Data Protection Regulations
(Date of taking effect: May 25, 2018)
B. Notes on data protection at DKMS gemeinnützige GmbH
1.1. These Data Protection Regulations have been drawn up to provide you with an overview of how we record, save, process, pass on or transmit your personal data when you visit our website or use the services offered on our website.
1.2. When processing your personal data, we strictly adhere to the data protection specifications of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).
1.3. Personal data comprises all data that relates to you personally, including your IP address, name, address, e-mail data and user behavior.
1.4. We reserve the right to modify the content of these Data Protection Regulations. We therefore recommend that you consult the Data Protection Regulations again at regular intervals.
1.5. The controller as per Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is DKMS gemeinnützige GmbH (see imprint).You can reach our data protection officer at firstname.lastname@example.org or by writing to our postal address with the addendum “der Datenschutzbeauftragte” (the data protection officer).
2. What personal data do we process?
We record personal data relating to you when you visit our website or use our services offered on the website. Depending on how you use our website, this may comprise the following information:
2.1. Purely informational use: You can visit our website without providing any personal data. When you use the website for purely informational purposes, in other words if you do not otherwise transmit any information to us, we do not record any personal data, with the exception of the data that your browser automatically transmits to our server in order to allow you to visit our website. If you wish to view our website, we record the following data, which is technically necessary in order for us to display our website to you as well as to ensure stability and security:
• Time and date of the inquiry,
• Time zone difference compared to Greenwich Mean Time (GMT),
• Content of the request (specific page),
• Access status/HTTP status code,
• Data volume transmitted in each case,
• Website from which the request comes,
• perating system and its user interface,
• Language and version of the browser software.
This information relates to the computer system used. We use this data (with the exception of your computer’s IP number) solely for statistical purposes, to measure demand for our web content and services. We simply record this data cumulatively for all users of the website, meaning that it is not possible to assign the data to a specific person. This data is not merged with data from other data sources.
2.2. In addition to using our website for purely informational purposes, we provide you with the option of contacting us by e-mail, which you can use if interested. To do this, you usually need to specify further personal data, which we require in order to provide the respective service. If you contact us by e-mail when visiting our website, we will additionally process and save the data that you have provided (your e-mail address and, possibly, your name) in order to answer your questions. The data of users may be saved in a customer relationship management system (CRM system) or some comparable system.
2.3. Links to websites of third-party providers
At various places on our website there are links to the websites of third-party providers. After clicking on the link provided, you are forwarded to the website of the third-party provider concerned. In the process of forwarding, user information is transmitted to the third-party provider. If you send information to or via these sites of third-party providers, we recommend that you read the data protection regulations for these sites before providing them with any further information that can be assigned to you personally. For information with regard to how your data is handled while using the websites of third-party providers, please refer to the respective data protection regulations of the third-party providers. We are not responsible for their operation, including how they handle data.
3. For what purpose do we process your personal data?
3.1. We only process your personal data to the extent that is necessary in order to provide a working website and to provide our content and services. Personal data is only processed on a regular basis where this is permitted by statutory provisions or where the person concerned has given consent.
3.2. If you use our website for purely informational purposes, we record only the data that is technically necessary in order for us to display our website to you as well as ensure stability and security. The legal basis for processing is Art. 6 para. 1 (f) of the GDPR.
3.2. When you contact us by e-mail, your personal data will only be used for the purpose of answering your request. The legal basis for processing is Art. 6 para. 1 (f) of the GDPR.
4. How do we process your personal data?
When you use our website, your data is transmitted to us in encrypted form in order to prevent access by unauthorized third parties. We save your data on specially protected servers. Access to personal data is only possible for a few DKMS employees with special authorization, all of whom are familiar with the relevant Data Protection Regulations and compelled to comply with them.
5. Is personal data passed on to third parties?
Only our employees gain knowledge of your personal data. In addition, where this is prescribed or permitted by law, we share your personal data with recipients who provide services for us. The reason for this is that, in order to be able to perform our duties, we need to work together with service providers, who may also have to process personal data for this purpose. We restrict the forwarding of your personal data to what is really necessary. These service providers have been carefully selected and commissioned by us, are bound by our instructions and are monitored on a regular basis. They are bound by a contract with DKMS to ensure that any personal data that they receive in this context is used only for the allowed purpose. We assure you that we do not sell or rent your data to any other companies or organizations. We will under no circumstances use your e-mail address or other data without your agreement for any other purposes for which you have not given your consent.
The providers commissioned by us include, in particular:
• Serviceprovider, Finanzeinrichtungen
6. How long do we save your personal data?
6.1. We will only save any personal data that you have transmitted or provided until the purpose for doing so has been fulfilled, until you revoke your consent, until you object to the data being processed or until you request the deletion of your data.
6.2. If you use the website for purely informational purposes, we will save your data on our servers only for the duration of your visit to our website. Once you leave our website, your data will be immediately deleted.
6.3. If you contact us by e-mail when using our website, we will delete any data recorded in this context once it is no longer necessary to save the data or will restrict processing if any statutory storage obligations exist. We check necessity on a regular basis.
7. What rights do I have?
7.1. You have the following rights with regard to your personal data that we process:
• Right to information
• Right to correction or deletion
• Right to restriction of processing
• Right to object to processing
• Right to data portability.
7.2. If you have given your consent for us to process your personal data, you can revoke this at any time. Once you have pronounced such a revocation to us, this affects the permissibility of processing your personal data. It is possible here to restrict the revocation of consent to process your personal data to specific purposes such as a newsletter (restriction of processing).
7.3. If you wish to exercise your rights described above, please submit your request to: DKMS gGmbH, Kressbach 1, 72072 Tübingen or by e-mail to: email@example.com
7.4. You also have the right to lodge a complaint with a data protection supervisory authority about the way in which we process your personal data.
8.3. You can configure your browser setting in accordance with your wishes and, for example, reject the acceptance of third-party cookies or even all cookies. Moreover, by selecting appropriate settings in your Internet browser, you can prevent or restrict the installation of cookies. At the same time, cookies that have already been saved can be deleted at any time. However, the steps and measures that are necessary to do so depend on the specific Internet browser that you use. If you have any questions, therefore, please refer to the help function or documentation for your Internet browser or contact the corresponding manufacturer or support. Likewise, you can opt out of using cookies from certain providers, for example via http://www.youronlinechoices.com/uk/your-ad-choices or http://www.networkadvertising.org/choices/. Please note that you may not be able to use all the functions of this website if you do this.
9. How is Google Analytics used?
9.1 We use Google Analytics, a web analysis service provided by Google Inc. (“Google”), on this website. We use Google Analytics to analyze the use of our website so that we can make regular improvements. Using the statistics gained, we can improve the content and services we offer and make them more interesting for you as user. As a rule, the information generated by the cookie regarding your use of this website (including the user’s IP address) is transmitted to a Google Inc. server in the USA and stored there. For cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, http://www.privacyshield.gov/EU-US-Framework. In the event that IP anonymization is activated on this website, however, Google will shorten your IP address first within Member States of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of this website for the purpose of compiling reports on user activities on the DKMS website and in order to provide further services for DKMS connected with use of the website and the Internet. If appropriate, Google will also transfer this information to third parties where required to do so by law or insofar as third parties process this data on behalf of Google. Google guarantees that under no circumstances will your IP address be connected to other data of Google Inc.
9.2. In addition to the option specified Section 9.3., you can prevent Google from recording and processing the data that is generated by the cookie and that relates to your use of the website (including your IP address) by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
9.3. Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and the privacy statement: http://www.google.de/intl/de/policies/privacy.
10. What social media plug-ins do we use?
10.1. Our website uses social media plug-ins from various social networks. If you open a page of our website that contains such a plug-in, your browser will establish a direct connection to the servers of the social networks. The social networks will transmit the content of the plug-in directly to your browser, which will incorporate it into the website.
10.2. As a result of the integration of the plug-ins, the social networks are informed that you have accessed the corresponding page on our website. If you are logged into one or more social networks, the networks concerned can assign the visit to your account. If you interact with the plug-in, for example by selecting the “Like” button or sending a Tweet, your browser will send the corresponding information directly to Facebook or Twitter, where it will be stored.
10.3. We do not bear any responsibility for services of third parties such as Twitter or Facebook that are linked to our website. Such third-party providers are not able to assign the IP addresses to any other personal data that is collected via the DKMS website. Further information regarding data collection by third-party providers can be found on the respective websites of these providers.
10.4. We currently use the following social media plug-ins: Facebook and Twitter. We use the “two-click solution” here. This means that no personal data is forwarded to the providers of the plug-ins to begin with when you visit our site. You can recognize the provider of the plug-in based on the provider’s initial letter or logo shown on the box. We provide you with the option of communicating with the provider of the plug-in directly by clicking the button. The plug-in provider is informed that you have accessed the corresponding page of our website only if you activate the selected field by clicking it. The data specified in Section 2.1. of this privacy statement is also transmitted. In the case of Facebook, according to the statement of the respective provider in Germany, the IP address is anonymized as soon as it has been recorded. When the plug-in is activated, therefore, personal data relating to you is transmitted to the respective plug-in provider and stored there (in the USA in the case of US providers). As the plug-in provider collects data in particular by means of cookies, we recommend that you use the security settings in your browser to delete all cookies before clicking on the grayed-out box.
10.4.1. We have no influence over the data collected or the data processing operations, and we are not aware of the complete scope of data collection, the purposes of processing or the retention periods. Neither do we have any information regarding the deletion of the collected data by the plug-in provider.
10.4.2. The plug-in provider stores the data collected regarding you in the form of usage profiles, which it uses for the purposes of advertising, market research and to tailor its website to meet user needs. Such evaluation takes place in particular (also for users who are not logged in) in order to display tailored advertising and inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact the plug-in provider concerned. Our aim in providing the plug-ins is to enable you to interact with the social networks and other users so that we can improve the content and services we offer and make them more interesting for you as user. The legal basis for using the plug-ins is Art. 6 para. 1 (f) of the GDPR.
10.4.3. The data is forwarded regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected on our website will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider will also store this information in your user account and share it openly with your contacts. We recommend that you regularly log out after using a social network, especially before activating the button. In this way, you can prevent any assignment to your profile with the plug-in provider.
10.4.4. Further information regarding the purpose and scope of data collection and processing by the plug-in provider can be found in the privacy statements of these providers as specified below. You will also find further information there regarding your rights in this respect and the possible settings that can be used to protect your privacy.
10.4.5. Addresses of the respective plug-in providers and URLs containing their privacy notices:
• Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
http://www.facebook.com/policy.php ; further information on data collection:
Facebook has submitted to the EU-US Privacy Shield, http://www.facebook.com/policy.php.
• Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; http://twitter.com/privacy . Twitter has submitted to the EU-US Privacy Shield, http://www.privacyshield.gov/EU-US-Framework.
11. How are YouTube videos integrated?
11.1. We have incorporated YouTube videos into our website that are stored at http://www.YouTube.com and can be played directly from our website. [These are all integrated in “extended data protection mode”, which means that no data regarding you as user is transferred to YouTube if you do not play the videos. It is only when you play the videos that the data specified in Section 14.2. is transmitted. We have no influence over this data transmission.]
11.2. When you visit the website, YouTube is informed that you have accessed the corresponding subpage of our website. The data specified in Section 2.1. of this privacy statement is also transmitted. This takes place regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged into a Google account, your data will be directly assigned to your account. If you do not want the data to be assigned to your profile with YouTube, you must log out before activating the button. YouTube stores your data in the form of usage profiles, which it uses for the purposes of advertising, market research and to tailor its website to meet user needs. Such evaluation takes place in particular (also for users who are not logged in) in order to provide tailored advertising and inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact YouTube.
11.3. Further information regarding the purpose and scope of data collection and processing by YouTube can be found in the privacy statement. You will also find further information there regarding your rights and the possible settings that can be used to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, http://www.privacyshield.gov/EU-US-Framework
12. Questions and comments
Do you have any questions regarding our Data Protection Regulations? Please contact our data protection officer at firstname.lastname@example.org
Information regarding your right of objection as per Art. 21 of the GDPR
You have the right to file an objection at any time against the processing of your data that takes place based on Art. 6 para. 1 f of the GDPR (data processing on the basis of the balancing of interests) or Art. 6 para. 1 e of the GDPR (data processing in the public interest) if there are grounds to do so as a result of your situation. This also applies to any profiling based on these regulations within the meaning of Art. 4 No. 4 of the GDPR.
If you file an objection, we will no longer process your personal data unless we are able to provide evidence of compelling and legitimate grounds for the processing that outweigh your interests, rights and liberties or the processing serves to assert, exercise or defend legal claims.
We will also process your personal data in individual cases in order to provide direct advertising. If you do not wish to receive any advertising, you have the right to file an objection against this at any time. This also applies to any profiling that is connected to such direct advertising. We will heed this objection in the future.
We will no longer process your data for the purposes of direct advertising if you object to processing for this purpose.
The objection can be made in any form and should preferably be directed to: