Visual Universitätsmedizin Mainz

Data protection declaration and information for patients (per the GDPR)

Version: May 2019

Duty to provide information when collecting personal data

Information for patients (per the GDPR) is available here.

Data protection declaration

Data protection officer

The contact details of our data protection officer per Art. 37 of the General Data Protection Regulation (GDPR) designated by the University Medical Center of Johannes Gutenberg University Mainz (the controller as defined in Art. 4 (7) of the GDPR) are as follows:

Data protection officer
Langenbeckstrasse 1
55131 Mainz
 Email

Scope

This data protection declaration applies to the internet services provided by the University Medical Center of Johannes Gutenberg University Mainz and its own content offered online. Content of other providers, access to which may be enabled via links, is covered by those providers' terms of use.

Forwarding to other providers

Use of the services of other providers may be subject to conditions other than those described in this data protection declaration.

 

 

It is important to us to identify anyone disrupting or attacking our online services

The following information is recorded when you access our website:

  • IP address of the computer from which the request was sent
  • Information on the browser (web browser used, operating system, language setting, etc.)
  • Information about the server service accessed
  • Protocol version
  • Name of the retrieved file or service page (URL)
  • Date and time of access
  • Volumes of data transferred
  • Status information (e.g. error messages).

It is necessary for us to collect this information in order ensure the correct display of our website. To protect against attacks and ensure proper operation, access to our website is also automatically analyzed by the security system of our technical service provider in order to identify potential risks. This information is then stored (with restricted access) along with the complete IP address for a period of 30 days and subsequently deleted. Should it prove necessary to further pursue identified attacks and disruptions, the corresponding access data will be stored until the relevant procedure is completed.

As this data collection and storage are essential for the proper operation of our online services, users do not have the right to object to this. 

Our legitimate interest in the processing of this data is specified in Art. 6, 1. (e) and (b) GDPR in conjunction with Article 3 of the State Data Protection Act of Rhineland-Palatinate (LDSG) and Article 1 of the State Act on the Establishment of the State Center for Data and Information (LBDIG), taking into account Recital 49 of the GDPR. Insofar as this data is processed on behalf of the University Medical Center of Johannes Gutenberg University Mainz, this processing will be based on Art. 6, 1. (e) and (b) GDPR in conjunction with Article 3 of the LDSG and Art. 57, 1. (b) and (d) GDPR.

Only in the event of unlawful attacks will we initiate procedures to identify the users of the corresponding IP addresses. Otherwise, we will have no access to the above data and we will not attempt to determine the identity of the owners of IP addresses.

Cookies, use of Matomo

This website uses Matomo web analysis service software (www.matomo.org), a service provided by InnoCraft Ltd, 150 Willis St., 6011 Wellington, New Zealand (“Matomo”), to collect and store data on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes per Art. 6, 1. (f) GDPR. Anonymized user profiles may be created from this data for the same purpose and evaluated. Cookies may also be used for this purpose. Cookies are small text files that are stored locally in the cache of a visitor’s web browser. Among other things, cookies allow the web browser to be recognized. The data collected using Matomo technology (including your anonymized IP address) is processed on our servers. 

The information generated by cookies in anonymized user profiles will not be used to personally identify visitors to our website and will not be combined with personal data.

You have the option of preventing the analysis and linking of actions that you undertake on our website. This will protect your privacy, but it will also prevent the website operator learning from your actions and improving usability for you and other users.

Using our website without JavaScript

You will not be able to use certain content (e.g. the slider on the homepage) if JavaScript is disabled in your browser. You can use extensions such as NoScript to allow JavaScript on certain sites (e.g. www.unimedizin-mainz.de).

Data that we request from you

We process personal data within the scope of our online services only insofar as this is necessary for the provision of a functional website and our content and services.

We will ask you provide certain information when you use our online services. In each case, the online form indicates the purposes for which the data is being collected, and on what legal basis. The data will not be passed on to third parties.

If the forms include mandatory fields, these are marked in individual cases and explained.

This data will be stored for a maximum of three years, unless legal retention periods or the requirements of processing necessitate a longer storage period. Data relating to online contact with the data protection officer per Art. 37, 7. GDPR will be stored for the duration for which the person in question is designated as our data protection officer.

You have the right to request information about the data stored about you in this context (see below) and, if the conditions are met, you have the right to correct your data and delete it where necessary.

Encryption

Our website supports line encryption via HTTPS/TLS. This prevents unauthorized access to or alteration of your data during transmission over the internet. The connection secured in this manner is that accessed via the URL https://www.unimedizin-mainz.de.

Social plugins

Our website does not use technologies that are used to supply information automatically to the providers of social media services (social plugins) when you visit.

Any information forwarded to providers of social media services such as YouTube, Facebook, etc. occurs exclusively by means of links, so data relating to your visit to our website (e.g. IP address, time, URL) or data available on your terminal (e.g. cookie information) will only be transmitted to these providers if you deliberately click on the corresponding links.

Google Web Fonts

Our website uses what are known as web fonts provided by Google for consistent font display. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

The browser you are using has to connect to Google’s servers for this purpose. This tells Google that our website has been accessed via your IP address. Google Web Fonts are used in the interests of consistent and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6, 1. (f) GDPR.

Your computer will use a default font if your browser does not support Google Web Fonts.

For more information on Google Web Fonts, please go to developers.google.com/fonts/faq and see Google’s data privacy policy: https://www.google.com/policies/privacy.

Google Maps

This site uses the Google Maps service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Your IP address has to be stored in order to use Google Maps features. This information is usually transferred to a Google server in the USA and stored there. The provider of this website has no influence on this data transmission.

We use Google Maps to present our online services in an appealing way and make it easy to find the locations we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6, 1. (f) GDPR.

More information on the treatment of user data can be found in Google’s data privacy policy: https://www.google.de/intl/de/policies/privacy.

Contact forms

If you have inquiries of any kind, you have the option of contacting us using the forms provided on our website. You will need to enter a range of personal data in order to use the relevant contact form.

Occasionally, we will also offer you the opportunity to provide additional contact information (e.g. telephone number, postal address) on a voluntary basis.

Data is processed for the above purposes on the basis of your consent in accordance with Art. 6, 1. (a) GDPR. In addition, we have a legitimate interest in the processing of data in the context of a contact inquiry as defined in Art. 6, 1. (f) of the GDPR.

The personal data collected by us will be used only to process the inquiry in question. Your data will not be used for any other purpose or passed on to third parties.

Use of YouTube

Our website incorporates YouTube components. YouTube is an internet video portal that allows video publishers to post video clips for free and other users to view, rate and comment on them, also for free. YouTube allows all types of videos to be published, which is why complete film and television programs, and also music videos, trailers and videos created by users themselves can be accessed via the internet portal.

The YouTube operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Every time you call up a page of our website which includes a YouTube component (YouTube video), your web browser is automatically prompted by the relevant YouTube component to download and display the corresponding YouTube component from YouTube. Further information on YouTube can be found at www.youtube.com/intl/de/about. As part of this technical process, YouTube and Google receive information on which specific subpage of our website you are visiting.

If you are logged onto YouTube at the same time, calling up a subpage containing a YouTube video allows YouTube to recognize which specific subpage of our website you are visiting. This information is collected by YouTube and Google and assigned to your YouTube account (assuming you have one).

YouTube and Google receive information via the YouTube component to indicate that you have visited our website whenever you are logged onto YouTube and access our website at the same time. This happens regardless of whether or not you click on a YouTube video. If you do not want this information to be sent to YouTube and Google, you can prevent this by logging out of your YouTube account before you visit our website.

The data privacy policy of YouTube, which can be viewed at www.google.de/intl/de/policies/privacy/, provides information on the collection, processing and use of personal data by YouTube and Google.

Your right of access to information

As we only collect data from and about you to the extent described above, the information we hold on you is that resulting from your use of our services when you contact us online through our website and provide the corresponding details. You can assert your right to be informed of the data we hold on you in writing or by email (see Impressum). You can use the same methods to withdraw any declaration of consent you have provided.

Your right to withdraw a data protection legislation-related declaration of consent

Insofar as the processing of your data is based on your consent, you have the right to withdraw this consent at any time in accordance with Art. 7, 3. GDPR. Withdrawal of consent will not retrospectively invalidate the lawfulness of the processing carried out up to that point in time. You can submit your withdrawal of consent in writing, by email and, where applicable, within the scope of the service offered (newsletter).

 

 

Your right to rectification

If data relating to you is incorrect, you have the right to request that it be rectified (Art. 16 GDPR).

 

 

Your right to restriction of processing

In accordance with the stipulations of Art. 18 GDPR, you have the right to request restriction of the processing of data relating to you.

 

 

Your right to erasure

In accordance with the stipulations of Art. 17 GDPR, you have the right to request the erasure of personal data relating to you. This is the case if, for example, you withdraw your given consent or the data is no longer required for the purposes for which it was collected.

 

 

Your right to lodge a complaint

If data protection law is violated, the affected parties have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues at the University Medical Center Mainz is the Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz (State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate), Hintere Bleiche 34, 55116 Mainz, email: poststelle(at)datenschutz.rlp.de.