Name and address of the controller
The controller pursuant to the General Data Protection Regulation, other privacy laws that apply within the Member States of the European Union, and other legal provisions of a privacy-related nature is:
Charité / Exzellenzcluster NeuroCure
Tel.: +40 30 450 450 7539 970
Contact for Privacy Queries
If you have any queries about the processing of your data, or about your privacy rights, please contact:
Datenschutz der Charité – Universitätsmedizin Berlin
Tel.: +40 30 450 580 01
Types of data processed:
- Inventory data (e.g. names, addresses)
- Contact data (e.g. e-mail addresses, telephone numbers)
- Content data (e.g. text input, photographs, videos)
- Usage data (e.g. websites visited, interest in content, visit times)
- Meta/communication data (e.g. device information, IP addresses)
Categories of data subjects
Visitors and users of the online service (data subjects are also referred to jointly hereinafter as “users”).
Purpose of processing
- Provision of the online service, its functions and its content
- To respond to contact requests, and for communication with users
- Security measures
- To measure reach / for marketing
“Personal data” are any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is far-reaching and extends to virtually all interaction with data.
The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A “processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Applicable legal grounds
Pursuant to Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
These measures include, in particular, ensuring the ongoing confidentiality, integrity, availability of data by monitoring physical access to the data as well digital access to same, their input, transfer, securing of availability and their separation. We have furthermore put in place procedures that ensure the safeguarding of data subjects’ rights, the erasure of data, and a response to any risk to the data. By means of technical design and privacy-friendly pre-settings, we moreover already take the protection of personal data into consideration during the development and/or selection of hardware, software, and procedures in accordance with the principles of data protection (Art. 25 GDPR).
Collaboration with processors and third parties
Insofar as we disclose or transmit data to other persons or companies (processors or third parties) or otherwise give them access to data within the scope of our processing, this is only done on the basis of legal consent (e.g. where transfer of data to third parties such as a payment services provider is necessary for contract performance pursuant to Art. 6 (1) b) GDPR), where you have given your consent, where a legal obligation exists, or on the basis of our legitimate interests (e.g. where agents, web hosters, etc., are used).
Insofar as we instruct third parties to process data on the basis of a “processing contract”, this is done on the basis of Art. 28 GDPR.
Transfer to third countries
Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or where data is processed on our behalf by third parties, or where data is disclosed and/or transmitted to third parties, this is only done where it serves to fulfill our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to statutory or contractual consents, we only process data or have it processed in a third country where the special conditions of Art. 44 ff. GDPR apply. This means that processing is carried out, for example, on the basis of special guarantees such as the official recognized verification of a standard of privacy corresponding with that of the EU (e.g. the Privacy Shield in the USA) or in observance of officially recognized, specific contractual obligations (standard contractual clauses).
Rights of the data subject
You have the right to request confirmation as to whether your data is being processed, and you have the right to information about these data, as well as further information and a copy of the data pursuant to Art. 15 GDPR.
Under the terms of Art. 16 GDPR you have the right to request the completion of your personal data or the rectification of your personal data which is inaccurate.
Under the terms of Art. 17 GDPR you have the right to request that your personal data be erased without undue delay and/or you may request pursuant to Art. 18 GDPR that the processing of your data be restricted.
You have the right pursuant to Art. 20 GDPR to request your personal data that you have provided to us and to request that the data be transferred to another controller. Under the terms of Art. 77 GDPR you furthermore have the right to lodge a complaint with the competent supervisory authority.
Right to withdraw consent
You have the right pursuant to Art. 7 (3) GDPR to withdraw consents with future effect.
Right to object
Under the terms of Art. 21 GDPR you have the right to object, on grounds relating to your particular situation, at any time to the processing of your data, most notably for direct marketing purposes.
Cookies and your right to object to direct marketing
Cookies are small files that are stored on users’ computers. Various information may be stored on cookies. The main purpose of a cookie is to store a user’s details (e.g. the device on which the cookie is stored) during or after his/her visit to an online service. Cookies that are deleted when a user leaves the online service and closes his/her browser are known as temporary, session or transient cookies. Information such as the content of a shopping cart in an online store, or a user’s login status may be stored on this kind of cookie. Cookies that remain on a computer even after a browser is closed are known as permanent or persistent cookies. These can, for example, allow a user’s login status to be stored if the user returns several days later. Equally, this kind of cookie may store details of a user’s interests which are used for measuring reach or for marketing purposes. Cookies that are placed by providers other than the controller offering the online service are known as third-party cookies (cookies from the provider of the online service alone are known as first-party cookies).
If you do not wish cookies to be stored on our computer, you can deactivate them by adjusting your browser settings. These settings can also be used to delete stored cookies. Refusing cookies may mean that you cannot use all the functions of our online service.
Erasure of data
In accordance with statutory requirements in Germany, retention is most notably for 10 years pursuant to Arts. 147, paragraph 1 AO (Federal Fiscal Code), 257, paragraph 1, Nos. 1 and 4, paragraph 4 HGB (Federal Commercial Code) (accounts, records, situation reports, account books, commercial books, documents relevant to taxation, etc.) and 6 years pursuant to Art. 257, paragraph 1, Nos. 2 and 3, paragraph 4 HGB (trade and business letters).
Hosting and e-mail transmission
The hosting services that we use serve to provide the following services: infrastructure and platform services, computing capacity, storage and database services, e-mail transmission, security services and technical maintenance services which we deploy for the purpose of operating this online service.
In doing so, we and/or our hosting provider process inventory data, contact data, content data, contractual data, usage data and communication data of customers, leads and visitors to this online service on the basis of our legitimate interest in the efficient and secure provision of this online service pursuant to Art. 6 (1) f) GDPR in conjunction with Art. 28 GDPR (conclusion of a processing contract).
Collection of access data and log files
On the basis of our legitimate interest pursuant to Art. 6 (1) f) GDPR, we and/or our hosting provider collect data about every access to the server on which this service is hosted (server log files). These access data include the name of the website visited, file, data and time of the visit, transferred data volume, report on successful retrieval, browser type and version, the user’s operating system, the referrer URL (the page previously visited), IP address and requesting provider.
Log file data are stored for a maximum 7 days for security reasons (e.g. to investigate misuse or fraud) and are then erased. Data which must be retained for longer as proof are exempted from erasure until the given incident has been resolved.
Online presence on social media
We maintain an online presence on social networks and platforms in order to communicate with customers, leads and users there, and so that we can inform them about our services. When you visit the respective networks and platforms, the Terms and Conditions and data processing provisions of the respective operators will apply.
Integration of third-party services and content
On the basis of our legitimate interests (i.e. interest in the analysis, optimization, and cost-effective operation of our online service pursuant to Art. 6 (1) f) GDPR), within the scope of our online service we use third-party content or services, in order to integrate their content and services, e.g. videos or fonts (hereinafter “content”).
This always presupposes that the third-party provider of this content will see users’ IP addresses, as without those IP addresses they would not be able to transmit the content to the users’ browsers. The IP address is therefore necessary to display this content. We endeavor to exclusively use content from providers who only use IP addresses to deliver that content. Third-party providers may furthermore use pixel tags (invisible graphics which are also known as web beacons) for statistical or marketing purposes. These pixel tags can be used to analyze information such as visitor traffic to this website’s pages. This pseudonymized information may moreover be stored on cookies on the user’s device and may contain technical information including details about the user’s browser and operating system, referral URLs, time of the user’s visit, and other information on how our online service is being used. These details may also be associated with such information from other sources.
(http://tools.google.com/dlpage/gaoptout?hl=de), and the Google settings relating to data usage for marketing purposes (https://adssettings.google.com/).