The latest Platomics seminar on December 3: Proaktives Risikomanagement (in German) Register here
Privacy Policy
At Platomics, we are commited to protecting your personal data. In this privacy statement we explain how we gather and use your personal data. We handle your data with great responsibility and in accordance with EU data protection law.
This privacy policy was published on August 6, 2024
Controller
The controller for all processing of your personal data described below is
Platomics GmbH
Jakov-Lind-Strasse 15/3
1020 Vienna, Austria
info@platomics.com
Contact details for our data protection officer:
E-Mail privacy@platomics.com
or via post
DPO c/o Platomics GmbH
Jakov-Lind-Strasse 15/3
1020 Wien
Using our public website https://www.platomics.com
Webserver and Logfiles
In a nutshell: When accessing or interacting with our platform, your browser exchanges information with our web-servers. This data is automatically stored in so-called logfiles. Additionally, we store essential cookies on your device and process personal data on our webservers.
Purpose: Our webservers process your data in order to deliver the requested website to your browser. We save all requests in logfiles to guarantee the security and functioning of our website.
Categories of data: Essential cookies according to our cookie policy, Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints)
Legal basis: Providing the requested online content and guaranteeing the security and functioning of our website are our legitimate interests. We thus process your data in accordance with Art 6 (1) (f ) GDPR.
Storage period: We delete our logfiles automatically after 14 days. If we have reason to store the logfiles for a longer time period (e.g., following a security or safety incident), the storage period may be extended accordingly.
Recipients: Akamai Cloud Computing (Linode International Services Company) as a hosting provider, Hubspot HubSpot Privacy Policy and Data Processing Agreement
External service Google Analytical Statistics
You can choose to activate/deactivate cookies here:
In a nutshell: With your consent we use an external analytics provider (Google Analytics) to gain information about your interaction with our public website. Please refer to the privacy policy of Google Analytics for additional information. The usage of this analytical service is optional.
Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework
Purpose: We would like to understand how you use our website and gain insights about our visitors so we can improve its design and functionality.
Categories of data: Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints, Geolocation, Behavior data); additional cookies according to our cookie policy will be stored on your device
Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”
Storage period: We store your data until you withdraw your consent.
Recipients: Google Ireland Limited (located at Gordon House, Barrow Street, Dublin 4, Ireland) and Google LLC (located at 1600 Amphitheatre Parkway, Mountain View, California 94043, USA), Hubspot HubSpot Privacy Policy and Data Processing Agreement
External service: Google Fonts
You can choose to activate/deactivate cookies here:
In a nutshell: With your consent we use Google Fonts to provide a better experience when interacting with our public website.
Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework.
Purpose: We would like to provide a better experience when interacting with our public website.
Categories of data: Technical data (Timestamp, IP address, HTTP header fields, Referrer URL)
Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”.
Storage period: We store your data until you withdraw your consent.
Recipients: Google Ireland Limited (located at Gordon House, Barrow Street, Dublin 4, Ireland) and Google LLC (located at 1600 Amphitheatre Parkway, Mountain View, California 94043, USA)
External service: HubSpot Analytics
You can choose to activate/deactivate cookies here:
In a nutshell: With your consent we use HubSpot Analytics to connect your interaction with our public website to our Customer Relationship Management and Business Development Activity.
Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework.
Purpose: In a B2B-context we would like to gain insights about existing and potential customers to offer them tailored services and products.
Categories of data: Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints) combined with existing data in our CRM Database (customer relationship management); additional cookies according to our cookie policy will be stored on your device.
Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”
Storage period: We store your data until you withdraw your consent.
Recipients: Hubspot HubSpot Privacy Policy and Data Processing Agreement
External service: Meta
In a nutshell: With your consent we integrate the external service Facebook and embed it in our website. Please refer to the privacy policy of Meta for additional information. The usage of this external service is optional.
Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework.
Purpose: We would like to provide additional services on our website for better interaction with our website visitors.
Categories of data: Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints); additional cookies according to our cookie policy will be stored on your device
Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”
Storage period: We store your data until you withdraw your consent.
Recipients: Meta Privacy Policy – How Meta collects and uses user data
External service: Google Maps
You can choose to activate/deactivate cookies here:
In a nutshell: With your consent we integrate the external service Google Maps and embed it in our website. Please refer to the privacy policy of Meta for additional information. The usage of this external service is optional.
Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework.
Purpose: We would like to provide additional services on our website for better user experience.
Categories of data: Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints); additional cookies according to our cookie policy will be stored on your device
Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”
Storage period: We store your data until you withdraw your consent.
Recipients: Google, Address Gordon House, Barrow Street, Dublin 4, Ireland, Privacy Policy – Privacy & Terms – Google
External service: Vimeo
You can choose to activate/deactivate cookies here:
In a nutshell: With your consent we integrate the external service Vimeo and embedd it into our website. Please refer to the privacy policy of Meta for additional information. The usage of this external service is optional.
Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework
Purpose: We would like to provide additional services on our website for better interaction with our website visitors
Categories of data: Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints); additional cookies according to our cookie policy will be stored on your device
Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”.
Storage period: We store your data until you withdraw your consent.
Recipient: Vimeo Inc., 330 West 34th Street, 5th Floor, New York, New York 10001, USA, Privacy Policy on Vimeo
External service: Hubspot Forms
You can choose to activate/deactivate cookies here:
In a nutshell: We use Hubspot Forms for user interaction with our website.
Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework
Purpose: We need forms for basic website functionality such as webinar registration.
Categories of data: Personal data (Name, E-Mail, telephone number and similar contact details), Business data (Company Name, Company address and similar company contact details), Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints) and other data as described in the form itself;
Legal basis: Answering your request might be necessary for the performance of a contract, to take steps prior to entering into a contract or for the purpose of our legitimate interest to ensure consumer satisfaction or fulfil legal obligations. We thus process your data in accordance with Art 6 (1) (b) GDPR or Art 6 (1) (f) GDPR.
Storage period: In general we store your data 7 years. In case additional regulations apply (e.g. medical device regulations) we might be obliged to extend the storage period according to the corresponding law.
Recipients: Hubspot HubSpot Privacy Policy and Data Processing Agreement
External service: Google reCAPTCHA
You can choose to activate/deactivate cookies here:
In a nutshell: We use Google reCAPTCHA to protect our website and services.
Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework
Purpose: Protecting our website and services is our legitimate interest.
Categories of data: IP address; Resources loaded including styles or images; User Google account information; Behavior such as scrolling on a page, moving the mouse, clicking on links, time spent completing forms, and typing patterns; Browser history; CSS information; Browser plug-ins; Cookies
Legal basis: Providing the requested online content and guaranteeing the security and functioning of our website are our legitimate interests. We thus process your data in accordance with Art 6 (1) (f) GDPR.
Storage period: We store your data until you withdraw your consent.
Wizards and Questionnaires
In a nutshell: We offer wizards and questionnaires to provide additional information and functionality to you. The usage of these external services is optional.
Purpose: We would like to provide additional services.
Categories of data: Technical data (Timestamp, IP address, HTTP header fields, Referrer URL, Device IDs, Device-Fingerprints, Browser-Fingerprints);
Legal basis: We process your data for fulfilling a contract in accordance with Art 6 (1) (b) GDPR
Storage period: We usually store your data for a maximum of 12 months
Recipients: TYPEFORM SL, Calle de Pallars 108 (Aticco), 08018 – Barcelona (Spain)
Using our products and services https://platform.platomics.com
This privacy policy describes the data processing activities before and during the login to our products and services. The privacy policy that describes the data processing activities during our platform usage is available on the platform itself.
Webserver and Logfiles
In a nutshell: When visiting our platform, your browser exchanges information with our web-servers. This data is automatically stored in so-called logfiles.
Purpose: Our webservers process your data in order to deliver the requested website to your browser. We save all requests in logfiles to guarantee the security and functioning of our website.
Categories of data: Technical data (IP address, HTTP header fields, Device IDs, Device-Fingerprints, Browser-Fingerprints), User Identifiers, Role assignments and changes of role assignments
Legal basis: Providing and guaranteeing the security and functioning of our platform, products and services are our legitimate interests. We thus process your data in accordance with Art 6 (1) (f ) GDPR.
Storage period: We delete our logfiles automatically after 3 months. In case we require the logfiles for a longer time period (e.g. in case of a security or safety incident), the storage period may be extended accordingly.
Recipients / Categories of recipients: Processors (host service provider)
Login to our Platform
In a nutshell: When accessing the PlatoX Login page we will collect events about user activity and interaction. We will use this data to guarantee the security and functioning of our website. We will only disclose data to third parties like subprocessors that are subject to stringent measures according to GDPR. We will only use pseudonymous identifiers, which are considered anonymous for our processors.
Data transfer: This data processing activity includes transfer of data to recipients which are certified under the EU-U.S. Data Privacy Framework
Purpose: Platomics is providing an expert-tool for creating tailored documentation for regulatory requirements. To develop and improve this tool we need to gain knowledge about successful and failed access attempts to our platform.
Categories of data: Software activity event and timestamp, user interaction, IP address, device identifier, screen resolution, web browser user agent string, user identifier, tenant identifier.
Legal basis: Providing and guaranteeing the security and functioning of our platform, products and services are our legitimate interests. We thus process your data in accordance with Art 6 (1) (f ) GDPR.
Storage period: We store your data for up to twelve months. After that we may keep fully anonymized data for statistical purposes.
Recipients: Mixpanel Inc. Privacy Policy | Mobile & Web User Analytics | Mixpanel
Business activities
Customer request
In a nutshell: If you have any questions about our company, our Platform, our service(s), suggestions or complaints, you can contact us via e-mail, phone or other contact details published on our website, on our platform, in our manuals or provided elsewhere.
Purpose: We process your data in order to answer your request.
Categories of data: Contact details (name, address, e-mail address, telephone number, company name, responsibility within company); details of your request
Legal basis: Answering your request might be necessary for the performance of a contract, to take steps prior to entering into a contract or for the purpose of our legitimate interest to ensure consumer satisfaction or fulfil legal obligations. We thus process your data in accordance with Art 6 (1) (b) GDPR or Art 6 (1) (f) GDPR.
Storage period: In general we store your data 7 years. In case additional regulations apply (e.g. medical device regulations) we might be obliged to extend the storage period according to the corresponding law.
Recipients: Hubspot HubSpot Privacy Policy and Data Processing Agreement, Atlassian Privacy Policy | Atlassian and Data Processing Addendum | Atlassian
Newsletter
In a nutshell: We regularly provide interested customers with information on updates on our products, services, events, webinars in our newsletter. We may ask for feedback, market insights, improvements and your satisfaction with our services.
Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework
Purpose: If you subscribe, we process your data in order to send you our newsletter.
Categories of data: Contact details (name, company, e-mail address), business affiliation, market affiliation, service interests
Legal basis: In accordance with §174 (3) TKG 2021; After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”.
Storage period: We store your data until you withdraw your consent.
Recipients: Hubspot HubSpot Privacy Policy and Data Processing Agreement
Job application
In a nutshell: All job applications which we receive via e-mail, postal mail or directly via our website Career – Platomics are processed by our applicant tracking system
Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework
Purpose: Recruitment is necessary for filling the vacant positions in an organization. It sources the candidates with the abilities and attitude which are required for achieving the objectives of an organization. It includes analyzing the job requirements, reviewing applications, screening, shortlisting and selecting the right candidates.
Categories of data: Name, Contact Details, curriculum vitae, prior positions, education, training certificates, testimonies, Notes of interviewers, additional data provided by the job applicant or collected during recruitment process
Legal basis: Pre-contractual obligations Art 6 (1) (b) GDPR
Storage period: Rejected applicants: 7 months
Recipients: Greenhouse Greenhouse privacy policy | Greenhouse
Information about open job positions
In a nutshell: With your consent we will store your contact information and application in our company internal applicant database and inform you about open job positions of our company. We may remind you via e-mail to give your consent to extend the storage period shortly before we delete your data.
Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework.
Purpose: Recruitment is necessary for filling the vacant positions in an organization. With consent of the data subject we may store existing job applications beyond the minimum storage period required by legal obligations.
Categories of data: Name, Contact Details, curriculum vitae, prior positions, education, training certificates, testimonies, Notes of interviewers, additional data provided by the job applicant or collected during recruitment process
Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”.
Storage period: We store your data up to 1 year or until you withdraw your consent
Recipients: Greenhouse Greenhouse privacy policy | Greenhouse
Customer Relationship Management and Business development
In a nutshell: We offer our services and tools in a business-to-business context. In this context no products or services are offered to consumers.
Data transfer: Platomics selected Data Hosting Location Europe. Certain metadata includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework.
Purpose: The purpose is managing Platomics relationships and interactions with customers and potential customers. It is also used to manage customer relationships across the entire customer lifecycle, spanning marketing, sales, digital commerce, and customer service interactions. It is also used to store customer and prospect contact information, identify sales opportunities, record service issues, and manage marketing campaigns.
Categories of data: internal identifiers, company details (industry sector, business name, business details, business contact details, public registration ids), contact details of employees or other natural persons associated with the business (name, title, function, postal address including shipping details, e-mail, telephone, messenger-id)
Legal basis: depending on the relationship we process the data according to Art. 6 Paragraph 1 lit. a GDPR (Consent of the data subject), Art. 6 Paragraph 1 lit. b GDPR (fulfillment of contract), Art. 6 Paragraph 1 lit. c GDPR (legal obligations), Art. 6 Paragraph 1 lit. f GDPR (legitimate interest of controller or third parties)
Storage period: In general we store your data 7 years. In case additional regulations apply (e.g. medical device regulations) we might be obliged to extend the storage period according to the corresponding law. If the data processing activity is based on your consent, we store your data until you withdraw your consent.
Recipients: Hubspot HubSpot Privacy Policy and Data Processing Agreement
UX research – unmoderated studies
In a nutshell: We are using Userlytics to perform UI/UX research activities. We use Userlytics services to perform UX research with existing PlatoX platform users and with other participants that are registered on the Userlytics platform.
Data transfer: This data processing activity includes data transfer to recipients which are certified under the EU-U.S. Data Privacy Framework.
Purpose: We are performing activities in the are of UI/UX research and perform tests to develop and improve our products and services. We want to collect feedback about user experience.
Categories of data: E-Mail, Gender, demographic information, IP, Browser and session historical data, device info, answers to any screener questions prior to a test, any other information that is provided during a test
Legal basis: After you give your consent we process your data in accordance with Art 6 (1) (a) GDPR “Consent”.
Storage period: We store your data up to 1 year or until you withdraw your consent
Recipients: Userlytics
Activities in a shared responsibility
Instand NGS4P project
In a nutshell: Platomics is participating in a project cofunded by the European Union. In this context Platomics and his partners received pseudonymous data for participation in research activities.
Purpose: The purpose is to develop solutions for personalized therapie in a project lead by Medizinische Universität Graz. (Medizinische Universität Graz | pioneering minds | medunigraz.at ) . The project is described here: Home. Platomics is only processing personal data as defined in the research study initiated by the research partners. All data processing activities are subject to a positive decision of ethic committees.
Categories of data: Patient name, Patient identifiers, Patient health data and health records, Pseudonymous patient identifiers, Patient age, Sex, Diagnosis, Processing metadata, molecular diagnostic data, Genetic data, Anonymized data (Performance numbers)
Legal basis: Consent (Art. 9, Par. 2, lit. a GDPR)
Storage period: in accordance with research project requirements
Recipients: Joint controllers Meduni Graz, DKFZ, Platomics,
Transfer of data to supervisory authorities, courts, notified bodies and other third parties
In a nutshell: We are subject to numerous legal regulations. In certain cases, we may be legally obliged to disclose personal data to courts or other authorities upon their request. This can also include audits by notified bodies or companies performing audits. In any case, we will make sure that the protection of your data is maintained. Our data protection officer and legal department is involved in any transfer to ensure that the rights and freedoms of data subjects are guaranteed.
Purpose: Platomics needs to comply with supervisory authorities, courts, notified bodies and other third parties
Categories of data: defined by the request
Legal basis: Art. 6 Paragraph 1 lit. c GDPR (legal obligations)
Your rights
Right of access
You have the right to request access to your personal data and to obtain information, inter alia, on the purpose of processing, the categories of data concerned, from which source the personal data originate, the recipients of your data, the duration of storage, etc.
Right to rectification, erasure & restriction of processing
If we process inaccurate or incomplete personal data, you have the right to rectification or completion of such data. You may also request the deletion of the personal data which has been processed unlawfully. Please note that you may exercise these rights only in respect of inaccurate, incomplete or unlawfully processed data. If it is unclear whether your personal data is inaccurate, incomplete, or unlawfully processed you may request us to restrict the processing of your data until this issue has been resolved.
Please note that these rights complement each other which means that you can request us to either rectify or complete or delete your data.
Right to object
If we process your data based on our legitimate interest, you have the right to object to the processing of your personal data on grounds relating to your particular situation. If you exercise your right, we will ask you to provide your reasons. You further have the right to object to where we process your personal data for our own purposes.
Right to revoke consent
If we process your data based on your consent, processing will only take place in accordance with the purposes set out in the separate declaration of consent and to the extent you agreed therein. Any consent given may be revoked at any time with future effect (for example, you may object to the processing of your personal data for marketing and promotional purposes if you no longer consent to processing in the future).
Right to data portability
In certain cases, you have the right to receive your personal data processed by us in a structured, commonly used and machine-readable format (i.e., right to data portability). Where technically feasible, you may instruct us to transmit your data to a third party of your choice, unless data portability would require unreasonable efforts, affect the rights and freedoms of others or violate any legal obligations.
Right to appeal
If you have any concerns regarding data protection law, we hope that you will contact us first and we can address your concerns. However, despite all our efforts to ensure the protection and integrity of your data, you might remain dissatisfied. If you consider that we are unlawfully using your data, you may lodge a complaint with the Austrian Data Protection Authority.
Contact details of data protection authorities
Austrian data protection authorities
The contact details of the Austrian data protection can be found at
https://www.dsb.gv.at/ueber-die-website/kontakt.html
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien
Telephone: +43 1 52 152-0
E-Mail: dsb@dsb.gv.at
All EU data protection authorities
Contact details of all EU data protection authorities can be found at
https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
Change history
Change on 6 Aug 2024
We added the Business activity “UX research – unmoderated studies” to our privacy policy
Change on 26 Jul 2024
We added the possibility to deactivate cookies and revoke consent within the corresponding section of the privacy policy.
We added the main chapter “Using our products and services https://platform.platomics.com” with two data processing activities “Webserver and Logfiles” and “Login to our Platform”.
Change on 12.04.2024
We changed our hosting provider of our public website
We splitted the “External Services” into different services for a better transparency
We changed our applicant tracking tool from onlyfy to Greenhouse. Furthermore we clarified that all job applications will be processed by our new subprocessor greenhouse.
We added the Instand NGS4P project as an research activity in a shared responsibility together with public research institutes.
We added information about our Transfer of data to supervisory authorities, courts and other third parties.
We added a website with a list of all EU data protection authorities