1. About Our Policy
Complying with the EU General Data Protection Regulation n. 679/2016 (hereinafter “GDPR”) is fundamental for Deepli GmbH (hereinafter also “we/us/our”). For this reason, with the following privacy statement our aim is to ensure those purchasing our services (hereinafter “customers”, “you/your”) that the manner we process personal data and in- formation is in line with the enforced legislation. Deepli pursues legitimate interests of scientific and academic research, as well as of pro- viding its customers willing to start a business in the market of academic life science labs Europe, a clear picture of the available market in the field. Also, we provide group leaders and students in laboratories with the necessary information to make a general assessment of academic research in our field of competence. Our techniques of web monitoring and literature mining ensure a full privacy compliance, as we are moved, in all our activities, by scientific purposes. With the following privacy policy, in our capacity of data processors we intend to clearly inform customers and visitors about how our personal data processing works, the purpos- es of our data collection, the rights to which data subjects are entitled, as well as the role of third parties in preserving the level of data protection we guarantee. Contact Information: The safeguard of the rights of our customers, visitors and persons whose information we process is paramount for us. Therefore, should you have any ques- tion, information or observation of any type, please do not hesitate to contact us using the following coordinates: Controller: Inna Zaimenko, Feringastr. 6, 85774 Unterföhring, Germany. Email: inna@deepli.net. Phone: +49 89 99 21 60 01. Data protection officer: Inna Zaimenko.

2. Information We Process
In line with the definitions provided by art. 4 GDPR, we collect and process information re- lating to an identified or identifiable natural person such as given and family names, e-mail addresses, phone numbers, IP addresses or other technological means of data subject’s main localization, date and time of access to our App or to our website, job position, pub- licly available information related to the field of academic research and publications, and any other similar information. We do not collect and process special categories of data, such as racial or ethnic origin, sexual orientation, religious beliefs, data concerning health, and all the other special cate- gories highlighted by art. 9 GDPR. However, such categories of information may be pro- cessed upon data subjects’ explicit consent; when manifestly made public by data sub- jects; and for achieving purposes in the scientific research or statistic purposes in accor- dance with art. 89 (1) GDPR, the latter applying to Deepli. In any case our data processing infringes upon data subjects’ fundamental rights. We might collect other information – not falling within personal information and special categories – upon the visitors’ explicit consent, when given through our newsletter sub- scription or whenever explicitly agreed. We might save users’ individual searches in an anonymized format as to provide our customers the best experience in fully enjoying our services.

3. How We Collect Information
We collect data and information in accordance with the principles of the GDPR. We process information fairly and in a transparent manner, ensuring customers and visitors to know how their information are processed. Data will be processed accurately and kept up- to-date. We have different methods of collecting information:
a) We collect information upon customers’ and visitors’ explicit consent. This applies simply downloading our App or visiting our website, and accepting our privacy policy and our Terms and Conditions of Service; registering to obtain an account; contact- ing us via e-mail or other ways as previously stated; or similar actions. We ensure that our customers’ and visitors’ consent is explicit, providing means of confirmation of consent such as opting-in, confirmation e-mails, two-factor authentication, or oth- er similar methods. In no case we adopt fraudulent or implicit methods of consent. We do reserve the right, however, of collecting information through ticking boxes, where this is necessary for a better performance of our services.
b) We collect information from open and publicly available sources. We will in no man- ner manipulate and/or overuse publicly available information we may find on the web, and we do not make any infringement to data subjects’ rights who voluntarily disclosed their information and made it public on the web. Therefore, we do not ac- cept any responsibility and liability, as publicly available information infringing upon data subjects’ rights are exclusive responsibility of the sources we gather informa- tion from. Collected personal data will exclusively serve as a database for cus- tomers to fully enjoy the experience our services provides.
c) We automatically detect and collect information whenever visitors download our app, without necessarily subscribing to our newsletter, including but not limited to geo-localization, IP addresses, details about search queries, type of browsers used, or similar technologies. This information is used for the sole purpose of improving our services, and they may be stored in our databases as long as necessary for the purposes mentioned in the next paragraphs.

We wish to ensure our customers and visitors that in cases b) and c), our collection of in- formation is protected under the legitimate interest we pursue, that is, providing our cus- tomers a clear picture of the scientific and statistical available market in the field of acad- emic life science labs, and which, in any case, will never override customers’ and visitors’ interests in the safeguard of their fundamental rights and freedoms. We will provide the data subjects with all the information needed, according to art. 14 GDPR, every time the provision of such information would not imply a disproportionate effort for us, especially those cases in which we collect data from publicly available sources. In such cases, pro- viding information to data subjects would render impossible or would seriously impair the achievement of our legitimate interest, under article 14, paragraph 5, GDPR, and thus it is not an obligation for us to communicate information to data subjects. Nevertheless, we guarantee to take appropriate measures to protect data subjects’ rights, freedoms and le- gitimate interests.

4. Our Purpose of Processing
Personal data and information we collect and process may serve a double scope. We use such information in order to better understand how to develop our functionalities and our services; how to improve our App; how to expand our services; how to improve our design, and similar. Furthermore, we use such information to create a database which will be used for academic research purposes, aggregating such information and making them more easily available and accessible to our customers and visitors; to facilitate match-making operations; for statistical purposes in terms of geo-localization, fields of expertise, and sim- ilar. As such, our information processing is adequate and limited to what is necessary for the purposes for which they are processed, in plain accordance with the principle of mini- mization. If our users are registered, we might use their information to send them e-mails for market- ing and/or scientific purposes; interact with them with the most recent news and service updates; process their registration to our services and make sure their user account will work in the most effective manner, and similar. Our services provide a moderate usage of such information, and in no case their overuse, in line with the purposes for which the pro- cessing is made. If necessary, we will contact our customers and visitors directly, in all those cases we will have to communicate that the purposes of processing differ from the initial purposes as hereby stated.

5. Third Parties
Our services include the transfer to third parties of our databases, composed of aggregat- ed data collected especially through, but not limited to, open and publicly available sources as well as information automatically detected. Transfer of data, as allowed under GDPR, serves our mission of providing our customers a complete overview of the market in the field of academic life science labs, and as such our transfers are moved by legiti- mated interests of improving the market, especially for the interests of EU laws-protected Small and Medium Enterprises, as well as for scientific and/or academic research purpos- es. As such, we may disclose information as name, e-mail address, phone number, title, publicly available information related to the sector of the services; we may transfer infor- mation for business purposes, to customers which, in accepting our terms and conditions of service, will pursue interests not differing from our services. All such third party proces- sors in such cases become unique owners and controllers of such information and are, therefore, contractually bound to keep information they receive by us as confidential and for their exclusive use. Our services are provided on the data within Europe, and as such the territorial scope of the GDPR is fully compliant. Nevertheless, whether in a potential and unforeseeable future we will have to disclose information to third parties outside the EU, for the same purposes for which information are processed, we guarantee that the country in which our potential customer operates fall within the adequacy decisions of the European Commission (art. 13, paragraph 1(f) GDPR) or, in every case, we take all adequate measures to be legally compliant.

6. Period of Data Storage
Our customers and visitors will access our services through simply downloading a desk- top-based or a web-based App. Our strength is to provide our customers and visitors a database of information which, once downloaded, will be at their availability for an indefi- nite period. This does not imply that such indefinite period is unlimited: information are, in every case, processed for a period of time corresponding to the time that is necessary for the purposes for which information are processed, according to the principle of storage limitation under art. 5, paragraph 1 (e), GDPR. Nevertheless, the storage of data in the desktop or a web App may be legitimately kept for a longer period, as the main interest of our data processing, as previously stated, is achieving purposes of scientific and academic research, in providing customers and expert groups contacts for the sole purpose of monitoring academic life science labs, and extrap- olate the necessary aggregations and statistics for such purposes from the information. In accordance with art. 89 GDPR, we ensure the implementation of appropriate technical and organizational measures in order to safeguard the rights and freedoms of data subjects, such as, whether necessary: pseudonymization; conservation of information that are strict- ly necessary for the purposes of processing and without any additional information allow- ing to identify data subjects; the predisposition of separate databases of those information stored from a longer period; easier means of cancelation, and similar methods. Once our customers purchase our ser- vices, it will be their sole and exclusive responsibility to make sure their information pro- cessing will be in line with the Deepli privacy policy.

7. Users Rights
It is a customers’, visitors’, and users’ fundamental right to receive from us transparent in- formation and communication concerning the processing of their data. Your rights may be exercised in the ways that follow and addressing us to the contacts provided above. When allowed by the law and by the present privacy policy, we will answer to your questions and requests right away, in a written form or even orally, in cases specifically provided by art. 12, paragraph 1, GDPR. Customers and visitors have the right to:
a) Access: obtaining confirmation as to whether or not data is being processed; the purpose of processing; third parties disclosures, where applicable; period of stor- age, or the criteria for determining such period; lodge a complaint with a competent supervisory authority; information about the source of collection, when data are not collected directly from data subjects. To access your information you can contact us as specified in paragraph 1.
b) Rectification: asking to correct any erroneous information or personal data, which will be promptly done; asking to complete personal data that are incomplete.
c) Erasure: cancelling your data and information from our database without undue de- lay, whether such data are no longer necessary for our initial purposes of collection (see above); withdrawal of consent whether processing is based on consent, and other reasons specified in article 17 GDPR. However, we still have the right to refuse cancelation in those circumstances specifically highlighted by the GDPR.
d) Restriction of processing: process and usage of data may be restricted when such data are deemed to be inaccurate; processing is deemed to be unlawful, and other reasons specified by the GDPR.
e) Data portability: where applicable, personal information and data may be given back to the data subject, and/or transmitted to another controller upon data subject’s specific request.
f) Object: pose objections on information processing when we rely on a legitimate interest. We have the right to examine such objections and evaluate them, assessing whether our legitimate interest overrides the interests, rights and freedoms of the data subject. The present applies as well to data processing for marketing purpos- es.

8. Prohibit against website advertisement using unsolicited messages
Unsolicited messages including emails that do not comply with CAN-Spam Act are considered as spam. The uncontrolled use of data or the request that is not relevant, can not be relevant or does not fit in any state or can be irritative to a recipient is prohibited. In each activity including cold outreach we ensure the relevancy of a message including email that acts in the best interests of the recipient. The relevancy of each message should be explained in the body so the recipient has a background and can decide.

9. Miscellaneous
9.1. Security: we make use of all electronic, technologic, physical and procedural methods, as well as encryption where possible, to ensure that all information stored are secured. Unfortunately, we are all aware that data breaches and unlawful accesses are possible: in such cases, we are not responsible for inevitable breaches occurring to our website and App. Your account is protected by an installation key we generate when the App is opened for the first time, and we are not responsible for breaches. When breaches occur, we will provide notification to data subjects whose data have been breached, and will address to the competent national supervising authority.
9.2. Sensitive Information: customers and visitors should not transfer us sensitive informa- tion (document numbers, health information, and other information provided under art. 9 GDPR).
9.3. Other Websites: when our web page and App provides link to other websites, we do not hold any responsibility, liability or control, for and on the privacy policies of such web- sites customers and visitors will be redirected to. Therefore, it is customers’ and visitors’ interest to visit linked websites’ privacy policies before accepting them.
9.4. Changes to this Policy: the present policy will be constantly kept updated with relevant provision of legal nature. Changes will be explicitly indicated with the date of the modifica- tion.

10. Applicable Law and Jurisdiction
Our privacy policy is strictly compliant with the European and German laws, as Deepli GmbH is a Germany-based company. Thus, the present privacy policy is governed by the German law, and all disputes that shall arise will be settled under the German Courts and jurisdiction.