Treatment inquiry &…

Data protection policy for Telemedicine Portal

Update 18.05.2018

Our company places a high value on data protection and data security for Heidelberg University Hospital’s customers and partners as well as potential clients and users of our websites. Transparent processing and protection of your personal data are therefore especially important to us.

The present declaration will give you an overview of how your personal data is collected and processed when you visit our websites and how you can possibly contribute to better protection of your data.

Universitätsklinikum Heidelberg
Im Neuenheimer Feld 672
69120 Heidelberg

Public law institution („Anstalt öffentlichen Rechts“) represented by the Board of the University Hospital

Im Neuenheimer Feld 672
69120 Heidelberg

Tel.: +49 (0) 6221 56-0
Telefax: +49 (0) 6221 56-5999

Data protection officer 

Universitätsklinikum Heidelberg
Im Neuenheimer Feld 672
69120 Heidelberg
+49 (0) 6221 56 7036


Personal data is any information concerning natural persons that can be identified or are identifiable. Crucial is therefore whether the data collected relates to a person. This data includes information like your name, address, telephone number, and email. In­for­ma­tio­n that does not directly relate to your real identity, like fa­vou­rite web­si­tes or the number of a website’s visitors, is not personal data.

When you visit our websites, our web ­ser­vers tem­po­rarily store the requesting computer’s data according to standard procedure for sys­tem­ security purposes, our web­si­tes that you visit, the date and duration of your visit, identification data of the brow­ser and operating system used as well as the website from which you visit our website. Other personal data like your name, address, telephone number or email are not collected, unless you provide this data of your own accord, e. g. for purposes of re­gis­tration, survey, raffle, contract implementation or inquiry.

As long as it is possible to enter personal or corporate data on the website (emails, names, addresses), the act of providing this data on the user’s part is explicitly voluntary. Emails are transmitted via a contact form. If you send us a message of this kind, your personal data is only collected as long as it is needed for a reply. The email is transmitted without encryption.

The personal data you provide is used exclusively for the purposes of technical website administration and to fulfil your wishes and needs, which means it is used, as a rule, to implement the contract we concluded with you or to reply to your inquiry.

We use this data for product related surveys, marketing and statistics purposes only with your prior consent and unless you – as long as stipulated by law – filed an objection.

Your personal data is not transferred, sold or otherwise transmitted to third parties, unless necessary for the implementation of the contract or you gave your explicit consent.

Any consent can be revoked at any point taking effect in the future.

As a rule, we store all information you provided until the respective purpose is fulfilled, e. g. a contractual purpose. For instance, until execution for inquiries, until you unsubscribe – for newsletters. Should a longer period for data storage be needed according to law, it will be stored accordingly.

Should you no more wish us to use your data, we shall promptly fulfil your request (please contact us via the address provided under „Contact“).

The personal data is deleted if you revoke your consent for data storage, if the data is no more needed for the purpose for which the data was stored or if data storage is impermissible for other lawful reasons. Deletion request does not concern data for settlement and accounting purposes.

When you visit our websites we use so-called cookies. These are small text files that are stored on your computer. Coo­kies help us determine the number of visitors and users of our websites as well as make our offers for you as convenient and efficient as possible.

On the one hand we use the so-called “ses­si­on coo­kies” that are stored only for duration of your use of our websites. On the other hand, we use "per­ma­nen­t coo­kies" in order to get in­for­ma­tio­n about visitors who regularly visit one of our websites. The purpose of these coo­kies is to offer you the best possible user experience as well as "to recognize" you and offer you diverse information and new content. The content of the per­ma­nen­t coo­kies is limited to the identification number. Name, IP-addres­s etc. are not stored. No profile is created about your user behavior.

You can also visit our websites without coo­kies. You can deactivate storage of cookies in your browser, limit it to certain websites or change your brow­ser’s settings so that it informs you as soon as coo­kies are sent. However, bear in mind that deactivation will lead to a limited display of the website and limited usability.

Cookies that are necessary for electronic communication or for certain functions you want to use (e. g. Shopping-Basket) are stored according to art. 6 (1)f GDPR. The website operator has a justified interest to store cookies in order to provide technically accurate and optimized services. If other cookies are stored (e. g. cookies to analyse your internet search behavior), they will be addressed separately in the present data protection declaration.

Our company takes all necessary technical and organisational security measures to protect your personal data from loss and misuse. So your data is stored in a secure environment with no access for the public. In some cases your personal data is transmitted with encryption by the so-called Se­cu­re So­cket Lay­er tech­no­lo­gy (SSL). This means that com­mu­ni­ca­ti­on between your com­pu­ter and our company’s ser­vers is done with a recognized encryption technology if your brow­ser supports SSL.

When we request consent of respective individuals for processing of their personal data, we act on the basis of art. 6 1a of the EU General Data Protection Regulation (GDPR).

During processing of the personal data necessary for implementation of a contract whose party the person in question is, we act on the basis of art. 6 1b of the GDPR. This also concerns the processing necessary for the implementation of pre-contractual measures.

If processing of personal data is necessary for fulfilment of a legal obligation of our company, we act according to art. 6 1c of GDPR.

If processing of personal data is in vital interests of the person in question or any other natural person, we act according to art. 6 1d of GDPR.

If processing is necessary to protect our company’s or a third party’s justified interests and unless the interests, basis rights and freedoms of the person in question prevail, we act according to art. 6 1f of GDPR. Justified interests are in particular ensuring operations and website security, analysing the way visitors use the website and making the website use easier.

According to the applicable legislation, you have at any time the right to obtain free information about your personal data stored, its origin and possible recipients as well as the purpose of processing (art. 15 GDPR) and if the case may be the right to correct incorrect data (art. 16 GDPR), delete the data (art. 17 GDPR), limit the processing according to art. 18 GDPR, object (art. 21 GDPR) and the right to portability of your data (according to art. 20 GDPR). For information and deletion rights there are certain restriictions according to §§ 34 and 35 of the German federal data protection act (BDSG).

You also have the right to lodge a complaint with a supervisory authority in case of data protection law violation (art. 77 GDPR and §19 BDSG). The supervisory authority for data protection issues is the data protection officer in the federal state (Bundesland), where our company is resident. You can find the list of data protection officers and their contact data here:

Processing is often only possible with your explicit consent. You can revoke such consent at any time. To do this, an informal email will be enough. The data processing that took place before this cancellation will remain unaffected. to data protection declaration

Possible changes to the present data protection declaration will be timely made public on this website.

Changes in this data protection notice might occurred, which will be timely announced on this page.

This site uses so-called web fonts provided by Google for the uniform representation of fonts. When you open a page, your browser loads the required web fonts into your browser cache to correctly display texts and fonts.

To do this, the browser you use must connect to Google's servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our websites. This constitutes a legitimate interest within the meaning of art. 6 1f of GDPR

If your browser does not support Web Fonts your computer uses standard fonts.

You can find more information about Google Web Fonts at and in the privacy policy declaration of Google:

You have the opportunity to register on our website by providing personal information. Which personal data is to be sent to the controller is derived from the respective data entry mask used for the registration. The personal data you enter will be collected and stored solely for internal processing by the controllers and for own purposes. The controller may arrange for the transmission to one or more processors, such as a parcel service, who also uses the personal data only for internal use attributable to the controller.

By registering on the website of the controller the data, the IP address assigned by your Internet service provider (ISP), the date and time of registration are also stored. This data is stored because this is the only way to prevent the misuse of our services and, if necessary, to use this data to investigate past crimes and copyright infringements. Thus, the storage of this data is required to protect the controller. The data will not be transmitted to third parties as a rule, unless there is a legal obligation to pass on the data or unless the disclosure serves the criminal or legal prosecution.

Your registration and the voluntary provision of personal data serves the controller to provide you with content or services that, due to the nature of the case, can only be offered to registered users. Furthermore, your registration serves the monitoring of the use of the copyrighted texts issued by us, as well as the verification of link setting and copyright naming, as well as our own documentation purposes. In addition, we use the data collected for customer acquisition, in particular for telephone contact and the sending of advertisement by conventional mail and e-mail. Registered persons are free to delete the personal data given at the time of registration completely from the database of the controller.

The controller will inform you at any time on request about which of your personal data is stored. Furthermore, the controller corrects or deletes your personal data at the request or notice of the person in question, insofar as this does not conflict with legal data retention requirements. The data protection officer named in this data protection statement and all coworkers of the controller are available to assist you in this regard.