1. "Personal Data"
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. "Data Subject"
A data subject is any identified or identifiable natural person, whose personal data is processed by the controller.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. "Restriction of Processing"
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
7. "Third Party"
Third party means a natural or legal person, public authority, agency or body other than the data subject, Controller, processor and persons who, under the direct authority of the Controller or processor, are authorized to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
II. Controller and Data Protection Officer
Please address the Controller responsible for your personal data or our Data Protection Officer in case of enquiries regarding the processing of your personal data, for further information, adaption or alteration, restriction, blocking, erasure or destruction as well as for withdrawals of given declarations of consent.
You may contact them by email, telephone, fax or by mail. The personal data given here will be used for processing your contact approach.
1. Contact Details of the Controller
NEC Laboratories Europe GmbH
Tel: +49 (0) 6221 4342 0
Fax: +49 (0) 6221 4342 155
2. Contact Details of the Controller’s Data Protection Officer
Datenschutzbeauftragter (Data Protection Officer)
NEC Laboratories Europe GmbH
III. Processing of Personal Data
- Visiting our website
By visiting our website, our webservers will store information provided by your browser to us by default. This information will be stored in a so called Log file. The following information will be stored in this context:
- IP-Address of the accessing computer
- Date and time of the access
- Name and URL of the accessed file
- Website from which the current website or file was accessed
- Browser used and if necessary the operating system of your computer
- Access status
- Language and version of the browser software
Additional personal data will only be collected if agreed to or voluntarily indicated, e. g. as part of a contact request, a job application or to process other request.
The personal data you provide will be used for the operation of the service (Log-Files) or for the purpose of processing a request from your side.
Your personal data will be erased if and when it is no longer needed for the initial purposes. Personal data subject to legal retention times are hereby excluded.
For hosting the website we are using the service of Mittwald CM Service GmbH, with which we have concluded a Data Processing Agreement.
- Mittwald: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities);
Service provider: Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany;
Data Processing Agreement: https://www.mittwald.de/faq/service-informationen/faq/datenschutz-alles-wichtige-zur-dsgvo.
- Job application procedure
We process personal data of applicants for the purpose of conducting the application procedure. The processing may be executed by electronic means. This is especially the case if an applicant transmits application documents electronically, e.g. by email or through our applicant portal, or by mail which is being stored to our computing systems. In the event that an employment contract is concluded with an applicant, the transmitted personal data will be stored for the purpose of conducting the employment relationship with respect to legal regulations. If no employment contract is concluded, the application documents will be deleted after notification of the rejection decision, as soon as no other legitimate interest of the Controller are contrary to the deletion. In this sense, legitimate interest is e.g. a burden of proof in proceedings according to the German General Act on Equal Treatment (AGG).
- Interacting with us by using our MS365 environment
See detailed information here
- Information for Data subjects pursuant to Article 14 GDPR
For processing activities where personal data have not been obtained from the data subject, we are obliged to provide the data subject with information on that processing. If this is not directly possible, the information can be provided by other means, e.g., publication on the Website. This applies for the following list of our research projects performed using machine learning and public available data, in which we are obtaining pseudonimized data and re-identification of the data subjects is impossible for us:
- Activity Neo Antigen Digital Twin See detailed information here
- Activity T-Cell Receptor Analysis TCR See detailed information here
- Activity Alternative Splicing Benchmark: See detailed information here
- Activity Patient Stratification projects (BGX): See detailed information here
- Activity Mircobiome projects: See detailed information here
- TCGA Survival: See detailed information here
- Single Cell Head and Neck: See detailed information here
IV. Disclosure of your Personal Data
Personal Data will not be disclosed for advertising purposes to third parties.
In the event of disclosure of your personal data to third parties, this is either based on your consent or on one of the legal bases mentioned under paragraph VII.
Personal data shall only be transmitted to government institutions and authorities as part of obligatory national legal provisions.
V. Deletion of personal data
Your personal data will only be stored as long as it is needed for the purposes for which it was initially collected. Deletion only takes place, insofar as legal storage obligations are not required.
VI. Legal Basis for the Processing of Personal Data
The processing of your personal data is based on the regulations of the GDPR.
If we obtain your consent to the processing of personal data, Art. 6 para. 1 lit. a) GDPR serves as legal basis for the processing.
Processing personal data which is required for the performance of a contract to which you are a party, Art. 6 para. 1 lit. b) GDPR serves as legal basis. This also applies for data processing which is required for the execution of pre-contractual measures, especially during the initiation of a contract and the job application process.
If and when the processing of personal data is required for the compliance of a legal obligation which our company is subject to, Art. 6 para. 1 lit. c) GDPR serves as legal basis.
If the processing is required for the purposes of a legitimate interest of our company or a third party, and if your interests, civil rights and basic freedoms are not overridden by the first mentioned interest, Art. 6 para. 1 lit. f) GDPR serves as the legal basis for the processing.
VII. Data Subject Rights
In order to assert your data subject rights please address us as the controller or our data protection officer via the contact information mentioned under paragraph II.
1. Right of Access
Upon request, we will notify you in writing as promptly as possible and according to applicable law if and which of your personal data is stored by us. Should incorrect information have been stored despite our efforts to data integrity and timeliness, we will correct it upon your request (please also see 3.)
If you have any further questions regarding the processing of your personal data, you may contact the Controller or the Controller’s Data Protection Officer.
2. Right to Obtain a Copy
You have the right to request a free copy of all processed personal data concerning your person. Further copies may be reasonably charged. The right to obtain a copy shall not impair the liberties of other persons. Commercial secrets and intellectual property rights of third persons may bar the right to obtain a copy. Please direct your enquiry to the Controller or the Controller’s Data Protection Officer.
3. Right of Withdrawal, Rectification and Deletion
You have the right to withdraw your consent at any time to the future use, processing and disclosure of your personal data, or to rectify incorrect personal data or to delete your personal data. This is the case, so long as there are no statutory retention obligations or other legal regulations. Please direct your enquiry to the Controller or the Controller’s Data Protection Officer.
4. Right to Restriction of Processing
Provided that the prevailing statutory provisions are met, you have the right to request the restriction of the processing of your personal data. Please direct your enquiry to the Controller or the Controller’s Data Protection Officer.
5. Right to Data Portability
You have the right to receive the personal data concerning yourself which you disclosed to the Controller in a structured, commonly used and machine-readable format. Exercising the right to data portability, you furthermore have the right to obtain the direct transmittance of the personal data from one Controller to another if this is possible technically and if the rights and freedoms of other persons are not affected hereby. To exercise your right, please direct your enquiry to the Controller or the Controller’s Data Protection Officer.
6. Right to Object
Due to reasons which emerge from your specific situation, you have the right to object to processing of your personal data affected due to Art. 6 para. 1 lit. e) or f) GDPR at any time.
In the event of objection, NEC Laboratories Europe GmbH will no longer process the personal data, unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing shall be used for the assertion, exercise or defense of legal claims. In order to exercise your right to object, please address the Controller or the Controller’s Data Protection Officer.
7. Right to Lodge a Complaint with a Supervisory Authority
You shall have the right to lodge a complaint with a supervisory authority, if you consider that the processing of your personal data violates applicable statutory provisions.
We implement technical and organizational security measures to protect your personal data processed by us against manipulation, loss, destruction and the access by unauthorized persons. Our security measures are continuously enhanced according to technological development. Internet- based data transfers may in principle show security gaps, though we cannot guarantee absolute protection. Therefore, you are free to transfer your personal data by alternative means, e.g. telephonically.
X. Correctness and Validity