Startpage Heidelberg University Hospital

DATA PROTECTION POLICY

UPDATE JULY 1, 2020

Our company places a high value on data protection and data security for Heidelberg University Hospital’s customers and partners as well as potential clients and users of our websites. Transparent processing and protection of your personal data are therefore especially important to us.

The present declaration will give you an overview of how your personal data is collected and processed when you visit our websites and how you can possibly contribute to better protection of your data.

WHO IS RESPONSIBLE FOR PROCESSING

Universitätsklinikum Heidelberg
Im Neuenheimer Feld 672
69120 Heidelberg

Public law institution („Anstalt öffentlichen Rechts“) represented by the Board of the University Hospital

Im Neuenheimer Feld 672
69120 Heidelberg

Phone: +49 (0) 6221 56-0
Fax: +49 (0) 6221 56-5999
Email: klinikumsvorstand(at)med.uni-heidelberg.de

DATA PROTECTION OFFICER

Universitätsklinikum Heidelberg
Datenschutzbeauftragte
Im Neuenheimer Feld 672
69120 Heidelberg
Phone: +49 (0) 6221 56-7036
Email: datenschutz(at)med.uni-heidelberg.de

WHAT IS PERSONAL DATA

Personal data is any information concerning natural persons that can be identified or are identifiable. Crucial is therefore whether the data collected relates to a person. This data includes information like your name, address, telephone number, and email. Information that does not directly relate to your real identity, like favourite websites or the number of a website’s visitors, is not personal data.

HOW WE COLLECT AND PROCESS YOUR PERSONAL DATA

When you visit our websites, our web ­ser­vers tem­po­rarily store the requesting computer’s data according to standard procedure for sys­tem­ security purposes, our web­si­tes that you visit, the date and duration of your visit, identification data of the brow­ser and operating system used as well as the website from which you visit our website. Other personal data like your name, address, telephone number or email are not collected, unless you provide this data of your own accord, e. g. for purposes of re­gis­tration, survey, raffle, contract implementation or inquiry.

HOW WE USE YOUR PERSONAL DATA, HOW WE TRANSMIT THEM

As long as it is possible to enter personal or corporate data on the website (emails, names, addresses), the act of providing this data on the user’s part is explicitly voluntary. Emails are transmitted via a contact form. If you send us a message of this kind, your personal data is only collected as long as it is needed for a reply. The email is transmitted without encryption.

The personal data you provide is used exclusively for the purposes of technical website administration and to fulfil your wishes and needs, which means it is used, as a rule, to implement the contract we concluded with you or to reply to your inquiry.

We use this data for product related surveys, marketing and statistics purposes only with your prior consent and unless you – as long as stipulated by law – filed an objection.

Your personal data is not transferred, sold or otherwise transmitted to third parties, unless necessary for the implementation of the contract or you gave your explicit consent.

Any consent can be revoked at any point taking effect in the future.

HOW LONG YOUR DATA IS STORED

As a rule, we store all information you provided until the respective purpose is fulfilled, e. g. a contractual purpose. For instance, until execution for inquiries, until you unsubscribe – for newsletters. Should a longer period for data storage be needed according to law, it will be stored accordingly.

Should you no more wish us to use your data, we shall promptly fulfil your request (please contact us via the address provided under „Contact“).

WHEN IS YOUR DATA DELETED?

The personal data is deleted if you revoke your consent for data storage, if the data is no more needed for the purpose for which the data was stored or if data storage is impermissible for other lawful reasons. Deletion request does not concern data for settlement and accounting purposes.

USE OF COOKIES

When you visit our websites we use so-called cookies. These are small text files that are stored on your computer. Coo­kies help us determine the number of visitors and users of our websites as well as make our offers for you as convenient and efficient as possible.

On the one hand we use the so-called “ses­si­on coo­kies” that are stored only for duration of your use of our websites. On the other hand, we use "per­ma­nen­t coo­kies" in order to get in­for­ma­tio­n about visitors who regularly visit one of our websites. The purpose of these coo­kies is to offer you the best possible user experience as well as "to recognize" you and offer you diverse information and new content. The content of the per­ma­nen­t coo­kies is limited to the identification number. Name, IP-addres­s etc. are not stored. No profile is created about your user behavior.

You can also visit our websites without coo­kies. You can deactivate storage of cookies in your browser, limit it to certain websites or change your brow­ser’s settings so that it informs you as soon as coo­kies are sent. However, bear in mind that deactivation will lead to a limited display of the website and limited usability.

Cookies that are necessary for electronic communication or for certain functions you want to use (e. g. Shopping-Basket) are stored according to art. 6 (1)f GDPR. The website operator has a legitimate interest to store cookies in order to provide technically accurate and optimized services. If other cookies are stored (e. g. cookies to analyse your internet search behavior), they will be addressed separately in the present data protection declaration.

WHAT WE DO TO ENSURE SECURE PROCESSING

Our company takes all necessary technical and organisational security measures to protect your personal data from loss and misuse. So your data is stored in a secure environment with no access for the public. In some cases your personal data is transmitted with encryption by the so-called Se­cu­re So­cket Lay­er tech­no­lo­gy (SSL). This means that com­mu­ni­ca­ti­on between your com­pu­ter and our company’s ser­vers is done with a recognized encryption technology if your brow­ser supports SSL.

THIS IS THE LEGISLATIVE BASIS

When we request consent of respective individuals for processing of their personal data, we act on the basis of art. 6 1a of the EU General Data Protection Regulation (GDPR).

During processing of the personal data necessary for implementation of a contract whose party the person in question is, we act on the basis of art. 6 1b of the GDPR. This also concerns the processing necessary for the implementation of pre-contractual measures.

If processing of personal data is necessary for fulfilment of a legal obligation of our company, we act according to art. 6 1c of GDPR.

If processing of personal data is in vital interests of the person in question or any other natural person, we act according to art. 6 1d of GDPR.

If processing is necessary to protect our company’s or a third party’s legitimate interests and unless the interests, basis rights and freedoms of the person in question prevail, we act according to art. 6 1f of GDPR. Legitimate interests are in particular ensuring operations and website security, analysing the way visitors use the website and making the website use easier.

THESE ARE YOUR DATA PROTECTION RIGHTS

According to the applicable legislation, you have at any time the right to obtain free information about your personal data stored, its origin and possible recipients as well as the purpose of processing (art. 15 GDPR) and if the case may be the right to correct incorrect data (art. 16 GDPR), delete the data (art. 17 GDPR), limit the processing according to art. 18 GDPR, object (art. 21 GDPR) and the right to portability of your data (according to art. 20 GDPR). For information and deletion rights there are certain restriictions according to §§ 34 and 35 of the German federal data protection act (BDSG).

You also have the right to lodge a complaint with a supervisory authority in case of data protection law violation (art. 77 GDPR and §19 BDSG). The supervisory authority for data protection issues is the data protection officer in the federal state (Bundesland), where our company is resident. You can find the list of data protection officers and their contact data here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

HOW YOU CAN REVOKE CONSENTS GIVEN FOR DATA PROCESSING

Processing is often only possible with your explicit consent. You can revoke such consent at any time. To do this, an informal email will be enough. The data processing that took place before this cancellation will remain unaffected.

CHANGES TO DATA PROTECTION DECLARATION

Possible changes to the present data protection declaration will be timely made public on this website.

WEB ANALYTICS AND ADVERISEMENT

Google Analytics

Our website uses Google Analytics, known as web analytics services. These services use "cookies," which are data files stored on your computer that enable us to analyze use of the website. For this purpose, the usage information generated by the cookie (including your truncated IP address) is transmitted to our server and saved for usage analysis, which enables us to optimize the website. At the start of this process, your IP address is made anonymous so that you, the user, remain anonymous to us.  

With Google Analytics, the information generated by the cookie is generally transferred to a Google server in the USA and stored there. It is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. However, if IP anonymization is enabled on this website, your IP address within the member states of the European Union or other contracting states of the European Economic Area will be truncated by Google prior to transfer. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. On behalf of this website operator, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. (Source: www.datenschutzbeauftragter-info.de)

You can refuse the use of cookies by selecting the appropriate settings on your browser; however, if you do so, you may not be able to utilize the full functionality of this website.

If you do not agree to the storage and analysis of data from your visit, you can block this (including your IP address) with a mouseclick at any time. In this case, an "opt-out cookie" is stored on your browser, with the result that no session data is collected.

Caution: If you delete your cookies, the opt-out cookie will also be deleted, and you may need to reactivate it.

Sie können die Erfassung Ihrer Daten durch Google Analytics verhindern, indem Sie auf folgenden Button klicken. Es wird ein Opt-Out-Cookie gesetzt, der die Erfassung Ihrer Daten bei zukünftigen Besuchen dieser Website verhindert. Durch einen erneuten Klick können Sie dies rückgängig machen und uns helfen die Webseite weiter zu verbessern.


GOOGLE WEB FONTS

This site uses so-called web fonts provided by Google for the uniform representation of fonts. When you open a page, your browser loads the required web fonts into your browser cache to correctly display texts and fonts.

To do this, the browser you use must connect to Google's servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our websites. This constitutes a legitimate interest within the meaning of art. 6 1f of GDPR

If your browser does not support Web Fonts your computer uses standard fonts.

You can find more information about Google Web Fonts at developers.google.com/fonts/faq and in the privacy policy declaration of Google: https://www.google.com/policies/privacy/.

GOOGLE MAPS

This website uses the web mapping service Google Maps via an API. It is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Use of Google Maps’ functions requires saving your IP address. This data is normally transmitted to a Google server in the USA and saved there. The present website’s provider has no influence on this data transmission.

The use of Google Maps provides for an appealing representation of our online offers and easier findability of the places indicated on our website. This is considered a legitimate interest according to Art. 6, 1(f) of the GDPR.

You can find more information on use of users’ data in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.

USE AND APPLICATION OF YOUTUBE

The present website has integrated YouTube components. YouTube is a video-sharing website that allows video publishers to publish video clips and other users to watch, rate and comment on these free of charge. YouTube allows publication of all kinds of videos, therefore full film videos and TV-programs as well as music videos, trailers or users’ own videos are available on the website.

YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Every time you view one of our webpages where there is an integrated YouTube component (YouTube video) the respective YouTube component will automatically prompt your internet browser to download display of the respective YouTube component from YouTube. You can find further information on YouTube under www.youtube.com/yt/about/de/. This technical process allows YouTube and Google to understand, which subpage of our website you view.

As long as you are logged-in on YouTube at the same time, the visit of a subpage with a YouTube video will help YouTube detect which subpage of our website is viewed by the respective person. This information is collected by YouTube and Google and assigned to the respective YouTube account of the respective person.

YouTube and Google receive information via a YouTube component that the respective person has visited our website every time you are logged in on YouTube at the moment you visit our website. This happens whether you click on a YouTube video or not. If you do not wish this data to be transmitted to YouTube and Google, you can prevent this by logging out of your YouTube account before visiting our website.

YouTube’s privacy policy available under www.google.de/intl/de/policies/privacy/ provides more information on collection, processing and use of personal data by YouTube and Google.

REGISTRATION

You have the opportunity to register on our website by providing personal information. Which personal data is to be sent to the controller is derived from the respective data entry mask used for the registration. The personal data you enter will be collected and stored solely for internal processing by the controllers and for own purposes. The controller may arrange for the transmission to one or more processors, such as a parcel service, who also uses the personal data only for internal use attributable to the controller.

By registering on the website of the controller the data, the IP address assigned by your Internet service provider (ISP), the date and time of registration are also stored. This data is stored because this is the only way to prevent the misuse of our services and, if necessary, to use this data to investigate past crimes and copyright infringements. Thus, the storage of this data is required to protect the controller. The data will not be transmitted to third parties as a rule, unless there is a legal obligation to pass on the data or unless the disclosure serves the criminal or legal prosecution.

Your registration and the voluntary provision of personal data serves the controller to provide you with content or services that, due to the nature of the case, can only be offered to registered users. Furthermore, your registration serves the monitoring of the use of the copyrighted texts issued by us, as well as the verification of link setting and copyright naming, as well as our own documentation purposes. In addition, we use the data collected for customer acquisition, in particular for telephone contact and the sending of advertisement by conventional mail and e-mail. Registered persons are free to delete the personal data given at the time of registration completely from the database of the controller.

The controller will inform you at any time on request about which of your personal data is stored. Furthermore, the controller corrects or deletes your personal data at the request or notice of the person in question, insofar as this does not conflict with legal data retention requirements. The data protection officer named in this data protection statement and all coworkers of the controller are available to assist you in this regard.

Links to Social Media Platforms

Our website contains links to our pages on various social media platforms. We point out that by clicking on these links you leave our website and also the scope of this Data Privacy Statement. On the Social Media platforms, only the respective Data Privacy Statements and terms of use of the operator of the Social Media platform apply.

Facebook

Our website contains links to the external social network Facebook. This website is operated exclusively by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). References are indicated as part of our website by the Facebook logo or the addition "Like" (no Facebook plug-ins are used).

When you visit our website, functions and data transmissions to Facebook are not automatically activated. Only by clicking on the links, the Facebook plugins are activated, your browser establishes a direct connection with Facebook servers. If you follow the links and at the same time you are logged in to Facebook with your local user account, the information that you have visited our website will be forwarded to Facebook. You can assign Facebook to your account by visiting the website. This information is transmitted to Facebook and stored there. To prevent this, you must log out of your Facebook account before clicking on the link.

The purpose and scope of the data collection by Facebook as well as the further processing and use of your data as well as your respective rights and settings options for the protection of your privacy can be found in the privacy policy of Facebook http://de-de.facebook.com/privacy/explanation.php).

EN