Privacy Policy

At Platomics, we are commited to protecting your personal data. In this privacy statement we explain how we gather and use your personal data. We handle your data with great responsibility and in accordance with EU data protection law.

This privacy policy was published on November 28, 2024

Controller

The controller for all processing of your personal data described below is

Platomics GmbH
Jakov-Lind-Strasse 15/3
1020 Vienna, Austria
info@platomics.com

Contact details for our data protection officer:

E-Mail privacy@platomics.com

or via post

DPO c/o Platomics GmbH
Jakov-Lind-Strasse 15/3
1020 Wien

Using our public website https://www.platomics.com

Webserver and Logfiles

In a nutshell: When accessing or interacting with our platform, your browser exchanges information with our web-servers. This data is automatically stored in so-called logfiles. Additionally, we store essential cookies on your device and process personal data on our webservers.

Purpose: Our webservers process your data in order to deliver the requested website to your browser. We save all requests in logfiles to guarantee the security and functioning of our website.

Categories of data: Essential cookies according to our cookie policy, Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints)

Legal basis: Providing the requested online content and guaranteeing the security and functioning of our website are our legitimate interests. We thus process your data in accordance with Art 6 (1) (f ) GDPR.

Storage period: We delete our logfiles automatically after 14 days. If we have reason to store the logfiles for a longer time period (e.g., following a security or safety incident), the storage period may be extended accordingly.

Recipients: Akamai Cloud Computing (Linode International Services Company) as a hosting provider, Hubspot HubSpot Privacy Policy and Data Processing Agreement

External service Google Analytical Statistics

You can choose to activate/deactivate cookies here:

In a nutshell: With your consent we use an external analytics provider (Google Analytics) to gain information about your interaction with our public website. Please refer to the privacy policy of Google Analytics for additional information. The usage of this analytical service is optional.

Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework

Purpose: We would like to understand how you use our website and gain insights about our visitors so we can improve its design and functionality.

Categories of data: Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints, Geolocation, Behavior data); additional cookies according to our cookie policy will be stored on your device

Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”

Storage period: We store your data until you withdraw your consent.

Recipients: Google Ireland Limited (located at Gordon House, Barrow Street, Dublin 4, Ireland) and Google LLC (located at 1600 Amphitheatre Parkway, Mountain View, California 94043, USA), Hubspot HubSpot Privacy Policy and Data Processing Agreement

External service: Google Fonts

You can choose to activate/deactivate cookies here:

In a nutshell: With your consent we use Google Fonts to provide a better experience when interacting with our public website.

Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework.

Purpose: We would like to provide a better experience when interacting with our public website.

Categories of data: Technical data (Timestamp, IP address, HTTP header fields, Referrer URL)

Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”.

Storage period: We store your data until you withdraw your consent.

Recipients: Google Ireland Limited (located at Gordon House, Barrow Street, Dublin 4, Ireland) and Google LLC (located at 1600 Amphitheatre Parkway, Mountain View, California 94043, USA)

External service: HubSpot Analytics

You can choose to activate/deactivate cookies here:

In a nutshell: With your consent we use HubSpot Analytics to connect your interaction with our public website to our Customer Relationship Management and Business Development Activity.

Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework.

Purpose: In a B2B-context we would like to gain insights about existing and potential customers to offer them tailored services and products.

Categories of data: Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints) combined with existing data in our CRM Database (customer relationship management); additional cookies according to our cookie policy will be stored on your device.

Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”

Storage period: We store your data until you withdraw your consent.

Recipients: Hubspot HubSpot Privacy Policy and Data Processing Agreement

External service: Meta

In a nutshell: With your consent we integrate the external service Facebook and embed it in our website. Please refer to the privacy policy of Meta for additional information. The usage of this external service is optional.

Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework.

Purpose: We would like to provide additional services on our website for better interaction with our website visitors.

Categories of data: Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints); additional cookies according to our cookie policy will be stored on your device

Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”

Storage period: We store your data until you withdraw your consent.

Recipients: Meta Privacy Policy – How Meta collects and uses user data

External service: Google Maps

You can choose to activate/deactivate cookies here:

In a nutshell: With your consent we integrate the external service Google Maps and embed it in our website. Please refer to the privacy policy of Meta for additional information. The usage of this external service is optional.

Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework.

Purpose: We would like to provide additional services on our website for better user experience.

Categories of data: Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints); additional cookies according to our cookie policy will be stored on your device

Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”

Storage period: We store your data until you withdraw your consent.

Recipients: Google, Address Gordon House, Barrow Street, Dublin 4, Ireland, Privacy Policy – Privacy & Terms – Google

External service: Vimeo

You can choose to activate/deactivate cookies here:

In a nutshell: With your consent we integrate the external service Vimeo and embedd it into our website. Please refer to the privacy policy of Meta for additional information. The usage of this external service is optional.

Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework

Purpose: We would like to provide additional services on our website for better interaction with our website visitors

Categories of data: Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints); additional cookies according to our cookie policy will be stored on your device

Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”.

Storage period: We store your data until you withdraw your consent.

Recipient: Vimeo Inc., 330 West 34th Street, 5th Floor, New York, New York 10001, USA, Privacy Policy on Vimeo

External service: Hubspot Forms

You can choose to activate/deactivate cookies here:

In a nutshell: We use Hubspot Forms for user interaction with our website.

Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework

Purpose: We need forms for basic website functionality such as webinar registration.

Categories of data: Personal data (Name, E-Mail, telephone number and similar contact details), Business data (Company Name, Company address and similar company contact details), Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints) and other data as described in the form itself;

Legal basis: Answering your request might be necessary for the performance of a contract, to take steps prior to entering into a contract or for the purpose of our legitimate interest to ensure consumer satisfaction or fulfil legal obligations. We thus process your data in accordance with Art 6 (1) (b) GDPR or Art 6 (1) (f) GDPR.

Storage period: In general we store your data 7 years. In case additional regulations apply (e.g. medical device regulations) we might be obliged to extend the storage period according to the corresponding law.

Recipients: Hubspot HubSpot Privacy Policy and Data Processing Agreement

External service: Google reCAPTCHA

You can choose to activate/deactivate cookies here:

In a nutshell: We use Google reCAPTCHA to protect our website and services.

Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework

Purpose: Protecting our website and services is our legitimate interest.

Categories of data: IP address; Resources loaded including styles or images; User Google account information; Behavior such as scrolling on a page, moving the mouse, clicking on links, time spent completing forms, and typing patterns; Browser history; CSS information; Browser plug-ins; Cookies

Legal basis: Providing the requested online content and guaranteeing the security and functioning of our website are our legitimate interests. We thus process your data in accordance with Art 6 (1) (f) GDPR.

Storage period: We store your data until you withdraw your consent.

Wizards and Questionnaires

In a nutshell: We offer wizards and questionnaires to provide additional information and functionality to you. The usage of these external services is optional.

Purpose: We would like to provide additional services.

Categories of data: Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints);

Legal basis: We process your data for fulfilling a contract in accordance with Art 6 (1) (b) GDPR

Storage period: We usually store your data for a maximum of 12 months

Recipients: TYPEFORM SL, Calle de Pallars 108 (Aticco), 08018 – Barcelona (Spain)

Using our products and services https://platform.platomics.com

This privacy policy describes the data processing activities before and during the login to our products and services. The privacy policy that describes the data processing activities during our platform usage is available on the platform itself.

Webserver and Logfiles

In a nutshell: When visiting our platform, your browser exchanges information with our web-servers. This data is automatically stored in so-called logfiles.

Purpose: Our webservers process your data in order to deliver the requested website to your browser. We save all requests in logfiles to guarantee the security and functioning of our website.

Categories of data: Technical data (IP address, HTTP header fields, Device IDs, Device-Fingerprints, Browser-Fingerprints), User Identifiers, Role assignments and changes of role assignments

Legal basis: Providing and guaranteeing the security and functioning of our platform, products and services are our legitimate interests. We thus process your data in accordance with Art 6 (1) (f ) GDPR.

Storage period: We delete our logfiles automatically after 3 months. In case we require the logfiles for a longer time period (e.g. in case of a security or safety incident), the storage period may be extended accordingly.

Recipients / Categories of recipients: Processors (host service provider)

Login to our Platform

In a nutshell: When accessing the PlatoX Login page we will collect events about user activity and interaction. We will use this data to guarantee the security and functioning of our website. We will only disclose data to third parties like subprocessors that are subject to stringent measures according to GDPR. We will only use pseudonymous identifiers, which are considered anonymous for our processors.

Data transfer: This data processing activity includes transfer of data to recipients which are certified under the EU-U.S. Data Privacy Framework

Purpose: Platomics is providing an expert-tool for creating tailored documentation for regulatory requirements. To develop and improve this tool we need to gain knowledge about successful and failed access attempts to our platform.

Categories of data: Software activity event and timestamp, user interaction, IP address, device identifier, screen resolution, web browser user agent string, user identifier, tenant identifier.

Legal basis: Providing and guaranteeing the security and functioning of our platform, products and services are our legitimate interests. We thus process your data in accordance with Art 6 (1) (f ) GDPR.

Storage period: We store your data for up to twelve months. After that we may keep fully anonymized data for statistical purposes.

Recipients: Mixpanel Inc. Privacy Policy | Mobile & Web User Analytics | Mixpanel

Business activities

Customer request

In a nutshell: If you have any questions about our company, our Platform, our service(s), suggestions or complaints, you can contact us via e-mail, phone or other contact details published on our website, on our platform, in our manuals or provided elsewhere.

Purpose: We process your data in order to answer your request.

Categories of data: Contact details (name, address, e-mail address, telephone number, company name, responsibility within company); details of your request

Legal basis: Answering your request might be necessary for the performance of a contract, to take steps prior to entering into a contract or for the purpose of our legitimate interest to ensure consumer satisfaction or fulfil legal obligations. We thus process your data in accordance with Art 6 (1) (b) GDPR or Art 6 (1) (f) GDPR.

Storage period: In general we store your data 7 years. In case additional regulations apply (e.g. medical device regulations) we might be obliged to extend the storage period according to the corresponding law.

Recipients: Hubspot HubSpot Privacy Policy and Data Processing Agreement, Atlassian Privacy Policy | Atlassian and Data Processing Addendum | Atlassian

Newsletter

In a nutshell: We regularly provide interested customers with information on updates on our products, services, events, webinars in our newsletter. We may ask for feedback, market insights, improvements and your satisfaction with our services.

Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework

Purpose: If you subscribe, we process your data in order to send you our newsletter.

Categories of data: Contact details (name, company, e-mail address), business affiliation, market affiliation, service interests

Legal basis: In accordance with §174 (3) TKG 2021; After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”.

Storage period: We store your data until you withdraw your consent.

Recipients: Hubspot HubSpot Privacy Policy and Data Processing Agreement

Job application

In a nutshell: All job applications which we receive via e-mail, postal mail or directly via our website Join us – Platomics are processed by our applicant tracking system

Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework

Purpose: Recruitment is necessary for filling the vacant positions in an organization. It sources the candidates with the abilities and attitude which are required for achieving the objectives of an organization. It includes analyzing the job requirements, reviewing applications, screening, shortlisting and selecting the right candidates.

Categories of data: Name, Contact Details, curriculum vitae, prior positions, education, training certificates, testimonies, Notes of interviewers, additional data provided by the job applicant or collected during recruitment process

Legal basis: Pre-contractual obligations Art 6 (1) (b) GDPR

Storage period: Rejected applicants: 7 months

Recipients: Greenhouse Greenhouse privacy policy | Greenhouse

Information about open job positions

In a nutshell: With your consent we will store your contact information and application in our company internal applicant database and inform you about open job positions of our company. We may remind you via e-mail to give your consent to extend the storage period shortly before we delete your data.

Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework.

Purpose: Recruitment is necessary for filling the vacant positions in an organization. With consent of the data subject we may store existing job applications beyond the minimum storage period required by legal obligations.

Categories of data: Name, Contact Details, curriculum vitae, prior positions, education, training certificates, testimonies, Notes of interviewers, additional data provided by the job applicant or collected during recruitment process

Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”.

Storage period: We store your data up to 1 year or until you withdraw your consent

Recipients: Greenhouse Greenhouse privacy policy | Greenhouse

Customer Relationship Management and Business development

In a nutshell: We offer our services and tools in a business-to-business context. In this context no products or services are offered to consumers.

Data transfer: Platomics selected Data Hosting Location Europe. Certain metadata includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework.

Purpose: The purpose is managing Platomics relationships and interactions with customers and potential customers. It is also used to manage customer relationships across the entire customer lifecycle, spanning marketing, sales, digital commerce, and customer service interactions. It is also used to store customer and prospect contact information, identify sales opportunities, record service issues, and manage marketing campaigns.

Categories of data: internal identifiers, company details (industry sector, business name, business details, business contact details, public registration ids), contact details of employees or other natural persons associated with the business (name, title, function, postal address including shipping details, e-mail, telephone, messenger-id)

Legal basis: depending on the relationship we process the data according to Art. 6 Paragraph 1 lit. a GDPR (Consent of the data subject), Art. 6 Paragraph 1 lit. b GDPR (fulfillment of contract), Art. 6 Paragraph 1 lit. c GDPR (legal obligations), Art. 6 Paragraph 1 lit. f GDPR (legitimate interest of controller or third parties)

Storage period: In general we store your data 7 years. In case additional regulations apply (e.g. medical device regulations) we might be obliged to extend the storage period according to the corresponding law. If the data processing activity is based on your consent, we store your data until you withdraw your consent.

Recipients: Hubspot HubSpot Privacy Policy and Data Processing Agreement

UX research – unmoderated studies

In a nutshell: We are using Userlytics to perform UI/UX research activities. We use Userlytics services to perform UX research with existing PlatoX platform users and with other participants that are registered on the Userlytics platform.

Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework.

Purpose: We are performing activities in the are of UI/UX research and perform tests to develop and improve our products and services. We want to collect feedback about user experience.

Categories of data: E-Mail, Gender, demographic information, IP, Browser and session historical data, device info, answers to any screener questions prior to a test, any other information that is provided during a test

Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”.

Storage period: We store your data up to 1 year or until you withdraw your consent

Recipients: Userlytics Legal: Privacy Policy Testers

Direct E-Mail communication

In a nutshell: When communicating with Platomics via email, we may access and process personal data within the email.

Data transfer: This data processing activity includes transferring data to recipients certified under the EU-U.S. Data Privacy Framework.

Purpose: E-Mail communication is essential for Platomics operations, as the email inbox may contain customer and contractual partner communications vital for pre-contractual and contractual obligations of Platomics.

Categories of data: Sender email address, receiver email address, email metadata, personal data disclosed within the email, and file attachments containing personal data.

Legal basis: depending on the relationship we process the data according to Art. 6 Paragraph 1 lit. b GDPR (fulfillment of contract), Art. 6 Paragraph 1 lit. c GDPR (legal obligations), Art. 6 Paragraph 1 lit. f GDPR (legitimate interest of controller or third parties).

Information when personal data is not collected from the data subject: Please be aware that under certain circumstances, we might have a legitimate interest in accessing emails sent to personal mailboxes to maintain operations. This can occur for example during unplanned absences or when employees leave the company.

Please be aware that certain mailboxes may be accessed by multiple Platomics employees. This applies to the mailbox of our CEO and to non-personalized mailboxes. We will always preserve the confidentiality of emails and respect the right to privacy.

Storage period: In general we store your data 7 years. In case additional regulations apply (e.g. medical device regulations) we might be obliged to extend the storage period according to the corresponding law.

Recipients: Microsoft Microsoft Privacy Statement – Microsoft privacy

Activities in a shared responsibility

Instand NGS4P project – Joint controllers Meduni Graz, DKFZ, Platomics

In a nutshell: Platomics is participating in a project cofunded by the European Union. In this context Platomics and his partners received pseudonymous data for participation in research activities.

Purpose: The purpose is to develop solutions for personalized therapie in a project lead by Medizinische Universität Graz. (Medizinische Universität Graz | pioneering minds | medunigraz.at ) . The project is described here: Home. Platomics is only processing personal data as defined in the research study initiated by the research partners. All data processing activities are subject to a positive decision of ethic committees.

Categories of data: Patient name, Patient identifiers, Patient health data and health records, Pseudonymous patient identifiers, Patient age, Sex, Diagnosis, Processing metadata, molecular diagnostic data, Genetic data, Anonymized data (Performance numbers)

Legal basis: Consent (Art. 9, Par. 2, lit. a GDPR)

Storage period: in accordance with research project requirements

Recipients: Joint controllers Meduni Graz, DKFZ, Platomics

Instand NGS4P project – Joint controllers Meduni Graz, Platomics

In a nutshell: Platomics is participating in a project cofunded by the European Union. In this context Platomics and receives and processes pseudonymous data for participation in research activities.

Purpose: The purpose is to develop solutions for personalized therapie in a project lead by Medizinische Universität Graz. (Medizinische Universität Graz | pioneering minds | medunigraz.at ) . The project is described here: Home. Platomics is only processing personal data as defined in the research study initiated by the research partners. All data processing activities are subject to a positive decision of ethic committees.

Categories of data: Patient name, Patient identifiers, Patient health data and health records, Pseudonymous patient identifiers, Patient age, Sex, Diagnosis, Processing metadata, molecular diagnostic data, Genetic data, Anonymized data (Performance numbers)

Legal basis: Consent (Art. 9, Par. 2, lit. a GDPR)

Storage period: in accordance with research project requirements

Recipients: Joint controllers Meduni Graz, Platomics

Transfer of data to supervisory authorities, courts, notified bodies and other third parties

In a nutshell: We are subject to numerous legal regulations. In certain cases, we may be legally obliged to disclose personal data to courts or other authorities upon their request. This can also include audits by notified bodies or companies performing audits. In any case, we will make sure that the protection of your data is maintained. Our data protection officer and legal department is involved in any transfer to ensure that the rights and freedoms of data subjects are guaranteed.

Purpose: Platomics needs to comply with supervisory authorities, courts, notified bodies and other third parties

Categories of data: defined by the request

Legal basis: Art. 6 Paragraph 1 lit. c GDPR (legal obligations)

Your rights

Right of access

You have the right to request access to your personal data and to obtain information, inter alia, on the purpose of processing, the categories of data concerned, from which source the personal data originate, the recipients of your data, the duration of storage, etc.

Right to rectification, erasure & restriction of processing

If we process inaccurate or incomplete personal data, you have the right to rectification or completion of such data. You may also request the deletion of the personal data which has been processed unlawfully. Please note that you may exercise these rights only in respect of inaccurate, incomplete or unlawfully processed data. If it is unclear whether your personal data is inaccurate, incomplete, or unlawfully processed you may request us to restrict the processing of your data until this issue has been resolved.

Please note that these rights complement each other which means that you can request us to either rectify or complete or delete your data.

Right to object

If we process your data based on our legitimate interest, you have the right to object to the processing of your personal data on grounds relating to your particular situation. If you exercise your right, we will ask you to provide your reasons. You further have the right to object to where we process your personal data for our own purposes.

If we process your data based on your consent, processing will only take place in accordance with the purposes set out in the separate declaration of consent and to the extent you agreed therein. Any consent given may be revoked at any time with future effect (for example, you may object to the processing of your personal data for marketing and promotional purposes if you no longer consent to processing in the future).

Right to data portability

In certain cases, you have the right to receive your personal data processed by us in a structured, commonly used and machine-readable format (i.e., right to data portability). Where technically feasible, you may instruct us to transmit your data to a third party of your choice, unless data portability would require unreasonable efforts, affect the rights and freedoms of others or violate any legal obligations.

Right to appeal

If you have any concerns regarding data protection law, we hope that you will contact us first and we can address your concerns. However, despite all our efforts to ensure the protection and integrity of your data, you might remain dissatisfied. If you consider that we are unlawfully using your data, you may lodge a complaint with the Austrian Data Protection Authority.

Contact details of data protection authorities

Austrian data protection authorities

The contact details of the Austrian data protection can be found at
Kontakt

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien

Telephone: +43 1 52 152-0

E-Mail: dsb@dsb.gv.at

All EU data protection authorities

Contact details of all EU data protection authorities can be found at
Our Members | European Data Protection Board

Change history

Change on 29 Nov 2024

We added the Business activity “Direct E-Mail communication” to our privacy policy

We renamed the existing chapter “Instand NGS4P project” to “Instand NGS4P project – Joint controllers Meduni Graz, DKFZ, Platomics”.

We added a new chapter “Instand NGS4P project – Joint controllers Meduni Graz, Platomics”.

Change on 6 Aug 2024

We added the Business activity “UX research – unmoderated studies” to our privacy policy

Change on 26 Jul 2024

We added the possibility to deactivate cookies and revoke consent within the corresponding section of the privacy policy.

We added the main chapter “Using our products and services https://platform.platomics.com” with two data processing activities “Webserver and Logfiles” and “Login to our Platform”.

Change on 12 Apr 2024

We changed our hosting provider of our public website

We splitted the “External Services” into different services for a better transparency

We changed our applicant tracking tool from onlyfy to Greenhouse. Furthermore we clarified that all job applications will be processed by our new subprocessor greenhouse.

We added the Instand NGS4P project as an research activity in a shared responsibility together with public research institutes.

We added information about our Transfer of data to supervisory authorities, courts and other third parties.

We added a website with a list of all EU data protection authorities