Privacy / GDPR

This privacy notice explains how personal data is processed on gednap.org.

English Deutsch

Controller

IFMG-Privatinstitut für forensische Molekulargenetik GmbH

Taubenstr. 51, 48282 Emsdetten, Germany

Email: info@ifmg-ms.de

Phone: +49 2572 967 33 17

Processed Data

When using this website, we process only data required for secure operation and account-related workflows.

Depending on your actions, this may include account credentials, contact details, billing/shipping data, and support communication.

Cookies

This website uses only technically necessary cookies.

At present, no third-party, analytics, tracking, or marketing cookies are used.

A required session cookie (Flask session) is used for login state, access control, and security-related request handling.

System Emails

The platform sends transactional emails required for operation, e.g. verification, password reset, account workflow notifications, support messages, and invoice/order communication.

These emails are not sent for advertising purposes unless a separate legal basis exists.

Delivery involves the configured SMTP infrastructure as a technical service provider.

Purpose and Legal Basis (GDPR)

Data processing for platform operation and account management is based on Art. 6(1)(b) GDPR (contract / pre-contractual steps).

Security and abuse prevention can be based on Art. 6(1)(f) GDPR (legitimate interests).

Where storage is strictly necessary for technical operation, processing is based on applicable ePrivacy/TTDSG requirements.

Recipients

Data is processed internally and by technical service providers strictly as needed for hosting, database, and email delivery.

Infrastructure providers currently used: IONOS (domain services) and STRATO (vServer hosting).

Sample and document shipping is handled by DHL as shipping service provider.

No sale of personal data takes place.

Server Logs and Security

For secure operation, the server can process technical connection data (e.g. IP address, timestamp, requested URL, user agent).

This processing is required to ensure system stability, prevent misuse, and investigate security incidents.

International Data Transfers

If service providers process data outside the EU/EEA, transfers take place only where a valid legal safeguard is in place (e.g. adequacy decision or standard contractual clauses).

Retention

Personal data is retained only as long as required for operational, contractual, or legal obligations.

If legal retention periods apply, deletion occurs after those periods expire.

Provision of Data / Automated Decisions

Providing certain data is necessary to use account-protected features and to perform contractual processes.

No automated decision-making within the meaning of Art. 22 GDPR is currently carried out.

Your Rights

You may request access, rectification, erasure, restriction of processing, and data portability where legally applicable.

You may object to processing based on legitimate interests.

You also have the right to lodge a complaint with a supervisory authority.

Last Updated

April 28, 2026