newsletters), also by e-mail.

Where consented to receiving Sartorius marketing information on the basis of your personal interests, Sartorius will determine your personal interests by storing information about your visits on Sartorius websites with the help of cookies. This information may include viewed articles, downloaded documents and date and time of access (“Usage Data”) and will be stored in a personal user profile. Information on whether and when you opened a marketing e-mail Sartorius sent to you will also be added to the profile; Sartorius receives this information by calling up small images embedded in the e-mail (known as web beacons).

Moreover, the following information that you provided directly on the Sartorius website or, if applicable, that is stored in Sartorius Customer Relationship Management systems will be added to your profile:

  • Personal contact data (e.g. name, title, company, function/role, country, telephone number);
  • Information about the company you work for (e.g. address, industry and other publicly available information).

The data described in the preceding paragraph (“Data”) will be used by Sartorius to send you marketing content (e.g. newsletters, invitations to events and trade fairs etc.) concerning products and services that are of interest to you. In addition the Data will be used by Sartorius sales personnel to submit offers to you and to be able to support you / your company in the best possible way.

Your data will be deleted from the marketing automation system of Sartorius AG if it is no longer needed for marketing purposes or if you have revoked your consent.

4.2. Data Transfer

Sartorius AG may transfer your Data for the above-mentioned purposes to its Affiliated Companies listed here. The provider of Sartorius’ marketing automation platform also has the technical ability to access your Data.

​​​​​​​4.3. Withdrawal of your consent

You have the right to revoke your consent at any time with effect for the future, for example with the "Cancel my subscription" link in e-mails.

For the purposes mentioned above Sartorius may transfer or disclose your personal data to:

  • Other companies of the Sartorius Group or third parties in the context of your usage of Sartorius Online Offerings or our business relationship with you;
  • Third parties which provide IT services to Sartorius and which process such data only for the purpose of such services (e.g., hosting or IT maintenance and support services); and/or
  • Third parties in connection with complying with legal obligations or establishing, exercising or defending rights or claims (e.g., for court and arbitration proceedings, to law enforcement authorities and regulators, to attorneys and consultants).

Sometimes the recipients to whom Sartorius transfers or discloses your personal data are located in countries in which applicable laws do not offer the same level of data protection as the laws of your home country.

In such cases, if required by applicable law, Sartorius takes measures to implement appropriate and suitable safeguards for the protection of your personal data. Thus, Sartorius transfers personal data to external recipients in third countries only if the recipient has entered into EU Standard Contractual Clauses with Sartorius, implemented Binding Corporate Rules in its organization or – in case of US recipients – the recipient is certified under the Privacy Shield.

Sartorius erases your personal data if the retention of that personal data is no longer necessary for the purposes for which they were collected or otherwise processed, or to comply with legal obligations (such as retention obligations under tax or commercial laws).

In case you declared your consent for the processing of certain personal data by Sartorius, you have the right to withdraw the consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. If the consent is withdrawn, Sartorius may only further process the personal data where there is another legal basis for the processing. 

Under applicable data protection law you may have the right to:

  • Obtain confirmation from Sartorius as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data;
  • Obtain from Sartorius the rectification of inaccurate personal data concerning you;
  • Obtain from Sartorius the erasure of your personal data;
  • Obtain from Sartorius restriction of processing regarding your personal data;
  • Data portability concerning personal data, which you actively provided;
  • Object, on grounds relating to your particular situation, to processing of personal data concerning you; and
  • Complain to a government supervisory authority (e.g. to the State Data Protection Officer for Lower Saxony, Germany) regarding our processing of your data.

If you have questions about processing of your personal data, you can contact our Data Protection Officer and his team, who are also available for requests for information, applications or complaints:

Sartorius Corporate Administration GmbH
Data Protection Officer
Otto-Brenner-Straße 20
37079 Göttingen
Germany
Email:   datenschutz@Sartorius.com
              dataprotection@Sartorius.com

Sartorius may update this Data Privacy Notice from time to time to reflect, for example, changes to the cookies Sartorius uses or for other operational, legal or regulatory reasons.