Privacy Policy

1. Name and Contact Details of the Controller

RARElab Science & Conservation gUG (haftungsbeschränkt) i.Gr.
Handelsregister: noch nicht eingetragen, da Gesellschaft in Gründung, Amtsgericht Fürstenfeldbruck
Geschäftsführer: Dr. Andrew J. Fairbairn & Dr. Annika Neuhaus
Wangener Str. 2
82319 Starnberg
Deutschland

Phone: 0176 0562 0194
E-mail: admin@rarelab.org
Website: www.rarelab.org

2. General Information on Data Processing

We take the protection of your personal data very seriously. Personal data is collected on this website only to the extent necessary. Processing is carried out in accordance with the statutory data protection regulations, in particular the General Data Protection Regulation (GDPR).

3. Collection and Storage of Personal Data as well as Type and Purpose of Their Use

a) When Visiting the Website

When you visit this website, personal data is processed.
Categories of data processed:

Technical connection data of server access (IP address, date, time, requested page, browser information).

Purpose of processing:

Monitoring the technical function and increasing the operational security of our web server,
Delivery and provision of the website,
Anonymization and creation of statistics.

Legal basis:

A legitimate interest that outweighs the rights and freedoms of the data subjects (Art. 6 (1) f GDPR).
Legitimate interest: Strong economic interest in the secure and functional operation of technical systems.

Recipient / Processor:

Data is transferred to the processor Bluehost, Inc., 10 Corporate Drive, Burlington, MA 01803, USA.
This may also involve the transfer of personal data to a country outside the European Union.
The transfer of data is based on standard contractual clauses adopted by the Commission in accordance with the examination procedure under Article 93(2) GDPR.

Storage duration: Server log data is retained by our hosting provider in line with their standard log rotation, typically up to 14 days, after which logs are automatically deleted.

b) Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions.

Legal basis:

Art. 6 (1) f GDPR (legitimate interest in processing the inquiry)
or, if consent has been obtained, Art. 6 (1) a GDPR.

Storage duration: Contact form submissions are retained for 12 months from the date of the inquiry, then deleted, unless a longer retention is required by law or unless the inquiry has resulted in an ongoing relationship.

c) Newsletter

When you register for our newsletter, we process personal data.
Categories of data processed:

Data for the creation of usage statistics,
Data on the use of the website as well as the logging of clicks on individual elements,
Contact data such as name or e-mail address.

Purpose of processing:

Analysis of usage behavior,
Electronic delivery of direct advertising,
Optimization of content.

Legal basis:

The legal basis for processing is your consent in accordance with Art. 6 (1) a GDPR.

Recipient / Processor:

Data is transferred to the processor Wysija SARL, 6 rue Dieudé, 13006 Marseille, France.

Storage duration: Subscriber data is retained for as long as the subscription is active. After unsubscribing, the email address is added to a suppression list to prevent accidental re-sending and is retained for 36 months, then deleted.

Open and click tracking: Our newsletter emails contain a tracking pixel and tracked links so we can see overall open rates and which links are clicked. This information is used to evaluate the effectiveness of our newsletters. The legal basis is your consent (Art. 6 (1) a GDPR), which you can withdraw at any time by unsubscribing.

d) Web Analytics

We use Independent Analytics, a self-hosted analytics tool that runs on our own server. It records page visits to help us understand how the website is used. No third-party analytics provider is involved, no cookies are set, the visitor IP address is not stored, and no data is transferred to third countries.

Categories of data processed:

A non-reversible hashed identifier derived from the visitor’s IP address, User-Agent and a server-side salt (the IP address itself is not stored).
Pages visited and timestamps.
Anonymised referrer information.
Country derived from the visitor’s IP address.
Browser and device class (general categories only).

Purpose of processing:

Understanding how the website is used.
Improving content and structure.

Legal basis:

Art. 6 (1) f GDPR (legitimate interest in understanding website usage to improve our content).

Recipient / Processor:

None. Data is stored exclusively on our own web server.

Storage duration: Aggregated visit data is retained for 24 months and then deleted.

4. Cookies

Our website uses only technically necessary cookies that are required for the operation and security of the website. According to the GDPR, these cookies do not require consent. You can prevent the setting of cookies in your browser settings; however, this may lead to restrictions in the functionality of the website.

Cookies currently set:

nfd-enable-cf-opt — hosting-side optimisation flag (Bluehost). Required for site operation. Storage: session / up to 24 hours.
trp-form-language — set only when you change language. Remembers your selected language so the site continues to display in that language between page loads. Storage: 1 year.
WordPress session and CSRF cookies (e.g. wordpress_test_cookie) — required for forms, login and language selection. Set only when you interact with the site. Storage: session.

5. Recipients of Data / Disclosure to Third Parties

Your personal data will not be passed on to third parties for purposes other than those mentioned above.

Our website contains links to our profiles on the social networks LinkedIn, Threads, Facebook and Instagram. These are simple text or icon links — no data is transmitted to those providers when you load our pages. Data is transferred only if you actively click one of these links, in which case the privacy policies of the respective providers apply.

6. Data Transfer to Third Countries

A transfer of personal data to a third country only takes place within the scope of the use of hosting or newsletter service providers, if this is necessary for the fulfillment of the contract.
Legal basis:

Standard contractual clauses of the EU Commission pursuant to Art. 46 GDPR.

7. Rights of Data Subjects

You have the right:

pursuant to Art. 15 GDPR to request information about your personal data processed by us
pursuant to Art. 16 GDPR to request the immediate correction of incorrect or completion of your personal data stored by us
pursuant to Art. 17 GDPR to request the erasure of your personal data stored by us
pursuant to Art. 18 GDPR to request the restriction of processing of your personal data
pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer to another controller
pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority

Right to withdraw consent. For processing activities that are based on your consent (Art. 6 (1) a GDPR), you have the right to withdraw your consent at any time, with effect for the future. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal. To withdraw consent, contact us at the address above. For the newsletter, you can also unsubscribe at any time using the unsubscribe link in any newsletter email.

Supervisory authority. The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Website: https://www.lda.bayern.de

8. Updates and Changes to this Privacy Policy

This privacy policy is currently valid and dated 06.05.2026. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this privacy policy.

9. Automated Decision-Making and Profiling

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR. No decisions affecting you are taken solely on the basis of automated processing.