Notes on data protection / privacy statement
1. Privacy policy
With this privacy policy, we would like to inform you about how we process personal
data within Tomorrow Biostasis GmbH. The protection of your privacy is of the utmost
importance to us, so compliance with the legal provisions on data protection is a matter
of course for us.
Name and contact details of the controller:
Tomorrow Biostasis GmbH
Represented by Emil Kendziorra
Graefestr. 11
10967 Berlin
2. Data Protection Officer
Should you have any questions about our data protection measures, the processing of
your data or the protection of your rights as a data subject, you can contact us and our
data protection officer as follows:
External Data Protection Officer:
ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Burchardstraße 14, 20095 Hamburg
If you have any questions or concerns regarding your information, please contact
info@tomorrowbiostasis.com.
If you wish to communicate directly with our data protection officer (because you have
a particularly sensitive matter for example), please contact them by post, as
communication by e-mail could always have security gaps. Please state in your
request that your concern relates to the company Tomorrow Biostasis GmbH.
3. Personal data
Personal data is any information relating to an identified or identifiable individual. This
includes the following categories of personal data that we process :
• Your contact details (such as first and last name, address, e-mail address,
phone number).
• Your correspondence with us.
• Log files containing information about your visit to our website.
• Identification numbers (such as passport or ID card number, insurance
numbers).
• Payment data (such as account number, credit card number, financial
institution).
• Online identifiers (such as cookie IDs, IP addresses, advertising IDs).
• Health data (such as medical diagnoses, evaluation of blood tests, etc.)
• Customer data (such as billing data, user profiles, address, order history,
payment data).
4. Use of cookies
General information about cookies:
Cookies are data sets that are stored in the browser’s database. For example, user
identification numbers are stored here, which are transmitted to the user's computer
when the website is used and managed there. The data sets are kept ready there for
later access. Typical uses of cookies are, for example, language selection, consent
documentation or authentication of the user.
Session cookies:
Session cookies are stored for the duration of a website visit and then automatically
deleted when the browser is closed. They ensure, for example, that video and audio
files can be played, your user input is temporarily stored during the input time and
thus the user experience is improved.
Persistent cookies:
Persistent cookies remain on your end device even after you close the browser. These
cookies can, for example, save your user preferences, such as language settings, and
analyze user behavior on our website. The storage period of persistent cookies is
determined individually per cookie. After expiry of the period, they are automatically
deleted.
Link to the Cookie Policy: https://www.tomorrow.bio/cookie-policy-eu
Withdrawal of consent for cookies
The information referring to the modification or withdrawal of consent for the
placement of cookies can be found directly on the cookie banner pop-up.
5. Purpose of Processing
We process your data for the following purposes:
• For corresponding with you,
• For processing contracts with you,
• For advertising purposes such as the dispatch of our newsletter,
• On quality assurance and statistics,
• In order to provide our service,
• In order to improve our service
6. Legal Basis
We base the processing of your data on the following legal bases:
• Your consent, if you have given us such consent (Art. 6 para. 1 lit. a) GDPR),
• The initiation or execution of a contract with you (Art. 6 para. 1 lit. b) GDPR),
• The fulfilment of legal obligations (Art. 6 para. 1 lit. c) GDPR),
• The implementation of our legitimate interests (Art. 6 para. 1 lit. f) GDPR)
7. Legitimate Interests
We have the following legitimate interests in processing your data:
• The improvement of our range of services,
• The protection of our systems against misuse,
• The creation of statistics,
• The storage of our correspondence with you
8. Requirement or Obligation to Provide Data
Unless this is expressly stated, the disclosure of your data is not required or
obligatory.
9. Retentions period
We store your data:
• if you have consented to the processing, at most until you revoke your consent;
• if we need the data for the execution of a contract, at most for as long as the
contractual relationship with you exists;
• if we use the data on the basis of legitimate interests, at most for as long as
your interest in deletion or anonymisation does not outweigh the data;
• insofar as statutory retention obligations exist, until the end of the retention
periods.
10. Data recipient
In processing your data, we work with the following service providers who have
access to your data:
• Hosting and storage providers (e.g. for websites, databases and cloud
infrastructure),
• Customer communication and support providers (e.g. chat, helpdesk and CRM
tools),
• Email and newsletter service providers,
• Document and contract management service providers,
• Payment and billing service providers,
• Analytics and performance monitoring providers,
• IT security, maintenance and support providers.
Where publicly available, the Data Processing Agreements (DPAs) of the service
providers we use can be accessed directly on the respective provider’s website. You
may also request further information about the safeguards in place using the contact
details provided in this Privacy Policy.
11. Transfer to Third Countries
In some cases, your personal data may be transferred to countries outside the
European Economic Area (“EEA”), for example when we use service providers
whose registered office, parent company, or data centers are located in a third
country (e.g., the United States).
We only transfer personal data to third countries where an adequacy decision by the
European Commission is in place or where appropriate safeguards in accordance
with Article 46 GDPR are implemented. These safeguards typically include the
European Commission’s Standard Contractual Clauses (SCCs), together with
additional technical and organizational measures where required to ensure an
adequate level of data protection.
You may request further information regarding international data transfers and,
where applicable, obtain a copy of the relevant safeguards using the contact details
provided in this Privacy Policy.
12. Your Rights
As a data subject, you have the following rights:
• To request information about the processing of your data, as well as to receive
a copy of your personal data. Among other things you may request information
on the purposes of the processing, the categories of personal data processed,
the recipients of the data (if a transfer is made), the duration of the storage or
the criteria for determining that period;
• To receive personal data relating to you in a structured, common and machine-
readable format or to transfer it to another person in charge;
• To correct your data. If your personal data is incomplete, you have the right to
complete the data, taking into account the purposes of the processing;
• To have your data deleted or blocked;
• To have the processing restricted;
• To object to the processing of your data;
• To revoke your consent to the processing of your data for the future and
• To complain to the responsible supervisory authority about unauthorised data
processing.
Automated decision making including profiling
We do not perform automated decision making or profiling.
13. Status of the privacy policy
If our processes change, we adjust the information.
Status of this privacy policy: 05.12.2025
