Privacy Policy

biocrates life sciences ag

We are very delighted that you have shown interest in our enterprise.
We would like to point out that this website offer is exclusively addressed to commercial customers. If we request data in the context of forms or if you would like to contact us via the website, we would like to note that we only ask for corporate organizational information (e.g. business e-mail address, business phone number).

Data protection is of a particularly high priority for the management of the biocrates life sciences ag. The use of the Internet pages of the biocrates life sciences ag is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the biocrates life sciences ag.

1. Name and Address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
biocrates life sciences ag
Eduard-Bodem-Gasse 8
6020 Innsbruck, Austria
Phone: +43 (512) 579823

2. Data Protection Contact
If you have any questions or concerns about our privacy policy or the processing of your personal data, you can contact us at

3. Collection of general data and information (log-data)
The website of biocrates life sciences ag collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, biocrates life sciences ag does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, the biocrates life sciences ag analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

4. Contact possibility via the website
The website of the biocrates life sciences ag contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject according to Art. 6 (1) (b) or (f) GDPR. There is no transfer of this personal data to third parties.
You also have the opportunity to participate in (free) webinars from us. As part of the registration process, we collect personal data that is required to enable you to participate (Art. 6 (1) (b) GDPR). All mandatory data is marked with an *. The following data is regularly collected for registration: First name, last name, business e-mail address, country, company name.

4.1 Microsoft Teams
We use Microsoft Teams, a product from Microsoft Corporation, 1 Microsoft Way, Redmond, WA 98052, USA for business development, professional communication and when conducting webinars. The legal basis is our legitimate interest (Art. 6 (1) (f) GDPR) and the contractual obligation (Art. 6 (1) (b) GDPR). If you do not wish to communicate with us via Microsoft Teams, please let us know. The use of offers such as webinars, etc. may not be possible in this case.

4.2 ZOOM
We use Zoom to conduct webinars, telephone and video conferences (hereinafter: “Online Meetings”). Zoom is a service of Zoom Video Communications, Inc. which is based in the USA. The legal basis is our legitimate interest (Art. 6 (1) (f) GDPR) and the contractual obligation (Art. 6 (1) (b) GDPR). If you do not wish to communicate with us via Zoom, please let us know. The use of offers such as webinars, etc. may not be possible in this case.

4.3 Data processing during online meetings
Various types of data are processed when you use Zoom or Microsoft Teams. The scope of the data also depends on the data you provide before or during participation in an “online meeting”.
User details: first name, last name, telephone business (optional), business e-mail address, password (if “single sign-on” is not used), profile picture optional), department (optional)
Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information.
For recordings (only after consent has been given): MP4 file of all video, audio and presentation recordings, file of all audio recordings, text file of the online meeting chat.
When dialing in by telephone: information on incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the applications.
In order to participate in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.

Personal data processed in connection with participation in “online meetings” will not be disclosed to third parties as a matter of principle, unless they are specifically intended for disclosure. Please note that the content of online meetings, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The provider necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing contract, including standard contractual clauses with Zoom and Microsoft. As a complementary safeguard, we have configured Zoom to use only data centres in the EU, the EEA or secure third countries such as Canada or Japan to conduct online meetings and Microsoft to use only data centres in the EU and the EEA.

5. Webshop
In our webshop you have the possibility to buy our products. This requires registration in our webshop. In the course of registration, data will be collected from you: Name and first name of a contact person in the company and business e-mail address. You also have to enter a password. After confirming the link in the confirmation e-mail, you can log in. We will process the personal data you provide (salutation, title, business contact name and surname, company, company address, business contact details, transaction data) to process orders on the basis of Art. 6 (1) (b) GDPR. We will send the necessary information to the companies commissioned to deliver or execute the order, and to banks, insurance companies and service providers commissioned to execute the transaction, adjust claims, run credit checks and check sanctions lists. This also applies to the execution of any pre-contractual measures and post-contractual services and complaints.

6. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee. The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

7. Routine erasure and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

8. Subscription to our newsletters
On the website of biocrates life sciences ag, users are given the opportunity to subscribe to our enterprise’s newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller.
The biocrates life sciences ag informs its customers and business partners regularly by means of a newsletter about enterprise offers. The enterprise’s newsletter may only be received by the data subject if (1) the data subject has a valid business e-mail address and (2) the data subject registers for the newsletter shipping (Art. 6 (1) (a) GDPR). A confirmation e-mail will be sent to the business e-mail address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the business e-mail address as the data subject is authorized to receive the newsletter.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the business e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller in a different way.

8.1 Newsletter Provider
We use the provider Zoho to send our newsletter or campaigns. Zoho is an US company. Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, The Netherlands is responsible for the European region. Zoho receives the personal data that you provide to us as part of the newsletter registration in order to send the newsletter on our behalf or to contact you as part of a campaign. In order to adequately protect your data, we have concluded a data processing agreement with Zoho, including standard contractual clauses. Zoho is a certified service provider. You can find all information about the certifications and data protection at: (certifications); (Data Protection).

8.2 Newsletter-Tracking
The newsletter of the biocrates life sciences ag contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the biocrates life sciences ag may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by the controller in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by the controller. biocrates life sciences ag automatically regards a withdrawal from the receipt of the newsletter as a revocation.

9. Third-Parties

9.1 Matomo
We use Matomo, a analytics software for websites. Service provider is InnoCraft Ltd., 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. We host the software on our own servers, so there is no data transfer to Matomo or other third-parties. Matomo does not set any cookies on your device. We have activated IP anonymisation. We use Matomo on the basis of our legitimate interest (Art. 6 (1) (f) GDPR) to improve our website offering.
Further information on data protection at Matomo can be found under the following link:

9.2 Google Fonts
We use Google Fonts on our websites (Art. 6 (1) (f) GDPR). Google Fonts is a directory of over 800 fonts that Google Inc. makes available to its users free of charge. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. You do not have to register to use Google fonts and no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains and According to Google, the requests for CSS and fonts are completely separate from all other Google services. Even if you have a Google account, your Google account information is not transmitted to Google. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely.
Google Fonts allows us to use fonts on our websites without having to upload them to our own server. Google Fonts is an important component in keeping the quality of our web pages high and speeding up the loading time. All Google Fonts are automatically optimised for the web. This saves data volume and is a great advantage especially for use with mobile devices. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers and works reliably on most modern mobile operating systems.
When you visit our websites, the fonts are reloaded via a Google server. This transmits data to the Google servers. In this way, Google also recognises that you or your IP address are visiting our website. The Google Fonts API (“Application Programming Interface”) was developed to reduce the use, storage and collection of end user data to what is necessary for the proper provision of fonts. Each Google Font request also automatically transfers information such as language settings, IP address, browser version, browser screen resolution and browser name to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google. Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. The font files are stored by Google for one year. Through the collected usage figures, Google can determine how well the individual fonts are received. Google thus pursues the goal of fundamentally improving the loading time of websites.
The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when the page is called up. To delete this data prematurely, you must contact Google support at;=331599984595. In this case, you can only prevent data storage if you do not visit our site.
You can find out more about Google Fonts and other questions at:

9.3 YouTube
Our websites use YouTube, which belong to Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible for data processing in Europe.
When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an interesting presentation of our online content. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. You can find further information on the handling of user data in YouTube’s privacy policy at:

9.4 Podigee
We use the podcast hosting service Podigee from the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are loaded by Podigee or transmitted via Podigee.
The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimisation of our podcast offer pursuant to Art. 6 (1) (f) GDPR. Podigee processes IP addresses and device information to enable podcast downloads/playbacks and to determine statistical data, such as call-up figures. This data is anonymised or pseudonymised before being stored in Podigee’s database, unless it is necessary for the provision of the podcasts. In order to adequately protect your data, we have concluded a data processing agreement with Podigee in accordance with Art. 28 GDPR. Further information and objection options can be found in Podigee’s privacy policy:

10. Cookies
The websites of biocrates life sciences ag use cookies to offer a smooth surfing experience and optimise the use of the biocrates life sciences ag webpages. Cookies are small text files that are saved on a user’s device and contain specific user and usage information. Our webpages can only be used if the data subject consent to the cookies that are absolutely essential for the operation of the websites. In addition, the data subject may consent to the use of other cookies (categories Statistics and External Media). The data subject will be asked to give consent before using our websites for the first time; the given consent will serve as the legal basis for the processing of the data subjects personal data that is automatically collected on our websites (e.g. IP address, user information) on the basis of Art. 6 (1) (a) GDPR.
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
Cookie Optin – Plugin
We use the plugin Borlabs Cookie of the provider Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. Further information on data protection at the Borlabs GmbH can be found under the following link:
The plugin (consent management) blocks all external resources (third party functions) until the user agrees to the tracking and use of cookies. The legal basis for this data processing is Art. 6(1) (a) GDPR.
Here you can check or change your current settings and find further information about the cookies we use:
Your cookie settings

11. Data protection for applications and the application procedures
The data controller shall collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to the controller. If the data controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements (Art. 6 (1) (b) GDPR). If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically erased six months after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure. Other legitimate interest in this relation is, e.g. a burden of proof in a procedure under the General Equal Treatment Act (AGG). If consent has been given, longer data storage is also possible. Our website contains a link to apply for our position directly through a web form. For this purpose, we link to the SmartRecruiters platform. Please note that the data protection responsibility in this case lies with SmartRecruiters. All information on data protection at SmartRecruiters can be found at:

12. Rights of the data subject
According to the GDPR, you have various rights with regard to your data:

• Access: you may request confirmation as to whether data relating to you is being processed and, if so, you may request access to that data and further information about the data processing and a copy of the data, Article 15 GDPR.
• Rectification: you have the right to request rectification of inaccurate personal data and completion of incomplete personal data without undue delay, Article 16 GDPR.
• Data erasure / restriction of processing: You may request that data concerned be erased without undue delay (Article 17 GDPR) or that processing be restricted (Article 18 GDPR).
• Data portability: You have the right, under the conditions of Article 20 of the GDPR, to receive the data you have provided and to transfer this data to another controller without hindrance from us.
• Complaint: You may file a complaint with the competent supervisory authority pursuant to Article 77 GDPR.
• Revocation and objection: You may revoke consents granted in accordance with Article 7(3) GDPR with effect for the future. In addition, you may object to future processing of data relating to you at any time in accordance with Article 21 of the GDPR.