Privacy Policy

We are pleased that you are visiting our website. Protecting and securing your personal information while using our website is very important to us. We would therefore like to inform you at this point about which of your personal data we collect when you visit our website and for what purposes it is used.

This privacy policy applies to Cellios's website, which can be accessed at the domain www.cellios.de and its various subdomains (“our website”).

Who is responsible and how can I reach you?

Responsible person

for the processing of personal data in accordance with the EU General Data Protection Regulation (GDPR)

 

Cellios GmbH

Cheruskerstraße 40, 70435 Stuttgart 


Represented by:

Arik Lämmle

Frank Nägele

 

Phone: +491735833894

Email: connect@cellios.de

Data Protection

Please feel free to send us your questions or suggestions at: connect@cellios.de

What is it about?

This privacy statement meets the legal requirements for transparency in the processing of personal data. These are all pieces of information that relate to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, phone number, date of birth, email address, IP address, or user behavior when visiting a website. Information where we cannot (or can only with disproportionate effort) establish a connection to your person, e.g. through anonymization, is not considered personal data. The processing of personal data (e.g. collection, inquiry, usage, storage, or transmission) always requires a legal basis and a defined purpose.

Stored personal data is deleted once the purpose of processing has been achieved and there are no legal grounds for further retention of the data. We inform you about the specific storage periods or criteria for retention within the individual processing operations. Independently of this, we store your personal data in individual cases for the assertion, exercise, or defense of legal claims and when there are legal retention obligations.

Who receives my data?

We only pass on your personal data, which we process on our website, to third parties if this is necessary for fulfilling the purposes and is covered by the legal basis in individual cases (e.g., consent or protection of legitimate interests). Furthermore, we pass on personal data to third parties in individual cases if this serves to assert, exercise, or defend legal claims. Possible recipients can include law enforcement agencies, attorneys, auditors, courts, etc.

If we use service providers for the operation of our website, who, in the context of order processing act on our behalf and process personal data according to Art. 28 GDPR, those service providers can be recipients of your personal data. You can find more detailed information about the use of order processors as well as web services in the overview of individual processing activities.

Do you use cookies?

Cookies are small text files that are sent to your device's browser and stored there during your visit to our website. Instead of using cookies, information can also be stored in your browser's local storage. Some functions on our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to conduct various analyses, which allow us, for example, to recognize the browser you are using when you return to our website and to transmit various pieces of information to us (non-essential cookies). With the help of cookies, we can make our website more user-friendly and efficient for you, by tracking your use of our site and identifying your preferred settings (e.g., country and language preferences). Whenever third parties process information through cookies, they obtain the information directly via your browser. Cookies do not cause any damage to your device. They cannot execute programs or contain viruses.

We provide information about the specific services for which we use cookies in each processing operation. Detailed information about the cookies used can be found in the cookie settings or the consent manager on this website.

Domain .cellios.de _ga: This cookie name is associated with Google Universal Analytics - an important update for Google's frequently used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client ID. It is included in every page request on a website and used to calculate visitor, session, and campaign data for website analytics reports. By default, it expires after 2 years, although this can be adjusted by website owners. Here, storage duration is approximately 1 year.
Domain .cellios.de _ga_6MN8KGTRB1: Not available, storage duration approximately 1 year.

 


What rights do I have?

Under the provisions of the legal regulations of the General Data Protection Regulation (GDPR), you as the data subject have the following rights:

  • Access according to Art. 15 GDPR to the data stored about you in the form of meaningful information on the details of the processing as well as a copy of your data;

  • Rectification according to Art. 16 GDPR of incorrect or incomplete data stored with us;

  • Erasure according to Art. 17 GDPR of the data stored with us, provided the processing is not required for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;

  • Restriction of processing according to Art. 18 GDPR, as long as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you reject its erasure because you need it for the establishment, exercise, or defense of legal claims, or you have objected to the processing according to Art. 21 GDPR.

  • Data portability according to Art. 20 GDPR, provided you have supplied us with personal data based on a consent according to Art. 6 para. 1 lit. a GDPR or on the basis of a contract according to Art. 6 para. 1 lit. b GDPR and this data has been processed by us using automated procedures. You will receive your data in a structured, common, and machine-readable format, or we will transmit the data directly to another controller, as far as this is technically feasible.

  • Objection according to Art. 21 GDPR against the processing of your personal data, as far as this is based on Art. 6 para. 1 lit. e, f GDPR and there are reasons arising from your particular situation or the objection is directed against direct marketing. The right of objection does not exist if compelling legitimate grounds for the processing can be demonstrated or the processing serves the assertion, exercise, or defense of legal claims. If the right to object does not exist for individual processing operations, this is indicated there.

  • Withdrawal according to Art. 7 para. 3 GDPR of your consent given with effect for the future.

  • Complaint according to Art. 77 GDPR with a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace, or our company headquarters.

 


How exactly is my data processed?

Below, we provide information about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data, and the respective storage duration. There is no automated decision-making in individual cases, including profiling.

Provision of the Website

Type and Scope of Processing

When accessing and using our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called logfile:

  • IP address of the requesting computer

  • Date and time of access

  • Name and URL of the retrieved file

  • Website from which access is made (Referrer URL)

  • Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Our website is not hosted by us directly, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.

 

Purpose and Legal Basis

The processing is carried out to preserve our overriding legitimate interest in displaying our website and ensuring security and stability based on Art. 6 para. lit. f GDPR. The collection of data and its storage in log files is essential for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 para. 1 GDPR. Insofar as further storage of the log files is legally required, processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but accessing our website is technically impossible without providing the data.

 

Storage Duration

The aforementioned data will be stored for the duration of the website display [and, for technical reasons, for a maximum of [14 months]] beyond that.

Presence on social media platforms

We maintain so-called fan pages or accounts or channels on the networks mentioned below to provide you with information and offers within social networks and to offer you additional ways to contact us and learn about our offers. Below, we inform you about the data we or the respective social network process from you in connection with accessing and using our fan pages/accounts.


 

Data we process abou you

If you wish to contact us via Messenger or Direct Message through the respective social network, we generally process your username through which you contact us and, if necessary, store other data you provide, insofar as this is required for processing/responding to your request.

The legal basis is Art. 6 para. 1 sentence 1 f) GDPR (processing is necessary for the protection of the legitimate interests of the controller).

(Static) usage data we receive from social networks

We receive automatically provided statistics through insights functionalities concerning our accounts. The statistics include, among other things, the total number of page views, likes, information about page activities and post interactions, reach, video views, as well as information about the male/female ratio among our fans/followers.

The statistics contain only aggregated data that cannot be related to individual persons. They are not identifiable to us through this data.

What data the social networks process from you

To view the content on our fan pages or accounts, you do not need to be a member of the respective social network, and therefore, no user account for the respective social network is required.

Please note, however, that social networks collect and store data from website visitors without a user account when visiting the respective social network (e.g., technical data to display the website to you) and use cookies and similar technologies, over which we have no control. Details can be found in the privacy policies of the respective social network (see the corresponding links above).

If you wish to interact with the content on our fan pages/accounts, such as commenting on, sharing, or liking our posts, and/or contacting us via messenger functions, prior registration with the respective social network and the provision of personal data is required.

We have no influence on data processing by social networks concerning your usage. To our knowledge, your data is particularly stored and processed in connection with providing services of the respective social network, and further analyzed to assess user behavior (using cookies, pixels/web beacons, and similar technologies), based on which interest-based advertising is displayed both within and outside the respective social network. It cannot be ruled out that your data is stored by social networks outside the EU/the EEA and shared with third parties.

Information about, among other things, the exact scope and purposes of processing your personal data, retention/deletion periods, and policies for using cookies and similar technologies in the context of registering and using social networks can be found in the privacy policies/cookie guidelines of the social networks. There you will also find information about your rights and possibilities to object.

Google Analytics

Type and Scope of Processing

We use Google Analytics by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our online offering, subpages visited, and the duration of visitors' stays.

Google Analytics uses cookies and other browser technologies to analyze user behavior and recognize users.

This information is used, among other things, to compile reports on website activity.

Purpose and Legal Basis

The use of Google Analytics is based on your consent according to Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. The data transfer to the USA is carried out according to Art. 45 para. 1 GDPR based on the adequacy decision of the European Commission. The involved US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where no adequacy decision of the European Commission exists (including those US companies not certified under the EU-U.S. DPF), we have agreed on other appropriate safeguards with the data recipients as per Art. 44 ff. GDPR. These are - unless otherwise indicated - standard contractual clauses of the EU Commission according to the Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Additionally, before such a third-country transfer, we obtain your consent according to Art. 49 para. 1 sentence 1 lit. a. GDPR, which you provide through the Consent Manager (or other forms, registrations, etc.). We point out that there may be unknown risks in detail with third-country transfers (e.g., data processing by the third country’s security authorities, the exact scope of which and its consequences for you are unknown to us, beyond our control, and possibly unnoticed by you).

Storage Duration

We have no influence over the specific storage period for the processed data; this is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

Google Tag Manager

Type and Scope of Processing

We use the Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through an interface and allows us to control the precise integration of services on our website.

This allows us to integrate additional services flexibly to evaluate users' access to our website.

Purpose and Legal Basis

The use of Google Tag Manager is based on your consent pursuant to Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. The data transfer to the USA is conducted pursuant to Art. 45 para. 1 GDPR based on the adequacy decision of the European Commission. The involved US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where no adequacy decision by the European Commission exists (including US companies not certified under the EU-U.S. DPF), we have agreed upon other appropriate safeguards with the data recipients in accordance with Art. 44 ff. GDPR. These are - unless otherwise stated - the standard contractual clauses of the EU Commission according to the Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Additionally, before such a transfer to a third country, we obtain your consent pursuant to Art. 49 para. 1 sentence 1 lit. a. GDPR, which you provide through consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that data transfers to third countries may involve risks (e.g., data processing by the security authorities of the third country, which we do not know in detail, have no influence over, and of which you may not be informed).

 

Storage Duration

The specific retention period of the processed data is not under our control, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

AWS CloudFront

Type and Scope of Processing

We use AWS CloudFront to properly deliver the content of our website. AWS CloudFront is a service by Amazon Web Services, Inc., which functions as a Content Delivery Network (CDN) on our website.

A CDN helps to deliver content from our online offering, especially files like graphics or scripts, more quickly using servers distributed regionally or internationally. When you access this content, you connect to servers of Amazon Web Services, Inc., transferring your IP address and possibly browser data like your user agent. This data is processed exclusively for the aforementioned purposes and to maintain the security and functionality of AWS CloudFront.

Purpose and Legal Basis

The use of the Content Delivery Network is based on our legitimate interests, i.e., the interest in a secure and efficient provision as well as the optimization of our online offerings in accordance with Art. 6 para. 1 lit. f. GDPR.

We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. The data transfer to the USA takes place pursuant to Art. 45 para. 1 GDPR based on the adequacy decision of the European Commission. The involved US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where there is no adequacy decision by the European Commission (including US companies not certified under the EU-U.S. DPF), we have agreed on other appropriate safeguards with the recipients of the data as defined in Art. 44 ff. GDPR. These are—unless otherwise specified—standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=DE .

Additionally, we obtain your consent for such third-country transfers in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you provide via the consent in the Consent Manager (or other forms, registrations, etc.). We point out to you that there may be unknown risks involved in third-country transfers (e.g., data processing by third-country security authorities, the precise scope of which and their consequences for you we do not know, over which we have no influence, and about which you may not become aware).

Storage Duration

We have no influence over the specific storage period for the processed data; this is determined by Amazon Web Services, Inc. Further information can be found in the privacy policy for AWS CloudFront: https://aws.amazon.com/de/privacy/.

YouTube Video

Type and Scope of Processing

We have integrated YouTube videos on our website. YouTube Video is a component of the video platform by YouTube, LLC, where users can upload content, share it via the internet, and receive detailed statistics.

YouTube Video allows us to integrate the platform's content into our website.

YouTube Video uses cookies and other browser technologies to evaluate user behavior, recognize users, and create user profiles. This information is used, among other things, to analyze activity of the associated content and generate reports. If a user is registered with YouTube, LLC, YouTube Video can associate the played videos with the user's profile.

When you access this content, you establish a connection to the servers of YouTube, LLC, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted.

Purpose and Legal Basis

The use of the service is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDG.

We intend to transfer personal data to third countries outside the European Economic Area, particularly to the USA. The data transfer to the USA is carried out according to Art. 45 para. 1 GDPR based on the adequacy decision of the European Commission. The involved US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where no adequacy decision by the European Commission exists (including the US companies not certified under the EU-U.S. DPF), we have arranged other suitable safeguards with the data recipients in accordance with Art. 44 ff. GDPR. These are - unless otherwise stated - standard contractual clauses of the EU Commission pursuant to the Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses under https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Additionally, before such a third-country transfer, we obtain your consent according to Art. 49 para. 1 sentence 1 lit. a. GDPR, which you grant via the Consent Manager (or other forms, registrations, etc.). We point out that third-country transfers may involve unknown risks in detail (e.g., data processing by the third country's security authorities, the precise scope of which and the consequences for you are unknown to us, over which we have no influence, and which you might not become aware of).

Storage Duration

We have no influence over the specific storage period for the processed data; this is determined by YouTube, LLC. Further information can be found in the privacy policy for YouTube Video: https://policies.google.com/privacy.

Google Maps

Type and Scope of Processing

We use Google Maps to create route descriptions. Google Maps is a service of Google Ireland Limited, which displays a map on our website.

When you access this content on our website, you connect to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, during which your IP address and possibly browser details such as your user agent are transmitted. These data are processed solely for the purposes mentioned above and to maintain the security and functionality of Google Maps.

Purpose and Legal Basis

The use of Google Maps is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

We intend to transfer personal data to third countries outside the European Economic Area, particularly the USA. Data transfer to the USA is carried out according to Art. 45 para. 1 GDPR on the basis of the European Commission's adequacy decision. The involved US companies and/or their US subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where no adequacy decision by the European Commission exists (including US companies not certified under EU-U.S. DPF), we have agreed upon other appropriate safeguards with the data recipients as per Art. 44 et seq. GDPR. These are, unless otherwise stated, standard contractual clauses of the EU Commission according to Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE .

Furthermore, before such a transfer to third countries, we obtain your consent according to Art. 49 para. 1 sentence 1 lit. a. GDPR, which you grant through consent in the Consent Manager (or other forms, registrations, etc.). We notify you that with third-country transfers, unknown risks (e.g., data processing by security authorities of the third country, the exact scope of which and the consequences for you are unknown to us, which we have no control over, and of which you may not become aware) can exist.

Storage Duration

We have no influence over the specific storage period for the processed data; this is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Maps: https://policies.google.com/privacy.