Privacy Policy

1) Information about the collection of personal data and contact details of the person responsible.
We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data in this context are all data with which you can be personally identified. Statistical data that we collect, for example, when you visit our website and that cannot be linked to your person do not fall under the term personal data. You can print or save this privacy policy by using the usual functionality of your browser.

The contact person and responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is

Cannaflos Research Labs Ltd.
No. 2, Geraldu Farrugia Street
Zebbug ZBG 4351, Malta
Telefon: +49 (0) 221 – 986 574 54
E-Mail: mail@seshat-genetics.com

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmissions and from third parties gaining knowledge. These are adapted to the current state of the art in each case. This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or requests to the person responsible). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

2) Data collection when visiting our website
During the mere informational use of our website, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
– Our visited website
– Date and time at the time of access
– Amount of data sent in bytes
– Source/reference from which you reached the page
– Browser used
– Operating system used
– IP address used (if applicable: in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively should concrete indications point to illegal use.

3) Contacting us
In the context of contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f DSGVO. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

4) Use of your data for direct advertising
We use your address in compliance with all legal provisions for sending postal advertising (postal advertising).

The legal basis for this is our legitimate interest in direct advertising in accordance with Art. 6 para. 1 lit. f in conjunction with recital 47 GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time. More specific regulations may be communicated to you during data collection and take precedence over this regulation.

Your address will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to postal advertising, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.

5) Data processing when opening a customer account and for the processing of contracts
On the basis of Art. 6 para. 1 lit. b DSGVO, we collect and process personal data if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending us a message.

We store and use the data you provide for contract processing using the cloud ERP software weclapp (weclapp GmbH, Frauenbergstraße 31-33, 35039 Marburg, Germany). This transfer takes place in accordance with Art. 6 (1) lit. f DSGVO and serves our legitimate interest of an efficient, secure and user-friendly management of your data. Weclapp performs data processing on behalf only in member states of the European Union or the European Economic Area.

In order to protect your data, we have concluded an order processing agreement with weclapp, in which we oblige weclapp to protect your data and not to pass it on to third parties.

The privacy policy of weclapp can be viewed here: https://www.weclapp.com/de/datenschutz/.

After complete execution of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiration of these periods, unless you have expressly consented to a further use of your data or a legally permitted further use of data has been reserved by our side, about which we inform you accordingly below.

6) Data processing in application procedures
If you send us an unsolicited application or apply for an advertised position, we will process your data for the purpose of carrying out the application process insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis for this is Section 26 para. 1 in conjunction with para. 8 sentence 2 BDSG and Art. 6 para. 1 b) GDPR.

If an employment relationship is established, we may process the personal data already received from you for the purposes of the employment relationship in accordance with Section 26 (1) BDSG and Art. 6 (1) b) GDPR if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of rights and obligations arising from a law.

As part of the application process, we process data related to your application. This may be general personal data (such as name, address and contact details), information on professional qualifications and school education or other information that you provide to us in connection with your application. We may also process job-related information that you have made publicly available, such as a profile on professional social media networks.

The data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers personnel administration and applicant management software (https://www.personio.de/impressum/). Personio is our processor in this context in accordance with Art. 28 GDPR. The basis for the processing is an order processing contract between us as the controller and Personio.

Your applicant data will be processed for the first time from the time of collection and generally deleted 6 months after completion of the application process.

If we do not make you a job offer, it may be possible to include you in our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool so that we can contact you if there are suitable vacancies.

Inclusion in the applicant pool takes place exclusively on the basis of your express consent (Art. 6 para. 1 lit. a GDPR). Giving consent is voluntary and is not related to the current application process. The data subject can withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

7) Note on data transfer to the USA
Among other things, we use tools from companies based in third countries that are not secure under data protection law and US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to these countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in third countries that are unsafe under data protection law.

We would like to point out that the USA, as a safe third country, generally has a level of data protection comparable to that of the EU. Data transfer to the USA is therefore permitted if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has suitable additional guarantees. Information on transfers to third countries, including the data recipients, can be found in this privacy policy.

8) Tools and miscellaneous

8.1 – Google Fonts
This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. Google Fonts are installed locally. There is no connection to Google servers.

Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

8.2 – Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

8.3 – Yoast SEO
We use plugins from Yoast SEO on our website. This is an offer from Yoast BV, Don Emanuelstraat 3, 6602 GX Wijchen, The Netherlands, Tel: +31 (0)24 82 00 337 (Chamber of Commerce / KvK: 55404367, VAT Number: NL851692540B01).
This plugin takes care of the complete technical optimization of our websites for search engines. It also supports the development of content. For more information, please refer to Yoast BV’s privacy policy, which you can view at https://yoast.com/privacy-policy/.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

9) Online presences in social media
We maintain online presences on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO, we maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users insofar as they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

10) Rights of the data subject
10.1 The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:
– Right of access pursuant to Art. 15 DSGVO: In particular, you have the right to obtain information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing that concern you, as well as your right to be informed about what guarantees exist in accordance with Art. 46 of the GDPR if your data is transferred to third countries;
– Right to rectification pursuant to Art. 16 DSGVO: You have the right to have any inaccurate data relating to you corrected without delay and/or to have any incomplete data stored by us completed;
– Right to deletion pursuant to Art. 17 DSGVO: You have the right to demand the deletion of your personal data if the requirements of Art. 17 (1) DSGVO are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
– Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being verified; if you refuse the erasure of your data due to unlawful data processing and instead request the restriction of the processing of your data; if you require your data for the assertion, exercise or defense of legal claims after we no longer need this data after the purpose has been achieved; or if you have lodged an objection for reasons relating to your particular situation as long as it has not yet been determined whether our legitimate grounds prevail;
– Right to information pursuant to Art. 19 DSGVO: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
– Right to data portability pursuant to Art. 20 DSGVO: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;
– Right to revoke consent given in accordance with Art. 7 (3) DSGVO: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
– Right to lodge a complaint pursuant to Art. 77 GDPR: If you consider that the processing of personal data concerning you infringes the GDPR, you have – without prejudice to any other administrative or judicial remedy – the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement.

10.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

11) Duration of storage of personal data
The duration of the storage of personal data is measured on the basis of the respective legal basis, the purpose of processing and – if relevant – additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of explicit consent pursuant to Art. 6 (1) a DSGVO, this data is stored until the data subject revokes his or her consent.
If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) DSGVO, this data will be routinely deleted after the retention periods have expired, provided that it is no longer required for the fulfillment or initiation of a contract and/or there is no legitimate interest on our part to continue storing it.
When processing personal data on the basis of Art. 6(1)(f) DSGVO, this data is stored until the data subject exercises his or her right to object pursuant to Art. 21(1) DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct marketing on the basis of Article 6 (1) (f) DSGVO, this data is stored until the data subject exercises his or her right to object pursuant to Article 21 (2) DSGVO.
Unless otherwise stated in the other information in this statement about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

12) Recipients of the data
A transfer of the data collected by us takes place in principle only if:

you have given your express consent to this in accordance with Art. 6 Para. 1 a) DSGVO or in accordance with Art. 9 Para. 2 a) DSGVO,
the disclosure is necessary pursuant to Art. 6 (1) f) DSGVO or Art. 9 (2) f) DSGVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not having your data disclosed,
we are legally obliged to disclose your data pursuant to Art. 6 (1) c) DSGVO, or
this is legally permissible and necessary according to Art. 6 para. 1 b) DSGVO for the processing of contractual relationships with you or for the implementation of pre-contractual measures, which are carried out at your request.

In principle, we process your data ourselves. However, in some cases we also use service providers for this purpose. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centers that store our website and databases, IT service providers that maintain our systems, and consulting companies. If we pass on data to service providers, they may only use the data to perform their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have appropriate technical and organizational measures in place to protect the rights of the data subjects, and are regularly monitored by us.

In addition, disclosure may take place in connection with official inquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.

13) External hosting
Our Internet pages are hosted by RAIDBOXES GmbH, Friedrich-Ebert-Straße 7, 48153 Münster, Germany as an external service provider. Personal data that is collected on our Internet pages is stored on the host’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

We use the services of our hosting service provider for the purpose of fulfilling contracts with potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of providing our online service securely, quickly and efficiently (Art. 6 para. 1 lit. f DSGVO).

Our hosting service provider will process your data only to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data. In order to ensure data protection-compliant processing of your data by our hosting service provider, we have concluded an order processing agreement with them.

14) Changes to the data protection declaration
We occasionally update this privacy policy, for example when we adapt our website or when legal requirements change.