Redirect to:

Similar terms

    Manufacturers

      Content

        Categories

          Blog posts

            Shopping worlds

              Product Suggestions

                Privacy policy

                 

                The controller in the sense of the General Data Protection Regulation (GDPR) and other national data protection acts and other data protection legislation is:
                 
                Sarstedt AG & Co.
                KG
                Sarstedtstraße 1
                51588 Nümbrecht
                Tel: +49 (0) 2293 305 0
                Fax: +49 (0) 2293 305 2470
                E-mail:
                info@sarstedt.com

                If you would like to request access to information or the rectification, blocking or erasure of personal data or if you have questions regarding the use, collection or processing of your personal data, please contact:
                SARSTEDT AG & Co. KG, Sarstedtstraße 1, 51588 Nümbrecht, Germany, e-mail:
                datenschutz@sarstedt.com  Tel.: +49 2293 305 0, Fax: +49 2293 305 2470


                For the sake of legibility, separate male and female personal pronouns are not used.

                 

                1. General information on data processing

                1.1. Processing of personal data and its purpose

                SARSTEDT AG & Co. KG (‘Sarstedt’ or ‘we’) only collects and uses the personal data of our users in so far as necessary to provide a functional website as well as our content and services. When you visit our website, the following data will be processed:

                • IP address of the user
                • Browser (type, version, language)
                • Operating system
                • ISP of the user
                • Date and time of the visit to our website
                • Files accessed on our website
                • The website the user was previously visiting
                • The website the user visits after our Website

                The processing and temporary storage of an IP address is necessary for the purpose of transmitting the website to the computer of the user. The IP address of the user has to be stored for the duration of the session. The log files contain IP addresses and other data that can be attributed to the user. It is stored in log files to guarantee the functionality of the website. Additionally, the data enable us to optimise the website and ensure the security of our IT systems. Any processing of personal data is exclusively for these purposes and to the extent necessary to achieve these purposes. These data will not be used for the purposes of marketing, customer advice or market research.

                1.2. Legal grounds for the processing of personal data

                As a rule, the personal data of our users are processed with the consent of the user. This does not apply to cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by statutory provisions. Point (f) of Article 6 (1) GDPR serves as the legal grounds for the storage of the data and log files.

                1.3. Erasure of data and duration of storage

                The personal data of data subjects will be erased or blocked by us as soon as the purpose for which they were stored has been achieved. If the data have been processed in order to make the website available, they will be deleted when the session ends. If the personal data have been stored in log files, they will be deleted within no more than 30 days. Storage for an extended period is possible provided that the IP addresses of the user are deleted or anonymised in order to prevent them from being associated with the visiting client. 

                2. Cookies

                We use cookies at several points on our website. When the user visits a website, a cookie can be installed on the operating system of the user. A cookie contains a distinctive character string that makes it possible to unequivocally identify the browser when it visits our website again. The cookies store and transmit the following data:

                • Language settings
                • Log-in information.

                We use cookies in order to make our website more user-friendly. Point (f) of Article 6 (1) GDPR serves as the legal grounds for the processing of personal data using cookies. Cookies are stored on the computer of the user and transmitted to our website from there. Users can change the settings in their browsers to deactivate or limit the transfer of cookies. Cookies that are already on your computer can be deleted at any time. The users themselves are responsible for the settings of the cookies. If cookies are deactivated for our website, this might result in some of the features of the website not being fully available. 

                3. Tools

                3.1. Amazon Cloud Front:

                In order to reduce the loading times of our website, our website uses Amazon Cloud Front (Content Delivery Network (CDN)) which is provided by Amazon Web Services, Inc., P.O. Box 81226, Seattle, WA 98108, USA. Under certain circumstances, the personal data of users are transmitted to Amazon. Users of the website can prevent this by deactivating the JavaScript in their browsers. For more information, see the privacy policy of Amazon CloudFront – Content Delivery Network (CDN): https://aws.amazon.com/compliance/data-privacy-faq

                3.2. Payment Service Provider (PSP)

                On this website, payment is possible via the payment service of EVO Payments International GmbH, Elsa-Brändström-Straße 10-12, 50668 Köln, Germany (EVO).
                 
                The following payment methods are processed by EVO: Mastercard, Giropay, American express, Visa
                  
                We also transfer personal data such as bank details or credit card numbers to EVO. This type of processing is necessary for checking and settling the payment order, which is arranged in order to fulfill the contract you have concluded with us. The legal basis is Art. 6 para. 1 lit. b) GDPR. For more information, please see EVO's privacy policy: https://www.evopayments.eu/en/data-protection 

                Where you wish to execute the payment for our services online, we use services of Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA („Stripe“) for our payment processing based on Art. 6 para. 1 sent. 1 lit. f GDPR (legitimate interest). Thereby and unless otherwise indicated below, Stripe acts as data processor and its affiliates (“Stripe Payments Europe Limited”, “Stripe Technology Europe Limited” and “Stripe Payments UK Limited”) act as its sub-processors. During the payment process, if you choose to pay with your credit card, you will be asked to enter your card information, which will be securely transferred to and processed by Stripe. To process and authenticate the online payment transactions, Stripe may use your Personal Data (e.g. credit card number, the amount and the date of payment).During the transaction, Stripe might obtain and process personal information about you received through the services or from third parties in order to determine your identity and prevent fraudulent activities. The legal basis for such a processing through Stripe (as a controller) will be Art. 6 para. 1 sent. 1 lit. c or f GDPR (legitimate interest). In addition, if you wish to receive a receipt of your payment transaction from Stripe, you can opt to enter your name, email and billing address. This information will be securely transferred to and processed from Stripe based on Art. 6 para. 1 sent. 1 lit. a GDPR (consent). Stripe might transfer your personal data to third countries, including the United States. For information on which measures Stripe takes to ensure that any such transfers comply with applicable data protection laws, please see https://stripe.com/privacy-center/legal#data-transfers. Stripe may also place Cookies in order to enable the transaction (see Sec. 2.1 lit. b). For more information on how Stripe processes your personal data, please see Stripe’s Privacy Policy.

                3.3. Avalara (Tax compliance)

                Protection of Customer Data, Personal Information, and Confidential Information. Avalara shall implement and maintain commercially reasonable and appropriate technical, administrative, and physical safeguards and security methods designed to prevent any unauthorized release, access to or publication of Customer Data, Confidential Information, or Personal Information. Avalara shall implement processes and maintain procedures designed to comply with Applicable Laws and shall facilitate Customer’s compliance with its data security obligations with respect to Personal Information in Avalara’s possession or control to the extent that Customer is required to comply with the following: (i) the U.K. Data Protection Act 1998; (ii) the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”) and any applicable laws enacted by an EU member state implementing the requirements of the regulation; (iii) the Australian Privacy Act 1988 and National Privacy Principles; (iv) the Canadian Personal Information Protection and Electronic Documents Act; (v) California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et seq. and implementing regulations (“CCPA”); and (vi) any amendments and successors to the aforementioned privacy laws, or any newly enacted Applicable Laws regarding privacy. The Agreement and the Documentation are Customer’s instructions for processing Customer Data, and Avalara shall not process Customer Data for any other purpose.  The Avalara Data Processing Addendum is incorporated by this reference and is located at https://www.avalara.com/GDPR-DPA. Avalara may use subcontractors to facilitate its obligations under the Agreement. Avalara shall use commercially reasonable measures to ensure that such subcontractors implement and comply with reasonable security measures in handling any Customer’s Data, Personal Information, or Confidential Information.

                3.4 Google Analytics

                If you have given your consent, Google Analytics, a web analysis service of Google Ireland Limited ("Google") is used on this website. The use includes the "Universal Analytics" operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices.

                Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users interact with the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. We would like to point out that on this website Google Analytics has been extended to include IP anonymisation in order to ensure anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/gb.html or https://policies.google.com/?hl=en.

                We use Google signals. When you visit our website, Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other things. This data can be used for personalised advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal is linked to your Google account and used for personalised advertising messages. The data is also used to compile anonymised statistics on the user behaviour of our users.

                Purposes of the Processing
                On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.

                Legal Basis
                The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

                Recipients or Categories of Recipients
                The recipient of the collected data is Google.

                Transfer to Third Countries
                Personal data will be transferred to the USA under the EU-US Privacy Shield on the basis of the European Commission's adequacy decision. You can download the certificate here.

                Duration of Data Storage
                The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

                Rights of the Persons affected
                You can revoke your consent at any time with effect for the future by blocking the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functionalities of this website to their full extent.

                You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the Browser Add-on. Opt-out cookies will prevent future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt-out on all systems used. 

                 4. Contact form and e-mail correspondence

                Our website features a contact form that can be used to contact us electronically. If a user makes use of the form, the data entered in the contact form will be transmitted to us and stored:

                • General enquiry (voluntary)
                • Salutation
                • Title (voluntary)
                • First name 
                • Last name
                • Phone number
                • Company
                • Sarstedt Account Number (voluntary)
                • Order number (voluntary)
                • Lot (voluntary)
                • Address (street, town/city, post code) (voluntary)
                • Country
                • E-mail address
                • Free field for custom text
                • IP address of the user
                • Date and time of sending.

                By completing the contact form, you consent to the processing of the data you provide. Alternatively, you can contact us at the e-mail address provided. In this case, the personal data of the user that are transmitted along with the e-mail will be stored by us. When the user has provided consent, point (a) of Article 6 (1) GDPR serves as the legal grounds for the processing of data. Point (f) of Article 6 (1) GDPR serves as the legal grounds when personal data are transmitted as part of sending an e-mail. Point (b) of Article 6 (1) GDPR serves as the legal grounds when the correspondence is aimed towards concluding a contract. The data will be used exclusively to process the correspondence. In this context, no data are disclosed to third parties. The personal data from the contact form and the data sent by e-mail will be erased when the conversation with the user is finished, i.e. as soon as the circumstances imply that the matter in question has been resolved. The additional personal data collected during the sending process will be erased within no more than seven days.

                The user can revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his/her personal data at any time. In this case, the message cannot be processed and the correspondence cannot be continued. In this case, all personal data stored as part of the correspondence will be erased.

                 5. Google Maps

                Our website uses Google Maps API to display geographical information visually. When Google Maps is used, Google also processes data concerning how users of the website use the features of Google Maps. For more information on data processing by Google, see the Google Privacy Policy at https://policies.google.com/privacy?hl=us.

                 6. Newsletter

                Users of our website can subscribe to a free newsletter. If a user subscribes to our newsletter, we will process the following personal data:

                • Salutation (voluntary)
                • First name, surname (voluntary)
                • Country
                • E-mail address 
                • Area of work (voluntary)
                • Interests (voluntary)
                • IP address of the computer accessing the website
                • Date and time of registration.

                The consent of the user to the processing of the data will be requested as part of the subscription procedure and reference will be made to this privacy policy. No data are disclosed to third parties in connection with the processing of data for the purposes of sending newsletters. The data will be used exclusively for the purposes of sending the newsletter. When the user has subscribed to the newsletter, point (a) of Article 6 (1) GDPR serves as the legal grounds for the processing of personal data. We will store the personal data of the user for as long as the newsletter subscription is active. The subscription can be cancelled at any time by clicking the link contained in every newsletter. The personal data will then be erased immediately.

                7. Security

                Sarstedt has implemented technical and organisational security measures to protect the personal data of users against accidental or intentional manipulation, loss, destruction and hacking. We continuously improve our security measures to keep pace with technological developments.

                8. Rights of the data subject

                If Sarstedt processes your personal data, you are a data subject in the sense of Article 4 (1) GDPR and have the following rights with regard to Sarstedt:

                8.1. Right to Information

                Pursuant to Article 15 GDPR, you can demand confirmation from us whether or not personal data concerning you are being processed by us. If personal data concerning you are being processed, you can request the following information from us:

                • the purposes of the processing;
                • the categories of personal data that are being processed;
                • the recipients or categories of recipient to which personal data concerning you have been or are being disclosed;
                • (if possible) the period for which the personal data will be stored by us, or if that is not possible, the criteria used to determine that period;
                • the existence of a right to rectify or erase the personal data concerning you, a right to restrict processing by us or a right to object to such processing;
                • the right to lodge a complaint with a supervisory authority;
                • all available information on the origins of the data if the personal data were not obtained from you;
                • the existence of automated individual decision-making, including profiling (Article 22 (1) and (4) GDPR), and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

                You are entitled to demand information on whether or not the controller intends to transfer personal data to a recipient in a third country or international organisation. In this context, you can request information on the appropriate safeguards referred to in Article 46 GDPR in connection with the transfer.

                8.2. Right to rectification

                Under Article 16 GDPR, you are entitled to obtain from us the rectification and/or completion of the personal data concerning you, provided that they are inaccurate or incomplete.

                8.3. Right to erasure

                Pursuant to Article 17 GDPR, you can demand that we erase your personal data without undue delay. We are obliged to erase your data without undue delay if one of the following criteria is met:

                • Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
                • You withdraw consent on which our processing is based according to point (a) of Article 6 (1) GDPR or point (a) of Article 9 (2) GDPR, and where there is no other legal ground for the processing.
                • You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.
                • The personal data concerning you have been unlawfully processed.
                • The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
                • Your personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

                Where we have made the personal data concerning you public and are obliged pursuant to Article 17 (1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

                The right to erasure does not apply to the extent that processing is necessary

                • for exercising the right of freedom of expression and information;
                • for compliance with a legal obligation to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
                • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 (2) GDPR as well as Article 9 (3) GDPR;
                • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR in so far as the right is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
                • for the establishment, exercise or defence of legal claims.

                8.4. Right to restriction of processing

                Under the following circumstances, pursuant to Article 18 GDPR, you can demand the restriction of the processing of the personal data concerning you:

                • if you contest the accuracy of the personal data concerning you for a period enabling us to verify the accuracy of the personal data;
                • if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
                • if we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
                • if you have objected to processing pursuant to Article 21 (1) GDPR pending the verification whether our legitimate grounds override your own.

                Where processing of personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If processing has been restricted in line with the criteria above, you will be informed by us before the restriction of processing is lifted.

                8.5. Right to notification

                In accordance with Article 19 GDPR, we shall communicate any rectification or erasure of personal data or restriction of processing to which you have exercised your right to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We must inform you about those recipients if you request it.

                8.6. Right to data portability

                Under Article 20 GDPR, you are entitled to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Additionally, you have the right to transmit those data to another controller without hindrance from us, where:

                • the processing is based on consent (point (a) of Article 6 (1) GDPR or point (a) of Article 9 (2) GDPR) or on a contract pursuant to point (b) of Article 6 (1) GDPR; and
                • the processing is carried out by automated means.

                In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible. This may not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

                8.7. Right to object

                Under Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 (1) GDPR, including profiling based on those provisions. We shall no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.

                8.8. Right to withdraw consent

                You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

                8.9. Automated individual decision-making, including profiling

                Under Article 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

                • is necessary for entering into, or performance of, a contract between you and us;
                • is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
                • is based on your explicit consent.

                8.10. Right to lodge a complaint with a supervisory authority

                Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, or applicable local governing body, in particular in the Member State or applicable local jurisdiction of your habitual residence, place of work or place of the alleged infringement if you consider that our processing of personal data relating to you infringes the General Data Protection Regulation.

                9. Responsibility for content and Information

                Our website contains links to third-party websites. When the links were placed, we examined the content of each third-party website for infringements of civil or criminal law. However, it cannot be ruled out that this content has since been changed by the provider. If you believe that linked third-party websites are infringing the law or have other inappropriate content, please let us know. We will follow up on your report and, if necessary, remove the link. Sarstedt is not responsible for the content or availability of the linked third-party websites.

                10. Inclusion and applicability of the privacy policy

                By using our website, you consent to the processing of data as described above. This privacy policy only applies to the online content of Sarstedt. Other data protection and data security provisions apply to linked third-party websites. See the legal information of each third-party website for information on who is responsible for the websites.

                The development of our website or the implementation of new technology might make it necessary to amend this privacy policy. We therefore reserve the right to amend this privacy policy at any time with future effect. The version of this privacy policy that is available when you visit the website is always the applicable version.

                 
                As at: September 2023

                 

                Viewed