When you use the website www.gmds2023.de, personal data such as your IP address is generated. The operators handle this responsibly and in accordance with the applicable laws, in particular the European Data Protection Regulation (DSGVO). On this page we want to inform you about the data processing in connection with our website.
Responsible for data processing
German Association for Medical Informatics, Biometry and Epidemiology (GMDS) e.V. Mrs. Beatrix Behrendt Industriestrasse 154 50996 Cologne E‑mail: email@example.com
Explanations and definitions
The aim of reach measurement is to statistically determine the intensity of use and the number of users of a website and to obtain comparable values for all connected offers. At no time are individual users identified. Their identity always remains protected.
A cookie is a small data packet that is sent to your browser from a web server and can only be read by this web server. The function of this package is to create a kind of identity card to store passwords, orders and preferences. It cannot be executed as program code or used to infect you with viruses. Most browser programs accept cookies by default. You can make your browser inform you of the receipt of a cookie, so that you can decide for yourself for or against its acceptance.
- You have the right to find out from us whether data concerning you is being processed by GMDS.
- Furthermore, you have a right of access to personal data stored about you.
- Likewise, you have the right to request the immediate correction of inaccurate personal data concerning you. Furthermore, you have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data concerning you — also by means of a supplementary declaration.
- You also have the right to have the personal data concerning you deleted immediately if no legal grounds prohibit the deletion.
- You also have the right to request the restriction of processing under the conditions of Art. 18 of the General Data Protection Regulation.
- Likewise, you have the right to receive the personal data concerning you that you have provided to GMDS in a structured, common and machine-readable format.
- You also have the right to transfer this data to another controller under the conditions of Art. 20 of the General Data Protection Regulation.
- Likewise, you have the right to object to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(e) or (f) DS-GVO.
- And, of course, you have the right to withdraw consent to the processing of personal data at any time.
- You also have the right not to be subject to a decision based solely on automated processing — including profiling.
- For clarification: no such decisions take place at GMDS, but due to European law we have to inform you about this right.
- Ferner haben Sie das Recht, sich an eine Aufsichtsbehörde zu wenden und dort ggf. zu beschweren. Eine Liste der Aufsichtsbehörden (für den nichtöffentlichen Bereich) mit Anschrift finden Sie unter: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Please contact us at the email address below if you wish to exercise your rights, as well as if you have any questions about the information we hold.
Contact address: firstname.lastname@example.org.
Legal basis for the processing of personal data
As a data subject, you are entitled to various rights.
- In data protection, the so-called prohibition with reservation of permission applies. Accordingly, the processing of personal data is generally unlawful unless the data subject has given his or her consent or the processing is legitimized by a legally regulated reason for permission. We are obliged to inform you about the legal basis for data processing.
- If we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a DSGVO serves as the legal basis.
- In the case of processing operations that are necessary for the fulfillment of a contract concluded between you and us or for the implementation of pre-contractual measures (e.g. when you register for one of our events), Art. 6 (1) lit. b DSGVO serves as the legal basis.
- If the processing of personal data is necessary for the fulfillment of a legal obligation to which we are subject, such as legal retention and storage obligations, Art. 6 (1) lit. c DSGVO serves as the legal basis.
- If the processing is necessary to protect our legitimate interests or the legitimate interests of a third party and your interests, fundamental rights and freedoms do not override the former interest, the processing of personal data is legitimized by Art. 6 (1) lit. f DSGVO.
Which data are processed for which purposes?
Data collection when visiting our websites
You are welcome to visit this website. However, when you visit this site, certain routing and technical information about your computer is collected, which is technically necessary to show you our websites and to ensure stability and security.
Processed are for example:
- the Internet Protocol address,
- the date and time of an access to the website,
- the website from which an accessing system arrives at our website (so-called referrer),
- which website and which file you are visiting,
- Access status/HTTP status code
- Transfer amount of data
- the operating system (MS Windows 10, Linux, etc.),
- Data such as the browser type (Internet Explorer, Firefox, etc.),
- the speed of your host computer,
- Name of your Internet provider
When using these general data and information, no conclusions are drawn about the data subject. This information is rather required in order to (1) deliver the contents of our website correctly, (2) to ensure the long-term functionality of our information technology systems and the technology of our website, and (3) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. To ensure the above purposes, this data is temporarily stored in the log files of our system for a maximum period of fourteen days. The legal basis for these processing operations is Art. 6 (1) lit. f DSGVO.
Provision of our statutory and business services
We process the data of our members, supporters, interested parties, customers or other persons in accordance with Art. 6 para. 1 lit. b. DSGVO, insofar as we offer them contractual services or act in the context of existing business relationships, e.g. with members, or are ourselves recipients of services and benefits. This occurs, for example, in the context of our intranet use. Furthermore, we process the data of data subjects pursuant to Art. 6 para. 1 lit. f. DSGVO on the basis of our legitimate interests, e.g. when administrative tasks or public relations are involved. The data processed in this context, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. In principle, this includes inventory and master data of persons (e.g., name, address, etc.), as well as contact data (e.g., e‑mail address, telephone, etc.), contract data (e.g., services used, content and information provided, names of contact persons) and, if we offer payable services or products, payment data (e.g., bank details, payment history, etc.). We delete data that is no longer required to fulfill our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we retain the data for as long as they may be relevant for business processing, as well as with regard to any warranty or liability obligations. The necessity of retaining the data is reviewed every three years; otherwise, the statutory retention obligations apply.
Reach measurement / Matomo
Within the scope of the reach analysis of Matomo, the following data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO), the following data is processed: the browser type and version you use, the operating system you use, your country of origin, the date and time of the server request, the number of visits, the time you spend on the website and the external links you click. The IP address of users is anonymized before it is stored.
Users can object to the anonymized data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is stored in their browser, which means that Matomo no longer collects any session data. If users delete their cookies, however, this has the consequence that the opt-out cookie is also deleted and must therefore be reactivated by the users.
Registration function, contact forms and e‑mail contact
For some services or areas of this site, you will be asked to register and provide information about you and/or your company (such as name, job title, email address, and other information) that will allow us to provide services and information to you (for example, when you use a feedback form or register for events). For each contact form, the fields marked with an “*” are those that we need to process your message such as your name to associate the request or your one email address so that we can provide you with feedback. You can provide us with additional information, such as a phone number, which will help us process your request. However, you will always be informed and must consent to the submission of your personal information before your information is submitted. If you submit personal data of other persons, please make sure that these persons are informed about this personal data protection policy, can view it and agree to the submission of the data. The data will be used exclusively for the processing of the purposes set out and — unless legal retention periods force us to store it — will be deleted immediately after processing. A transfer of your data to or its processing by third parties is excluded.
- The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if you have given your consent.
- If the registration serves the fulfillment of a contract to which you are a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO.
Social Media / Twitter
- Twitter Supportseiten support.twitter.com/articles/105576
- Twitter Datenschutz-Informationen help.twitter.com/de/search
- Informationen, die eigenen Daten einsehen zu können support.twitter.com/articles/20172711
- Informationen über von Twitter erstellte Rückschlüsse basierend auf ihren Daten twitter.com/your_twitter_data
- Informationen zu den vorhandenen Personalisierungs- und Datenschutzeinstellmöglichkeiten https://twitter.com/personalization
Duration for which the personal data are stored
The controller processes and stores personal data of the data subject only for the period of time necessary to achieve the purpose of storage or if this has been provided for by the European Directive and Regulation Maker or another legislator in laws or regulations to which the controller is subject. If the storage purpose ceases to apply (in particular if the data is no longer required for the performance or initiation of a contract) or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
The German Association for Medical Informatics, Biometry and Epidemiology (GMDS) e.V. uses technical and organizational security measures in order to protect the personal data we have under our control against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments.
The secrecy of telecommunications also protects your mail content and form entries from unauthorized access and processing. We can guarantee compliance with telecommunications secrecy for the GMDS area. However, we would like to point out that data transmission via the Internet can generally be recorded by other Internet operators and users. Personal data is only transmitted in encrypted form as far as we are able, but we can only influence our part of the transmission path.
Disclosure of personal data
Information about you will be passed on to others if it is assumed in good faith that the requirements for this exist by law or due to legal proceedings or that corresponding legal requirements exist (e.g. requirements under the Teleservices Act). In particular, personal data will only be passed on to state institutions and authorities within the framework of corresponding national legal provisions or if the passing on is necessary for legal or criminal prosecution in the event of attacks on our network infrastructure. Otherwise, your data will not be made available to anyone outside GMDS, but will be used exclusively to provide the services presented. In particular, neither your e‑mail address nor any other information identifying you will be disclosed to third parties. Insofar as we make use of service providers to carry out and handle processing operations (e.g. in the context of online registration for our annual conference or other events), the contractual relationships will be governed by the provisions of the Federal Data Protection Act.
Data transfer to third countries
Processing in third countries takes place:
- When using the Twitter functionality (recipient of the data: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 USA).
- When using YouTube (recipient of the data: YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA).
Further processing in third countries does not take place.
Our online offer contains links to other websites. We have no influence on whether their operators comply with data protection regulations.
Questions or concerns?