About Us Our Approach Team Career News & Events

Privacy Policy

mbiomics GmbH ("mbiomics", "we", "our", or "us") takes the protection of your personal data seriously. This Privacy Policy explains which personal data we process when you visit www.mbiomics.com (the "Website"), for what purposes, on what legal basis, and what rights you have. Processing is carried out in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

  1. Controller

    The controller responsible for data processing on this Website within the meaning of Art. 4 (7) GDPR is:

    mbiomics GmbH
    Floriansbogen 2-4
    82061 Neuried, Germany
    Email: info@mbiomics.com
    Phone: +49 89 93920891

  2. Data Protection Officer

    We have appointed an external Data Protection Officer:

    ISiCO GmbH
    Contact via: privacy@mbiomics.com
    (Please include the keyword "Attn. Data Protection Officer" in the subject line. Note that emails sent to this address are not received exclusively by the Data Protection Officer. If you wish to exchange confidential information, please contact us first and our Data Protection Officer will then reach out to you directly.)

  3. No Cookies, No Tracking of Terminal Equipment

    This Website does not use cookies, local storage, session storage, or any other techniques that store information on or access information from your terminal equipment in a manner requiring your consent under § 25 TDDDG (German Telecommunications Digital Services Data Protection Act). No consent banner is displayed because no such consent is required.

  4. Visiting the Website (Server Log Data via Cloudflare Pages)

    This Website is hosted on Cloudflare Pages, a service of Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA. Each time you visit the Website, the following data is automatically transmitted to Cloudflare's servers for the technical delivery of the Website:

    • IP address of the requesting device
    • Date and time of the request
    • URL / content of the request
    • HTTP status and amount of data transferred
    • Referrer URL (the previously visited page)
    • Browser type and version, operating system, and language

    Purpose: delivery of the Website, ensuring system security and stability, and protecting against abuse and attacks.

    Legal basis: Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest in the secure and efficient provision of our Website).

    Recipient / processor: Cloudflare, Inc. A data processing agreement pursuant to Art. 28 GDPR is in place. As Cloudflare is a US-based provider, the EU Standard Contractual Clauses (Art. 46 (2) lit. c GDPR) apply to any transfer of personal data to the United States; Cloudflare is additionally certified under the EU-US Data Privacy Framework. Further information is available at https://www.cloudflare.com/privacypolicy/.

    Retention: server log data is stored only for a short period necessary for the above purposes and is then deleted or anonymised.

  5. Website Analytics (Cloudflare Web Analytics)

    We use Cloudflare Web Analytics, a privacy-focused analytics service provided by Cloudflare, Inc. (address above). Cloudflare Web Analytics does not use cookies, does not store any information on your terminal equipment, does not build cross-site or cross-device profiles, and does not use device fingerprinting.

    Each pageview generates a single beacon request that collects aggregated, anonymised metrics such as the URL visited, referrer, screen size, user-agent, and a country derived from the IP address. IP addresses are not stored by Cloudflare in this context.

    Purpose: measuring reach, understanding which content is of interest to visitors, and improving our Website.

    Legal basis: Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest in a needs-based and performant Website). Because no information is stored on or read from your terminal equipment, consent pursuant to § 25 TDDDG is not required.

    Transfer: see Section 4 regarding transfers to the United States, which apply equally to Cloudflare Web Analytics. Further information: https://www.cloudflare.com/web-analytics/ and https://www.cloudflare.com/privacypolicy/.

  6. Fonts

    DM Sans (self-hosted): We serve the "DM Sans" typeface from our own server. No connection to third-party font services is established, and no personal data is transmitted to third parties for this font.

    Adobe Fonts / Typekit ("Halyard Display"): For the display of the "Halyard Display" typeface we use Adobe Fonts, a service of Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland ("Adobe"). When you load a page, your browser establishes a direct connection to Adobe's servers (use.typekit.net) to retrieve the font, during which your IP address, the referrer, and technical information about your browser are transmitted to Adobe. Adobe may process this data within its corporate group, including by its parent company Adobe Inc. in the United States.

    Purpose: uniform and appealing presentation of our Website.

    Legal basis: Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest in consistent typography and brand presentation). Because the font is retrieved by your browser without storing information on your terminal equipment, consent pursuant to § 25 TDDDG is not required.

    Transfer to the USA: Adobe Inc. is certified under the EU-US Data Privacy Framework; any transfer is additionally safeguarded by EU Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR. Further information: https://www.adobe.com/privacy/policy.html.

  7. Contact by Email

    If you contact us by email (e.g. at info@mbiomics.com or privacy@mbiomics.com), we process the data you provide (such as your name, email address, and the content of your message) exclusively to handle your enquiry and any follow-up communication.

    Legal basis: Art. 6 (1) sentence 1 lit. b GDPR if your enquiry relates to the initiation or performance of a contract; otherwise Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest in responding to enquiries directed to us).

    Retention: your message is stored for as long as necessary to handle your enquiry and thereafter in accordance with statutory retention obligations (in particular under commercial and tax law, typically 6 to 10 years where applicable).

  8. Recipients of Personal Data

    Personal data is only transmitted to third parties within the framework described above. Our processors (in particular Cloudflare, Inc. for hosting and analytics, and Adobe for font delivery) process data on our behalf in accordance with Art. 28 GDPR and are bound by written agreements. Beyond this, we do not share your personal data with third parties unless we are legally obliged to do so.

  9. Transfers to Third Countries

    Where personal data is transferred to recipients outside the European Economic Area (in particular to the United States in connection with Cloudflare and Adobe), we ensure an appropriate level of protection through the EU Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR, through the EU-US Data Privacy Framework where applicable, and through additional technical and organisational measures.

  10. Data Security

    We implement appropriate technical and organisational measures within the meaning of Art. 32 GDPR to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access. This Website is delivered exclusively over encrypted TLS connections (HTTPS).

  11. Your Rights

    As a data subject, you have the following rights in relation to the personal data we process about you:

    • Right of access (Art. 15 GDPR)
    • Right to rectification (Art. 16 GDPR)
    • Right to erasure (Art. 17 GDPR)
    • Right to restriction of processing (Art. 18 GDPR)
    • Right to data portability (Art. 20 GDPR)
    • Right to object to processing based on Art. 6 (1) lit. f GDPR (Art. 21 GDPR), in particular against processing for direct marketing purposes
    • Right to withdraw consent with effect for the future where processing is based on your consent (Art. 7 (3) GDPR), without affecting the lawfulness of processing carried out before the withdrawal

    To exercise these rights, please contact us at privacy@mbiomics.com.

  12. Right to Lodge a Complaint

    You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority competent for mbiomics GmbH is:

    Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
    Promenade 18
    91522 Ansbach, Germany
    https://www.lda.bayern.de

  13. Objection to Processing Based on Legitimate Interests

    Where we base processing of your personal data on Art. 6 (1) lit. f GDPR (legitimate interests), you have the right to object at any time, on grounds relating to your particular situation, to such processing (Art. 21 GDPR). In the case of an objection, we will no longer process the relevant personal data unless we can demonstrate compelling legitimate grounds which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.

  14. Changes to this Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our services or in applicable law. The current version is always available on this page.

    Status: 17 April 2026.