Privacy Policy

An extended version of our privacy policy (with emphasis on the 3rd party providers we use) can be found here https://labforward.io/privacy-policy-extended/

 

Table of Content

1. Identity of Labforward
2. What information do we collect?
3. What do we use your information for?
4. Legal basis
5. How do we protect your information?
6. Do we disclose any information to outside parties?
7. Third party links
8. Where do we store the information?
9. Access, data portability, migration, and transfer back assistance
10. Request for rectification, restriction or erasure of the personal data
11. Data retention
12. Accountability
13. Cooperation
14. Your consent
15. Changes to our privacy policy
16. Complaint
17. Contact details of the data protection officer

Your privacy is important to labforward GmbH (“Labforward”). This Privacy Policy covers what we collect and how we use, disclose, transfer and store your information.

__________________________________________________________________________________________________________________________________________

1. Identity of Labforward

If there are any questions regarding this Privacy Policy you may contact us using the information below.

labforward GmbH (previously labfolder GmbH)
Elsenstrasse 106
12435 Berlin
Germany
Company registered at Amtsgericht Charlottenburg – HRB 149204 B

You may submit inquiries regarding personal data protection, privacy and security matters to our Data Protection Officer by emailing dataprotection@labforward.io.

__________________________________________________________________________________________________________________________________________

2. What information do we collect?

If you choose to visit, register on our website, or use our software (“Service”), the following categories of data to and on behalf of you will be processed:

“Cookie configuration data”

Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser that enables the sites or service providers systems to recognize your browser and capture and remember certain information. Cookies help us to make your website visit easier, more comfortable, more informative, and useful.

When you first visit our website, you will be asked to review our Cookie declaration, and then either accept or reject our cookies. We collect your input through our cookie consent manager (“Cookiebot”).

Our cookie declaration gets updated every month and can be reviewed at https://labforward.io/cookies/. You can also withdraw your consent at any time on the same page.

“Website visitor data”

If you choose to accept cookies on our website, the following information will be temporarily stored:

Your IP address, which will never be linked to other personal user information. IP addresses will be anonymised to make any assignment of IP address data to user data impossible (IP masking).
Your language preferences your location (country & city)
Which pages on Labforward you visit
How long you stay on each visited page
Whether you have been to this page before
Your device and operating system settings (browser type, operating system, service provider, screen resolution)
Date and time of server requests
Referrer-URL (previously visited web page)

“Account data”

If you choose to register for an account of our Service, place an order, subscribe to our newsletter or contact us via email or contact form, basic contact details are collected such as:

E-mail address
Name of your contact person
Job title
Gender
Company name
Address
Phone number
VAT number
Preferred language and currency
Timezone
Any purchase order number
Any e-mail address of invoice receivers
Masked credit card or bank account details

You will be informed by Labforward about important changes concerning the Service, such as the implementation of additional functions, by e-mail, if you are a Labforward user or subscribe to Labforward newsletter.

“System data”

If you choose to register for and use our Service, you will be automatically generating system data related to the usage of Labforward’s Service. These are being collected for statistical information and to provide smooth functionality of our Service. These collected data include:

Duration of membership/registration
Number of uploaded files
Number of entries
Number of group entries
Last date of activity on Labforward
Further statistical data, if applicable.

“File and content data”

If you choose to register for and use our Service, you may be creating content or upload files of different formats (Excel, Word, pdf, other). Labforward and its employees do not have viewing rights to the content of any data or files that you enter, upload, download, administer, or handle in any other way within the Service provided by Labforward. Exceptions will be made only with your explicit consent or after your explicit request, or after you explicitly granted access to your content by publication of your data.

__________________________________________________________________________________________________________________________________________

3. What do we use your information for?

Any of the information we collect from you may be used for one or more of the following purposes:

3.1. To personalize your experience (the information will help Labforward better respond to your individual needs);

3.2. To improve our website (Labforward continually strives to improve our website offerings based on the information and feedback we receive from our customers);

3.3. To identify you as a contracting party; and for fulfilling the contract with you;

3.4. To enable secure login to and secure usage of our Service;

3.5. To establish a primary channel of communication with you;

3.6. To enable Labforward to issue valid invoices and to process transactions;

3.7. To send periodic e-mails (The e-mail address you provide, may be used to send you information and updates pertaining to your order (if relevant), in addition to receiving occasional newsletters (if accepted), company news, updates, related product or service information, etc.)

If at any time you would like to unsubscribe from receiving newsletters, you can unsubscribe via a link at the bottom of each newsletter.

__________________________________________________________________________________________________________________________________________

4. Legal basis

4.1. EU General Data Protection Regulation (GDPR)

The processing of your data is either based

on your consent,
on the necessity of the data for the performance of a contract to which you are a party,
on the necessity to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).

If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information in clause 1.

In order to enter into a contract regarding the use of Labforward’s Service, you must provide us with the required personal data. If you do not to provide us with all the required information, we will not be able to deliver the Service.

4.2. California Online Privacy Protection Act Compliance

Because Labforward values your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute any personal information to outside parties without your consent except as stated in clause 6.

4.3. Children’s Online Privacy Protection

Labforward will not intentionally collect any information from anyone under 16 years of age. Our website, products and services are all directed at people who are at least 16 years old or older.

__________________________________________________________________________________________________________________________________________

5. How do we protect your information?

Labforward implements the following technical, physical and organizational measures to maintain the safety of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access and against all other unlawful forms of processing.

5.1. Availability

The Service utilizes the extensive features of the cloud environment to ensure high availability, like full redundancy, load balancing, automatic capacity scaling, automated data backup with a traffic manager for automatic geographical failover on datacenter level disasters. All failover mechanisms are fully automated.

No personal data is stored permanently outside Labforward’s cloud platforms. The physical security is thereby maintained by Labforward’s subcontractors, see clause 6.

5.2. Integrity

To ensure integrity, all data transits are encrypted to align with best practices for protecting confidentiality and data integrity. For data in transit, the Service uses industry-standard transport protocols between devices and datacenters and within datacenters themselves.

All supplied credit card information is transmitted via TLS (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those who are authorized to access such systems and who are required to keep the information confidential.

Nonetheless, we cannot guarantee that transmissions of your credit or debit card account information or your other information will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by Labforward or our third-party service providers.

5.3. Confidentiality

All Labforward personnel are subject to full confidentiality and any subcontractors and subprocessors are required to agree to confidentiality in the agreement between the parties.

5.4. Transparency

Labforward will at all times keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used.

5.5. The ability to intervene

Labforward enables your rights of access, rectification, erasure, blocking and objection, by offering the option to send instructions through Labforward’s Data Protection Officer (dataprotection@labforward.io), and also by informing about and offering the customer the possibility of objection when Labforward is planning to implement changes to relevant practices and policies.

5.6. Monitoring

System performance and availability is monitored from both internal and external monitoring services. Administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made.

5.7. Personal Data breach notification

In the event that any personal data is compromised, Labforward will notify competent Supervisory Authority(ies) within 72 hours of becoming aware of the event, by e-mail with information about the extent of the breach, affected data, any impact on the Service and Labforward’s action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.

In the event the personal data breach is likely to result in a high risk to your rights and freedoms, Labforward shall communicate the personal data breach to you via e-mail without undue delay.

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of the Service.

5.8 Keeping your information secure

You play an important role in keeping your information secure. You should not share your user name, password, or other security information for your Labforward account with anyone. If we receive instructions using your user name and password, we will consider that you have authorized the instructions.

If you have reason to believe that your interaction with us is no longer secure (e.g., if you feel that the security of any account you might have with us has been compromised), please contact us immediately.

Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third-party access, or other causes beyond our control.

__________________________________________________________________________________________________________________________________________

6. Do we disclose any information to outside parties?

Labforward does not sell, trade or otherwise transfer to outside parties any personally identifiable information.

This does not include trusted third parties or subcontractors who assist us in operating our website, conducting our business, or servicing you. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.

We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety. Furthermore, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

6.1 Legally required disclosure

Labforward will not disclose the customer’s data to law enforcement except when instructed by you or where it is required by law. When governments make a lawful demand for customer data from Labforward, Labforward strives to limit the disclosure. Labforward will only release specific data mandated by the relevant legal demand.

If compelled to disclose your data, Labforward will promptly notify you and provide a copy of the demand unless legally prohibited from doing so.

__________________________________________________________________________________________________________________________________________

7. Third party links

Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our website and welcome any feedback about these websites.

__________________________________________________________________________________________________________________________________________

8. Where do we store the information?

No stored data will be transferred, backed up and/or recovered by Labforward outside of the European Union. Labforward also requires its subcontractors and subprocessors to either store data in the European Union, or to adhere to the European Commission’s updated Standard Contractual clauses (SCCs).

8.1. Account data location

Labforward stores Account data, System data and File Data associated with its Service in databases and file repositories hosted in an Amazon Web Services data center in Germany. Databases are backed up every day with a retention period of 30 days. Backups are stored on file storage at the same geographical location as the database.

8.2. Installation of software on cloud customer’s system

No installation of software is required to use the Service. The login-protected Service is accessible through the latest versions of Firefox, Chrome, Safari and Edge, automatically using an encrypted https-connection for all communications between your browser and Labforward’s server to protect any data from being intercepted during network transfers.

__________________________________________________________________________________________________________________________________________

9. Access, data portability, migration, and transfer back assistance

You may at any time obtain confirmation from Labforward as to whether or not personal data concerning you are being processed.
You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered within 28 days of the receipt of the request by Labforward as spreadsheet files in CSV-format. Labforward reserves the right to charge for any excessively repeated requests.

__________________________________________________________________________________________________________________________________________

10. Request for rectification, restriction or erasure of the personal data

10.1. Rectification

You may at any time obtain without undue delay rectification of inaccurate personal data concerning you, cf. clause 5.5.

10.2. Restriction of processing personal data

You may at any time request Labforward to restrict the processing of personal data when one of the following applies:

a. if you contest the accuracy of the personal data, for a period enabling Labforward to verify the accuracy of the personal data;

b. if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or

c. if Labforward no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.

10.3. Erasure

You may without undue delay request the erasure of personal data concerning you, and Labforward shall erase the personal data without undue delay when one of the following applies:

a. if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

b. if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;

c. if you object to the processing in case the processing is for direct marketing purposes;

d. if the personal data have been unlawfully processed; or

e. if the personal data have to be erased for compliance with a legal obligation in EU or national law.

__________________________________________________________________________________________________________________________________________

11. Data retention

Cookie configuration data and Website visitor data will be retained as per our cookie declaration. Consent can be withdrawn at any time.

Personal Data which is no longer necessary for retention will be deleted or anonymised without undue delay if requested by the data subject or when identified by Labforward during a quarterly data retention audit. Data is considered to be not necessary for retention if:

There is no legal requirement to retain the data (ex. Tax law)
A contract has been completed or cannot be performed anymore
A created account of Labforward’s Service has been deleted
The data is no longer up to date

You can delete all your Labforward user profile and its associated private data any time by using the respective option in your account settings or by contacting us via https://labforward.io/contact/. After deleting your account data, usage of our services will not be possible with the respective account.

Please note that for scientific data integrity purposes, that shared content and file data that has been created in the context of a group can only be deleted with the permission of the group administrator.

__________________________________________________________________________________________________________________________________________

12. Accountability

Labforward uses the extensive range of built-in logging features and audits trails provided by third party platforms. Labforward also logs all system updates, configuration changes and access to provide an audit-trail if unauthorized or accidental changes are made.

__________________________________________________________________________________________________________________________________________

13. Cooperation

Labforward will cooperate with you in order to ensure compliance with applicable data protection provisions, e.g. to enable you to effectively guarantee the exercise of data subjects’ rights (right of access, rectification, erasure, blocking, opposition), to manage incidents including forensic analysis in case of security breach.

__________________________________________________________________________________________________________________________________________

14. Your consent

By using our site and/or our Service, you consent to this Privacy Policy.

__________________________________________________________________________________________________________________________________________

15. Changes to our Privacy Policy

If we decide to change our Privacy Policy, we will post those changes on this page, and/or update the Privacy Policy modification date below.

This Privacy Policy was last modified in July 2024.

__________________________________________________________________________________________________________________________________________

16. Complaint

You may at any time lodge a complaint with the Berlin commissioner for data protection and freedom of information regarding Labforward’s collection and processing of your personal data.

__________________________________________________________________________________________________________________________________________

17. Contact details of the data protection officer

The data protection officer of the person responsible is:

DataCo GmbH

Dachauer Straße 65

80335 München

Deutschland

+49 89 7400 45840

www.dataguard.de