I. Collection of Personal Data
- Definition of Terms
- Hosting and handling of data when visiting our site
- E-mail contact
- Use of social media plug-ins
II. Your rights (Rights of the Individual concerned)
- Right of information
- Right of rectification
- Right of removal („Right to be forgotten”)
- Right to restrict processing
- Right to be informed
- Right to data transferability
- Right to object
- Right to withdraw the declaration of consent under data protection law
- Automated decisions in individual cases including profiling
- Right to complain to the supervisory authority
III. Data protection and third-party websites
Medical Valley EMN e. V.
(hereinafter: “We”) as owner of the medical-valley-emn.de website is responsible for the personal user data (hereinafter: “you”) of the website within the terms of the General Data Protection Regulation (furthermore referred to as “GDPR”.
We protect your privacy and your private data. We collect, process and use your personal data in accordance with the content of the data protection regulations and the applicable data protection regulations, accordingly to the GDPR. These data protection regulations determine which personal data we collect, process and use from you. Please read the following statements very carefully.
I. Collection of personal Data
1. Definition of Terms
The meaning of the term accordingly to the GDPR for:
- Personal Data:
Regarding any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Natural individual
Any identified or identifiable natural person whose personal data are processed by the responsible handler;
Any operation or set of operations carried out with or without the aid of automated means in relation to personal data, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making data accessible, alignment or combination, restriction, erasure or the
- Restriction of Handling
The marking of stored personal data with purpose of limiting future processing;
any form of automated processing of personal data consisting in using such personal data to evaluate certain personal aspects relating to a natural person. This, particularly, with a view to analyze or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or change of location of that natural person;
Processing of personal data in such manner that the personal data cannot be related to a specific data subject without the inclusion of additional information. This, provided that additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data cannot be related to an identified or identifiable natural person;
A natural or legal person, public authority, agency or any other body that stands alone or jointly with others determines the purposes and means of the processing of personal data. If such purposes and means of processing are determined by Union law or by the law of the Member States, arrangements may be made for the accountable person or for the specific criteria for his or her nomination under Union law or the law of the Member States;
a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the responsible person;
(1) A natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether or not that person is a third-party. (2) However, authorities which may receive personal data in the course of a specific investigation, in accordance with Union law or the law of the Member States, shall not be considered as recipients. The processing of such data by the abovementioned authorities shall be carried out in accordance with the applicable data protection rules and in accordance with the processing purposes;
A natural or legal person, public authority, agency or body other than the data subject, the person responsible, the handler and the persons who, under the direct authority of the responsible person or the handler, are authorized to process the personal data;
a freely given specific, determined and unequivocal indication of the person concerned’s wishes in the form of a declaration or any other unequivocal affirmative act by which the person concerned indicates his or her consent to the processing of personal data relating to him or her;
b) You can visit our site without giving any information about yourself, with exception of the (access) data that your Internet browser sends us, e.g.
- The name of your internet service provider
- The date and time of your access to our website
- Your browser type
- The browser settings
- The operating system used
- The last page you visited
- Your IP address.
In addition, personal data is only collected if you provide it voluntarily, for example by placing an order, opening a customer account or subscribing to our newsletter.
c) Description and legal basis
The data is also stored in the log files of our system, whereby IP addresses are only stored in anonymised form. This is done by storing an IP address 123.123.123.XXX, where XXX is a random value between 1 and 254, instead of the actual IP address of the visitor, e.g. 126.96.36.199.123. Therefore, it is no longer possible to establish a personal reference.
The legal basis for this temporary storage of data and log files is Art. 6, §1 letter f GDPR.
d) Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be forwarded to the user’s computer.
The storage in log files is to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes is not conducted in this context.
These purposes also cover our legitimate interest in data processing in accordance with Art. 6 Para. 1 letter f GDPR.
e) Storage Duration
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In respect of the collection of data for the provision of the website, this is only the case when the respective session has ended.
f) Objection and elimination options
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Therefore, there are no possibilities to object on the part of the user.
are small text files that are stored on your computer during your visit to our
website. Some of them are deleted after leaving our website (session cookies).
Other cookies remain on your computer so that your computer will be recognized
on your next visit (so-called permanent cookies).
b) The legal basis for processing related data using cookies is Art. 6 paragraph 1 lit. f GDPR.
d) Duration of storage, possibility of objection and removal – If you disapprove of cookies, you can set your browser to reject them. Already stored cookies can be deleted at any time. This can also be done automatically. However, this may mean that you cannot use our website to its full extent.
a) You have the possibility to order a free newsletter via our website. With this order the data requested in the input mask will be transmitted to us. The following data will be asked for:
- E-Mail address
Within the scope of your registration the following data will be transmitted to us additionally:
- Your IP address
- Date and time of your order
For sending the newsletter we use “Mailchimp”, a service operated by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (hereinafter “Mailchimp”). We will therefore forward the email address you provide to MailChimp. MailChimp stores its data on servers located in the USA. The Rocket Science Group LLC participates in the Privacy Shield as operator of the “Mailchimp” service: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG.
MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp may use this data according to its own information to optimize or improve its own services, e.g. for technical optimization of sending and presentation of newsletters or for economic purposes to determine from which countries the recipients come. Please note that MailChimp does not use the data of our newsletter recipients to contact them, nor to pass them on to third parties.
The newsletters we send out include a possibility to analyze the behavior of the newsletter recipient. In particular to retrieve how many recipients have opened a newsletter and how often a certain link within a newsletter has been clicked on by the recipients. We have set up the service in such a way that the data relating to the recipients is presented to us in anonymized form so that we cannot draw any conclusions regarding the individual recipient. In addition, we have activated the option that the complete IP address is never collected or processed.
b) The legal basis for the processing of the data which you have transmitted to us in the context of ordering the newsletter is Art. 6 para. 1 letter a GDPR (consent of the user).
c) The data is processed for sending you the newsletter.
d) Duration of storage, possibility of objection and removal
The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. The newsletter registration data will be deleted as soon as you cancel it. You can cancel the newsletter at any time. In each newsletter you will find a corresponding note or link to do so.
5. E-mail contact
a) On our website you will find an e-mail address which you could use to send us an e-mail. The personal data that you send with this e-mail will be stored. Specifically, the sender’s e-mail address will be stored. This data is used exclusively for communication with you. The data will not be passed on to third parties.
b) The legal basis for processing the data you sent us per e-mail is Art. 6 para. 1 lit f GDPR. If the e-mail refers to the conclusion of a contract, the legal basis is also Art. 6 para. 1 lit.b GDPR.
c) The data are processed solely for the purpose of communication.
d) Duration of storage, possibility of objection and removal – The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. Regarding to contact by e-mail, it means when communication with the user has ended, i.e. when it can be concluded from the circumstances of the individual case that the matter has been resolved.
e) At all times you can object to the processing of your personal data. In this case, however, communication with you can no longer be continued.
6. Use of Social Media Plug-Ins
We do not use social media plug-ins. If you see a note on the page about
our appearances on different social media platforms, these are not plug-ins but
links. In contrary to plug-ins, the operator of the platform does not receive
information about your visit when you call our site. However, as soon as you
click on the link, you will be forwarded to our corresponding social media
account. Therefore, the operator of the platform can also process your data. As
a rule, the operator will also set (analysis) cookies and assign your user behavior
to your account.
Please find more detailed information on data processing on individual social media platforms under the following links:
- Facebook: http://de-de.facebook.com/policy.php
- Instagram: https://help.instagram.com/155833707900388
- Linkedin: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
- Twitter: https://twitter.com/privacy?lang=de
- Xing: https://www.xing.com/privacy
II. Your rights (rights of the individual person)
If you wish to claim any of your rights listed below and/or require further information about them, please contact us at: firstname.lastname@example.org
1. Right to information
You have the right to obtain confirmation as to whether personal data concerning you are being processed. If this is the case, you have the right to be informed about these personal data and to receive the following information:
- the purpose of the processing;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
- the intended duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration;
- the existence of a right of rectification or deletion of personal data relating to them or of a right of objection to their processing by the person responsible for them;
- the existence of a right to complain to a supervisory authority;
- if the personal data are not held by the data subject, all available information on the origin of the data;
- the existence of automated decision making, including profiling, as referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved and the scope and intended impact of such processing on the individual concerned.
- You can also request information as to whether the personal data will be transferred to a third country or to an international organization. If this is the case, you have the right to be informed of the appropriate warranties pursuant to Article 46 GDPR in connection with the transfer.
2. Right for rectification
You have the right to request the correction of incorrect personal data concerning you without delay. Considering the processing purposes, you also have the right to request the completion of incomplete personal data concerning you, even by means of a supplementary declaration.
3. Right of removal („Right to be forgotten“)
a) You have the right to request that your personal data be deleted immediately, and we are obliged to delete such data immediately if one of the following reasons applies and the processing is not necessary:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing was based pursuant to Article 6 paragraph 1 letter a GDPR or Article 9 paragraph 2 letter a GDPR, and there is no other legal basis for the processing.
- You object to the processing pursuant to Article 21 paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Article 21 paragraph 2 GDPR.
- The personal data were processed improperly.
- The deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which we are subject.
- The personal data was collected in relation to information society services offered in accordance with Article 8 Paragraph 1 GDPR.
b) Information to third-parties
If we made personal data public, we are obliged to delete them pursuant to paragraph a). We shall take reasonable measures, including technical measures, taking into account available technology and implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested that all links to such personal data or copies or replications of such personal data be deleted.
The above-mentioned rights of deletion do not apply if the processing is necessary:
- – to exercise the right to freedom of expression and information;
- – to comply with a legal obligation requiring processing under Union or national law under which we are established; or to perform a task carried out in the public interest; or in the exercise of official authority vested in us;
- – for reasons of public interest in the field of public health pursuant to Article 9 (2) lit. h and i GDPR and Article 9 Ab. 3 GDPR;
- – for archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Article 89 para. 1 FADP, insofar as the law referred to a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
- – to assert, exercise or defend legal claims.
4. Right to restrict processing
a) You have the right to request us to reduce the processing if one of the following conditions is met:
- – the accuracy of your personal data can be challenged by you within a period. This time will enable us to verify the accuracy of your personal data,
- – the processing is unlawful, and you oppose to the deletion of the personal data, but instead request a restriction on the use of the personal data
- – we no longer need the personal data for the purposes of the processing, but you need the personal data to assert, exercise or defend legal claims; or
- – You have lodged an objection to the processing under Article 21(1), but it is not yet clear whether our legitimate reasons outweigh yours.
b) In the event that processing has been restricted in accordance with (a), such personal data may be processed, with the exception of storage, only with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State. If you have obtained the restriction of processing in accordance with a), you will be informed by us before the restriction is lifted.
5. Right to be informed
If you have asserted the right to rectification, deletion, or limitation of processing against us, we are obliged to notify those to whom your personal data has been revealed to. Unless this proves impossible or involves a disproportionate effort, we are obliged to inform you of this rectification, deletion, or limitation of processing. You have the right to be informed about these recipients.
6. Right to data transferability
You have the right to receive your personal data that you have provided to us in a structured, common, and machine-readable format. You also have the right to transfer this data to another person in charge without our interference, provided:
- – the processing is based on a permission according to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR, or on a contract according to Art. 6 para. 1 letter b GDPR and
- – the processing is carried out by means of automated procedures.
In exercising this right, you also have the right to request that your personal data be transferred directly from us to another responsible party, insofar as this is technically feasible. Freedoms and rights of other persons are not to be affected by this.
The right to data transferability does not apply to the process of personal data necessary for the performance of a task carried out for public interest purposes, nor in pursuit of official authority delegated to us.
7. Right to object
You have the right to object at any time, for reasons arising from your situation, to the processing of your personal data pursuant to Article 6 paragraph 1 letter e or f FADP, including profiling based on these regulations.
We will then no longer process your personal data unless we can prove compelling reasons for processing. These must be worthy of protection and outweigh your interests, rights, and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
If your personal data is processed for the purpose of direct marketing, including profiling, insofar it is linked to this, you have the right to object at any time.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
In the context of the use of Information Society services, and without prejudice to Directive 2002/58/EC, you have the possibility to exercise your right of objection by means of automated procedures involving technical specifications.
8. Right to withdraw the declaration of consent under data protection law
You have the right to withdraw your data protection declaration of agreement at any time. The withdrawal of consent does not affect the legality of the processing that has taken place based on the consent prior to the withdrawal.
9. Automated decisions in individual cases including profiling
You have the right not to be subject to a decision based solely on
automated processing, including profiling, that legally implicates you or significantly
affects you in a similar way. This does not apply when the decision is
• for the conclusion or fulfilment of a contract between you and us,
• when permitted by Union law or the law of the Member States, to which we are subject, and that law contains appropriate steps to safeguard your rights and freedoms and your legitimate interests; or has been made with your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 DPA, unless Art. 9 para. 2 lit. a or g DPA applies. Furthermore, appropriate measures must have been taken to protect your rights and freedoms, as well as your legitimate interests.
In the cases referred to in the indents above, we shall take appropriate action to safeguard your rights and freedoms, as well as your legitimate interests. This shall include, at least, the right to seek intervention by one of our representatives, to put forward one’s point of view and to challenge the decision.
10. Right to complain to the supervisory authority
Without prejudice to any other administrative or judicial remedy, you have
the right to lodge a complaint with a supervisory authority, in particular in
the country in which you are resident, your place of work or the place where
the alleged infringement occurred, if you feel that the processing of personal
data relating to you is contrary to the DPA.
The supervisory authority with which the complaint has been lodged, shall inform the complainant of the status and the results of the objection, including the possibility of a judicial remedy under Art. 78 of the GDPR.
III. Data protection and third-party websites
The website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility nor provide any guarantee for third-party content or data protection conditions. Please check the applicable data protection conditions before you submit personal data to these websites.
We reserve the right to modify these data protection regulations at any time with effect from now. A current version is available on the website. Please visit the website regularly and keep yourself informed about the applicable data protection regulations.