Open Lab and its partners and subsidiaries (“Open Lab”, “we” or “us”) are committed to protecting your privacy and keeping your personal information secure. The purpose of this privacy policy (the "Privacy Policy") is to inform you of our privacy practices, including how we collect, use and disclose your personal information.

This Privacy Policy applies to our website, mobile applications and related services (collectively referred to as "Open Lab Services"). By visiting, accessing or using the Open Lab Services, you agree to the policies and practices of this Privacy Policy, so please read it carefully. If any policy or practice of this Privacy Policy is unacceptable to you, please do not visit, access or use the Open Lab Services.

Your privacy is important to us, so please take the time to learn about and familiarize yourself with our policies and practices, whether you are new to Open Lab Services or a long-time user. You are free to print and retain a copy of this Privacy Policy, but please understand that we reserve the right to change our policies and practices at any time. You can always find the latest version of this Privacy Policy here on this page. Visiting, accessing or using the Open Lab Services after this Privacy Policy has changed will be deemed to be your acceptance of those changes. You should therefore read this Privacy Policy periodically. If you do not agree to be bound by this Privacy Policy, you should not visit, access or use the Open Lab Services.

The personal information we collect about you may include the following. In each case, we will identify the reasons on which we base the processing of your personal information in accordance with the General Data Protection Regulation (the "GDPR"):

A. Account Profile - When you register an account as a Participant or Researcher, we may collect your first and last name, email address, username and password. You may also provide additional information about your account profile, such as your research institute. Applicable legal grounds: contract performance, consent, legitimate interests (so that we can fulfil our obligations and provide our services);

B. Device Information – information that is automatically collected about your device, such as hardware, operating system, browser, etc. Applicable legal grounds: legitimate interests (to allow us to provide the content and services on the website), consent, contract performance;

C. Location Information – information that is automatically collected from your browser, including your IP address and/or domain name and any external page that referred you to us. Applicable legal grounds: legitimate interests (to allow us to provide the content and services on the website), consent, contract performance;

D. Server Log Information – information that is generated by your use of the Open Lab Services that is automatically collected and stored in our server logs. This may include, but is not limited to, device-specific information, location information, system activity and any internal and external information related to Open Lab pages that you visit. Applicable legal grounds: legitimate interests (to allow us to provide the content and services on the website), consent, contract performance;

E. Correspondence – information that you provide to us in correspondence, such as when you submit questions or inquiries, send us emails and with respect to ongoing customer support. Applicable legal grounds: legitimate interests (to enable us to perform our obligations and provide our services), consent, contract performance.

Open Lab may also use standard practice to place data files known as cookies in your web browser on your computer or other devices used to access Open Lab services. Cookies are small pieces of information that are automatically stored in your device's web browser and can be retrieved by us. The type of information we collect includes but is not limited to uniquely identifying visitors. We use these technologies to recognize you and authenticate you as a user of Open Lab Services. We do not transfer collected cookie data to third party service providers. Please note that if you block or delete cookies, you will not be able to use some or all of the Open Lab Services.

We take measures to ensure that only those employees who need access to your personal information to perform their job functions have access to your personal information. We may use the personal information we collect for this purpose:

a) to provide you with Open Lab services, including customer support;

b) to improve and enhance the Open Lab Services, including the development of new products, services, features and functions;

c) respond to inquiries and other requests;

d) to provide you with information that we believe may be of interest to you, including information about our products and services;

e) monitor the use of the Open Lab Services, including conducting automated and manual security checks;

f) understand and analyze usage trends and preferences of our users;

g) compile aggregated and anonymized reporting data on the Open Lab Services;

h) investigate legal claims;

i) perform such purposes for which we may seek consent from time to time; and

j) to pursue other purposes permitted or prescribed by applicable law.

We may disclose your personal information to law enforcement and government authorities if we are required to do so by law or have a good faith belief that such action is necessary to comply with applicable laws, to respond to a valid court order, judicial or other subpoena, or governmental warrant, or to otherwise cooperate with law enforcement or other governmental authorities.

We rely on third parties to perform a variety of services on our behalf, such as fraud detection or security threats, payment card processing, hosting services, and data storage or processing, and we may transfer your personal information to our service providers for these purposes. Third party service providers will only have access to and may only collect personal information if necessary to perform their functions and are not permitted to share or use the information for any other purpose.

When we share your personal information with third parties, we take reasonable steps to ensure that the rules set forth in this Privacy Policy are followed and that these third parties have sufficient guarantees to implement appropriate technical and organizational measures to protect your personal information.

We take your privacy very seriously and have taken physical, organizational and technological security measures to protect your personal information from loss or theft, unauthorized access, disclosure, copying, use or modification. In particular, we encrypt the Open Lab Web site using SSL; we regularly review our information collection, storage and processing practices; and we restrict access to your information on a need-to-know basis to our employees, contractors and agents who are under strict contractual confidentiality obligations and may be disciplined or terminated if they fail to comply with these obligations.

Notwithstanding the above, no method of information transfer or information storage is 100% secure or error-free, so unfortunately we cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure (for example, if you believe that the security of any information you have provided to us is compromised), please contact us immediately using the contact information in the "Contact Us" section.

Any personal information you provide will only be used, disclosed or retained by us for as long as necessary to fulfill the purposes for which it was collected and as permitted or required by law.

In certain circumstances and in accordance with the GDPR or other applicable data protection laws, you have the following rights:

a) Access - find out if we process information and if so, request access to your personal information. This will allow you to obtain a copy of the personal information we hold about you, as well as certain other information about you;

b) Correction - request that we correct incomplete or inaccurate personal information we hold about you;

c) Deletion - request us to delete or remove your Personal Information under certain circumstances. There are certain exceptions in which we may refuse a request for deletion, for example, if the personal information is necessary to comply with the law or in connection with legal claims;

d) Restriction - ask us to suspend the processing of your personal data, for example, to determine its accuracy or the reason for its processing;

e) Transfer - ask us to transfer certain Personal Information to another party;

f) Objection - object to our processing of personal data on the basis of a legitimate interest (or the interest of a third party) or for direct marketing purposes. We may, however, in certain circumstances, be entitled to continue processing information;

g) Automated Decisions - to challenge any automated decision taken when it has a legal or similar effect and to request that it be reconsidered; and

h) Consent - if we process personal information with consent, you can withdraw your consent.

To exert any of these rights, please contact us as described in the "Contact" section.

To support the GDPR in terms of participants’ data, Open lab has the following infrastructure to enable Researchers and Participants to communicate with each other. Open Lab provides all necessary interface for Researchers to open the access to the personal data of a Participant and delete this data. After participating in a Study, Participants can view the record of their participation. Participants can request access to the complete data stored in the experiment. In case of a request, the Researcher is presented with a message in the participant dashboard. It is the responsibility of the Researcher to respond to this request by opening access to the data. Participants who are granted access to their own data can download the data and request the deletion of these data. It is then again the responsibility of the Researcher to remove this data. Once removed, this data will no longer be stored in Open Lab.

Subject to applicable laws and regulations, we may, occasionally, send you direct marketing materials to promote services, products, facilities or activities using the information we collect from you. If you no longer wish to receive marketing-related communications from us, you may opt-out of receiving such communications by clicking on the "Unsubscribe" link at the bottom of any email you receive from us. You can also opt-out by contacting us directly using the contact information in the "Contact Us" section. We will endeavor to respond to your opt-out request promptly, but please allow us a reasonable amount of time to process your request. We will not share your information with third parties for direct marketing or other unrelated purposes without your written consent.

Please note that even if you opt out of receiving marketing-related communications, we may still need to send you communications about your use of our products or services or other matters, subject to applicable laws and regulations.

Your personal information are stored and processed in Germany (“Country”) where we have facilities or in which we engage third party service providers. As a result, your personal information may be transferred to Countries outside your Country of residence, which may have different data protection rules than in your Country. While such information is outside of your Country, it is subject to the laws of the Country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other Country, pursuant to the laws of such Country. However, our practices regarding your personal information will at all times continue to be governed by this Privacy Policy and we will comply with the GDPR requirements.

The backups of our servers are done weekly. We store backups for a maximum of 1 month, after which they are deleted. We do not have access to your data in the backups and can only use them to restore the server in an exceptional case if it is damaged.

This privacy policy applies only to the Open Lab Services and does not extend to websites or products or services provided by third parties. We are not responsible for the privacy practices of these third parties and we encourage you to review any third-party privacy policies before using any third-party websites or products or services.

The Open Lab Services are not directed at children under the age of 16, and we do not knowingly collect personal information from children under the age of 16 without parental consent. If you are under 16, please do not use or access the Open Lab Services at any time or in any manner. If we learn that personal information has been collected on the Open Lab Services from anyone under the age of 16 without verifiable parental consent, we will take appropriate steps to delete that information. If you are a parent or guardian and you discover that your child has provided personal information to us under the age of 16, you may notify us as described in the Contact Us section and request that we delete that child's personal information from our systems.

If you have any questions or comments about this Privacy Policy or your personal information, to request access or correction, to exercise applicable rights, to make a complaint, or to obtain information about our policies and practices regarding service providers outside of Germany, you can contact us here.

This Privacy Policy was last updated on April 20, 2020.