Privacy policy
An overview of data protection
General information
The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term "personal data" comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.
Data recording on this website
Who is the responsible party for the recording of data on this website (i.e., the "controller")?
The data on this website is processed by the operator of the website, whose contact information is available under section "Information about the responsible party (referred to as the "controller" in the GDPR)" in this Privacy Policy.
How do we record your data?
We collect your data as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form.
Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., web browser, operating system, or time the site was accessed). This information is recorded automatically when you access this website.
What are the purposes we use your data for?
A portion of the information is generated to guarantee the error free provision of the website. Other data may be used to analyze your user patterns.
What rights do you have as far as your information is concerned?
You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency.
Please do not hesitate to contact us at any time if you have questions about this or any other data protection related issues.
Analysis tools and tools provided by third parties
There is a possibility that your browsing patterns will be statistically analyzed when your visit this website. Such analyses are performed primarily with what we refer to as analysis programs.
For detailed information about these analysis programs please consult our Data Protection Declaration below.
General information and mandatory information
Data protection
The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.
Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.
We herewith advise you that the transmission of data via the Internet (i.e., through email communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.
Information about the responsible party (referred to as the "controller" in the GDPR)
The data processing controller on this website is:
OXO Translational Science GmbH
Vor dem Schlosstor 9
39164 Stadt Wanzleben – Börde
Germany
Phone: +49 39209 69390
Telefax: +49 39209 693929
Email: info@oxots.de
The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g., names, email addresses, etc.).
Storage duration
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
General information on the legal basis for the data processing on this website
If you have consented to data processing, we process your personal data on the basis of Article 6 Paragraph 1 Letter a Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR) or Article 9 Paragraph 2 Letter a Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR), if special categories of data are processed according to Article 9 Paragraph 1 Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR). In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Article 49 Paragraph 1 Letter a Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR). If you have consented to the storage of HTTP cookies or to the access to information in your end device (e.g., via device fingerprinting), the data processing is additionally based on Section 25 Paragraph 1 Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei Telemedien (Telekommunikation-Telemedien-Datenschutz-Gesetz, Telecommunications-Telemedia Data Protection Act, TTDSG). The consent can be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. Article 6 Paragraph 1 Letter b Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR). Furthermore, if your data is required for the fulfillment of a legal obligation, we process it on the basis of Article 6 Paragraph 1 Letter c Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR). Furthermore, the data processing may be carried out on the basis of our legitimate interest according to Article 6 Paragraph 1 Letter f Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR). Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.
Revocation of your consent to the processing of data
A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.
Right to object to the collection of data in special cases; right to object to direct advertising (Article 21 Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR))
In the event that data are processed on the basis of Article 6 Paragraph 1 Letter e or f Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR)you have the right to at any time object to the processing of your personal data based on grounds arising from your unique situation. This also applies to any profiling based on these provisions. To determine the legal basis, on which any processing of data is based, please consult this data protection declaration. If you log an objection, we will no longer process your affected personal data, unless we are in a position to present compelling protection worthy grounds for the processing of your data, that outweigh your interests, rights and freedoms or if the purpose of the processing is the claiming, exercising or defence of legal entitlements (objection pursuant to Article 21 Paragraph 1 Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR)).
If your personal data is being processed in order to engage in direct advertising, you have the right to object to the processing of your affected personal data for the purposes of such advertising at any time. This also applies to profiling to the extent that it is affiliated with such direct advertising. If you object, your personal data will subsequently no longer be used for direct advertising purposes (Article 21 Paragraph 2 Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR)).
Right to log a complaint with the competent supervisory agency
In the event of violations of the Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR), data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.
Right to data portability
You have the right to demand that we hand over any data we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.
Data transmission on the Internet/TLS encryption
For security reasons and to protect the transmission of confidential content, such as requests that you send to us as the website operator, this site uses the widely used TLS procedure (Transport Layer Security) in conjunction with the highest encryption level (so-called cipher suite) that is supported by your browser. You can recognize an encrypted connection by the closed representation of the lock symbol in the URL line of your browser.
In addition, we use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. The security measures we take are continuously improved in line with technological developments. The measures include, among others:
- Encryption via HTTPSon the basis of modern cipher suites(TLS 1.3/TLS 1.2 with AEAD, PFSand 384-Bit-ECDSA-Certificate)
- X-XSS-Protectionand Content-Security-Policy (CSP) for protection against Cross-site scripting
- X-Frame-Optionsfor protection against Clickjacking
- Permissions Policy
- Complete abandonment of HTTP cookies
- Modern safety features such as DNSSEC, OCSP staplingand CAA
- Use of up-to-date HTTP security headers such as HSTS, Expect-CTand Referrer-Policy
Information about, rectification and eradication of data
Within the scope of the applicable statutory provisions, you have the right to at any time demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time.
Right to demand processing restrictions
You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:
- In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
- If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the eradication of this data.
- If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
- If you have raised an objection pursuant to Article 21 Paragraph 1 Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR) , your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data – with the exception of their archiving – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.
Recording of data on this website
Server log files
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
These are:
- Domainthat is called: oxots.com
- IP address of the requesting computer: 192.168.10.10
- Date and time of access and the time zone difference from Greenwich Mean Time (GMT): 09/Jul/2020:20:19:12 +0200
- HTTP request message: GET
- URLthat is called: /en/contact/
- HTTP protocol version: HTTP/2.0
- HTTP status code: 200
- Website from which the access is made (Referrer): https://oxots.com/en/contact/
- Browser type, browser version and operating system used (if applicable) (User agent): Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
This data is not merged with other data sources.
This data is recorded on the basis of Article 6 Paragraph 1 Letter f Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR). We, as the website operator, have a legitimate interest in the technically error-free presentation and optimization of our website - for this purpose, the server log files must be collected. In no case do we use the collected data for the purpose of drawing conclusions about your person.
Request via phone
If you contact us by phone, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.
These data are processed on the basis of Article 6 Paragraph 1 Letter b Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR)if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Article 6 Paragraph 1 Letter f Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR)) or on the basis of your consent (Article 6 Paragraph 1 Letter a Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR)) if it has been obtained; the consent can be revoked at any time.
The data sent by you to us via phone remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Request via email
If you contact us by email, your request, including all resulting personal data (email, name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.
These data are processed on the basis of Article 6 Paragraph 1 Letter b Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR), if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Article 6 Paragraph 1 Letter f Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR)) or on the basis of your consent (Article 6 Paragraph 1 Letter a Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR)) if it has been obtained; the consent can be revoked at any time.
The data sent by you to us via email remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Request via contact form
If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us in order to handle your inquiry and in the event that we have further questions. At the time of sending your message, the following data will also be stored:
- IP address
- Date and time of dispatch
- Consent to the item "I have taken note of the privacy policy."
For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy.
We will not share this information without your consent.
These data are processed on the basis of Article 6 Paragraph 1 Letter b Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR) if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Article 6 Paragraph 1 Letter f Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR)) or on the basis of your consent (Article 6 Paragraph 1 Letter a Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR)) if it has been obtained; the consent can be revoked at any time.
The data sent by you to us via contact form remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Analysis tool
Umami
This website uses as an analysis tool the open source software Umami. Umami uses technologies that allow analyzing the behavior of website visitors. HTTP cookiesare not used in this process. Unlike other widely used web analytics tools such as Google Analytics, this data is not stored on the service provider's web servers in third countries, where it would be beyond our control. The information collected by Umami about the use of this website is stored only on our own server. The metrics that are calculated or information that is stored include:
- Views: How many pages were opened/viewed on our website
- Visitors: How many website visitors there were on our website
- Bounce rate: The percentage of website visitors who have left this website after only one website visit.
- Average visit time: How long website visitors stay on this website
- Popularity: The relative popularity of all pages on this site
- Referrers: The links that the website visitors followed to get to this website
- Browser: The browser of the website visitors (derived from the User agent)
- Operating system: The operating system of the website visitors (derived from the User agent)
- Device type: Whether website visitors are using a desktop, tablet or phone (derived from the User agent)
- Geographical location: General location (country) of the website visitors (derived from the IP address)
- Events: Which buttons were clicked on our website
The results of this analysis are available in statistical form at the end and are anonymous. The IP address is used exclusively for the determination of the country and is not stored. The information collected by Umami about the use of this website is not shared with third parties.
The use of this analysis tool is in the interest of anonymized analysis of user behavior in order to optimize our website and our offer. This constitutes a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Article 6 Paragraph 1 Letter a Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR) and Section 25 Paragraph 1 Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei Telemedien (Telekommunikation-Telemedien-Datenschutz-Gesetz, Telecommunications-Telemedia Data Protection Act, TTDSG), insofar the consent includes the storage of HTTP cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei Telemedien (Telekommunikation-Telemedien-Datenschutz-Gesetz, Telecommunications-Telemedia Data Protection Act, TTDSG). This consent can be revoked at any time.
However, the tracking measures are only used after weighing the interests of website visitors who do not send the browser feature „Do Not Track" (DNT) or have consented directly to the measure. If you do not want your visits to our website to be tracked, you can enable the "Do Not Track" option in your browser and Umami will not collect any data from you. An overview of how to enable "Do Not Track" in different browsers can be found below:
Plugins and tools
OpenStreetMap
We are using the mapping service provided by OpenStreetMap (OSM).
We integrate OpenStreetMap on our own (tile) server. When calling up the map material, there is consequently no connection to the servers of third parties.
We use OpenStreetMap with the objective of ensuring the attractive presentation of our online offers and to make it easy for visitors to find the locations we specify on our website. This establishes legitimate grounds as defined in Article 6 Paragraph 1 Letter f Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Article 6 Paragraph 1 Letter a Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR) and Section 25 Paragraph 1 Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei Telemedien (Telekommunikation-Telemedien-Datenschutz-Gesetz, Telecommunications-Telemedia Data Protection Act, TTDSG), insofar the consent includes the storage of HTTP cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei Telemedien (Telekommunikation-Telemedien-Datenschutz-Gesetz, Telecommunications-Telemedia Data Protection Act, TTDSG). This consent can be revoked at any time.
Our social media appearances
Data processing through social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered.
In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via HTTP cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.
Legal basis
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR). The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Article 6 Paragraph 1 Letter a Datenschutz-Grundverordnung (DSGVO, General Data Protection Regulation, GDPR)).
Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g., Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
Storage duration
The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored HTTP cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.
We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).
Individual social networks
We have a profile on Facebook. The provider of this service is
Meta Platforms Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland
(hereinafter Meta).
According to Meta’s statement the collected data will also be transferred to the USA and to other third-party countries.
We have signed an agreement with Meta on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Meta are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link:
https://www.facebook.com/legal/terms/page_controller_addendum
You can customize your advertising settings independently in your user account. Click on the following link and log in:
https://www.facebook.com/settings?tab=ads
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://www.facebook.com/help/566994660333381
Details can be found in the Facebook privacy policy:
https://www.facebook.com/privacy/policyWe use the short message service Twitter. The provider is
Twitter International Company
One Cumberland Place, Fenian Street
Dublin 2 D02 AX07
Ireland
You can customize your Twitter privacy settings in your user account. Click on the following link and log in:
https://twitter.com/personalization
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://gdpr.twitter.com/en/controller-to-controller-transfers.html
For details, see the Twitter Privacy Policy:
https://twitter.com/de/privacy
We have a profile on Instagram. The provider of this service is
Meta Platforms Ireland Limited
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://help.instagram.com/519522125107875
https://www.facebook.com/help/566994660333381
For details on how they handle your personal information, see the Instagram Privacy Policy:
https://help.instagram.com/519522125107875
We have a profile on XING. The provider is
New Work SE
Dammtorstr. 30
20354 Hamburg
Germany
Details on their handling of your personal data can be found in the XING Privacy Policy:
https://privacy.xing.com/en/privacy-policy
We have a LinkedIn profile. The provider is the
LinkedIn Ireland Unlimited Company
Wilton Plaza, Wilton Place
Dublin 2
Ireland
LinkedIn uses advertising cookies.
If you want to disable LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://www.linkedin.com/legal/l/dpa
https://www.linkedin.com/legal/l/eu-sccs
For details on how they handle your personal information, please refer to LinkedIn's privacy policy:
https://www.linkedin.com/legal/privacy-policy
YouTube
We have a profile on YouTube. The provider is
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland
Details on how they handle your personal data can be found in the YouTube privacy policy:
https://policies.google.com/privacy?hl=de
Effective: April 29, 2023