Form on information obligations towards patients in the hospital sector

Here you will find the information required by Art. 12 ff. EU General Data Protection Regulation (GDPR) on the processing of personal patient data at the Medical Center - University of Freiburg for download.

General information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our data protection declaration listed below this text.

Data collection on our website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator's contact details in this section below or in the legal notice of this website.

What data is collected about you?
The following data is collected when you access and use the website:

Access data (server log data): IP address, time stamp of access, requested resource, status, amount of data transferred and duration of data transfer, origin of your page view, name and version of the browser software; the server log data is retained for 90 days.

The entry of data in the forms provided on the website is voluntary. The following data in particular is collected when you enter data: Company/organization, salutation, title, surname, first name, address, contact details and other information/documents that you provide us with to process your request/message. The data is stored for the duration of the purpose fulfillment. Statutory retention periods remain unaffected by this.

How do we collect your data?
Access data is automatically collected by our IT systems when you visit our website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.
All other data is provided by you yourself by entering it in the respective online forms and making it available for processing. This may, for example, be data that you enter in a contact form, to subscribe to the newsletter, to register and/or to use other services offered.

What do we use your data for?
We use your data to process your request/input. Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the rectification, restriction of processing (blocking) or erasure of this data. You can contact our data protection officer or customer service at any time at the address given in the legal notice if you have further questions on the subject of data protection. You also have the right to object to the processing and the right to lodge a complaint with the competent data protection supervisory authority. You are entitled to these and other protective rights for data subjects in accordance with Art. 15 - 22 GDPR.

Analysis tools and third-party tools
When you visit our website, your surfing behavior may be statistically evaluated. This is primarily done using cookies and analysis programs. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Details on this can be found in our privacy policy under the heading "Third-party modules and analysis tools". You can object to this analysis. We will inform you about the objection options in this privacy policy.

Use of the chatbot

When you use our chatbot, the information you enter and any pseudonymized data will be processed and stored to process your request and for quality assurance of the chatbot. This data is processed exclusively on the basis of your implied consent (Art. 6 para. 1 lit. a GDPR) by using the chatbot. Your data will not be passed on to third parties. You can withdraw your consent to the processing of your data at any time by no longer using the chatbot. This does not affect the legality of the data processing carried out up to the point of withdrawal. The data entered in the chatbot will be stored for a maximum of 6 months and then automatically deleted.

Privacy policy of the Meine Uniklinikapp
Here you will find the complete privacy policy of the Meine Uniklinik app.

The operators of this website uniklinik-freiburg.de, herzzentrum.de and meine-uniklinik.de take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data is collected.

Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information on the responsible body
The responsible body for data processing on this website is

Medical Center - University of Freiburg
Breisacher Straße 153, 79110 Freiburg
Phone: 0761 270-0, Fax: 0761 270-20200
Email: info@uniklinik-freiburg.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Objection to advertising emails
We hereby object to the use of contact data published as part of our duty to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Reference to property rights

Right to information, correction, restriction of processing (blocking), deletion
You have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction of the stored data, restriction of processing (blocking) or deletion of this data at any time within the framework of the applicable statutory data protection regulations.

Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Right to object

You can object to the use and processing of data to protect the legitimate interests of our company, e.g. for the purposes of advertising and a customer-oriented range of information and services, at any time with effect for the future by sending an informal message to
Medical Center – University of Freiburg, Breisacher Straße 153 ,D 79110 Freiburg
Telephone: +49 761 270-0
Fax: +49 761 270-20200
E-mail: info@uniklinik-freiburg.de
.

Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. All you need to do is send us an informal email. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to lodge a complaint with the competent supervisory authority
In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. For our company, the state data protection officer in Baden Württemberg is the competent supervisory authority. A list of the state data protection officers and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Transfer of your data to a country outside the EU/EEA
As a rule, your personal data will be processed within Germany, the EU or the European Economic Area. In all of these countries, there is a high uniform level of data protection due to the EU General Data Protection Regulation, according to which your data is comprehensively protected. Data can only be transferred to recipients outside the EU if one of the following conditions is met:

-The European Commission has established an adequate legal level of data protection in the country,
or, if this has not been done, -The Medical Center - University of Freiburg agrees contractual data protection clauses with the partners that have been adopted or approved by the European Commission or the competent supervisory authority. You can obtain a copy of these data protection clauses from the Medical Center - University of Freiburg.

However, it may also be the case that data is to be passed on to partners in third countries for which neither of these conditions is met. These countries may have a lower level of data protection than the EU. The Medical Center - University of Freiburg assures that in these cases, too, the partners will be contractually obliged to comply with the EU data protection level as far as legally possible. Nevertheless, there is a risk that state or private bodies may access the data even though this would not be permitted under European data protection law. In addition, you may be entitled to fewer or less enforceable data subject rights there and there may be no independent supervisory authority to support you in exercising your rights. In such cases, data will only be passed on if you have expressly consented to this.

Statutory data protection officer
We have appointed a data protection officer for our company, who you can contact as follows:

Medical Center - University of Freiburg
Data Protection Officer
Breisacher Straße 153, 79110 Freiburg
Phone: 0761 270-20670
Email: datenschutz@uniklinik-freiburg.de

Cookies
Some of the web pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy and require your consent.

Server log files
The operator of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits. These are

• IP address
• Time stamp of the access
• Requested resource
• status
• Amount of data transferred and
• Duration of the data transfer
• Origin of your page view
• Name and version of the browser software

This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data to protect the legitimate interests of the controller. The server log data is stored for 90 days.

Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent. The data entered in the contact form is therefore processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

Registration/login to services on this website
You can register on our website in order to use additional functions or services, such as registration for newsletters, events or online applications. We only use the data entered for this purpose for the purpose of using the respective offer or service for which you have registered/logged in. The mandatory information requested during registration/login must be provided in full. Otherwise we will reject the registration. We will use the e-mail address provided during registration to inform you of important changes, such as changes to the scope of the offer or technically necessary changes. The processing of the data entered during registration/login is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. All you need to do is send us an informal email. The legality of the data processing that has already taken place remains unaffected by the revocation. The data collected during registration will be stored by us for the respective purpose and will be deleted as soon as the processing purpose is fulfilled or you unsubscribe from the service. Insofar as statutory retention periods exist, these remain unaffected.

Payment processing of online donations
We work together with a payment service provider, Novalnet AG, for the processing of donation payments (by instant bank transfer, credit card direct debit or PayPal). For this purpose, Novalnet AG requires certain personal information from you. This includes your name and address, account number and bank code or credit card number (including validity period), donation amount and currency as well as the purpose/project of the donation. Novalnet AG uses this information exclusively for payment processing. The data is subject to a statutory retention period of ten years.

Online surveys
Online surveys of the Medical Center - University of Freiburg are used to determine the satisfaction of our patients, employees, referring physicians or other customers or to obtain feedback from project participants as part of improvement projects. The surveys are generally conducted anonymously.

If you provide us with data for processing by answering an online questionnaire, this is done on a voluntary basis. The aim and purpose of a survey will be communicated to you directly in the questionnaire or in the information accompanying the survey, e.g. by e-mail. The data is stored on the University Hospital's own server.

Personal data such as age, gender or occupational group are only collected to the extent necessary to fulfill the purpose of the survey. The principle of data economy applies. In our anonymous surveys, the personal data cannot be assigned to the respondent.

When the online questionnaire is accessed and used, the following access data (server log data) is also recorded: IP address, time stamp of access, requested resource, status, amount of data transferred and duration of data transfer, origin of your page view, name and version of the browser software. The server log data is automatically deleted daily.

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests or messages that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

If you have any further questions about data protection, e.g. about the processing of your personal data, please do not hesitate to contact us. The individual contact details can be found under points 2 and 3 of this declaration and in our legal notice.

If this privacy policy is amended, the amendment will be indicated in this privacy policy, on the homepage and in other appropriate places.