Home ServicePrivacy policy

Search form

Privacy policy

www.bbmri.de

    Privacy policy

    We operate the website bbmri.de and collect certain data from our website visitors insofar as this is necessary. In the following privacy policy, we explain what we do with your personal data and why we do this. We also inform on how we protect your data, when your data will be deleted and what your data protection rights are. Firstly though: we comply with the data protection laws and do all in our power to protect your privacy.

    We wish to be entirely open though: the internet lives from the exchange of data and still has many security loopholes. Even if your data is encrypted when you visit our website, there is always a risk – at the latest during the exchange with third-party websites. If you visit other websites (e.g. via a link on our website), please note that this privacy policy does not apply for these third-party websites.

    Who can I contact?

    The provider of this website is:

    Charité – Universitätsmedizin Berlin
    Charitéplatz 1
    10117 Berlin

    The Charité – Universitätsmedizin Berlin is a public institution. It is legally represented by the Chairman of the Executive Board.

    Responsible in terms of media law: Prof. Michael Hummel, Coordinator German Biobank Node and Dr. Cornelia Specht, Managing Director German Biobank Node

    You can contact the GBN office at:

    Charité – Universitätsmedizin Berlin
    German Biobank Node (GBN)

    Campus Virchow Klinikum
    Augustenburger Platz 1
    13353 Berlin

    E-Mail: germanbiobanknode@charite.de
    Tel. +49. 30. 450 536 347

    To reach the Charité’s internal data protection officer, email: datenschutz@charite.de. In the event of specific questions about your data, its deletion or your rights, do not hesitate to contact us directly: germanbiobanknode@charite.de. Should you wish to make a written request, simply mention “data protection”.

    What are my rights?

    You can contact us at any time should you have any questions about your data protection rights or wish to assert one of the following rights:

    • Right of withdrawal pursuant to Art. 7 para. 3 GDPR (e.g. if you wish to withdraw your consent for us to send you our newsletter)
    • Right of access pursuant to Art. 15 GDPR (e.g. if you want to know what data we have stored about you)
    • Right to rectification pursuant to Art. 16 GDPR (e.g. if your email address has changed and you want us to update this)
    • Right to erasure pursuant to Art. 17 GDPR (e.g. if you want us to delete certain data we have stored about you)
    • Right to restriction of processing pursuant to Art. 18 GDPR (e.g. if you do not want us to delete your email address, but only want it used to send you emails that are absolutely necessary)
    • Right to data portability pursuant to Art. 20 GDPR (e.g. if you want to receive your data stored with us in a compressed format in order to make it available to another website, for instance)
    • Right to object pursuant to Art. 21 GDPR (e.g. if you do not agree with one of the advertising or analysis procedures detailed here)
    • Right to lodge a complaint with a supervisory authority pursuant to Art. 77 para. 1 GDPR (e.g. if you have a complaint, you can also contact the data protection supervisory authority directly)

    Competent supervisory authority:
    Berliner Beauftragte für Datenschutz und Informationsfreiheit
    Friedrichstraße 219
    10969 Berlin

    Deletion of data and storage period

    Unless stated otherwise, we will delete your data as soon as it is no longer needed. Your email address will be deleted when you unsubscribe from our newsletter, for example. Your data will also be blocked or deleted if a storage period prescribed by law expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract. Certain data may need to be kept longer for legal reasons. You can of course request information about the stored data on your person at any time.

    Legal basis for data processing

    We only collect and process your personal data when there is a legal basis for this. In addition to your express consent, other legal bases may apply. If processing is based on your consent, Art. 6 para. 1(a) GDPR shall serve as the legal basis.

    If the processing of personal data is necessary for the performance of a contract, Art. 6 para. 1(b) GDPR shall serve as the legal basis.

    If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1(c) GDPR shall serve as the legal basis.

    If processing is necessary to safeguard a legitimate interest of the German Biobank Node or a third party and if such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6 para. 1(f) GDPR shall serve as the legal basis. If processing is based on such a balancing of interests, you have the right to object to the processing of your personal data provided that you have special reasons for doing so and we cannot prove any compelling reasons worthy of protection for the processing.

    You will find the relevant legal basis for individual data processing at the end of the respective description of data processing.

    If we commission service providers for individual service functions or would like to use your data for advertising purposes, we will inform you in detail below of the respective processes. If we cooperate with service providers, we select these extremely carefully, taking particular note of their compliance with the legal requirements for data protection and data security. We have moreover concluded order processing contracts with them, which comply with the requirements of Art. 28 GDPR. If service providers are based outside of the EU, we ensure that the appropriate safeguards exist pursuant to Art. 46 GDPR and that an adequate level of data protection is provided by the processor. Certification according to the EU-US Privacy Shield or so-called EU standard data protection clauses is considered adequate, for example. We refer to the appropriate safeguards in the respective places.

    Your visit to our website

    If you merely wish to browse our website, we do not collect any personal data – with the exception of the data that your browser transmits to enable you to visit the website. This includes:

    • IP address (e.g. 95.91.215.example or 2a02:8109:9440:1198:bdb1:551f:example)
    • approximate location based on IP range (e.g. Berlin and surrounding area)
    • internet provider (e.g. Kabel Deutschland or Deutsche Telekom)
    • internet speed (e.g. 120 Mbit)
    • date and time (e.g. 11:45 on 25.05.2018)
    • last website visited (e.g. google.com)
    • browser (e.g. Chrome or Safari)
    • operating system (e.g. Mac OS)
    • hardware (e.g. Intel processor)

    The IP address is most important for you as a visitor to our website, as this data can theoretically be traced back to you as an individual. To protect your privacy, your IP address will be deleted or anonymized following your visit to our website. The other technical data can then no longer be traced back to you and only serves anonymous, statistical purposes to optimise our website. Your data is stored temporarily at the start to safeguard your connection as well as to ensure access and the correct display of our website. The IP address and aforementioned technical data are required to display the website, prevent display problems for visitors and rectify any errors. The legal basis is the so-called legitimate interest, which has been reviewed within the framework of the aforementioned precautionary measures and in accordance with the European data protection requirements pursuant to Art. 6 para. 1(f) GDPR.

    Data collection within the framework of the image database

    In order to be able to use our image database services, you need to request permission to use image data. Information on the inquirer (e.g. title, name, organisation, email address and purpose of use) must be entered in the form we provide for this purpose. After checking this information and particularly the intended use, we will make the image data available. The personal data obtained during requests for permission will only be collected and processed for this purpose.

    As a precautionary measure, the data you provide is transmitted via an encrypted connection – similar to your visit to our website in general. We also pursue the principle of data minimisation and only collect the data we really need. The purpose of the data requested is to check the intended use and to make the image data available. The legal basis is the user’s consent pursuant to Art. 6 para. 1(a) GDPR.

    Newsletter

    We use the so-called double opt-in procedure for our newsletter. This means that we will not email you our newsletter until you have clicked on the link in our notification email to confirm that you wish to receive it. When you confirm that you wish to receive the newsletter, we will store your email address until you unsubscribe from the newsletter again. This data is stored solely for the purpose of sending you the newsletter.

    You are of course able to unsubscribe from our newsletter at any time – a link for this can be found in every newsletter. Alternatively, you can use the above contact details to contact us.

    To send our newsletter, we work with the MailChimp service provider, Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. The marketing automation platform’s privacy policy can be viewed online at: https://mailchimp.com/legal/privacy. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield framework and therefore provides sufficient safeguards to ensure adequate privacy protection (www.privacyshield.gov/participant?id=a2zt0000000000TO6hAAG&status=Active). The service provider is commissioned on the basis of our legitimate interests pursuant to Art. 6 para. 1 GDPR. We have concluded an order processing agreement with this service provider in accordance with the requirements of Art. 28 GDPR.

    Cookies

    Parts of our website use so-called cookies. Cookies are small text files that are usually stored in a folder on your computer. Cookies contain information about the current or last visit to the website:

    • website name
    • cookie expiration date
    • arbitrary value

    If cookies do not contain a precise expiration date, they will only be stored temporarily and deleted automatically as soon as you close your browser or restart your device. Cookies with an expiration date remain stored when you close your browser or restart your device. Such cookies will not be removed until the date specified or if you delete these manually.

    We use the following three types of cookies on our website:

    • required cookies (e.g. to display the website correctly and temporarily store certain settings)
    • functionality and performance cookies (e.g. to evaluate the technical data from your visit and prevent errors)
    • advertising and analysis cookies

    You can configure, block and delete cookies in your browser settings. Be aware, though, that if you delete all cookies for our website, some of the functions of the website might not display correctly. The Federal Office for Information Security provides helpful information and instructions to prevent cookies in popular browsers: www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html

    YouTube

    We use YouTube for the direct integration of videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When videos embedded in our website are played, a connection is established to the YouTube servers and, for technical reasons, at least your IP address is transmitted. If you are also logged into your YouTube account, YouTube will assign information about the videos you access to your personal user account, for example. You can prevent this by signing out of your YouTube account and all other Google accounts before using our website.

    The high security standards of the Google platform and Google’s associated privacy policy (www.google.com/intl/de-DE/privacy) are considered precautionary measures. Given that Google is based in the USA and thus in a so-called third country, further safeguards are required to ensure an adequate level of data protection meeting the European standards. Google has been certified under the so-called EU-US Privacy Shield and therefore demonstrates an adequate level of data protection (www.google.de/policies/privacy/frameworks).

    The purpose of data transmission is to embed the YouTube videos popular with our users in our website so that they can conveniently access these without having to leave our website. The legal basis for this is the so-called legitimate interest, which has been reviewed to pursue the intended purpose and within the framework of the aforementioned precautionary measures as well as in accordance with the European data protection requirements pursuant to Art. 6 para. 1(f) GDPR.

    Vimeo

    We present videos on our website using services provided by Vimeo. Vimeo is operated by Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011, USA.

    We use Vimeo plugins on some of our web pages. When you visit a page which contains such plugins – for example, our media library – a connection is established with the Vimeo servers and the plugin is shown. This provides the Vimeo server with information about the pages you have visited on our website. If you are logged onto Vimeo as a member, then Vimeo will automatically assign this information to your personal user account. When you activate the plugin (e.g. by clicking the start button of a video), the corresponding information is likewise assigned to your user account. You can prevent the automatic assignment of this information by logging out of your Vimeo account and deleting its respective cookies before logging onto our website.

    For more information about the purpose and extent of data collection, how Vimeo processes and uses this data, and your rights and options for protecting your privacy, please read Vimeo’s privacy policy at: https://vimeo.com/privacy

    Google Fonts

    For visual improvement of the typeface, we use Google Fonts (https://fonts.google.com) from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), a font collection offered by Google. When you access this website or other websites, these fonts are transferred to your browser’s storage folder and activated. Website text will only be displayed in a standard font if this is not supported. To enable this, a request is sent to domains such as fonts.googleapis.com or fonts.gstatic.com. For technical reasons, this request contains your IP address. Your data will not be combined with other data or traced back to you personally, however.

    As a precautionary measure, we have assured ourselves that when you access the Google font collection, the data will not be combined with other Google services, e.g. if you have a Google account. This is confirmed in the Google Fonts privacy information (https://developers.google.com/fonts/faq). The high security standards of the Google platform and the associated Google privacy policy also apply (www.google.com/intl/de-DE/privacy). Given that Google is based in the USA and thus in a so-called third country, further safeguards are required to ensure an adequate level of data protection meeting the European standards. Google has been certified under the so-called EU-US Privacy Shield and therefore demonstrates an adequate level of data protection (www.google.de/policies/privacy/frameworks).

    The purpose of data transmission is the correct display of fonts in our chosen format. The IP address is required to establish a connection to Google’s servers in order to download the font collection if this is not already stored on the device. The legal basis for this is the so-called legitimate interest, which has been reviewed to pursue the intended purpose and within the framework of the aforementioned precautionary measures as well as in accordance with the European data protection requirements pursuant to Art. 6 para. 1(f) GDPR.

    Google Analytics

    We use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses the aforementioned advertising and analysis cookies to analyse your use of our website. The information generated by cookies about your use of our website is transmitted to a Google server in the USA and stored there. However, your IP address will be shortened before the usage statistics are evaluated so that no conclusions can be drawn about your person. Google Analytics has been extended with the code “anonymizeIp” on our website in order to ensure the anonymous collection of IP addresses. Google will use the anonymized data obtained from the cookies to evaluate your use of the website, compile reports on website activity for the website operator and provide other services associated with website activity and internet usage. Insofar as it is required by law or third parties process this data on behalf of Google, Google may also transfer this information to third parties.

    You can also configure your browser to refuse cookies or prevent Google from collecting and analysing the data by downloading and installing the Google Analytics opt-out browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on or in browsers on mobile devices, you can set an opt-out cookie to prevent Google Analytics from collecting data within this website in the future (the opt-out only works in the browser and only for this domain). Please bear in mind that if you delete your cookies in this browser, you will need to click on this link again.

    As a precautionary measure, we use the anonymization procedure offered by Google, whereby subsequent evaluation of the data is not based on your person, but rather only on statistics. The high security standards of the Google platform and the associated Google privacy policy also apply (www.google.com/intl/de-DE/privacy). We have also concluded a special data protection agreement with Google, which stipulates the protection of your data through technical and organisational precautionary measures. Given that Google is based in the USA and thus in a so-called third country, further safeguards are required to ensure an adequate level of data protection meeting the European standards. Google has been certified under the so-called EU-US Privacy Shield and therefore demonstrates an adequate level of data protection (www.google.de/policies/privacy/frameworks).

    The purpose of using Google Analytics is the anonymous analysis of your user behaviour on our website. The knowledge gained helps us to improve our services. The legal basis for this is the so-called legitimate interest, which has been reviewed to pursue the intended purpose and within the framework of the aforementioned precautionary measures as well as in accordance with the European data protection requirements pursuant to Art. 6 para. 1(f) GDPR. An order processing contract has moreover been concluded, which complies with the requirements of Art. 28 GDPR.

    Surveys

    We use the service provider LamaPoll to conduct surveys. This survey tool is operated by Lamano GmbH & Co. KG, Prenzlauer Allee 36G, 10405 Berlin, Germany. The provider’s privacy policy for surveys can be viewed online at:www.lamapoll.de/Support/Datenschutz/Datenschutz-Umfrage-Tool. The provider is commissioned on the basis of our legitimate interests pursuant to Art. 6 para. 1 GDPR.

    The pages can only be accessed via encrypted connections (SSL/TLS/https). The data is stored exclusively on German servers. LamaPoll does not work with third-party providers such as Google Analytics. The data will not be passed on to any third parties and will only be collected for the purpose of the survey. We have concluded an order processing agreement with this service provider in accordance with the requirements of Art. 28 GDPR.

    Social media

    We do not use social media plugins on our website. You will only find links to the Twitter and LinkedIn social networks on our website.

    Therefore, no personal data is transmitted to these providers when you visit our website. Only when you activate one of these links by clicking on them and are redirected to the respective provider’s websites will your personal data be processed by this provider. The latter is then responsible for data protection. Further information on data processing as well as your rights can be found in the respective provider’s privacy policy.

    Establishment, exercise and defence of legal claims

    It may sometimes be necessary for us to process personal data – in conformance with local laws and regulations – in order to exercise or defend legal claims. Art. 9 para. 2(f) GDPR permits this when processing is “necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”.

    This may occur, for example, if we must seek legal advice for legal proceedings or are legally required to retain or disclose certain information during legal proceedings.

    Personal data of children

    We are aware of the importance of safeguarding children’s safety and protecting their data on the internet. For this reason – and in order to comply with certain laws – we neither intentionally collect personal, individually identifiable information from children under the age of 16, nor do we provide content for children under the age of 16.

     

    Privacy policy last updated in: June 2018

    Questions?

    germanbiobanknode@charite.de

    Tel. +49. 30. 450 536 347

    
Fax +49. 30. 450 753 69 38

    © 2024 All rights reserved.

    BMBF
    top
    Biobank Directory European Biobank Directory GBN products Download templates, manuals and other materials