• Quick Order
  • Careers
  • Support

Privacy Policy

Revised January 11, 2022

American Type Culture Collection (ATCC), a nonprofit corporation formed under the laws of the District of Columbia ("ATCC"), its affiliates and subsidiary companies (collectively “ATCC”) places a high priority on protecting your privacy. This privacy policy was created in order to demonstrate ATCC’s commitment to the privacy of our customers and website users (the “Privacy Policy”). This policy explains what types of information is collected by ATCC and how this information is used.

This Privacy Policy describes the privacy practices of the American Type Culture Collection ("ATCC®", "we", "us", or "our") and our use of information. This Privacy Policy describes how we use the personally identifiable information that you provide to us offline (eg, through postal mail or fax) or online (eg, through our website located at The term "personally identifiable information" or “personal data” as used in this Privacy Policy comprises any information relating to an identified or identifiable natural person that can be used to identify directly or indirectly, as defined a natural person, including, but not limited to, full name, email address, mailing address, telephone number, and credit card information and encompasses the EU definition of “personal data”.

General — Who We Are

ATCC is a wholly owned, nonprofit subsidiary of International Bioresources Group ("IBG"), a nonprofit, 501(c)(3) corporation. We are not a government agency.

In all cases, we are committed to protecting the privacy of individuals in accordance with global privacy laws, including the EU General Data Protection Regulation 2016/679/UE (“GDPR”). Privacy statements begin with a description of the activities and individuals to which that statement applies. Statements may vary by country, region, or ATCC business group. Under the GDPR, ATCC is the controller of the personal data EEA data subjects provide to us either online or offline. Please make sure you read these descriptions carefully so that you can view the disclosures that apply to you based on how you interact with us and where you are located.

Across all of our business activities, ATCC seeks to base our privacy practices on accepted principles utilized by various research, academia, industry, and regulatory groups. In summary, these principles are as follows:

  • Lawfulness and Transparency: To process data lawfully, fairly, and in a transparent manner in relation to the (“data subject”).
  • Data Minimization: To collect and further process only the personal data necessary to achieve the purposes for which it was collected, in such a way that all data collected should be adequate, relevant, and limited to what is necessary in relation to these purposes.
  • Data Quality: To process personal data that is, taking into account the purposes for which it was collected, accurate, complete, and up to date.
  • Integrity and Confidentiality: To process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
  • Purpose Limitation: To use personal data only in accordance with the explicit and legitimate purposes that were specified before it was collected, and not further processed in a manner that is incompatible with those purposes.
  • Openness: To be open about privacy practices, policies, and developments, and the details of any processing that takes place.
  • Individual Participation: To respond to data subjects’ requests to know what personal data is being processed and guide how that data should be processed, as required by applicable law.
  • Accountability: To be accountable for complying with measures that give effect to these privacy principles.

The Privacy Policy is relevant to any user or visitor of ATCC Corp. (“ATCC”) websites, mobile applications and online services (together “Online Services”), which is comprised of various web pages operated by ATCC (the “Site”) to provide online access to information about ATCC and products, services, and opportunities ATCC provides (the “Service”) and where these services directly link to this online Privacy Policy.

By accessing and using this Site and any Online Services, you agree to each of the terms and conditions set forth here (“Terms of Use”) and to our Privacy Policy, which are accessible directly from this Online Service. Additional terms and conditions applicable to specific areas of this Site or to particular content or transactions are also posted in particular areas of the Site and, together with the Terms of Use, govern your use of those areas, content or transactions. A complete list of all services domains covered by this Privacy Policy can be provided upon request. Please contact us at the details indicated in the “Contacting Us” section below, if you have any questions regarding the scope of this Privacy Policy.

How We Collect Information

Information You Actively SubmitIf you create an account, order products, register for services, or otherwise submit data using the Online Services, we collect information about you and the company or other entity you represent (eg, your name, organization, address, email address, phone number, fax number). You may also provide information specific to your interaction with the Online Services, such as payment information to make a purchase, shipping information to receive a purchase, or a resume to apply for employment. In such instances, the personal data collected by us is data you have actively submitted to us through the Online Services.

Information Passively Submitted. We automatically collect information during your use and navigation of the Online Services, including the URL of the website you came from, the browser software you use, your Internet Protocol (IP) address, IP ports, date/time of access, pages visited, amount of time you spend on the Online Services, and information about actions and transactions conducted on the Online Services.

Use of “Cookies” to enhance and customize your experience of the Online Services. A cookie is a small text file that may be stored on your computer or device used to access the Online Services. You may set your browser software to reject cookies but doing so may prevent us from offering conveniences or features on the Online Services. To reject cookies, refer to information about your specific browser software. We also use eTags, which are opaque identifiers assigned by a web server to specific versions of a resource found at a URL. If the resource at that URL changes, a new and different eTag is assigned. This allows us to track which pages you visit while on the Online Services. In addition, we use electronic images known as web beacons (also called pixel tags or clear GIFs) to track users who have visited the Online Services. Web beacons allow us to deliver content and marketing communications tailored to your interests. We strive to provide a customized, personalized experience to website visitors.

Statements may vary by country, region, or ATCC business group. Visitors located in the European economic region should consult the Cookie notice displayed on the website they are accessing to manage their cookie settings.

How We Use the Information Collected

We collect and process your personal identifying information for the purposes listed below. We rely on another authorized legal bases, including but not limited to the performance of a contract, compliance with our legal obligations, or the pursuit of our legitimate interests (to operate, administer, and improve our Site and Online Services as well as provide you with content you access and request) to collect and further process your personal identifying information, where your rights and freedoms as EEA data subjects do no prevail over our legitimate interests. In some case we may ask for your consent to process your personal data for some of these purposes.

We may use your personal data alone, or when aggregated with other information, for a variety of purposes as described below:

  • Account Set-Up and Service
  • Communications about Products and Services
  • Site Improvement
  • Enforcement of ATCC Policies
  • Compliance with Regulatory Requirements and Applicable Laws
  • Compliance with Our Obligations as a Government Contractor
  • Customer Notifications
  • Other Purposes, as disclosed at the time the information is collected
  • Notwithstanding the forgoing uses, résumé or CV information will be used to evaluate your candidacy for a job opening or for qualification as it relates to Bio-Safety Level material handling.

We may combine the personally identifiable information you provide to ATCC with other information about you that is available to us, including non-personally identifiable information and information from third parties.

How We Share the Information We Collect

We will not disclose your personal data to third parties, except in the following circumstances and in accordance with applicable law:

  • With your consent.
  • To our global subsidiaries, divisions, and groups worldwide and third-party service providers, who act on our behalf and instructions to fulfill product orders, deliver services, provide IT support, and fulfill the other purposes set forth above. A list of our subsidiary companies currently working within our corporate group is available here.
  • To our affiliate, partners, and service providers, in the application of the agreement entered with them and where applicable with you and in order to improve our and their products, services, and business practices.
  • As required by applicable law, including, without limitation, in response to any government or regulatory agency request, to cooperate with law enforcement investigations, or upon receipt of any court order.
  • To a prospective or actual purchaser or seller in the context of a merger, acquisition, or other reorganization or sale of our business or assets.
  • To courts and public authorities to protect you, us, or third parties from harm, including fraud or instances where somebody’s physical safety is at risk.

We may share the personally identifiable information we collect with other ATCC affiliates for the purposes described in the "How We Use the Information Collected" section of this Privacy Policy.

We may also share your information with our third-party service providers (including contractors and distributors) to validate your payment information, to prevent fraud, to fulfill your order, and to perform other activities related to sales of ATCC products and services. We may share personally identifiable information of individuals submitting résumés or making inquiries concerning employment with other ATCC affiliates and third-party service providers for the purpose of conducting employment evaluation. Third-party service providers to whom we supply your personally identifiable information may use this information only to provide ATCC with a specific service provider pursuant to the terms of the contract entered into with this service provider and not for any other purpose. ATCC does not make its customer lists available for sale to third parties.

In addition, ATCC may disclose personally identifiable information or other information to law enforcement, regulatory agencies, other government officials, or other third parties, as we, in our sole discretion, believe necessary or appropriate: a) in connection with an investigation of fraud or other activity that is illegal or may expose us to legal liability; b) to enforce our policies governing our Site; and c) for regulatory compliance. We may also disclose such information in connection with any merger or consolidation with, or sale of substantially all of our assets to, a third party, provided that such third party agrees to comply with our Privacy Policy.

Materials deposited with us or purchased from us through our patent depository services are subject to special disclosure requirements. For individuals depositing material with us under our patent depository services, information related to such a deposit will be maintained in compliance to the Code of Federal Regulations (CFR) Title 37. Once a patent has been issued for the material included in the deposit, we are required to make the material that is the subject of the patent available to the public and may be required to supply certain personally identifiable information about the depositor to the public. For individuals purchasing material that was deposited as a patent deposit, we are required to share certain personally identifiable information about the purchaser with the depositor

Certain other materials deposited with us are subject to special disclosure requirements established by the depositor. For individuals purchasing material deposited with us for resale that is subject to such disclosure requirements, we may be required to share your personally identifiable information with the depositor. If such requirements exist for a particular deposit, you will be notified of these terms and will be asked to agree to them before your order is fulfilled.

International Transfers of Personal Data

Your personal data may be collected, transferred to, and stored by us in the United States and by our affiliates and third parties disclosed in the “How we share the information we collect” section above, that are based in countries not located within the European Economic Area, which may not provide for an adequate level of personal data protection.

Therefore, your personal data may be processed outside your jurisdiction and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. We ensure that the recipient of your personal data offers an adequate level of protection and security, for instance, by entering into the appropriate contractual arrangements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission and where applicable completed by additional safeguards. You can obtain ask more detailed information about the transfer of personal data in contacting our DPO at the details specified in the “Contacting us” section below.

How Long Do We Keep Your Personal Data?

Your personal data shall not be retained beyond the necessary retaining period for achieving the purposes for which it was collected. We may retain your personal identifiable information for a period of time consistent with the original purpose of collection (see the “how we use the information collected” section, above) or as long as required to fulfill the purposes for which they are collected and further processed and for compliance of our legal obligations. We determine the appropriate retention period for personal identifiable information on the basis of the amount, nature, and sensitivity of the personal identifiable information being processed, the potential risk of harm from unauthorized use, or disclosure of the personal identifying information, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).

We will retain your personal information for a period of time that enables us to:

  • Maintain business records for analysis and/or audit purposes.
  • Comply with record retention requirements under the applicable laws.
  • Defend or bring any existing or potential legal claims.
  • Deal with any complaints.
  • Enforce our commercial agreements.

We will archive your personally identifiable data when it is no longer required for these purposes and deleted them as soon as their retention is not necessary anymore.

After expiry of the applicable retention periods, your personal identifying information will be either archived with access limited only to the authorized individuals who might need to access the archived data or deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.

For more information on data retention periods, please contact us by using the information in the “Contacting Us” section, below.

EEA Data Subjects Rights

EEA data subjects have rights over the processing of their personal data. Subject to an explicit request and to justifying their identity, EEA data subjects have a right of access, rectification, and opposition in connection with their personal data, as well as a right to deletion of their personal data, under the terms of the GDPR, by addressing their requests to ATCC using the contact details provided in the “Contacting Us” below. They also have a right to portability of their personal data.

Where they use their right to oppose to the processing, ATCC shall stop the processing of this data subject personal data, except where ATCC has legitimate and compelling reasons for processing, or for the purpose of ascertaining, exercising, or defending its legal rights. If necessary, ATCC will inform such data subjects of the reasons why the rights they exercised cannot be satisfied in whole or in part.


Our Sites are not directed at children. We do not knowingly collect personal identifying information from children under the age of 16. If you are a parent or guardian and believe your child has provided us with personal identifying information without your consent, please contact us by using the information in the “Contacting us” section below, and we will take steps to delete their personal identifying information from our systems.


ATCC implements all necessary technical and organizational measures in order to ensure the security and confidentiality of personal data collected and processed and, particularly, to prevent the data from being distorted, damaged, or communicated to unauthorized third parties by ensuring an appropriate level of security with regards to the risks associated with the processing and the nature of the personal data to be protected, taking into consideration the technological complexity and cost of implementation.

You acknowledge that the Privacy Policy applies only to the use of ATCC website and online services and does not cover any information collected and/or processed on external websites or sources, of which the link appears on the websites. As a result, ATCC shall not be responsible for these websites or external sources' activities in the collection and processing of personal data, which shall, where appropriate, be governed by the personal data policies of each of these external websites or sources.


We may make changes to this Privacy Policy. We reserve the right to change this online Privacy Policy at any time by electronic notice posted on our website. If we make changes that affect the way we collect or use your personally identifiable information, these changes and their effective date will be posted in this Privacy Policy. Your continued use of the Site after we post a revised Privacy Policy means you have accepted the Privacy Policy. If we materially change our practices for the collection or use of your personally identifiable information, your personally identifiable information will be governed by the Policy under which it was originally collected unless you have been provided notice of, and have had an opportunity to object to, or accept the change.

Contacting Us

To exercise your rights as data subjects regarding your personal data, in the event of a dispute arising from the processing of your personal data or if you have any questions regarding this Privacy Policy, you can contact ATCC using the Contact Us Form or by sending a letter by post to "Data Protection Officer, c/o IT Security Office" at 10801 University Boulevard, Manassas, VA 20110-2209. ATCC will endeavor to find a satisfactory solution. In the absence of a response from ATCC, if the dispute persists despite our proposal or at any moment, EEA data subjects have the ability to lodge a complaint before the EEA supervisory authority of the Member State of the European Union in which they usually reside.