Data Protection Policy
Data Protection Policy
The use of our website and apps is generally possible without providing personal data. Insofar as personal data (such as name, address or e-mail addresses) are collected on our pages, this is always done on a voluntary basis, as far as possible.
Your personal data will be collected electronically and processed and used for services within the scope of DGIM membership in accordance to the following instructions.
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.
Controller
The controller within the meaning of the GDPR and other national data protection laws and other data protection regulations is the:
Deutsche Gesellschaft für Innere Medizin e.V.
Irenenstraße 1
65189 Wiesbaden
P.O. Box 2170
65011 Wiesbaden
Tel.: 0611 - 2058040 - 0
Fax: 0611 - 2058040 - 46
E-mail: info@dgim.de
Data Protection Officer
The controller has the following data protection officer:
Jan Alkemade
Alkemade IT-Security e.K.
Egerländer Str. 9
61239 Ober-Mörlen
Tel.: +49 6002 939593
E-mail: datenschutzdgim.de
Legal Basis for the Processing of Personal Data
In accordance with section 13 GDPR, we inform you of the legal basis for data processing. If the legal basis is not mentioned in the privacy policy, the following applies:
In so far as the processing of personal data is based on the consent of the data subject, article 6 (1) lit. a GDPR serves as the legal basis.
Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, article 6 (1) lit. b GDPR serves as legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
If processing of personal data is necessary for compliance with a legal obligation to which the controller is subject, article 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, article 6 (1) (d) GDPR serves as the legal basis.
If the processing is necessary for the protection of a legitimate interest of the controller or a third party, taking into account that the interests, fundamental rights and freedoms of the data subject do not prevail, article 6 (1) lit. f GDPR serves as the legal basis for the processing.
Data Deletion and Storage Period
The personal data of the data subject shall be erased or its processing shall be restricted as soon as the purpose of the processing ceases to apply. Additional processing may be carried out if this has been provided for by the European or national legislator in Union regulations, laws or other provisions, to which the controller is subject. Restriction of processing or deletion of data shall also take place if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for the conclusion or performance of a contract.
Cookies
The Internet pages use so-called cookies to some extent. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and stored by your browser.
This website also uses so-called "session cookies" to make it easier for you to use our websites. These are small text files that are stored on your hard drive only for the duration of your visit to our website and, depending on the settings of your browser program, are deleted again when you exit the browser. These cookies do not retrieve any information stored about you on your hard drive and do not affect your PC or files.
Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser the next time you visit.
The legal basis for the storage or processing of cookies is your consent pursuant to article 6 para. 1 lit. a GDPR and, if applicable, our legitimate interest in the attractive and efficient design of our website pursuant to article 6 para. 1 lit. f GDPR.
You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. You can also delete the cookies stored on your computer or terminal device (usually via your browser settings). In case of non-acceptance or after deletion of cookies, the functionality of our website may be limited.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are, among others,
- browser type/browser version
- operating system used
- web page or file accessed
- Referrer URL (previously visited website from which a page of the DGIM was accessed)
- Shortened IP address of the accessing end device
- The date and time of the server request
The temporary storage of the IP address by the system is necessary to enable the viewing of the website. For this purpose, the IP address of the user (visitor) must remain stored for the duration of the session. By shortening, the IP address of the terminal device (PC, smartphone, tablet) used by you is anonymized, so that the logged data can no longer be assigned to specific persons. This data is not merged with other data sources. The storage in log files serves to optimize the website and to ensure the security of our information technology systems. We use the data, if necessary, for statistical evaluations for the purpose of improving our offer as well as for the elimination of errors.
These purposes justify our legitimate interest in the data processing according to Art. 6 para. 1 lit. f GDPR.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
In the case of storage of data in log files, deletion takes place after seven days at the latest. Storage beyond this is possible (e.g. for security reasons, such as for the clarification of abuse or fraud, storage for evidentiary purposes). In this case, the IP addresses of the users are deleted or modified, so that an assignment of the viewing client is no longer possible.
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
Contact Form and Email
If you send us an inquiry via the contact form, your details from the inquiry form, including the contact details you provide there, will only be processed for the purpose of processing the inquiry and in the event of follow-up questions. Information relevant to membership will be deleted upon termination of membership, all other information will be deleted after 12 months. We do not pass on this data to third parties without your consent.
At the time of sending the message, the following data will also be stored:
- The IP address of the user
- The date and time of registration
Alternatively, it is possible to contact us via the email address or telephone number provided. In this case, the personal data of the user transmitted with email will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation.
The legal basis for the processing of the data is the consent of the user within the meaning of article 6 para. 1 lit. a GDPR. The legal basis for the processing of data transmitted in the course of sending an email is article 6 para. 1 lit. f GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for the processing is article 6 (1) lit. b GDPR.
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such case, the conversation cannot be continued. A declaration of revocation, change, correction and updating of such data can be made in writing, by fax or by email to DGIM e.V. All personal data stored in the course of contacting us, will be deleted in such case.
Collaboration With Processors and Third Parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if a transfer of data to third parties, such as payment service providers in accordance with article 6 para. 1 lit. b GDPR is necessary for the performance of the contract), if you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission processors with the processing of data, this is done on the basis of article 28 GDPR.
Service Providers
DGIM also uses external service providers in the processing of your data, for example for the support and maintenance of our IT systems. All service providers used are based in the European Union (EU) or the European Economic Area (EEA). As little data as possible is passed on to each service provider and each cooperation partner.
Transfers to Third Countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or do so in the context of using third-party services or disclosing or transferring data to third parties, this will only be done to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of article 44 et seq. GDPR are met. I.e. the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Integration of Third-Party Services and Content
For our online offer we use – on the basis of our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) – to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as "content").
This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for content delivery. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be combined with such information from other sources.
Web Hosting
The hosting services used by us serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services, which we use for the purpose of operating this online offering.
In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to article 6 para. 1 lit. f GDPR in conjunction with article 28 GDPR (conclusion of a contract for the processing of orders).
Data Protection on Third-Party Websites
This website may contain hyperlinks to third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot assume any responsibility or warranty for third-party content or privacy policies. Please make sure you are aware of the applicable data protection conditions before submitting personal data to these websites. The operators of linked sites are solely responsible for their content. At the time the link was created, there was no indication that the content of the page to be viewed did not comply with the legal provisions or was contrary to public morals. We request that you notify us immediately if an external page to which we refer by hyperlink does not comply or no longer complies with legal provisions or morality. The license terms and terms of use of the respective operators of the Internet offer shall apply.
Google Analytics
This website uses Google Analytics, an analytics service provided by Google Ireland Limited ("Google"). Google Analytics uses "cookies", which are text files placed on your device, to help the website analyze how you use the app. The information generated by the cookie about your use is usually transmitted to a Google server in the USA and stored there. In the case of activation of IP anonymization, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. We would like to point out that IP anonymization has been activated for this website in order to ensure anonymized collection of IP addresses (so-called IP masking).
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this app, Google will use this information to evaluate your use of the app in order to compile reports on user activity. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
The legal basis for the storage or processing of tracking cookies is your consent pursuant to article 6 (1) lit. a GDPR and, if applicable, our legitimate interest in the attractive and efficient design of our website pursuant to article 6 (1) lit. f GDPR.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.
The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
Alternatively, you can prevent the collection by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent future collection of your data when visiting this website: Disable Google Analytics here.
For more information on Google's terms of use and privacy policy, please visit http://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/.
Google reCAPTCHA
We use "Google reCAPTCHA" on our website. The provider of the service is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The purpose of reCAPTCHA is to verify whether data entry on our websites, for example in contact forms, is done by a human or by an automated program. With the reCAPTCHA service, abusive computer-controlled entries on websites can be prevented by querying certain number sequences or image elements. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various parameters and information, such as IP address, length of stay of the website visitor or mouse movements made by the user. The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background.
The storage and analysis of the data is based on article 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from SPAM. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is carried out according to article 6 para. 1 lit. a GDPR.
For more information on Google reCAPTCHA and Google's privacy policy, please visit https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
YouTube
Our website uses plugins from YouTube, a site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. For more information on the handling of user data, please see YouTube's privacy policy at https://www.google.de/intl/de/policies/privacy.
Vimeo
We use the provider Vimeo for the integration of videos. Vimeo is operated by Vimeo, LLC with headquarters at 555 West 18th Street, New York, New York 10011.
On some of our Internet pages, we use plugins from the provider Vimeo. If you visit the Internet pages of our Internet presence provided with such a plugin, a connection to the Vimeo servers is established and the plugin is displayed in the process. This transmits which of our Internet pages you have visited to the Vimeo server. If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
For more information on data processing and privacy notices by Vimeo, please visit vimeo.com/privacy/.
Other Mandatory Information According to Article 13 of the General Data Protection Regulation (GDPR):
You are entitled to so-called data subject rights, i.e. rights that you can exercise as a data subject in an individual case. You can assert these rights against DGIM e.V. They arise from the GDPR:
- Right to information (article 15 GDPR): You have the right to information about the personal data stored concerning you.
- Right to rectification (article 16 GDPR):
If you discover that inaccurate data concerning you is being processed, you may request rectification. Incomplete data must be completed, taking into account the purpose of the processing.
- Right to erasure (article 17 GDPR): you have the right to request the erasure of your data if certain grounds for erasure exist. In particular, this is the case if they are no longer necessary for the purpose for which they were originally collected or processed.
- Right of objection (article 21 GDPR): if we process your personal data within the framework of a balancing of interests on the basis of our overriding legitimate interest, you have the right to object to this processing with effect for the future at any time for reasons arising from your particular situation. If you make use of your right to object, we will generally terminate the processing of the data concerned.
- You are also entitled to other data subject rights, in particular the right to restriction of data processing and to data portability, in accordance with the provisions of article 12 - 23 GDPR.
- You also have the right to complain to the competent data protection supervisory authority, the Hessian Data Protection Commissioner, if you believe that the processing of your data is not permissible under data protection law. The complaint to the supervisory authority can be made informally.
The supervisory authority of the controller responsible for data protection is:
the Hessische Beauftragte für Datenschutz und Informationsfreiheit
Prof. Dr. Michael Ronellenfitsch
Gustav-Stresemann-Ring 1
65189 Wiesbaden
datenschutz.hessen.de
- You can also contact the DGIM data protection officer directly with any questions. His email address is datenschutz@dgim.de
SSL Encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
When SSL encryption is enabled, the data you transmit to us cannot be read by third parties.
Objection to Promotional Emails
The use of contact data published within the framework of the imprint obligation to send unsolicited advertising and information materials is hereby prohibited. The operators of the sites expressly reserve the right to take legal action in the event of unsolicited promotional information, such as spam emails.
Change in our Privacy Policy
We change our security and privacy measures as required by technical and legal developments and adapt the privacy policy accordingly. Therefore, please refer to the latest version.