You are here

Content

Privacy policy according to the DSGVO

Note: This text has been translated by machine. Please refer to the legally valid version in German.

Information on the processing of personal data in connection with the School of Translational Medicine of the Mannheim Medical Faculty of Heidelberg University

Pursuant to Article 13 of the General Data Protection Regulation (DSGVO), you are provided with the following information concerning the processing of your personal data by Heidelberg University in connection with the School of Translational Medicine of the Mannheim Medical Faculty (STMM) and its IT platform:

The STMM uses the data for the organisation and administration of continuing education events and components of the structured education programmes of junior researchers of the UMM and the Mannheim Medical Faculty (registration of participants, administration of participant data, issuing of confirmations of participation, issuing of transcripts of records = overviews of the events completed by the participants).

I. Name and address of the person responsible

II. Name and address of the data protection officer

III. General information on data processing

IV. Provision of the website and creation of log files

V. Use of cookies

VI. SSL or TLS encryption

VII. Contact forms/inquiries by E-mail

VIII. Rights of the data subject

I. Name and address of the person responsible

The responsible party within the meaning of the General Data Protection Regulation and other data protection regulations is the

University of Heidelberg
Grabengasse 1
69117 Heidelberg
Germany

E-mail: rektorin@remove-this.rektorat.uni-heidelberg.de

Web: Website

II. Name and address of the data protection officer

The data protection officer of the responsible party is

Ass. jur. Christoph Wassermann
Seminarstr. 2
69117 Heidelberg
Phone +49 6221 54-12070
E-mail: datenschutz@remove-this.uni-heidelberg.de

III General information on data processing

1. Scope of the processing of personal data

As a matter of principle, we collect and use personal data of our users only insofar as this is necessary for the provision of a functional website as well as our contents and services and is absolutely necessary for the fulfilment of the purpose.

2. Categories of personal data

According to Article 4 DSGVO, personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as first and last name, address, e-mail address, telephone or mobile phone number, matriculation number and IP address.

The following data is collected from participants in the structured programmes:

Photo
Name
Email (work or university email)
Alternative email (mostly private, for security)
Gender
Academic title
Date of birth
Place of birth
Country of birth
Nationality
User ID
Uni ID or Medma ID
Status
Training level (Dr. med./ Dr. sc. hum./ Postdoc / Clinician scientist)
Further education or training programme (STMM programme, GRK, ICON, MACS)
Date of registration (for the programme)
Date of termination (of the programme)
Organisation (university, company etc.)
Clinic / Institute
Department / Section / Group
Main supervisor (name)
Direct supervisor or additional supervisor (name)
Total Credit Points
Chairman TAC (Thesis advisory committee) (Name)
Other members of TAC (names)

The maximum categories of personal data collected from alumni, administrators and supervisors are as follows:

Photo
Name
Email (work or university email)
Alternative email (mostly private, for security)
Gender
Academic Title
User ID
Uni ID or Medma ID
Organisation (university, company etc.)
Clinic / Institute
Department / Section / Group

3. Purpose of data processing

If you voluntarily provide us with your data for the purposes listed below, we will process and use this data exclusively for the purposes for which you have provided us with your data. These currently include the following purposes:

Organisation and administration of further education events and components of the structured education programmes of junior researchers of the UMM and the Mannheim Medical Faculty (registration of participants, administration of participant data, issuing of confirmations of participation, issuing of transcripts of records = overviews of the events completed by the participants).

4. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6(1) (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (a) (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which Heidelberg University is subject, Article 6 (1) (1) (c) in conjunction with (3) DSGVO (b) in conjunction with § 12 (1) and (6) sentences 1, 4, 5 + 6 LHG BW in conjunction with. § 64 LHG BW in conjunction with § 15 LDSG BW as the legal basis.

In the event that the vital interests of the data subject or another natural person make it necessary to process personal data, Article 6(1) (1) (d) of the GDPR serves as the legal basis.

If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Heidelberg University, Article 6 (1) (1) (e) in conjunction with (3) DSGVO shall serve as the legal basis. Paragraph (3) DSGVO in conjunction with. § 2 (1) + § 12 LDSG BW as the legal basis for the processing.

5. Data recipients

Processing of data by:

Internal:

Administrators of the STMM, programme administrators (administrators of continuing education and training programmes at the UMM/Faculty of Medicine Mannheim), lecturers or providers of courses, lectures and events, supervisors, mentors;

External:

Lecturers or providers of courses, lectures and events, supervisors, mentors who do not belong to the Mannheim Medical Faculty or the UMM; Purpose: Contacting course participants and adapting courses to the group of participants or overview of the most important key data of own doctoral students.

Access to data technically possible, but no processing:

System08 e.K.

Provision of the system, delivery of system updates and patches, troubleshooting and system administration support;

SP Studio Present GmbH

Installation of the programming environment (script engines and database software) on the server, installation of the scripts and databases, maintenance and security updates, patches and backup of the data on servers of the URZ of Heidelberg University

6. Data deletion and storage period

Your personal data will be deleted or blocked as soon as the purpose for storing it no longer applies. Data may also be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which Heidelberg University is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfilment of a contract.

Doctoral students of the Mannheim Medical Faculty of the University of Heidelberg: Data will be deleted no later than 1 year after completion of the doctoral programme.

Participants from other further education or training programmes at UMM other than doctoral students (e.g. postdoc programmes, clinician scientist programmes): Data is deleted no later than 1 year after completion of the programme.

External participants without further education or training programmes at UMM: Data will be deleted after 36 months of inactivity if no objection is raised (as doctorates usually last at least 36 months).

For all three categories, photo, name, email (work or university email), alternative email, gender, academic title, education level, further education or training programme are retained as alumni data. You can object to this at any time.

Alumni: Data will be deleted upon request

Lecturers or providers of courses, lectures and events from inside and outside UMM: Data will be deleted upon leaving or at the latest after 36 months of inactivity, unless objected to.

Supervisors, mentors: Data will be deleted upon departure or at the latest after 36 months of inactivity if no objection is raised.

Programme administrators and administrators: Data will be deleted upon departure or at the latest after 36 months of inactivity if no objection is raised.

7. Data origin (as far as not collected by the data subject himself).

Own collection and heiDOCS database.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  1. information about the browser type and the version used
  2. the user's operating system (OS type)
  3. the IP address of the user
  4. date and time of access
  5. user name
  6. pages used within the system

The data is also stored in the log files of our system.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Article 6 (1) (1) (e) in conjunction with (3) DSGVO in conjunction with. § 4 LDSG BW.

3. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files takes place in order to ensure the functionality of the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after 70 days at the latest. Storage beyond this period is possible.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

V. Use of Cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified also after a page change.

When calling up our website, the user is informed about the use of cookies for analysis purposes and his or her consent to the processing of personal data used in this context is obtained. In this context, a reference to this data protection declaration is also made.

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6 (1) (1) (e) in conjunction with (3) DSGVO in conjunction with. § 4 LDSG BW.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised also after a page change.

The user data collected through technically necessary cookies are not used to create user profiles.

4. Duration of storage, objection and removal options

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

VI. SSL or TLS encryption

Our website uses SSL or TLS encryption to strengthen our level of protection and to protect the transmission of confidential content, such as your personal data, which you transmit to us as the site operator. You can recognise the secure and encrypted connection by the lock symbol in your browser line or by the fact that the browser automatically switches from "http://" to "https://".

With SSL or TLS encryption activated, data transmitted to us through the website cannot be read by third parties.

VII. Online contact forms

If you send us your data as part of an enquiry, feedback or message, or if you fill in the online contact form available on our websites and send it to us, we process and use this data exclusively for processing your request or answering your enquiry.

VIII. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis Heidelberg University:

1. Right to information

You may request confirmation from us as to whether personal data relating to you is being processed by us.

If such processing is taking place, you may request information from us about the following:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data which are processed;
  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  4. the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
  5. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. any available information on the origin of the data if the personal data are not collected from the data subject;
  8. the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information on whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 DSGVO in connection with the transfer.

This right of access may be limited to the extent that it is likely to render impossible or seriously impede the achievement of the research or statistical purposes and the limitation is necessary for the fulfilment of the research or statistical purposes.

2. Right to rectification

You have a right of rectification and/or completion vis-à-vis Heidelberg University if the personal data processed concerning you is inaccurate or incomplete. Heidelberg University must carry out the correction without delay.

Your right to rectification may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the limitation is necessary for the fulfilment of the research or statistical purposes.

3. Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

  1. if you dispute the accuracy of the personal data concerning you for a period of time that enables Heidelberg University to verify the accuracy of the personal data;
  2. the processing is unlawful and you object to the erasure of the personal data concerned and request instead the restriction of the use of the personal data;
  3. Heidelberg University no longer needs the personal data for the purposes of processing, but you require them for the assertion, exercise or defence of legal claims; or
  4. if you have objected to the processing pursuant to Article 21 (1) DSGVO and it has not yet been determined whether the legitimate grounds of Heidelberg University override your grounds.

If the processing of personal data relating to you has been restricted, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by Heidelberg University before the restriction is lifted.

Your right to restriction of processing may be limited to the extent that it is likely to render impossible or seriously impede the achievement of the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

4. Right to deletion

a. Obligation to delete

You may request Heidelberg University to delete the personal data concerning you without undue delay, and Heidelberg University is obliged to delete such data without undue delay, if one of the following reasons applies:

  1. the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. you withdraw your consent on which the processing was based pursuant to Article 6 (1) (1) (a) or Article 9 (2) (a) DSGVO and there is no other legal basis for the processing.
  3. you object to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) of the GDPR.
  4. the personal data relating to you has been processed unlawfully.
  5. the erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which Heidelberg University is subject.
  6. the personal data concerning you has been collected in relation to information society services offered pursuant to Article 8 (1) DSGVO.

b. Information to third parties

If Heidelberg University has made public the personal data concerning you and is obliged to erase it pursuant to Article 17 (1) of the Data Protection Regulation, it shall, taking into account the available technology and the cost of implementation, implement reasonable measures, including those of a technical nature, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

c. Exceptions

The right to erasure does not exist insofar as the processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. for compliance with a legal obligation which requires processing under Union or Member State law to which Heidelberg University is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in Heidelberg University;
  3. for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) DSGVO;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
  5. for the assertion, exercise or defence of legal claims.

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against Heidelberg University, the latter is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right against Heidelberg University to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to Heidelberg University in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from Heidelberg University to whom the personal data has been provided, provided that

  1. the processing is based on consent pursuant to Article 6 (1) (1) (a) DSGVO or Article 9 (2) (a) DSGVO or on a contract pursuant to Article 6 (1) (1) (b) DSGVO and
  2. the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from Heidelberg University to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Heidelberg University.

7. Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) (1) (e) DSGVO; this also applies to profiling based on these provisions.

Heidelberg University shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the assertion, exercise or defence of legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR.

Your right to object may be limited to the extent that it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the limitation is necessary for the fulfilment of the research or statistical purposes.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. Please address your revocation to

Heidelberg University
Grabengasse 1
69117 Heidelberg
Germany

9. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for the conclusion or performance of a contract between you and Heidelberg University,
  2. is permissible on the basis of legal provisions of the Union or the Member States to which Heidelberg University is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests, or
  3. is made with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Article 9 (1) DSGVO, unless Article 9 (2) (a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases mentioned in (1) and (3), Heidelberg University shall take reasonable steps to safeguard the rights and freedoms of data subjects, as well as their legitimate interests, which include at least the right to obtain the intervention of a data subject on the part of Heidelberg University, to express his or her point of view and to contest the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

The supervisory authority within the meaning of Article 51 (1) of the DS-GVO over Heidelberg University is pursuant to Section 25 (1) of the LDSG:

The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg.

Address: Königstrasse 10 a, 70173 Stuttgart, Germany
Postal address: Postfach 10 29 32, 70025 Stuttgart
Phone +49 711 615541-0
Fax +49 711 615541-15
E-mail: poststelle@remove-this.lfdi.bwl.de

Context Column

TopPrintImprintPrivacy