Privacy Policy


XGLab S.r.l. (hereinafter
“XGLab”) respects your right to privacy. The Privacy Policy explains
who we are, how we collect, share and use your personal data and how you can
exercise your privacy rights. If you have any questions or concerns about our
use of your personal data, please contact us using the contact information
provided at the end of this Privacy Policy. For more information about
XGLab, please refer to the “About us” section of our website.

Pleasecarefullysuggest this Privacy Policy to ensure that we have not
overlooked information that is potentially relevant to you.

Purpose of this Privacy

Policy This Privacy Policy is relevant to:


i. Any user, or visitor, of the XGLab website, its platforms, applications and
its online services or products under our control.

ii. Individuals who share their business contact details or other personal
information with XGLab as part of a potential or existing business
relationship, during webinars, trainings or events, including trade shows or
conferences, or for other business purposes, including customer services and
product and laboratory related services,  as well as current and potential
customers and their representatives; and

iii. Any citizen who interacts with XGLab and individuals with whom we do
business, which includes, but is not limited to, regulatory staff, suppliers
and visitors to our sites and offices. This Privacy Policy does not apply to
candidates, employees, contractors or other entities operating
on the XGLab website. If you are part of the XGLab staff, please refer to the Privacy Policy for personnel available on
the XGLab
Intranet.  Applicants
may refer to the privacy policy we share directly.

In certain cases the collection and use of personal information may be
described within a separate privacy policy.

Who is responsible for the
collection and use of your personal data?

The data controller is XGLab S.r.l., with registered
office in Via Conte Rosso, 23 – 20134 – Milan (MI),, which can be contacted through
the channels described in the paragraph “How to contact us” (at
the end of this document).. XGLab S.r.l.

 it is therefore
responsible for
the collection and use of your personal
data (the so-called “Data Controller”) and determines
which data to collect, how to
use it, how long to keep it and with whom to share it.

What personal information does XGLab collect  and why?

Your personal information collected by us falls predominantly into the
following categories:

 a. Information you voluntarily provide

  • We may
    collect personal data directly from you when you interact with XGLab and
    usere such data for the purposes described below or as a notice to you at
    the time of collection.
  • When you
    register an accounton the
    XGLab platform  or when you submit a
    contact or feedback form from our website, you may be asked to submit
    certain information, such as contact details (name, surname, e-mail
    address, telephone number, etc.), your role within your company and your
    company’s interaction with XGLab , geographical information (e.g. business
    address/country) and how you would justify your interest in XGLab.
  • When you
    attend or have been invited as a speaker at seminars, workshops, trade
    fairs or conferences, we may ask you for your contact details (name,
    surname, e-mail address, telephone number, etc.), your role within your
    company and your company’s interaction with XGLab, geographical
    information (e.g. company address/country),  and national registration
    number, if you are a healthcare professional, in certain countries where
    applicable.
  • When you
    complete a survey of your experience with our products or services, to
    help us improve our products and services, we may ask you to indicate your
    role within your company and your company’s interaction with XGLab, as
    well as geographic information (e.g. business address/country).
  • When you
    visit our site or offices, we may record your first name, last name,
    e-mail address, telephone number etc., as well as your role within your
    company and your company’s interaction with XGLab, as well as geographical
    information (e.g. business address/country) in order to register you as
    visitors within our system, filter our visitors in relation to the list of
    sanctioned parties and provide you with  appropriate login credentials. We
    may also collect CCTV images for access control and security purposes on
    the Site, in accordance with applicable laws and regulations. In the event
    of an outbreak or pandemic, and in accordance with applicable local laws
    and regulations, we may collect information about your body temperature
    (e.g., but not limited to, using a thermoscanner), or if you have traveled
    to high-risk countries or areas.
  • If you
    are a consultant to an XGLab

    company
    , work for a company
    bound by a contractual relationship with XGLab, or provide other services
    to us, we may ask you to forward us certain information, such as contact
    details (name, surname, e-mail address, telephone number, etc.), your role
    within your company and your company’s interaction with XGLab , as well as
    geographical information (e.g. business address/country).
  • If you
    fill out any kind of form at a trade fair or marketing event organized by XGLab
    or in which XGLab is represented, we may collect personal data (name,
    surname, e-mail address, telephone number, etc.), your role within the
    company, your company’s interaction with XGLab, as well as geographical
    information (e.g. company address/country),  and how you would justify
    your interest in XGLab.

b. Information We Collect
Automatically

  • In
    certain cases we may automatically collect personal information about you
    and the device you use when you interact with us.
  • When you
    use and browse our online services, visit our website, subscribe to social
    news feeds, watch a webinar, we automatically collect certain information
    from your device. This personal data may include: your IP address, device
    type, unique device identification numbers, browser type, the URL of the
    website from which you came, extended geographical location (e.g. at the
    country or city level), date and time of access, amount of time spent
    using the services and websites,  data transferred, pages visited and
    other technical information. We may also collect information about how
    your device/hardware has interacted with our website or platform
    (including clicked links), what activities users have performed within an
    application (e.g. access history). Most of this data is generated and
    collected automatically, as part of the standard operation of our online
    services and will be processed in accordance with applicable laws and
    regulations.
  • When you
    are invited to and participate in a video conference with XGLab, we
    automatically collect certain information about you (e.g. first and last
    name, email address, profile picture, if any), meeting metadata (e.g.
    date, time and duration of communication, meeting name, IP address of
    participants), device data (e.g. IP addresses, MAC addresses,  Client
    version), text data and video data (e.g. chat histories, video, audio and
    presentation recordings, to the extent permitted by applicable law and
    with the consent of the participants, if applicable), as well as
    connection data (e.g. telephone numbers, country names, start and end
    times, IP addresses)
  • When you
    receive an email from XGLab, we may collect information about whether the
    email has been opened or not and the content accessed by the email.

Some of this information may be
collected using cookies and similar tracking technologies, as explained below
on our Cookie Policy page.

 c. Information Collected by Third Parties

We may collect information about you
from third parties, usually to supplement the information we need to create or
maintain our relationship with you.

  • We may
    collect personal information when we acquire companies and perform
    post-merger integrations, in order to evaluate the target company and its
    activity, in accordance with the law and regulations in force.
  • We may
    collect additional personal information about you when we perform analysis
    for compliance purposes as set out in letter a. (Information you
    voluntarily provide) above, in order to supplement part of the personal
    information you have already provided.
  • We may
    use publicly available resources that contain personal information
    provided by you and/or your company (e.g. chamber of commerce, company
    websites, professional networks, universities, publishing websites, social
    networks and other digital platforms) or by third party providers acting
    on our behalf, in accordance with relevant laws and regulations.

In general, we will only use your
personal information collected by us for the purposes described in this Privacy
Policy or for reasons stated to you at the time of collection of your personal
information. However, we may also use your personal information for other
purposes that are not incompatible with those stated (such as scientific or
historical research grounds or statistical reasons), if and where permitted by
applicable data protection laws. As a general principle, your granting of any
consent and the forwarding of any personal information to
XGLab by you is entirely voluntary; you will not generally suffer prejudicial
effects if you decide not to provide consent or your personal information.
 However, there are situations in which we cannot proceed without
certain personal data, for example because such personal data is required to
process your orders or requests, manage the contractual relationship between
you or the company for which you work and XGLab, or provide you with access to
a specific online content or newsletter. In these cases it will unfortunately
not be possible for us to provide you with what you have requested in the
absence of the relevant personal data.

Why we process your personal
information

Whether you are a customer, users of our online services (including our
websites), suppliers of products and services to us, participants or speakers
at a conference, event or roadshow organized or attended by XGLab, or
collaborators in a scientific research or project with XGLab , we will process
your personal data for the following purposes (if applicable):i. Create an
account on our online services for you or the company/organization for which
you work, maintain and update that account;

ii. Allow you to access or interact with our online resources, including
webinars

iii. Verify your identity, where required by law;iv. Negotiate and enter into
agreements (such as sales and service agreements or research collaborations)
with the company or organization you work for, as well as fulfill your orders
for products and services and fulfill any obligations arising from our
relationship with the company you work for or imposed by law;v. Update orders
and transactions;vi. To be able to contact you about products and services that
may be of interest to you or to provide you with updates and support on
products and services;vii. Provide the company or organization you work for
with our products and services;viii. Comply with any legal obligation
applicable to us;ix. Verify financial transactions and perform compliance
analysis checks. In accordance with applicable local laws, and based on your
consent where required, we may also:

i. Contact you to send you marketing emails or newsletters, advertising
material via regular email or call you on the phone, to understand whether or
not you are interested in our products and services. In these cases you will
have the option to choose never to be  contacted by XGLab;ii. Collect personal
information about you (e.g. your location, specialization and publications)
from publicly available sources such as company websites, universities and
publications, and combine it with personal information we collect about you, in
order to improve the customer profile in support of our sales and marketing
activities.

Third

parties We may disclose your personal information to the following categories
of recipients:

  • to our
    website or application hosting partners and other third parties who assist
    us in the operation of our platforms, in conducting our business or in
    providing the services to you, to the extent that these third parties
    consent to process personal data in accordance with applicable data
    protection law;
  • to our group
    companies, third-party service providers and partners, including
    distributors and other commercial intermediaries, who provide data
    processing services on our behalf or who otherwise process personal
    information for the purposes described in this Privacy Policy or notified
    to you when we process your personal information.
  • An
    overview of Bruker’s sales and service offices can be found here:
    https://www.bruker.com/about-us/offices.html. A list of the current
    companies in the group is made available on request. Third-party service
    providers and partners, including providers of Customer Relationship
    Management (“CRM”) or Marketing Automation Solutions, and a list
    of third-party service providers and partners relevant to personal
    information are made available upon request;
  • to any
    law enforcement body, regulatory body, government agency, court or other
    third party where we believe disclosure is necessary (i) by virtue of
    applicable law or regulation, (ii) to exercise, enforce or defend our
    legal rights, or (iii) to protect your vital interests or those of others;
  • to an
    actual or potential buyer (and its agents and advisors) in connection with
    any current or proposed purchase, merger or acquisition of any part of our
    business, assuming that we will inform the buyer that he must use your
    personal information only for the purposes set out in this Privacy Policy;
  • to any
    other person, subject to your consent to disclosure.

Cookies and similar tracking
technologies

We use cookies and similar tracking
technologies (generally “Cookies”) to collect and use your personal
information, including to understand and save your preferences in case of
future visits and provide you with advertising messages based on your interests.
For more information on the types of Cookies we use, why and how you can manage
Cookies, please see the Cookie Policy.

How does XGLab keep  my personal information safe?

We use appropriate technical and
organizational measures to protect your personal information collected and
processed by us. The measures we take are designed to provide a level of
security appropriate to the risk of processing your personal information. Some
specific measures we use include regular malware scanning. Your personal information
is protected within secure networks and accessible only to a limited number of
persons who have special access rights to such systems and who are required to
keep the information absolutely confidential. We require the same level of
diligence from any third party involved in processing your personal information
in accordance with applicable law.

International data transfer

Because XGLab is active within a global
network of partners, your personal information may be transferred to and
processed in countries other than the one in which you reside, including the US
and EU. Transfers of data outside your country of origin are carried out in
accordance with applicable data protection laws, based on your consent, if
required, or by implementing appropriate protection measures including a
resolution of the competent data protection authority, which declares that the
level of data protection in the destination country is adequate,  EU standard
contractual clauses or similar contracts, where legally permitted. If you would
like to learn more about how
XGLab ensures compliance in the transfer of your personal information
internationally, please contact us using the contact information below.

Data retention

We retain your personal information if
there is a legitimate activity to be carried out (for example, to provide you
with a service requested by you or to comply with applicable legal, tax and
accounting requirements). When a legitimate activity is no longer in progress
that requires the processing of your personal information, we will either
delete or anonymize such information; if this is not possible (for example in
the event that your personal information has been stored in backup archives),
we will then keep your personal information securely and detach it from any
further processing until it is possible to delete it.

Your data protection rights

Please note that in manycircumstances
and we cannot carry out activities together with you without the processing of
some of your personal information (e.g. your contact information). You can use
our online services without giving your consent to cookies (unless strictly
necessary); the consequence that some features will be less customized to your
needs. You have the right to opt out of receiving commercial communications at
any time. Please use the unsubscribe feature in connection with such
communications.

You can submit a request to XGLab regarding your personal information by
contacting us at po-xglab@oneseal.eu. More information about the specific
rights for individual entities located in the EU/EEA or california residents is
described below.

We will endeavor to respond quickly to your requests, in accordance with
applicable laws. When you contact us, we may ask you to provide us with
information to authenticate your identity, in order to support you in your
request. If you are unable to provide this information, we may not be able to
process your request. When we receive your personal data from our customers and
process your personal information on their behalf to fulfil our contractual
obligations, we do so as Data Processors. We have no control over our
customers’ privacy and security practices and processes. If your personal
information has been forwarded to us by an
XGLab customer  and you wish to exercise any of the
rights mentioned above, please contact the customer in question directly, or
provide us with the customer’s name so that we can adequately report your
request to them.

EU/EEA and Swiss Privacy Policy

If you reside in the EU/EEA or Switzerland, the following supplemental privacy
policy applies. Legal basis for the processing of your personal dataIn
accordance with applicable laws, we rely in many cases on the following legal
bases for the processing of your personal data, in a manner appropriate to the
case:

  • Contractual
    obligations: The processing is necessary for us to enter into a contract
    with you or to proceed with operations at your request before concluding a
    contract
  • Legal
    obligation: The processing is necessary for us to comply with an
    applicable legal obligation
  • Legitimate
    interest: The processing is necessary for us to consider a justified and
    legitimate interest in view of your privacy and other fundamental rights
    and interests
  • Consent:
    Processing is carried out based on your consent

The specific legal bases on which we
rely for each of the purposes for which we process your personal information
are defined below:

Purpose

Legal basis (applicable in individual cases)

Sale of our products and services

Create an account related to our online services for
you or the organization you work for.

Allow you to use the online platform to access the
resources we can offer from time to time.

Enter into and conclude a contract with you or the
organisation for which you work.

Send you information (by email or through other
channels) regarding changes to our products and services, as well as send you
notifications and other communications required by law.

Fulfill your orders or those of your organization
for products and services.

To perform our contractual obligations to you or to
the organisation for which you work in relation to any applicable contract.

Maintain and update your account, orders and
transactions.

Fulfill our contractual obligations to you or to the
company/organization for which you work.

Contractual obligations on the basis of the
applicable contract.

Legitimate interests in providing services.

Consent.

Authentication

Authenticate your identity, where necessary or
required by law.

Legal obligation.

Legitimate interest.

Contractual obligations.

Satisfaction of your requests

Provide the requested services, information and
support about the product.

Respond appropriately to your questions.

Request for feedback

If your request or question relates to a service you
have ordered, for which you have registered or entered into a contract, the
Contractual Obligations based on our Terms of Service or other applicable
contract apply.

If we are legally obliged to respond to your request
or question, this is a Legal Obligation.

In all other cases, Legitimate Interest applies as
part of our commitment to providing you with excellent customer service.

Consent.

Conformity

Comply with any legal obligation applicable to us.

Verify financial transactions and perform compliance
analysis checks, including those related to the list of sanctioned parties.

Legal obligations as per applicable laws.

Legitimate interests for the protection of customers
and Bruker.

Marketing and communication

Personalize your experience on online services.

Contact you to determine whether or not you wish to
start a business relationship with us or send you commercial emails.

To collect personal information about you (e.g. your
location, specialization and publications) from publicly available resources
such as company websites, universities and publications, and combine it with
personal information we collect about you, in order to improve your profiling
by us in support of our sales and marketing activities.

Invite you to participate in questionnaires and
surveys to understand if you are satisfied with the products and services
offered to you or the organization for which you work, as well as improve our
products and services.

Legitimate interest.

Consent as required by law.

Establish and maintain communication with you

Invite you to join video conferencing using online
tools, such as Webex or Microsoft Teams

Consent.

Legitimate interest to ensure consistency and high
performance when using online tools in Bunker.

Contractual obligations.

Customer service

To deal with the recordings of your calls with the
representatives of our customer support services, in order to guarantee you a
high quality service, assist you in the training and growth of XGLab
representatives and generally improve the service to you as a customer.

 

Legal obligation.

Consent.

Legitimate interest to improve our customer
service and comply with any applicable legal and regulatory obligations.

Health and safety

Process CCTV CCTV CCTV recordings to ensure the
safety of our buildings, as permitted by applicable local laws

In the event of an outbreak or pandemic, collect
information about your presence in high-risk areas or monitor your
temperature before entering buildings, in accordance with applicable local
laws.

Legal obligation.

Consent.

Legitimate interest to maintain the health and
safety of our employees in the workplace

 

 

Your rights as a data subject

  • If you
    wish to access, correct or request the deletion of your personal
    information, you can do so at any time by completing the Request Form
    as a data subject.
  • You can
    also object to the processing of your personal information, request
    that we
    process your personal information to a limited
    extent
     or  request the portability of your personal information. Also in
    this case you can exercise these rights by contacting us through the
    contact details provided in the section below “How to contact
    us”.
  • You have
    the right to opt out of receiving commercial communications from
    XGLab at any time. You can exercise this right by clicking on the
    “unsubscribe” or “opt-out” link in the commercial
    emails we send you. To select other forms of marketing (such as postal
    marketing or telemarketing), please contact us using our contact details
    set out in the “How to Contact Us” section below.
  • Similarly,
    if we have collected and processed your personal information with your
    consent, you can still withdraw your consent at any time. The
    withdrawal of your consent will not affect the legality of any processing
    carried out by us prior to your withdrawal, nor will it affect the
    processing of your personal information conducted on the basis of legal
    grounds for processing other than consent.
  • You have
    the right to lodge a complaint with the Data Protection Supervisor
    in relation to our collection and use of your personal information. For
    more information, please contact your local data protection officer.

We respond to any request received from
individual entities wishing to exercise their data protection rights in
accordance with applicable data protection laws.

CCPA Privacy Policy

If you are a California resident, California state law grants you the following
rights with respect to your personal information:

  • The right
    to know what personal information we have collected, used, disclosed and
    sold. To submit a request for disclosure, you can contact us on +1 (888)
    914-9661 and enter PIN 960300 or submit your request via the Request Form
    as a Data Subject.
  • The right
    to request that we delete any personal information we have collected about
    you. To submit a cancellation request, you can contact us on +1 (888)
    914-9661 and enter PIN 960300 or submit your request via the Request Form
    as a Data Subject.

When you exercise these rights and
submit a request to us, we will verify your identity by requesting your e-mail
address, telephone number, information about your company’s contract or your
direct relationship with XGLab. We may also use a third-party verification
service provider to verify your identity. The exercise of these rights by you
will not have a negative effect on the price and quality of goods and services.
For the period of 12 months prior to the date of this Privacy Policy,

XGLab has not sold personal information, nor does it plan to do so in the
future. Please note: If you are a customer of one of our customers, you should
first contact them in relation to your California privacy rights.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time, to comply with changes in
legal, technical or business development requirements. When updating our
Privacy Policy, we will take appropriate steps to inform you, in relation to
the extent of the changes we have made. You can see when the Privacy Policy was
last updated by checking the “last updated” date indicated at the top
of this Privacy Policy.

How to contact us

If you have any questions or concerns
about our use of your personal data, please contact us using the following
details:

XGLab S.r.l.
Via Conte Rosso, 23 – 20134 – Milan (MI)

The Chief Privacy Officer of XGLab can be reached at the e-mail address privacy@bruker.com