1. How we protect your personal data

This data protection policy (“Policy”) informs you how we (Reaction Biology Corporation) process your Personal Data when you visit our website, order our products, or receive marketing materials from us. “Personal Data” is any information relating to an identified or identifiable natural person (a data subject), such as your name, physical address, IP or email address that we receive either directly from you, or from our affiliated companies. While this Policy refers to the EU General Data Protection Regulation (“GDPR”), we provide the same standard of protection for Personal Data from individuals outside of the European Economic Area (“EEA”).

Who is responsible for the data collection on this website?

The party responsible for the processing of the Personal Data (data controller) is: Reaction Biology Corporation One Great Valley Parkway, Suite 2 Malvern, PA 19355 Attn: Customer Service Phone: +1 877.347.2368 Email: [email protected]

How do we collect your data?

Some Personal Data are collected when you provide them to us to perform our services to you or sell our products online to you. This could be the case, for example, for Personal Data that you provide via an online contact, email contact, or order form. Other data sets are collected automatically by our IT systems through cookies etc. when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

Server log files

When using the website for information purposes only (i.e. without registration), we only collect the Personal Data that your browser transmits to our server. When you visit the website, we collect the following data, which are technically necessary for us to enable you to visit the website and to ensure stability and security (legal basis is Art. 6 (1) lit. f GDPR). These data sets are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data sets will not be combined with data from other sources. The temporary storage of your IP address is necessary in order to enable the delivery of our website to your device. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. In these purposes lies our legitimate interest in data processing. The IP addresses are retained for 30 days. Error logs, which log erroneous page views, are deleted after 7 days. In addition to the error messages, these logs include the accessing IP address and, depending on the error, the website accessed. What do we use your data for and where do we store them? We process the personal data of our users only to the extent necessary for the provision of a functional website, its contents, and to provide our services. We process the personal data of our users unless an exception applies due to applicable law. Some of the data are used to analyze how visitors use the site. We do not use your personal data for profiling. What is the legal basis for data processing under the Policy? Insofar as we obtain the prior consent of the data subject for processing of personal data, Art. 6 (1) lit. an EU General Data Protection Regulation (“GDPR”) is the legal basis. If the processing of personal data is necessary for the performance of an agreement to which the data subject is a party, Art. 6 (1) lit. b GDPR is the legal basis. This also applies to processing operations required to carry out pre-contractual measures. If the processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 (1) lit. c GDPR is the legal basis. If the processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights, and fundamental freedoms of the data subject do not outweigh the former interest, Art. 6 (1) lit. f GDPR as the legal basis for processing. How do we receive Personal Data from our affiliated companies in the EEA? All Personal Data covered by this Policy is stored with us in the United States. We may receive your Personal Data from our affiliated companies or directly from you (e.g. by contacting us via telephone or email) for the purposes listed in this Policy. In order to provide an adequate level of data protection, we have a (controller-to-controller) data transfer agreement with our EEA-based affiliates in place (Art. 46 GDPR) and also incorporated the Standard Contractual Clauses (SCCs) issued by the EU Commission implementing decision 2021/914 of 4 June 2021. Please contact us if you would like to receive more information about these data transfers. What are our Analytics and third-party tools? When visiting our website, statistical analyses may be made of your surfing behavior by cookies, pixels or similar analytical tools. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information and how you are able to object to the processing can be found in Sections 5 to 10 on cookies and tracking in this Policy below. Promotional emails from us (opt-out) We will only send you promotional materials if we have your prior consent or if we have received your e-mail address from you in connection with the sale of a good or service and use the email address for direct mail advertising of your own similar goods or services. In both cases, we will always provide you with a possibility to opt-out of such email marketing or to withdraw your consent by writing us at any time at no cost for you. Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. We do not warrant complete protection of your Personal Data from third-party access during and after the transmission.

2. Rights of the data subject

To the extent that we process your personal data, you are entitled to the following rights:

a. Right of access

You can request confirmation from us as to whether we process personal data related to you. If this is the case, you can request information from us about the following:

  • The purposes for which the personal data is processed;
  • The categories of personal data which are processed;
  • The recipients or categories of recipients to whom your personal data has been disclosed or will be disclosed;
  • The planned duration of the storage of your personal data or, if this specific information is not available, the criteria for determining the storage duration;
  • The existence of a right to correction or deletion of personal data relating to you, the right to limitation of processing by the responsible body or the right to refuse this processing;
  • The existence of a right of complaint to a supervisory authority;
  • All available information about the origin of the data if personal information is not provided by yourself but rather by third parties;
  • The existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR.

You have the right to demand information as to whether or not your personal data is transferred to a third country or an international organization. In this context, you have the right to request the appropriate guarantees in accordance with Article 46 GDPR with regard to the transmission.

b. Right to rectification

You have the right to request the immediate correction/completion if your personal data processed by us is incorrect or incomplete.

c. Right to erasure (right to be forgotten)

Mandatory deletion You are entitled to request that we delete your personal data immediately provided that one of the following reasons applies:

  • Your personal data is no longer necessary for the purposes for which it was collected or processed in any other way.
  • If the processing was based on Article 6 (1)(a) GDPR, and you withdraw your consent and there is no further legal basis for the processing.
  • You object to the processing in accordance with Article 21 (1) GDPR and there are no superseding, legitimate reasons for the processing, or you object to the use of your personal data for advertising purposes in accordance with Article 21 (2) GDPR.
  • Your personal data has been processed unlawfully.
  • The deletion of your personal data is required to fulfill a legal obligation.

Exceptions The right of deletion does not apply provided that the processing is required

  • in order to exercise the right to freedom of expression and information;
  • in order to fulfill a legal obligation or for the performance of a task carried out in the public’s interest;
  • for the assertion, exercise or defense of legal claims.
d. Right to restriction of processing

Under the following conditions, you are entitled to request a restriction of the processing of your personal data:

  • if you contest the correctness of your personal data for a period of time that allows us to verify the correctness;
  • the processing is unlawful and you reject the deletion of your personal data and, instead, demand the restriction of the use of the personal data;
  • we no longer require your personal data for the purposes of the processing, yet you still require this data in order to assert, exercise or defend against legal claims, or
  • if you have submitted an objection to the processing in accordance with Article 21(1) GDPR and it has not yet been decided whether our legitimate reasons as the body responsible outweigh your reasons as the affected person.

If the processing of your personal data has been restricted, this data – with the exception of its storage – may only be processed with your consent or for the assertion, exercise or defense of legal claims, or to protect the rights of another natural or legal person or for reasons of substantial public interests of the Union or a Member State can be processed. If the restriction of processing itself has been restricted as a consequence of the above-mentioned requirements, we will inform you before the restriction is lifted.

e. Right to data portability

You have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the processing is based on Article 6(1)(a) or (b) or Article 9(2) GDPR.

f. Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1) lit. f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation. Your personal data will then no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion or defense of legal claims.

g. Right to withdraw consent

To the extent the processing of your personal data is based on your consent pursuant to Art. 6(1) lit. a GDPR or Section 25 (1) TTDSG, you may withdraw your consent at any time with effect for the future by sending an email to [email protected].

h. Right to file a complaint with a supervisory authority

Regardless of other legal remedies, you have the right to file a complaint with the responsible supervisory authority if you are of the opinion that the processing of your data violates provisions of the GDPR.

3. SSL encryption

This site uses SSL encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar. If SSL encryption is activated, the data you transfer to us cannot be read by third parties.

4. Cookies and similar web tools

In order to optimize the functionality and usability of the website, we use so-called cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site. Cookies that are necessary to allow electronic communications or to provide certain functions you wish to use are processed by us pursuant to Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. We will inform you separately about all cookies by means of which personal data are processed and which are not technically necessary for the provision of the website (e.g. cookies set by third-party companies or cookies used for analysis purposes) within the scope of this privacy policy and only use these personal data with your prior consent (Art. 6 (1) lit. a GDPR). We use cookies on our website that allow an analysis of users’ browsing behavior. For this purpose, the following data sets may be processed: (1) Entered search terms (2) The frequency of page views (3) Use of our Website Features. The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. For this purpose, it is necessary that the browser is recognized even after the user leaves the page. We use cookies for the following applications: (1) Shopping Basket (2) Adoption of language settings (3) Remembering passwords. Browser Configuration to Reject Cookies You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or always reject them, or automatically delete cookies when closing your browser. You can also individually administer the cookies of many companies and functions that are used for advertising. Use the relevant user tools, which can be found at https://www.aboutads.info/choices or http://www.youronlinechoices.com/uk/your-ad-choices. Disabling cookies may limit the functionality of this website. In addition, most browsers offer a so-called “Do-not-track function”, with which you can state that you do not wish to be “tracked” by websites. If this function is activated, the respective browser informs advertising networks, websites, and applications that you do not want to be tracked for the purpose of behavioral advertising. Google Analytics This website uses Google Analytics, a web analytics service. The analytics service is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) as the data controller. We use Google Analytics to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user. Google Analytics uses its own cookies for these purposes. If individuals. If individuals click pages of our Website, the following data may be processed: (1) The IP address of the calling system of the user (2) The website (3) The website from which the user came to the accessed website (referral) (4) The subpages that are visited from the called web page (5) The length of stay on the website (6) The frequency of the stay the website. The legal basis for the use of Google Analytics and the processing of the users’ personal data is Article 6 (1) lit. a GDPR. You can revoke your consent in whole or in part at any time with effect for the future by changing your cookie settings. Google offers an opt-out from Analytics as a visitor in form of a browser plugin. You have to activate it in order to not be tracked on any site using Google Analytics. You find the online tool here (German version): https://tools.google.com/dlpage/gaoptout. You can also prevent the collection of your data by Google Analytics and an opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics. For more information about how Google Analytics handles user data, see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en. If you disable cookies for our website, it may not be possible to use all the functions of the website to the full extent. Google Ads (formerly Google Adwords) Our website uses Google Ads, an online advertising program from Google. For Google Ads, the participating advertisers bid on certain keywords in order for their clickable ads to appear in Google’s search results. Google Ads uses its own cookies. When you are logged-in to your Google account, you can use your Ads Settings to manage the Google ads you see and opt out of Ads Personalization (“turn off”). Even if you opt out of Ads Personalization, you may still see ads based on factors such as your general location derived from your IP address, your browser type, and your search terms. If you do not have a Google account, you can use your browser settings (as described below) to administer your cookies. As part of Google Ads, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page. In addition, each Google Ads advertiser has a different cookie. Thus, cookies cannot be tracked using the website of a Google Ads advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the Google Ads advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics. The legal basis for the use of Google Ads and the processing of the users’ personal data is Article 6 (1) lit. a GDPR. You can revoke your consent in whole or in part at any time with effect for the future by changing your cookie settings. No Profiling We do not create user profiles from the information in cookies.

5. Contact form on our website

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question, and any follow-up questions. We do not share this information without your permission. We will, therefore, process any data you enter onto the contact form only with your consent pursuant to Art. 6 (1) lit. a GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

6. Registration on our website

You can register on our website in order to access additional functions offered here and to offer our products (user account). On our Website, we have a contact form available, which we use for electronic contacts. If a user enters into contact with us through this form, the personal data entered in the input mask are transmitted to us and stored. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will not process your registration. To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration. We will process the data provided during registration only based on your consent pursuant to Art. 6 (1) lit. a GDPR or if the processing is necessary for the fulfillment of a contract with the user. The personal data will be deleted or fully anonymized if they are no longer necessary for this purpose You may revoke your consent at any time with future effect by informing us via mail or email [email protected]. The data processed before we receive your request may still be legally processed. Even after the end of the contract, there may be a need for us to store personal data of the contracting party in order to comply with contractual or legal obligations. We will continue to store the data collected during registration for as long as you remain registered on our website or is necessary to provide you with the purchased products. Statutory retention periods (e.g. for bookkeeping and tax reasons) remain unaffected.

7. Data transmitted when entering into a contract with online shops, retailers, and mail order

We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks or credit card companies entrusted to process your payments. We will also use your address and names for sending you invoices. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent. The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

8. Newsletter data

If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties. We will process any personal data you enter onto the contact form or that you send to us to contact us only (1) with your consent (Art. 6 (1) lit. a GDPR), or (2) if the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Art. 6 (1) lit. b GDPR). We may process your email address to send you our newsletters to the extent permitted by law. This allows us to send you these newsletters if (1) we have received the email address in connection with the sale of goods or services, (2) we use the address for direct advertising for our own similar goods or services, and (3) you have not objected to the use. In any event, you can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter or by sending an email to us [email protected]. The data processed before we receive your request may still be legally processed. We will process the data provided for the newsletter to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the member’s area) remain unaffected.

9. MailChimp

This website uses the services of MailChimp to send newsletters. This service is provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service that organizes and analyzes the distribution of newsletters. If you provide data (e.g. your email address) to subscribe to our newsletter, it will be stored on MailChimp servers in the USA. In order to ensure compliance with European privacy standards in the United States, MailChimp’s Data Processing Annex with EU Standard Contract Clauses (SCCs) is part of MailChimp’s Standard terms of use to which we agreed by entering into a contract with MailChimp. MailChimp agrees to abide by and process EU Data in compliance with the SCCs. We use MailChimp to analyze our newsletter campaigns. When you open an email sent by MailChimp, a file included in the email (called a web beacon) connects to MailChimp’s servers in the United States. This allows us to determine if a newsletter message has been opened and which links you click on. In addition, technical information is collected (e.g. time of retrieval, IP address, browser type, and operating system). This information cannot be assigned to a specific recipient. It is used exclusively for the statistical analysis of our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to your interests. If you do not want your usage of the newsletter to be analyzed by MailChimp, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly on the website. This data processing is based on your consent (Art. 6 (1) lit. a GDPR). You may revoke your consent at any time by unsubscribing to the newsletter. The data processed before we receive your request may still be legally processed. The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of MailChimp. Data we have stored for other purposes (e.g. email addresses for the member’s area) remain unaffected. For details, see the MailChimp privacy policy at https://mailchimp.com/legal/data-processing-addendum/

10. Plugins and tools

This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This allows us to display interactive maps directly on the website and enables you to use the map function conveniently. To ensure data protection on this website, Google Maps is deactivated when you first enter this website. A direct connection to Google’s servers is only established when you independently activate Google Maps (consent according to Art. 6 (1) lit. a GDPR). This prevents your data from being transferred to Google when you first enter the page. After activation, Google Maps will store your IP address. This information is generally transmitted to a Google server in the USA and stored there. The operator of this website has no influence on this data transfer after the activation of Google Maps. Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/

11. Salesforce Marketing Cloud

Our customer data are managed using Salesforce Marketing Cloud, a service provided by Salesforce.com Inc, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States of America, and its German subsidiary salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter collectively referred to as “Salesforce”). Salesforce Marketing Cloud is a CRM system which makes it possible, e.g., to manage existing and potential customers and customer contact details, and to organize our sales, marketing campaigns and communication processes. Beyond that, the use of the CRM system allows us to analyze our customer-related processes. The customer data are stored on Salesforce’s servers. During this process, personal data may also be transferred to servers operated by Salesforce in the United States. The legal basis for the use of Salesforce’s services is Art. 6(1) lit. f GDPR. We have a legitimate interest in ensuring that our customers are managed and communicated with as efficiently as possible. Provided that we have asked for your consent, your data will be processed exclusively on the basis of Art. 6(1) lit. a GDPR. Insofar as your consent also extends to the storage of cookies or the access to any information on your device (e.g. device fingerprinting) as outlined in the TTDSG (German Federal Act on Privacy in Telecommunications and Telemedia), your data will furthermore be processed on the basis of Sec. 25 Sec. 1 TTDSG. You may revoke your consent at any time. Salesforce has Binding Corporate Rules (BCR) in place which were approved by the French Data Protection Authority. The provisions of the BCR are binding at company level and intended to legitimize the intra-group transfer of personal data between the Salesforce group companies to third-party countries outside the EU and EEA. The BCR can be found at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf. Further details regarding the processing of personal data when using Salesforce’s services can be found in Salesforce’s Data Protection Impact Assessment (DPIA) available at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Privacy/dpia-and-salesforce-services.pdf and in Salesforce’s data privacy notice available at https://www.salesforce.com/de/company/privacy/. We have entered into an agreement on the commissioned processing of personal data in accordance with Art. 28(3) GDPR with Salesforce (Data Processing Addendum) which can be found at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf. Through the Data Processing Addendum, Salesforce undertakes that it will only process the data based on our instructions and in accordance with the provisions of the GDPR and to ensure the protection of the rights of the affected data subjects. The Data Processing Addendum also incorporates the standard contractual clauses (EU/2021/914) issued by the European Commission in accordance with Art. 46(2) lit. c) GDPR for establishing the appropriate safeguards prescribed by the provisions of the GDPR for the transfer of personal data outside the EU and EEA. [Version of November 2022]

Your Development Partner

Contact Us