STARLIMS CORPORATION – GDPR PRIVACY NOTICE
Privacy Policy Revised Date: 1/11/2024
Starlims Corporation, based in the United States, is the parent organization of several subsidiaries in the European Union and elsewhere. This privacy policy will use the name STARLIMS to refer to the parent company and all subsidiaries, and will explain how we use the personal data we collect from you.
This GDPR Privacy Notice describes how we process data relating to identified or identifiable individuals and households (“personal data”) in the European Union, the United Kingdom, Switzerland, or any jurisdiction that follows EU Regulation 2016/679, the General Data Protection Regulation (“GDPR”).
Topics:
- What data do we collect?
- How do we collect your data?
- How will we use your data?
- How do we store and delete your data?
- Marketing and Surveys
- Cookies
- What are your data protection rights?
- What are your Data Protection Choices?
- Privacy policies of other websites
- Changes to our privacy policy
- International Transfers
What data do we collect?
Starlims collects the following data:
- Laboratory-testing information related to specific individuals that our customers have collected with the consent of those individuals.
- Please note – we process laboratory-testing information in our capacity as a data processor, and not as a controller. Our customers are the controllers of this personal data.
- Personal identification information related to employees of our customers or potential customers (which may include name, job title, work email address, work phone number, information related to the devices you use on behalf of your employer, etc.).
The legal basis for the processing of this data is found under Article 6(1)(f) of the GDPR: such processing is necessary for the purposes of the legitimate interests pursued by the data controller.
How do we collect your data?
If you are an employee of our customer, we obtain the data we collect about you either from your employer or directly from you. We collect and process such data when:
- Your employer provides us with your work-related information so that we may provide your employer with our services.
- You contact our Help Desk for support.
- You interact with us for product research and development.
- You use or view our website via your browser’s cookies.
- You respond to any survey or other questionnaire we ask you to complete.
If you are an employee of a potential customer, we may collect your information through typical business outreach initiatives, such as social networking, attending industry events, speaker programs, etc.
When you use our websites, the following categories of personal data are collected, stored and processed by us:
- “Log data” – When you visit our websites, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This consists of:
- the page from which the page was requested (so-called referrer URL).
- the name and URL of the requested page
- the date and time of the call
- the description of the type, language and version of the web browser used.
- the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.
- the amount of data transferred
- the operating system
- the message whether the call was successful (access status/http status code).
- the GMT time zone difference
The processing of the log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection; the legal basis is Art. 6, para. 1 (f) GDPR.
- “Contact form data” – When contact forms are used, the data transmitted through them are processed (e.g. gender, surname and first name, address, company, e-mail address and the time of transmission).
Contact form data is processed for the purpose of handling customer inquiries; the legal basis is Art. 6 para. 1 p. 1 lit. b or lit. f GDPR.
- “Newsletter subscription” – If you subscribe to our newsletter, we will inform you about current developments in our company. If you subscribe to our newsletter, the following “newsletter data” will be collected, stored and processed by us:
- the page from which the page was requested (so-called referrer URL).
- the date and time of the call
- the description of the type of the used web browser
- the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.
- the e-mail address
- the date and time of registration and confirmation
The newsletter data is processed for the purpose of sending the newsletter. When registering for our newsletter, you consent to the processing of your personal data; the legal basis is Art. 6 (1) of GDPR. For the registration to our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by e-mail to [email protected] or by sending a message to the contact details given in the imprint.
How will we use your data?
We provide a Software-as-a-Service laboratory information management solution that our customers use to manage their laboratory-related data. If you are an individual whose laboratory-testing data has been collected by a STARLIMS customer, we may host that data in a cloud-based, online environment. Alternatively, the customer may host the data on their own server, and use our SaaS solution to process that data. Except for very infrequent access at customer request by Development or other support personnel, we rarely ever access this laboratory-related data.
Starlims may process your data so that we can:
- Provide our services to your employer.
- Respond to your requests for support.
- Analyze your responses to surveys or questionnaires.
- Create anonymized data for analytics purposes.
- Conduct marketing or respond to your outreach.
- Fulfill legal obligations.
Our processing is performed pursuant to Art. 6 of GDPR.
For the processing of our business transactions, we may use external service providers, so-called processors (e.g. in the area of IT or marketing). These are only active according to our instructions, have been conscientiously selected by us and are contractually obligated to comply with the provisions of data protection within the meaning of Art. 28 GDPR.
In addition, we may be subject to a legal or statutory obligation to provide the lawfully processed personal data to third parties, in particular public bodies. (Art. 6 para. 1(c) GDPR)
Your data may also be disclosed to third parties located outside the European Economic Area (EEA), i.e. in third countries, including without limitation the Unites States. Such processing takes place exclusively for the fulfillment of contractual and business obligations and for the maintenance of your business relationship with us. We will inform you about the respective details of the transfer in the following at the relevant points.
The third-party service providers with whom we may share your data include:
- Amazon Web Services (cloud-based data hosting)
- Google (for marketing and advertising)
- Hubspot (forms/surveys)
- SalesForce (for marketing and surveys)
- Set Metrics by Nice Software (for surveys)
- Others processors we may engage in the future (a list of current cookies and similar technologies is available in our cookie consent module, accessible here).
We may also process personal data as necessary to comply with our legal obligations, such as where you exercise your rights under data protection law, for the establishment and defense of legal claims, where we must comply with lawful requests from public authorities or law enforcement officials, and as may be required to meet national security or law enforcement requirements or prevent illegal activity. We may process data to protect the vital interests of individuals, or on certain public interest grounds, each to the extent required or permitted under applicable law.
How do we store and delete your data?
STARLIMS securely stores the data about you in a cloud-based environment hosted within the European Union, using industry-leading privacy and security protocols. STARLIMS always maintains cloud-based customer databases in an individual cloud, and never co-hosts data from multiple employers in a shared cloud.
To maximize the security of your employment-related personal information, a STARLIMS employee’s access to that data must be approved by: (1) your employer; (2) our data protection officer; and (3) the employee’s manager. Moreover, approved STARLIMS employees only have read-only access, and service or Development personnel typically only receive screen shots or VPN and generally have no access to the actual database.
If you contact our Help Desk or interact with us for product research and development, we may securely store information related to you in a cloud-based environment hosted within the European Union or the United States. The security protocols for such data are the same as stated above for other employer-based data.
By contacting our Help Desk or interacting with us for product research and development, you are consenting to our processing of your personal information within the European Union or the United States.
If you respond to a survey or questionnaire, our service providers will store information about you in a cloud-based environment in the United States. For access to data from non-employer surveys, the security protocols are similar to those described above, except your employer does not have an approval role.
By responding to a survey or questionnaire, you are consenting to our processing of your personal information within the United States.
STARLIMS will keep the data we receive about you from your employer, or from you in regard to contacting our Help Desk or interacting for product research and development, according to the terms we establish with your employer, which is typically six (6) years. Marketing-related information will be deleted after six (6) years, or once no longer relevant, if sooner. Once this time period has expired, we will delete your data by electronic deletion from all servers, and if requested by your employer, we will provide that employer with an archive of that data.
Marketing and Surveys
STARLIMS may contact you in your role as an employee of a potential customer to market our services. You may opt-out of receiving such marketing outreach.
STARLIMS may also contact you to invite you to partake in surveys. If these surveys are not on behalf of your employer, you do not have to participate. If you have agreed to participate in non-employer surveys, you may always opt out at a later date.
You have the right at any time to stop STARLIMS from contacting you in regard to marketing non-employer surveys, or from giving the information we receive from you in regard to such surveys to any other entity.
If you no longer wish to be contacted in regard to marketing or non-employer surveys, please contact us at the contact information below.
Cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology
For further information, visit www.allaboutcookies.org.
For a complete list of the cookies we currently use, click HERE.
How do we use cookies?
Starlims uses cookies in a range of ways to improve your experience on our website, including:
- Getting information about the traffic on our website
- Providing you with essential functionalities of our website
- Tracking your browsing behavior
- Tracking your engagement with social services
- Collecting information about how users use our website
- Remembering your preferences for our website
What types of cookies do we use?
We use the following types of cookies:
- Essential
- Preferences
- Analytics
Essential cookies
We always use the essential cookies. They allow us to provide you with the essential features of our website, such as website navigation or logging in the secured areas.
Using them is in your best interest, hence all the applicable personal data protection laws allow us to use them freely.
We use other types of cookies only with your prior explicit consent. (Art. 6 (1) GDPR). In addition, we will only share your personal information gathered through cookies with third parties if you have given your explicit consent to do so. (Art. 6 (1) GDPR). If you give us consent to
We don’t discriminate against users based on consent. Your consent applies to the following domains: https://www.starlims.com/jp.
Preferences cookies
These cookies allow our website to remember your preferences for using it, such as your login details, preferred language, and other customizable details.
Analytics cookies
Analytics cookies provide us with information about the traffic and users’ behavior on our website. This includes the number of visitors, number of clicks to pages, and others. Most often, the data these cookies collect is anonymous.
However, in some cases, the data may be related to a pseudonymous identifier that may be related to your device. That may possibly make you identifiable and that’s why we ask you for consent before using analytics cookies.
See your data protection choices below for information regarding opt-out rights and other options for managing cookies.
What are your data protection rights?
STARLIMS would like to make sure you are fully aware of all of your data protection rights. You are entitled to the following:
The Right to be Informed – You have the right to be informed as to how a Controller processes your personal data. This GDPR Privacy Notice provides such information.
The right to access – You have the right to request STARLIMS for copies of your personal data. We may charge you a small fee for this service. (Art. 15 GDPR)
The right to rectification – You have the right to request that STARLIMS correct any information you believe is inaccurate. You also have the right to request STARLIMS to complete the information you believe is incomplete. (Art. 16 GDPR)
The right to deletion – You have the right to request that STARLIMS erase your personal data, and we will comply with such a request. (Art. 17 GDPR)
The right to restrict processing – You have the right to request that STARLIMS restrict the processing of your personal data, and we will comply with such a request. (Art. 18 GDPR)
The right to object to processing – You have the right to object to STARLIMS’s processing of your personal data, and we will comply with such a request. (Art. 21 GDPR)
The right to data portability – You have the right to request that Starlims transfer the data that we have collected to another organization, or directly to you, and we will comply with such a request. (Art. 20 GDPR)
The right to revoke – You have the right to revoke any authorization you have previously provided, and we will comply with such a request and cease further processing. (Art. 7 (3) GDPR)
The right to appeal to a supervisory authority – You have the right to appeal any decision regarding your personal information rights made by Starlims to the supervisory authority of your usual place of residence or workplace. (Art. 77 GDPR)
If you make any of the above requests, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at the contact information below.
Please note, we do not undertake or otherwise subject your personal information to any automatic decision-making process (including profiling).
What are your Data Protection Choices?
You may have the following choices regarding the personal data we process, to the extent required under applicable law:
Consent – If we rely on your consent to our processing of Personal Information, you may withdraw your consent at any time. You may be required to close your account in order to withdraw consent where your consent is necessary to perform essential aspects of our Site.
Email Marketing – You have the choice to opt-out of or withdraw your consent to email marketing communications. You may exercise your choice via the links in our communications.
Cookies – You can set your browser not to accept cookies, and the website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result. You must opt out of the use of some third party cookies directly via the third party.
To opt-out of Google’s analytic and marketing services, visit Google’s Ads Settings, the Google Marketing Platform opt-out page, the Network Advertising Initiative opt-out page, or your device’s settings.
Do Not Track – Our Site does not respond to your browser’s do not track signal.
Privacy policies of other websites
The STARLIMS website may contain links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.
Changes to our privacy policy
STARLIMS keeps its privacy policy under regular review and places any updates on this web page. Your continued use of our Services constitutes your acknowledgement of any revised Policy.
International Transfers
Some third countries are certified by the European Commission as having a level of data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be obtained here: http://ec.europa.eu/justice/data-protection/international- transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding corporate rules programs, standard contractual clauses of the European Commission for the protection of personal data, certificates, recognized codes of conduct, or applicable US Data Privacy Framework programs (see below).. Please contact our data protection officer if you would like more information regarding the specific transfer mechanisms applicable in connection with specific processing activities.
With respect to transfers of non-HR personal data to the United States, STARLIMS complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (“UK Extension”), and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. STARLIMS has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom and Gibraltar in reliance on the UK Extension. STARLIMS has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. Furthermore, we require third party recipients of EU, UK, or Swiss individuals’ personal data to agree to respect these principles, and in the event of onward transfers of personal data to third parties, we accept liability for those third parties’ processing of EU, UK, or Swiss individuals’ data to the extent required by law. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
As a U.S. company, we are also subject to the investigatory and enforcement power of the FTC regarding our compliance with the EU-U.S. DPF, the UK Extension, the Swiss-U.S. DPF, and this privacy policy, and users may direct complaints to the FTC in the event the dispute resolution processes described below are unsatisfactory.
Additionally, in compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, STARLIMS commits to resolve DPF Principles-related complaints about our collection and use of your personal data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF should first contact STARLIMS using the information below. We will respond to complaints from EU, UK, and Swiss individuals within 45 days.
You may, under certain conditions, be able to invoke binding arbitration for complaints regarding DPF compliance that have not been resolved under other DPF dispute resolution mechanisms. See here for additional information regarding the DPF binding arbitration process.
STARLIMS commits to refer its unresolved complaints concerning the processing of personal data in reliance on the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF via binding arbitration using JAMS, an alternative dispute resolution provider based in United States. See here for more information about the JAMS DPF dispute resolution program.
If you do not receive timely acknowledgment of your DPF Principles-related complaint by contacting us directly, or if we have not addressed your DPF Principles-related complaint to your satisfaction, you may file a complaint here. The JAMS dispute resolution processes are provided at no cost to you.
How to contact us
You may also contact us if you have any questions about STARLIMS’s privacy policy or the data we process on you, or you would like to exercise one of your data protection rights.
Privacy Office
Starlims Corporation
4000 Hollywood Boulevard
Suite 333
Hollywood, FL, 33021
Attn: Judith Dolgin
Telephone: 954.964.8663
E-Mail: [email protected]
How to contact the appropriate authority
Should you wish to report a complaint or if you feel that STARLIMS has not addressed your concern in a satisfactory manner, you may also contact the Supervisory Authority in your jurisdiction, or the Information Commissioner’s Office as follows:
Postal address: | Rue Wiertz 60, B-1047 Brussels |
Office address: | Rue Montoyer 30, B-1000 Brussels |
Telephone: | +32 2 283 19 00 |
Email: | [email protected] |
Website: | www.edps.europa.eu |