Data Privacy Policy

Company contact details

Immundiagnostik AG
Stubenwald-Allee 8a
64625 Bensheim, Germany

Tel.: +49 6251 70190-0
Fax: +49 6251 70190-363


Contact details for the data protection officer

Thomas Ott
Telefon: +49 1515 2886186
Welcome to our website. The privacy of your data is very important to us. Therefore, we will explain below how we process your personal data.

Categories of data; data sources

Basically, we process the personal data that you provide to us in the context of a request, a pre-contractual relationship or a contractual relationship. In individual cases and insofar as this is necessary within the framework of the fulfilment of the contract, we also process personal data that has been taken from publicly available sources (eg trade register, debt directories, Internet) in a permissible manner or is permitted by third parties (eg credit reference agencies). were transmitted.

This may be personal data (name, birthday, legally authorized representative), address data (address, e-mail address, contact person), financial data (name of the account holder, IBAN, BIC), contract data (contract duration, services purchased, cancellations), Communication data (correspondence, e-mail traffic), advertising data (advertising letters) and other comparable categories of personal data.

Processing of personal data after consent (Art. 6 para. 1 p. 1 lit. a) GDPR)

In individual cases, we will obtain consent from you for specific purposes expressly identified in connection with data collection (eg request via a contact form).

A data processing takes place only if you give us the consent. It is possible that the processing of your request without your consent is not possible and therefore must be made dependent on it. The processing of the data takes place exclusively for the purpose (s) expressly stated.

You can revoke your consent with effect for the future at any time. The revocation has no influence on the legality of the processing until the time of revocation.

Processing of personal data for the execution of contracts (Art. 6 para. 1 p. 1 lit. b) GDPR)

If a contract is concluded with us, we use personal data as far as this is necessary for the execution of the contract or for the execution of pre-contractual measures. The purposes of the data processing are based on the concrete contract contents, which you can refer to the contract documents.

If a contract already exists between us, we process your data in order to verify that you are our contractual partner and in order to properly provide the contractual service owed.

Processing of personal data in the context of a balance of interests (Art. 6 para. 1 p. 1 lit. f) GDPR)

We process personal data according to balance of interests, as far as this is necessary for the protection of our legitimate interests or the interests of third parties.
Examples of such purposes are:

  • Ensuring the IT security and integrity of our systems,

  • Analysis and improvement of our online services,

  • Prevention and investigation of criminal offences,

  • Assertion or defense of legal claims.

Cross-border data transmission (Art. 49 para. 1 p. 1 lit. a) GDPR)

Where personal data are transmitted to a third country, we comply with the relevant data protection guidelines for this by transmitting your data generally on the basis of standard contractual clauses and by obtaining your consent to this in accordance with lit. a) of Article 49 para. 1 p. 1 GDPR.

Data are transmitted in particular in connection with the use of Google services. The use of these services results in the transmission of data to the United States of America.

The data will only be transmitted if you have given us your consent.
The specific details of the recipient, the personal data transmitted and the purpose of the forwarding of the data can be found in the remarks on the respective processing below.

The forwarding of your data poses a risk to your personal data. The United States of America do not provide for a level of data protection comparable to that under EU law (GDPR) and / or national guidelines (e.g. BDSG) or adequate guarantees to ensure a sufficient level of data protection. Moreover, due to the US legal situation, possible deficits cannot be compensated by other specific guarantees. Nevertheless, depending on the service concerned, standard contract clauses are used in some cases to achieve the maximum possible protection for your data. To find out whether standard contractual clauses are used, please refer to the explanations provided for each service.

You may withdraw your given consent at any time with effect for the future. The withdrawal has no effect on the lawfulness of the processing up to the time of the withdrawal. Since settings for the transfer of your data are not stored on our website, a withdrawal can be exercised by merely reloading the website.


If you contact us by e-mail or via phone, we will process the personal data you have provided to answer your request. We delete the data after the final processing of your request, if there is no contractual or statutory retention obligation.

Contact form

If you send us a request via our contact form, we process the data provided by you on the basis of your consent in accordance with Art. 6 para. 1 p. 1 a) GDPR to handle your request. Basically, your data will be deleted after processing the request, provided that there is no contractual or statutory retention obligation. If you provide us with contractually relevant information, we will transfer it to our existing system.

Your consent can be revoked at any time with effect for the future on all specified contact details.

Use of cookies

As part of your visit to our website cookies can be used on various pages. These are text files that are placed on your computer and, among other things, allow a smooth process of visiting our website. We almost exclusively use cookies that are technically necessary for the operation of our website. Most of the cookies we use are deleted from your computer after you close the browser (session cookies). Should the use of additional cookies be necessary for the use of certain non-essential functions of our website, we will obtain your consent to the placement of these cookies beforehand.


This website uses Matomo, a open-source web analytics service. For this purpose, we collect certain data about how you access our website and how you use it. This includes, for example, the time and duration of access and whether you use our website with a smartphone or a PC. In addition, some other purely technical data such as operating system, screen resolution, type of web browser and the language and country from which you are accessing the site are recorded. Your IP address is immediately anonymized, so that an individual assignment of the stored data is not possible. The data is stored exclusively on our servers and is not transmitted to third parties.

You can prevent the processing of data by Matomo by clicking on the following checkbox.


Plugins of the social network YouTube are implemented on our website. The provider of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube").

We rely on your consent for the collection of personal data in the context of the use of plugins.

If you consent to the processing of your data by the "YouTube" plugin by clicking on the "Show video" button, the processing of your data is based on your consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR, so that we use your personal data to the extent of the consent you have given for the purpose of providing a connection to YouTube.

When embedding the YouTube plugin, we use a button to activate the plugin as well as the "extended data protection mode" offered by the platform. This means that your browser does not establish a direct connection with YouTube's servers unless you activate the YouTube PlugIn by clicking the "Show Video" button. Cookies are not set even after activating the PlugIn. The content of the PlugIn is then transmitted by YouTube to your browser and integrated by it into the website. By activating the PlugIn, YouTube receives the information that you have accessed the corresponding page of our website. Content is then transmitted by YouTube to your browser and included on the page. This happens even in the event that you do not have a profile on YouTube or are not logged in. Personal data (including your IP address) is then automatically forwarded to a YouTube server located in the USA and then stored. The transfer of data to the USA is permissible based on your consent in accordance with Art. 49 para. 1 p. 1 lit. a) GDPR.

A direct assignment to your person on the side of YouTube only takes place if you are logged in to YouTube. Further details on how YouTube handles your personal data can be found on the following page:

Newsletter registration

If you register for our newsletter, we process the data you provide based on your consent pursuant to Art. 6 (1) p. 1 lit. a) DSGVO to send you our newsletter on a regular basis. To register, it is sufficient to provide an e-mail address. The other information is provided voluntarily. For legal reasons, we also store the IP address and the date of registration.
Our newsletter is sent using the service provider CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, with whom we have concluded an order processing agreement. We use the so-called double opt-in procedure for registration, in which you must explicitly confirm your e-mail address again in a second step after giving your consent to receive the newsletter. Only then will the service be activated. In this context, your data will be stored exclusively in the EU area. The data is used exclusively for sending the newsletter. There is no independent use of data by the service provider.
You can revoke your consent at any time with effect for the future. A link for revocation can be found at the end of each newsletter e-mail. Of course, you can also revoke your consent via the other contact options offered.
Your data processed within the scope of the newsletter dispatch will be deleted 3 months after termination of the newsletter subscription, insofar as the retention does not conflict with legal retention obligations.

Links to other websites

Our website may contain links to other external websites (Facebook, Twitter, YouTube, LinkedIn, Xing). These are pure links and not plugins. If you click on a link, you will call up the corresponding website and be forwarded to it.

Insofar as we process your data on these external websites (e.g. when you contact us via these websites), our Privacy policy applies.

In addition, the providers of the aforementioned websites process your personal data for their own purposes. We can make no claims about the nature of the processing, the purposes or the storage period of your personal data by these providers. Please refer to the privacy policies of the respective provider for further details about how they process your personal data. They can be found at:

Job application

Insofar as we process data in the course of a job application by you, please refer to the Privacy Policy for Applicants, available at Datenschutzerklärung für Bewerberinnen und Bewerber.

We process your data, in particular your name, contact information, curriculum vitae, evidence of academic, professional and vocational achievements and content data that you provide in your cover letter, for the purpose of concluding an employment contract.The legal basis for this data processing is § 26 BDSG (Germany), Art. 6 para. 1 p. 1 lit. b) GDPR (other countries). We store your data, should the application not be successful, for 6 months, unless you have given your consent to longer data storage. In this case, we will store your data for 12 months. Should your application lead to hiring, your data will be stored for the duration of the employment relationship.

We ask you not to provide any particularly sensitive data with your application. This is data on racial or ethnic origin, political opinion, religious or philosophical beliefs or trade union membership, genetic data, biometric data for the unique identification of a natural person, health data, data on sex life or sexual orientation, cf. Art. 9 para. 1 GDPR.

Data transfer

We transfer data to other third parties if and to the extent that we have delegated the fulfillment of tasks to them.

We collaborate with the following companies:

  • Liftric GmbH, Julius-Hatry-Straße 1, 68163 Mannheim, Germany

  • Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States

Insofar as you have consented to the display of YouTube videos, data is transmitted to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Furthermore, service providers can be entrusted with tasks in the following areas, for example:

  • IT maintenance,

  • IT development,

  • IT deployment,

  • Lawyers.

The transfer of data always takes place on the basis of a legal standard or a suitable contract according to Art. 26 or 28 GDPR, which ensures observance of all data protection requirements.

Otherwise, data is only transferred in the cases provided for by law, for example in the case of a legal obligation to provide information to law enforcement authorities. In these cases, the data transfer is legitimized according to Art. 6 para. 1 p. 1 lit. c) GDPR.

Data transfer to a third country

If you activate the YouTube PlugIn, data is transferred to the USA on the basis of your consent pursuant to Art. 49 para. 1 p. 1 lit. a) GDPR. A further data transfer to a third country is not intended. In particular, data is only processed by Amazon Webservices on servers within the European Union.

Duration of Data Storage

Your personal data will be deleted by us immediately, as soon as the data are no longer needed for the fulfilment of the contractual and legal obligations or the purpose for which the data was processed is reached and the data is no longer needed for this purpose.

Personal data will be stored for at least as long as necessary to fulfill contractual obligations and to exercise contractual rights. This period may extend beyond the actual contract period, as the data may still be relevant under the statute of limitations after the end of the contract. In addition, deletion can only take place if any tax and commercial retention periods have expired.

The criteria for the duration of the storage of cookies can be found in the relevant section.

Your rights as a data subject

As a person concerned with the processing of personal data, you have the following rights:
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have a right to information about the personal data and to the information listed in Article 15 GDPR in detail.

You have the right to demand that the responsible person immediately correct any incorrect personal data concerning you and, if necessary, complete any incomplete personal data (Art. 16 GDPR).

You have the right to demand that the person responsible delete personal data concerning you immediately if one of the reasons specified in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued (right to deletion).

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g., if you have lodged an objection against the processing pursuant to Art. 21 GDPR, for the duration of any inquiry as to whether our legitimate interests outweigh yours.

You have the right to receive in a structured, common and machine-readable format the personal data concerning yourself which you have supplied us, as well as the right to transmit these data to another controller without hindrance by us, provided that the processing of these data is based on your consent or on a contract and that the processing is carried out with the aid of automated procedures (Article 20 GDPR). When exercising the right to data portability, you have the right to have the personal data transferred directly from us to another controller, as far as this is technically feasible (right to data portability).

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning your person, which may be processed on the basis of Art. The responsible party will no longer process the personal data unless it can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the affected party, or the processing is for the purpose of establishing, exercising or defending legal claims (Art. 21 GDPR).

With regard to the exercise of your rights, you can always contact us via the contact options offered on our website.

Right to object to direct advertising

In individual cases, we process personal data in order to conduct direct advertising. In this case, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising (Article 21 GDPR).

If you object to the processing for direct advertising purposes, the personal data will no longer be processed for these purposes.

The objection can be made form-free at any time via one of the contact options provided in this privacy policy or in our imprint.

Right to complain

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR (Article 77 GDPR). You may exercise this right before a supervisory authority in the member state in which you reside, work or where the suspected infringement takes place. In Hessen, Germany, the responsible supervisory authority is „Der Hessische Beauftragte für Datenschutz und Informationsfreiheit“.

You can find more information at the following link:

Of course, you can also contact us directly if you are dissatisfied or have questions about privacy. The quickest way to reach both our internal and external contact person on the subject of data protection under the following contact data:

Immundiagnostik AG
Tel.: +49 6251 70190-0

Requirement to provide personal data

There is basically no obligation to provide data. However, providing data may be required to use certain features or to enter into a contract. If you do not provide the necessary data, you will not be able to use certain features or services, or a contract may not be finalized.