Privacy Policy
QIAGEN takes your privacy seriously. Please read below to learn more about your privacy as relates to our company.
Last update: 16.10.2023
QIAGEN Privacy Policy
This Privacy Policy covers our treatment of personal information under applicable data protection and privacy laws, including but not limited to (1) personally identifiable information, as defined by numerous statutes in the United States, including the California Online Privacy Protection Act (such statutes, the "PII Laws") (2) personal information, as defined by the California Consumer Privacy Act (the "CCPA") and for this purpose applies solely to visitors, users, and others who reside in the State of California, (3) personal data, as defined by the General Law on Personal Data Protection of Brazil (referred in Brazil as Lei Geral de Proteção de Dados – LGPD) and (4) personal data, as defined by the European Union General Data Protection Regulation (the "GDPR").
I. Name and address of the person responsible
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
QIAGEN GmbH
QIAGEN Str. 1
40724 Hilden
Germany
Tel .: +492103290
E-mail: dataprotection@qiagen.com
Contact Data Protection Officer: dataprotectionofficer@qiagen.com
Website: www.qiagen.com
II. General information on data processing
1. Scope of processing of personal data
Generally, we collect and use personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Insofar as we obtain your consent for processing of personal data, Art. 6 para. 1 lit. a) EU General Data Protection Regulation (GDPR) as legal basis.
When processing personal data that is required to fulfill a contract of which you are a party, Art. 6 para. 1 lit. b) GDPR as legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation to which QIAGEN GMBH is subject, Art. 6 para. 1 lit. c) GDPR is the legal basis for such processing.
If the processing of personal data is necessary to safeguard legitimate interests of QIAGEN GMBH, Art. 6 para. 1 lit. f) GDPR serves as legal basis.
If a transfer of personal data to other companies of the QIAGEN Group based in a third country takes place, the transfer is based on the standard contractual clauses pursuant to Art. 46 para. 2 lit. c) GDPR and supplementary appropriate security measures.
3. Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is fulfilled. In addition, such storage may be required by the European or national legislator in EU regulations, laws or other regulations to which QIAGEN is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for conclusion or fulfilment of the contract.
4. Sub-processing
QIAGEN may engage third party service providers to assist with the data processing activities. When we work with these service providers in our capacity as a data processor, the third-party service provider is a sub-processor.
Before engaging any processor and sub-processor, we perform due diligence, including security and legal analysis. Our processor and sub-processors are all subject to contract terms that enforce compliance with applicable data protection laws.
III. Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
In this process, the following data is collected:
(1) Information sent in user-agent header by the browser
(2) The IP address of the user
(3) Date and time of access
(4) Information sent in referrer header by the browser
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes comprise our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.
In the case of storing the data in log files, this is the case after four weeks at the latest. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
5. Objection and removal possibility
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no right to objection to this for the user.
IV. Use of cookies
Our website uses cookies. Cookies are text files that are stored in the internet browser or the internet browser on the user's computer system. These cookies are primarily used to make the functions of the online offer usable.
We also use cookies to make our website more user-friendly. In addition, we use cookies on our website, which enable an analysis of the surfing behavior and a precise alignment to the interests of the user. Detailed information about Cookies which we use on our website can be found via this link.
When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and referred to this privacy policy.
The legal basis for the processing of personal data using technically required cookies, for example to implement the functions you have selected or to safeguard our legitimate interest in the functionality of the online offer, is based on Article 6 (1) lit. b) and lit. f) GDPR. If we should also use cookies to analyze the use of the online offer and to tailor it to the interests of the user, this is done exclusively based on your voluntary consent in accordance with Article 6 (1) lit. a) GDPR. You then have the option of making your appropriate settings via consent management. Consent given can be revoked at any time with effect for the future.
Further information on the cookies and their function in detail as well as on setting and revocation options can be found directly in the corresponding areas of consent management. Please note that we only provide consent management if consent-based cookies are used in addition to the technically required cookies. If you do not want cookies to be used at all, you can also prevent their use by making the appropriate settings on your end device. You can delete saved cookies at any time in the system settings of your end device.
V. Newsletter
1. Description and scope of data processing
You can subscribe to a free newsletter on our website. The data from the input mask transmitted to us when registering for the newsletter:
e-mail address
In addition, the following data is collected upon registration:
(1) IP address of the calling computer
(2) Date and time of registration
For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy.
2. Legal basis for data processing
The legal basis for the processing of the data after the user has registered for the newsletter is the consent of the user Art. 6 para. 1 lit. a GDPR.
3. Purpose of the data processing
The collection of the user's e-mail address serves to deliver the newsletter.
4. Duration of storage
The data will be deleted as soon as the consent for processing is revoked by the data subject.
5. Objection and removal possibility
The user has the option to revoke consent to the processing of personal data at any time. By sending e-mail at dataprotection@qiagen.com, they may object to the storage of personal data and request the deletion of the user's stored personal data.
VI. Registration to My QIAGEN
1. Description and scope of data processing
On our website, we offer users the opportunity to register by providing personal information. Usage of My QIAGEN is subject to the acceptance of the provisions of this Privacy Policy and My QIAGEN’s Terms of Use, which can be found here: https://www.qiagen.com/fi/trademarks-and-disclaimers/myqiagen-terms-of-use. A transfer of data to third parties does not take place. The following data is collected during the registration process:
(1) The IP address of the user
(2) Date and time of registration
(3) E-mail address
(4) Surname and first name
(5) Company
(6) Country
(7) Telephone number
(8) Postal address
As part of the registration process, the consent of the user to process this data is obtained.
2. Legal basis for data processing
Legal basis for the processing of the data is the consent of the user Art. 6 para. 1 lit. a GDPR.
If the registration serves the fulfillment of a contract of which the user is a party or the implementation of pre-contractual measures, an additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.
3. Purpose of the data processing
User registration is required for the provision of certain content and services on our website.4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection or, as the case may be, as soon as the consent for processing is revoked by the data subject.
5. Objection and removal possibility
The user has the option at any time to revoke consent to the processing of personal data. By sending e-mail to dataprotection@qiagen.com, they may at any time object to the storage of personal data and request the deletion of the user's stored personal data. In such a case, the conversation cannot continue.
All personal data stored in the course of establishing contact will be deleted in this case.
VII. Provision of the QIAGEN services
1. Description and scope of data processing
Each time you access the QIAstat-Dx RRA (and QIAsphere) service, our system automatically collects data and information from the computer system of the calling computer or device.
In this process, the following data may be processed:
Identification data when using QIAsphere and QIAstat-Dx RRA
- Full name
- email address
- IP address
- Geolocation data
- Device IP address
- device identifiers (alias)
- serial numbers
- Company name
- group names
- group IDs
Device data when using QIAstat-Dx RRA
- device country
- device city
- device zip code
- device time zone
Usage data when using QIAsphere and QIAstat-Dx RRA
- event data
- service usage logs
- metadata regarding operations
- timestamps
2. Legal basis for data processing
The processing of personal data that is required to fulfil a contract of which you (or the legal entity you are working for) are a party, Art. 6 para. 1 lit. b) GDPR as a legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfil a legal obligation to which QIAGEN GMBH is subject, Art. 6 para. 1 lit. c) GDPR is the legal basis for such processing.
If a transfer of personal data to other companies of the QIAGEN Group based in a third country takes place, the transfer is based on the standard contractual clauses pursuant to Art. 46 para. 2 lit. c) GDPR and appropriate supplementary security measures.
3. Purpose of the data processing
We collect and use personal data of our users only to the extent necessary for the provision of a functional Service.
4. Duration of storage
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is fulfilled. In addition, such storage may be required by the European or national legislator in EU regulations, laws or other regulations to which QIAGEN is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for conclusion or fulfilment of the contract.
5. Sub-processing
QIAGEN may engage third party service providers to assist with the data processing activities. When we work with these service providers in our capacity as a data processor, the third-party service provider is a sub-processor.
Before engaging any processor and sub-processor, we perform due diligence, including security and legal analysis. Our processor and sub-processors are all subject to contract terms that enforce compliance with applicable data protection laws.
VIII. Contact form and e-mail contact
1. Description and scope of data processing
You can contact us by using the contact form or by sending an email to the addresses provided on our website.
The following data may be collected during the contact form filling:
(1) Title
(2) Date and time of registration
(3) E-mail address
(4) Surname and first name
(5) Company
(6) Country (and state, as applicable)
(7) telephone number
(8) Postal address
(9) Job Title
At the time of sending the message, the following data is also stored:
(1) The IP address of the user
(2) Date and time of registration
In case of sending an email, we will only process the personal data you decide to provide us with (including but not limited to your email address) but reserve the right to request additional data in order to process your query.
For processing the data provided in the contact form your consent is obtained during the contact form fill in and reference is made to this privacy statement.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation and replying to your query.
2. Legal basis for data processing
3. Purpose of the data processing
The processing of the personal data serves us only to process your query.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The personal data from the contact form and the email will be deleted when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
5. Objection and removal possibility
The user has the option at any time to revoke consent to the processing of personal data. By sending e-mail to dataprotection@qiagen.com, they may at any time object to the storage of personal data and request the deletion of the user's stored personal data. In such a case, the conversation cannot continue.
All personal data stored in the course of establishing contact will be deleted in this case.
IX. Marketing activities
1. Description and scope of data processing
We may request you to provide your personal data in order to send you the requested content (e.g. sample kits), select a contest or lottery winner, get your feedback in the survey or to register for events sponsored by QIAGEN.
If so consented by you or if we have a legitimate interest to do so, we also use your personal data to send notices for direct marketing of our products and services.
2. Legal basis for data processing
The legal basis for the processing of the data transmitted in order to take part in the above-mentioned activities is Art. 6 para. 1 lit. b GDPR.
Our lawful ground of processing your personal data to send you marketing communications is either your consent (Art. 6 para. 1 lit. a GDPR) or our legitimate interests (Art. 6 para. 1 lit. b GDPR).
3. Purpose of the data processing
The purpose for processing personal data is reviewing survey results, providing users with requested content (e.g. sample kits), registering and updating on events schedules and rewarding and informing the winners of the contest and lottery,
If so agreed by you or if we have a legitimate interest to do so, the data can also be used for designing and developing of QIAGEN´s business, products and services, and for marketing purposes.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection, no later than 3 years from the date of its submission.
The user has the option at any time to revoke consent to the processing of personal data. By sending e-mail to dataprotection@qiagen.com, they may at any time object to the storage of personal data and request the deletion of the user's stored personal data.
5. Objection and removal possibility
Providing personal data is voluntary, but it is necessary to achieve the goals specified above for which the data were collected. Withdrawing of the consent to the processing of personal data is considered as a resignation from receiving the requested content (e.g. sample kits) or participation in the contest, survey, prize draw or event.
X. With whom do we share your data?
1. Sub-processors
QIAGEN engages personal data sub-processors to provide infrastructure services and to help us provide email notifications. Prior to engaging any third-party sub-processor, QIAGEN performs a diligence review to evaluate their privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations. The following is an up-to-date list of the names of QIAGEN’s key sub-processors and the purposes for which they process personal data.Sub-processor | Location | Short description |
ON24, Inc. | San Francisco, California, United States |
We use the ON24 platform for |
Oracle Corporation | Redwood City, California, United States | We use Oracle customer relation management for the purposes of data hosting and managing information. |
Hotjar Ltd. | San Ġiljan, Malta | We use Hotjar to better understand use of our websites so that we can improve the websites based on actual visitor use. |
Salesforce.com, Inc. | San Francisco, California, United States | We use Salesforce.com as our customer relationship management (CRM) platform to provide our customers a delightful journey along our sales, service and marketing touchpoints. |
SAP SE | Walldorf, Germany | We use SAP products for manual or automated processes regarding enterprise-resource planning (ERP) and business warehouse (BW). |
Adobe, Inc. | San Jose, California, United States | We use Adobe Systems for efficient online marketing and web analysis. Adobe Analytics enables real-time analysis of visitor flows on Internet sites, including but not limited to project reports and ad-hoc analysis of site visitors. The results from these analyses enable us to obtain information in real-time and to quickly identify problems as they occur. |
2. Commercial partners
QIAGEN’s products are available in much of the world. However, we are not present everywhere. To enable wider access to our portfolio, we cooperate with commercial partners with whom we share your personal data so that they can provide you with access to our products and all necessary information. QIAGEN performs a diligence review to evaluate our commercial partners’ privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations.
XI. Rights of the data subject
If your personal data is processed, you are the data subject within the meaning of the GDPR and you are entitled to the rights described below. In principle, please direct your request to the Data Protection Officer.
1. Information
You have the right to receive free information about your personal data processed by us at any time as well as confirmation of storing your personal information and a copy of this data.
2. Correction
You have the right to rectification and / or completion if the personal data we hold on you is incorrect or incomplete.
3. Restriction of processing
You have the right to request the restriction of processing, under certain conditions
4. Deletion
You have the right to have your personal data deleted without delay,, under certain conditions.
5. Data portability
You have the right to receive personally identifiable information you provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another person without hindrance. In exercising this right, you also have the right to obtain that personal data relating to you are transmitted directly by us to another person responsible, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.
6. Objection
You have the right to object at any time to the processing of personal data relating to you which is "only" based on legitimate interests of us or third parties (Article 6 (1) (f) GDPR). In the event of an objection, we will no longer process personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.
7. Revocation of consent
You have the right to revoke your consent to the processing activities, if previously collected, at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation:
8. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the member state of your residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.
9. Amendments to this Policy
This Policy may, if necessary, be amended. Amendments made to this Policy will always be prominently communicated to you.
10. Contact
Any questions about this Privacy Policy may be directed to the contacts indicated in item I hereof.
XI. California Consumer Privacy Act Disclosures
In these California Consumer Privacy Act Disclosures ("CCPA Disclosures"), we disclose information about our data processing practices as required by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act ("CCPA"). These CCPA Disclosures apply to Consumers who are residents of the U.S. State of California.
Categories of personal information collected. For purposes of CCPA, “personal information” does not include information publicly available from government records, de-identified or aggregated information, and information excluded from the CCPA’s scope. The personal information that QIAGEN collects, or has collected from consumers in the twelve months prior to the effective date of this Disclosure, fall into the following categories, depending on which QIAGEN Service is used:
1. Contact information
A. Categories of data collected and disclosed for a business purpose:
name, surname, titles, postal, phone number and email address, system and device identifiers, customer number, cookie ID, IP address, service request ID number).
B. We obtain the above categories of personal information through the following methods:
Directly from you. Information that we collect can include the following: information obtained through the forms you complete or products or services you purchase, including names and addresses; email address information you provide; and financial and payment information associated with purchases. This list is not exclusive and may be altered without notice based on information that you supply.
From third parties and consumer reporting agencies. For example, these third parties might collect information from you when providing QIAGEN with the following services: benefit verification, program enrollment, and product fulfillment services in connection with our products and services; verification of the information you provide; maintenance of the accuracy of our data and data aggregators that help us complete and enhance our records; and provision of digital marketing and analytics services for us that use cookies and similar technologies that contain a unique identifier, such as an advertising ID.
From email communications. We collect your contact information to conduct marketing activities. We may communicate and make special product offerings available via email. To help us make emails more useful to you, we often receive a confirmation when you open an email from qiagen.com/us if your computer supports such capabilities. If you do not want to receive email or other correspondence from us, adjust your email contact preferences or indicate your preference as directed by the email. We will retain your email address until it is no longer needed to carry out your stated marketing preferences.
From automatically obtained information. When you access the QIAGEN website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including details of your visits to our site and information about your computer and internet connection. The most significant information is stored in the form of cookies, which are small files stored on your computer that transmit your electronic identity to the website that you visit. Like most websites, we use cookies to be able to identify you as a return visitor to the site and to help us analyze web traffic, provide user data for a particular webpage, and allow web applications to be adapted for you as an individual. If you would prefer to prevent your computer from accepting our cookies, follow the steps for your Internet browser for doing so. If you do disable cookies, however, you may not be able to take full advantage of all our online features or access certain sections of the QIAGEN website. You cannot use the website if you opt out of our “Technically Necessary Cookies and Similar Technologies” (as defined in our Consent Manager) as they are deployed to ensure the proper functioning of our website (such as prompting the cookie banner, remembering your settings, allowing you to log in to your account, redirecting to the appropriate page you when you log out, etc.).
The QIAGEN website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help the website analyze how users use the site. The site also uses website analytics if your device has local files from Meta products, including Facebook and Instagram, that you have chosen to install separately. Information generated by cookie or web beacon activity that is shared with Meta is subject to your separate agreement and permissions that you control with Meta, including past and future choices to share information voluntarily with Meta. For Google Analytics, information generated by cookies about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet use for QIAGEN and its affiliates. Both the Google Analytics or the Meta application information could potentially include collection and transfer of your video viewing activity based on your interaction with content on our website. QIAGEN’s use of third parties related to the videos on our website is limited to service providers who are under contract with QIAGEN to support the posting and viewing of video content on the website. Google and/or Meta may also transfer this information to third parties where required to do so by law, or where such third parties process the information on their behalf. You may refuse the use of cookies by selecting your preferences in the cookie banner on our website or selecting the appropriate settings on your browser. However, please note that, if you refuse the use of cookies, you may not be able to use the full functionality of this website. Detailed information about cookies that we use on our website can be found via this link.
You may disable or change the processing of data about you by Meta through changes in your setting on the Meta site and/or interaction with Meta products you have chosen to install on your device or browsers. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
QIAGEN respects global privacy control signals, also known as "GPC" signals. If we detect that your browser is transmitting a GPC signal, we will process it as a request to opt out of sharing on our website, in accordance with applicable law. Additionally, you may choose to opt out of cookie and pixel-related "sharing" or targeted advertising on our website by adjusting cookie privacy preferences in our Consent Manager. You can access the Consent Manager by clicking the "Consent Manager" link in the footer of our website. Please note that, if you visit our website from a different device or use a different browser on the same device, you will need to enable GPC or set your cookie preferences for each browser and device. For more information about GPC, visit https://globalprivacycontrol.org/
C. Purposes of collection and sharing the contact information
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To send marketing communications, surveys and invitations
- To administer and manage events
- To personalize your website experience.
- To help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business.
- Advertising and product promotion, including to contact you regarding programs, products, services, and topics that may be of interest or useful.
- To engage in joint marketing initiatives.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information.
- Disclosures made in an effort to prevent or halt illegal activities.
- Disclosures that we reasonably believe are necessary to defend against or prevent us from incurring liability to third parties.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
- For our everyday business purposes.
D. Third parties to whom this type of personal information is shared or disclosed for a business purpose:
- Our Affiliates
- Service providers who help manage and coordinate events
- Third parties who deliver our communications, such as the postal service and couriers
- Service providers, including companies who assist with our information technology and security programs
- Third parties with whom we have joint marketing and similar arrangements
- Third parties as necessary to complete transactions and provide our products/services, including delivery companies
- Consumer reporting agencies.
- Our lawyers, auditors, and consultants.
- Legal and regulatory bodies and other third parties as required by law
2. Commercial Information
1. Categories of data collected and disclosed for a business purposes:
records of your purchases, records of your activity, propensity score matching (likelihood that you may be interested in certain purchases).
2. We obtain the above categories of personal information through the following methods:
- Directly from you, our past interactions with us and other companies. For example, the forms you complete or products or services you purchase.
- Third parties who provide program enrollment, and product fulfillment services in connection with our products and services and also facilitate, process, and complete transactions for us, such as resellers, sales agents, and program partners.
3. Purposes of collection and sharing the contact information:
- To identify sales prospects
- To internal business purposes, such as quality control, training and analytics
- To provide you with our products and services
- To communicate with you regarding our programs, products, and services.
- To analyze and better understand your needs, preferences and interests,
- To comply with legal and regulatory obligations.
- For our everyday business purposes
4. Third parties to whom this type of personal information is shared or disclosed for a business purpose:
- Our Affiliates
- Service providers who help manage and coordinate events
- Third parties who deliver our communications, such as the postal service and couriers
- Service providers, including companies who assist with our information technology and security programs
- Third parties with whom we have joint marketing and similar arrangements
- Third parties as necessary to complete transactions and provide our products/services, including delivery companies
- Consumer reporting agencies.
- Our lawyers, auditors, and consultants.
- Legal and regulatory bodies and other third parties as required by law
3. Electronic Technical Information
1. Categories of data collected and disclosed for a business purposes:
IP address, device identifiers, user ID, password, web server logs, application logs, browsing and search history, viewing data (site and app usage), cookies, web beacons, clear gifs and pixel tags, referring/exiting URL, request/response date and time, clickstream data, ads and web pages viewed.
2. We obtain the above categories of personal information through the following methods:
- You and from your computer or devices when you interact with our platforms, websites and applications
- Via cookies, web beacons, when you visit our website or other websites
- Third parties who provide website and online security services.
3.Purposes of collection and sharing the contact information:
- information security and cybersecurity purposes
- targeting and advertising purposes subject to choices made
- internal business analysis and market research
- to administer and secure our systems, websites, applications, databases, and devices
- to monitor and enforce compliance with our policies, terms and conditions and regulatory requirements
- to engage in marketing initiatives
4. Third parties to whom this type of personal information is shared or disclosed for a business purpose:
- Our Affiliates
- Service providers who help manage and coordinate events
- Service providers, including companies who assist with our information technology, security programs and fraud prevention
- Third parties with whom we have joint marketing and similar arrangements
- Legal and regulatory bodies and other third parties as required by law
5. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
6. No sale or sharing of personal information. QIAGEN does not sell any personal information of consumers, as those terms are defined under the California Consumer Privacy Act.
7. California consumer rights. California state law affords certain privacy rights to residents of the state regarding personal information. This section describes your CCPA rights and explains how to exercise those rights.
Right to know
You have the right to request that QIAGEN disclose certain information to you about our collection and use of your personal information over the past 12 months (“right to know”). Once we receive and confirm your verifiable consumer request (see Exercising California Privacy Rights), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
Note that there are circumstances where we may decline your right to know request. QIAGEN will not:
- provide a consumer with specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of that personal information, the consumer’s account with the business, or the security of the business’s systems or networks;
- disclose a consumer’s Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, or security questions and answers.
Right to delete
You have the right to request that we delete any of your personal information that we have collected from you and have retained, subject to certain exceptions (“right to delete”). Once we receive and confirm your verifiable consumer request (see California Privacy Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your right to delete request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Right to correct
If QIAGEN maintains any inaccurate personal information about you, you have the right to request the correction of that inaccurate personal information.
Right to opt-out
We do not sell or share your personal information with unaffiliated third parties. Nonetheless, California residents have the right to opt-out of the sale or sharing of their personal information by QIAGEN.
Designating an authorized agent
You have the right to designate an agent to manage your rights under California law. If you would like to designate an agent to manage your privacy preferences, you may do so using the mechanisms noted below under “Exercising California Privacy Rights.” Note that, if you do not have a My QIAGEN account with us, we may ask for some personal information to verify your identity and your rights to the data subject to your request. We will also need sufficient personal information about your authorized agent to be able to identify them. As part of this process, you must have permission from your authorized agent to disclose their personal information to us for the purpose of acting as your agent.
Non-discrimination
California law does not permit us to discriminate against you because you exercised any your rights under this title, including, but not limited to, the following: denying you access to goods or services; charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; providing a different level or quality of goods or services; or suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Exercising California privacy rights
To exercise the right to know and right to delete described above, please submit a verifiable consumer request to us at: dataprotection@qiagen.com
Only you, or a person registered with the California Secretary of State that you authorize in writing to act on your behalf, may make a verifiable consumer request related to your personal information. Please note that you must verify your identity and authority related to your request before further action is taken. As a part of this process, government identification may be required. If you have authorized someone to make a consumer request for you, we will request proof of such authorization and/or a valid power of attorney, the requester’s valid government government-issued identification, and the authorized agent’s valid government-issued identification. We will verify their identity before acting upon the request or releasing your information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
We will work to process all verified requests within 45 days pursuant to the CCPA. If an extension is needed for up to an additional 45 days in order to process your request, we will provide you with an explanation for the delay.
XII. Conformance of QIAGEN’s Privacy Policy with Law No. 13,709/2018 – General Law on Personal Data Protection (LGPD) – Brazil
QIAGEN’s Privacy Policy is in line with Federal Law No. 13,709/2018 – General Law on Personal Data Protection of Brazil [Referred in Brazil as Lei Geral de Proteção de Dados – LGPD] and applies whenever: (i) data processing is performed in the Brazilian territory; (ii) the purpose of the processing activity is the offer or supply of goods or services or data processing of individuals located in the Brazilian territory; and (iii) the personal data under processing has been collected in the Brazilian territory.
In this sense, in addition to the provisions already existing in the Privacy Policy, we clarify other rights and guarantees that are observed in the data processing performed by QIAGEN, in compliance with the LGPD.
1. Rights of the data subject
If your data is processed, you are deemed a data subject (“Data Subject”) for purposes of the LGPD. In addition to the rights already prescribed in item IX of this Privacy Policy, in compliance with the LGPD, you may exercise the following rights with regard to the processing of data held by you performed by QIAGEN:
- Right to confirmation about existence of processing;
- Right to data access;
- Right to correct incomplete, incorrect or outdated data;
- Right to anonymization, blocking or deletion of unnecessary, excessive data or data processed not in line with the LGPD;
- Right to data portability to another service or product supplier, with due regard for QIAGEN’s trade and industrial secrets;
- Right to ensure data availability, authenticity, integrity and confidentiality;
- Right to be notified of change in personal data processing;
- Right not to be submitted to automated decisions and profiling;
- Right to limitation and opposition to data processing;
- Right to be forgotten;
- Right to limit treatment of personal data;
- Right to deletion of personal data processed with your consent, except in the events of legal custody or other events in the LGPD;
- Right to information of public or private entities with which QIAGEN performed shared use of data;
- Right to information about the possibility of not supplying consent and about the consequences of denial; and
- Right to consent revocation, pursuant to the LGPD.
The consent revocation dealt with in letter “o” above may be performed by you at any time and free of charge, upon sending the request to QIAGEN’s DPO stated in this Privacy Policy.
2. Data processing and lawfulness of processing
The data processing shall be made in the manner, for the time and for the purposes already stated in this Privacy Policy with regard to each of the processing performed in items II, III, IV, V, VI, VII and VIII.
As for the lawfulness of processing, QIAGEN clarifies that:
- When processing is performed based on your consent, the legal grounds for processing shall be article 7, I, of the LGPD;
- When processing is performed based on performance of an agreement or preliminary procedures related to the agreement to which you are a party, the legal grounds for processing shall be article 7, V, of the LGPD;
- When data processing is performed based upon QIAGEN’s or third party’s lawful interests, except for in the cases in which user’s fundamental rights and freedoms shall prevail, the legal grounds for processing shall be article 7, IX, of the LGPD;
QIAGEN may further perform data processing whenever necessary: (i) for compliance with a legal or regulatory obligation, in which event the legal grounds shall be article 7, II, of the LGPD; (ii) for regular exercise of rights in a lawsuit, administrative or arbitration proceeding, in which event the legal grounds shall be article 7, VI, of LGPD; (iii) for protection of the life or safety of the data subject or a third party, in which event the legal grounds shall be article 7, VII, of the LGPD.
As prescribed in item III of this Privacy Policy, log files shall be processed based upon article 15 of Federal Law No. 12,965/2014 – the Brazilian Civil Rights Framework for the Internet.
3. Sharing of Data Subject personal data
A QIAGEN may share your personal data with third parties, who shall act as processors, while QIAGEN shall act as controllers for the LGPD purposes and in compliance therewith. In addition to the actions already mentioned in item II. 4. of this Privacy Policy, the sharing of this data will only be possible when the purposes contained therein and the principles and guarantees established in the LGPD, particularly the rights and fundamental freedoms of the data subject are complied with.
QIAGEN may also share your personal data whenever it is deemed necessary (i) for our own interest or that of a third party; (ii) for the compliance with a legal, judicial order or an arbitration award; and (iii) to protect the safety of any person or to prevent the imminent death or physical harm of the Data Subject or that of a third party, always in compliance with your fundamental rights and freedoms.
4. International transfer of data
In the event the personal data of the Data Subject is transferred outside of Brazil, QIAGEN undertakes to make such transfer to international countries or organizations that provide adequate degree of protection of personal data compatible to the LGPD, as well as to adopt the necessary measures for the compliance with the guarantees, principles and rights provided for in the LGPD and in other applicable laws, including the entering into agreements with specific contractual clauses for making the transfer.
5. Data processing of children and adolescents
Data processing performed by QIAGEN is not directed to children and adolescents (individuals under the age of 18). Should QIAGEN become aware of an improper processing of personal data related to a child or adolescent, it shall take the necessary actions to delete it, under the terms of this Privacy Policy.
6. Storage and deletion of the Data Subject´s personal data
In addition to the specific events of duration and deletion provided for in this Privacy Policy, the personal data collected by QIAGEN will be stored and may be subject to processing as long as they are necessary (i) to provide the services or to provide the products offered; (ii) to accomplish the legitimate and essential commercial purposes, such as maintaining the website and its functionalities and to offer services and products; (iii) to the exercise of rights in a lawsuit, administrative or arbitration proceedings; and (iv) for the compliance with the legal and/or regulatory obligation, always in due regard to the purposes set forth in this Privacy Policy.
The personal data collected and duly anonymized may be kept for an undetermined period, at QIAGEN´s discretion.
You may, at any time and free of charge, request QIAGEN by email that your personal data that have not been anonymized be duly deleted, except in case of impossibility by an express legal provision, such as for compliance with legal and/or regulatory obligations and to the exercise of right in a lawsuit, administrative or arbitral proceeding.
7. Security in the processing of your data
QIAGEN adopts all security, technical and administrative measures to protect your data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or any manner of improper or unlawful processing of your personal data. However, it is important that you understand that no system is totally secure or insusceptible to invasions and failures.
Should there be an incident involving the personal data, subject matter of this Policy, QIAGEN will notify you and the National Data and Protection Authority (“ANPD”), in accordance with the applicable legal provisions.
8. Amendments to this Policy
This Policy may, if necessary, be amended. Amendments made to this Policy will always be prominently communicated on our website.
9. Contact
Any questions about this Privacy Policy may be directed to the contacts indicated in item I hereof.