Privacy Policy

1. Data Controller

The data controller responsible for the processing of your personal data on this website, in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), is:

Marian Freisleben
Karl-Marx-Strasse 43
78054 Villingen-Schwenningen
Germany
Email: marian.freisleben@liora-bioinformatics.com

2. Scope of this Privacy Policy

This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data on our website and in connection with our services. Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject").

We are committed to protecting your privacy and handling your personal data responsibly and in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

3. Data We Collect and Process

We collect and process personal data only to the extent necessary and for the purposes for which it was collected.

a) Server Log Data

When you visit our website, our hosting provider automatically collects and stores information in so-called server log files that your browser automatically transmits to us. This data includes:

• IP address
• Date and time of the server request
• Browser type and version
• Operating system used
• Referrer URL (the previously visited page)
• Host name of the accessing computer
• HTTP status code

Purpose of Processing: This data is processed for essential technical and security purposes, such as maintaining the stability, security, and performance of our website, and for detecting and preventing technical issues or malicious attacks.

Legal Basis: The processing of server log data is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the functional operation and security of our website.

Retention Period: Server log data is retained for a period strictly necessary to fulfill these operational and security purposes, typically up to 6 months, or as required by the policies of our hosting provider (currently planning to be GitHub Pages) and applicable legal obligations. In exceptional cases, longer retention may occur for purposes of evidence, such as in the event of a security incident or suspected misuse.

b) Contact Form Data

If you use our contact form to get in touch with us, we will collect the personal data you provide in the input mask. This typically includes:

• Your Name
• Your Email Address
• The Subject of your inquiry
• The content of your Message

Purpose of Processing: The personal data you provide via the contact form is processed solely for the purpose of responding to your inquiry and for facilitating initial communication for potential business relationships (pre-contractual steps).

Legal Basis: The processing of your contact form data is based on steps taken at your request prior to entering into a contract pursuant to Art. 6(1)(b) GDPR, as your inquiry may lead to a potential business relationship. For general inquiries not directly leading to a contract, the legal basis is our legitimate interest pursuant to Art. 6(1)(f) GDPR, which is to communicate with interested parties and respond to queries.

Retention Period:

• If your inquiry does not lead to a contractual relationship: Your data will be retained for as long as necessary to fully address your request and for a reasonable follow-up period, typically no longer than 12 months after the last communication. This allows us to ensure comprehensive support and to address any subsequent questions related to your initial inquiry.
• If your inquiry leads to a contractual relationship: Your data will be integrated into our client records. The retention of this data will then be governed by the retention periods applicable to client contractual documents, which can extend up to 10 years due to commercial and tax law obligations in Germany (e.g., § 257 HGB, § 147 AO). In cases where legal disputes or official investigations are pending, data may be retained for the duration of such proceedings plus any applicable statutory limitation periods.

4. Disclosure of Data to Third Parties

We will only transfer your personal data to third parties if this is necessary for the purposes mentioned above, if there is another legal basis for such transfer, or if you have given your explicit consent.

• Hosting Provider: Our website is hosted with a third-party provider (currently planning to be GitHub Pages). This provider processes server log data on our behalf. We have entered into, or will enter into, a data processing agreement with our hosting provider to ensure compliance with GDPR requirements.
• Other Third-Party Services: We currently do not integrate any other third-party services (e.g., analytics tools, social media plugins, external fonts) that would collect personal data directly through our website. Should this change in the future, this Privacy Policy will be updated accordingly to inform you about the involved services, the data collected, purposes, and legal bases.

5. International Data Transfers

As our primary hosting provider (GitHub Pages) is operated by GitHub, Inc., a company based in the United States, your personal data (specifically server log data) may be transferred to the USA. For such transfers to a third country outside the European Union or European Economic Area, we ensure that appropriate safeguards are in place to guarantee a level of data protection equivalent to that within the EU, in accordance with Art. 44 et seq. GDPR. This may include reliance on Standard Contractual Clauses (SCCs) approved by the European Commission, provided that supplementary measures ensure an adequate level of protection.

6. Your Data Protection Rights under GDPR

As a data subject under the General Data Protection Regulation (GDPR), you have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights. Please note that these rights are not absolute and may be subject to certain conditions or exceptions as set forth in the GDPR.

You have the right to:

• Right to Information (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and specific information about its processing.
• Right to Rectification (Art. 16 GDPR): You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
• Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR): You have the right to obtain the erasure of personal data concerning you without undue delay where one of the grounds specified in the GDPR applies (e.g., the data is no longer necessary for the purposes for which it was collected, or you withdraw consent and there is no other legal ground for processing).
• Right to Restriction of Processing (Art. 18 GDPR): You have the right to obtain from us restriction of processing where one of the specific conditions in the GDPR applies (e.g., you contest the accuracy of the personal data, and we need time to verify its accuracy; the processing is unlawful and you oppose erasure but request restriction instead).
• Right to Data Portability (Art. 20 GDPR): You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent or on a contract and is carried out by automated means.
• Right to Object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests or the performance of a task carried out in the public interest, including profiling based on those provisions. If you object, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
• Right to Withdraw Consent (Art. 7(3) GDPR): Where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint (Art. 77 GDPR): Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
  The competent supervisory authority for data protection in Germany is generally determined by the federal state in which the controller is based. For Liora Bioinformatics, the relevant authority is:
  
  Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI Baden-Württemberg)
  Lautenschlagerstraße 20
  70173 Stuttgart
  Germany
  Phone: +49 711/61 55 41 – 0
  Email: poststelle@lfdi.bwl.de

7. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, please be aware that data transmission over the internet (e.g., communication by email) can have security vulnerabilities. A complete protection of data against third-party access is not possible.

8. Changes to this Privacy Policy

We reserve the right to adapt this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or new technologies. The updated Privacy Policy will be published on our website. We recommend that you review this Privacy Policy periodically.