Priva­cy policy

When you use the website, person­al data such as your IP address is gener­at­ed. The oper­a­tors handle this respon­si­bly and in accor­dance with the applic­a­ble laws, in partic­u­lar the Euro­pean Data Protec­tion Regu­la­tion (DSGVO). On this page we want to inform you about the data process­ing in connec­tion with our website.

Respon­si­ble for data processing

German Asso­ci­a­tion for Medical Infor­mat­ics, Biom­e­try and Epidemi­ol­o­gy (GMDS) e.V. Mrs. Beat­rix Behrendt Indus­tries­trasse 154 50996 Cologne E‑mail:

Expla­na­tions and definitions

Our priva­cy poli­cy should be both easy to read and under­stand for every­one. To ensure this, we would like to explain the terms used in advance. In prin­ci­ple, the defi­n­i­tions of Arti­cle 4 of the GDPR apply in addi­tion to the follow­ing definitions.

Reach measure­ment

The aim of reach measure­ment is to statis­ti­cal­ly deter­mine the inten­si­ty of use and the number of users of a website and to obtain compa­ra­ble values for all connect­ed offers. At no time are indi­vid­ual users iden­ti­fied. Their iden­ti­ty always remains protected.


A cook­ie is a small data pack­et that is sent to your brows­er from a web serv­er and can only be read by this web serv­er. The func­tion of this pack­age is to create a kind of iden­ti­ty card to store pass­words, orders and pref­er­ences. It cannot be execut­ed as program code or used to infect you with virus­es. Most brows­er programs accept cook­ies by default. You can make your brows­er inform you of the receipt of a cook­ie, so that you can decide for your­self for or against its acceptance.

Your rights

  • You have the right to find out from us whether data concern­ing you is being processed by GMDS.
  • Further­more, you have a right of access to person­al data stored about you.
  • Like­wise, you have the right to request the imme­di­ate correc­tion of inac­cu­rate person­al data concern­ing you. Further­more, you have the right, taking into account the purpos­es of the process­ing, to request the comple­tion of incom­plete person­al data concern­ing you — also by means of a supple­men­tary declaration.
  • You also have the right to have the person­al data concern­ing you delet­ed imme­di­ate­ly if no legal grounds prohib­it the deletion.
  • You also have the right to request the restric­tion of process­ing under the condi­tions of Art. 18 of the Gener­al Data Protec­tion Regulation.
  • Like­wise, you have the right to receive the person­al data concern­ing you that you have provid­ed to GMDS in a struc­tured, common and machine-readable format.
  • You also have the right to trans­fer this data to anoth­er controller under the condi­tions of Art. 20 of the Gener­al Data Protec­tion Regulation.
  • Like­wise, you have the right to object to the process­ing of person­al data concern­ing you that is carried out on the basis of Art. 6(1)(e) or (f) DS-GVO.
  • And, of course, you have the right to with­draw consent to the process­ing of person­al data at any time.
  • You also have the right not to be subject to a deci­sion based sole­ly on auto­mat­ed process­ing — includ­ing profiling.
  • For clar­i­fi­ca­tion: no such deci­sions take place at GMDS, but due to Euro­pean law we have to inform you about this right.
  • Fern­er haben Sie das Recht, sich an eine Aufsichts­be­hörde zu wenden und dort ggf. zu beschw­eren. Eine Liste der Aufsichts­be­hör­den (für den nichtöf­fentlichen Bere­ich) mit Anschrift find­en Sie unter:

Please contact us at the email address below if you wish to exer­cise your rights, as well as if you have any ques­tions about the infor­ma­tion we hold.

Contact address:

Legal basis for the process­ing of person­al data

As a data subject, you are enti­tled to vari­ous rights.

  • In data protec­tion, the so-called prohi­bi­tion with reser­va­tion of permis­sion applies. Accord­ing­ly, the process­ing of person­al data is gener­al­ly unlaw­ful unless the data subject has given his or her consent or the process­ing is legit­imized by a legal­ly regu­lat­ed reason for permis­sion. We are oblig­ed to inform you about the legal basis for data processing.
  • If we obtain your consent for the process­ing of person­al data, Art. 6 para. 1 lit. a DSGVO serves as the legal basis.
  • In the case of process­ing oper­a­tions that are neces­sary for the fulfill­ment of a contract conclud­ed between you and us or for the imple­men­ta­tion of pre-contractual measures (e.g. when you regis­ter for one of our events), Art. 6 (1) lit. b DSGVO serves as the legal basis.
  • If the process­ing of person­al data is neces­sary for the fulfill­ment of a legal oblig­a­tion to which we are subject, such as legal reten­tion and stor­age oblig­a­tions, Art. 6 (1) lit. c DSGVO serves as the legal basis.
  • If the process­ing is neces­sary to protect our legit­i­mate inter­ests or the legit­i­mate inter­ests of a third party and your inter­ests, funda­men­tal rights and free­doms do not over­ride the former inter­est, the process­ing of person­al data is legit­imized by Art. 6 (1) lit. f DSGVO.

Which data are processed for which purposes?

Data collec­tion when visit­ing our websites

You are welcome to visit this website. Howev­er, when you visit this site, certain rout­ing and tech­ni­cal infor­ma­tion about your comput­er is collect­ed, which is tech­ni­cal­ly neces­sary to show you our websites and to ensure stabil­i­ty and security. 

Processed are for example:

  1. the Inter­net Proto­col address,
  2. the date and time of an access to the website,
  3. the website from which an access­ing system arrives at our website (so-called referrer),
  4. which website and which file you are visiting,
  5. Access status/HTTP status code
  6. Trans­fer amount of data
  7. the oper­at­ing system (MS Windows 10, Linux, etc.),
  8. Data such as the brows­er type (Inter­net Explor­er, Fire­fox, etc.),
  9. the speed of your host computer,
  10. Name of your Inter­net provider

When using these gener­al data and infor­ma­tion, no conclu­sions are drawn about the data subject. This infor­ma­tion is rather required in order to (1) deliv­er the contents of our website correct­ly, (2) to ensure the long-term func­tion­al­i­ty of our infor­ma­tion tech­nol­o­gy systems and the tech­nol­o­gy of our website, and (3) to provide law enforce­ment author­i­ties with the infor­ma­tion neces­sary for pros­e­cu­tion in the event of a cyber attack. To ensure the above purpos­es, this data is temporar­i­ly stored in the log files of our system for a maxi­mum peri­od of four­teen days. The legal basis for these process­ing oper­a­tions is Art. 6 (1) lit. f DSGVO.

Provi­sion of our statu­to­ry and busi­ness services

We process the data of our members, support­ers, inter­est­ed parties, customers or other persons in accor­dance with Art. 6 para. 1 lit. b. DSGVO, inso­far as we offer them contrac­tu­al services or act in the context of exist­ing busi­ness rela­tion­ships, e.g. with members, or are ourselves recip­i­ents of services and bene­fits. This occurs, for exam­ple, in the context of our intranet use. Further­more, we process the data of data subjects pursuant to Art. 6 para. 1 lit. f. DSGVO on the basis of our legit­i­mate inter­ests, e.g. when admin­is­tra­tive tasks or public rela­tions are involved. The data processed in this context, the type, scope and purpose and the neces­si­ty of their process­ing are deter­mined by the under­ly­ing contrac­tu­al rela­tion­ship. In prin­ci­ple, this includes inven­to­ry and master data of persons (e.g., name, address, etc.), as well as contact data (e.g., e‑mail address, tele­phone, etc.), contract data (e.g., services used, content and infor­ma­tion provid­ed, names of contact persons) and, if we offer payable services or prod­ucts, payment data (e.g., bank details, payment histo­ry, etc.). We delete data that is no longer required to fulfill our statu­to­ry and busi­ness purpos­es. This is deter­mined accord­ing to the respec­tive tasks and contrac­tu­al rela­tion­ships. In the case of busi­ness process­ing, we retain the data for as long as they may be rele­vant for busi­ness process­ing, as well as with regard to any warran­ty or liabil­i­ty oblig­a­tions. The neces­si­ty of retain­ing the data is reviewed every three years; other­wise, the statu­to­ry reten­tion oblig­a­tions apply.


Cook­ies are used by us when they are used for tech­ni­cal session control, for exam­ple, to pass your data from one page to the next as part of the regis­tra­tion process for events. The cook­ies used on this site are not perma­nent and are there­fore set each time you visit the site. Cook­ies from previ­ous visits, which may still be present on your comput­er, for exam­ple, after an unfore­seen termi­na­tion of the Inter­net brows­er, are not read. No attempt is made to use cook­ies to carry out any form of profil­ing. The legal basis for the process­ing of person­al data using cook­ies is Art. 6 (1) lit. f DSGVO. Further­more, cook­ies are used in the context of the use of Google Analyt­ics so that reach measure­ment (see section “Reach measure­ment / Google Analyt­ics”) can take place. . The legal basis for this process­ing of person­al data is their consent (Art. 6 para. 1 lit. a DSGVO).

Reach measure­ment / Matomo

With­in the scope of the reach analy­sis of Mato­mo, the follow­ing data is processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­miza­tion and econom­ic oper­a­tion of our online offer with­in the mean­ing of Art. 6 para. 1 lit. f. DSGVO), the follow­ing data is processed: the brows­er type and version you use, the oper­at­ing system you use, your coun­try of origin, the date and time of the serv­er request, the number of visits, the time you spend on the website and the exter­nal links you click. The IP address of users is anonymized before it is stored.

Mato­mo uses cook­ies that are stored on the user’s comput­er and that enable an analy­sis of the use of our online offer by the user. Pseu­do­ny­mous user profiles can be creat­ed from the processed data. The cook­ies have a stor­age peri­od of one week. The infor­ma­tion gener­at­ed by the cook­ie about your use of this website is only stored on our serv­er and is not passed on to third parties.

Users can object to the anonymized data collec­tion by the Mato­mo program at any time with effect for the future by click­ing on the link below. In this case, a so-called opt-out cook­ie is stored in their brows­er, which means that Mato­mo no longer collects any session data. If users delete their cook­ies, howev­er, this has the conse­quence that the opt-out cook­ie is also delet­ed and must there­fore be reac­ti­vat­ed by the users.

Regis­tra­tion func­tion, contact forms and e‑mail contact

For some services or areas of this site, you will be asked to regis­ter and provide infor­ma­tion about you and/or your compa­ny (such as name, job title, email address, and other infor­ma­tion) that will allow us to provide services and infor­ma­tion to you (for exam­ple, when you use a feed­back form or regis­ter for events). For each contact form, the fields marked with an “*” are those that we need to process your message such as your name to asso­ciate the request or your one email address so that we can provide you with feed­back. You can provide us with addi­tion­al infor­ma­tion, such as a phone number, which will help us process your request. Howev­er, you will always be informed and must consent to the submis­sion of your person­al infor­ma­tion before your infor­ma­tion is submit­ted. If you submit person­al data of other persons, please make sure that these persons are informed about this person­al data protec­tion poli­cy, can view it and agree to the submis­sion of the data. The data will be used exclu­sive­ly for the process­ing of the purpos­es set out and — unless legal reten­tion peri­ods force us to store it — will be delet­ed imme­di­ate­ly after process­ing. A trans­fer of your data to or its process­ing by third parties is excluded.

  • The legal basis for the process­ing of the data is Art. 6 para. 1 lit. a DSGVO if you have given your consent.
  • If the regis­tra­tion serves the fulfill­ment of a contract to which you are a party or the imple­men­ta­tion of pre-contractual measures, the addi­tion­al legal basis for the process­ing of the data is Art. 6 para. 1 lit. b DSGVO.

Social Media / Twitter

GMDS uses the tech­ni­cal plat­form and services of Twit­ter Inc., 1355 Market Street, Suite 900, San Fran­cis­co, CA 94103 U.S.A. for the short message service offered here. The data controller for indi­vid­u­als living outside the Unit­ed States is Twit­ter Inter­na­tion­al Compa­ny, One Cumber­land Place, Fenian Street, Dublin 2 D02 AX07, Ireland. We would like to point out that you use the Twit­ter short message service offered here and its func­tions under your own respon­si­bil­i­ty. This applies in partic­u­lar to the use of the inter­ac­tive func­tions (e.g. shar­ing, rating). Infor­ma­tion about which data is processed by Twit­ter and for which purpos­es can be found in Twitter’s priva­cy poli­cy:

The GMDS has no influ­ence on the type and scope of the data processed by Twit­ter, the type of process­ing and use or the trans­fer of this data to third parties. Nor does it have any effec­tive means of control in this respect. With the use of Twit­ter, your person­al data is collect­ed, trans­ferred, stored, disclosed and used by Twit­ter Inc. and there­by trans­ferred to and stored and used in the Unit­ed States, Ireland and any other coun­try in which Twit­ter Inc. does busi­ness, regard­less of your place of resi­dence. Twit­ter process­es on the one hand your volun­tar­i­ly entered data such as name and user name, e‑mail address, tele­phone number or the contacts of your address book when you upload or synchro­nize it. On the other hand, Twit­ter also eval­u­ates the content you share to deter­mine what topics you are inter­est­ed in, stores and process­es confi­den­tial messages that you send direct­ly to other users, and can deter­mine your loca­tion using GPS data, wire­less network infor­ma­tion or your IP address in order to send you adver­tis­ing or other content. For analy­sis, Twit­ter Inc. may use analyt­ics tools such as Twit­ter or Google Analyt­ics. GMDS has no influ­ence on the use of such tools by Twit­ter Inc. and has not been informed about such poten­tial use. If tools of this kind are used by Twit­ter Inc. for the GMDS account, GMDS has neither commis­sioned nor approved this nor support­ed it in any other way. Nor will the data obtained from the analy­sis be made avail­able to it. Only certain non-personal infor­ma­tion about tweet activ­i­ty, such as the number of profile or link clicks through a partic­u­lar tweet, is view­able by GMDS through its account. More­over, GMDS has no way to prevent or turn off the use of such tools on its Twit­ter account. Final­ly, Twit­ter also receives infor­ma­tion when you view content, for exam­ple, even if you have not creat­ed an account. This so-called “log data” may be the IP address, brows­er type, oper­at­ing system, infor­ma­tion about the website you previ­ous­ly visit­ed and the pages you viewed, your loca­tion, your mobile provider, the termi­nal device you use (includ­ing device ID and appli­ca­tion ID), the search terms you used and cook­ie infor­ma­tion. Via Twit­ter buttons or widgets embed­ded in websites and the use of cook­ies, it is possi­ble for Twit­ter to record your visits to these websites and assign them to your Twit­ter profile. Based on this data, content or adver­tis­ing can be offered tailored to you. You have options to restrict the process­ing of your data in the gener­al settings of your Twit­ter account and under the item “Priva­cy and secu­ri­ty”. In addi­tion, you can restrict Twitter’s access to contact and calen­dar data, photos, loca­tion data, etc. on mobile devices (smart­phones, tablet comput­ers) in the settings options there. Howev­er, this depends on the oper­at­ing system used. You can find more infor­ma­tion at Twit­ter itself:


YouTube videos are embed­ded on some GMDS web pages. The oper­a­tor of the corre­spond­ing plug­ins is YouTube, LLC, 901 Cher­ry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plug­in, a connec­tion to YouTube servers is estab­lished. This tells Youtube which pages you are visit­ing. If you are logged into your Youtube account, Youtube can assign your surf­ing behav­ior to you person­al­ly. You can prevent this by logging out of your Youtube account before­hand. If a Youtube video is start­ed, the provider uses cook­ies that collect infor­ma­tion about user behav­ior. but also YouTube cook­ies to collect infor­ma­tion about visi­tors to their website. YouTube uses these to collect video statis­tics, prevent fraud and improve user expe­ri­ence, among other things. Also, this leads to a connec­tion with the Google DoubleClick network. When you start the video, this could trig­ger further data process­ing oper­a­tions. We have no control over this. If you would like to prevent this, you must block the stor­age of cook­ies in the brows­er. Further infor­ma­tion on data protec­tion at “Youtube” can be found in the provider’s priva­cy poli­cy at:, an opt-out option can be found at:

Dura­tion for which the person­al data are stored

The controller process­es and stores person­al data of the data subject only for the peri­od of time neces­sary to achieve the purpose of stor­age or if this has been provid­ed for by the Euro­pean Direc­tive and Regu­la­tion Maker or anoth­er legis­la­tor in laws or regu­la­tions to which the controller is subject. If the stor­age purpose ceas­es to apply (in partic­u­lar if the data is no longer required for the perfor­mance or initi­a­tion of a contract) or if a stor­age peri­od prescribed by the Euro­pean Direc­tive and Regu­la­tion Maker or anoth­er compe­tent legis­la­tor expires, the person­al data will be routine­ly blocked or delet­ed in accor­dance with the statu­to­ry provisions.


The German Asso­ci­a­tion for Medical Infor­mat­ics, Biom­e­try and Epidemi­ol­o­gy (GMDS) e.V. uses tech­ni­cal and orga­ni­za­tion­al secu­ri­ty measures in order to protect the person­al data we have under our control against acci­den­tal or inten­tion­al manip­u­la­tion, loss, destruc­tion or against access by unau­tho­rized persons. Our secu­ri­ty measures are contin­u­ous­ly improved in line with tech­no­log­i­cal developments.

Data trans­fer

The secre­cy of telecom­mu­ni­ca­tions also protects your mail content and form entries from unau­tho­rized access and process­ing. We can guar­an­tee compli­ance with telecom­mu­ni­ca­tions secre­cy for the GMDS area. Howev­er, we would like to point out that data trans­mis­sion via the Inter­net can gener­al­ly be record­ed by other Inter­net oper­a­tors and users. Person­al data is only trans­mit­ted in encrypt­ed form as far as we are able, but we can only influ­ence our part of the trans­mis­sion path.

Disclo­sure of person­al data

Infor­ma­tion about you will be passed on to others if it is assumed in good faith that the require­ments for this exist by law or due to legal proceed­ings or that corre­spond­ing legal require­ments exist (e.g. require­ments under the Tele­ser­vices Act). In partic­u­lar, person­al data will only be passed on to state insti­tu­tions and author­i­ties with­in the frame­work of corre­spond­ing nation­al legal provi­sions or if the pass­ing on is neces­sary for legal or crim­i­nal pros­e­cu­tion in the event of attacks on our network infra­struc­ture. Other­wise, your data will not be made avail­able to anyone outside GMDS, but will be used exclu­sive­ly to provide the services present­ed. In partic­u­lar, neither your e‑mail address nor any other infor­ma­tion iden­ti­fy­ing you will be disclosed to third parties. Inso­far as we make use of service providers to carry out and handle process­ing oper­a­tions (e.g. in the context of online regis­tra­tion for our annu­al confer­ence or other events), the contrac­tu­al rela­tion­ships will be governed by the provi­sions of the Feder­al Data Protec­tion Act.

Data trans­fer to third countries

Process­ing in third coun­tries takes place:

  1. When using the Twit­ter func­tion­al­i­ty (recip­i­ent of the data: Twit­ter Inc, 1355 Market Street, Suite 900, San Fran­cis­co, CA 94103 USA).
  2. When using YouTube (recip­i­ent of the data: YouTube, LLC, 901 Cher­ry Ave, San Bruno, CA 94066, USA).

Further process­ing in third coun­tries does not take place.

Exter­nal links

Our online offer contains links to other websites. We have no influ­ence on whether their oper­a­tors comply with data protec­tion regulations.

Ques­tions or concerns?

If you have any ques­tions or concerns about this Priva­cy Poli­cy or the collec­tion of your infor­ma­tion, please feel free to contact us at the follow­ing email address:


This poli­cy will be updat­ed as neces­sary with effect for the future, e.g. in the event of changes to the legal provi­sions or if there are changes to the collec­tion and/or process­ing of the data. You are there­fore asked to look at this priva­cy poli­cy repeatedly.