Data Protection Declaration
I. Controller
The Controller within the meaning of the General Data Protection Regulation (GDPR), other national data protection laws of the Member States, as well as other data protection regulations, is:
HASOMED Science GmbH
Paul-Ecke-Straße 3
39114 Magdeburg
E-Mail: datenschutz@hmm-services.de.de
Website: hasomedscience.de
II. General Information on Data Processing
Data Subject Rights: As a user of this website, you have the following rights under the General Data Protection Regulation (GDPR):
• Right of access (Art. 15 GDPR): You can request information about which personal data we process about you. In particular, you can obtain information about the purposes of processing, the categories of data, the recipients, the planned storage period, the origin of the data, and, where applicable, automated decision-making.
• Right to rectification (Art. 16 GDPR): You have the right to have inaccurate or incomplete personal data concerning you rectified or completed.
• Right to erasure (Art. 17 GDPR): You can request the erasure of your personal data, provided that no statutory retention obligations prevent this and the processing is not necessary for other reasons (e.g., for the performance of a contract or legal defense).
• Right to restriction of processing (Art. 18 GDPR): You have the right to restrict the processing of your data under certain conditions, e.g., if you contest the accuracy of the data or the processing is unlawful.
• Data portability (Art. 20 GDPR): You can request to receive the data you have provided to us in a commonly used, machine-readable format or – where technically feasible – to request its transmission to a third party.
• Right to object (Art. 21 GDPR): If we process your data based on legitimate interests (Art. 6 para. 1 lit. f GDPR), you have the right to object to this processing at any time on grounds relating to your particular situation. In particular, you can object to the processing of your data for direct marketing purposes at any time.
• Right to withdraw consent (Art. 7 para. 3 GDPR): If you have given us your consent to data processing, you can withdraw it at any time with effect for the future. The lawfulness of the processing carried out before the withdrawal remains unaffected.
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): Finally, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes applicable data protection law. This could be, for example, the regulatory authority in your place of residence or where our company is headquartered.
Data processing when visiting the website: When you visit our website for purely informational purposes (i.e., if you do not fill out any forms or otherwise provide us with information), our web servers automatically process certain technical data in so-called server log files. This includes, for example, the IP address of the requesting device, the date and time of access, the name and URL of the accessed file, the amount of data transferred, notification of successful access, browser type and version, operating system, and the requesting provider. We need this data to ensure the security and stability of the website and to analyse any technical problems that may arise. This log data is not combined with other data sources; the log files are automatically deleted after 7 days at the latest. The legal basis for this processing is our legitimate interest in providing a functional and secure website (Art. 6 para. 1 lit. f GDPR).
Disclosure to third parties and processors: We use external service providers for the operation of our website and for the provision of certain functions (e.g., for hosting, newsletter distribution, analytics, etc.). We have concluded GDPR-compliant contracts with all service providers who process personal data on our behalf (data processors). These contracts obligate these service providers, among other things, to comply with European data protection standards and our instructions. Furthermore, personal data will only be transferred to third parties if you have given your consent, if it is necessary for the performance of a contract, if there is a legal obligation to do so, or if we can demonstrate a legitimate interest and your interests do not override ours.
Data transfer to third countries: Some of the services listed below are located outside the European Union (particularly in the USA). When we transfer personal data to a third country, we ensure that either an adequate level of data protection exists or that we apply appropriate safeguards. Since July 2023, the USA has had an adequacy decision by the EU Commission under the EU-US Data Privacy Framework (DPF). Many US companies – including Google, Meta, Microsoft, and Webflow – are DPF-certified, which means that for certain data transfers, an adequate level of protection is recognized by the EU. If a recipient is not DPF-certified, we base the transfer on the EU Standard Contractual Clauses and implement additional safeguards where possible. Please note, however, that in the case of data transfers to the USA, access by authorities cannot theoretically be ruled out; data transfers to the USA are not completely risk-free despite certifications. If you do not want personal data to be processed in the USA, you can refuse consent to the use of the relevant services or exercise your right to object/revoke consent via our consent management solution (see below).
III. Tools and Services Used
Cookies and Consent Management (Cookiebot)
Our website uses cookies and similar technologies to provide certain functions and analyse user behavior. Cookies are small text files that are stored on your device. Some cookies are essential for the operation of the website (e.g., for displaying the pages or saving your privacy settings); we use these based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) or to fulfil our legal obligations (Art. 6 para. 1 lit. c GDPR). Other cookies serve statistical purposes, marketing, or the integration of external media – these are only set with your consent (Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG).
To manage your consent, we use the Cookiebot consent management tool from the provider Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (part of the Usercentrics Group). Cookiebot displays a cookie banner on your first visit and records your selection. A necessary cookie ("CookieConsent") is stored in your browser to record your consent preferences (acceptance/rejection for specific categories). This consent cookie has a lifespan of 12 months. To provide the service, Cookiebot processes, among other things, your IP address (in anonymized form) as well as browser and device information to determine, for example, your location for country-specific cookie rules and the correct language setting. Your consent data (consent status, timestamp, browser information) is stored on our behalf to comply with legal documentation requirements.
Cookiebot uses servers within the EU (according to its own statements, in the EU region, e.g., in Germany or Denmark). However, it cannot be ruled out that, in the course of providing the service, servers of sub-processors in the USA may also be technically involved. Cybot/Usercentrics has therefore concluded contractual safeguards (standard contractual clauses). The legal basis for the use of Cookiebot is Article 6(1)(f) GDPR (legitimate interest in legally compliant cookie consent collection and documentation) and Article 6(1)(c) GDPR (compliance with legal obligations under data protection and telemedia law). The consent data logged in Cookiebot is stored for 12 months, after which it is automatically deleted. You can withdraw your consent or change your settings by clicking on "Cookie settings" in the footer of our website or by revisiting the banner and adjusting your preferences.
Analytical Services
We want to understand how our website is used in order to continuously improve it. Therefore, we use the following web analytics tools – only with your consent. The information obtained through these tools (e.g., pages visited, click behaviour) helps us to optimize our offerings and marketing. All analytics cookies are only activated if you consent in the "Statistics" category of the cookie banner. You can revoke your consent at any time (see above).
Google Analytics
We use Google Analytics for the statistical evaluation of website usage. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics allows us to create pseudonymous user profiles to, for example, recognize returning visitors and analyse their behaviour. Google processes the resulting data as a data processor on our instructions, and we have concluded a contract with Google pursuant to Article 28 GDPR.
Data processing: During your visit, Google Analytics collects certain usage data and transmits it to Google servers, which may also be located in the USA. The data collected includes, among other things: pages and subpages visited, any conversions (e.g., submitting contact forms, newsletter subscriptions), your usage behaviour on the site (time spent, clicks, scroll depth), approximate location (country/region), technical information about your browser, device, and screen resolution, origin (referrer website or advertising campaign), and your truncated IP address. Google Analytics uses cookies containing a randomly generated user ID. This allows Google to recognize you when you revisit our website – provided the cookie is still valid. Personally identifiable information such as your name or contact details is not transmitted to Google. Google Analytics only logs pseudonymous user IDs.
IP anonymization: Google's IP anonymization function is activated on our website. This means your IP address is truncated within the EU before being transmitted to Google in the USA. The full IP address is only sent to a Google server in the USA in exceptional cases and truncated there. Google uses this information on our behalf to evaluate your use of the website, compile reports on website activity, and provide us with other services related to website activity. According to Google, the IP addresses transmitted as part of Google Analytics are not merged with other Google data.
Transfer to third countries: The collected usage data may also be stored by Google on servers in the USA. Google LLC (based in the USA) is certified under the EU-US Data Privacy Framework, thus ensuring an adequate level of data protection. We have also entered into standard contractual clauses with Google. Nevertheless, we would like to point out that authorities in the USA may potentially have access to the data stored by Google.
Storage period: The user data stored by Google on our behalf (linked to the user ID or cookies) is automatically deleted after 14 months. Google may retain aggregated analyses without personal reference for a longer period. Google Analytics cookies have a lifespan of up to two years but can be renewed with each new interaction.
Legal basis: Google Analytics is only used with your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG).
Revocation options: You can revoke your consent at any time. To do so, either use our consent manager (cookie settings) or install the browser add-on provided by Google to deactivate Google Analytics. Alternatively, you can prevent the storage of cookies in your browser; however, in this case, you may not be able to fully use all the functions of this website.
Integration of Videos and External Content
We also integrate multimedia content from third-party providers into our website to provide you with product videos, for example. This may involve establishing technical connections to the servers of the respective providers, which means they receive at least your IP address and other device-related information (because without this data, the content could not be delivered to your browser). We take care to integrate such content in a privacy-friendly manner – where possible, we use two-click solutions or the providers' privacy-friendly modes. Below, we inform you about the external services used on our website for media content.
YouTube Videos (Embedded)
Some videos from the YouTube platform (a service of Google Ireland Ltd.) are embedded on our website. The videos are embedded in such a way that they are only loaded when you actively click "Play" (two-click solution). Only then is a connection to YouTube established. We generally use YouTube's "enhanced privacy mode" when embedding videos. According to Google, this mode prevents YouTube from setting cookies for personalization until you play the video. However, personal data is transmitted to YouTube and Google as soon as the video loads (and at the latest when you play it) – specifically, your IP address, technical information about your browser/device, and the page on which the video is embedded. If you are logged into YouTube/Google at the same time, Google can associate your visit to your Google profile. Playing a YouTube video may also cause Google to store additional cookies on your device to track your browsing behaviour (these may be cookies from the DoubleClick advertising network, used for displaying personalized ads). We have no control over this.
Legal basis: We only embed YouTube videos with your consent (Art. 6 para. 1 lit. a GDPR), as the embedding is not technically necessary and involves potential tracking functions. In the cookie banner, YouTube falls under the category "External Media" or similar. If you do not give your consent, the video will not load automatically – instead, you will see a placeholder and can decide whether to click it.
Data transfer: Displaying and playing YouTube videos may establish a connection to Google servers in the USA. Google is certified under the Data Privacy Framework, and we have also agreed to the Standard Contractual Clauses with Google to ensure an adequate level of data protection. Nevertheless, we would like to point out that when using YouTube, data generally flows to the USA and may be subject to access risks there.
Further information: When you start a YouTube video on our site, the Google/YouTube Terms of Service and Privacy Policy apply. You can find more information about YouTube's data usage in the Google Privacy Policy. You have the option to adjust your privacy settings in your Google account (e.g., pause your YouTube watch history or disable personalized advertising). To prevent Google from associating data from embedded videos with your Google profile, log out of Google/YouTube before visiting our site.
Vidzflow (Video Hosting for Webflow)
We embed some of our videos using the Vidzflow service. Vidzflow is a video platform specifically for Webflow websites, operated by Woice d.o.o., Maribor, Slovenia. Vidzflow allows us to host videos and embed them with a customized player, free from third-party advertising.
Data processing: As soon as you access one of our pages containing a Vidzflow video, the data necessary to display the video is retrieved from the Vidzflow servers. Vidzflow learns that our website was accessed from your IP address and receives information about your browser and device configuration. This data is required to technically deliver the video. According to Vidzflow, they process this information solely for the purpose of delivering and ensuring the functionality of video playback. Furthermore, Vidzflow provides us with video analytics, meaning we can see how often a video has been viewed and whether it has been watched to the end. However, these analyses are anonymized and aggregated – we do not receive any data that personally identifies you. Vidzflow itself does not store any cookies on your device.
Operator and data storage: Vidzflow is operated by a company in Slovenia (EU). All processing therefore takes place within the EU and is directly subject to the GDPR. No data is transferred to insecure third countries. (Note: Should Vidzflow nevertheless use external infrastructure, e.g., a Content Delivery Network, the provider assures compliance with the GDPR.)
Legal basis: We embed Vidzflow videos based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing you with our video content in a technically sound and user-friendly manner. Unlike YouTube, no marketing cookies are used here, which is why we consider embedding necessary for displaying our content. If you still do not want a Vidzflow video to load, you can prevent this by not playing any videos on our site.
Further information: Details on data protection at Vidzflow can be found in Vidzflow's privacy policy.
Contact and Support
Contact Forms and Email
When you contact us via a contact form provided on the website or by email, we process the information you provide to handle your request. Contact forms on our site (e.g., quote request, contact form) typically collect information such as your name, email address, telephone number, and your message. Required fields are marked accordingly (we only request the data necessary for processing, e.g., your contact details and the nature of your request). The form data is transmitted using encryption.
Use of Data: We use your information to process your request (e.g., to create the requested quote or answer your questions). Depending on the nature of your request, the data may be further processed in our customer management system or via email. Internally, only authorized personnel responsible for processing your request (e.g., sales, support) have access to this data. Your data will not be shared with third parties without your consent unless it is necessary to fulfil your request (e.g., forwarding it to a partner at your request).
Webflow Forms: Our website is built with Webflow, so the form data is initially received by Webflow and then forwarded to us (e.g., via email). Webflow acts as a data processor in this process. We have contractually obligated Webflow to process your form data exclusively according to our instructions and to protect it appropriately. Webflow stores the form entries on secure servers. Some of the data may be stored in the USA, as Webflow relies on cloud services (AWS, Fastly) for its hosting infrastructure. However, Webflow Inc. is DPF-certified, meaning that under current law, the transfer to the USA is permitted. Our legitimate interest in using Webflow for form delivery lies in the efficient and reliable management of website content and inquiries.
Webflow stores the form entries on secure servers. Legal basis: Depending on the context, the processing of your information from inquiries is carried out either for the performance of pre-contractual measures or the fulfilment of a contract (Art. 6 para. 1 lit. b GDPR), insofar as your inquiry aims at concluding a contract, or on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the effective processing of inquiries. Our legitimate interest arises from the fact that you contact us voluntarily – we assume that we are permitted to use your data in this context to respond to you.
Storage period: We store contact inquiries and the associated personal data for as long as this is necessary for the complete handling of your request. Once the purpose has been fulfilled and the inquiries have been concluded, the data will be deleted. If a contractual relationship arises from the inquiry, the data may be transferred to the customer file and stored accordingly for a longer period (e.g., for contract documentation or subsequent follow-up questions). Statutory retention obligations (e.g., under commercial or tax law) remain unaffected.
Right to object: You can object to the processing of your personal data from contact inquiries at any time. Please note, however, that in such a case we will be unable to continue the conversation.
This privacy policy (version 1.0) is effective as of January 2026.
We reserve the right to update this privacy policy as needed to reflect changes in factual or legal circumstances. We will indicate any significant changes on this website.