Who can I contact?
Responsible for this website:
Charité – Universitätsmedizin Berlin
German Biobank Node (GBN)
Campus Virchow Klinikum
Augustenburger Platz 1
Tel. +49. 30. 450 536 347
To reach the Charité’s internal data protection officer, email: firstname.lastname@example.org. In the event of specific questions about your data, its deletion or your rights, do not hesitate to contact us directly: email@example.com. Should you wish to make a written request, simply mention “data protection”.
What are my rights?
You can contact us at any time should you have any questions about your data protection rights or wish to assert one of the following rights:
- Right of withdrawal pursuant to Art. 7 para. 3 GDPR (e.g. if you wish to withdraw your consent for us to send you our newsletter)
- Right of access pursuant to Art. 15 GDPR (e.g. if you want to know what data we have stored about you)
- Right to rectification pursuant to Art. 16 GDPR (e.g. if your email address has changed and you want us to update this)
- Right to erasure pursuant to Art. 17 GDPR (e.g. if you want us to delete certain data we have stored about you)
- Right to restriction of processing pursuant to Art. 18 GDPR (e.g. if you do not want us to delete your email address, but only want it used to send you emails that are absolutely necessary)
- Right to data portability pursuant to Art. 20 GDPR (e.g. if you want to receive your data stored with us in a compressed format in order to make it available to another website, for instance)
- Right to object pursuant to Art. 21 GDPR (e.g. if you do not agree with one of the advertising or analysis procedures detailed here)
- Right to lodge a complaint with a supervisory authority pursuant to Art. 77 para. 1 GDPR (e.g. if you have a complaint, you can also contact the data protection supervisory authority directly)
Competent supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Deletion of data and storage period
Unless stated otherwise, we will delete your data as soon as it is no longer needed. Your email address will be deleted when you unsubscribe from our newsletter, for example. Your data will also be blocked or deleted if a storage period prescribed by law expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract. Certain data may need to be kept longer for legal reasons. You can of course request information about the stored data on your person at any time.
Legal basis for data processing
We only collect and process your personal data when there is a legal basis for this. In addition to your express consent, other legal bases may apply. If processing is based on your consent, Art. 6 para. 1(a) GDPR shall serve as the legal basis.
If the processing of personal data is necessary for the performance of a contract, Art. 6 para. 1(b) GDPR shall serve as the legal basis.
If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1(c) GDPR shall serve as the legal basis.
If processing is necessary to safeguard a legitimate interest of the German Biobank Node or a third party and if such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6 para. 1(f) GDPR shall serve as the legal basis. If processing is based on such a balancing of interests, you have the right to object to the processing of your personal data provided that you have special reasons for doing so and we cannot prove any compelling reasons worthy of protection for the processing.
You will find the relevant legal basis for individual data processing at the end of the respective description of data processing.
If we commission service providers for individual service functions or would like to use your data for advertising purposes, we will inform you in detail below of the respective processes. If we cooperate with service providers, we select these extremely carefully, taking particular note of their compliance with the legal requirements for data protection and data security. We have moreover concluded order processing contracts with them, which comply with the requirements of Art. 28 GDPR. If service providers are based outside of the EU, we ensure that the appropriate safeguards exist pursuant to Art. 46 GDPR and that an adequate level of data protection is provided by the processor. Certification according to the EU-US Privacy Shield or so-called EU standard data protection clauses is considered adequate, for example. We refer to the appropriate safeguards in the respective places.
Your visit to our website
If you merely wish to browse our website, we do not collect any personal data – with the exception of the data that your browser transmits to enable you to visit the website. This includes:
- IP address (e.g. 95.91.215.example or 2a02:8109:9440:1198:bdb1:551f:example)
- approximate location based on IP range (e.g. Berlin and surrounding area)
- internet provider (e.g. Kabel Deutschland or Deutsche Telekom)
- internet speed (e.g. 120 Mbit)
- date and time (e.g. 11:45 on 25.05.2018)
- last website visited (e.g. google.com)
- browser (e.g. Chrome or Safari)
- operating system (e.g. Mac OS)
- hardware (e.g. Intel processor)
The IP address is most important for you as a visitor to our website, as this data can theoretically be traced back to you as an individual. To protect your privacy, your IP address will be deleted or anonymized following your visit to our website. The other technical data can then no longer be traced back to you and only serves anonymous, statistical purposes to optimise our website. Your data is stored temporarily at the start to safeguard your connection as well as to ensure access and the correct display of our website. The IP address and aforementioned technical data are required to display the website, prevent display problems for visitors and rectify any errors. The legal basis is the so-called legitimate interest, which has been reviewed within the framework of the aforementioned precautionary measures and in accordance with the European data protection requirements pursuant to Art. 6 para. 1(f) GDPR.
Data collection within the framework of the image database
In order to be able to use our image database services, you need to request permission to use image data. Information on the inquirer (e.g. title, name, organisation, email address and purpose of use) must be entered in the form we provide for this purpose. After checking this information and particularly the intended use, we will make the image data available. The personal data obtained during requests for permission will only be collected and processed for this purpose.
As a precautionary measure, the data you provide is transmitted via an encrypted connection – similar to your visit to our website in general. We also pursue the principle of data minimisation and only collect the data we really need. The purpose of the data requested is to check the intended use and to make the image data available. The legal basis is the user’s consent pursuant to Art. 6 para. 1(a) GDPR.
We use the so-called double opt-in procedure for our newsletter. This means that we will not email you our newsletter until you have clicked on the link in our notification email to confirm that you wish to receive it. When you confirm that you wish to receive the newsletter, we will store your email address until you unsubscribe from the newsletter again. This data is stored solely for the purpose of sending you the newsletter.
You are of course able to unsubscribe from our newsletter at any time – a link for this can be found in every newsletter. Alternatively, you can use the above contact details to contact us.
Parts of our website use so-called cookies. Cookies are small text files that are usually stored in a folder on your computer. Cookies contain information about the current or last visit to the website:
- website name
- cookie expiration date
- arbitrary value
If cookies do not contain a precise expiration date, they will only be stored temporarily and deleted automatically as soon as you close your browser or restart your device. Cookies with an expiration date remain stored when you close your browser or restart your device. Such cookies will not be removed until the date specified or if you delete these manually.
We use the following three types of cookies on our website:
- required cookies (e.g. to display the website correctly and temporarily store certain settings)
- functionality and performance cookies (e.g. to evaluate the technical data from your visit and prevent errors)
- advertising and analysis cookies
You can configure, block and delete cookies in your browser settings. Be aware, though, that if you delete all cookies for our website, some of the functions of the website might not display correctly. The Federal Office for Information Security provides helpful information and instructions to prevent cookies in popular browsers: www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html
We use YouTube for the direct integration of videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When videos embedded in our website are played, a connection is established to the YouTube servers and, for technical reasons, at least your IP address is transmitted. If you are also logged into your YouTube account, YouTube will assign information about the videos you access to your personal user account, for example. You can prevent this by signing out of your YouTube account and all other Google accounts before using our website.
The purpose of data transmission is to embed the YouTube videos popular with our users in our website so that they can conveniently access these without having to leave our website. The legal basis for this is the so-called legitimate interest, which has been reviewed to pursue the intended purpose and within the framework of the aforementioned precautionary measures as well as in accordance with the European data protection requirements pursuant to Art. 6 para. 1(f) GDPR.
For visual improvement of the typeface, we use Google Fonts (https://fonts.google.com) from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), a font collection offered by Google. When you access this website or other websites, these fonts are transferred to your browser’s storage folder and activated. Website text will only be displayed in a standard font if this is not supported. To enable this, a request is sent to domains such as fonts.googleapis.com or fonts.gstatic.com. For technical reasons, this request contains your IP address. Your data will not be combined with other data or traced back to you personally, however.
The purpose of data transmission is the correct display of fonts in our chosen format. The IP address is required to establish a connection to Google’s servers in order to download the font collection if this is not already stored on the device. The legal basis for this is the so-called legitimate interest, which has been reviewed to pursue the intended purpose and within the framework of the aforementioned precautionary measures as well as in accordance with the European data protection requirements pursuant to Art. 6 para. 1(f) GDPR.
We use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses the aforementioned advertising and analysis cookies to analyse your use of our website. The information generated by cookies about your use of our website is transmitted to a Google server in the USA and stored there. However, your IP address will be shortened before the usage statistics are evaluated so that no conclusions can be drawn about your person. Google Analytics has been extended with the code “anonymizeIp” on our website in order to ensure the anonymous collection of IP addresses. Google will use the anonymized data obtained from the cookies to evaluate your use of the website, compile reports on website activity for the website operator and provide other services associated with website activity and internet usage. Insofar as it is required by law or third parties process this data on behalf of Google, Google may also transfer this information to third parties.
The purpose of using Google Analytics is the anonymous analysis of your user behaviour on our website. The knowledge gained helps us to improve our services. The legal basis for this is the so-called legitimate interest, which has been reviewed to pursue the intended purpose and within the framework of the aforementioned precautionary measures as well as in accordance with the European data protection requirements pursuant to Art. 6 para. 1(f) GDPR. An order processing contract has moreover been concluded, which complies with the requirements of Art. 28 GDPR.
The pages can only be accessed via encrypted connections (SSL/TLS/https). The data is stored exclusively on German servers. LamaPoll does not work with third-party providers such as Google Analytics. The data will not be passed on to any third parties and will only be collected for the purpose of the survey. We have concluded an order processing agreement with this service provider in accordance with the requirements of Art. 28 GDPR.
We do not use social media plugins on our website. You will only find links to the Twitter and LinkedIn social networks on our website.
Establishment, exercise and defence of legal claims
It may sometimes be necessary for us to process personal data – in conformance with local laws and regulations – in order to exercise or defend legal claims. Art. 9 para. 2(f) GDPR permits this when processing is “necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”.
This may occur, for example, if we must seek legal advice for legal proceedings or are legally required to retain or disclose certain information during legal proceedings.
Personal data of children
We are aware of the importance of safeguarding children’s safety and protecting their data on the internet. For this reason – and in order to comply with certain laws – we neither intentionally collect personal, individually identifiable information from children under the age of 16, nor do we provide content for children under the age of 16.