The protection and security of personal data as defined in Article 4(1) of the EU General Data Protection Regulation (hereinafter referred to as “EU GDPR”) of the users of our, i.e. inventicsDx GmbH’s, website (www.inventicsdx.com) are of paramount importance to us. This Data Privacy Statement provides you with information about the nature, scope and purpose of personal data processing on our website as well as about your rights under data protection law. The term “personal data” means any information relating to an identified or identifiable natural person.

We process personal data on our website exclusively within the legal framework of the EU GDPR and any other applicable provisions under data protection law.

This Data Privacy Statement provides such information in accordance with Article 13 EU GDPR for your use of the website named above.

1. Identity and contact details of the controller

The controller responsible for operating our website and for handling the personal data processed in the operation of our website is

You can contact our data protection officer as follows:

Dr. Gregor Scheja
Scheja und Partner Rechtsanwälte mbB
Adenauerallee 136
53113 Bonn
Germany

Tel: +49(0)228/2272260
Contact: https://www.scheja-partner.de/kontakt/kontakt.html

2. General information on data processing

If you have any data protection-related questions or would like to notify us of any data protection-related issues, please send an email to contact@inventicsdx.com or write a letter to the address of inventicsDx GmbH stated above.

Since this Data Privacy Statement may be subject to changes in applicable law and to adjustments necessitated by a change in internal processes, you are kindly requested to re-read this Data Privacy Statement on a regular basis.

3. Ways, purposes and legal bases of collecting data

a. Accessing the website

When you access our website, our system automatically processes both general and personal data from the system of the computer that is accessing our website including, without limitation, the data specified below:

information on the browser type and the browser version used the user’s operating system and IP address date and time of access websites from which the system of the user accesses our website.

The data will also be stored in the logfiles of our system. The IP address of the user and any other data that may identify the user will not be so processed. This data will not be stored together with other personal data of the user.

Processing the personal data allows us to ensure the functionality of the website.

Legal basis for this particular way of processing personal data is the overriding legitimate interest of inventicsDx GmbH pursuant to Article 6(1) lit. (f) EU GDPR. This overriding legitimate interest of inventicsDx GmbH is to be able to offer users access to its website and to information provided by it.

b. Using the contact form or the email address contact[at]inventicsDx.com to contact us

Personal data will also be processed when you complete our contact form.

If you use our contact form to make an enquiry, the information provided by you in the contact form will be used to process the enquiry. In particular, we will process the following data provided by you in order to be able to contact you:

name

company name

email address

telephone number (if provided)

additional information related to the enquiry, if and as necessary

Alternatively, you may contact us by sending an email to the address provided. In this case, the user’s personal data provided in the email will be stored.

Legal basis for this particular way of processing personal data is the overriding legitimate interest of inventicsDx GmbH pursuant to Article 6(1) lit. (f) EU GDPR. This overriding legitimate interest of inventicsDx GmbH is to be able to contact the users of its website.e. Compliance with statutory obligations

We will also process your personal data in order to comply with statutory obligations, e.g. regulatory requirements as well as data retention requirements under commercial and tax laws. In this case, the relevant statutory provisions in conjunction with Article. 6(1) lit. (c) EU GDPR constitute the legal basis for processing your personal data.

c. Other types of data processing

inventicsDx GmbH will use the personal data for any purpose other than the purposes described above only to the extent that this is necessary for the purposes of the legitimate interests pursued by us or by a third party (Article 6(1) lit. (f) EU GDPR) or the prevention of threats to national or public security or the prosecution of criminal offences.

Your personal data will not be analysed for marketing or other purposes.

In the event that we intend to process your personal data for any purpose other than the purposes described above, we will inform you in advance in accordance with and subject to applicable statutory provisions.

4. Your rights

Under the EU GDPR and the Federal Data Protection Act, you have the following rights, while it must be reviewed in each individual case whether the relevant requirements have been met:

right of access to your personal data stored by us (Article 15 EU GDPR)

right to rectification of inaccurate personal data and right to have incomplete personal data completed (Article 16 EU GDPR)

right to erasure of your data (Article 17 EU GDPR)

right to restriction of processing of your data (Article 18 EU GDPR)

right to receive the data provided by you in a structured, commonly used and machine-readable format (Article 20 EU GDPR)

right to object at any time to the processing of your data for direct marketing purposes (Article 21(2) and (3) EU GDPR)

if and when we process your data for a legitimate interest, the right to object to such processing on grounds relating to your particular situation that conflict with such data processing (Article 21(1) EU GDPR)

In addition, you have the right to withdraw your consent at any time. This also applies to any consent given to us before the EU GDPR entered into force on 25 May 2018.

To exercise these rights, please notify us by post or by email to contact@inventicsdx.com. If you request access to your personal data stored by us, we may demand that you produce evidence showing that you are who you claim to be.

You have the right to lodge a complaint with the data protection officer named above or any data protection supervisory authority. The data protection supervisory authority competent for us is

Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information) Friedrichstraße 219 10969 Berlin

5. Data security and data protection, communication by email

inventicsDx GmbH uses appropriate technical and organisational measures to prevent unauthorised access and disclosure and to ensure that personal data is accurate and is used lawfully. Nevertheless, no electronic communication is 100% secure, which means that all data and information you provide to inventicsDx GmbH may still be obtained by third parties by gathering such data and information unlawfully. inventicsDx GmbH may not be held responsible or liable for any errors occurring and/or any incidents of unauthorised access by third parties during data transmission.

Likewise, we are unable to ensure that data is 100% secure in communications by email. Therefore, we recommend you to communicate by post any information that must be treated with strict confidentiality.

6. SSL/TLS encryption

Our website uses SSL/TLS encryption (transfer encryption) for security reasons and to ensure that any confidential content you send to us as the operator of the website is transferred securely. SSL (Secure Sockets Layer) and its predecessor TLS (Transport Layer Security) is a recognised network security protocol used to transfer data securely. You can recognise an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.

7. Use of Google Analytics

On our website, we use Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, United States of America (“Google”). Google Analytics uses cookies, i.e. text files that are stored on your computer and enable analysis of your use of the website. The information generated by the cookies about your use of the website will usually be transferred to and stored by Google on servers located in the United States. For your protection, we have activated the IP anonymisation function on our website. This will cause Google to shorten your IP address within member states of the European Union or other states party to the Agreement on the European Economic Area prior to sending it to the United States.

Under the data processing agreement that the operator of this website has concluded with Google, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to your use of the website and internet usage to the website operator.

For those exceptional cases where personal data is transferred to the United States, Google is certified under the EU-US Privacy Shield. For

additional information, please visit https://support.google.com/analytics/answer/7105316?hl=en&ref_topic=2919631 or https://www.privacyshield.gov/EU-US-Framework.

When you visit our website, we will ask for your consent to use cookies other than those required to operate the website.

You may refuse the use of cookies by selecting the appropriate settings in your browser, however please note that if you do this you may not be able to use the full functionality of this website.

In addition, you may block the transmission of the data collected by the cookie (including your IP address) to Google by installing a browser plugin. You can download the browser plugin from the following website: https://tools.google.com/dlpage/gaoptout?hl=en. You can find more information on the use of data by Google Inc. here: https://support.google.com/analytics/answer/6004245?hl=en

8. References and links

Our website also includes third-party content. These services can be used only if the providers of such content (third-party provider) can identify the IP address of the user. No such content can be sent to you unless your IP address has been transmitted previously. Your IP address is needed to display content. While we seek to only use content whose providers use your IP address exclusively to deliver content, we have no way of ensuring that third party providers will not store your IP address, for example, for statistical purposes. If and to the extent that we are aware of this, we will inform the users thereof.

When accessing websites to which this website has a link, you may be asked once again to provide information such as your name, address, email address, browser type, etc. This Data Privacy Statement does not apply to personal data collected, disclosed or handled by third parties.

Third-party providers may have their own terms on how to handle the collection, processing and use of personal data that may differ from the terms hereof. Therefore, we recommend you to check the websites of such third-party providers for their manner of handling personal data before you enter your personal data.