We take data protection and information security very seriously. The effective management of all personal data, including security and confidentiality, is the heart of our business and naturally underpins our practices and processes.
This privacy notice informs you about the type, scope and purpose of the processing of personal data we collect, use and process as a part of our website and its functions and content as well as our external online presences (the “Services”).
This notice applies to you, the User of our Services and us the provider of the Services and governs the processing of your personal data in context of our Services and business.
This Policy last updated on June 11, 2021.
Name and contact details of the responsible person:
4-5 Z.A.E Le Triangle Vert, L-5691 Ellange
(hereafter referred to “BIOROCK“,”we” or “us”)
BIOROCK proceeds with all data processing procedures (e.g. collection, processing and transmission) in accordance with the statutory provisions of the Luxembourg’s National commission for Data Protection, in line with Regulation (EU) 2016/679 (General Data Protection Regulation). The following provides you with an overview of the type of data collected and how it is used and passed on, the security measures BIOROCK takes to protect your data and how you can exercise your rights.
Data Subject Rights
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on each right la Commission Nationale pour la Protection des Données du Luxembourg (CNPD) website and you can simply follow the links provided to learn more.
Right to information: You can request information from us as to whether and to what extent we process your data.
Right to rectification: If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to erasure: You may request that we erase your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations. Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.
Right to restriction of processing: You may request us to restrict the processing of your data if you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data, the processing of the data is unlawful, but you object to erasure and request restriction of data use instead, we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
you have objected to the processing of the data.
Right to data portability: You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and this processing is carried out with the aid of automated procedures. If technically feasible, you may request us to transfer your data directly to another controller.
Right to object: If we process your data for legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defense of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
Right of complaint: If you are of the opinion that we violate Irish or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision. If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the CNPD, their contact details can be found on their website.
Please direct all requests for information, requests for information or objections to data processing to us.
Collection, use and storage of personal data
When you use the online offer, BIOROCK collects different data from you, partly also so-called personal data. This is information that relates to an identified or identifiable natural person (hereinafter "data subject").
Visiting the BIOROCK website in general
When visiting BIOROCK website, you transmit data to our web server (due to technical necessity) via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:
For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data.
The legal basis for the storage is Article 6 lit. f) GDPR.
Further personal information is only collected if you provide it voluntarily, for example in the context of an enquiry or registration. Depending on the area concerned, BIOROCK uses the personal data provided by you to answer your enquiries, to process your order and for the purpose of technical administration of the websites. In detail, the use in the respective areas follows as follows:
If you contact us, the data you provide will be stored so that your message can be forwarded to the correct contact person. This is done in accordance with Article 6 lit. b) GDPR to process your request. Your data provided via a contact form will not be used for any other purposes, in particular not for advertising.
Disclosure and deletion of personal data
Visiting the BIOROCK website
The data stored during the mere visit of the BIOROCK website will not be passed on to third parties.
All your data collected on the BIOROCK website for the purpose of market research will be used exclusively for BIOROCK internal purposes and will not be passed on to third parties. They will be deleted when their knowledge is no longer necessary for market research.
Transfer to authorities and other public bodies
Your data will only be disclosed to third parties outside the BIOROCK if the responsible public authority or governmental institution orders the disclosure in an individual case, in which case BIOROCK is obliged to do so.
General technical organisational measures
The BIOROCK website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only employees who need the information to perform a specific job are granted access to personally identifiable information. These employees are trained in security and privacy practices and treat your information confidentially.
Online presence in social media
We maintain online presences within social media on the basis of our legitimate interests as defined in Art. 6 para. 1 lit. f. GDPR, we maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g., write posts on our online presences or send us messages.
Automated Decision Making and profiling
Automated decision making is not used at BIOROCK.
No special categories data is processed.
Our Service is not intended for children and we do not knowingly collect data relating to children.
The Supervisory Authority
The la Commission Nationale pour la Protection des Données du Luxembourg (CNPD) is for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the CNPD. We would, however, appreciate the chance to deal with your concerns before you approach the CNPD so please contact us at firstname.lastname@example.org in the first instance.
Economic Analyses and Market Research
In order to run our business economically, to identify market trends, customer and user wishes, we analyse the data available to us on business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the online offer. The analyses are carried out for the purposes of business management evaluations, marketing and market research.
In doing so, we may take into account the profiles of registered users with details, for example, of their purchasing transactions. The analyses serve us to increase user-friendliness, to optimise our offer and business efficiency and are not disclosed externally, unless they are anonymous analyses with summarised values.
If these analyses or profiles are personal, they will be deleted or made anonymous upon termination by the user, otherwise after two years from conclusion of the contract. In all other respects, the macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.
Integration Of Services and Contents of Third Parties
We use within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or services offered by third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").
This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.
The following presentation provides an overview of third-party providers and their content, along with links to their data protection policies, which contain further information on the processing of data and, in part already mentioned here.
Our online presence is provided on a so called Content Delivery Network and supported by our In-house serves in the locations already mentioned above or on cloud service providers. Our providers are Hubspot, Facebook, Yoast, Wordpress, Rocketseed, Microsoft Azure, LeaseWeb;
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us using the details provided.