DATA PROTECTION POLICY
UPDATE JULY 1, 2020
Our company places a high value on data protection and data security for Heidelberg University Hospital’s customers and partners as well as potential clients and users of our websites. Transparent processing and protection of your personal data are therefore especially important to us.
The present declaration will give you an overview of how your personal data is collected and processed when you visit our websites and how you can possibly contribute to better protection of your data.
WHO IS RESPONSIBLE FOR PROCESSING
Im Neuenheimer Feld 672
Public law institution („Anstalt öffentlichen Rechts“) represented by the Board of the University Hospital
Im Neuenheimer Feld 672
Phone: +49 (0) 6221 56-0
Fax: +49 (0) 6221 56-5999
DATA PROTECTION OFFICER
Im Neuenheimer Feld 672
Phone: +49 (0) 6221 56-7036
WHAT IS PERSONAL DATA
Personal data is any information concerning natural persons that can be identified or are identifiable. Crucial is therefore whether the data collected relates to a person. This data includes information like your name, address, telephone number, and email. Information that does not directly relate to your real identity, like favourite websites or the number of a website’s visitors, is not personal data.
HOW WE COLLECT AND PROCESS YOUR PERSONAL DATA
When you visit our websites, our web servers temporarily store the requesting computer’s data according to standard procedure for system security purposes, our websites that you visit, the date and duration of your visit, identification data of the browser and operating system used as well as the website from which you visit our website. Other personal data like your name, address, telephone number or email are not collected, unless you provide this data of your own accord, e. g. for purposes of registration, survey, raffle, contract implementation or inquiry.
HOW WE USE YOUR PERSONAL DATA, HOW WE TRANSMIT THEM
As long as it is possible to enter personal or corporate data on the website (emails, names, addresses), the act of providing this data on the user’s part is explicitly voluntary. Emails are transmitted via a contact form. If you send us a message of this kind, your personal data is only collected as long as it is needed for a reply. The email is transmitted without encryption.
The personal data you provide is used exclusively for the purposes of technical website administration and to fulfil your wishes and needs, which means it is used, as a rule, to implement the contract we concluded with you or to reply to your inquiry.
We use this data for product related surveys, marketing and statistics purposes only with your prior consent and unless you – as long as stipulated by law – filed an objection.
Your personal data is not transferred, sold or otherwise transmitted to third parties, unless necessary for the implementation of the contract or you gave your explicit consent.
Any consent can be revoked at any point taking effect in the future.
HOW LONG YOUR DATA IS STORED
As a rule, we store all information you provided until the respective purpose is fulfilled, e. g. a contractual purpose. For instance, until execution for inquiries, until you unsubscribe – for newsletters. Should a longer period for data storage be needed according to law, it will be stored accordingly.
Should you no more wish us to use your data, we shall promptly fulfil your request (please contact us via the address provided under „Contact“).
WHEN IS YOUR DATA DELETED?
The personal data is deleted if you revoke your consent for data storage, if the data is no more needed for the purpose for which the data was stored or if data storage is impermissible for other lawful reasons. Deletion request does not concern data for settlement and accounting purposes.
When you visit our websites we use so-called cookies. These are small text files that are stored on your computer. Cookies help us determine the number of visitors and users of our websites as well as make our offers for you as convenient and efficient as possible.
On the one hand we use the so-called “session cookies” that are stored only for duration of your use of our websites. On the other hand, we use "permanent cookies" in order to get information about visitors who regularly visit one of our websites. The purpose of these cookies is to offer you the best possible user experience as well as "to recognize" you and offer you diverse information and new content. The content of the permanent cookies is limited to the identification number. Name, IP-address etc. are not stored. No profile is created about your user behavior.
You can also visit our websites without cookies. You can deactivate storage of cookies in your browser, limit it to certain websites or change your browser’s settings so that it informs you as soon as cookies are sent. However, bear in mind that deactivation will lead to a limited display of the website and limited usability.
Cookies that are necessary for electronic communication or for certain functions you want to use (e. g. Shopping-Basket) are stored according to art. 6 (1)f GDPR. The website operator has a legitimate interest to store cookies in order to provide technically accurate and optimized services. If other cookies are stored (e. g. cookies to analyse your internet search behavior), they will be addressed separately in the present data protection declaration.
WHAT WE DO TO ENSURE SECURE PROCESSING
Our company takes all necessary technical and organisational security measures to protect your personal data from loss and misuse. So your data is stored in a secure environment with no access for the public. In some cases your personal data is transmitted with encryption by the so-called Secure Socket Layer technology (SSL). This means that communication between your computer and our company’s servers is done with a recognized encryption technology if your browser supports SSL.
THIS IS THE LEGISLATIVE BASIS
When we request consent of respective individuals for processing of their personal data, we act on the basis of art. 6 1a of the EU General Data Protection Regulation (GDPR).
During processing of the personal data necessary for implementation of a contract whose party the person in question is, we act on the basis of art. 6 1b of the GDPR. This also concerns the processing necessary for the implementation of pre-contractual measures.
If processing of personal data is necessary for fulfilment of a legal obligation of our company, we act according to art. 6 1c of GDPR.
If processing of personal data is in vital interests of the person in question or any other natural person, we act according to art. 6 1d of GDPR.
If processing is necessary to protect our company’s or a third party’s legitimate interests and unless the interests, basis rights and freedoms of the person in question prevail, we act according to art. 6 1f of GDPR. Legitimate interests are in particular ensuring operations and website security, analysing the way visitors use the website and making the website use easier.
THESE ARE YOUR DATA PROTECTION RIGHTS
According to the applicable legislation, you have at any time the right to obtain free information about your personal data stored, its origin and possible recipients as well as the purpose of processing (art. 15 GDPR) and if the case may be the right to correct incorrect data (art. 16 GDPR), delete the data (art. 17 GDPR), limit the processing according to art. 18 GDPR, object (art. 21 GDPR) and the right to portability of your data (according to art. 20 GDPR). For information and deletion rights there are certain restriictions according to §§ 34 and 35 of the German federal data protection act (BDSG).
You also have the right to lodge a complaint with a supervisory authority in case of data protection law violation (art. 77 GDPR and §19 BDSG). The supervisory authority for data protection issues is the data protection officer in the federal state (Bundesland), where our company is resident. You can find the list of data protection officers and their contact data here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
HOW YOU CAN REVOKE CONSENTS GIVEN FOR DATA PROCESSING
Processing is often only possible with your explicit consent. You can revoke such consent at any time. To do this, an informal email will be enough. The data processing that took place before this cancellation will remain unaffected.
CHANGES TO DATA PROTECTION DECLARATION
Possible changes to the present data protection declaration will be timely made public on this website.
WEB ANALYTICS AND ADVERISEMENT
Our website uses Google Analytics, known as web analytics services. These services use "cookies," which are data files stored on your computer that enable us to analyze use of the website. For this purpose, the usage information generated by the cookie (including your truncated IP address) is transmitted to our server and saved for usage analysis, which enables us to optimize the website. At the start of this process, your IP address is made anonymous so that you, the user, remain anonymous to us.
With Google Analytics, the information generated by the cookie is generally transferred to a Google server in the USA and stored there. It is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. However, if IP anonymization is enabled on this website, your IP address within the member states of the European Union or other contracting states of the European Economic Area will be truncated by Google prior to transfer. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. On behalf of this website operator, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. (Source: www.datenschutzbeauftragter-info.de)
If you do not agree to the storage and analysis of data from your visit, you can block this (including your IP address) with a mouseclick at any time. In this case, an "opt-out cookie" is stored on your browser, with the result that no session data is collected.
Caution: If you delete your cookies, the opt-out cookie will also be deleted, and you may need to reactivate it.
Sie können die Erfassung Ihrer Daten durch Google Analytics verhindern, indem Sie auf folgenden Button klicken. Es wird ein Opt-Out-Cookie gesetzt, der die Erfassung Ihrer Daten bei zukünftigen Besuchen dieser Website verhindert. Durch einen erneuten Klick können Sie dies rückgängig machen und uns helfen die Webseite weiter zu verbessern.
GOOGLE WEB FONTS
This site uses so-called web fonts provided by Google for the uniform representation of fonts. When you open a page, your browser loads the required web fonts into your browser cache to correctly display texts and fonts.
To do this, the browser you use must connect to Google's servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our websites. This constitutes a legitimate interest within the meaning of art. 6 1f of GDPR
If your browser does not support Web Fonts your computer uses standard fonts.
This website uses the web mapping service Google Maps via an API. It is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Use of Google Maps’ functions requires saving your IP address. This data is normally transmitted to a Google server in the USA and saved there. The present website’s provider has no influence on this data transmission.
The use of Google Maps provides for an appealing representation of our online offers and easier findability of the places indicated on our website. This is considered a legitimate interest according to Art. 6, 1(f) of the GDPR.
USE AND APPLICATION OF YOUTUBE
The present website has integrated YouTube components. YouTube is a video-sharing website that allows video publishers to publish video clips and other users to watch, rate and comment on these free of charge. YouTube allows publication of all kinds of videos, therefore full film videos and TV-programs as well as music videos, trailers or users’ own videos are available on the website.
YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Every time you view one of our webpages where there is an integrated YouTube component (YouTube video) the respective YouTube component will automatically prompt your internet browser to download display of the respective YouTube component from YouTube. You can find further information on YouTube under www.youtube.com/yt/about/de/. This technical process allows YouTube and Google to understand, which subpage of our website you view.
As long as you are logged-in on YouTube at the same time, the visit of a subpage with a YouTube video will help YouTube detect which subpage of our website is viewed by the respective person. This information is collected by YouTube and Google and assigned to the respective YouTube account of the respective person.
YouTube and Google receive information via a YouTube component that the respective person has visited our website every time you are logged in on YouTube at the moment you visit our website. This happens whether you click on a YouTube video or not. If you do not wish this data to be transmitted to YouTube and Google, you can prevent this by logging out of your YouTube account before visiting our website.
You have the opportunity to register on our website by providing personal information. Which personal data is to be sent to the controller is derived from the respective data entry mask used for the registration. The personal data you enter will be collected and stored solely for internal processing by the controllers and for own purposes. The controller may arrange for the transmission to one or more processors, such as a parcel service, who also uses the personal data only for internal use attributable to the controller.
By registering on the website of the controller the data, the IP address assigned by your Internet service provider (ISP), the date and time of registration are also stored. This data is stored because this is the only way to prevent the misuse of our services and, if necessary, to use this data to investigate past crimes and copyright infringements. Thus, the storage of this data is required to protect the controller. The data will not be transmitted to third parties as a rule, unless there is a legal obligation to pass on the data or unless the disclosure serves the criminal or legal prosecution.
Your registration and the voluntary provision of personal data serves the controller to provide you with content or services that, due to the nature of the case, can only be offered to registered users. Furthermore, your registration serves the monitoring of the use of the copyrighted texts issued by us, as well as the verification of link setting and copyright naming, as well as our own documentation purposes. In addition, we use the data collected for customer acquisition, in particular for telephone contact and the sending of advertisement by conventional mail and e-mail. Registered persons are free to delete the personal data given at the time of registration completely from the database of the controller.
The controller will inform you at any time on request about which of your personal data is stored. Furthermore, the controller corrects or deletes your personal data at the request or notice of the person in question, insofar as this does not conflict with legal data retention requirements. The data protection officer named in this data protection statement and all coworkers of the controller are available to assist you in this regard.
Links to Social Media Platforms
Our website contains links to the external social network Facebook. This website is operated exclusively by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). References are indicated as part of our website by the Facebook logo or the addition "Like" (no Facebook plug-ins are used).
When you visit our website, functions and data transmissions to Facebook are not automatically activated. Only by clicking on the links, the Facebook plugins are activated, your browser establishes a direct connection with Facebook servers. If you follow the links and at the same time you are logged in to Facebook with your local user account, the information that you have visited our website will be forwarded to Facebook. You can assign Facebook to your account by visiting the website. This information is transmitted to Facebook and stored there. To prevent this, you must log out of your Facebook account before clicking on the link.