Data Protection Declaration

Proper protection of your personal data is a serious matter for PromoCell GmbH and we conform strictly to all data protection laws and regulations. The following declaration provides an overview of how we ensure this protection, as well as which types of data are collected and to what purpose.

Scope of application

This privacy statement informs users of the types, scope, purpose and use of personal data collected by ‘PromoCell GmbH, Sickingenstrasse 63-65, 69126 Heidelberg, Germany, info@promocell.com, Tel. +49-6221-649340’, as the provider responsible for this website (hereafter referred to as the ‘offer’).

Data privacy officer

You can contact our data privacy officer by post or email at:

Data Privacy Officer
Dr. Jonas Tritschler
PromoCell GmbH
Sickingenstrasse  63-65
69126 Heidelberg

In the following, we inform you on how we comply with the requirements of the European General Data Protection Regulation (GDPR) on the use and processing of personal data in compliance with Articles 12 to 14, and on your rights as a data subject according to Articles 15 to 22 and 34.

Use of personal data

We only capture and use personal data of our website’s users to the extent that this is essential in order for our website to work properly and for us to provide content and services. We generally only capture and use the personal data of our users if they have given us their permission for us to do so. The only exceptions involve cases in which it is genuinely impossible to obtain their prior consent, or when processing of the data is permitted by law.

The following legal provisions may apply to the processing of your data:

  • To the extent that we obtain your consent for processing your personal data, this is covered by Article 6, Paragraph 1, Letter a of the European General Data Protection Regulation (GDPR).
  • If processing of personal data is required for the performance of a contract to which you are party, the legal basis for this is Article 6, Paragraph 1, Letter b of GDPR. This also applies if it is necessary to take steps at your request prior to entering into a contract.
  • If it is necessary to process personal data in order to comply with a legal obligation to which our firm is subject, the legal basis is Article 6, Paragraph 1, Letter c of GDPR.
  • If it is necessary to process personal data for the purposes of legitimate interests of our firm or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms, the legal basis is Article 6, Paragraph 1, Letter f of GDPR.

In particular, the legitimate interests covered by Article 6, Paragraph 1, Letter f can include:

  • Answering queries
  • Carrying out direct marketing activities
  • Providing services and/or information
  • Processing and transferring personal data for internal or administrative purposes
  • Efficiently operating and administering our website or parts thereof such as online shops and e-publishing
  • Technical support for users
  • Avoidance and discovery of cases of fraud and criminal offences
  • Protection against failure to collect payment by obtaining information on the creditworthiness of those who request deliveries or services
  • Ensuring the security of our network and data, to the extent that these interests are compatible with the applicable laws and with the user’s rights and freedoms

Access data / server log files

The provider (specifically their web space provider) collects data, referred to as server log files, of each visit to the website. This access data encompasses:

The name of the website visited, files, date and time of the request, the amount of data sent, notification of a successful retrieval, the user’s browser type and version, along with their operating system, referrer URL (that of the last site visited), their IP address and the requesting provider.

The provider only processes such protocol data in a statistical sense to help improve operations, security and to optimize their offer. However, the provider also reserves the right to subsequently check the data should reasonable suspicion of illegitimate usage arise.


We will send you our Newsletter, that includes advertising, per email provided you have given us your express consent (hereafter ‘Newsletter’).

Our Newsletter from the world of cell culture provides you with details about our current offers and services, campaigns, events, competitions, job offers, relevant articles, blogs as well as reference resources.

Messages from us that are not part of the Newsletter include those lacking any advertising which we send as part of our contractual or other business relationship. These include, for example, service emails containing technical details, as well as queries about orders, events,  competition notifications or similar.

You only need to send us your email address and your name to receive the Newsletter, which will only be used to render the Newsletter more personal.

Newsletters contain so-called ‘web-beacons’ which are pixel-sized files that are activated once the Newsletter is opened. Initially, technical details, such as information about your browser and operating system, IP address and the time of access are collected. These details are used to improve the technical nature of our services, and also adapt our offer to suit specific target groups and their reading habits, made apparent by their retrieval location (visible via an IP-address) or retrieval time. Additional statistical data includes whether or not and when the Newsletters are opened, plus which links are clicked on. Although these details could be assigned to each Newsletter recipient, we make no effort to monitor individual users. Rather, our statistical analyses are designed for us to understand our users’ reading habits and adapt the Newsletter contents accordingly.

In some cases, e.g. when contents are difficult to display in mailing programs, we use links to direct Newsletter recipients to the websites of third parties, so that the Newsletter contents can be accessed online. When this happens, we indicate clearly that these websites employ cookies, meaning that your personal data could thereby be collected and processed by the website provider, their partners and/or the services they employ (e.g. Google Analytics). We have no influence over such data collections. Further details will be available in the privacy statements of such third party providers.

You may revoke your consent for the storage of personal data, your email address along with its use as a recipient of our Newsletters, at any time. Separate cancellation as regards statistical analyses and/or dispatch is unfortunately not possible. A cancellation link is available in the Newsletters themselves, or you can cancel via Contacts, located above.

Legal framework of the General Data Protection Regulation (GDPR)

In accordance with the General Data Protection Regulation (GDPR), which takes effect on 25 May 2018, we hereby give notice that consent given to the sending of email addresses is regulated pursuant to Art. 6 para. 1 lit. a, 7 GDPR, in addition to Art. 7 para. 2 lit. 3, resp. para. 3 UWG. It is in our interest to establish a user-friendly and secure Newsletter system that both serves our business interests and fulfils our users’ expectations.

Embedded services and third party contents 

Some of our offer’s websites provide links to third party contents such as, for example, YouTube videos, samples from Google Maps, images, texts and multi-media files, RSS-Feeds or similar services provided by other websites. Your IP address needs to have been sent to the third party for you to receive their content. We can neither influence, nor comment on, how your data would then be used by such providers, nor do we have any control over how this data may be further processed, or whether it might be used for purposes surplus to providing you with the service you request, for instance for profiling. Should we become aware of any pertinent details these will be made public in separate, specific privacy statements. Please refer to the respective third party’s privacy statement for any further information.

Registration / online shop

If you wish to place an order in one of our online shops, to permit the conclusion of a contract it is necessary for you to provide the personal data that is required for us to process your order. The mandatory information is specially marked; the provision of other data is voluntary. We use the data you provide for handling and delivering your order. For this purpose, we may provide your payment information to our payment service provider. The legal basis for this is Article 6, Paragraph 1, Letter b of GDPR. We are furthermore entitled to use the data you have provided to inform you about other interesting products in our portfolio or to send you emails containing technical information. We are required by commercial and tax law to store your address, payment and order data for ten years. However, we limit our processing of your data to the minimum that is necessary in order to comply with our legal obligations.

Credit checks

When orders are placed with us, or we are contracted, we reserve the right to forward personal data to third parties for them to perform credit checks, provided this is required and justified by our legitimate interests. The only details sent thereby are those the credit agency requires for their mathematical-statistical processing. We require credit checks to reach decisions regarding the establishing and execution of a contractual relationship, whilst safeguarding our legitimate interests.

Making contact

Personal data you transfer whilst making contact with us or when transferring documents will be utilised exclusively for its specific purpose. In doing so, the data involved is transferred to us on a voluntary basis with your consent. In the case of a communication channel (e.g. email address, telephone number), you also thereby consent to us replying, if need be, via this channel to address the issue. You may revoke this consent at any time in the future. In such cases please contact our data protection officer, see contact details below. Once its purpose has been fulfilled your personal data will be deleted.

Careers (data privacy for employment applications and the application process)

The responsible worker captures and processes the personal data of applicants for the purposes of the application process. This may also be done electronically, particularly if an applicant submits relevant documents to them by electronic means, e.g. by email or using a form on the website. If the worker responsible for processing applications concludes an employment contract with an applicant, the submitted data are stored for use in connection with the employment relationship while complying with the applicable legal requirements. If the responsible worker does not conclude an employment contract with the applicant, the application documents are automatically deleted three months after the negative decision has been communicated, unless doing so would violate legitimate interests of the worker responsible for handling the application. Such a legitimate interest would be, for example, the obligation to provide evidence in a proceeding under the German General Equal Treatment Act (AGG).

Enrollment in courses of the PromoCell Academy

The responsible worker captures and processes personal data of course participants and individuals interested in attending a course for purposes related to the enrollment process. This may also be done electronically, particularly if a course participant submits enrollment data to them by electronic means, e.g. by email or using a form on the website. If they then attend a course of the PromoCell Academy, the submitted data are stored for the legally required time period for purposes related to holding the course while complying with the relevant regulations.

Feedback form

The responsible worker captures and processes personal data of individuals for quality control purposes (e.g. entered in a feedback form). This may also be done electronically, particularly if someone submits feedback by electronic means, e.g. by email or using a feedback form on the website. After the purpose of the feedback has been fulfilled and it has been processed for quality control purposes, the personal data are deleted.

Data transfer

The provider emphasises that data transfer via the internet (e.g. communicating via email or ordering via our webshop) is inherently exposed to security loopholes and cannot be entirely safeguarded against access by third parties.


We use cookies on our websites. Cookies are text files that are stored by or in your internet browser locally on your computer system. Every time that a website is accessed, a cookie can be stored in your operating system. This cookie contains a typical sequence of characters and can be used to clearly identify the browser if it calls up the same website again. We use technical cookies to make our website user-friendlier. Some elements of our website also require the ability to identify a browser after it navigates to another page within the same site. The following data are stored in the cookies and communicated: language settings, articles in the shopping basket and log-in information. The legal basis for processing personal data with the aid of technical cookies is Article 6, Paragraph 1, Letter f of GDPR.

We also use cookies on our website to permit analysis of our users’ surfing behaviour. This generates information on search terms, the frequency with which individual pages are visited, which website functions are used etc. The user data captured in this way are pseudonymised to prevent them from being correlated with the user. The data are not stored together with personal data of the user.

When you access our website, a banner appears informing you that analytical cookies are used and directing you to this privacy statement.

You are also informed how to suppress the storage of cookies by modifying your browser’s settings. The legal basis for processing personal data with the aid of cookies is also Article 6, Paragraph 1, Letter f of GDPR.

Technical cookies make it easier to use websites. Some functions of our website would not work without cookies. They require the ability to recognise a browser again after it navigates to another page. For example, cookies are needed for the shopping basket function, for retaining language settings and search terms, and for other purposes as well. Analytical cookies allow us to learn how our website is used and steadily improve it. This is our legitimate interest in processing these data.

Cookies are stored on your computer and communicated from there to our website. As a user, you therefore have full control over the use of cookies. You can disable or limit the transmission of cookies by changing your browser’s settings. Already stored cookies can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, it may not be possible to fully use all of its functions.

Google Analytics

We employ Google Analytics in our offer, which is a Web analysis service provided by Google Inc. (‘Google’). Google Analytics uses so-called ‘cookies’ which are small text files that are stored on a user’s device to enable their use of a website to be analysed. The information about the user’s visits to the website generated by the cookie is then usually sent to one of Google’s servers in the USA and stored there.

However, if IP Anonymization is activated for a website, the user’s IP address is shortened by Google before it is sent from within European Union member states, or those of other states party to the Agreement on the European Economic Area. Only under exceptional circumstances will the full IP address be sent and then shortened by Google before it is stored on a US server. IP Anonymization is activated on this website. The website provider has charged Google with employing this information to analyse users’ activity and compile reports on it. These reports will serve to assess which specific website and internet services Google will subsequently be able to offer to the Provider.

The IP address transmitted by your browser within the scope of Google Analytics is not merged with other data from Google. The legal basis for processing users’ personal data is Article 6, Paragraph 1, Letter f of GDPR.

We use Google Analytics to analyse and regularly improve the use of our website. The statistics this service generates allow us to improve our offering and make it more attractive to you as a user. This website also uses Google Analytics for cross-platform analysis of visitor flows on the basis of user IDs. To stop this cross-platform analysis of your use of our website, please go to your customer account and disable “personal data” under “my data”.

You can prevent cookies from being stored on your computer by changing your browser’s settings, however please be advised that if you do so you may no longer be able to fully use all of this website’s functionality. You can also prevent the data that the cookie captures on your use of the website (including your IP address) from being relayed to Google for analysis. To do so, you must download and install the browser plugin which is available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

This website uses Google Analytics with the extension “_anonymizeIp()”. This causes IP addresses to be cropped, which prevents them from being correlated with a particular individual. Moreover, even if captured data permit you to be identified, these are immediately deleted to ensure complete anonymity.

It is rare for personal data to be transmitted to the USA, but to guard against these cases Google has subjected itself to the EU-US Privacy Shield Framework (https://www.privacyshield.gov/EU-US-Framework).

Contact information on Google: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001.
User terms: 
Data privacy overview: 
Data privacy policy: 

Google Tag Manager

For reasons of transparency we wish to point out that we utilize the Google Tag Manager tool. The Tag Manager itself does not collect any personal data, but it does enable us to integrate and manage our own tags. Amongst other things, tags are short code elements which serve to measure traffic and user behaviour, to register the effects of online advertising and social channels, set up remarketing and a useful orientation towards target groups, as well as test and tweak websites. If you have carried out a deactivation, this will be taken into account by the Google Tag Manager. For further information click on: https://www.google.com/intl/de/tagmanager/faq.html

Social media buttons with Shariff

Our offer incorporates social plugins from platforms such as Facebook, Twitter, LinkedIn or WhatsApp. Usually these plugins immediately register each visitor to a site, along with their IP address, and then continue to protocol all of their further activities on the internet. This happens even when the user has not clicked on any of the buttons. To avoid this, we use data protected ‘Shariff’ buttons. ‘Shariff’ was developed by specialists working for the c’t computer magazine in order to both create more private space on the internet, and to replace the usual ‘Share’ buttons used by social networks. Our social network buttons will only set up a direct link between the respective social network and the user once the latter has actually clicked on its ‘Share’ button. If the user is already registered with a social network, then this will proceed under Facebook and Google+ without an additional window being opened. This enables users to post contents from our websites onto social networks without a comprehensive surfing profile being created.

Information on your rights

You have the right

  • to receive confirmation from us that personal data concerning you are being processed; if this is the case, you also have the right to receive information on these personal data and the other items listed in Article 15 of GDPR;
  • to receive data concerning you, subject to the restrictions of Article 20 of GDPR, in a structured, commonly used and machine-readable format. If technically feasible, you may also request them to be transmitted directly to another individual or organisation designated by you;
  • to request that we rectify your data if they are inaccurate, inapplicable and/or incomplete. Such rectification includes completing the data by means of declarations or notification;
  • to request that personal data concerning you are erased without delay if any of the grounds listed in Article 17 of GDPR applies.
    Unfortunately, we are unable to erase data which by law must be stored for a prescribed period of time. If it is your wish that we never again capture data of yours or contact you, we will store your relevant contact data in a blocking list;
  • to revoke any permission you have given without suffering any disadvantages as a result;
  • to request that we restrict the processing of personal data concerning you if any of the conditions listed in Article 18 of GDPR applies;
  • to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. We will then no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for continuing to do so which override your interests, rights and freedoms or serve the establishment, exercise or defence of legal claims (Article 21 of GDPR);
  • irrespective of other administrative or judicial recourse, if you believe that the processing of your personal data violates the terms of GDPR, to lodge a complaint with
    • our data privacy officer (see the contact information above) or
    • a supervisory authority in the member state in which you reside or work or in which the alleged violation has taken place.
      The following supervisory authority is responsible for us: Baden-Württemberg State Official for Data Protection and Information Freedom (

If you have any questions concerning data protection (for example, if you would like to know which personal data concerning you we have stored or request us to update them), please contact our data privacy officer.

Changes to this privacy statement

We reserve the right to change our privacy statement when required and to publish it here. Please check this page regularly. If this statement is updated, the new version enters into effect upon publication unless it violates applicable laws or regulations. If we have already captured data on you which are affected by such a change and/or are legally required to be disclosed, we will also inform you in the event of any substantive changes to our privacy statement.

Last update: August 2018