Mobile search icon
Eurofins Deutschland >> BioPharma Product Testing >> Data protection

Information about the collection and processing of your personal data 

Care and transparency is the basis for a trusting cooperation with our customers. We therefore inform you about how we process your data and how you can exercise the rights to which you are entitled under the General Data Protection Regulation. Which personal data we process and for what purpose depends on the respective contractual relationship.

1. Who is responsible for data processing? 

The responsible party is the respective Eurofins entity with which you have concluded a contract:

  • Eurofins BioPharma Product Testing Munich GmbH
  • Eurofins BioPharma Product Testing Hamburg GmbH
  • Eurofins BioPharma Services Holding Germany
  • Eurofins Professional Scientific Services Germany GmbH
  • Eurofins PHAST GmbH
  • PHAST Development GmbH & Co. KG
  • PHAST Development Verwaltungs GmbH
  • Eurofins NBLSC BioPharma Product Testing Germany GmbH
  • Eurofins BioPharma Medical Device Munich GmbH

2. How do you reach the Data Protection Officer? 

You can reach our data protection officer at:

Matthias Stumpf
Am Neuländer Gewerbepark 1
21079 Hamburg
Mobile: +49 160 626 56 98
E-Mail: Matthias.Stumpf@sc.eurofinseu.com

3. Which of your personal data do we use? 

If you have an enquiry, have us prepare an offer or conclude a contract with us, we process your personal data. In addition, we also process your personal data, among other things, to fulfil legal obligations, to protect a legitimate interest or on the basis of consent given by you.

Depending on the legal basis, this involves the following categories of personal data: 

  • First name, last name
  • Address
  • Communication data (telephone, e-mail address)
  • Date of birth
  • Nationality
  • Contract master data, in particular contract number, term, period of notice, type of contract
  • Billing data/turnover data
  • Payment data/account information
  • Account information, especially registration and logins
  • Customer group/interest
  • Customer number
  • Contact history
  • Appointment data
  • Occupation data

In the course of initiating a contract, we also make use of data provided to us by third parties. Depending on the type of contract, this involves the following categories of personal data: 

  • Information on creditworthiness (via credit agencies) 

4 What are the sources of the data? 

We process personal data that we receive from our customers, service providers and suppliers. 

or/and 

We receive personal data from the following: 

  • Credit agencies
  • Publicly accessible sources: Commercial register or register of associations 

In addition, data is collected and stored on our website for marketing and optimisation purposes using technologies from the company Mailchimp (www.mailchimp.com). From this data, user profiles are created under a pseudonym. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the site visitor's internet browser. The cookies enable the recognition of the internet browser. The data collected with the Mailchimp technologies will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym. The collection and storage of data can be objected to at any time with effect for the future.

5. For what purposes do we process your data and on what legal basis? 

We process your personal data in particular in compliance with the General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG) as well as all other relevant laws. 

5.1 Based on consent given by you (Art. 6 para. 1 a DSGVO)

If you have given us your voluntary consent to the collection, processing or transmission of certain personal data, then this consent forms the legal basis for the processing of this data. 

In the following cases, we process your personal data on the basis of consent given by you: 

  • sending e-mail newsletters
  • personalised newsletter tracking
  • market research (e.g. customer satisfaction surveys)
  • publication of a customer reference (name and picture)

5.2 For the performance of a contract (Art.6 para. 1 b DSGVO)

Eurofins offers comprehensive analytical and consulting services in the areas of food, pharmaceuticals, environment, product testing, agroscience and clinical diagnostics for the determination of the safety, identity, composition, authenticity, origin and purity of biological substances and products as well as for clinical diagnostics.

5.3 To fulfil legal obligations (Art. 6 para. 1 c DSGVO) or in the public interest (Art. 6 para. 1 e DSGVO).

As a company, we are subject to various legal obligations. Processing of personal data may be necessary to comply with these obligations. 

  • Control and reporting obligations
  • Documentation obligations based on ISO17025 and/or the German Medicines Act. 

5.4 On the basis of a legitimate interest (Art. 6 para. 1 f DSGVO)

In certain cases, we process your data to protect a legitimate interest of us or third parties. 

  • Direct advertising or market and opinion research
  • Central customer data management within the group
  • Measures for building and plant security
  • Video surveillance to protect the right of access to the premises
  • Consultation of and data exchange with credit agencies to determine creditworthiness or default risks
  • Ensuring IT security and IT operations

6. To whom is your data disclosed? 

In order to fulfil our contractual and legal obligations, your personal data will be disclosed to various public or internal bodies, as well as external service providers. 

Intra-group service providers:

  • Eurofins BioPharma Product Testing Munich GmbH
  • Eurofins BioPharma Product Testing Hamburg GmbH
  • Eurofins BioPharma Services Holding Germany
  • Eurofins Professional Scientific Services Germany GmbH
  • Eurofins PHAST GmbH
  • PHAST Development GmbH & Co. KG
  • PHAST Development Verwaltungs GmbH
  • Eurofins NBLSC BioPharma Product Testing Germany GmbH
  • Eurofins BioPharma Medical Device Munich GmbH

External service providers:

  • Internet and IT service providers (e.g. maintenance service providers, hosting service providers)
  • Service providers for file and data destruction
  • Telecommunications
  • Payment service providers
  • Advice and consulting
  • Credit agencies
  • Web hosting service providers
  • Auditors

 Public authorities:

In addition, we may be obliged to transmit your personal data to further recipients, such as public authorities for the fulfilment of legal notification obligations.

  • Financial authorities
  • Customs authorities
  • Social security authorities

If you have any further questions about the individual recipients, please contact us at: info-munich@bpt.eurofinseu.com

7. Will your data be transferred to countries outside the European Union (so-called third countries)? 

Countries outside the European Union (and the European Economic Area "EEA") handle the protection of personal data differently than countries within the European Union. We also use service providers located in third countries outside the European Union to process your data. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection. 

We have therefore taken special measures to ensure that your data is processed in the third countries as securely as within the European Union. With service providers in third countries, we conclude standard data protection clauses provided by the Commission of the European Union. These clauses provide appropriate safeguards for the protection of your data with third country service providers. 

If you wish to inspect the existing guarantees, you can contact us at info-munich@bpt.eurofinseu.com.

8. How long will your data be stored?

We store your personal data as long as it is necessary for the fulfilment of our legal and contractual obligations. 

Should storage of the data no longer be necessary for the fulfilment of contractual or legal obligations, your data will be deleted unless its further processing is necessary for the following purposes: 

  • Retention obligations based on ISO17025 and/or the German Medicines Act.
  • Fulfilment of retention obligations under commercial and tax law. These include retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO).
  • Preservation of evidence within the framework of the statutory limitation provisions. According to the statutes of limitation of the German Civil Code (BGB), these statutes of limitation can be up to 30 years in some cases; the regular statute of limitations is three years. 

9. What rights do you have in connection with the processing of your data? 

Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR. With regard to the right to information and the right to erasure, the restrictions according to §§ 34 and 35 BDSG apply. 

9.1 Right of objection

You may object to the use of your data for advertising purposes at any time without incurring any costs other than the transmission costs according to the basic rates.

9.2 Revocation of consent

You can revoke your consent to the processing of personal data at any time.
revoke it. Please note that the revocation is only effective for the future. 

What right do you have in the case of data processing based on your legitimate or public interest?

Pursuant to Article 21(1) of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) of the GDPR (data processing in the public interest) or on the basis of Article 6(1)(f) of the GDPR (data processing for the purposes of safeguarding a legitimate interest); this also applies to profiling based on this provision.

In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. 

What right do you have in the event of data processing for direct marketing purposes?

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing in accordance with Article 21(2) of the Data Protection Regulation; this also applies to profiling insofar as it is associated with such direct marketing.

In the event of your objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes. 

9.3 Right to information

You can request information about whether we have stored personal data about you. If you wish, we will tell you what the data is, the purposes for which the data is processed, to whom the data is disclosed, how long the data is stored and what other rights you have in relation to this data. 

9.4 Further rights

You also have the right to have incorrect data corrected or to have your data deleted. If there is no reason for us to continue storing your data, we will delete it, otherwise we will restrict the processing. You may also request that we provide any personal data you have provided to us in a structured, commonly used and machine-readable format either to you or to a person or company of your choice. 

In addition, you have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 DSGVO in conjunction with Section 19 BDSG). 

9.5 Exercising your rights

To exercise your rights, you can contact the data controller or the data protection officer using the contact details provided. We will process your requests promptly and in accordance with the legal requirements and inform you of the measures we have taken. 10.

10. Is there an obligation to provide your personal data? 

In order to enter into a business relationship, you must provide us with the personal data that is required for the implementation of the contractual relationship or that we are obliged to collect due to legal requirements. If you do not provide us with this data, then it will not be possible for us to carry out and process the contractual relationship.

11. Changes to this information 

Should the purpose or the manner of processing your personal data change significantly, we will update this information in good time and inform you of the changes in good time.