Data Protection

Data Protection Declaration

Data Protection Declaration

The German Association for Medical Informatics, Biometry and Epidemiology (GMDS) e.V. operates its website to support the implementation of its non-profit purposes. The website serves in particular to present the goals, work and activities of the GMDS.

This data protection declaration aims to protect your privacy. It sets out what information is obtained from visitors to this site during their visit and how this information is used.

1 Your Privacy
The personal rights of visitors to our website are of the utmost importance to us. Therefore, compliance with the legal provisions on data protection is a matter of course for us. Furthermore, it is important to us that you know at all times when we store which data and how we use it.

Responsible for Data Processing

German Association for Medical Informatics, Biometry and Epidemiology (GMDS) e.V.

Ms Beatrix Behrendt

Industriestraße 154
50996 Cologne
E-Mail: behrendt@gmds.de

Explanations and Definitions

Our privacy policy should be easy to read and understand for everyone. To ensure this, we would like to explain the terms used in advance.

In principle, the definitions of Article 4 of the GDPR apply in addition to the following definitions.

3.1 Reach Measurement
The aim of the reach measurement is to statistically determine the intensity of use and the number of users of a website as well as to obtain comparable values for all connected offers. At no time are individual users identified. Their identity always remains protected.

3.2 Cookies

A cookie is a small data package that is sent to your browser from a web server and can only be read by this web server. The function of this package is to create a kind of identity card for storing passwords, orders and preferences. It cannot be executed as programme code or used to infect you with viruses.

Most browser programs accept cookies by default. You can have your browser inform you of the receipt of a cookie so that you can decide for yourself whether or not to accept it.

3.3 Measuring Pixels

Measuring pixels are usually images measuring only 1×1 pixel and are transparent or created in the colour of the background so that they are not visible. When a web page containing a measuring pixel is opened, this small image is loaded from the provider's server on the Internet, and the download is registered there. In this way, the provider of the procedure can see when and how many users requested this measuring pixel or visited a web page. Furthermore, the provider can determine whether JavaScript is activated in the browser or not. If JavaScript is activated, further information such as browser information, operating system, screen resolution can be collected.

In most cases, this function is realised by a JavaScript call, but the term measuring pixel is still used.

4 Your Rights

- You have the right to find out from us whether data relating to you is being processed by the GMDS.

- Furthermore, you have the right of access to personal data stored about you.

- You also have the right to request that inaccurate personal data relating to you be corrected without delay. You also have the right to request that incomplete personal data concerning you be completed, including by means of a supplementary declaration, taking into account the purposes of the processing.

- You also have the right to have the personal data concerning you deleted without delay if no legal grounds prohibit the deletion.

- In addition, you have the right to request the restriction of processing under the conditions of Art. 18 of the General Data Protection Regulation.

- Likewise, you have the right to receive the personal data concerning you that you have provided to the GMDS in a structured, common and machine-readable format.

- You also have the right to transfer this data to another controller under the conditions of Article 20 of the General Data Protection Regulation.

- Likewise, you have the right to object to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(e) or (f) DS-GVO.

- And of course you have the right to withdraw consent to the processing of personal data at any time.

- You also have the right not to be subject to a decision based solely on automated processing - including profiling.

- For the avoidance of doubt, no such decisions take place at GMDS, but European law requires us to inform you of this right.

- Furthermore, you have the right to contact a supervisory authority and complain there if necessary. A list of supervisory authorities (for the non-public sector) with address can be found at: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Please contact the e-mail address below if you wish to exercise your rights, as well as if you have any questions about the information stored.

Contact address: info@gmds.de.

Legal Basis for the Processing of Personal Data

In data protection, the so-called prohibition with reservation of permission applies. Accordingly, the processing of personal data is generally unlawful unless the data subject has given consent or it is legitimised by a legally regulated reason for permission. We are obliged to inform you about the legal basis for data processing.

- If we obtain your consent for the processing of personal data, Art. 6 (1) lit. a DSGVO serves as the legal basis.

- In the case of processing operations that are necessary for the performance of a contract concluded between you and us or for the implementation of pre-contractual measures (e.g. if you register for one of our events), Art. 6 (1) lit. b DSGVO serves as the legal basis.

- If the processing of personal data is necessary for the fulfilment of a legal obligation to which we are subject, such as statutory storage and retention obligations, Art. 6 (1) lit. c DSGVO serves as the legal basis.

- If the processing is necessary to protect our legitimate interests or the legitimate interests of a third party and your interests, fundamental rights and freedoms do not outweigh the first-mentioned interest, the processing of personal data is legitimised by Art. 6 (1) lit. f DSGVO.

Which Data are Processed for Which Purposes?
6.1 Data Collection When Visiting Our Websites

You are welcome to visit this website. However, when you visit this site, certain routing information and technical data about your computer will be collected which is technically necessary to enable us to show you our websites and to ensure stability and security. Processed are for example:

1. the Internet protocol address,

2. the date and time of an access to the website,

3. the website from which an accessing system arrives at our website (so-called referrer),

4. which website and which file you are accessing,

5. access status/HTTP status code

6. the amount of data transferred

7. the operating system (MS Windows 7, MS Windows 10, Linux, etc.),

8. environment data such as the browser type (Internet Explorer, Firefox, etc.),

9. the speed of your central computer,

10. name of your internet access provider.

When using this general data and information, no conclusions are drawn about the data subject. Rather, this information is required in order to

(1) deliver the contents of our website correctly,

(2) ensure the long-term functionality of our information technology systems and the technology of our website, and

(3) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

To ensure the above purposes, this data is temporarily stored in the log files of our system for a maximum period of fourteen days.

The legal basis for these processing operations is Art. 6 (1) lit. f DSGVO.

6.2 Provision of our Statutory and Business Services

We process the data of our members, supporters, interested parties, customers or other persons in accordance with Art. 6 para. 1 lit. b. DSGVO, insofar as we offer them contractual services or act within the framework of existing business relationships, e.g. towards members, or are ourselves recipients of services and benefits. This occurs, for example, in the context of our intranet use. Furthermore, we process the data of data subjects pursuant to Art. 6 para. 1 lit. f. DSGVO on the basis of our legitimate interests, e.g. when administrative tasks or public relations work are involved.

The data processed in this context, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. In principle, this includes inventory and master data of persons (e.g. name, address, etc.), as well as contact data (e.g. e-mail address, telephone, etc.), contract data (e.g. services used, content and information provided, names of contact persons) and, if we offer services or products that are subject to payment, payment data (e.g. bank details, payment history, etc.).

We delete data that is no longer required to fulfil our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we retain the data for as long as it may be relevant for the processing of the business as well as with regard to any warranty or liability obligations. The necessity of retaining the data is reviewed every three years; otherwise, the statutory retention obligations apply.

6.3 Cookies

Cookies are used by us when they are used for technical session control, e.g. to pass your data from one page to the next as part of the registration process for events. The cookies used on this site are not permanent and are therefore set each time you visit the site. Cookies from previous visits, which may still be present after you close your internet browser unexpectedly, for example, are not read. No attempt is made to carry out any form of profiling with the aid of cookies. The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO.

Furthermore, cookies are used in the context of the use of Google Analytics so that reach measurement (see section "Reach measurement / Google Analytics") can take place. . The legal basis for this processing of personal data is your consent (Art. 6 para. 1 lit. a DSGVO).

6.4 Reach Measurement / Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics is a web analytics tool that helps website owners analyse how visitors interact with their websites.

Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.

Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. This is possible by installing the deactivation add-on from Google. The add-on tells the JavaScript of Google Analytics that no website visit information should be transmitted to Google Analytics. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

The GMDS does not store the IP addresses of its visitors. The IP addresses of website visitors are anonymised, which means that personal references and personal localisation are not applied.

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

You may object to the collection and storage of data by Google Analytics at any time with effect for the future.

6.5 Application for Membership
The German Association for Medical Informatics, Biometry and Epidemiology (GMDS) e.V. processes and uses the personal data collected in the application for membership, such as surname, first name, date of birth, address, e-mail address, telephone number and bank details, exclusively for the purposes of membership administration, collection of membership fees and the transmission of association information by the association. A transmission of parts of these data (name and location) to cooperating professional associations only takes place within the framework of the purposes defined in the statutes or contribution regulations. These data transmissions are necessary for the purpose of reconciliation of double memberships, i.e. membership at a reduced rate due to further membership of a cooperating professional society (GI, DGEpi, DGfM, DVMD). Data transmission for the purpose of postal dispatch of election documents takes place once a year by the contracted printing company. In the case of electronic elections, data transmission to the corresponding electronic tool is necessary. No other data is transferred to third parties outside of these purposes. Upon termination of membership, personal data will be deleted, unless they have to be kept in accordance with tax law requirements. Every member has the right to obtain information about the personal data stored about him or her by the responsible body. In addition, the member has the right of correction in the event of incorrect data. By sending the application for membership to the GMDS, the member agrees to the processing of the data in accordance with this data protection declaration. The GMDS statutes and membership fee regulations can be viewed by all on this website and are also accepted when the application for membership is sent. 

6.6 Newsletter
With the following notes, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.
Newsletter content: We send newsletters, e-mails and other electronic notifications with information (hereinafter "newsletter") only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described within the scope of a registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us.
Protocol: The registration for our newsletter takes place through a separate query in our application for admission. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to the data stored with the dispatch service provider are also logged.

Registration data: Every GMDS member has the possibility to register for the newsletter on the intranet, if this has not already been done with the information in the application for membership.

The newsletter is sent out and its success measured on the basis of the recipients' consent pursuant to Art. 6 Para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 Para. 2 No. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6 Para. 1 lt. f. DSGVO in conjunction with § 7 Para. 2 No. 3 UWG. DSGVO in conjunction with. § 7 para. 3 UWG.

The recording of the registration process is based on our legitimate interests in accordance with Art. 6 Para. 1 lit. f DSGVO. Our interest is to use a user-friendly and secure newsletter system that serves our business interests as well as the expectations of the users and also allows us to prove consent.

Cancellation/revocation: You can cancel the subscription to our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them in order to be able to prove consent previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

6.7 Registration Function, Contact Forms and E-mail Contact
For some services or areas of this site, you will be asked to register and provide information about you and/or your company (such as name, job title, email address and other information) that will enable services and information to be provided to you (for example, when using a feedback form or registering for events).

Each contact form has fields marked with an "*" that we need to process your message, such as your name to assign the request or your email address so that we can reply to you. You can provide us with additional information, such as a telephone number, which will make it easier for us to process your request.

However, you will always be informed and must consent to your personal data being sent before it is submitted.

If you transmit personal data of other individuals, please ensure that these individuals are informed about these guidelines for the protection of personal data, can view them and consent to the transmission of the data.

The data will be used exclusively for processing the purposes set out and - unless legal retention periods force us to store it - will be deleted immediately after processing. Your data will not be passed on to or processed by third parties.

• If you have given your consent, the legal basis for processing the data is Art. 6 (1) lit. a DSGVO.

- If the registration serves the fulfilment of a contract to which you are a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.

6.8 Social Media / Twitter

The GMDS uses the technical platform and services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. for the short message service offered here. The data controller for individuals living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

We would like to point out that you use the Twitter short message service offered here and its functions under your own responsibility. This applies in particular to the use of the interactive functions (e.g. sharing, rating).

Information on what data is processed by Twitter and for what purposes can be found in Twitter's privacy policy: twitter.com/de/privacy.

Twitter Inc. has committed to the principles of the EU-US Privacy Shield. You can find more information on this at: www.privacyshield.gov/participant.

The GMDS has no influence on the type and scope of the data processed by Twitter, the type of processing and use or the transfer of this data to third parties. Nor does it have any effective means of control in this respect.

By using Twitter, your personal information will be collected, transferred, stored, disclosed and used by Twitter Inc. and, in doing so, will be transferred to and stored and used in the United States, Ireland and any other country in which Twitter Inc. does business, regardless of your country of residence.
On the one hand, Twitter processes your voluntarily entered data such as name and user name, email address, telephone number or the contacts in your address book when you upload or synchronise it.
On the other hand, Twitter also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages you send directly to other users and can determine your location using GPS data, wireless network information or your IP address in order to send you advertising or other content.
Twitter Inc. may use analysis tools such as Twitter Analytics or Google Analytics for evaluation purposes. The GMDS has no influence on the use of such tools by Twitter Inc. and has not been informed about such potential use. If tools of this kind are used by Twitter Inc. for the GMDS account, the GMDS has neither commissioned nor approved this nor supported it in any other way. Nor will the data obtained from the analysis be made available to it. Only certain non-personal information about tweet activity, such as the number of profile or link clicks by a particular tweet, is visible to the GMDS via its account. Moreover, the GMDS has no possibility to prevent or turn off the use of such tools on its Twitter account.
Finally, Twitter also receives information when you view content, for example, even if you have not created an account. This so-called "log data" may be the IP address, browser type, operating system, information about the website you previously visited and the pages you viewed, your location, your mobile provider, the terminal device you use (including device ID and application ID), the search terms you used and cookie information.

Twitter buttons or widgets integrated into websites and the use of cookies enable Twitter to record your visits to these websites and assign them to your Twitter profile. This data can be used to offer content or advertising tailored to you.

You have options to restrict the processing of your data in the general settings of your Twitter account and under the item "Data protection and security". In addition, you can restrict Twitter's access to contact and calendar data, photos, location data, etc. on mobile devices (smartphones, tablet computers) in the settings options there. However, this depends on the operating system used.

For more information, please visit Twitter itself:

- Twitter support pages

support.twitter.com/articles/105576

- Twitter privacy information

help.twitter.com/de/search

- Information on how to view your own data

support.twitter.com/articles/20172711

- Information about inferences made by Twitter based on their data

twitter.com/your_twitter_data

- Information on the personalisation and data protection settings available

twitter.com/personalization

6.9 Youtube

YouTube videos are embedded on some GMDS websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This tells Youtube which pages you are visiting.

If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your Youtube account first.

When a YouTube video is started, the provider uses cookies to collect information about user behaviour, but also to collect information about visitors to their website. YouTube uses these to collect video statistics, prevent fraud and improve user experience, among other things. This also leads to a connection with the Google DoubleClick network. When you start the video, this could trigger further data processing operations. We have no control over this. If you would like to prevent this, you must block the saving of cookies in your browser.

Further information on data protection at "Youtube" can be found in the provider's data protection declaration at: www.google.de/intl/de/policies/privacy/, an opt-out option can be found at: adssettings.google.com/authenticated.

Duration for which the Personal Data are stored

The data controller shall process and store personal data of the data subject only for the period of time necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or other legislator in laws or regulations to which the data controller is subject.

If the purpose of storage no longer applies (in particular if the data is no longer required to fulfil or initiate a contract) or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

8 Safety
The German Association for Medical Informatics, Biometry and Epidemiology (GMDS) e.V. uses technical and organisational security measures in order to protect the personal data we have under our control against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. Our security measures are continuously improved in line with technological developments.

Data Transmission
The secrecy of telecommunications also protects your e-mail content and form entries from unauthorised access and processing. We can guarantee compliance with telecommunications secrecy for the GMDS area. However, we would like to point out that data transmission via the Internet can generally be recorded by other Internet operators and users. Personal data is only transmitted in encrypted form as far as we are able, but we can only influence our part of the transmission path.

10 Disclosure of Personal Data

Information about you will be passed on to others if it must be assumed in good faith that the requirements to do so exist by law or on the basis of a legal procedure or that corresponding legal requirements exist (e.g. requirements under the Teleservices Act). In particular, personal data is only passed on to state institutions and authorities within the framework of corresponding national legal provisions or if the passing on is necessary for legal or criminal prosecution in the event of attacks on our network infrastructure.

The "google analytics" tool used to measure reach transmits data to a Google server in the USA. In doing so, Google observes the data protection provisions of the "EU-US Privacy Shield" agreement.

Otherwise, your data will not be made available to anyone outside the GMDS, but will be used exclusively to provide the services presented. In particular, neither your e-mail address nor any other information identifying you will be disclosed to third parties.

Insofar as we make use of service providers for the implementation and handling of processing procedures (e.g. in the context of online registration for our annual conference or other events), the contractual relationships are regulated in accordance with the provisions of the Federal Data Protection Act.

11 Data Transfer to Third Countries

Processing in third countries takes place:

1. in the context of reach measurement (recipient of the data: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94.043 USA).

2. when using the Twitter functionality (recipient of the data: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 USA).

3. when using YouTube (recipient of the data: YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA).

No further processing takes place in third countries.

12 External Links
Our online offer contains links to other websites. We have no influence on whether their operators comply with data protection regulations.

13 Questions or Concerns?
If you have any questions or concerns about this privacy policy or the collection of your information, you can contact us at any time at the following email address: info@gmds.de.

14 Changes
This policy will be updated as necessary with effect for the future, e.g. in the event of changes to the legal provisions or if there are changes to the collection and/or processing of the data. You are therefore requested to look at this privacy policy repeatedly.