Data privacy statement

We thank you for visiting our website, and for your interest in our company and our products.


Protecting your privacy when processing personal data and the security of all business data is very important to us. In the following, we would therefore like to inform you how we collect information, what information we collect and how VITLAB GmbH (hereinafter referred to as VITLAB) uses this information.


We process personal data that is collected during your visit to our website confidentially and in accordance with the statutory data protection regulations as well as this data protection declaration.


No data will be transmitted to third parties without the consent of the person concerned or without a legal basis.


For information on handling application data in the context of application procedures, please refer to the section ”Data protection information for applicants”

General instructions - mandatory information

Responsible body within the context of data protection law is VITLAB GMBH

Linus-Pauling-Strasse 1

63762 Grossostheim


Tel.: +49 6026 977 99-0

Handling personal data / collecting and processing personal data

Personal data refers to individual information regarding personal or factual circumstances of a specific or identifiable natural person. This includes, for example, the name, address, e-mail address, telephone and fax number. We collect and process your data when you explicitly communicate it to us (e.g. in a contact form). Other data is collected automatically or based on your consent when you visit our website. This data usually involves technical data, such as the internet browser and operating system in use and time of access. However, almost our entire website can also be used without providing your personal data.


On one hand, your data is collected to ensure that the website is displayed without error, but part of the data can also be used to analyze your usage behavior, provided you have given your consent.


If we process your personal data on the basis of an express consent within the meaning of Art. 6 para. 1(a) of the General Data Protection Regulation (GDPR), this is done within the limits and purpose specified in the consent, e.g. to process requests for information, prepare batch certificates, order brochures, demo devices or samples, and to process orders and payments in our online shop.


As far as a business relationship exists with you as a customer or business partner, we also use your personal data to inform you about further offers and novelties of our products or to inquire as to your customer satisfaction. Exclusively for processing your specific inquiry (legal basis: Art. 6 para. 1 lit. b, pre-contractual or contractual measures) or after your proper consent, we may pass on data to our sales partners, dealers and affiliated companies. Data will only be forwarded in accordance with the provisions of Art. 26 (joint responsibility) or Art. 28 (order processing) of the GDPR.

Retention period

As long as this data privacy statement does not contain a more specific regulation on the storage period, the personal data stored by us will be stored until the purpose of the data processing ceases to apply. If the storage of your personal data is not permitted by law (e.g. due to tax or commercial retention periods), you can have your data deleted earlier if you make a justified request for deletion or revoke the consent given to us to process your personal data.

Transferring data to the USA

Embedded in our website are tools from companies based in the USA as well as companies that may store data on servers located in the USA. If these tools are activated, your personal data can also be stored on servers in the USA. However, there is currently no adequate level of data protection in the USA that meets European standards, as US companies in certain sectors (including IT and telecommunications companies) are obligated by the Clarifying Lawful Overseas Use of Data Acts (the so-called CLOUD Act) to give US authorities access to personal data stored by them. Therefore, it cannot be excluded that the US authorities process, analyze or permanently save your data, which is stored on the US servers. We have no control over the data handling process in the USA.

Your rights

You have the right at any time and free of charge to obtain information about the origin, recipient and purpose of your stored personal data, to have your data corrected and/or to demand deletion or limited processing of your data. If you have consented to the processing of your personal data, you can revoke this consent at any time with effect for the future. Finally, you have the right to appeal to the responsible supervisory authority.

If you have any questions about your rights, you can contact us at any time using the contact information listed here.

Revocation and objection

Many data processing operations are only permitted with your consent. You can revoke consent already given at any time, with future effect. However, this does not affect the legality of processing your data until the date of revocation.


If data processing is carried out on the basis of Art. 6 para. 1(e) or (f) of the GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data privacy statement. If you file an objection, we will no longer process your personal data unless we can prove compelling and legitimate reasons that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (objection according to Art. 21 paragraph 1 GDPR).

If your personal data is processed for the purpose of direct advertising, you have the right at any time to object to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is in connection with such direct advertising. After receiving an objection, your personal data will no longer be used for direct marketing purposes (objection according to Art. 21 paragraph 2 GDPR).


In the event of infringements of the GDPR, those involved have the right to appeal to a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place where the suspected infringement was committed. The right of appeal is without prejudice to other administrative or judicial remedies.

Access, deletion, rectification

You have the right to have data, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only take place if it is technically feasible.

Within the limits of the applicable legal provisions, you have the right at any time to obtain free information about personal data stored regarding your person, its origin and recipients and the purpose of the data processing and, if applicable, a right to rectify or delete this data.

Limited processing

In the following cases, you have the right to request limited processing of your personal data.

  • If you dispute the correctness of your personal data stored by us, we normally need time to review this. For the duration of the review process, you have the right to request limited processing of your personal data.
  • If your personal data was/is being processed unlawfully, you can request limited processing of your data instead of having the data deleted.
  • When we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request limited processing of your personal data instead of having the data deleted.
  • If you file an objection in accordance with Art. 21 paragraph 1 GDPR, your interests must be balanced againt our interests. As long as it is not yet clear whose interests prevail, you have the right to request limited processing of your personal data.
  • When the processing of your personal data is limited, this data – apart from its storage – may only be processed with your consent, or in order to assert, exercise or defend legal claims, or to protect the rights of another natural person or legal entity, or for reasons of substantial public interest of the European Union or a member state.


Use of cookies

Our website uses so-called “cookies.” Cookies are small text files that are stored in the web browser or by the browser on your end device when you visit our website. Cookies can be stored on your end device for only the duration of your visit (“session cookies”), for a fixed time period or permanently (“permanent cookies”). Session cookies are automatically deleted after your visit ends; permanent cookies are stored on your end device until you delete them or until your web browser performs automatic deletion. More detailed information on the storage duration of the respective cookies in use can be found in the cookie settings.


Cookies have several different functions. Many cookies are technically necessary since certain website functions would not work without them. Other cookies are used to evaluate user behavior or display advertisements. Cookies that are required to perform the electronic communication process (required cookies) or to provide specific functions you want to use (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring the web audience) are stored on the basis of Art. 6 para. 1(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing such cookies in order to provide a service that is optimized and free of technical errors. If consent to the storage of cookies was requested, the cookies in question will be stored on the basis of this consent (Art. 6 Para. 1(a) GDPR); consent may be revoked at any time with future effect.


You can also configure your browser so it informs you about the use of cookies and allows cookies only on a case-by-case basis. You can also exclude the acceptance of cookies for certain cases or on a general basis and activate automatic deletion of the cookies when you close the browser. Deactivating cookies may restrict the functionality of this website.


VITLAB Cookies: VITLAB uses cookies and active components (e.g. JavaScript) to follow the preferences of visitors and to optimize web page design accordingly.


Third-party cookies: Some VITLAB websites contain content and services from other providers (e.g. YouTube, Facebook, Xing), which in turn may use cookies and active components. VITLAB has no influence on the processing of personal data by these providers. Further information about this type of processing and the handling of your data can be found in this data protection notice, as well as on the websites of the respective service providers.


Web analytics by Matomo (formerly PIWIK)

We use the web analytics service Matomo from the company InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, which enables site-wide user recognition to analyze user behavior. This service allows us to find out when specific pages were viewed, in which regions they were viewed and what actions the user has performed (e.g. clicks or purchases).

The following usage data is processed: Two bytes of the IP address of your end device, the web page viewed and the website from which you were directed (referrer URL), sub-pages viewed on our website, location data (based on the anonymized IP address), user times, duration and frequency of visits and browser/device data.

The collected information for use (including your abbreviated IP address) is transmitted to our server and stored. Your IP address will be anonymized, so that the data cannot be assigned to an identifiable person, and the individual user remains anonymous. The collected data for use will not be passed on to third parties.

This analysis tool is used on the basis of Art. 6 para. 1(f) GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior, in order to optimize its web content and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), processing takes place on the basis of Art. 6 para. 1(a) GDPR; consent can be revoked at any time.

The data will be deleted as soon as it is no longer needed for our recording purposes. More detailed information on storage duration can be found here.



We use the Cookiebot service to ask whether you wish to give your consent to non-technically required cookies used on our website and to document this according to the applicable data protection rules and laws. This service is provided by the company Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. Your browser transmits personal data in the form of your IP address to Your IP address is anonymized there and not stored. Cybot A/S then stores in your browser a cookie in which the consent or objection you have given is stored.

The cookie is stored on the basis of Art. 6 para. 1(c) GDPR. Due to the ECJ judgment of 1 October 2019, file no. C-673/17, the website operator is obliged to obtain consent for non-technically required cookies before they are used. More detailed information on storage duration can be found here.

More information on data protection at Cybot can be found here:


You can subscribe to our newsletter with information on products and services on our website. The newsletter comes out about twice a year. The newsletter will only be sent after you have entered your e-mail address and confirmed that you are the owner of the e-mail address and agree to receive the newsletter (so-called "double opt-in procedure"). The data is only collected and used for the purpose of sending you the desired newsletter. It is deleted as soon as you have revoked your consent to receive the newsletter. For the processing of your data – e.g. the sending of the newsletter – contractually bound external service providers may also be used. The data will not be passed on to unauthorized third parties.

Your data is processed exclusively on the basis of your consent (Art. 6 para. 1(a)) GDPR. You can revoke your consent to the storage of your data, the e-mail address and its use for sending the newsletter at any time, e.g. via the link in the newsletter. The legality of data processing that has already been carried out remains unaffected.


After you have been removed from the newsletter distribution list, your e-mail address may be stored in a blacklist by us or the newsletter service provider, in order to prevent future mailings. The data from the blacklist is used solely for this purpose and is not combined with other data. This is intended to protect both your interests and ours in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1(f) GDPR). Storage in the blacklist is not subject to a time limit. You can object to this storage if your interests outweigh our legitimate interests.


We use CleverReach for sending out our newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. With this service, we can organize and analyze our newsletter mailing process. The data submitted in connection with the newsletter, such as your e-mail address, is stored on CleverReach’s servers. The servers are located in Germany and Ireland.
Mailing our newsletters with CleverReach allows us to analyze the behavior of newsletter recipients. We can analyze, among other things, how many recipients have opened the newsletter message and how frequently links were clicked on in the newsletter. With the aid of so-called ‘Conversion Tracking,” we can see whether a previously defined action was performed after clicking a link in the newsletter. Further details about data analysis by CleverReach can be found at:

Data is processed on the basis of your consent (Art. 6 para. 1(a) GDPR). You can revoke your consent at any time. If you do not want your behavior analyzed by CleverReach, you must unsubscribe from the newsletter. Details about the privacy policy of CleverReach can be found at:

Contact form

You can contact us via our contact form. We process the personal details you provide here (surname, first name), your contact details and all other data you provide us with on your own initiative in accordance with Art. 6 Para. 1 lit. b GDPR. Your data will be stored for as long as necessary for processing and deleted in accordance with data protection regulations as soon as the purpose for processing ceases to apply and no further legal obligations to retain data conflict with this.


VITLAB takes all necessary technical and organizational security measures to protect your personal data against manipulation, loss, destruction or access by unauthorized persons or against unauthorized disclosure. The security measures in use are continuously improved in accordance with technological developments.

Data transmission – SSL encryption: To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

Should you wish to contact VITLAB by e-mail, we point out that the confidentiality of the transmitted information is not guaranteed. The content of e-mails can be viewed by third parties. We therefore recommend that you send us confidential information by post only.

Data deletion

Personal data will be deleted when you revoke your consent to its storage, when having this personal data is no longer required to fulfill the purpose for which it was stored, or if its storage is inadmissible for other legal reasons. This does not affect data for business transactions that is needed for billing and accounting purposes or is subject to legal retention periods.


We adhere to the principles of avoiding the creation of superfluous data and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for in the various storage periods provided for by law. After expiry of these periods, the corresponding data will be routinely blocked or deleted in accordance with statutory provisions.

Data protection information for applicants

a) Responsibility

The office responsible for all data arising in connection with the application process is VITLAB INTERNATIONAL GMBH (VITLAB INTERNATIONAL), postal address: Otto-Schott-Str. 25, D-97877 Wertheim, Germany. VITLAB INTERNATIONAL carries out all tasks for VITLAB GMBH + CO KG, VACUUBRAND GMBH + CO KG and VITLAB GmbH which concern the services of a personnel department (e.g. personnel recruitment, personnel development and personnel administration).

You can contact the data protection officer of the group of companies by sending an e-mail to privacy[at], or by sending a letter to our postal address, adding "the data protection officer" or by calling us on +49- 6026 977 99-0.


b) Purpose and legal basis of the processing

The processing of your data serves the purpose of processing your application and is carried out on the basis of Art. 88 para. 1 GDPR in conjunction with § 26 of the Federal Data Protection Act (BDSG), according to which personal data may be processed for the purposes of the employment relationship, among others, if this is necessary for the decision on the establishment of an employment relationship. Your data will only be forwarded to the departments responsible for the specific application procedure. Your application data will only be forwarded to other companies in the group of companies with your express prior consent.


c) Retention period

Your personal data will initially be stored for the duration of the application process and for a further 6 months beyond that, after which it will be deleted.

If we feel your application might be interesting for future job vacancies, we will keep your application data on file for a period of 24 months after you have expressly agreed to such storage and use.


Changes to our data privacy regulations

We reserve the right to adapt this data privacy statement occasionally, to ensure that it always complies with current legal requirements, or so as to implement changes to our services in the data privacy statement, e.g. when introducing new services. The new data privacy statement will then apply for your next visit.


This data privacy statement is currently valid and has been in effect from September 2020.

Questions to the data protection officer

Regarding the processing of your personal data, for information, suggestions and complaints, please send us an e-mail. Alternatively, you can also contact our data protection officer directly.


The contact details for our data protection officer are as follows:

Ronald Baranowski



Kasseler Str. 30

D-61118 Bad Vilbel, Germany

Tel. +49-6101-982 94 22




Alternatively, you can write to our postal address, adding “the data protection officer” to the addressee:



Linus-Pauling-Str. 1

63762 Großostheim

oder telefonisch: +49-6026 977 99-0


Questions will be answered within 4 weeks.