Privacy policy

Einleitung und Überblick

Introduction and Overview

We have drafted this privacy policy (version 01.12.2021-311891618) to explain to you in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, what personal data (in short, data) we as controllers – and those processors commissioned by us (e.g., providers) – process, will process in the future, and what lawful options you have. The terms used are to be understood in a gender-neutral manner.

In short: We comprehensively inform you about the data we process about you.

Privacy statements usually sound very technical and use legal jargon. This privacy policy, on the other hand, is intended to describe the most important things to you as simply and transparently as possible. To promote transparency, technical terms are explained in a user-friendly manner, links to further information are provided, and graphics are used. We therefore inform in clear and simple language that we only process personal data in the course of our business activities if there is a corresponding legal basis. This is certainly not possible when providing as brief, unclear, and legally technical explanations as are often the standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there's some information you didn't know before.

If you still have questions, we ask you to contact the responsible party mentioned below or in the imprint, follow the existing links, and view further information on third-party sites. Of course, you can also find our contact details in the imprint.

Scope of Application

This privacy policy applies to all personal data processed by us within the company and for all personal data processed by companies (processors) commissioned by us. By personal data, we mean information as defined in Art. 4 No. 1 GDPR, such as a person's name, email address, and postal address. Processing personal data enables us to offer and bill our services and products, be it online or offline. The scope of this privacy policy includes:

In short: The privacy policy applies to all areas where personal data is processed structuredly within the company via the mentioned channels. Should we enter into legal relations with you outside of these channels, we will inform you separately, if necessary.

Legal Bases

In the following privacy policy, we provide you with transparent information about the legal principles and regulations, that is, the legal bases of the General Data Protection Regulation, which allow us to process personal data.

As for EU law, we refer to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL dated 27 April 2016. Of course, you can read this General Data Protection Regulation of the EU online at EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

  1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of data you entered in a contact form.
  2. Contract (Article 6(1)(b) GDPR): To fulfill a contract or pre-contractual obligations with you, we process your data. For instance, if we conclude a purchase contract with you, we require certain personal information beforehand.
  3. Legal Obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally required to retain invoices for accounting purposes. These usually contain personal data.
  4. Legitimate Interests (Article 6(1)(f) GDPR): In the event of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process certain data to operate our website securely and economically efficiently. This processing is thus a legitimate interest.

Other conditions such as public interest tasks and the exercise of public authority as well as the protection of vital interests generally do not apply to us. If such a legal basis should nevertheless be relevant, it will be indicated at the appropriate place.

In addition to the EU regulation, national laws also apply:

If other regional or national laws apply, we will inform you about them in the following sections.

Contact Details of the Responsible Party

If you have any questions about data protection, you can find the contact details of the responsible person or body below:

Berlin Institute for Health Research at Charité
Translational Research Department
of Charité – University Medicine Berlin
Anna-Louisa-Karsch-Str. 2
10178 Berlin

Email: info@bih-charite.de
Phone: 030 450 543 049
Legal Notice: https://www.bihealth.org/de/impressum

Contact Details of the Data Protection Officer

Below, you will find the contact details of the data protection officer:

Stabsstelle Datenschutz (Data Protection Office)
Charitéplatz 1
10117 Berlin

Email: datenschutz@charite.de
Phone: +49 30 450 580 016

Storage Duration

As a general criterion for us, we only store personal data for as long as is absolutely necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally obliged to keep certain data even after the original purpose has ceased, for example, for accounting purposes.

If you wish to have your data deleted or revoke your consent to data processing, the data will be deleted as quickly as possible, as long as there is no obligation to retain it.

We will provide information on the specific duration of the respective data processing further below, as long as we have more details on that.

Rights according to the General Data Protection Regulation (GDPR)

According to Article 13 of the GDPR, you are entitled to the following rights to ensure fair and transparent processing of data:

In short: You have rights - do not hesitate to contact the responsible body listed above!

If you believe that the processing of your data violates data protection laws or your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. For Austria, this is the Data Protection Authority, which you can find at https://www.dsb.gv.at/. In Germany, each federal state has a data protection commissioner. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Berlin Data Protection Authority

State Commissioner for Data Protection: Meike Kamp
Address: Alt-Moabit 59-61, 10555 Berlin
Phone number: +49 30 13889-0
Email address: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de/

Cookies

Summary of Cookies

Affected: Website visitors
Purpose: Depends on the specific cookie. More details can be found below or from the software manufacturer that sets the cookie.
Processed data: Depends on the cookie in use. More details can be found below or from the software manufacturer that sets the cookie.
Storage duration: Depends on the specific cookie, ranging from hours to years.
Legal bases: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit.f GDPR (legitimate interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used to help you better understand the following privacy policy.

Whenever you surf the internet, you use a browser. Common browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites save small text files in your browser. These files are called cookies.

One thing is clear: cookies are really useful helpers. Almost all websites use cookies. More specifically, these are HTTP cookies, as there are also other cookies for different applications. HTTP cookies are small files saved by our website on your computer. These cookie files are automatically placed in the cookie folder, essentially the "brain" of your browser. A cookie consists of a name and a value. Additionally, one or more attributes must be specified when defining a cookie.

Cookies store certain user data, such as language or personal page settings. When you return to our site, your browser sends back the “user-related” information to our site. Thanks to cookies, our website recognizes who you are and provides you with the settings you are accustomed to. In some browsers, each cookie has its own file; in others, like Firefox, all cookies are stored in a single file.

There are first-party cookies as well as third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner sites (e.g., Google Analytics). Each cookie must be assessed individually since each one stores different data. The expiration time of a cookie also varies, ranging from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other "malware." Cookies also cannot access information on your PC.

An example of cookie data might look like this:

Name: _ga
Value: GA1.2.1326744211.152311891618-9
Purpose: Differentiating website visitors
Expiration: After 2 years

Here are the minimum sizes a browser should be able to support:

Which Types of Cookies Exist?

The specific cookies we use depends on the services we utilize, which will be clarified in the following sections of the privacy statement. At this point, we'd like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies to distinguish:

Essential Cookies
These cookies are necessary to ensure the basic functions of the website. For example, these cookies are needed when a user adds a product to the cart, continues surfing on other pages and only later goes to the checkout. Thanks to these cookies, the cart is not deleted, even if the user closes his browser window.

Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. Additionally, using these cookies, the loading time and behavior of the website across different browsers is measured.

Targeted Cookies
These cookies enhance user-friendliness. For example, entered locations, font sizes, or form data are saved.

Advertising Cookies
These cookies are also called targeting cookies. Their purpose is to deliver individually tailored advertising to the user. This can be very convenient, but also very annoying.

Usually, when visiting a website for the first time, you will be asked which of these cookie types you wish to accept. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and aren't deterred by technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments by the Internet Engineering Task Force (IETF) called "HTTP State Management Mechanism".

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. More details on this can be found below or from the software manufacturer that sets the cookie.

What data is processed?

Cookies are small assistants for a variety of tasks. It's not possible to generalize what data is stored in cookies, but we will inform you about the processed or saved data in the following privacy policy.

Storage duration of cookies

The storage duration depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, while others can remain stored on a computer for several years.

You also have influence over the storage duration. You can manually delete all cookies at any time via your browser (see also below "Right to object"). Furthermore, cookies that are based on consent are deleted at the latest after you revoke your consent, but the legality of the storage remains unaffected until then.

Right to object - How can I delete cookies?

Whether and how you want to use cookies is up to you. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to find out which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings:

If you fundamentally do not want any cookies, you can set up your browser to always notify you when a cookie is about to be set. This way, you can decide for each individual cookie whether you allow it or not. The procedure varies depending on the browser. It's best to search Google with the keyword "delete cookies Chrome" or "disable cookies Chrome" if you are using the Chrome browser.

Legal basis

Since 2009 there have been the so-called "cookie guidelines". It states that the storage of cookies requires your consent (Article 6 (1) lit. a GDPR). However, there are still very different reactions to these guidelines within EU countries. In Austria, however, this directive was implemented in § 96 para. 3 of the Telecommunications Act (TKG). In Germany, the cookie guidelines were not implemented as national law. Instead, this directive was largely implemented in § 15 para.3 of the Telemedia Act (TMG).

For essential cookies, even without consent, there are legitimate interests (Article 6 (1) lit. f GDPR), which in most cases are of an economic nature. We want to offer visitors to the website a pleasant user experience, and for this purpose, certain cookies are often essential.

If cookies that are not absolutely necessary are used, this only happens if you give your consent. The legal basis is, in this case, Art. 6 para. 1 lit. a GDPR.

In the following sections, you will be informed in more detail about the use of cookies, provided that the used software employs cookies.

Web Hosting

Web Hosting Summary
Affected: Visitors of the website
Purpose: Professional hosting of the website and securing its operation
Processed data: IP address, time of website visit, browser used, and other data. More details can be found below or with the respective web hosting provider.
Storage duration: Depends on the respective provider, but usually 2 weeks
Legal basis: Art. 6 Para. 1 lit.f GDPR (Legitimate Interests)

What is Web Hosting?

When you visit websites nowadays, certain information - including personal data - is automatically generated and stored, including on this website. This data should be processed as sparingly as possible and only with justification. By website, we mean the entirety of all pages on a domain, i.e., everything from the homepage to the very last subpage (like this one). By domain, we mean for example beispiel.de or musterbeispiel.com.

If you want to view a website on a screen, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari.

This web browser must connect to another computer where the website's code is stored: the web server. Operating a web server is a complex and labor-intensive task, which is why it is usually taken over by professional providers, the hosting companies. They offer web hosting and ensure reliable and error-free storage of website data.

When the browser on your computer (desktop, laptop, smartphone) connects and data is transferred to and from the web server, personal data can be processed. On the one hand, your computer stores data; on the other hand, the web server also needs to store data for a certain period to ensure smooth operation.

Why do we process personal data?

The purposes of data processing are:

  1. Professional hosting of the website and ensuring its operation
  2. Maintaining operational and IT security
  3. Anonymous analysis of user behavior to improve our offer and possibly for law enforcement or to pursue claims

What data is processed?

Even as you visit our website right now, our web server, the computer where this web page is stored, usually automatically saves data such as:

This data is stored in files called web server log files.

How long is data stored?

As a rule, the data mentioned above is stored for two weeks and then automatically deleted. We do not share this data, but we cannot exclude the possibility that this data may be viewed by authorities in the event of illegal behavior.

In short: Your visit is logged by our provider (the company that runs our website on specialized computers (servers)), but we do not share your data without your consent!

Legal Basis

The legality of processing personal data as part of web hosting is derived from Art. 6 Para. 1 lit. f GDPR (Protection of legitimate interests), as using professional hosting with a provider is necessary to present the company securely and user-friendly on the internet and to be able to pursue attacks and claims arising from it if necessary.

There is usually a contract between us and the hosting provider for order processing according to Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

All texts are copyrighted.

Source: Created with the Privacy Policy Generator from AdSimple