Data protection policy for Telemedicine Portal
https://www.heidelberg-university-hospital.com/Our company places a high value on data protection and data security for Heidelberg University Hospital’s customers and partners as well as potential clients and users of our websites. Transparent processing and protection of your personal data are therefore especially important to us.
The present declaration will give you an overview of how your personal data is collected and processed when you visit our websites and how you can possibly contribute to better protection of your data.
Who is responsible for processing
Im Neuenheimer Feld 672
Public law institution („Anstalt öffentlichen Rechts“) represented by the Board of the University Hospital
Im Neuenheimer Feld 672
Tel.: +49 (0) 6221 56-0
Telefax: +49 (0) 6221 56-5999
Email: klinikumsvorstand @med.uni-heidelberg.de
Data protection officer
Im Neuenheimer Feld 672
+49 (0) 6221 56 7036
What is personal data
Personal data is any information concerning natural persons that can be identified or are identifiable. Crucial is therefore whether the data collected relates to a person. This data includes information like your name, address, telephone number, and email. Information that does not directly relate to your real identity, like favourite websites or the number of a website’s visitors, is not personal data.
How we collect and process your personal data
When you visit our websites, our web servers temporarily store the requesting computer’s data according to standard procedure for system security purposes, our websites that you visit, the date and duration of your visit, identification data of the browser and operating system used as well as the website from which you visit our website. Other personal data like your name, address, telephone number or email are not collected, unless you provide this data of your own accord, e. g. for purposes of registration, survey, raffle, contract implementation or inquiry.
How we use your personal data, how we transmit them
As long as it is possible to enter personal or corporate data on the website (emails, names, addresses), the act of providing this data on the user’s part is explicitly voluntary. Emails are transmitted via a contact form. If you send us a message of this kind, your personal data is only collected as long as it is needed for a reply. The email is transmitted without encryption.
The personal data you provide is used exclusively for the purposes of technical website administration and to fulfil your wishes and needs, which means it is used, as a rule, to implement the contract we concluded with you or to reply to your inquiry.
We use this data for product related surveys, marketing and statistics purposes only with your prior consent and unless you – as long as stipulated by law – filed an objection.
Your personal data is not transferred, sold or otherwise transmitted to third parties, unless necessary for the implementation of the contract or you gave your explicit consent.
Any consent can be revoked at any point taking effect in the future.
How long your data is stored
As a rule, we store all information you provided until the respective purpose is fulfilled, e. g. a contractual purpose. For instance, until execution for inquiries, until you unsubscribe – for newsletters. Should a longer period for data storage be needed according to law, it will be stored accordingly.
Should you no more wish us to use your data, we shall promptly fulfil your request (please contact us via the address provided under „Contact“).
When is your data deleted?
The personal data is deleted if you revoke your consent for data storage, if the data is no more needed for the purpose for which the data was stored or if data storage is impermissible for other lawful reasons. Deletion request does not concern data for settlement and accounting purposes.
When you visit our websites we use so-called cookies. These are small text files that are stored on your computer. Cookies help us determine the number of visitors and users of our websites as well as make our offers for you as convenient and efficient as possible.
On the one hand we use the so-called “session cookies” that are stored only for duration of your use of our websites. On the other hand, we use "permanent cookies" in order to get information about visitors who regularly visit one of our websites. The purpose of these cookies is to offer you the best possible user experience as well as "to recognize" you and offer you diverse information and new content. The content of the permanent cookies is limited to the identification number. Name, IP-address etc. are not stored. No profile is created about your user behavior.
You can also visit our websites without cookies. You can deactivate storage of cookies in your browser, limit it to certain websites or change your browser’s settings so that it informs you as soon as cookies are sent. However, bear in mind that deactivation will lead to a limited display of the website and limited usability.
Cookies that are necessary for electronic communication or for certain functions you want to use (e. g. Shopping-Basket) are stored according to art. 6 (1)f GDPR. The website operator has a justified interest to store cookies in order to provide technically accurate and optimized services. If other cookies are stored (e. g. cookies to analyse your internet search behavior), they will be addressed separately in the present data protection declaration.
What we do to ensure secure processing
Our company takes all necessary technical and organisational security measures to protect your personal data from loss and misuse. So your data is stored in a secure environment with no access for the public. In some cases your personal data is transmitted with encryption by the so-called Secure Socket Layer technology (SSL). This means that communication between your computer and our company’s servers is done with a recognized encryption technology if your browser supports SSL.
This is the legislative basis
When we request consent of respective individuals for processing of their personal data, we act on the basis of art. 6 1a of the EU General Data Protection Regulation (GDPR).
During processing of the personal data necessary for implementation of a contract whose party the person in question is, we act on the basis of art. 6 1b of the GDPR. This also concerns the processing necessary for the implementation of pre-contractual measures.
If processing of personal data is necessary for fulfilment of a legal obligation of our company, we act according to art. 6 1c of GDPR.
If processing of personal data is in vital interests of the person in question or any other natural person, we act according to art. 6 1d of GDPR.
If processing is necessary to protect our company’s or a third party’s justified interests and unless the interests, basis rights and freedoms of the person in question prevail, we act according to art. 6 1f of GDPR. Justified interests are in particular ensuring operations and website security, analysing the way visitors use the website and making the website use easier.
These are your data protection rights
According to the applicable legislation, you have at any time the right to obtain free information about your personal data stored, its origin and possible recipients as well as the purpose of processing (art. 15 GDPR) and if the case may be the right to correct incorrect data (art. 16 GDPR), delete the data (art. 17 GDPR), limit the processing according to art. 18 GDPR, object (art. 21 GDPR) and the right to portability of your data (according to art. 20 GDPR). For information and deletion rights there are certain restriictions according to §§ 34 and 35 of the German federal data protection act (BDSG).
You also have the right to lodge a complaint with a supervisory authority in case of data protection law violation (art. 77 GDPR and §19 BDSG). The supervisory authority for data protection issues is the data protection officer in the federal state (Bundesland), where our company is resident. You can find the list of data protection officers and their contact data here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
How you can revoke consents given for data processing
Processing is often only possible with your explicit consent. You can revoke such consent at any time. To do this, an informal email will be enough. The data processing that took place before this cancellation will remain unaffected.
https://www.heidelberg-university-hospital.com/changes to data protection declaration
Possible changes to the present data protection declaration will be timely made public on this website.
GOOGLE WEB FONTS
This site uses so-called web fonts provided by Google for the uniform representation of fonts. When you open a page, your browser loads the required web fonts into your browser cache to correctly display texts and fonts.
To do this, the browser you use must connect to Google's servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our websites. This constitutes a legitimate interest within the meaning of art. 6 1f of GDPR
If your browser does not support Web Fonts your computer uses standard fonts.
You have the opportunity to register on our website by providing personal information. Which personal data is to be sent to the controller is derived from the respective data entry mask used for the registration. The personal data you enter will be collected and stored solely for internal processing by the controllers and for own purposes. The controller may arrange for the transmission to one or more processors, such as a parcel service, who also uses the personal data only for internal use attributable to the controller.
By registering on the website of the controller the data, the IP address assigned by your Internet service provider (ISP), the date and time of registration are also stored. This data is stored because this is the only way to prevent the misuse of our services and, if necessary, to use this data to investigate past crimes and copyright infringements. Thus, the storage of this data is required to protect the controller. The data will not be transmitted to third parties as a rule, unless there is a legal obligation to pass on the data or unless the disclosure serves the criminal or legal prosecution.
Your registration and the voluntary provision of personal data serves the controller to provide you with content or services that, due to the nature of the case, can only be offered to registered users. Furthermore, your registration serves the monitoring of the use of the copyrighted texts issued by us, as well as the verification of link setting and copyright naming, as well as our own documentation purposes. In addition, we use the data collected for customer acquisition, in particular for telephone contact and the sending of advertisement by conventional mail and e-mail. Registered persons are free to delete the personal data given at the time of registration completely from the database of the controller.
The controller will inform you at any time on request about which of your personal data is stored. Furthermore, the controller corrects or deletes your personal data at the request or notice of the person in question, insofar as this does not conflict with legal data retention requirements. The data protection officer named in this data protection statement and all coworkers of the controller are available to assist you in this regard.