Data Protection Information in Accordance with Art. 13 GDPR Regarding the compilation and processing of your data so we may contact you for business purposes

In the following, we would like to inform you about the processing of your personal data. 

I. Who is responsible for data processing and who is the data protection officer?

The responsible party for data processing is

Analytik Jena GmbH
Konrad-Zuse-Strasse 1
07745 Jena, Germany
Tel.: +49 3641 77 70

You can reach our data protection officer at

II. Which data do we use, and where do they come from?

We process the following personal data:

  • Title, first name, last name
  • Position in company, if applicable
  • Employer (company)
  • Contact data (business email, business telephone number)

We obtain the aforementioned data during the initiation of contact by you or employees of Analytik Jena GmbH or its subsidiaries, for example when

  • you hand your business card to employees of Analytik Jena GmbH or its subsidiaries,
  • you engage in personal conversations and verbally disclose your data,
  • it is acquired by telephone or personally (on-site) by employees of Analytik Jena GmbH or its subsidiaries,
  • we research publicly available contact information online, the use of which has not been explicitly denied,
  • you make inquiries by telephone.

III. For what purpose and on what legal basis do we process your data?

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

We require your data to initiate business contact and to transmit the information necessary to do so. Beyond this, no further use or transfer of your registration data to unauthorized third parties occurs. Your personal data are not published.

The legal basis for the compilation and processing of your data is Art. 6 Para. 1 p. 1 lit. b of the GDPR. The legal basis rests upon the fact that these data are required to conduct precontractual measures or to fulfill a contract.

Another legal justification for the compilation and processing of your data is legitimate interest, as defined by Art. 6 Para. 1 p. 1 lit. f of the GDPR. The aforementioned reasons constitute our legitimate interest in data processing.

Inasmuch as you have granted us consent to process your personal data for particular purposes (e.g. marketing, advertising, sending of newsletters), the legality of this process is based on your consent in accordance with Art. 6, para. 1, no. 1, GDPR. Consent can be revoked at any time via We would like to point out that the revocation of consent takes effect in the future and does not affect the legality of the data processed before such revocation.

IV. Right to opt out

You have the right to opt out of processing in accordance with Art. 6 Para. 1 p. 1 lit. f of the GDPR. Your request to opt out should be addressed to:

V. Data access: Who obtains your data?

Employees of Analytik Jena and, if applicable, their subsidiaries obtain access to your data provided that these data are required to achieve the specified purposes. Our service providers and agents may also obtain data for these purposes. In case transmission to third parties outside our company is necessary, it occurs only if legal provisions require this, you have provided your consent as a customer, or a legitimate interest exists. 

VI. How long are your data stored?

We process and store your personal data as long as necessary to fulfill our contractual and legal obligations.

If data are no longer required to fulfill contractual or legal obligations, they are routinely deleted unless their – temporary – further processing is required for the following purposes:

  • To fulfill commercial and legal tax-related retention obligations, stemming for example from the German Commercial Code (HGB), the Fiscal Code of Germany (AO), the German Banking Act (KWG), the Money Laundering Act (GwG), or the German Securities Trading Act (WpHG). The time periods stipulated for retention or documentation are generally two to ten years.
  • Evidence is maintained in accordance with statutory limitation periods. According to sections 195 et seq. of the German Civil Code (BGB), these statutory limitation periods can last up to 30 years, whereby the regular statutory limitation period is three years.

VII. What data protection rights do you have?

As a data subject, you have

  • a right to access, according to Art. 15 of the GDPR,

  • a right to rectification, according to Art. 16 of the GDPR,
  • a right to deletion, according to Art. 17 of the GDPR,
  • a right to restriction of processing, according to Art. 18 of the GDPR,
  • a right to object to processing, according to Art. 21 of the GDPR,
  • and a right to data portability, according to Art. 20 of the GDPR.

Restrictions according to sections 34 and 35 of the BDSG-new apply to the right to access and the right to deletion.

The rights of data subjects can be asserted informally via the aforementioned contact information.

Furthermore, you have a right to file a complaint with the responsible data protection supervisory authority (Art. 77 GDPR in conjunction with section 19 BDSG-new).

You may withdraw consent granted for the processing of personal data from us at any time. This also applies to the withdrawal of consent declarations granted us before the GDPR took effect on May 25, 2018. Please keep in mind that a withdrawal is only effective for the future. Processing that occurred prior to the withdrawal is not affected.

VIII. More information

We make provisions for the transmission of your personal data to a recipient in a third country (outside the EU) or to an international organization. Data are transmitted to addresses in countries outside the European Union (so-called third countries) provided that

  • it is necessary in executing your orders
  • it is legally stipulated (e.g., legal tax-related reporting obligations) or
  • you have provided your consent.

There is no automated decision-making process (including profiling).

There is neither a contractual nor a legal provision for the data to be made available, nor is there an obligation to do so.

IX. Data transfer outside the EU

The GDPR ensures an equally high level of data protection within the European Union. When selecting our service providers, we therefore rely on European partners wherever possible when your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union in the context of using third-party services. We will only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. This means that the processing of your data may then only take place on the basis of special guarantees, such as the officially recognized determination by the EU Commission of a level of data protection corresponding to the EU or the observance of officially recognized special contractual obligations, the so-called "standard data protection clauses".