TOSOH EUROPE Privacy Policy

  1. European Privacy Legislation

The General Data Protection Regulation (GDPR) is a new EU regulation that applies as from 25 May, 2018. Applicable to all stakeholders, including businesses and organizations, it constitutes the biggest change to the EU's data protection rules in over 20 years. The new Regulation is introduced in response to the growth of global enterprises, technological developments and the surge in the volume of data collected by organizations worldwide. The GDPR gives citizens more control over how their personal data is collected, used and stored and will also streamline the regulatory environment for businesses.

The GDPR introduces a level-playing field by establishing a harmonized framework for data protection, leading to a uniform application of the rules across the European Union. Furthermore, companies based outside the EU must also apply the same rules as European companies when offering goods and services to citizens of the EU.

Key drivers of the new Regulation:

  1. Transparency: companies must inform citizens, in an understandable way, on how their data is collected and processed;
  2. Accountability: companies will be held accountable for the processing of personal data and must be able to demonstrate compliance (to the regulator);
  3. Individual's rights: the GDPR will introduce new rights for individuals or 'data subjects;
  4. Breach notifications: companies must report data breaches within 72 hours to the competent national supervisory authority.

What is personal data?

Personal data refers to any information that relates to an identified or identifiable, living individual. This can include name, address and phone number, location, health records, passwords, dependents, income and banking information, IP-address, cultural preferences etc. If the personal data collected includes information on an individual's health, race, sexual orientation, religion, political beliefs or trade union membership, it is also considered a special category of personal data.

What constitutes processing of personal data?

The processing of personal data constitutes actions such as accessing, reading, collecting, using and deleting personal data. Any organization that processes personal data by manual or automated processing will fall under the GDPR. Regardless of whether personal data is stored via a complex IT-system or via paper-based files, the GDPR will apply.



We collect information to provide better services to you and your business partners. This can include the following information:

  • Contact information such as your name, address, phone number, or email address;
  • Registration information such as your username and password;
  • Employment, education and other background information when you inquire about employment with Tosoh Bioscience;
  • Payment information (such as banking information, payment card number, expiration date, delivery address, and billing address);
  • Content you may provide (for example, when you complete our Online Contact Form or submit other information).


We collect information in the following ways:

We collect personal data that you provide, for example, when purchasing a product, responding to questionnaires or surveys, or contacting our customer service. You may contact us to ask questions, discuss your concerns, or report issues regarding our products. If you communicate with or request information from us, you may be prompted to provide your contact information as well as any personal data that is relevant to your request.

We might combine it with additional information collected other Tosoh sites, from offline information sources or from external parties.

You do not have to register for a service or program to receive information available through Tosoh Websites. However, some of our content is available only to registered or identified users and it will require you to set up a profile or provide specific information about yourself in order for us to provide you the service.

When you use the Tosoh sites, we also may collect certain usage and device information automatically as described below. We may record the Internet Protocol (“IP”) address of your computer or other electronic device when you visit our websites. An IP address identifies the electronic device you use to access the sites, which allows us to maintain communication with your computer as you move about our sites and to customize content. We also collect information about your use of our sites through tracking technologies such as cookies. A “cookie” is a unique numeric code that is transferred to your computer to track your interests and preferences and to recognize you as a return visitor. These technologies help remember your preferences and allow us to bring you the content and features that are likely to be of the greatest interest to you. Please note that some cookies are essential to the functioning of our sites and deleting or disabling them will reduce the site’s functionality.

We utilize Google Display Advertising and Google Analytics. You can opt out of Google Ads by visiting If you do not want your data used by Google Analytics, you can install the Google Analytics opt-out browser add-on at the Google Analytics opt-out page.

We may work with new technologies in the future that require cookies or web beacons to provide their services. As we work with new technologies, their descriptions will be updated in the Privacy Policy.


The legal basis for Tosoh to process data about you might be the following:

- An explicit consent which is freely given, specific and informed (Article 6 (1) (a) of the General Data Protection Regulation);

- Tosoh exercising its rights and performing its obligations in connection with any contract we make with you (Article 6 (1) (b) General Data Protection Regulation);

- Compliance with Tosoh’s legal obligations (Article 6 (1) (c) General Data Protection Regulation); and/or

- Legitimate interests pursued by Tosoh (Article 6 (1) (f) General Data Protection Regulation);



Where allowed we may use your personal information to provide you the product and services you request, communicate with you, improve your experience on our websites, generally improve our products and services, fulfill legal obligations to notify and for other internal business purposes. If you choose to purchase a product or receive our services, we use the information that you provide to manage your orders, to raise invoices, to process your payments, to respond to your questions, to provide you the services you request and to offer optimal customer experience. You may also receive marketing information from us, such as news regarding products or services, invitations to participate in surveys, or notifications about special promotions or events.


When you request it, we will provide you all relevant information about how your data is being processed, the identity and contact details of the controller and of our Compliance Officer , the purposes of the processing, the legal basis for the processing, the period for which the personal data will be stored and how to exercise your rights. We will provide such information contextually to the collection of personal data or, where not possible, immediately afterwards and in any case no later than one month from collection.

Unless indicated otherwise at the time of the collection of your personal data (e.g. within a form completed by you), we erase your personal data if the retention of that personal data is no longer necessary (i) for the purposes for which they were collected or otherwise processed, or (ii) to comply with legal obligations (such as retention obligations under tax or commercial laws).



Where authorized to do so, we may share your personal information:

(a) within the Tosoh family of companies, which includes parents, corporate affiliates, subsidiaries, business units and other companies that share common ownership;

(b) with other corporate partners, agencies and vendors working with Tosoh. In addition, we may share your personal information to comply with law or legal requirements, enforce or apply our Terms of Use and other agreements, or protect our rights, property, or safety of our users, or others. We do not share your personal information with unaffiliated third parties for their marketing purposes, unless you consent to such sharing.

(c) where legally required to do so, with Data Protection Authorities, law enforcement and public authorities.



The GDPR is intended to give citizens control over their personal data and therefore includes a number of obligations aimed at protecting individual's rights. The most important are:

  1. Access: individuals have the right to request access to their personal data;
  2. Information: companies must provide individuals with information on who is processing what and why;
  3. Rectification: if an individual believes that their personal data is incorrect, incomplete or inaccurate, he or she has the right to have it rectified or completed;
  4. Objection: an individual may object at any time to the processing of their personal data for a particular;
  5. The right to be forgotten: in certain circumstances, an individual can request the deletion of their data;
  6. Data portability: individuals can ask for their personal data to be returned or transmitted to another organization.
  7. Right to complaint: individuals that believe their privacy rights have been infringed, have the right to lodge a complaint with a supervisory authority.

If you wish to exercise your rights, send an email to [email protected] attaching one of the filled-out forms which you can find on this page.


GDPR- subject access request form »

Withdrawal of Consent »

Withdrawal of parental consent »



We may occasionally update this policy. If we make significant changes, we will notify you of the changes through this website or through others means, such as email. To the extent permitted under applicable law, by using our services after such notice, you consent to our updates to this policy.

We encourage you to periodically review this policy for the latest information on our privacy practices. We will also make prior versions of our privacy policies available for review.


Tosoh Bioscience GmbH; Rev 02 July 3, 2018
© Tosoh Bioscience GmbH. All Rights Reserved.