Data Privacy Statement (September 2020)

The European Data Protection Regulation (GDPR) came into force on May 25th, 2018 in all member states to harmonize data privacy laws across Europe.

This Regulation applies to the processing of personal data. Personal data means any information relating to a natural person; these include name, address, telephone number, date of birth and bank details. 

Companies which process personal data are responsible for complying with the requirements of GDPR. They are the “controllers” within the meaning of article 4 (7) of GDPR.

Processing means any operation which is performed on personal data such as collection, recording, organisation, storage, adaptation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller of the following data processing (and contact possibility): 

Greiner Bio-One nv/sa
Leuvensesteenweg 248-D
1800 Vilvoorde
T: +32 2 461 09 10
Email: [email protected]

I. Storage of personal data of customers and suppliers (or their internal contacts)

The protection of personal data is a special concern of Greiner Bio-One (GBO).

According to Art 13 and 14 GDPR (General Data Protection Regulation) we are obliged to inform you about the processing of your personal data:

We process for the purpose of performance of a contract and our legitimate interest of customer retention the following personal data:

name, address, telephone number, e-mail address, (additional if necessary:) department and function.

We have received these data either from you, your company or from public sources such as company register, your website, telephone book, etc. 

All employees of our company who take care of our customers and/or suppliers have access to these data; in addition, these data can be viewed by the IT departments of Greiner Bio-One International GmbH (A-4550 Kremsmünster) and Greiner Holding AG (A-4550 Kremsmünster). Our SAP system and our electronic communication systems are supported by our external support- and maintenance partners.

If necessary for performing the contract with your company, the data can also be viewed by authorized employees of other GBO entities – see link to overview of GBO locations

Furthermore, your name and your address (and if necessary the telephone number) will be provided to the transport company commissioned by GBO for delivery of the ordered goods. 

We store the personal data necessary for the fulfilment of the contract for the duration of the entire business relationship as well as in accordance with the legal obligations for storage, documentation and reporting.

II. Contacting Greiner Bio-One (GBO)

If you contact us by form on the website or by e-mail, the data you provide (and, in the context of cookies, the IP data) will be stored for up to six months for the purpose of processing your enquiry and in the event of follow-up questions.

Your data will be processed by the responsible Greiner Bio-One company (which can be one (or if necessary several): see link to overview of GBO locations.

Your data will only be forwarded within the Greiner Bio-One division if this is necessary to process your request. We will not pass on your data to companies outside the Greiner Bio-One division without your express consent.The lawfulness of this processing of your data is based on the need to respond to your request and on our legitimate interests.

III. Webshop 

We would like to point out that for the purpose of fulfilment of our contractual obligations, Greiner Bio-One (GBO) and the web shop operator (Imos GmbH, Germany) will use the IP data based on the use of cookies as well as the following user data (name and (company) address, telephone number and email address). 

These data provided by you are necessary for the performance of the contract. You have the right to revoke your consent at any time. Until such a revocation, your user data will remain stored with us and is processed in compliance with GDPR principles.

Furthermore, your name and the address (and in exceptional cases your telephone number if required) are transmitted to the transport company commissioned by GBO for the delivery of the ordered goods.

We store the personal data necessary for the fulfilment of the contract for the duration of the entire business relationship as well as in accordance with the legal obligations for storage and documentation, report.

IV. Newsletter

You have the possibility to subscribe to a newsletter via our website. In this case, we need your e-mail address and your confirmation that you agree to receive the newsletter via Email.

In order to provide you with targeted information, we also collect and process the information you provide on your preferred product groups.

As soon as you have registered for the newsletter, you will receive an e-mail to confirm your registration.

You can cancel your subscription to the newsletter at any time. Please send the revocation to the following e-mail address: [email protected]. We will immediately delete your respective data.

V. Cookies

Our website is using “cookies”. These are small text files that are stored on your device using the browser. They're not doing any damage. 

We use cookies to make our website user-friendly. Some cookies remain stored on your device until you delete them. They enable us to recognize your browser the next time you visit us.

If you do not want that we use these cookies, you can set your browser so that it informs you about the use of cookies and you can confirm on a case-by-case basis. 

When cookies are deactivated, the functionality of our website may be limited.

VI. Social Networks

We take the current discussion about data protection in social networks very seriously, as we ourselves operate appearances in social networks in order to inform the active users there about our range of services. The specific social media we use for this purpose are represented on our website by logos. In this regard, we would like to point out that, on the basis of current case law, we have a joint controllership within the meaning of Art 26 GDPR with the respective operator of the social network. We have taken the necessary precautions for this as far as the provider has made this possible for us. The primary responsibility according to GDPR for the processing of personal data in the respective social network lies with the respective provider of the social network. In the case of the assertion of rights of persons affected, we state that these are best asserted with the social networks themselves. We as operators do not make any decisions regarding the processing of data in the social network. Only the respective provider has access to the data of the users and can therefore only take direct measures. 

User data can be processed in social networks for advertising and market research purposes. Among other things, users can create their own user profiles based on their various interests. The user profiles can then be used, for example, to place targeted advertisements within and outside the social media. For these purposes, cookies are also used by the social medium in which the user behaviour and interests of the users are stored. Furthermore, these user profiles may also contain data on the users as members of the respective social media, provided that they are logged in to these.

For a detailed description of the respective processing operations and the possibilities for objection or revocation, please refer to the data protection declaration of the respective social network.

A selection of the most important providers of social media including additional information can be found here:


Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland


Additional information:

Joint Controllership:


Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland


Additional information:


Provider: LinkedIn Ireland, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland


Additional information:


Provider: Pinterest Inc., 635 High Street, Palo Alto, 94301 California, USA


Additional information:


Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, 94301 California, USA


Additional information:


Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland


Additional information:


Provider: whatchado GmbH, Möllwaldplatz 4/39, 1040 Wien, Österreich


Additional information:,


Provider: kununu GmbH, einer Tochter der XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland


Additional information:

VIII. GBO compass

We use your personal data for the administration of E-learning courses.

We process your personal data on the basis of our legitimate interest in optimally informing our customers and interested parties about our products and services.

The following personal data are processed: Gender, titel, first- and surname, function and department, company, (company-) Email address, (company-) telephone number, (company-) address, language, time zone, (optional: supervisor)

Your personal data will only be used by employees of the marketing department of GBO as well as by employees of the IT department of Greiner Bio-One International GmbH and Greiner Holding AG (Kremsmuenster, Austria). 

In addition, our software provider IMC information multimedia communication AG (Germany) has access to your data.

Your personal data will be stored for as long as you are registered in our GBO compass system.

IX. Rights of the data subject

We would like to inform you that you have the right to:

  • request information about which of your personal data we process (Art 15 GDPR); 
  • correct your personal data (Art 16 GDPR);
  • delete your personal data, as long as our legitimate interests do not outweigh (Art 17 GDPR);
  • restrict the processing of your personal data (Art 18 GDPR);
  • object to the data processing (Art 21 GDPR);
  • receive your personal data in a structured, commonly used and machine-readable format (Art 20 GDPR).

If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can complain to the supervisory authority (right of appeal to a supervisory authority - Art 77 GDPR). 

Commission de la protection de la vie privée
Rue de la Presse 35
1000 Bruxelles
+32 2 274 48 00
[email protected]

Commission Nationale pour la Protection des Données
1, avenue du Rock’n’Roll
L-4361 Esch-sur-Alzette
Tel. +352 2610 60 1
[email protected]

All other data protection authorities of the EU member states are listed under the following link

We would like to point out that in the event that personal data is not provided or in the event of your revocation, the fulfilment of (contractual) obligations by GBO will be made more difficult or even impossible.

You can reach us as follows: 

Greiner Bio-One nv/sa
Leuvensesteenweg 248-D
1800 Vilvoorde
T: +32 2 461 09 10
Email: [email protected]