From 25 May 2018 onwards the General Data Protection Regulation (GDPR) goes into effect. The main goal of the GDPR is to regulate how organisations handle personal data and protect the privacy of citizens of the European Union. The GDPR applies to all companies that do business with EU citizens or process data of EU citizens regardless of the location of the company that is processing such data. eLabNext is a brand of Bio-ITech BV, part of Eppendorf group. The GDPR, therefore, applies to Bio-ITech B.V. (”Bio-ITech”) and we are committed to protecting the privacy of our customers.
Of all persons with a registered account in one of the Bio-ITech software applications, personal data is stored in our systems. The role of Bio-ITech as the supplier of software is dependent on the chosen hosting solution. For end-users using Bio-ITech software in the Cloud or in a Private Cloud, Bio-ITech is regarded as the Data Processor according to the GDPR. For organisations with the application hosted on a local server, so-called On-Premise installation, Bio-ITech acts as a sub-processor as it only provides software updates and support but does not have direct access to the data.
As a Data Processor, Bio-ITech has taken strict measures and implemented the required procedures to guarantee the safety of data of its customers. As proof of its effort, Bio-ITech has been IEC/ISO27001 certified since 2016.
The most important measures that have been taken to ensure the protection of personal data as well as confidentiality, integrity and availability of services provided by Bio-ITech as a Data Processor are:
The GDRP dictates that all EU citizens have the right to access the personal data that is stored by others. To provide full system functionality the following minimal set of personal data is stored in Bio-ITech’s software applications:
|Personal Data||Personal Data Type||Purpose|
|First Name||Regular||Together with the Last Name used as display name in the system|
|Last Name||Regular||Together with the First Name used as display name in the system|
|Organisation Email Address||Regular||Used to login and to provide system functionalities, such as forget password, receipt of invitations, messaging and notifications|
|Group||Regular||Research group or department a user works in|
|Organisation||Regular||The organisation the user works in|
|IP address||Regular||IP address used for logging purpose and various security purposes (e.g. hacking attempts, 2FA)|
|Password||Special||Password used for authentication purpose. Passwords are stored in a hashed (encrypted) format in the database|
The GDPR gives each citizen in Europe the right to be forgotten. Considering that an essential function of our software products is to provide full traceability of data, the removal of personal data from the system would counteract the possibility to track who stored data in the system. For that reason, our applications do not support a software function that can be operated by an end-user to delete an account including all personal data. To claim your right to be forgotten and to remove all personal data from your account, please contact our customer care team to guide you through our formal data removal procedure. During this procedure, approval of the organisation to which the system is licensed is requested so that Bio-ITech cannot be held accountable for any loss of data as a result of the data removal.
All Bio-ITech software applications offer the option to export data. Depending on the data, the software offers the option to end-users to export data as CSV, PDF, or in HTML. To structure the data in any format, the software has a so-called Application Programming Interface (API) available.
Bio-ITech will keep you informed on its websites about its compliance with the GDPR requirements. Should you have any questions or concerns, please do not hesitate to contact our legal department at firstname.lastname@example.org.