Privacy Policy

The General Data Protection regulation (GDPR) is a set of laws enacted in the EU in 2018 regarding use of personal information obtained by companies about individuals. 

The GDPR has specific requirements regarding the transfer of data out of the EU. One of these requirements is that the transfer must only happen to countries deemed as having adequate data protection laws. In general the EU does not list the US as one of the countries that meets this requirement. In light of recent changes regarding the legitimacy of the Privacy Shield program, CRS has ammended its privacy policy to reflect such. CRS has withdrawn from the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. We will monitor changes and continue our compliance with GDPR requirements as we switch to the use of standard contractual clauses for means of data transfer as well as taking additional safeguards for data protection.

 

Privacy Policy

Introduction

Chromatography Research Supplies, Inc. (CRS), sells products intended for laboratory use to end users and distributors throughout the world. Protecting user privacy is important to CRS. We are committed to protecting data for all of our customers including from members of the EU. We are committed to comply with EU GDPR requirements for data transfer using standard contractual clauses and additional safeguards to protect the data. Additional safeguards include rigid management reviews, internal compliance audits annually, audits of data sent to third parties being used to collect or process information, annual reviews with customers about their preferences to what information is collected and stored, and opportunities for them to opt out/delete or continue the flow of information.

 

This privacy pol­icy outlines our general policy and practices for implementing data privacy including the types of information we gather, how we use it and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This privacy policy applies to all personal information received by CRS whether in electronic, paper or verbal format.

 

 Definitions

“Personal Information” or “Information” means information that (1) is recorded in any form; (2) is about, or pertains to a specific individual; and (3) can be linked to that individual.

“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosoph­ical beliefs, trade union membership or that concerns an individual’s health. 

 

1. Notice

CRS shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-agent third parties to which CRS discloses or may disclose that Information. CRS shall provide the individual with the opportunity and means for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Per­sonal Information to CRS, or as soon as practicable thereafter, and in any event before CRS uses or discloses the Information for a pur­pose other than for which it was originally collected.

 

2. Choice

CRS will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was origi­nally collected or subsequently authorized by the individual. For Sensitive Personal Information, CRS will give individuals the opportunity to affirmatively or explicitly (opt out) consent to the disclosure of the informa­tion for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

 

3. Accountability for Onward Transfers

Prior to disclosing Personal Information to a third party, CRS shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure. CRS shall ensure that any third party for which Per­sonal Information may be disclosed subscribes to guidelines of CRS privacy policy as well as the EU GDPR regulations. They are subject to law providing the same level of privacy protection as is required by the Prin­ciples and agree in writing to provide an adequate level of privacy protection. CRS acknowledges liability in cases of appropriate onward transfer to third parties.

 

4. Data Security

CRS shall take reasonable steps to protect the Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. CRS has put in place appropriate physical, electronic and manage­rial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction. CRS cannot guarantee the security of information on or transmitted via the Internet. CRS may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. We will take extra safeguards where necessary to prevent the unlawful use of data. Court orders or any other type of government data requests will be well documented and provided to the president of CRS for lawful review and further consultation of GDPR requirements for possible data minimization steps and review of refusal or acceptance criteria. No data will be transferred without review of GDPR compliance. As the CJEU continues to update requirements, CRS will continue to reassess its ongoing GDPR compliance in light of any substantial developments. CRS will continue to prioritize data-subject rights as well as ethical and appropriate data use as part of every day operations.

5. Data Integrity and Purpose Limitation

CRS shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, CRS shall take reasonable steps to ensure that Personal Information is accurate, com­plete, current and reliable for its intended use.

 

6. Access

CRS shall allow an individual access to their Personal Information and al­low the individual to correct, amend or delete inaccurate information.

 

7. Recourse, Enforcement and Liability

CRS uses a self-assessment approach to assure compliance with our privacy policy and with the EU GDPR regulations in regard to data coming from the EU. CRS  periodically verifies that the policy is accurate, compre­hensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the guidelines. We encourage interested persons to raise any concerns using the con­tact information provided below and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Informa­tion in accordance with these Principles.

 

In compliance with the EU GDPR and our own privacy policy regulations, CRS commits to resolve complaints about your privacy and our collection or use of your personal information.  European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact CRS at:


Chromatography Research Supplies, Inc.
2601 Technology Drive
Louisville, KY 40299       USA
tel. +1 502 491 6300


CRS has further committed to refer unresolved privacy complaints to independent dispute resolution mechanism, the EU Data Protection Authorities (DPAs) for EU individuals; as well as the Swiss Federal Data Protection and Information Commissioner (FDPIC) for Swiss individuals. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by CRS, please contact the DPA for your country or the FDPIC. Contact information for the DPAs and FDPIC can be found at their web sites listed below:

DPAs: https://edpb.europa.eu/about-edpb/board/members_en  

FDPIC: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

 

Further information on Data Protection and use of Cookies

 

What are Cookies?

A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time. Some cookies are necessary to site function, for example, to track the state of the user session during checkout, some are used to track the user’s preferences on the website, for example, for automatic login or to identify the most significant site features.

CRS does not use cookies for third parties or share user information with 3rd parties.

It is possible to disable the placement of cookies on your computer by setting your browser to disable cookies in the browser configuration settings. You will still be able to access the CRS website, but some functionality will be lost. 

 

What information is gathered and how is it used? 

Business, Navigational and Analytical Information

CRS operates as a business-to-business entity, and any collection of personal data is inadvertent and willingly given by an individual. Business data, such as order history and bill to and ship to addresses are maintained by CRS as is required for accounting, engineering and safety regulations.

We use web metrics services including Google Analytics, Constant Contact Marketing Services, and Zendesk/Zopim Live Chat features to track activity on Chromres.com. All third party privacy policies are on file where they are used as a data processor and commit to protection and compliance of the policies laid out within the GDPR. All information collected from CRS, unless full consent in compliance with this privacy policy is given, is anonymous and solely related to navigation of the website and the ability to keep the user experience running smoothly. Personal Business information collected from cookies on this website includes IP addresses, geographical locations, browser types being used, referral sources, length of visits, and pages viewed. This information is only used to improve the user experience through internal reporting and to provide more useful information to our customers. It is never sold or provided to any third party companies. It cannot be used to identify any person individually, unless you have willingly submitted your name and email address on a contact form or through online chat services. Occasionally we may use personal information provided such as your interest in a product, industry you work in, or areas of study or research to send you personalized marketing material on products, as long as consent has been given.

Every user has the option to deny the use of cookies when visiting the CRS website, and to be left anonymous during online chat. Contact forms require a name and email address simply so that we may fulfill your request to receive an answer to a question. This does not in any way subscribe you to any services that you have not previously consented to receive and given full access to our policy on how that information would be used.  

Personal Information

Personal information such as a name, company, address, phone, or email address will only be collected if the user willingly submits it to a contact form where they are asking for someone from CRS to contact them back, in an email subscription request, which we will use to provide updates to blogs and newsletter information, or when you are creating a registration on the website. Sensitive Personal Information is never obtained or stored at CRS. Credit Card information is never stored on this site or anywhere within CRS. Credit Card services are processed through PayPal and are subject to the privacy and data protection regulations of PayPal. Before any information is processed the user is asked to read and accept the terms of this privacy policy and how CRS handles data.

External Links to Social Media Sites

CRS maintains links to many websites created and maintained by other public and/or private organizations such as Social Media sites. If you click a link to an outside website, such as Twitter or YouTube, you will leave the ChromRes.com site and are subject to the privacy and security policies of the owners/sponsors of the outside website.

 

CRS manages a presence on several social media sites (e.g., Twitter, YouTube, Facebook, Linked In, and LabTube) in order to share CRS marketing information and engage with the public. We do not collect any Personally Identifiable Information through those sites. We also do not provide personal information made available by the user to these third-party sites.

 

Right to be forgotten, Data Deletion Requests, Opt-Outs, Unsubscribes

A user may unsubscribe from CRS communications at any time by clicking the unsubscribe option at the bottom of any newsletter communication, or by contacting CRS. Any personal information gathered including name, company, address, phone, or email address can be fully deleted at any time upon request, within a reasonable and legal manner.

Information about Children

This website is not intended for or targeted at children or any person under the age of 18. We do not knowingly or intentionally collect information about children or any person under the age of 18. If you believe we have mistakenly collected information about a child, please contact CRS to start the data deletion process.

Additional Examples of Data Use:

- To Improve browsing experience on the website. For example, keeping a user logged in throughout their browsing visit and the ability to "remember" what is in their cart.

- Cookie a user so that we do not ask you to accept the privacy terms or complete a survey every single time you visit the website. 

- When full consent is given, we will periodically contact you via phone, mail, or email to send out newsletters or other information we think our customers may find useful.

 

How Long Information is Retained

We will retain information for a reasonable period of time to ensure that we can fulfill legitimate business needs to contact a user. For Example, if a user continues to order products, we must retain their information and contact them with routine communications such as order acknowledgements, invoices, and receipts, etc., for as long as legally needed. Information for marketing materials and navigational purposes will be reviewed on an annual basis for a user to reconfirm receipt of information and retention of data.

 

 

Amendments

This privacy policy may be amended from time to time consistent with the re­quirements of data privacy laws for the United States of America and the EU GDPR. We will post any revised policy on this website.

 

Information Subject to Other Policies

CRS is committed to following the Principles for all Personal Infor­mation within the scope of this policy and the EU GDPR. However, certain information is subject to policies of CRS that may differ in some respects from the general policies set forth in this privacy policy. 

 

Contact Information

Questions, comments or complaints regarding the CRS Privacy Poli­cy or data collection and processing practices can be emailed to sales@chromres.com or mailed to:

 

Chromatography Research Supplies, Inc.
2601 Technology Drive
Louisville, KY 40299
USA

 

Effective: 08/11/2020

View Cart