Savannah Genetics Logo white

Privacy Policy

Privacy Policy

This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter briefly referred to as “data”) within our online offer and the associated websites, functions, and content as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”). Regarding the terminology used, such as “processing” or “controller,” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

Daniel
76187 Karlsruhe
Email: info@savannah-genetics.de

Types of data processed:

– Master data (e.g., names, addresses)
– Contact data (e.g., email, phone numbers)
– Content data (e.g., text entries, photographs, videos)
– Usage data (e.g., visited websites, interest in content, access times)
– Meta/communication data (e.g., device information, IP addresses)

Categories of data subjects

Visitors and users of the online offer (hereinafter collectively referred to as “users”).

Purpose of processing

– Provision of the online offer, its functions, and content
– Responding to contact requests and communication with users
– Security measures
– Reach measurement/marketing

Used terminology

“Personal data” are all information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by assignment to an identifier such as a name, identification number, location data, online identifier (e.g., cookie), or to one or more special characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” is any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses almost any handling of data.

“Pseudonymization” is the processing of personal data in such a way that the personal data cannot be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.

“Profiling” is any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.

The “controller” is the natural or legal person, authority, institution, or other body that alone or jointly with others determines the purposes and means of processing personal data.

“Processor” is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the controller.

Applicable legal bases

Pursuant to Art. 13 GDPR, we inform you of the legal bases of our data processing. If the legal basis is not specified in this privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing to fulfill our services and execute contractual measures or respond to inquiries is Art. 6(1)(b) GDPR, the legal basis for processing to comply with legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR. If vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.

Security measures

Pursuant to Art. 32 GDPR, we take appropriate technical and organizational measures, taking into account the state of the art, implementation costs, nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.

Measures include securing the confidentiality, integrity, and availability of data by controlling physical access, access permissions, input, transmission, availability, and separation of data. We have also established procedures to ensure the exercise of data subject rights, deletion of data, and response to data hazards. Data protection is considered from the design stage of hardware, software, and procedures, according to the principle of data protection by design and by default (Art. 25 GDPR).

Collaboration with processors and third parties

If we disclose, transmit, or grant access to data to other persons or companies (processors or third parties) in the context of our processing, this is done only on a legal basis (e.g., if transferring data to third parties such as payment service providers is required for contract fulfillment under Art. 6(1)(b) GDPR), you have given consent, a legal obligation exists, or based on our legitimate interests (e.g., use of subcontractors, web hosting providers, etc.).

If we commission third parties with data processing based on a so-called “processor contract,” this is done pursuant to Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e., outside the EU or EEA) or this occurs in the context of using third-party services or disclosure/transmission to third parties, this is only done if it is necessary for fulfilling our (pre)contractual obligations, based on your consent, a legal obligation, or our legitimate interests. Subject to statutory or contractual permissions, we only process or have data processed in a third country under special conditions of Art. 44 ff. GDPR, e.g., on the basis of officially recognized EU-equivalent data protection levels (e.g., Privacy Shield for the USA) or officially recognized special contractual obligations (“Standard Contractual Clauses”).

Rights of data subjects

You have the right to request confirmation whether data concerning you is processed and to obtain information about this data, as well as further information and a copy of the data according to Art. 15 GDPR.

You have the right under Art. 16 GDPR to request the completion or correction of inaccurate data concerning you.

You have the right under Art. 17 GDPR to request the deletion of data or, alternatively under Art. 18 GDPR, to request restriction of processing.

You have the right to receive data you have provided us according to Art. 20 GDPR and to request its transfer to another controller.

You also have the right under Art. 77 GDPR to lodge a complaint with the competent supervisory authority.

Right of withdrawal

You have the right to revoke consents given under Art. 7(3) GDPR with effect for the future.

Right to object

You can object to future processing of your data under Art. 21 GDPR. Objection can be made, in particular, against processing for direct marketing purposes.

Cookies and objection rights in direct marketing

Cookies are small files stored on the user’s device, which store information about a user (or device) during or after their visit to an online offer. Session cookies or transient cookies are deleted when the user closes the browser. Persistent cookies remain stored even after closing the browser. First-party cookies come from the website itself, third-party cookies from other providers.

Users can disable cookies in their browser settings. Deactivating cookies may limit some functionality of the online offer. Users can also object to marketing cookies via http://www.aboutads.info/choices/ or http://www.youronlinechoices.com/.

Deletion of data

Data is deleted or restricted according to Arts. 17 and 18 GDPR, unless legal retention obligations prevent it (e.g., tax or commercial law).

Retrieval of emojis and smileys

We use emojis (smileys) provided by external servers. IP addresses are collected to deliver the emojis. Service provider: Automattic Inc., https://automattic.com/privacy/.

Contact

Data provided during contact (via form, email, phone, social media) is processed under Art. 6(1)(b) GDPR for contractual inquiries and Art. 6(1)(f) GDPR for other inquiries.

Hosting and email transmission

Hosting services process personal data for the operation of the website, including CRM and email handling, under Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR.

Server access logs

Access data (e.g., page, date, IP) is stored for up to 7 days and deleted, unless required for evidence.

Google Tag Manager and Google Analytics

Used under legitimate interest (Art. 6(1)(f) GDPR). IP anonymization is active. Data stored in the USA. Privacy: https://policies.google.com/technologies/ads. Opt-out: http://tools.google.com/dlpage/gaoptout?hl=en.

Jetpack (WordPress Stats)

Used for visitor statistics. Data stored in the USA. Privacy: https://automattic.com/privacy/

Facebook Pixel & Social Plugins

Used to analyze and optimize marketing. Data may be transferred to the USA. Privacy: https://www.facebook.com/about/privacy/

Instagram, Google+, Google Fonts, Google Maps, OpenStreetMap, Adobe Typekit

Third-party services used under legitimate interest. Data may be processed outside the EU. Privacy links as provided above.

WhatsApp Business & Newsletter

Used for communication and newsletters. Data processed under Art. 6(1)(b) and 6(1)(f) GDPR. Privacy: https://www.whatsapp.com/legal/?eea=1#privacy-policy

 

 

Savannah Genetics Logo white

Useful links

Write to us

Don’t miss our current kittens! Contact us today!

info@savannah-genetics.de
0176 69100080

© Copyright 2025 by Savannah-Genetics.de

Contact
Privacy Policy
Cookie Policy (EU)
Imprint / Legal Notice