§ 1 Introduction 
BioStock respects your privacy and is committed to protecting your personal data. We would therefore like to familiarise you with how we collect, use and pass on personal data. In this Privacy Policy, we will explain how we handle personal data that we or our service providers process through your interactions with us or them, including through your use of our website or similar environments, such as mobile websites or apps, that are operated and maintained by us and from which you can access this Privacy Policy (jointly called the “website”). 
In this Privacy Policy, references to “BioStock”, “we”, “us”, or “our” refers to BioStock AB, responsible for processing your data. 
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.  

§ 2 Data Protection Coordination 
The Data Protection Coordinators at BioStock can be contacted at​ [email protected] 

§ 3 Principles and Purposes of Processing Personal Data 
Personal data is information relating to an identified or identifiable natural person. This may include information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior. It does not include data where the identity has been removed (anonymous data).  

We use personal data about you: 
· to answer your enquiries and meet your requests, for instance to send you requested information. 
· to send you important information about our business relationship with you, about our terms of business or use and/or to send you other information related to processing of your data. 
· to promote our business interests, for example for data analysis, for checks, for the development of new products and services, to improve our interactions with you, to enhance our website, to personalise your use of our website, by presenting you with products and offers tailored to you, as well as to identify the effectiveness of our advertising campaigns. In this respect, we adhere strictly to legal stipulations and as far as possible only use anonymised data, which does not allow inferences to be made about you as an individual.  

The law may provide separate preconditions for the individual uses of data. 
· to operate use-based online information; more information on this can be found under cookie information. 
We will only use your personal data when the law or you allow us to.  

§ 4 How Your Data is Collected 
We use different methods to collect data from and about you including through: 
· Direct Interactions: You may give us your data by filling in forms, applying for jobs with us, or by corresponding with us by post, phone, email or otherwise. This may include personal data you provide when you purchase or use our products, subscribe to our services or publications, request marketing to be sent to you, enter a competition, promotion or survey or provide us with feedback. 
· Automated technologies or interactions: As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and similar technologies. Please see the section on cookies in this Privacy Policy below for further details. 
· Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources.  

§ 5 Our Legal Basis for Using your Data 
We must have a valid basis for using your personal information and we may not collect, store or use information other than as described in this policy. There are four ways we may have a valid basis for using your personal information: 
· Fulfilling the contract: The information we collect from you may be necessary to allow us to fulfil our contract with you or to enter into a contract with you. 
· Consent: You may provide your consent for us to contact you or to collect your information for example, by consenting to the use of cookies on our website. If you have given consent to our use of your personal information, you are entitled to withdraw this consent at any time. 
· Legitimate interest: We may also have a legitimate interest in using your personal information, for example to ensure that the content on our website is presented to you and your computer as effectively as possible. If this is our reason for using your personal information, we must make sure that our interests do not override yours and you can object to this use of your personal information. 
· Legal obligation: Lastly, we may have a legal obligation to use your personal information in certain ways or to protect your interests, for example we may exchange information with other companies and organisations for the purposes of fraud protection and credit risk reduction.  

§ 6 Data Retention 
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, as well as the applicable legal requirements.  

§ 7 Website Cookies 
1. Scope and Purpose of the Processing 
Cookies: We use so-called cookies in some areas of our website, e.g. to recognise the preferences of visitors and to be able to design the website accordingly. This facilitates navigation and a high degree of user-friendliness of a website. Cookies also help us to identify particularly popular areas of our website. Cookies are small files that are stored on a visitor’s hard drive. They allow information to be stored for a certain period of time and to identify the visitor’s computer. For better user guidance and individual service presentation, we use permanent cookies. We also use so-called session cookies, which are automatically deleted when you close your browser. You can set your browser to refuse all or some browser cookies or so that it informs you about the placement of cookies. This makes the use of cookies transparent for you.  

Important: If you completely exclude the use of cookies, you may not be able to use certain functions of our website. We may use the following four categories of cookies on our website: · Necessary Cookies 
· Performance Cookies 
· Functionality / personalisation Cookies 
· Targeting Cookies. Various types of cookies are used on our website, the type and function are explained as follows:  

2. Categories of Cookies 
Necessary cookies: These cookies are necessary so that you can move around the website and use its functions, for example when accessing password-protected areas. Without these cookies, we cannot provide you with certain services you have requested. We use cookies to uniquely identify registered users so that they can be identified during their stay and when they return to the website. 
Performance cookies: These cookies collect information about how visitors use a website, for example, which pages they visit most frequently and whether they receive error messages from websites. These cookies do not collect any data that can be used to identify visitors. All information collected with the help of these cookies is anonymous and serves exclusively to improve the functionality and service of the website. We therefore use performance cookies to generate statistics on how our website is used and to see how effective our advertising campaigns are. 
Functionality / personalisation cookies: These cookies allow websites to remember a visitor’s previous information (e.g. user name, language or selected market) in order to offer optimised features tailored to the visitor. For example, a website can provide you with up-to-date information about your market by storing your current location in a cookie. These cookies also serve to maintain the settings you make on the website (e.g. font or font size and other user-adjustable options). They are also used to provide services you have requested, for example when you want to watch a video. These cookies are not able to track your browser activity on other websites. They do not collect any information about you that can be used for  

advertising purposes and cannot trace where you were on the Internet outside our website. We therefore use functionality/personalisation cookies to recognise you the next time you visit our website and to personalise content and save your settings (for example, your preferred market). Targeting Cookies: These cookies are used to tailor advertising even more specifically to you and your interests. They also serve to limit how often you see an advert, measure the effectiveness of an advertising campaign and understand people’s behaviour after viewing an advert. Targeting cookies are usually placed on the pages of advertising networks with the consent of the website operator. You recognise that the user has visited a website and pass this information on to other companies, e.g. advertising companies. They are often linked to a website functionality provided by this company. We therefore use targeting cookies to link to social networks that may then use the information about your visit to tailor advertising on other websites to you and to provide the advertising networks we use with information about your visit so that, based on your browsing behaviour, you can later be presented with the advertising that you may be interested in.  

3. Browser Settings 
Most browsers are already set to accept cookies by default. However, you can change your browser settings so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if cookies are disabled by your browser settings on our website. 
You can also use your browser settings to delete cookies already stored in your browser. Furthermore, it is possible to set your browser so that it informs you before cookies are stored. Since the different browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the setting options. 
If you would like a comprehensive overview of all third-party access to your Internet browser, we recommend that you install specially developed plug-ins.  

4. Passive processing via our website e.g. Tracking Tools (where applicable) 
If you use this website, specific personal data can be processed in a passive way using various technologies, i.e. without you expressly entering it. Such passive information gathering primarily takes place in the following cases and for the following data: 
Information from your browser: Specific information is typically processed by browsers and passed on automatically, such as your MAC address (unique device designation), the screen resolution, your operating system (Windows, Apple, Android), the version of your operating system, as well as the type and version of your internet browser. 
Your IP address: Your IP address is a combination of figures issued automatically to the computer used by you or by your internet provider. An IP address is automatically processed in the log files of our web server when a user calls up our website. Communication between the web server and the visitor’s computer is not possible without the IP address. If we log and store the visiting time on our websites under the IP address, the IP address is anonymised to rule out any reference to you by us. 
Device information: We would like to point out that under certain circumstances and in the case of mobile terminals we process the unique device number (IMEI) – like the MAC address for  

computers. However, such processing only occurs when it is required to provide the respective requested service. 
Website analysis: Technologies for website analysis are used with our website. Using this technology, data is saved and processed for marketing and optimisation purposes. The personal data required for this is also processed using cookies. In this regard, please be aware of our cookie information, detailed above.  

This website may use Google Analytics, a web-analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files saved on your computer that facilitate an analysis of your use of the website. The personal data generated by the cookie on your use of this website is generally transferred to a Google server in the USA and saved there. In the case of activated IP anonymisation on this website, your IP address will, however, be abbreviated in advance by Google within Member States of the European Union or in other signatory countries to the Treaty on the European Economic Area.  

Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there. On the orders of the operator of this website, Google will use this personal data to analyse your use of the website, to compile reports on website activities, and to provide further services for the website operator associated with website use and internet use. The IP address passed on by your browser within the scope of Google Analytics will not be merged with other Google data. You can prevent the saving of cookies through a relevant setting in your browser software; however, we would like to point out that in this case you may not be able to make full use of all the functions of this website. You can countermand the collection and storage of data by Google Analytics at any time with future effect. You can prevent the processing of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in (deactivation add-on) from  

§ 8 Access to Sections of the Website Restricted to Professional Groups (if applicable) 
Whilst some of the web pages and functions provided by BioStock can be visited and used without personal registration, some pages are only open to specific groups of people and therefore may require registration. BioStock may only make certain information about sponsorship opportunities accessible if you belong to so-called professional groups. Please be aware that the information we offer you on our website through our services that require registration is of a general type. Against this background, we may offer members of the relevant professional groups the opportunity to register for the closed section of our website in order to be able to retrieve the information about our services described above. Access to these closed sections takes place either through direct registration with BioStock – in this case, you will receive a password from us that allows you to visit this section.  

§ 9 Third Party Websites 
This Privacy Policy does not affect any third-party websites, even if there is a reference or link to these third-party websites. We do not endorse the content of such third-party websites. The same applies accordingly for graphic elements such as banners or shortcuts that when clicked on take you to another website. For these third-party websites, please go to the websites of the  

respective provider to find out how they handle your data. When you leave our website, we encourage you to read the privacy notice of every website you visit.  

§ 10 Third Parties and the Processing of your Personal Data 
If necessary and legally allowed, we may pass your personal data to the following third parties: 
· Any companies that form part of the BioStock concern, but only for the purposes identified in this Privacy Policy and within the scope of permitted transfers. However, we remain fully responsible for the handling of personal data for shared use. 
· Our business partners, with whom we offer advertising using shared brands and joint marketing. A precondition for this is that the law or your consent permits such a transfer. In addition, the business partners are contractually obliged to only use the personal data according to our specifications before the personal data is transferred. 
· Service providers who provide services such as website hosting and moderation, the processing of your reviews of products and services, the provision of call center services, the hosting of mobile applications, data analysis, payment handling, order handling, infrastructure provision, IT services, customer services, delivery services for e-mails and direct advertising, credit-card settlements and audits, in order to carry out these services. Here, too, the contractual partners are accordingly bound by our contract to the stipulations under data-protection law. 
· Third parties in the case of reorganisations, mergers, sales, joint ventures, transfers or other disposals regarding our entire company or our entire assets or shares and/or parts thereof (for example, in association with insolvency or similar proceedings), if legally allowed. 
Apart from that, we will only pass on your personal data to third parties if: 
· you have given your express consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR, 
· it is legally permissible and necessary for the fulfilment of a contractual relationship with you pursuant to Art. 6 (1) sentence 1 lit. b GDPR, 
· there is a legal obligation to pass on the data in accordance with Art. 6 (1) sentence 1 lit. c GDPR, 
· the disclosure pursuant to Art. 6 (1) sentence 1 lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.  

§ 11 Your Rights as a Data Subject 
If your personal data are processed, you are a data subject within the meaning of the General Data Protection Regulation (GDPR) and the following rights apply to you: 
· Pursuant to Art. 15 GDPR you can request information about your personal data processed by us. In particular, you may obtain information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the right to lodge a complaint with a supervisory authority, the origin of your data, (if not collected from us), about transfer to third countries or international organisations, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about the logic involved.  

· Pursuant to Art. 16 GDPR you can immediately demand the correction of incorrect data or the completion of your personal data stored with us. 
· Pursuant to Art. 17 GDPR, you may request the deletion of your personal data stored by us, provided that the processing is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.  

· In accordance with Art. 18 GDPR, you have the right to obtain from the controller restriction of processing if you dispute the accuracy of the personal data is contested, the processing is unlawful, we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims. You also have the right according to Art. 18 GDPR if you have filed an objection against the processing in accordance with Art. 21 GDPR.  

· Pursuant to Art. 20 GDPR, you have the right to receive the personal data provided by you to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. 
· Pursuant to Art. 7 para. 3 GDPR you can withdraw your consent at any time. As a consequence, we are no longer allowed to continue the data processing based on this consent for the future.  

· Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. Usually you can contact the supervisory authority of your habitual residence, your place of work or our company headquarters. 
You can exercise these rights by contacting BioStock as detailed below.  

§ 12 Your Right to Object 
When processing of your personal data is based on legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have – as already mentioned above – the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons arising from your particular situation. 
Please send your objection by email to​ [email protected] 

§ 13 Cross-border Transfer 
Your data can be saved and processed in any country. A precondition for the transfer is that the permissibility of both the transfer and receipt is guaranteed by the legal requirements in the country of the third-party transfer. To this end, standard contractual clauses of the European Commission are used. In this way, we have taken precautions so that there is a level of data protection that corresponds to EU law when the recipient receives your data.  

§ 14 Data Security and Security Measures 
We commit ourselves to protecting your privacy and to treat your personal data confidentially. In order to prevent manipulation, loss or misuse of your data stored with us, we take extensive technical and organisational measures, which are regularly checked and adapted to technological progress. However, we would like to point out that due to the structure of the internet, it is possible that the rules of data protection and the above mentioned security measures may not be observed by other persons or institutions for which we are not responsible. In particular, unencrypted data – e.g. if this is done by e-mail – can be read by third parties. We have no technical influence on this. It is the responsibility of the user to protect the data provided by him against misuse by encryption or in any other way. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.  

§ 15 Changes to this Privacy Policy 
We may modify this Privacy Policy without notice and you should therefore periodically visit this page to be sure that you have read our most current Privacy Policy to ensure that you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.  

§ 16 Contact 
If you have any questions regarding this Privacy Policy please contact your Data Protection Coordinator at ​[email protected]