Privacy Policy and GDPR Compliance


How Lab-Ally collects PII | Where Lab-Ally stores PII | How Lab-Ally uses PII | Lab-Ally does not share PII | Your rights | Cookies | Lab-Ally cookies | Service provider cookies | Privacy of CERF | Payment data | Breach notification | Changes to Privacy Policy | Data Processing Addendums | Privacy contact


Overview

Lab-Ally LLC (“Lab-Ally”) is committed to protecting the personal data of our website visitors, and CERF  ELN system (“CERF”) users. This privacy policy applies to all users or visitors of lab-ally.com, cerf-notebook.com, or CERF (collectively, “data subjects”).

Lab-Ally acts as a data-controller, as defined under the General Data Protection Regulation (GDPR), for lab-ally.com and cerf-notebook.com. As a data controller, Lab-Ally is responsible for determining what actions are taken with personal data that is collected. Personal data is defined as any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Lab-Ally uses service providers which act as data processors for Lab-Ally data. These data processors are: Amazon Web Services, Salesforce, WordPress, Google Analytics, and Vertical Response. These service providers are aware of current GDPR regulations and provide GDPR compliant data processing solutions. Lab-Ally has data processing agreements with our service providers which can be found below in the “Data Processing Addendums” section

Lab-Ally, with cooperation of its data processors, protects the personal data of our data subjects and complies with the General Data Protection Regulation.

How does Lab-Ally Collect Personal Data?

Lab-Ally collects both Personally Identifiable Information(PII) and Non-Personally Identifiable Information. This section will outline how PII data is collected on each Lab-Ally website. Lab-Ally does not automatically collect or capture any PII.

lab-ally.com

lab-ally.com collects PII only through manual user entry. When a visitor opens the Contact Us form on lab-ally.com, the user is prompted to enter personal information to facilitate our responding to their message. At a minimum the data subject must enter: [First name, Last name, Email address, and Phone number]. The user may also enter the optional data: [Title, Company, Mobile Phone, Website, Business Description, Country, State, Time Zone, Product of interest, Inquiry Description, Preferred Contact Method, How did user hear about Lab-Ally.] The user is given the option to receive email updates; the default state is set to be opted out of email updates. Upon submission of Contact form, the PII collected becomes accessible to Lab-Ally, and Lab-Ally then acts as the data controller for this data. This data is stored on Salesforce servers; Lab-Ally and Salesforce will never share this data with any other third-parties.

cerf-notebook.com

On cerf-notebook.com PII data is collected only through manual user entry, in the same way as data is collected on lab-ally.com. When a website visitor clicks the Contact Us button, the user is prompted to manually enter personal information. At a minimum, the user must enter: [First name, Last name, Title, Company, Email address, and Phone number]. The user may optionally enter: [Title, Country, Product of interest, and Comments or questions]. This data is stored on Salesforce servers, and will never be shared with any other third parties.

Where does Lab-Ally store personal data?

PII of data subjects who filled out the contact form on either lab-ally.com or cerf-notebook.com will have data stored on Salesforce servers. The Salesforce servers which are used by Lab-Ally are located in the USA.

How does Lab-Ally Use Personal Data?

Lab-Ally conducts lawful processing of data through explicit consent of the data subject. Lab-Ally obtains consent to send email updates to data subjects when the data subject clicks the button to receive email updates from the Contact Us page. Once the data subject consents, the PII is stored in our Salesforce contact database to be used for Lab-Ally to maintain service and marketing contact with our customers. Lab-Ally sends occasional notices or announcements to data subjects who chose to receive email updates. Lab-Ally utilizes the service of Vertical Response to send email updates. Vertical Response acts as a data processor for Lab-Ally.

Does Lab-Ally Provide data to others?

Lab-Ally provides data only to relevant data processors [Salesforce, Vertical Response] for the purposes of conducting our business, such as fulfilling orders and providing services. Lab-Ally does not provide data to any other individuals or organizations. Lab-Ally is neither owned by nor does it own any other organizations. Lab-Ally is the only data controller for Lab-Ally data. The Lab-Ally data processors do not share or transfer data.

What rights does Lab-Ally provide you with your data?

Lab-Ally is a data controller of certain PII specified above, and is compliant with data protection laws and regulations. As such, Lab-Ally affords the following data rights to its data subjects. Lab-Ally will take the necessary steps with its data processors to respect the rights of its data subjects.

Right of access:

To receive a copy of personal data undergoing processing, email info@lab-ally.com. Additional information concerning the processing of personal data should be contained in this document.

Right to rectification:

Lab-Ally has no interest in obtaining or storing incorrect information, and if any data subject has reason to believe that any personal data received by Lab-Ally is not correct, please email info@lab-ally.comto rectify the issue.

Right to be forgotten:

Lab-Ally will erase any personal data which has become irrelevant to the processing activities described in this document. In addition, any data subject may suggest erasure of their personal data by emailing info@lab-ally.com. Any personal data stored with Lab-Ally’s affiliated data processors will be deleted upon data subject’s request.

Right to restrict Processing:

Lab-Ally performs no data-processing without the consent of its data subjects. If a data subject has provided consent to receive email updates from Lab-Ally, but no longer wishes to receive said updates, the data subject has the ability to “Unsubscribe” from email updates. The “Unsubscribe” feature is at the bottom of any marketing emails sent from Lab-Ally. If the data subject cannot locate the “Unsubscribe” link, they may email info@lab-ally.comthat they would no longer like to receive email updates.

Right of Portability:

Upon request, Lab-Ally will provide the personal data of subjects through email in the form of a .CSV file.

Right to Object:

Lab-Ally does not process any data without the expressed consent of the data subject. By default, the data subject is opted out of receiving email updates from Lab-Ally. The data subject must consent to receive email updates from Lab-Ally. As stated above, the user may withdraw consent from receiving announcement or marketing emails at any time.

Cookies

General Information

A cookie is a file containing information about a web-users activity on a particular web-page. Cookies are sent from web-pages that a user visits, and are stored on the local drive of the visitor. Cookies can be used for a variety of purposes. These purposes include user authentication, storing previously entered information, or tracking user interaction with the web-page. There are two main types of cookies, persistent and session cookies. Session cookies are only stored for the duration of the web-browsing session. Persistent cookies are stored from session to session.

What Cookies does Lab-Ally use?

Lab-Ally does not directly administer cookies to data subjects, however, Lab-Ally contracts with service providers who do use and store cookies on the computers of data subjects. Read the following section about the cookies of our service providers. Lab-Ally has implemented a cookie notice and consent for its websites.

What cookies do our service providers use?

WordFence

WordFence is a WordPress plugin which bolsters the security of Lab-Ally websites by preventing brute force attacks and similar hacking attempts. The WordFence cookie may process the user’s IP and location. The cookie below is stored when a data subject visits cerf-notebook.com or lab-ally.com.

Cookie Name Expiration Time                                     Description
wfvt_XXXXXXX 30 minutes, 24 hours Lab-Ally utilizes WordPress WordFence cookie to increase website security and prevent hacking.

Google Analytics

Lab-Ally uses Google Analytics to analyze website visitor usage trends. Google Analytics provides data reports and tools to analyze usage patterns of Lab-Ally websites, such as which of our pages are visited, how long a page is viewed, what search terms have been used, etc. The Google Analytics cookies do not contain any personally identifiable information (PII). Google Analytics collects the partial IP address of the user, but Lab-Ally uses IP anonymization, so the full IP address of the data subject is never saved. More information about Google Analytic IP Anonymization can be found here. The following cookies are used by Google Analytics within the lab-ally.com and cerf-notebook.com domains:

Cookie Name Expiration Time Description
_ga 2 years Used to distinguish users
_gid 24 hours Used to distinguish users
_gat 1 minute Used to throttle request rate.

If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

The table above was based upon online Google Analytics information here.

Cookie Management

A standard feature of reputable web browsers is the ability to manage cookies. These abilities should include viewing, blocking, and deleting cookies. The links below contain information about managing cookies on several popular browsers.

  1. Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
  2. Apple Safari: https://support.apple.com/kb/ph21411?locale=en_US
  3. Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
  4. Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
  5. Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Privacy of data within CERF

Users of CERF are bound by other agreements with Lab-Ally, such as a CERF Software License Agreement, CERF Software Support Service and Maintenance Agreement, or Terms And Conditions Of Use For CERF Online Software Trial (available at https://cerf-notebook.com/terms/). Those agreements are separate from this Privacy Policy, and this Privacy Policy does not modify, revise, or amend the terms of any other agreements the user may have with Lab-Ally.  Where appropriate, this Privacy Policy is incorporated by reference in those agreements.

Lab-Ally does not act as a data controller for CERF ELN, and does not have access to user information contained within any deployment of CERF. Lab-Ally confirms and agrees that CERF users will own all rights to all data and information inputted by them into CERF.  When using CERF, the user is the data controller of their data, and organizations using CERF should be aware of any and all personal information that is stored on the CERF server, and whether such data is accessible to entities outside of the organization.

CERF may be installed on a local server under the user’s immediate control, or through the GDPR-compliant cloud-hosted environment, Amazon Web Services.  Lab-Ally also provides public access to a free Online Software Trial hosted on Amazon Web Services. The use of CERF requires two pieces of personal information: [Name, Email Address]; however, these data are stored locally on the user’s CERF server, or on Amazon Web Services, which is GDPR compliant.

Users of a CERF server hosted by Amazon Web Services should be aware that AWS is a data processor. As a GDPR-compliant data-processor, Amazon Web Services has an extensive Data Processing Addendum which is now part of Amazon Web Services Online Service Terms. The Data Processing Addendum is avaible in section Header 83 of the Online Service Terms.

Payment data

When a customer completes a financial transaction, the customer will temporarily provide Lab-Ally with financially relevant personal information. This data may include bank account numbers, routing numbers, and, if elected, credit card information. Access to this information is available only to the specific Lab-Ally staff individual charged with processing the transaction.  Once a transaction has been completed, this information is destroyed or deleted permanently.

Breach Notification

Lab-Ally has never suffered a data breach. If a data breach does occur in which PII is leaked, Lab-Ally will notify affected data subjects as soon as practicable. In addition, our data processors: [Amazon Web Services, WordPress, Salesforce, Google Analytics] are committed to following this regulation as stated in their privacy documentation, and will notify Lab-Ally about any breaches which may have occurred within 72 hours.

Lab-Ally does not anticipate the occurrence of a data breach, however Lab-Ally would like to ensure its customers that they will be informed if one which affects them should occur.

Changes to Privacy Policy

Lab-Ally reserves to the right to change the privacy policy at our sole discretion. The most up-to-date privacy policy will be available at https://lab-ally.com/privacy. Lab-Ally intends to update the privacy policy only when necessary and to the minimum degree that is sufficient.

Data Processing Addendums

Per laws and regulations, Lab-Ally must have data processing agreements with its data processors. Lab-Ally has taken the necessary steps in order to maintain data processing agreements with the service providers. The links below represent the official agreements between Lab-Ally and the service providers.

Amazon Web Services:

https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

Salesforce: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf

Vertical Response (Deluxe Corporation): https://www.deluxe.com/sites/deluxe.signupserver.com/files/pdf/Deluxe-Article-28-Data-Processing-Addendum.pdf

Wordfence:

https://www.wordfence.com/gdpr/dpa.pdf

Privacy Contact

Lab-Ally is happy to answer any questions about our privacy policy. Please reach out through one of the methods below. We will get back to you as soon as possible.

247 E. 9th Avenue
Columbus, Ohio, 43201
USA
Phone number: +1 (614) 407-4547
Email: info@lab-ally.com