Privacy policy
When you use the website www.gmds2023.de, personal data such as your IP address is generated. The operators handle this responsibly and in accordance with the applicable laws, in particular the European Data Protection Regulation (DSGVO). On this page we want to inform you about the data processing in connection with our website.
Responsible for data processing
German Association for Medical Informatics, Biometry and Epidemiology (GMDS) e.V. Mrs. Beatrix Behrendt Industriestrasse 154 50996 Cologne E‑mail: behrendt@gmds.de
Explanations and definitions
Our privacy policy should be both easy to read and understand for everyone. To ensure this, we would like to explain the terms used in advance. In principle, the definitions of Article 4 of the GDPR apply in addition to the following definitions.
Reach measurement
The aim of reach measurement is to statistically determine the intensity of use and the number of users of a website and to obtain comparable values for all connected offers. At no time are individual users identified. Their identity always remains protected.
Cookies
A cookie is a small data packet that is sent to your browser from a web server and can only be read by this web server. The function of this package is to create a kind of identity card to store passwords, orders and preferences. It cannot be executed as program code or used to infect you with viruses. Most browser programs accept cookies by default. You can make your browser inform you of the receipt of a cookie, so that you can decide for yourself for or against its acceptance.
Your rights
- You have the right to find out from us whether data concerning you is being processed by GMDS.
- Furthermore, you have a right of access to personal data stored about you.
- Likewise, you have the right to request the immediate correction of inaccurate personal data concerning you. Furthermore, you have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data concerning you — also by means of a supplementary declaration.
- You also have the right to have the personal data concerning you deleted immediately if no legal grounds prohibit the deletion.
- You also have the right to request the restriction of processing under the conditions of Art. 18 of the General Data Protection Regulation.
- Likewise, you have the right to receive the personal data concerning you that you have provided to GMDS in a structured, common and machine-readable format.
- You also have the right to transfer this data to another controller under the conditions of Art. 20 of the General Data Protection Regulation.
- Likewise, you have the right to object to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(e) or (f) DS-GVO.
- And, of course, you have the right to withdraw consent to the processing of personal data at any time.
- You also have the right not to be subject to a decision based solely on automated processing — including profiling.
- For clarification: no such decisions take place at GMDS, but due to European law we have to inform you about this right.
- Ferner haben Sie das Recht, sich an eine Aufsichtsbehörde zu wenden und dort ggf. zu beschweren. Eine Liste der Aufsichtsbehörden (für den nichtöffentlichen Bereich) mit Anschrift finden Sie unter: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Please contact us at the email address below if you wish to exercise your rights, as well as if you have any questions about the information we hold.
Contact address: info@gmds.de.
Legal basis for the processing of personal data
As a data subject, you are entitled to various rights.
- In data protection, the so-called prohibition with reservation of permission applies. Accordingly, the processing of personal data is generally unlawful unless the data subject has given his or her consent or the processing is legitimized by a legally regulated reason for permission. We are obliged to inform you about the legal basis for data processing.
- If we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a DSGVO serves as the legal basis.
- In the case of processing operations that are necessary for the fulfillment of a contract concluded between you and us or for the implementation of pre-contractual measures (e.g. when you register for one of our events), Art. 6 (1) lit. b DSGVO serves as the legal basis.
- If the processing of personal data is necessary for the fulfillment of a legal obligation to which we are subject, such as legal retention and storage obligations, Art. 6 (1) lit. c DSGVO serves as the legal basis.
- If the processing is necessary to protect our legitimate interests or the legitimate interests of a third party and your interests, fundamental rights and freedoms do not override the former interest, the processing of personal data is legitimized by Art. 6 (1) lit. f DSGVO.
Which data are processed for which purposes?
Data collection when visiting our websites
You are welcome to visit this website. However, when you visit this site, certain routing and technical information about your computer is collected, which is technically necessary to show you our websites and to ensure stability and security.
Processed are for example:
- the Internet Protocol address,
- the date and time of an access to the website,
- the website from which an accessing system arrives at our website (so-called referrer),
- which website and which file you are visiting,
- Access status/HTTP status code
- Transfer amount of data
- the operating system (MS Windows 10, Linux, etc.),
- Data such as the browser type (Internet Explorer, Firefox, etc.),
- the speed of your host computer,
- Name of your Internet provider
When using these general data and information, no conclusions are drawn about the data subject. This information is rather required in order to (1) deliver the contents of our website correctly, (2) to ensure the long-term functionality of our information technology systems and the technology of our website, and (3) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. To ensure the above purposes, this data is temporarily stored in the log files of our system for a maximum period of fourteen days. The legal basis for these processing operations is Art. 6 (1) lit. f DSGVO.
Provision of our statutory and business services
We process the data of our members, supporters, interested parties, customers or other persons in accordance with Art. 6 para. 1 lit. b. DSGVO, insofar as we offer them contractual services or act in the context of existing business relationships, e.g. with members, or are ourselves recipients of services and benefits. This occurs, for example, in the context of our intranet use. Furthermore, we process the data of data subjects pursuant to Art. 6 para. 1 lit. f. DSGVO on the basis of our legitimate interests, e.g. when administrative tasks or public relations are involved. The data processed in this context, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. In principle, this includes inventory and master data of persons (e.g., name, address, etc.), as well as contact data (e.g., e‑mail address, telephone, etc.), contract data (e.g., services used, content and information provided, names of contact persons) and, if we offer payable services or products, payment data (e.g., bank details, payment history, etc.). We delete data that is no longer required to fulfill our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we retain the data for as long as they may be relevant for business processing, as well as with regard to any warranty or liability obligations. The necessity of retaining the data is reviewed every three years; otherwise, the statutory retention obligations apply.
Cookies
Cookies are used by us when they are used for technical session control, for example, to pass your data from one page to the next as part of the registration process for events. The cookies used on this site are not permanent and are therefore set each time you visit the site. Cookies from previous visits, which may still be present on your computer, for example, after an unforeseen termination of the Internet browser, are not read. No attempt is made to use cookies to carry out any form of profiling. The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f DSGVO. Furthermore, cookies are used in the context of the use of Google Analytics so that reach measurement (see section “Reach measurement / Google Analytics”) can take place. . The legal basis for this processing of personal data is their consent (Art. 6 para. 1 lit. a DSGVO).
Reach measurement / Matomo
Within the scope of the reach analysis of Matomo, the following data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO), the following data is processed: the browser type and version you use, the operating system you use, your country of origin, the date and time of the server request, the number of visits, the time you spend on the website and the external links you click. The IP address of users is anonymized before it is stored.
Matomo uses cookies that are stored on the user’s computer and that enable an analysis of the use of our online offer by the user. Pseudonymous user profiles can be created from the processed data. The cookies have a storage period of one week. The information generated by the cookie about your use of this website is only stored on our server and is not passed on to third parties.
Users can object to the anonymized data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is stored in their browser, which means that Matomo no longer collects any session data. If users delete their cookies, however, this has the consequence that the opt-out cookie is also deleted and must therefore be reactivated by the users.
Registration function, contact forms and e‑mail contact
For some services or areas of this site, you will be asked to register and provide information about you and/or your company (such as name, job title, email address, and other information) that will allow us to provide services and information to you (for example, when you use a feedback form or register for events). For each contact form, the fields marked with an “*” are those that we need to process your message such as your name to associate the request or your one email address so that we can provide you with feedback. You can provide us with additional information, such as a phone number, which will help us process your request. However, you will always be informed and must consent to the submission of your personal information before your information is submitted. If you submit personal data of other persons, please make sure that these persons are informed about this personal data protection policy, can view it and agree to the submission of the data. The data will be used exclusively for the processing of the purposes set out and — unless legal retention periods force us to store it — will be deleted immediately after processing. A transfer of your data to or its processing by third parties is excluded.
- The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if you have given your consent.
- If the registration serves the fulfillment of a contract to which you are a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.
Social Media / Twitter
GMDS uses the technical platform and services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. for the short message service offered here. The data controller for individuals living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. We would like to point out that you use the Twitter short message service offered here and its functions under your own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, rating). Information about which data is processed by Twitter and for which purposes can be found in Twitter’s privacy policy: twitter.com/en/privacy.
The GMDS has no influence on the type and scope of the data processed by Twitter, the type of processing and use or the transfer of this data to third parties. Nor does it have any effective means of control in this respect. With the use of Twitter, your personal data is collected, transferred, stored, disclosed and used by Twitter Inc. and thereby transferred to and stored and used in the United States, Ireland and any other country in which Twitter Inc. does business, regardless of your place of residence. Twitter processes on the one hand your voluntarily entered data such as name and user name, e‑mail address, telephone number or the contacts of your address book when you upload or synchronize it. On the other hand, Twitter also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages that you send directly to other users, and can determine your location using GPS data, wireless network information or your IP address in order to send you advertising or other content. For analysis, Twitter Inc. may use analytics tools such as Twitter or Google Analytics. GMDS has no influence on the use of such tools by Twitter Inc. and has not been informed about such potential use. If tools of this kind are used by Twitter Inc. for the GMDS account, GMDS has neither commissioned nor approved this nor supported it in any other way. Nor will the data obtained from the analysis be made available to it. Only certain non-personal information about tweet activity, such as the number of profile or link clicks through a particular tweet, is viewable by GMDS through its account. Moreover, GMDS has no way to prevent or turn off the use of such tools on its Twitter account. Finally, Twitter also receives information when you view content, for example, even if you have not created an account. This so-called “log data” may be the IP address, browser type, operating system, information about the website you previously visited and the pages you viewed, your location, your mobile provider, the terminal device you use (including device ID and application ID), the search terms you used and cookie information. Via Twitter buttons or widgets embedded in websites and the use of cookies, it is possible for Twitter to record your visits to these websites and assign them to your Twitter profile. Based on this data, content or advertising can be offered tailored to you. You have options to restrict the processing of your data in the general settings of your Twitter account and under the item “Privacy and security”. In addition, you can restrict Twitter’s access to contact and calendar data, photos, location data, etc. on mobile devices (smartphones, tablet computers) in the settings options there. However, this depends on the operating system used. You can find more information at Twitter itself:
- Twitter Supportseiten support.twitter.com/articles/105576
- Twitter Datenschutz-Informationen help.twitter.com/de/search
- Informationen, die eigenen Daten einsehen zu können support.twitter.com/articles/20172711
- Informationen über von Twitter erstellte Rückschlüsse basierend auf ihren Daten twitter.com/your_twitter_data
- Informationen zu den vorhandenen Personalisierungs- und Datenschutzeinstellmöglichkeiten https://twitter.com/personalization
YouTube
YouTube videos are embedded on some GMDS web pages. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This tells Youtube which pages you are visiting. If you are logged into your Youtube account, Youtube can assign your surfing behavior to you personally. You can prevent this by logging out of your Youtube account beforehand. If a Youtube video is started, the provider uses cookies that collect information about user behavior. but also YouTube cookies to collect information about visitors to their website. YouTube uses these to collect video statistics, prevent fraud and improve user experience, among other things. Also, this leads to a connection with the Google DoubleClick network. When you start the video, this could trigger further data processing operations. We have no control over this. If you would like to prevent this, you must block the storage of cookies in the browser. Further information on data protection at “Youtube” can be found in the provider’s privacy policy at: https://www.google.de/intl/de/policies/privacy/, an opt-out option can be found at: https://adssettings.google.com/authenticated.
Duration for which the personal data are stored
The controller processes and stores personal data of the data subject only for the period of time necessary to achieve the purpose of storage or if this has been provided for by the European Directive and Regulation Maker or another legislator in laws or regulations to which the controller is subject. If the storage purpose ceases to apply (in particular if the data is no longer required for the performance or initiation of a contract) or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
Security
The German Association for Medical Informatics, Biometry and Epidemiology (GMDS) e.V. uses technical and organizational security measures in order to protect the personal data we have under our control against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments.
Data transfer
The secrecy of telecommunications also protects your mail content and form entries from unauthorized access and processing. We can guarantee compliance with telecommunications secrecy for the GMDS area. However, we would like to point out that data transmission via the Internet can generally be recorded by other Internet operators and users. Personal data is only transmitted in encrypted form as far as we are able, but we can only influence our part of the transmission path.
Disclosure of personal data
Information about you will be passed on to others if it is assumed in good faith that the requirements for this exist by law or due to legal proceedings or that corresponding legal requirements exist (e.g. requirements under the Teleservices Act). In particular, personal data will only be passed on to state institutions and authorities within the framework of corresponding national legal provisions or if the passing on is necessary for legal or criminal prosecution in the event of attacks on our network infrastructure. Otherwise, your data will not be made available to anyone outside GMDS, but will be used exclusively to provide the services presented. In particular, neither your e‑mail address nor any other information identifying you will be disclosed to third parties. Insofar as we make use of service providers to carry out and handle processing operations (e.g. in the context of online registration for our annual conference or other events), the contractual relationships will be governed by the provisions of the Federal Data Protection Act.
Data transfer to third countries
Processing in third countries takes place:
- When using the Twitter functionality (recipient of the data: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 USA).
- When using YouTube (recipient of the data: YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA).
Further processing in third countries does not take place.
External links
Our online offer contains links to other websites. We have no influence on whether their operators comply with data protection regulations.
Questions or concerns?
If you have any questions or concerns about this Privacy Policy or the collection of your information, please feel free to contact us at the following email address: info@gmds.de.
Changes
This policy will be updated as necessary with effect for the future, e.g. in the event of changes to the legal provisions or if there are changes to the collection and/or processing of the data. You are therefore asked to look at this privacy policy repeatedly.