Privacy policy

www.bbmri.de

Privacy policy

We operate the website bbmri.de and collect certain data from our website visitors insofar as this is necessary. In the following privacy policy, we explain what we do with your personal data and why we do this. We also inform on how we protect your data, when your data will be deleted and what your data protection rights are. Firstly though: we comply with the data protection laws and do all in our power to protect your privacy.

We wish to be entirely open though: the internet lives from the exchange of data and still has many security loopholes. Even if your data is encrypted when you visit our website, there is always a risk – at the latest during the exchange with third-party websites. If you visit other websites (e.g. via a link on our website), please note that this privacy policy does not apply for these third-party websites.

Who can I contact?

Responsible for this website:

Charité – Universitätsmedizin Berlin
German Biobank Node (GBN)

Campus Virchow Klinikum
Augustenburger Platz 1
13353 Berlin

E-Mail: germanbiobanknode@charite.de
Tel. +49. 30. 450 536 347

To reach the Charité’s internal data protection officer, email: datenschutz@charite.de. In the event of specific questions about your data, its deletion or your rights, do not hesitate to contact us directly: germanbiobanknode@charite.de. Should you wish to make a written request, simply mention “data protection”.

What are my rights?

You can contact us at any time should you have any questions about your data protection rights or wish to assert one of the following rights:

  • Right of withdrawal pursuant to Art. 7 para. 3 GDPR (e.g. if you wish to withdraw your consent for us to send you our newsletter)
  • Right of access pursuant to Art. 15 GDPR (e.g. if you want to know what data we have stored about you)
  • Right to rectification pursuant to Art. 16 GDPR (e.g. if your email address has changed and you want us to update this)
  • Right to erasure pursuant to Art. 17 GDPR (e.g. if you want us to delete certain data we have stored about you)
  • Right to restriction of processing pursuant to Art. 18 GDPR (e.g. if you do not want us to delete your email address, but only want it used to send you emails that are absolutely necessary)
  • Right to data portability pursuant to Art. 20 GDPR (e.g. if you want to receive your data stored with us in a compressed format in order to make it available to another website, for instance)
  • Right to object pursuant to Art. 21 GDPR (e.g. if you do not agree with one of the advertising or analysis procedures detailed here)
  • Right to lodge a complaint with a supervisory authority pursuant to Art. 77 para. 1 GDPR (e.g. if you have a complaint, you can also contact the data protection supervisory authority directly)

Competent supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin

Deletion of data and storage period

Unless stated otherwise, we will delete your data as soon as it is no longer needed. Your email address will be deleted when you unsubscribe from our newsletter, for example. Your data will also be blocked or deleted if a storage period prescribed by law expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract. Certain data may need to be kept longer for legal reasons. You can of course request information about the stored data on your person at any time.

Legal basis for data processing

We only collect and process your personal data when there is a legal basis for this. In addition to your express consent, other legal bases may apply. If processing is based on your consent, Art. 6 para. 1(a) GDPR shall serve as the legal basis.

If the processing of personal data is necessary for the performance of a contract, Art. 6 para. 1(b) GDPR shall serve as the legal basis.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1(c) GDPR shall serve as the legal basis.

If processing is necessary to safeguard a legitimate interest of the German Biobank Node or a third party and if such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6 para. 1(f) GDPR shall serve as the legal basis. If processing is based on such a balancing of interests, you have the right to object to the processing of your personal data provided that you have special reasons for doing so and we cannot prove any compelling reasons worthy of protection for the processing.

You will find the relevant legal basis for individual data processing at the end of the respective description of data processing.

If we commission service providers for individual service functions or would like to use your data for advertising purposes, we will inform you in detail below of the respective processes. If we cooperate with service providers, we select these extremely carefully, taking particular note of their compliance with the legal requirements for data protection and data security. We have moreover concluded order processing contracts with them, which comply with the requirements of Art. 28 GDPR. If service providers are based outside of the EU, we ensure that the appropriate safeguards exist pursuant to Art. 46 GDPR and that an adequate level of data protection is provided by the processor. Certification according to the EU-US Privacy Shield or so-called EU standard data protection clauses is considered adequate, for example. We refer to the appropriate safeguards in the respective places.

Your visit to our website

If you merely wish to browse our website, we do not collect any personal data – with the exception of the data that your browser transmits to enable you to visit the website. This includes:

  • IP address (e.g. 95.91.215.example or 2a02:8109:9440:1198:bdb1:551f:example)
  • approximate location based on IP range (e.g. Berlin and surrounding area)
  • internet provider (e.g. Kabel Deutschland or Deutsche Telekom)
  • internet speed (e.g. 120 Mbit)
  • date and time (e.g. 11:45 on 25.05.2018)
  • last website visited (e.g. google.com)
  • browser (e.g. Chrome or Safari)
  • operating system (e.g. Mac OS)
  • hardware (e.g. Intel processor)

The IP address is most important for you as a visitor to our website, as this data can theoretically be traced back to you as an individual. To protect your privacy, your IP address will be deleted or anonymized following your visit to our website. The other technical data can then no longer be traced back to you and only serves anonymous, statistical purposes to optimise our website. Your data is stored temporarily at the start to safeguard your connection as well as to ensure access and the correct display of our website. The IP address and aforementioned technical data are required to display the website, prevent display problems for visitors and rectify any errors. The legal basis is the so-called legitimate interest, which has been reviewed within the framework of the aforementioned precautionary measures and in accordance with the European data protection requirements pursuant to Art. 6 para. 1(f) GDPR.

Data collection within the framework of the image database

In order to be able to use our image database services, you need to request permission to use image data. Information on the inquirer (e.g. title, name, organisation, email address and purpose of use) must be entered in the form we provide for this purpose. After checking this information and particularly the intended use, we will make the image data available. The personal data obtained during requests for permission will only be collected and processed for this purpose.

As a precautionary measure, the data you provide is transmitted via an encrypted connection – similar to your visit to our website in general. We also pursue the principle of data minimisation and only collect the data we really need. The purpose of the data requested is to check the intended use and to make the image data available. The legal basis is the user’s consent pursuant to Art. 6 para. 1(a) GDPR.

Newsletter

We use the so-called double opt-in procedure for our newsletter. This means that we will not email you our newsletter until you have clicked on the link in our notification email to confirm that you wish to receive it. When you confirm that you wish to receive the newsletter, we will store your email address until you unsubscribe from the newsletter again. This data is stored solely for the purpose of sending you the newsletter.

You are of course able to unsubscribe from our newsletter at any time – a link for this can be found in every newsletter. Alternatively, you can use the above contact details to contact us.

To send our newsletter, we work with the MailChimp service provider, Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. The marketing automation platform’s privacy policy can be viewed online at: https://mailchimp.com/legal/privacy. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield framework and therefore provides sufficient safeguards to ensure adequate privacy protection (www.privacyshield.gov/participant?id=a2zt0000000000TO6hAAG&status=Active). The service provider is commissioned on the basis of our legitimate interests pursuant to Art. 6 para. 1 GDPR. We have concluded an order processing agreement with this service provider in accordance with the requirements of Art. 28 GDPR.

Cookies

Parts of our website use so-called cookies. Cookies are small text files that are usually stored in a folder on your computer. Cookies contain information about the current or last visit to the website:

  • website name
  • cookie expiration date
  • arbitrary value

If cookies do not contain a precise expiration date, they will only be stored temporarily and deleted automatically as soon as you close your browser or restart your device. Cookies with an expiration date remain stored when you close your browser or restart your device. Such cookies will not be removed until the date specified or if you delete these manually.

We use the following three types of cookies on our website:

  • required cookies (e.g. to display the website correctly and temporarily store certain settings)
  • functionality and performance cookies (e.g. to evaluate the technical data from your visit and prevent errors)
  • advertising and analysis cookies

You can configure, block and delete cookies in your browser settings. Be aware, though, that if you delete all cookies for our website, some of the functions of the website might not display correctly. The Federal Office for Information Security provides helpful information and instructions to prevent cookies in popular browsers: www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html

YouTube

We use YouTube for the direct integration of videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When videos embedded in our website are played, a connection is established to the YouTube servers and, for technical reasons, at least your IP address is transmitted. If you are also logged into your YouTube account, YouTube will assign information about the videos you access to your personal user account, for example. You can prevent this by signing out of your YouTube account and all other Google accounts before using our website.

The high security standards of the Google platform and Google’s associated privacy policy (www.google.com/intl/de-DE/privacy) are considered precautionary measures. Given that Google is based in the USA and thus in a so-called third country, further safeguards are required to ensure an adequate level of data protection meeting the European standards. Google has been certified under the so-called EU-US Privacy Shield and therefore demonstrates an adequate level of data protection (www.google.de/policies/privacy/frameworks).

The purpose of data transmission is to embed the YouTube videos popular with our users in our website so that they can conveniently access these without having to leave our website. The legal basis for this is the so-called legitimate interest, which has been reviewed to pursue the intended purpose and within the framework of the aforementioned precautionary measures as well as in accordance with the European data protection requirements pursuant to Art. 6 para. 1(f) GDPR.

Google Fonts

For visual improvement of the typeface, we use Google Fonts (https://fonts.google.com) from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), a font collection offered by Google. When you access this website or other websites, these fonts are transferred to your browser’s storage folder and activated. Website text will only be displayed in a standard font if this is not supported. To enable this, a request is sent to domains such as fonts.googleapis.com or fonts.gstatic.com. For technical reasons, this request contains your IP address. Your data will not be combined with other data or traced back to you personally, however.

As a precautionary measure, we have assured ourselves that when you access the Google font collection, the data will not be combined with other Google services, e.g. if you have a Google account. This is confirmed in the Google Fonts privacy information (https://developers.google.com/fonts/faq). The high security standards of the Google platform and the associated Google privacy policy also apply (www.google.com/intl/de-DE/privacy). Given that Google is based in the USA and thus in a so-called third country, further safeguards are required to ensure an adequate level of data protection meeting the European standards. Google has been certified under the so-called EU-US Privacy Shield and therefore demonstrates an adequate level of data protection (www.google.de/policies/privacy/frameworks).

The purpose of data transmission is the correct display of fonts in our chosen format. The IP address is required to establish a connection to Google’s servers in order to download the font collection if this is not already stored on the device. The legal basis for this is the so-called legitimate interest, which has been reviewed to pursue the intended purpose and within the framework of the aforementioned precautionary measures as well as in accordance with the European data protection requirements pursuant to Art. 6 para. 1(f) GDPR.

Google Analytics

We use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses the aforementioned advertising and analysis cookies to analyse your use of our website. The information generated by cookies about your use of our website is transmitted to a Google server in the USA and stored there. However, your IP address will be shortened before the usage statistics are evaluated so that no conclusions can be drawn about your person. Google Analytics has been extended with the code “anonymizeIp” on our website in order to ensure the anonymous collection of IP addresses. Google will use the anonymized data obtained from the cookies to evaluate your use of the website, compile reports on website activity for the website operator and provide other services associated with website activity and internet usage. Insofar as it is required by law or third parties process this data on behalf of Google, Google may also transfer this information to third parties.

You can also configure your browser to refuse cookies or prevent Google from collecting and analysing the data by downloading and installing the Google Analytics opt-out browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on or in browsers on mobile devices, you can set an opt-out cookie to prevent Google Analytics from collecting data within this website in the future (the opt-out only works in the browser and only for this domain). Please bear in mind that if you delete your cookies in this browser, you will need to click on this link again.

As a precautionary measure, we use the anonymization procedure offered by Google, whereby subsequent evaluation of the data is not based on your person, but rather only on statistics. The high security standards of the Google platform and the associated Google privacy policy also apply (www.google.com/intl/de-DE/privacy). We have also concluded a special data protection agreement with Google, which stipulates the protection of your data through technical and organisational precautionary measures. Given that Google is based in the USA and thus in a so-called third country, further safeguards are required to ensure an adequate level of data protection meeting the European standards. Google has been certified under the so-called EU-US Privacy Shield and therefore demonstrates an adequate level of data protection (www.google.de/policies/privacy/frameworks).

The purpose of using Google Analytics is the anonymous analysis of your user behaviour on our website. The knowledge gained helps us to improve our services. The legal basis for this is the so-called legitimate interest, which has been reviewed to pursue the intended purpose and within the framework of the aforementioned precautionary measures as well as in accordance with the European data protection requirements pursuant to Art. 6 para. 1(f) GDPR. An order processing contract has moreover been concluded, which complies with the requirements of Art. 28 GDPR.

Surveys

We use the service provider LamaPoll to conduct surveys. This survey tool is operated by Lamano GmbH & Co. KG, Prenzlauer Allee 36G, 10405 Berlin, Germany. The provider’s privacy policy for surveys can be viewed online at:www.lamapoll.de/Support/Datenschutz/Datenschutz-Umfrage-Tool. The provider is commissioned on the basis of our legitimate interests pursuant to Art. 6 para. 1 GDPR.

The pages can only be accessed via encrypted connections (SSL/TLS/https). The data is stored exclusively on German servers. LamaPoll does not work with third-party providers such as Google Analytics. The data will not be passed on to any third parties and will only be collected for the purpose of the survey. We have concluded an order processing agreement with this service provider in accordance with the requirements of Art. 28 GDPR.

Social media

We do not use social media plugins on our website. You will only find links to the Twitter and LinkedIn social networks on our website.

Therefore, no personal data is transmitted to these providers when you visit our website. Only when you activate one of these links by clicking on them and are redirected to the respective provider’s websites will your personal data be processed by this provider. The latter is then responsible for data protection. Further information on data processing as well as your rights can be found in the respective provider’s privacy policy.

Establishment, exercise and defence of legal claims

It may sometimes be necessary for us to process personal data – in conformance with local laws and regulations – in order to exercise or defend legal claims. Art. 9 para. 2(f) GDPR permits this when processing is “necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”.

This may occur, for example, if we must seek legal advice for legal proceedings or are legally required to retain or disclose certain information during legal proceedings.

Personal data of children

We are aware of the importance of safeguarding children’s safety and protecting their data on the internet. For this reason – and in order to comply with certain laws – we neither intentionally collect personal, individually identifiable information from children under the age of 16, nor do we provide content for children under the age of 16.

 

Privacy policy last updated in: June 2018

Questions?

germanbiobanknode@charite.de

Tel. +49. 30. 450 536 347


Fax +49. 30. 450 753 69 38

BMBF
top
Biobank Directory European Biobank Directory GBN products Download templates, manuals and other materials