As website operator CYTENA GmbH is committed to ensuring the security and protection of the
The definition of used technical terms (such as “personal data” and “processing”) can be found invArticle 4 of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”).
Per Article 4 No. 1 of the GDPR, “processing” refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.
1) Contact details of the responsible person
The person responsible for data processing on this website within the meaning of the GDPR is
79106 Freiburg, Germany
Tel.: +49 761 21 63 2000
E-Mail: [email protected]
The person responsible for processing personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.
2) Data Acquisition when visiting our website
The use of our homepage does not depend on the user providing personal data.
We only process personal data of our users if this is necessary to provide a functional website as well as our contents and services. The use of personal data only takes place after obtaining consent of the user (Article 6 Section 1 a) of the GDPR) with the exception of cases where previous consent for practical reasons cannot be obtained and the data processing follows current regulations. We would like to point out that security gaps can occur during data exchange via internet (e.g. communication by e-mail). A complete protection of data against third persons is not possible.
3) SSL encrypting
We use SSL encryption to protect your data transmitted via our online offer. You can recognize such encrypted connections by the prefix https: // in the address line of your browser.
5) Use of your data for direct marketing purposes
5.1 Subscribing to our e-mail newsletter
If you subscribe to our e-mail newsletter, we will regularly send you information about our company. Your e-mail address is the only mandatory information for sending the newsletter. The provision of further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an e-mail newsletter after you have expressly confirmed that you agree to receive the newsletter. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in the future by clicking on the appropriate link. By activating the confirmation link, you consent to the use of your personal data in accordance with
Art. 6 para. 1 lit. a GDPR.
When you register for the newsletter, we store your IP address entered by the Internet Service
Provider (ISP) as well as the date and time of registration in order to be able to track any possible misuse of your e-mail address at a later point in time. The data collected by us when you register for the newsletter will be used exclusively for the purposes of advertising in the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After you have unsubscribed, your e-mail address will be immediately deleted from our newsletter distribution list unless you have expressly consented to the further use of your data or unless we reserve the right to make further use of your data which is permitted by law and about which we inform you in this declaration.
5.2 Newsletter dispatch via MailChimp
Our e-mail newsletters are sent via the technical service provider The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA
(http://www.mailchimp.com/), to whom we forward the data you provided when registering for the newsletter. This disclosure is made in accordance with Art. 6 Para. 1 lit. f GDPR and serves our legitimate interest in the use of an effective, secure and user-friendly newsletter system.
Please note that your data is usually transferred to a MailChimp server in the USA and stored there.
MailChimp uses this information for the dispatch and statistical evaluation of the newsletter on our behalf. For the evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. This enables us to determine whether a newsletter message has been opened and which links have been clicked. Mailchimp uses web beacons to automatically generate general, non-personal statistics about the response behaviour to newsletter campaigns. On the basis of our justified interest in the statistical evaluation of the newsletter campaigns for the optimisation of communication and the better orientation towards recipient interests, the web beacons in accordance with Art. 6 Para. 1 lit f GDPR also collect and process data of the respective newsletter recipient (e-mail address, time of retrieval, IP address, browser type and operating system). These data allow an individual conclusion to be drawn about the newsletter recipient and are processed by Mailchimp for the automated generation of statistics that show whether a certain recipient has opened a newsletter message.
If you wish to deactivate data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
MailChimp can also use this data in accordance with Art. 6 Para. 1 lit. f GDPR itself on the basis of its own legitimate interest in the needs-based design and optimisation of the service as well as for market research purposes, for example to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
In order to protect your data in the USA, we have concluded a data processing agreement with MailChimp based on the standard contractual clauses of the European Commission to enable the transfer of your personal data to MailChimp. If you are interested, this data processing agreement can be viewed at the following Internet address: https://mailchimp.com/legal/data-processingaddendum/
6) Contact and Sales force contact form
Within the scope of contacting us (e.g. via sales force contact form or e-mail), personal data is collected. Which data is collected in the case of the contact form, is apparent from there. These data are stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request pursuant to Art. 6 Para. 1 lit. f GDPR. If the purpose of your contact is to conclude a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided there are no legal obligations to retain data.
7) Google Analytics
These websites use Google Analytics, a web analysis service from Google Inc. (“Google”). Information about your use of the website is collected, including Browser type and version, operating system used, referrer URL (previously visited page), IP address or date / time of the request. Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analysed. The information generated by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. Because IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or the EEA (European Economic Area) and only transmitted anonymously. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. This transmission takes place on the basis of the EU-U.S. Privacy Shield Agreement. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and internet usage. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is Art. 6 Paragraph 1 Letters a and f GDPR. The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has expired takes place automatically once a month. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookies and relating to your use of the websites (including your IP address) and from processing this data by Google byd ownloading the browser plug-in available under the following link and install. The link is: http://tools.google.com/dlpage/gaoptout Alternatively, you can prevent Google Analytics from collecting data in individual cases by clicking on the link below. This sets an opt-out cookie that prevents the future collection of your data when you visit this website:
Deactivate Google Analytics .
You can get more information from Google at https://policies.google.com/privacy/partners.
We bind the “reCaptcha” function to recognize bots, e.g. for entries in online forms. The behavioral information provided by users (e.g. mouse movements or queries) is evaluated in order to be able to differentiate between people and bots. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://www.google.com/recaptcha/; Data protection declaration:
https://policies.google.com/privacy; Opposition option (opt-out): opt-out plug-in:
https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertisements:
10) Google Maps
We integrate the maps from the “Google Maps” service provided by Google. The processed data may include, in particular, the users’ IP addresses and location data, which, however, are not collected without their consent (usually within the framework of the settings of their mobile devices); Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company:
Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website:
https://cloud.google.com/maps-platform; Data protection declaration:
https://policies.google.com/privacy; Opposition option (opt-out): Opt-out plug-in:
https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertisements:
11) Google Fonts
We integrate the fonts (“Google Fonts”) from the provider Google, whereby the user data is used solely for the purpose of displaying the fonts in the user’s browser. The integration is based on our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their uniform representation and taking into account possible licensing restrictions for their integration.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website: https://fonts.google.com/; Data protection declaration: https://policies.google.com/privacy.
12) Presence in social networks (social media)
We maintain an online presence within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.
We would like to point out that user data can be processed outside of the European Union. This can result in risks for the user, because e.g. the enforcement of user rights could be made more difficult.
Furthermore, the data of the users within social networks are usually processed for market research and advertising purposes. E.g. User profiles are created based on the usage behavior and the resulting interests of the users. The usage profiles can in turn be used to e.g. To place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user’s computer, in which the usage behavior and the interests of the user are stored. Furthermore, data can be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of rights of data subjects, we point out that these can be most effectively asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information. If you still need help, you can contact us.
This is based on legitimate interests after Art. 6 Para. 1 S. 1 lit. f. GDPR.
12.1 Facebook: social network
Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland
Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA
Data protection declaration: https://www.facebook.com/about/privacy
Settings for advertisements: https://www.facebook.com/settings?tab=ads
Additional information on data protection: Agreement on joint processing of personal data on
Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum
Data protection information for Facebook pages: https://www.facebook.com/legal/ terms /
12.2 LinkedIn: social network
Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Data protection declaration: https://www.linkedin.com/legal/privacy-policy
Opposition option (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-optout.
12.3 LinkedIn (Insight Tag)
We also use conversion tracking with LinkedIn Insights Tag, a tool from LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland, on our website. For this purpose, the LinkedIn Insight Tag is integrated on our website and a cookie is placed on your device by LinkedIn. In this way, LinkedIn is informed that you have visited our website, and your IP address is also collected. Timestamps and events such as page views are also saved. This enables us to statistically evaluate the use of our website in order to continuously optimize it. In this way, we find out, for example, which LinkedIn ad or interaction on LinkedIn brought you to our website. This enables us to better control the display of our advertising.
Further information on conversion tracking can be found at https://www.linkedin.com/help/linkedin/answer/67595/linkedin-conversion-trackingubersicht
(link is external). Please note that the data can be stored and processed by LinkedIn so that a connection to the respective user profile is possible and LinkedIn can use the data for its own advertising purposes. You can find more information on this in LinkedIn’s data protection declaration at https://www.linkedin.com/legal/privacy-policy (link is external). You can prevent the analysis of your usage behavior by LinkedIn and the display of interest-based recommendations via https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out (link is external).
12.5 Instagram: social network
We use the technical platform and the services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbor, Dublin 2, Ireland for the information service offered on Instagram https://www.instagram.com/.
We would like to point out that you use this Instagram page and its functions at your own risk. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access parts of the information offered on this page on our website under https://www.cytena.com/.
Collection of personal data
When visiting our Instagram page, Instagram, and thus on the affiliated company Facebook, collects your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Facebook provides more information on this under the following link: https://help.instagram.com/519522125107875?helpref=page_content.
You can find the complete data guidelines of Instagram here: https://help.instagram.com/519522125107875?helpref=page_content
We have no control over data collection and further processing by Instagram. Furthermore, we do not know to what extent, where and for what duration the data is stored, to what extent Instagram and Facebook comply with existing deletion obligations, which evaluations and links are made to the data and to whom the data is passed on. If you would like to prevent Instagram and Facebook from processing personal data you have transmitted to us, please contact us in another way. You can find our full contact details in our imprint on Instagram.
The data collected about you in this context is used by Facebook Ireland Ltd. processed and possibly transferred to countries outside the European Union. What information Instagram / Facebook receives and how it is used is described in general terms by Instagram / Facebook in its data usage guidelines. There you will also find information about contact options for Facebook and the setting options for advertisements. The data usage guidelines are available at the following link: https: //help.instagram.com/196883487377501? Ref = dp
You can find the complete data guidelines of Instagram here: https://help.instagram.com/519522125107875?helpref=page_content
How Instagram & Facebook uses the data from visiting Instagram pages for their own purposes, to what extent activities on the Instagram and Facebook pages are assigned to individual users, how long Instagram & Facebook stores this data and whether data from a Visits to the Instagram page are passed on to third parties, will not be conclusively and clearly named by Instagram & Facebook and are not known to us.
The person responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is [company name, email], as far as we have received from you via Facebook process the transmitted data exclusively yourself. Insofar as the data transmitted to us via Facebook is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland, is responsible for data processing within the meaning of the General Data Protection Regulation (GDPR).
Data protection officer Facebook
You can contact Facebook’s data protection officer using the contact form provided by Facebook at https://www.facebook.com/help/contact/540977946302970.
The person responsible for processing personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
When you access an Instagram page, the IP address assigned to your device is transmitted to Instagram / Facebook. According to information from Facebook, this IP address is anonymized and deleted after 90 days. Facebook also stores information about its users’ end devices (e.g. as part of the function
“Registration Notification”); If necessary, Facebook is able to assign IP addresses to individual users.
If you are currently logged in to Instagram as a user, there is a cookie with your Instagram ID on your device. This enables Facebook to understand that you have visited this page and how you have used it. This also applies to all other Instagram pages. Via Instagram buttons integrated into websites, Facebook is able to record your visits to these website pages and assign them to your Instagram profile. This data can be used to offer content or advertising tailored to you.
If you want to avoid this, you should log out of Instagram & Facebook or deactivate the “stay logged in” function, delete the cookies on your device and close and restart your browser. In this way, Instagram & Facebook information that can be used to directly identify you is deleted. This allows you to use our Instagram page without revealing your ID. When you access the interactive functions of the site (like, comment, share, news, etc.), a login screen appears.
After you have logged in, you will again be recognizable as a specific user for Instagram / Facebook.
12.4 Twitter: social network
Service provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Data protection declaration: https://twitter.com/de/privacy
The providers of the websites automatically collect and store information in server log files, which your browser automatically transmits. The web server log file contains domain, IP address, requests, user agent, time stamp and status code.
The e-mail log file stores metadata such as sender, recipient, time, IP address and size of the mail.
These data cannot be assigned to specific persons. These data are not combined with other data sources. We reserve the right to check these data subsequently if we become aware of concrete indications of an illegal use. The server log files are stored for a maximum of 3 days and will be deleted after this period. The data is stored for security reasons, e.g. to clarify cases of misuse. If data have to be kept for reasons of evidence, they are excluded from deletion until the incident has been finally resolved.
13) Handling of Contact Information
Direct contact with Cytena GmbH is possible at all times per e-mail, [email protected]
Job applicants are encouraged to contact Cytena GmbH through the e-mail [email protected]
Personal information contained in such e-mails will be saved and used for the duration of the
communication. The data will be deleted as soon as the purpose of their collection has been served. No data will be shared with third parties.
The legal basis of the data processing collected through e-mail follows Article 6 Section 1, f of the GDPR. Should the aim of this communication be the establishment of a contract then Article 6 Section 1 b of the GDPR also applies.
14) Contact form
When you send us enquiries using our contact form, the data provided in the form (including the contact details) is stored by us for the purpose of processing your request and answering any subsequent questions. We will never share this data with third parties without your permission.
Transfer of Data
We only allow the transfer of data, such as name and address, to third parties if this is needed for us to fulfill contract obligation and strictly needed for the third party to provide service.
When you allow us to use your data, they will only be used for the purpose stated in your consent.
Data Safety, Data Protection, E-Mail Communication
All technical and administrative measures will be taken to store your personal data in a way not accessible to third parties. When communicating by e-mail, we cannot guarantee complete data security, so we recommend that you send information that requires a high level of confidentiality by post.
15) Duration and Deletion of data
The duration of the storage of personal data is measured according to the respective legal basis, the purpose of processing and – if relevant – additionally according to the respective legal retention period (e.g. commercial and tax retention periods).
If personal data are processed on the basis of an express consent pursuant to Art. 6 para. 1 lit. a GDPR, these data are stored until the data subject revokes his consent.
If there are legal storage periods for data that are processed within the framework of legal or similar obligations on the basis of Art. 6 para. 1 lit. b GDPR, these data will be routinely deleted after expiry of the storage periods if they are no longer necessary for the fulfilment of the contract or the initiation of the contract and/or if we no longer have a justified interest in further storage. When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises his right of objection in accordance with Art. 21 para. 1 GDPR, unless we can prove compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. If personal data are processed for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, these data are stored until the data subject exercises his right of objection pursuant to Art. 21 para. 2 GDPR.
Unless otherwise stated in the other information contained in this declaration, all data processed by us, if not otherwise declared above, will be deleted in accordance with the legal requirements as soon as the consent permitted for processing is revoked or other permissions are no longer applicable (e.g. if the purpose of processing this data is no longer applicable or is not required for the purpose).
If the data is not deleted because it is required for other legally permissible purposes, its processing will be limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies e.g. for data that must be kept for commercial or tax law reasons or the storage of which is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.
Further information on the deletion of personal data can also be found in the individual data
protection information of this data protection declaration.
16) Change and update of the data protection declaration
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this data
protection declaration, please note that the addresses may change over time and ask you to check the information before contacting us.
17) Data Subject Rights
As the data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
17.1 Right of information
Users have the right to free information about your stored personal data, their origin and recipients and the purpose of data processing as well as a right to correction, blocking or deletion of these data at any time.
17.2 Right of objection:
You have the right, for reasons that arise from your particular situation, to
object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f GDPR takes place to object; this also applies to profiling based on these provisions. If the personal data concerning you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising.
17.3 Right to withdraw consent:
You have the right to withdraw your consent at any time.
Right to information:
You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements.
Right to correction:
In accordance with the legal requirements, you have the right to request the
completion of the data relating to you or the correction of incorrect data relating to you.
Right to deletion and restriction of processing: In accordance with the legal requirements, you have the right to request that the data relating to you be deleted immediately or, alternatively, to request that the processing of the data be restricted in accordance with the legal requirements.
Right to data portability:
You have the right to receive data relating to you that you have provided to
us in accordance with the legal requirements in a structured, common and machine-readable format or to request that it be transmitted to another person responsible.
Complaint to the supervisory authority:
In accordance with the legal requirements, you also have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of the data concerning your personal data violates the GDPR.
For all questions on the subject of personal data, you can contact us at any time.