GDPR Privacy Notice

STARLIMS CORPORATION, based in the United States, is the parent organization of several subsidiaries in the European Union and elsewhere.  This privacy policy will use the name STARLIMS to refer to the parent company and all subsidiaries, and will explain how we use the personal data we collect from you.

This GDPR Privacy Notice relates to the personal data of persons in the European Union, the United Kingdom, Switzerland, or any jurisdiction that follows EU Regulation 2016/679, the General Data Protection Regulation (“GDPR”).

Topics:

  • What data do we collect?
  • How do we collect your data?
  • How will we use your data?
  • How will your data be disclosed?
  • How do we store and delete your data?
  • Marketing
  • What are your data protection rights?
  • What are cookies?
  • How do we use cookies?
  • What types of cookies do we use?
  • How to manage your cookies
  • Privacy policies of other websites
  • Changes to our privacy policy
  • How to contact us
  • How to contact the appropriate authorities

What data do we collect?

STARLIMS collects the following data:

  • Laboratory-testing information related to specific individuals that our customers have collected with the consent of those individuals.
  • Personal identification information related to employees of our customers or potential customers (which may include name, job title, work email address, work phone number, information related to the devices you use on behalf of your employer, etc.).

The legal basis for the processing of this data is found under Article 6(1)(f) of the GDPR: such processing is necessary for the purposes of the legitimate interests pursued by the data controller.

How do we collect your data?

If you are an employee of our customer, we obtain the data we collect about you either from your employer or directly from you. We collect and process such data when:

  • Your employer provides us with your work-related information so that we may provide your employer with our services.
  • You contact our Help Desk for support.
  • You interact with us for product research and development.
  • You use or view our website via your browser’s cookies.
  • You respond to any survey or other questionnaire we ask you to complete.

If you are an employee of a potential customer, we may collect your information through typical business outreach initiatives, such as social networking, attending industry events, speaker programs, etc.

When you use our websites, the following categories of personal data are collected, stored and processed by us:

  • “Log data” – When you visit our websites, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:
    • the page from which the page was requested (so-called referrer URL).
    • the name and URL of the requested page
    • the date and time of the call
    • the description of the type, language and version of the web browser used.
    • the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.
    • the amount of data transferred
    • the operating system
    • the message whether the call was successful (access status/http status code).
    • the GMT time zone difference

The processing of the log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection; the legal basis is Art. 6, para. 1 (f) GDPR.

  • “Contact form data” – When contact forms are used, the data transmitted through them are processed (e.g. gender, surname and first name, address, company, e-mail address and the time of transmission).

Contact form data is processed for the purpose of handling customer inquiries; the legal basis is Art. 6 para. 1 p. 1 lit. b or lit. f GDPR.

  • “Newsletter subscription” – If you subscribe to our newsletter, we will inform you about current developments in our company. If you subscribe to our newsletter, the following “newsletter data” will be collected, stored and processed by us:
    • the page from which the page was requested (so-called referrer URL).
    • the date and time of the call
    • the description of the type of the used web browser
    • the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.
    • the e-mail address
    • the date and time of registration and confirmation

The newsletter data is processed for the purpose of sending the newsletter. When registering for our newsletter, you consent to the processing of your personal data; the legal basis is Art. 6 (1) of GDPR. For the registration to our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by e-mail to [email protected] or by sending a message to the contact details given in the imprint.

How will we use your data?

We provide a Software-as-a-Service laboratory information management solution that our customers use to manage their laboratory-related data.  If you are an individual whose laboratory-testing data has been collected by a STARLIMS customer, we may host that data in a cloud-based, online environment.  Alternatively, the customer may host the data on their own server, and use our SaaS solution to process that data.  Except for very infrequent access at customer request by Development or other support personnel, we rarely ever access this laboratory-related data. 

STARLIMS may process your data so that we can:

  • Provide our services to your employer.
  • Respond to your requests for support.
  • Analyze your responses to surveys or questionnaires.
  • Create anonymized data for analytics purposes.
  • Conduct marketing or respond to your outreach.
  • Fulfill legal obligations.

Our processing is performed pursuant to Art. 6 of GDPR.

For the processing of our business transactions, we may use external service providers, so-called processors (e.g. in the area of IT or marketing). These are only active according to our instructions, have been conscientiously selected by us and are contractually obligated to comply with the provisions of data protection within the meaning of Art. 28 GDPR.

In addition, we may be subject to a legal or statutory obligation to provide the lawfully processed personal data to third parties, in particular public bodies. (Art. 6 para. 1(c) GDPR)

Your data may also be disclosed to third parties located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively for the fulfillment of contractual and business obligations and for the maintenance of your business relationship with us. We will inform you about the respective details of the transfer in the following at the relevant points.

The third-party service providers with whom we may share your data include:

  • Amazon Web Services (cloud-based data hosting)
  • SalesForce (for marketing and surveys)
  • Satmetrics  by Nice Software (for surveys)
  • Others we may contract with in the future

Some third countries are certified by the European Commission as having a level of data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be obtained here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please contact our data protection officer if you would like more information on this.

We do not undertake or otherwise subject your personal information to any automatic decision-making process (including profiling).

How do we store and delete your data?

STARLIMS securely stores the data about you in a cloud-based environment hosted within the European Union, using industry-leading privacy and security protocols. STARLIMS always maintains cloud-based customer databases in an individual cloud, and never co-hosts data from multiple employers in a shared cloud. 

To maximize the security of your employment-related personal information, a STARLIMS employee’s access to that data must be approved by: (1) your employer; (2) our data protection officer; and (3) the employee’s manager.  Moreover, approved STARLIMS employees only have read-only access, and service or Development personnel typically only receive screen shots or VPN and generally have no access to the actual database. 

If you contact our Help Desk or interact with us for product research and development, we may securely store information related to you in a cloud-based environment hosted within the European Union or the United States.  The security protocols for such data are the same as stated above for other employer-based data.

By contacting our Help Desk or interacting with us for product research and development, you are consenting to our processing of your personal information within the European Union or the United States.

If you respond to a survey or questionnaire, our service providers will store information about you in a cloud-based environment in the United States.  For access to data from non-employer surveys, the security protocols are similar to those described above, except your employer does not have an approval role.

By responding to a survey or questionnaire, you are consenting to our processing of your personal information within the United States.

STARLIMS will keep the data we receive about you from your employer, or from you in regard to contacting our Help Desk or interacting for product research and development, according to the terms we establish with your employer, which is typically six (6) years.  Marketing-related information will be deleted after six (6) years, or once no longer relevant, if sooner.  Once this time period has expired, we will delete your data by electronic deletion from all servers, and if requested by your employer, we will provide that employer with an archive of that data.

Marketing and Surveys

STARLIMS may contact you in your role as an employee of a potential customer to market our services.  You may opt-out of receiving such marketing outreach. 

STARLIMS may also contact you to invite you to partake in surveys.  If these surveys are not on behalf of your employer, you do not have to participate.  If you have agreed to participate in non-employer surveys, you may always opt out at a later date.

You have the right at any time to stop STARLIMS from contacting you in regard to marketing non-employer surveys, or from giving the information we receive from you in regard to such surveys to any other entity.

If you no longer wish to be contacted in regard to marketing or non-employer surveys, please contact us at the contact information below.

What are your data protection rights?

STARLIMS would like to make sure you are fully aware of all of your data protection rights. You are entitled to the following:

The Right to be Informed – You have the right to be informed as to how a Controller processes your personal data.  This GDPR Privacy Notice provides such information.

The right to access – You have the right to request STARLIMS for copies of your personal data. We may charge you a small fee for this service. (Art. 15 GDPR)

The right to rectification – You have the right to request that STARLIMS correct any information you believe is inaccurate. You also have the right to request STARLIMS to complete the information you believe is incomplete. (Art. 16 GDPR)

The right to deletion – You have the right to request that STARLIMS erase your personal data, and we will comply with such a request.  (Art. 17 GDPR)

The right to restrict processing – You have the right to request that STARLIMS restrict the processing of your personal data, and we will comply with such a request.  (Art. 18 GDPR)

The right to object to processing – You have the right to object to STARLIMS’s processing of your personal data, and we will comply with such a request.  (Art. 21 GDPR)

The right to data portability – You have the right to request that STARLIMS transfer the data that we have collected to another organization, or directly to you, and we will comply with such a request.  (Art. 20 GDPR)

The right to revoke – You have the right to revoke any authorization you have previously provided, and we will comply with such a request and cease further processing.  (Art. 7 (3) GDPR)

The right to appeal to a supervisory authority  – You have the right to appeal any decision regarding your personal information rights made by STARLIMS to the supervisory authority of your usual place of residence or workplace.  (Art. 77 GDPR)

If you make any of the above requests, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at the contact information below.

Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology

For further information, visit www.allaboutcookies.org.

For a complete list of the cookies we currently use, click HERE.

How do we use cookies?

STARLIMS uses cookies in a range of ways to improve your experience on our website, including:

  • Getting information about the traffic on our website
  • Providing you with essential functionalities of our website
  • Tracking your browsing behavior
  • Tracking your engagement with social services
  • Collecting information about how users use our website
  • Remembering your preferences for our website

What types of cookies do we use?

We use the following types of cookies:

  • Essential
  • Preferences
  • Analytics

Essential cookies

We always use the essential cookies. They allow us to provide you with the essential features of our website, such as website navigation or logging in the secured areas. Using them is in your best interest, hence all the applicable personal data protection laws allow us to use them freely.           

We use other types of cookies only with your prior explicit consent. (Art. 6 (1) GDPR). In addition, we will only share your personal information gathered through cookies with third parties if you have given your explicit consent to do so. (Art. 6 (1) GDPR). If you give us consent to store them on your computer, we do so. If you don’t consent to their use, we don’t use them. It’s that simple.

We don’t discriminate against users based on consent. Your consent applies to the following domains: https://www.starlims.com.

Preferences cookies

These cookies allow our website to remember your preferences for using it, such as your login details, preferred language, and other customizable details.

Analytics cookies

Analytics cookies provide us with information about the traffic and users’ behavior on our website. This includes the number of visitors, number of clicks to pages, and others. Most often, the data these cookies collect is anonymous.

However, in some cases, the data may be related to a pseudonymous identifier that may be related to your device. That may possibly make you identifiable and that’s why we ask you for consent before using analytics cookies.

How to manage cookies

You can set your browser not to accept cookies, and the website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

Privacy policies of other websites

The STARLIMS website may contain links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

Changes to our privacy policy

STARLIMS keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on July 20, 2022.

How to contact us

If you have any questions about STARLIMS’s privacy policy or the data we process on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Privacy Office
STARLIMS Corporation

4000 Hollywood Boulevard

Suite 333

Hollywood, FL, 33021

Attn: Judith Dolgin

Telephone: 954.964.8663

E-Mail: [email protected]

EU-based Contact:

Name: Kerstin Kiefer (Datenschutzbeauftragte)
Telefon: 068316985116
E-Mail: [email protected]

How to contact the appropriate authority

Should you wish to report a complaint or if you feel that STARLIMS has not addressed your concern in a satisfactory manner, you may contact the Supervisory Authority in your jurisdiction, or the Information Commissioner’s Office as follows:

Postal address:     Rue Wiertz 60, B-1047 Brussels

Office address:      Rue Montoyer 30, B-1000 Brussels

Telephone:              +32 2 283 19 00

Email:                       [email protected]

Website:                  www.edps.europa.eu