QIAGEN Privacy Policy

QIAGEN takes your privacy seriously. Please read below to learn more about your privacy as relates to our company.

Last update: 16.07.2021

QIAGEN Privacy Policy

This Privacy Policy covers our treatment of personal information under applicable data protection and privacy laws, including but not limited to (1) personally identifiable information, as defined by numerous statutes in the United States, including the California Online Privacy Protection Act (such statutes, the "PII Laws") (2) personal information, as defined by the California Consumer Privacy Act (the "CCPA") and for this purpose applies solely to visitors, users, and others who reside in the State of California, (3) personal data, as defined by the General Law on Personal Data Protection of Brazil (referred in Brazil as Lei Geral de Proteção de Dados – LGPD) and (4) personal data, as defined by the European Union General Data Protection Regulation (the "GDPR").

I. Name and address of the person responsible

The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

QIAGEN GmbH
Qiagen Straße 1
40724 Hilden
Germany

Tel .: +492103290

E-mail: dataprotection@qiagen.com

Contact Data Protection Officer: dataprotectionofficer@qiagen.com

Website: www.qiagen.com

II. General information on data processing

1. Scope of processing of personal data

Generally, we collect and use personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain your consent for processing of personal data, Art. 6 para. 1 lit. a) EU General Data Protection Regulation (GDPR) as legal basis.

When processing personal data that is required to fulfill a contract of which you are a party, Art. 6 para. 1 lit. b) GDPR as legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as processing of personal data is required to fulfill a legal obligation to which QIAGEN GMBH is subject, Art. 6 para. 1 lit. c) GDPR is the legal basis for such processing.

If the processing of personal data is necessary to safeguard legitimate interests of QIAGEN GMBH, Art. 6 para. 1 lit. f) GDPR serves as legal basis.

If a transfer of personal data to other companies of the QIAGEN Group based in a third country takes place, the transfer  is based on the standard contractual clauses pursuant to Art. 46 para. 2 lit. c) GDPR.

3. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is  fulfilled. In addition, such storage may be required by the European or national legislator in EU regulations, laws or other regulations to which QIAGEN is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for conclusion or fulfillment of the contract.

4. Sub-processing

QIAGEN may engage third party service providers to assist with the data processing activities. When we work with these service providers in our capacity as a data processor, the third-party service provider is a sub-processor.

Before engaging any processor and sub-processor, we perform due diligence, including security and legal analysis. Our processor and sub-processors are all subject to contract terms that enforce compliance with applicable data protection laws.

5. Supplemental Privacy Policies and other documents

This Privacy Policy may be supplemented by additional documents for specific QIAGEN products. 

III. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

In this process, the following data is collected:

(1) Information sent in user-agent header by the browser

(2) The IP address of the user

(3) Date and time of access

(4) Information sent in referrer header by the browser

 The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes comprise our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.

In the case of storing the data in log files, this is the case after four weeks at the latest. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. Objection and removal possibility

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no right to objection to this for the user.

IV. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page break.

The following data is stored and transmitted in the cookies:

(1) language setting

(2) items in a shopping cart

(3) log-in information

 

In addition, we use cookies on our website that allow an analysis of users' browsing behavior.
In this way, the following data may be transmitted:

(1) Entered search terms

(2) frequency of page views

(3) Use of Website features

(4) Websites from which the user's system reaches our website

 

Detailed information about Cookies which we use on our website can be found via this link.

The data of the users collected in this way are pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data will not be stored together with other personal data of the users.

Users of My QIAGEN should refer to “My QIAGEN Terms of Use” or a detailed description of our use of cookies for this service. Provisions of My QIAGEN’s Terms of Use related to the use of cookies shall govern over this Privacy Policy for each My QIAGEN’s user.

When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and referred to this privacy policy

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f GDPR.

3. Purpose of the data processing

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

We require cookies for the following applications:

(1) Shopping cart

(2) Check-out procedure

(3) adaptation of language and country settings

(4) Remembering keywords

(5) Session Handling

 

A list with all cookies can be found here.

The user data collected through technically necessary cookies will not be used to create user profiles.

The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer.

For these purposes, our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR.

4. Duration of storage, objection and disposal options

Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to their full extent.

The transmission of Flash cookies cannot be prevented by the settings of the browser, but by changing the settings of the Flash Player.

5. Objection and removal possibility

Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

V. Newsletter

1. Description and scope of data processing

You can subscribe to a free newsletter on our website. The data from the input mask transmitted to us when registering for the newsletter:

e-mail address

In addition, the following data is collected upon registration:

(1) IP address of the calling computer

(2) Date and time of registration

For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy.

2. Legal basis for data processing

The legal basis for the processing of the data after the user has registered for the newsletter is the consent of the user Art. 6 para. 1 lit. a GDPR.

3. Purpose of the data processing

The collection of the user's e-mail address serves to deliver the newsletter.

4. Duration of storage

The data will be deleted as soon as the consent for processing is revoked by the data subject.

5. Objection and removal possibility

The user has the option to revoke consent to the processing of personal data at any time.. By sending e-mail at dataprotection@qiagen.com, they may object to the storage of personal data and request the deletion of the user's stored personal data.

VI. Registration to My QIAGEN

1. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal information. Usage of My QIAGEN is subject to the acceptance of the provisions of this Privacy Policy and My QIAGEN’s Terms of Use, which can be found here: https://www.qiagen.com/fi/trademarks-and-disclaimers/myqiagen-terms-of-use/.  A transfer of data to third parties does not take place. The following data is collected during the registration process:

(1) The IP address of the user

(2) Date and time of registration

(3) E-mail address

(4) Surname and first name

(5) Company

(6) Country

(7) telephone number

(8) Postal address

 

As part of the registration process, the consent of the user to process this data is obtained.

2. Legal basis for data processing

Legal basis for the processing of the data is the consent of the user Art. 6 para. 1 lit. a GDPR.

If the registration serves the fulfillment of a contract of which the user is a party or the implementation of pre-contractual measures, an additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.

3. Purpose of the data processing

User registration is required for the provision of certain content and services on our website.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection or, as the case may be, as soon as the consent for processing is revoked by the data subject.

5. Objection and removal possibility

As a user, you have the option of canceling the registration at any time. You can change the data stored about you at any time.

VII. Contact form and e-mail contact

1. Description and scope of data processing

You can contact us by using the contact form or by sending an email to the addresses provided on our website.

 

The following data is collected during the contact form filling:

(1) Title

(2) Date and time of registration

(3) E-mail address

(4) Surname and first name

(5) Company

(6) Country

(7) telephone number

(8) Postal address

(9) Job Title

At the time of sending the message, the following data is also stored:

(1) The IP address of the user

(2) Date and time of registration

 

In case of sending an email, we will only process the personal data you decide to provide us with (including but not limited to your email address) but reserve the right to request additional data in order to process your query.

For processing the data provided in the contact form your consent is obtained during the contact form fill in and reference is made to this privacy statement.

In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation and replying to your query.

2. Legal basis for data processing

Legal basis for the processing of the data is the consent of the user (Art. 6 para. 1 lit. a GDPR). The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of the data processing

The processing of the personal data serves us only to process your query.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The personal data from the contact form and the email will be deleted when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

5. Objection and removal possibility

The user has the option at any time to revoke consent to the processing of personal data. By sending e-mail to dataprotection@qiagen.com, they may at any time object to the storage of personal data and request the deletion of the user's stored personal data. In such a case, the conversation cannot continue.

All personal data stored in the course of establishing contact will be deleted in this case.

VIII. Marketing activities

1. Description and scope of data processing

We may request you to provide your personal data in order to send you the requested content (e.g. sample kits), select a contest or lottery winner, get your feedback in the survey or to register for events sponsored by QIAGEN. 

If so consented by you or if we have a legitimate interest to do so, we also use your personal data to send notices for direct marketing of our products and services.

2. Legal basis for data processing

The legal basis for the processing of the data transmitted in order to take part in the above-mentioned activities is Art. 6 para. 1 lit. b GDPR.

Our lawful ground of processing your personal data to send you marketing communications is either your consent  (Art. 6 para. 1 lit. a GDPR) or our legitimate interests (Art. 6 para. 1 lit. b GDPR).

3. Purpose of the data processing

The purpose for processing personal data is reviewing survey results, providing users with requested content (e.g. sample kits), registering and updating on events schedules and rewarding and informing the winners of the contest and lottery,

If so agreed by you or if we have a legitimate interest to do so, the data can also be used for designing and developing of QIAGEN´s business, products and services, and for marketing purposes.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection, no later than 3 years from the date of its submission.

The user has the option at any time to revoke consent to the processing of personal data. By sending e-mail to dataprotection@qiagen.com, they may at any time object to the storage of personal data and request the deletion of the user's stored personal data.

5. Objection and removal possibility

Providing personal data is voluntary, but it is necessary to achieve the goals specified above for which the data were collected. Withdrawing of the consent to the processing of personal data is considered as a resignation from receiving the requested content (e.g. sample kits) or participation in the contest, survey, prize draw or event.

IX. With whom do we share your data?

1. Sub-processors QIAGEN engages personal data sub-processors to provide infrastructure services and to help us provide email notifications. Prior to engaging any third-party sub-processor, QIAGEN performs a diligence review to evaluate their privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations. The following is an up-to-date list of the names of QIAGEN’s key sub-processors and the purposes for which they process personal data.

Sub-processor Address Short description
ON24, Inc. San Francisco, California, United States

We use the ON24 platform for
services related to webinars andother virtual
events to provide you with a secure and positive experience.

Oracle Corporation Redwood City, California, United States We use Oracle customer relation management
for the purposes of data hosting and managing information.
Hotjar Ltd. San Ġiljan, Malta We use Hotjar to better understand use
of our websites so that we can improve the
websites based on actual visitor use.
Salesforce.com, Inc. San Francisco, California, United States We use Salesforce.com as our customer
relationship management (CRM) platform
to provide our customers a delightful journey
along our sales, service and marketing touchpoints.
SAP SE Walldorf, Germany We use SAP products for manual or
automated processes regarding
enterprise-resource planning (ERP)
and business warehouse (BW).
Adobe, Inc. San Jose, California, United States We use Adobe Systems for efficient
online marketing and web analysis.
Adobe Analytics enables real-time
analysis of visitor flows on Internet sites,
including but not limited to project reports
and ad-hoc analysis of site visitors.
The results from these analyses enable us
to obtain information in real-time and
to quickly identify problems as they occur.

2. Commercial partners

QIAGEN’s products are available in much of the world. However, we are not present everywhere. To enable wider access to our portfolio, we cooperate with commercial partners with whom we share your personal data so that they can provide you with access to our products and all necessary information. QIAGEN performs a diligence review to evaluate our commercial partners’ privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations.

X. Rights of the data subject

If your personal data is processed, you are the data subject within the meaning of the GDPR and you are entitled to the rights described below. In principle, please direct your request to the Data Protection Officer.

1. Information

You have the right to receive free information about your personal data stored by us at any time as well as confirmation of storing your personal and a copy of this data.

2. Correction

You have the right to rectification and / or completion if the personal data we hold on you is incorrect or incomplete.

3. Restriction of processing

 You have the right to request the restriction of processing, under certain conditions

4. Deletion

You have the right to have your personal data deleted without delay,, under certain conditions.

5. Data portability

You have the right to receive personally identifiable information you provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another person without hindrance. In exercising this right, you also have the right to obtain that personal data relating to you are transmitted directly by us to another person responsible, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

6. Objection

You have the right to object at any time to the processing of personal data relating to you which is "only" based on legitimate interests of us or third parties (Article 6 (1) (f) GDPR). In the event of an objection, we will no longer process personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.

7. Revocation of consent

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation:

8. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the member state of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.

XI. California Consumer Privacy Act Disclosures

In these California Consumer Privacy Act Disclosures ("CCPA Disclosures"), we disclose information about our data processing practices as required by the California Consumer Privacy Act of 2018 ("CCPA"). These CCPA Disclosures are effective January 1, 2020.

Categories of personal information collected. For purposes of CCPA, “personal information” does not include information publicly available from government records, de-identified or aggregated information, and information excluded from the CCPA’s scope. The personal information that QIAGEN collects, or has collected from consumers in the twelve months prior to the effective date of this Disclosure, fall into the following categories, depending on which QIAGEN Service is used:

1. Contact information

A. Categories of data collected and disclosed for a business purpose:

name, surname, titles, postal, phone number and email address, system and device identifiers, customer number, cookie ID, IP address, service request ID number).

B. We obtain the above categories of personal information through the following methods:

Directly from you. For example, the forms you complete or products or services you purchase.

Third parties who provide benefit verification, program enrollment, and product fulfillment services in connection with our products and services.

Consumer reporting agencies and other third parties who verify the information you provide.

Third parties who help us maintain the accuracy of our data and data aggregators that help us complete and enhance our records.

Third parties who provide digital marketing and analytics services for us using cookies and similar technologies that contain a unique identifier, such as an advertising ID

C. Purposes of collection and sharing the contact information

  • To process your requests, purchases, transactions, and payments and prevent transactional fraud.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To send marketing communications, surveys and invitations
  • To administer and manage events
  • To personalize your website experience.
  • To help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business.
  • Advertising and product promotion, including to contact you regarding programs, products, services, and topics that may be of interest or useful.
  • To engage in joint marketing initiatives.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information.
  • Disclosures made in an effort to prevent or halt illegal activities.
  • Disclosures that we reasonably believe are necessary to defend against or prevent us from incurring liability to third parties.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
  • For our everyday business purposes.

D. Third parties to whom this type of personal information is shared or disclosed for a business purpose:

  • Our Affiliates
  • Service providers who help manage and coordinate events
  • Third parties who deliver our communications, such as the postal service and couriers
  • Service providers, including companies who assist with our information technology and security programs
  • Third parties with whom we have joint marketing and similar arrangements
  • Third parties as necessary to complete transactions and provide our products/services, including delivery companies
  • Consumer reporting agencies.
  • Our lawyers, auditors, and consultants.
  • Legal and regulatory bodies and other third parties as required by law

2. Commercial Information

1. Categories of data collected and disclosed for a business purposes:

records of your purchases, records of your activity, propensity score matching (likelihood that you may be interested in certain purchases).

2. We obtain the above categories of personal information through the following methods:
  • Directly from you, our past interactions with us and other companies. For example, the forms you complete or products or services you purchase.
  • Third parties who provide program enrollment, and product fulfillment services in connection with our products and services and also facilitate, process, and complete transactions for us, such as resellers, sales agents, and program partners.
3. Purposes of collection and sharing the contact information:
  • To identify sales prospects
  • To internal business purposes, such as quality control, training and analytics
  • To provide you with our products and services
  • To communicate with you regarding our programs, products, and services.
  • To analyze and better understand your needs, preferences and interests,
  • To comply with legal and regulatory obligations.
  • For our everyday business purposes
4. Third parties to whom this type of personal information is shared or disclosed for a business purpose:
  • Our Affiliates
  • Service providers who help manage and coordinate events
  • Third parties who deliver our communications, such as the postal service and couriers
  • Service providers, including companies who assist with our information technology and security programs
  • Third parties with whom we have joint marketing and similar arrangements
  • Third parties as necessary to complete transactions and provide our products/services, including delivery companies
  • Consumer reporting agencies.
  • Our lawyers, auditors, and consultants.
  • Legal and regulatory bodies and other third parties as required by law

3. Electronic Technical Information

1. Categories of data collected and disclosed for a business purposes:

IP address, device identifiers, user ID, password, web server logs, application logs, browsing and search history, viewing data (site and app usage), cookies, web beacons, clear gifs and pixel tags, referring/exiting URL, request/response date and time, clickstream data, ads and web pages viewed.

2. We obtain the above categories of personal information through the following methods:
  • You and from your computer or devices when you interact with our platforms, websites and applications
  • Via cookies, web beacons, when you visit our website or other websites
  • Third parties who provide website and online security services.
3.Purposes of collection and sharing the contact information:
  • information security and cybersecurity purposes
  • targeting and advertising purposes subject to choices made
  • internal business analysis and market research
  • to administer and secure our systems, websites, applications, databases, and devices
  • to monitor and enforce compliance with our policies, terms and conditions and regulatory requirements
  • to engage in marketing initiatives
4. Third parties to whom this type of personal information is shared or disclosed for a business purpose:
  • Our Affiliates
  • Service providers who help manage and coordinate events
  • Service providers, including companies who assist with our information technology, security programs and fraud prevention
  • Third parties with whom we have joint marketing and similar arrangements
  • Legal and regulatory bodies and other third parties as required by law

 

4.  We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

5. No sale of personal information. QIAGEN does not sell any personal information of consumers, as those terms are defined under the California Consumer Privacy Act.

6. No Discrimination. QIAGEN does  not discriminate against any consumer for exercising their rights under the California Consumer Privacy Act.

7. California Consumer rights. California state law affords certain privacy rights to residents of the state regarding personal information. This section describes your CCPA rights and explains how to exercise those rights.

Right to Know

You have the right to request that QIAGEN disclose certain information to you about our collection and use of your personal information over the past 12 months (“Right to Know”). Once we receive and confirm your verifiable consumer request (see Exercising California Privacy Rights), we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).

Note that there are circumstances where we may decline your Right to Know request. QIAGEN will not:

  • provide a consumer with specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of that personal information, the consumer’s account with the business, or the security of the business’s systems or networks;
  • disclose a consumer’s Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, or security questions and answers.

    Right to Delete

    You have the right to request that we delete any of your personal information that we have collected from you and have retained, subject to certain exceptions (“Right to Delete”). Once we receive and confirm your verifiable consumer request (see California Privacy Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

    We may deny your Right to Delete request if retaining the information is necessary for us or our service provider(s) to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  6. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  7. Comply with a legal obligation.
  8. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising California Privacy Rights

To exercise the Right to Know and Right to Delete described above, please submit a verifiable consumer request to us at: dataprotection@qiagen.com

Only you, or a person registered with the California Secretary of State that you authorize in writing to act on your behalf, may make a verifiable consumer request related to your personal information. Please note that you must verify your identity and authority related to your request before further action is taken. As a part of this process, government identification may be required. If you have authorized someone to make a consumer request for you, we will request proof of such authorization and/or a valid power of attorney, the requester’s valid government government-issued identification, and the authorized agent’s valid government-issued identification. We will verify their identity before acting upon the request or releasing your information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

We will work to process all verified requests within 45 days pursuant to the CCPA. If an extension is needed for up to an additional 45 days in order to process your request, we will provide you with an explanation for the delay.

XII. Conformance of QIAGEN’s Privacy Policy with Law No. 13,709/2018 – General Law on Personal Data Protection (LGPD) – Brazil

QIAGEN’s Privacy Policy is in line with Federal Law No. 13,709/2018 – General Law on Personal Data Protection of Brazil [Referred in Brazil as Lei Geral de Proteção de Dados – LGPD] and applies whenever: (i) data processing is performed in the Brazilian territory; (ii) the purpose of the processing activity is the offer or supply of goods or services or data processing of individuals located in the Brazilian territory; and (iii) the personal data under processing has been collected in the Brazilian territory.

In this sense, in addition to the provisions already existing in the Privacy Policy, we clarify other rights and guarantees that are observed in the data processing performed by QIAGEN, in compliance with the LGPD.

1. Rights of the data subject

If your data is processed, you are deemed a data subject (“Data Subject”) for purposes of the LGPD. In addition to the rights already prescribed in item IX of this Privacy Policy, in compliance with the LGPD, you may exercise the following rights with regard to the processing of data held by you performed by QIAGEN:

  1. Right to confirmation about existence of processing;
  2. Right to data access;
  3. Right to correct incomplete, incorrect or outdated data;
  4. Right to anonymization, blocking or deletion of unnecessary, excessive data or data processed not in line with the LGPD;
  5. Right to data portability to another service or product supplier, with due regard for QIAGEN’s trade and industrial secrets;
  6. Right to ensure data availability, authenticity, integrity and confidentiality;
  7. Right to be notified of change in personal data processing;
  8. Right not to be submitted to automated decisions and profiling;
  9. Right to limitation and opposition to data processing;
  10. Right to be forgotten;
  11. Right to limit treatment of personal data;
  12. Right to deletion of personal data processed with your consent, except in the events of legal custody or other events in the LGPD;
  13. Right to information of public or private entities with which QIAGEN performed shared use of data;
  14. Right to information about the possibility of not supplying consent and about the consequences of denial; and
  15. Right to consent revocation, pursuant to the LGPD.

 

The consent revocation dealt with in letter “o” above may be performed by you at any time and free of charge, upon sending the request to QIAGEN’s DPO stated in this Privacy Policy.

2. Data processing and lawfulness of processing

The data processing shall be made in the manner, for the time and for the purposes already stated in this Privacy Policy with regard to each of the processing performed in items II, III, IV, V, VI, VII and VIII.

As for the lawfulness of processing, QIAGEN clarifies that:

  1. When processing is performed based on your consent, the legal grounds for processing shall be article 7, I, of the LGPD;
  2. When processing is performed based on performance of an agreement or preliminary procedures related to the agreement to which you are a party, the legal grounds for processing shall be article 7, V, of the LGPD;
  3. When data processing is performed based upon QIAGEN’s or third party’s lawful interests, except for in the cases in which user’s fundamental rights and freedoms shall prevail, the legal grounds for processing shall be article 7, IX, of the LGPD;

QIAGEN may further perform data processing whenever necessary: (i) for compliance with a legal or regulatory obligation, in which event the legal grounds shall be article 7, II, of the LGPD; (ii) for regular exercise of rights in a lawsuit, administrative or arbitration proceeding, in which event the legal grounds shall be article 7, VI, of LGPD; (iii) for protection of the life or safety of the data subject or a third party, in which event the legal grounds shall be article 7, VII, of the LGPD.

As prescribed in item III of this Privacy Policy, log files shall be processed based upon article 15 of Federal Law No. 12,965/2014 – the Brazilian Civil Rights Framework for the Internet.

3. Sharing of Data Subject personal data

A QIAGEN may share your personal data with third parties, who shall act as processors, while QIAGEN shall act as controllers for the LGPD purposes and in compliance therewith. In addition to the actions already mentioned in item II. 4. of this Privacy Policy, the sharing of this data will only be possible when the purposes contained therein and the principles and guarantees established in the LGPD, particularly the rights and fundamental freedoms of the data subject are complied with.

QIAGEN may also share your personal data whenever it is deemed necessary (i) for our own interest or that of a third party; (ii) for the compliance with a legal, judicial order or an arbitration award; and (iii) to protect the safety of any person or to prevent the imminent death or physical harm of the Data Subject or that of a third party, always in compliance with your fundamental rights and freedoms.

4. International transfer of data

In the event the personal data of the Data Subject is transferred outside of Brazil, QIAGEN undertakes to make such transfer to international countries or organizations that provide adequate degree of protection of personal data compatible to the LGPD, as well as to adopt the necessary measures for the compliance with the guarantees, principles and rights provided for in the LGPD and in other applicable laws, including the entering into agreements with specific contractual clauses for  making the transfer.

5. Data processing of children and adolescents

Data processing performed by QIANGEN is not directed to children and adolescents (individuals under the age of 18). Should QIAGEN become aware of an improper processing of personal data related to a child or adolescent, it shall take the necessary actions to delete it, under the terms of this Privacy Policy.

6. Storage and deletion of the Data Subject´s personal data

In addition to the specific events of duration and deletion provided for in this Privacy Policy, the personal data collected by QIAGEN will be stored and may be subject to processing as long as they are necessary (i) to provide the services or to provide the products offered; (ii) to accomplish the legitimate and essential commercial purposes, such as maintaining the website and its functionalities and to offer services and products; (iii) to the exercise of rights in a lawsuit, administrative or arbitration proceedings; and (iv) for the compliance with the legal and/or regulatory obligation, always in due regard to the purposes set forth in this Privacy Policy.

The personal data collected and duly anonymized may be kept for an undetermined period, at QIAGEN´s discretion.

You may, at any time and free of charge, request QIAGEN by email that your personal data that have not been anonymized be duly deleted, except in case of impossibility by an express legal provision, such as for compliance with legal and/or regulatory obligations and to the exercise of right in a lawsuit, administrative or arbitral proceeding.

7. Security in the processing of your data

QIAGEN adopts all security, technical and administrative measures to protect your data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or any manner of improper or unlawful processing of your personal data. However, it is important that you understand that no system is totally secure or insusceptible to invasions and failures.

Should there be an incident involving the personal data, subject matter of this Policy, QIAGEN will notify you and the National Data and Protection Authority (“ANPD”), in accordance with the applicable legal provisions.

8. Amendments to this Policy

This Policy may, if necessary, be amended. Amendments made to this Policy will always be prominently communicated on our website.

9. Contact

Any questions about this Privacy Policy may be directed to the contacts indicated in item I hereof.