Privacy Statement

General Information

As website operator Cytena GmbH is committed to ensuring the security and protection of the
personal data that we process and treat these in compliance with existing law. The following privacy policy is intended to inform you in particular about type, scope, purpose, duration and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control. As novel technologies and new webpage features may appear in the future, we would recommend reading this privacy statement in regular intervals. If we provide addresses and contact information of companies and organizations in this data protection declaration, please note that the addresses can change over time and ask you to check the information before contacting us. The definition of used technical terms (such as “personal data” and “processing”) can be found in Article 4 of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”). Per Article 4 No. 1 of the GDPR, “processing” refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

1) Contact details of the responsible person

The person responsible for data processing on this website within the meaning of the GDPR is:
Cytena GmbH
Neuer Messplatz 3
79108 Freiburg i. Br.
Germany,
Tel.: +49 761 70 88 90 0
E-Mail: [email protected]

The person responsible for processing personal data is the natural or legal person who alone orjointly with others decides on the purposes and means of processing personal data.

2) Data Acquisition when visiting our website

The use of our homepage does not depend on the user providing personal data.
We only process personal data of our users if this is necessary to provide a functional website as well as our contents and services. The use of personal data only takes place after obtaining consent of the user (Article 6 Section 1 a) of the GDPR) with the exception of cases where previous consent for practical reasons cannot be obtained and the data processing follows current regulations. We would like to point out that security gaps can occur during data exchange via internet (e.g. communication by e-mail). A complete protection of data against third persons is not possible.

3) SSL encrypting

We use SSL encryption to protect your data transmitted via our online offer. You can recognize such encrypted connections by the prefix https: // in the address line of your browser.

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use socalled cookies on various pages.

These are small text files that are stored on your end device.

We only use cookies that are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies).

If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent.

If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 Para. 1 lit. f DSGVO to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

A complete de-activation of cookie storage could impair certain features of the homepage.

5) Use of your data for direct marketing purposes

5.1 Subscribing to our e-mail newsletter

If you subscribe to our e-mail newsletter, we will regularly send you information about our company. Your e-mail address is the only mandatory information for sending the newsletter. The provision of further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an e-mail newsletter after you have expressly confirmed that you agree to receive the newsletter. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in the future by clicking on the appropriate link.

By activating the confirmation link, you consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a DSGVO.

When you register for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to track any possible misuse of your e-mail address at a later point in time. The data collected by us when you register for the newsletter will be used exclusively for the purposes of advertising in the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After you have unsubscribed, your e-mail address will be immediately deleted from our newsletter distribution list unless you have expressly consented to the further use of your data or unless we reserve the right to make further use of your data which is permitted by law and about which we inform you in this declaration.

5.2 Newsletter dispatch via MailChimp

Our e-mail newsletters are sent via the technical service provider The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA
(http://www.mailchimp.com/), to whom we forward the data you provided when registering for the newsletter. This disclosure is made in accordance with Art. 6 Para. 1 lit. f DSGVO and serves our legitimate interest in the use of an effective, secure and user-friendly newsletter system.

Please note that your data is usually transferred to a MailChimp server in the USA and stored there.

MailChimp uses this information for the dispatch and statistical evaluation of the newsletter on our behalf. For the evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. This enables us to determine whether a newsletter message has been opened and which links have been clicked. Mailchimp uses web beacons to automatically generate general, non-personal statistics about the response behaviour to newsletter campaigns. On the basis of our justified interest in the statistical evaluation of the newsletter campaigns for the optimisation of advertising communication and the better orientation towards recipient interests, the web beacons in accordance with Art. 6 Para. 1 lit f DSGVO also collect and process data of the respective newsletter recipient (e-mail address, time of retrieval, IP address, browser type and operating system). These data allow an individual conclusion to be drawn about  the newsletter recipient and are processed by Mailchimp for the automated generation of statistics that show whether a certain recipient has opened a newsletter message.

If you wish to deactivate data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

MailChimp can also use this data in accordance with Art. 6 Para. 1 lit. f DSGVO itself on the basis of its own legitimate interest in the needs-based design and optimisation of the service as well as for market research purposes, for example to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

In order to protect your data in the USA, we have concluded a data processing agreement with MailChimp based on the standard contractual clauses of the European Commission to enable the transfer of your personal data to MailChimp. If you are interested, this data processing agreement can be viewed at the following Internet address: https://mailchimp.com/legal/data-processingaddendum/

In addition, MailChimp is certified under the us European data protection agreement “Privacy Shield” and is thus committed to complying with EU data protection regulations.

You can view the privacy policy of MailChimp here:
https://mailchimp.com/legal/privacy/

6) Contact and Sales force contact form

Within the scope of contacting us (e.g. via sales force contact form or e-mail), personal data is collected. Which data is collected in the case of the contact form, is apparent from there. These data are stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request pursuant to Art. 6 Para. 1 lit. f DSGVO. If the purpose of your contact is to conclude a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b DSGVO. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided there are no legal obligations to retain data.

7) Google Analytics

These websites use Google Analytics, a web analysis service from Google Inc. (“Google”). Information about your use of the website is collected, including Browser type and version, operating system used, referrer URL (previously visited page), IP address or date / time of the request.
Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analysed. The information generated by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. Because IP
anonymization is activated on this website, your IP address will be shortened by Google within
member states of the European Union or the EEA (European Economic Area) and only transmitted
anonymously. The full IP address will only be sent to a Google server in the USA and shortened there
in exceptional cases. This transmission takes place on the basis of the EU-U.S. Privacy Shield
Agreement.
On behalf of the operator of this website, Google will use this information to evaluate your use of the
website, to compile reports on website activity and to provide the website operator with other
services relating to website and internet usage.
Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of
Google Analytics is Art. 6 Paragraph 1 Letters a and f GDPR. The data sent by us and linked to cookies,
user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of
data whose retention period has expired takes place automatically once a month.
You can prevent the storage of cookies by setting your browser software accordingly; however, we
would like to point out that in this case you may not be able to use all functions of this website to
their full extent.
You can also prevent Google from collecting the data generated by the cookies and relating to your
use of the websites (including your IP address) and from processing this data by Google by
downloading the browser plug-in available under the following link and install. The link is:
http://tools.google.com/dlpage/gaoptout
Alternatively, you can prevent Google Analytics from collecting data in individual cases by clicking on
the link below. This sets an opt-out cookie that prevents the future collection of your data when you
visit this website: Deactivate Google Analytics .
You can get more information from Google at https://policies.google.com/privacy/partners.

8) YouTube

We use YouTube to integrate videos. The videos were embedded in the extended data protection
mode. Like most websites, YouTube also uses cookies to collect information about visitors to their
website. YouTube uses these, among other things, to record video statistics, to avoid fraud and to
improve user-friendliness. This also leads to a connection to the Google DoubleClick network. When
you start the video, it could trigger further data processing. We have no influence on that. You can
find more information about data protection at YouTube in their privacy policy.

9) reCAPTCHA

We bind the “reCaptcha” function to recognize bots, e.g. for entries in online forms. The behavioral
information provided by users (e.g. mouse movements or queries) is evaluated in order to be able to
differentiate between people and bots. Service provider: Google Ireland Limited, Gordon House,
Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway,
Mountain View, CA 94043, USA; Website: https://www.google.com/recaptcha/; Data protection
declaration: https://policies.google.com/privacy; Opposition option (opt-out): opt-out plug-in:
https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertisements:
https://adssettings.google.com/authenticated.

10) Google Maps

We integrate the maps from the “Google Maps” service provided by Google. The processed data may
include, in particular, the users’ IP addresses and location data, which, however, are not collected
without their consent (usually within the framework of the settings of their mobile devices); Service
provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company:
Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website:
https://cloud.google.com/maps-platform; Data protection declaration:
https://policies.google.com/privacy; Opposition option (opt-out): Opt-out plug-in:
https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertisements:
https://adssettings.google.com/authenticated.

11) Google Fonts

We integrate the fonts (“Google Fonts”) from the provider Google, whereby the user data is used
solely for the purpose of displaying the fonts in the user’s browser. The integration is based on our
legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their uniform
representation and taking into account possible licensing restrictions for their integration. Service
provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company:
Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Website:
https://fonts.google.com/; Data protection declaration: https://policies.google.com/privacy.
12) Presence in social networks (social media)
We maintain an online presence within social networks and process user data in this context in order
to communicate with the users active there or to offer information about us.
We would like to point out that user data can be processed outside of the European Union. This can
result in risks for the user, because e.g. the enforcement of user rights could be made more difficult.
Furthermore, the data of the users within social networks are usually processed for market research
and advertising purposes. E.g. User profiles are created based on the usage behavior and the
resulting interests of the users. The usage profiles can in turn be used to e.g. To place advertisements
inside and outside the networks that presumably correspond to the interests of the users. For these
purposes, cookies are usually stored on the user’s computer, in which the usage behavior and the
interests of the user are stored. Furthermore, data can be stored in the usage profiles regardless of
the devices used by the users (especially if the users are members of the respective platforms and
are logged in to them).
For a detailed description of the respective forms of processing and the possibilities of objection
(opt-out), we refer to the data protection declarations and information provided by the operators of
the respective networks.
In the case of requests for information and the assertion of rights of data subjects, we point out that
these can be most effectively asserted with the providers. Only the providers have access to the data
of the users and can take appropriate measures and provide information. If you still need help, you
can contact us.
Processed data types are inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone
numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in
content, access times), meta / communication data (e.g. device Information, IP addresses).
The purposes of processing are contact inquiries and communication, tracking (e.g. interest /
behavioural profiling, use of cookies), remarketing, range measurement (e.g. access statistics,
recognition of returning visitors).
This is based on legitimate interests after Art. 6 Para. 1 S. 1 lit. f. GDPR.

12.1 Facebook: social network

Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland
Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA
Website: https://www.facebook.com
Data protection declaration: https://www.facebook.com/about/privacy
Settings for advertisements: https://www.facebook.com/settings?tab=ads
Additional information on data protection: Agreement on joint processing of personal data on
Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum
Data protection information for Facebook pages: https://www.facebook.com/legal/ terms /
information_about_page_insights_data

12.2 LinkedIn: social network

Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Website: https://www.linkedin.com
Data protection declaration: https://www.linkedin.com/legal/privacy-policy
Opposition option (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-optout.

12.3 Twitter: social network

Service provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Data protection declaration: https://twitter.com/de/privacy
Settings: https://twitter.com/personalization.
The providers of the websites automatically collect and store information in server log files, which
your browser automatically transmits.
The web server log file contains domain, IP address, requests, user agent, time stamp and status
code.
The e-mail log file stores metadata such as sender, recipient, time, IP address and size of the mail.
These data cannot be assigned to specific persons. These data are not combined with other data
sources. We reserve the right to check these data subsequently if we become aware of concrete
indications of an illegal use. The server log files are stored for a maximum of 3 days and will be
deleted after this period. The data is stored for security reasons, e.g. to clarify cases of misuse. If data
have to be kept for reasons of evidence, they are excluded from deletion until the incident has been
finally resolved.

13) Handling of Contact Information

Direct contact with Cytena GmbH is possible at all times per e-mail, [email protected]
Job applicants are encouraged to contact Cytena GmbH through the e-mail [email protected]
Personal information contained in such e-mails will be saved and used for the duration of the
communication. The data will be deleted as soon as the purpose of their collection has been served.
No data will be shared with third parties.
The legal basis of the data processing collected through e-mail follows Article 6 Section 1, f of the
GDPR. Should the aim of this communication be the establishment of a contract then Article 6
Section 1 b of the GDPR also applies.

14) Contact form

When you send us enquiries using our contact form, the data provided in the form (including the
contact details) is stored by us for the purpose of processing your request and answering any
subsequent questions. We will never share this data with third parties without your permission.
Transfer of Data
We only allow the transfer of data, such as name and address, to third parties if this is needed for us
to fulfill contract obligation and strictly needed for the third party to provide service.
When you allow us to use your data, they will only be used for the purpose stated in your consent.
Data Safety, Data Protection, E-Mail Communication
All technical and administrative measures will be taken to store your personal data in a way not
accessible to third parties. When communicating by e-mail, we cannot guarantee complete data
security, so we recommend that you send information that requires a high level of confidentiality by
post.

14) Duration and Deletion of data

The duration of the storage of personal data is measured according to the respective legal basis, the
purpose of processing and – if relevant – additionally according to the respective legal retention
period (e.g. commercial and tax retention periods).
If personal data are processed on the basis of an express consent pursuant to Art. 6 para. 1 lit. a
DSGVO, these data are stored until the data subject revokes his consent.
If there are legal storage periods for data that are processed within the framework of legal or similar
obligations on the basis of Art. 6 para. 1 lit. b DSGVO, these data will be routinely deleted after expiry
of the storage periods if they are no longer necessary for the fulfilment of the contract or the
initiation of the contract and/or if we no longer have a justified interest in further storage.
When processing personal data on the basis of Art. 6 para. 1 lit. f DSGVO, this data is stored until the
data subject exercises his right of objection in accordance with Art. 21 para. 1 DSGVO, unless we can
prove compelling grounds for processing worthy of protection which outweigh the interests, rights
and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If personal data are processed for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f
DSGVO, these data are stored until the data subject exercises his right of objection pursuant to Art.
21 para. 2 DSGVO.
Unless otherwise stated in the other information contained in this declaration, all data processed by
us, if not otherwise declared above, will be deleted in accordance with the legal requirements as
soon as the consent permitted for processing is revoked or other permissions are no longer
applicable (e.g. if the purpose of processing this data is no longer applicable or is not required for the
purpose).
If the data is not deleted because it is required for other legally permissible purposes, its processing
will be limited to these purposes. This means that the data is blocked and not processed for other
purposes. This applies e.g. for data that must be kept for commercial or tax law reasons or the
storage of which is necessary to assert, exercise or defend legal claims or to protect the rights of
another natural or legal person.
Further information on the deletion of personal data can also be found in the individual data
protection information of this data protection declaration.

15) Change and update of the data protection declaration

We ask you to inform yourself regularly about the content of our data protection declaration. We will
adapt the data protection declaration as soon as the changes to the data processing carried out by us
make this necessary. We will inform you as soon as the changes require your cooperation (e.g.
consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this data
protection declaration, please note that the addresses may change over time and ask you to check
the information before contacting us.

16) Data Subject Rights

As the data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to
21 GDPR:

16.1 Right of information

Users have the right to free information about your stored personal data, their origin and recipients
and the purpose of data processing as well as a right to correction, blocking or deletion of these data
at any time.

16.2 Right of objection:

You have the right, for reasons that arise from your particular situation, to
object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f
DSGVO takes place to object; this also applies to profiling based on these provisions. If the personal
data concerning you are processed in order to operate direct mail, you have the right to object at any
time to the processing of the personal data concerning you for the purpose of such advertising; this
also applies to profiling insofar as it is connected to such direct advertising.

16.3 Right to withdraw consent:

You have the right to withdraw your consent at any time.
Right to information: You have the right to request confirmation as to whether the data in question is
being processed and to request information about this data as well as further information and a copy
of the data in accordance with the legal requirements.
Right to correction: In accordance with the legal requirements, you have the right to request the
completion of the data relating to you or the correction of incorrect data relating to you.
Right to deletion and restriction of processing: In accordance with the legal requirements, you have
the right to request that the data relating to you be deleted immediately or, alternatively, to request
that the processing of the data be restricted in accordance with the legal requirements.
Right to data portability: You have the right to receive data relating to you that you have provided to
us in accordance with the legal requirements in a structured, common and machine-readable format
or to request that it be transmitted to another person responsible.
Complaint to the supervisory authority: In accordance with the legal requirements, you also have the
right to lodge a complaint with a supervisory authority, in particular in the member state of your
habitual residence, your place of work or the place of the alleged infringement, if you are of the
opinion that the processing of the data concerning your personal data violates the GDPR.

For all questions on the subject of personal data, you can contact us at any time .