Privacy Policy

mbiomics GmbH ("mbiomics", "we", "our", or "us") takes the protection of your personal data seriously. This Privacy Policy explains which personal data we process when you visit www.mbiomics.com (the "Website"), for what purposes, on what legal basis, and what rights you have. Processing is carried out in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Controller

The controller responsible for data processing on this Website within the meaning of Art. 4 (7) GDPR is:

mbiomics GmbH
Floriansbogen 2-4
82061 Neuried, Germany
Email: info@mbiomics.com
Phone: +49 89 93920891

Data Protection Officer

We have appointed an external Data Protection Officer:

ISiCO GmbH
Contact via: privacy@mbiomics.com
(Please include the keyword "Attn. Data Protection Officer" in the subject line. Note that emails sent to this address are not received exclusively by the Data Protection Officer. If you wish to exchange confidential information, please contact us first and our Data Protection Officer will then reach out to you directly.)

No Cookies, No Tracking of Terminal Equipment

This Website does not use cookies, local storage, session storage, or any other techniques that store information on or access information from your terminal equipment in a manner requiring your consent under § 25 TDDDG (German Telecommunications Digital Services Data Protection Act). No consent banner is displayed because no such consent is required.

Hosting (Framer)

This Website is built and hosted on the Framer platform, operated by Framer B.V., Keizersgracht 241, 1016 EA Amsterdam, Netherlands ("Framer"). Framer hosts the Website's content, delivers assets via its CDN (framerusercontent.com), and provides the underlying infrastructure.

Each time you visit the Website, the following data is automatically processed by Framer for the technical delivery of the Website:

IP address of the requesting device
Date and time of the request
URL / content of the request
HTTP status and amount of data transferred
Referrer URL (the previously visited page)
Browser type and version, operating system, and language

Purpose: delivery of the Website, ensuring system security and stability, and protecting against abuse and attacks.

Legal basis: Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest in the secure and efficient provision of our Website).

Recipient / processor: Framer B.V. A data processing agreement pursuant to Art. 28 GDPR is in place. Framer is established in the European Union; its CDN operates globally, which may involve transfers of technical data (in particular IP addresses) to edge locations outside the EEA. Such transfers are safeguarded by EU Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR where applicable. Further information: https://www.framer.com/legal/privacy-statement/.

Retention: server log data is stored only for a short period necessary for the above purposes and is then deleted or anonymised in accordance with Framer's retention practices.

Website Analytics (Framer Analytics)

We use Framer Analytics, the privacy-focused analytics feature built into the Framer platform. Framer Analytics is cookieless, does not store information on your terminal equipment, does not build cross-site or cross-device profiles, and does not use device fingerprinting.

Each pageview generates a request to events.framer.com that collects aggregated, anonymised metrics such as the URL visited, referrer, and approximate region derived from the IP address. IP addresses are not stored by Framer for this purpose.

Purpose: measuring reach, understanding which content is of interest to visitors, and improving our Website.

Legal basis: Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest in a needs-based and performant Website). Because no information is stored on or read from your terminal equipment, consent pursuant to § 25 TDDDG is not required.

Processor: Framer B.V. (see Section on Hosting). Further information: https://www.framer.com/legal/privacy-statement/.

Fonts

This Website uses "Google Fonts", a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). When you load a page, your browser establishes a direct connection to Google's servers (in particular fonts.googleapis.com and fonts.gstatic.com) to retrieve the fonts, during which your IP address, the referrer, and technical information about your browser are transmitted to Google. Google may process this data within its corporate group, including by its parent company Google LLC in the United States.

Additional fonts, images, and scripts used on this Website are served from Framer's own infrastructure (framerusercontent.com); see the Hosting section.

Purpose: uniform and appealing presentation of our Website.

Legal basis: Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest in consistent typography and brand presentation). Because the fonts are retrieved by your browser without storing information on your terminal equipment, consent pursuant to § 25 TDDDG is not required.

Transfer to the USA: Google LLC is certified under the EU-US Data Privacy Framework; any transfer is additionally safeguarded by EU Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR. Further information: https://policies.google.com/privacy.

Contact Form

Our Website provides a contact form that allows you to send us enquiries. The data you enter in the form (such as your name, email address, and the content of your message) is processed to handle your enquiry and any follow-up communication. The form is provided by Framer as part of the platform; submissions are transmitted via Framer's infrastructure and then forwarded to us.

Purpose: handling your enquiry.

Legal basis: Art. 6 (1) sentence 1 lit. b GDPR if your enquiry relates to the initiation or performance of a contract; otherwise Art. 6 (1) sentence 1 lit. f GDPR (legitimate interest in responding to enquiries directed to us).

Processor: Framer B.V. (see Section on Hosting).

Retention: your message is stored for as long as necessary to handle your enquiry and thereafter in accordance with statutory retention obligations (in particular under commercial and tax law, typically 6 to 10 years where applicable).

Contact by Email

If you contact us by email (e.g. at info@mbiomics.com or privacy@mbiomics.com), we process the data you provide (such as your name, email address, and the content of your message) exclusively to handle your enquiry and any follow-up communication.

Recipients of Personal Data

Personal data is only transmitted to third parties within the framework described above. Our processors — in particular Framer B.V. for hosting and analytics, and Google Ireland Limited for font delivery — process data on our behalf or provide services under their own responsibility, in accordance with Art. 28 GDPR where applicable and bound by written agreements. Beyond this, we do not share your personal data with third parties unless we are legally obliged to do so.

Transfers to Third Countries

Where personal data is transferred to recipients outside the European Economic Area, we ensure an appropriate level of protection through the following safeguards:

Framer B.V. is established in the European Union (Netherlands). Framer operates a global content delivery network, which may involve limited transfers of technical data (in particular IP addresses) to edge locations outside the EEA. Such transfers are safeguarded by EU Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR where applicable.
Google Ireland Limited is established in the European Union (Ireland). Where data is transferred to Google LLC in the United States in connection with Google Fonts, the transfer is safeguarded by the EU-US Data Privacy Framework and by EU Standard Contractual Clauses pursuant to Art. 46 (2) lit. c GDPR.

Additional technical and organisational measures complement these safeguards.

Data Security

We implement appropriate technical and organisational measures within the meaning of Art. 32 GDPR to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access. This Website is delivered exclusively over encrypted TLS connections (HTTPS).

Your Rights

As a data subject, you have the following rights in relation to the personal data we process about you:

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object to processing based on Art. 6 (1) lit. f GDPR (Art. 21 GDPR), in particular against processing for direct marketing purposes
Right to withdraw consent with effect for the future where processing is based on your consent (Art. 7 (3) GDPR), without affecting the lawfulness of processing carried out before the withdrawal

To exercise these rights, please contact us at privacy@mbiomics.com.

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority competent for mbiomics GmbH is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
https://www.lda.bayern.de

Objection to Processing Based on Legitimate Interests

Where we base processing of your personal data on Art. 6 (1) lit. f GDPR (legitimate interests), you have the right to object at any time, on grounds relating to your particular situation, to such processing (Art. 21 GDPR). In the case of an objection, we will no longer process the relevant personal data unless we can demonstrate compelling legitimate grounds which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services or in applicable law. The current version is always available on this page.

Status: 24 April 2026.