Form Regarding Information Obligations to Patients in the Hospital Setting

Here you can download the information required under Art. 12 et seq. of the EU General Data Protection Regulation (GDPR) regarding the processing of personal patient data at the Medical Center – University of Freiburg.

Information on the Right to Object under Section 48(4) of the Baden-Württemberg State Hospital Act

We hereby inform you, pursuant to Section 48(4), Sentence 3 of the Baden-Württemberg State Hospital Act, of your right to object under Section 48(4) of the Baden-Württemberg State Hospital Act.

We are authorized to use your personal data, which we have stored pursuant to Article 9(2)(h) and (i) of the General Data Protection Regulation (GDPR)—i.e., in particular for treatment purposes—under the conditions set forth in Section 48 of the Baden-Württemberg State Hospital Act (including without direct personal reference—i.e., pseudonymized or anonymized—and in compliance with the strict security measures required by law) for medical, rehabilitative, or nursing research, for public health research, or for quality assurance or the promotion of patient safety. 

You may object to the disclosure pursuant to Section 48(4) of the Baden-Württemberg State Hospital Act. 

Your right to object under Section 48(4) of the Baden-Württemberg State Hospital Act is unconditional and without preconditions. No justification is required. The objection may be filed free of charge and does not need to follow any specific form. You will not suffer any disadvantages as a result of the objection.

We have designated the following office to receive the objection: 

Trust Office of the Medical Center – University of Freiburg

Breisacher Straße 153 · 79110 Freiburg

treuhandstelle@uniklinik-freiburg.de 

The objection does not affect data that has already been disclosed and is irrelevant if the disclosure has already taken place at the time the objection is received.

An overview of the projects planned or carried out in the context of this legal basis can be found at: Health Data for Medical Research | Medical Center – University of Freiburg

General Information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to personally identify you. For detailed information on data protection, please refer to our privacy policy listed below this text.

Data Collection on Our Website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact information further down in this section or in the legal notice of this website.

What data about you is collected?
When you access and use the website, the following data is collected:

Access data (server log data): IP address, timestamp of access, requested resource, status, amount of data transferred and duration of data transfer, origin of your page visit, name and version of the browser software; the server log data is retained for 90 days.

The entry of data into the forms provided on the website is voluntary. When data is entered, the following information is collected in particular: company/organization, title, last name, first name, address, contact information, as well as any additional information or documents you provide to us for the processing of your inquiry or message. The data is stored for the duration necessary to fulfill the purpose. Statutory retention periods remain unaffected by this.

How do we collect your data?
Access data is automatically collected by our IT systems when you visit our website. This primarily consists of technical data (e.g., internet browser, operating system, or time of page view). This data is collected automatically as soon as you enter our website.
All other data is provided by you through entry into the respective online forms and made available for processing. This may include, for example, data you enter into a contact form, for newsletter subscription, for registration, and/or for the use of other services offered.

What do we use your data for?
We use your data to process your inquiry or submission. Some of the data is collected to ensure the website functions properly. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?
You have the right at any time to receive information free of charge regarding the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction, restriction of processing (blocking), or deletion of this data. For this and any other questions regarding data protection, you may contact our Data Protection Officer or Customer Service at any time at the address provided in the legal notice. Furthermore, you have the right to object to the processing of your data and the right to lodge a complaint with the competent data protection supervisory authority. These and other rights of data subjects are granted to you under Articles 15–22 of the GDPR.

Analytics Tools and Third-Party
Tools When you visit our website, your browsing behavior may be statistically analyzed. This is primarily done using cookies and so-called analytics programs. The analysis of your browsing behavior is generally anonymous; the browsing behavior cannot be traced back to you. You may object to this analysis or prevent it by not using certain tools. For details, please refer to our Privacy Policy under the heading “Third-Party Modules and Analytics Tools.” You may object to this analysis. We will inform you of the options for objection in this Privacy Policy.

Use of the Chatbot

When you use our chatbot, the information you enter, as well as any pseudonymized data, is processed and stored for the purpose of handling your inquiry and ensuring the quality of the chatbot. The processing of this data is based exclusively on your implied consent (Art. 6(1)(a) GDPR) through your use of the chatbot. Your data will not be disclosed to third parties. You may withdraw your consent to the processing of your data at any time by ceasing to use the chatbot. The lawfulness of the data processing carried out prior to withdrawal remains unaffected. The data entered into the chatbot is stored for a maximum of 6 months and then automatically deleted. 

Privacy Policy of the Meine Uniklinik App
Here you will find the complete privacy policy of the Meine Uniklinik App.

The operators of this website uniklinik-freiburg.de, herzzentrum.de and meine-uniklinik.de take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data is collected.

Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information on the responsible body
The responsible body for data processing on this website is

Medical Center - University of Freiburg
Breisacher Straße 153, 79110 Freiburg
Phone: 0761 270-0, Fax: 0761 270-20200
Email: info@uniklinik-freiburg.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Objection to advertising emails
We hereby object to the use of contact data published as part of our duty to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Reference to property rights

Right to information, correction, restriction of processing (blocking), deletion
You have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction of the stored data, restriction of processing (blocking) or deletion of this data at any time within the framework of the applicable statutory data protection regulations.

Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Right to object

You can object to the use and processing of data to protect the legitimate interests of our company, e.g. for the purposes of advertising and a customer-oriented range of information and services, at any time with effect for the future by sending an informal message to
Medical Center – University of Freiburg, Breisacher Straße 153 ,D 79110 Freiburg
Telephone: +49 761 270-0
Fax: +49 761 270-20200
E-mail: info@uniklinik-freiburg.de
.

Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. All you need to do is send us an informal email. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to lodge a complaint with the competent supervisory authority
In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. For our company, the state data protection officer in Baden Württemberg is the competent supervisory authority. A list of the state data protection officers and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Transfer of your data to a country outside the EU/EEA
As a rule, your personal data will be processed within Germany, the EU or the European Economic Area. In all of these countries, there is a high uniform level of data protection due to the EU General Data Protection Regulation, according to which your data is comprehensively protected. Data can only be transferred to recipients outside the EU if one of the following conditions is met:

-The European Commission has established an adequate legal level of data protection in the country,
or, if this has not been done, -The Medical Center - University of Freiburg agrees contractual data protection clauses with the partners that have been adopted or approved by the European Commission or the competent supervisory authority. You can obtain a copy of these data protection clauses from the Medical Center - University of Freiburg.

However, it may also be the case that data is to be passed on to partners in third countries for which neither of these conditions is met. These countries may have a lower level of data protection than the EU. The Medical Center - University of Freiburg assures that in these cases, too, the partners will be contractually obliged to comply with the EU data protection level as far as legally possible. Nevertheless, there is a risk that state or private bodies may access the data even though this would not be permitted under European data protection law. In addition, you may be entitled to fewer or less enforceable data subject rights there and there may be no independent supervisory authority to support you in exercising your rights. In such cases, data will only be passed on if you have expressly consented to this.

Statutory data protection officer
We have appointed a data protection officer for our company, who you can contact as follows:

Medical Center - University of Freiburg
Data Protection Officer
Breisacher Straße 153, 79110 Freiburg
Phone: 0761 270-20670
Email: datenschutz@uniklinik-freiburg.de

Cookies
Some of the web pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy and require your consent.

Server log files
The operator of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits. These are

• IP address
• Time stamp of the access
• Requested resource
• status
• Amount of data transferred and
• Duration of the data transfer
• Origin of your page view
• Name and version of the browser software

This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data to protect the legitimate interests of the controller. The server log data is stored for 90 days.

Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent. The data entered in the contact form is therefore processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

Registration/login to services on this website
You can register on our website in order to use additional functions or services, such as registration for newsletters, events or online applications. We only use the data entered for this purpose for the purpose of using the respective offer or service for which you have registered/logged in. The mandatory information requested during registration/login must be provided in full. Otherwise we will reject the registration. We will use the e-mail address provided during registration to inform you of important changes, such as changes to the scope of the offer or technically necessary changes. The processing of the data entered during registration/login is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. All you need to do is send us an informal email. The legality of the data processing that has already taken place remains unaffected by the revocation. The data collected during registration will be stored by us for the respective purpose and will be deleted as soon as the processing purpose is fulfilled or you unsubscribe from the service. Insofar as statutory retention periods exist, these remain unaffected.

Payment processing of online donations
We work together with a payment service provider, Novalnet AG, for the processing of donation payments (by instant bank transfer, credit card direct debit or PayPal). For this purpose, Novalnet AG requires certain personal information from you. This includes your name and address, account number and bank code or credit card number (including validity period), donation amount and currency as well as the purpose/project of the donation. Novalnet AG uses this information exclusively for payment processing. The data is subject to a statutory retention period of ten years.

Online surveys
Online surveys of the Medical Center - University of Freiburg are used to determine the satisfaction of our patients, employees, referring physicians or other customers or to obtain feedback from project participants as part of improvement projects. The surveys are generally conducted anonymously.

If you provide us with data for processing by answering an online questionnaire, this is done on a voluntary basis. The aim and purpose of a survey will be communicated to you directly in the questionnaire or in the information accompanying the survey, e.g. by e-mail. The data is stored on the University Hospital's own server.

Personal data such as age, gender or occupational group are only collected to the extent necessary to fulfill the purpose of the survey. The principle of data economy applies. In our anonymous surveys, the personal data cannot be assigned to the respondent.

When the online questionnaire is accessed and used, the following access data (server log data) is also recorded: IP address, time stamp of access, requested resource, status, amount of data transferred and duration of data transfer, origin of your page view, name and version of the browser software. The server log data is automatically deleted daily.

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests or messages that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

If you have any further questions about data protection, e.g. about the processing of your personal data, please do not hesitate to contact us. The individual contact details can be found under points 2 and 3 of this declaration and in our legal notice.

If this privacy policy is amended, the amendment will be indicated in this privacy policy, on the homepage and in other appropriate places.