GDPR Privacy Policy

1. GDPR Introduction

GDPR is short for the General Data Protection Regulation that went into effect on May 25, 2018. Its purpose is to support privacy as a fundamental human right and therefore give EU residents rights over how their personal data is processed or otherwise used.

Data Controller according to data protection law:
CORE DNA TECHNOLOGIES Pty Ltd (« Core dna ») 348 High Street,
Prahran, VIC 3181
Australia

Contact details of the Data Protection Officer:
DP Dock DPO Services GmbH
Grüffkamp 10, 24159 Kiel, Germany
Email: coredna@dp-officer.com

2. Definitions

Our privacy policy should be simple and understandable for everyone. In this privacy policy, the official terms of the General Data Protection Regulation (GDPR) are generally used. The official definitions are explained in Art. 4 of the GDPR.

3. Server logging

Server logs are used for security & performance monitoring as well as for billing purposes. Logs are not shared with any third-party partners, processors or vendors, outside of those listed on 3.2. A typical server log contains information about the IP address, the page requested along with the browser’s User Agent. Log information is retained for 12 months.

GDPR gives individuals the right, in certain circumstances, to ask that their personal data shall be erased, or that a company restrict the processing of their personal data.

"Personal data" means any data that can be used to identify an individual, including:

• Name
• Address
• Email
• IP address
• Credit card number.

We collect the listed data to ensure a smooth connection setup of the website and to enable a comfortable use of our website by the users. In addition, the log file serves for the evaluation of system security and stability as well as administrative purposes. The legal basis for the temporary storage of the data or the log files is Art. 6 para. 1 (f) GDPR.

Personal data does not include information that is purely financial and cannot be linked to an individual, such as:

• How many times a specific product has sold
• How much revenue your store has made

Core dna can assist in the removal of user information in accordance with the client’s policies.

4. Cookies

Our website uses so-called "cookies". Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.  

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., the shopping cart function or language settings). Other cookies are used to evaluate user behavior or display advertising.  

The processing of data through the use of strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 para. 1 (f) GDPR in the technically error-free provision of our services. For details on the processing purposes and legitimate interests, please refer to the explanations on the specific data processing. 

The processing of personal data through the use of other cookies is based on consent pursuant to Art. 6 para. 1 (a) GDPR. The consent can be revoked at any time for the future. Insofar as such cookies are used for analysis and optimization purposes, we will inform you separately about this within the framework of this data protection declaration and obtain your consent in accordance with Art. 6 para. 1 (a) GDPR.  

You can set your browser so that you are be informed about the setting of cookies, allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, activate the automatic deletion of cookies when closing the browser.

The cookie settings can be managed under the following links for the respective browsers: 

• Google Chrome
• Mozilla Firefox
• Edge (Microsoft)
• Safari
• Opera

You can also manage cookies of many companies and functions used for advertising individually. To do this, use the corresponding user tools, available at https://www.aboutads.info/choices/ or https://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called "do-not-track" function. When this function is activated, the respective browser tells advertising networks, websites and applications that you do not want to be "tracked" for the purpose of behavior-based advertising and the like.

You can get information and instructions on how to edit this feature, depending on your browser provider, from the links below:

• Google Chrome
• Mozilla Firefox
• Edge (Microsoft)
• Safari
• Opera

Additionally, you can prevent loading of so-called scripts by default. "NoScript" allows JavaScripts, Java and other plug-ins to run only on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser.

Please note that if you disable cookies, the functionality of our website may be limited.

5. Contact form and contact by e-mail

If you send us inquiries via contact form or e-mail, your data from the inquiry form or your e-mail, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. The specification of an e-mail address is required to contact us, the specification of your name and telephone number is voluntary. Under no circumstances will we pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 (f) GDPR and, if applicable, Art. 6 para. 1 (b) GDPR, if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal obligations to retain data. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 (f) GDPR.

6. Web form for sending applications

If you apply to us via our web form, we collect personal data. In particular, this includes your contact data (such as first name, last name, name affixes, private address, (mobile) phone number, e-mail address) as well as other data provided by you regarding your background (e.g., curriculum vitae, qualifications and degrees, work experience) and your person (e.g., cover letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability). As a rule, your personal data is collected directly from you as part of the application process and is encrypted during electronic transmission. The data originates from the application form to be completed online and from the uploaded files.

The data processing serves to initiate an employee relationship. The primary legal basis for this is Art. 6 para. 1 (a) GDPR and Art. 7 GDPR If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.

Within our company, only those persons have access to your personal data that absolutely need it to carry out the application process or to fulfill our legal obligations. If necessary, your applications will be forwarded to the relevant responsible persons for examination. Under no circumstances will your personal data be passed on to third parties without authorization.

Your data relating to an application for a specific job posting will be stored and processed by us during the ongoing application process. After completion of the application process (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system six months after completion of the application process. In the event of an acceptance, we reserve the right to retain your application for longer, provided that the entry date is more than six months in the future.

7. Google Analytics

Our website uses Google Analytics. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.  

We only use Google Analytics with IP anonymization activated. This means that the IP address of the user is shortened.

The processing of Google Analytics and Optimize is carried out in accordance with Art. 6 para. 1 (a) GDPR on the basis of your consent. 

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Deletion of user-level and event-level data linked to cookies, user IDs (e.g., user ID) and advertising IDs will take place no later than 14 months after their collection.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the URL https://tools.google.com/dlpage/gaoptout?hl=en.

Information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en 

8. Hotjar

Our website uses the web analytics service Hotjar. We use Hotjar to better understand the needs of our users and to optimize the offering and experience on this website. Using Hotjar's technology, we get a better understanding of our users' experiences (e.g., how much time users spend on which pages, which links they click, what they like and don't like, etc.) and this helps us tailor our offering based on our users' feedback. Hotjar works with cookies and other technologies to collect data about our users' behavior and about their devices, in particular device IP address (collected and stored only in anonymized form during your website use), screen size, device type (unique device identifiers), information about the browser used, location (country only), language preferred to view our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

The legal basis for the processing is our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes in accordance with Art. 6 para. 1 (f) GDPR.

From our side, no personal data is stored from the use of Hotjar.

Hotjar stores customer data in the European Union. In a few cases, customer data may be accessed from, or other data (e.g., email) may be transferred to, the United States or other countries whose data protection laws differ from the data protection laws where you live. Hotjar has put in place appropriate safeguards requiring that your personal information remain protected, and requires that third party service providers and partners of Hotjar also put in place appropriate safeguards.

You can prevent the collection of your data by Hotjar at any time when visiting our website by going to the opt-out page https://www.hotjar.com/legal/compliance/opt-out and clicking 'Disable Hotjar' or enabling 'Do Not Track (DNT)' in your browser. The privacy policy of Hotjar Ltd. can be found at: https://www.hotjar.com/privacy/.

9. Social media links

Social networks (Facebook, Twitter, LinkedIn and Instagram) are integrated on our website only as links to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the page of the respective provider. Only after the redirection, user information is transferred to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective data protection provisions of the providers you use.

10. Data transfer and recipients

Your personal data will not be transferred to third parties unless:

• if we have explicitly indicated this in the description of the respective data processing,
• if you have given your express consent to this in accordance with Art. 6 para. 1 s. 1 (a) GDPR,
• the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6 para. 1 s. 1 (f) GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
• in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 s. 1 (c) GDPR, and
• as far as this is necessary for the processing of contractual relationships with you according to Art. 6 para. 1 s. 1 (b) GDPR.

11. Duration of the storage of personal data

The duration of the storage of personal data is measured by the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for the fulfillment or initiation of a contract or if we have a legitimate interest in continuing to store it, the data will be deleted when it is no longer required for these purposes or you have exercised your right of revocation or objection.

12. Users in the European Union/Economic Area and in the United Kingdom GDPR rights”

The rights of each EU/EEA or UK resident under the GDPR, and how you can exercise those rights with respect to Core dna, are:

• Right of access: You, or your customer, can ask us what personal data is being processed (used), why and where.
• Right to rectification: If you, or your customer, want to correct, revise or remove any of the data we retain on you - as explained in our Privacy Policy - you may do so at any time.
• Right to be forgotten: If you, or your customer, need to cancel your Core dna account at any time, we will permanently remove your account and all information associated with it.
• Right to restrict processing: If you, or your customer, believe your personal data is inaccurate or collected unlawfully, you may request limited use of your personal data.
• Right of portability: We provide you with the ability to move any of your account data to a third party at any time.
• Right to lodge a complaint with a supervisory authority: You have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of the federal state of our registered office or, if applicable, that of your usual place of residence or workplace.
• Right to withdraw consent granted in accordance with Art. 7 (3) GDPR: You have the right to withdraw consent to the processing of data once granted at any time with effect for the future. In the event of withdrawal, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent. The revocation of withdrawal shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
  
  
• Right to object: If you, or your customer, decide that you no longer wish to allow your data to be included in our analytics or for us to provide personalized (targeted) marketing content at any time, you may contact us to request removal of this data.

If you are in the European Union, you may address privacy-related inquiries to our EU representative pursuant to Article 27 GDPR: 

EU: EU-REP.Global GmbH, Attn: Core dna, Hopfenstr. 1d, 24114 Kiel, Germany
coredna@eu-rep.global

If you are in the United Kingdom, you may address privacy-related inquiries to our UK representative pursuant to Article 27 GDPR:

UK: DP Data Protection Services UK Ltd., Attn: Core dna, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom
coredna@eu-rep.global
www.eu-rep.global

13. External links

Where links are provided to other websites, we have neither influence nor control over the linked content and the data protection provisions there. We recommend that you check the data protection declarations of linked websites when you visit them in order to determine whether and to what extent personal data is collected, processed, used or made available to third parties.

14. Automated decision making

Automated decision making or profiling according to Art. 22 GDPR does not take place. 

15. Subject to change

We reserve the right to adapt or update this data protection declaration if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The current version applies to your visit.

Status of this data protection declaration: November 2022