Data privacy notice
Section 1 Information about the collection of personal data
- This Data Privacy Notice discloses practices surrounding the collection of personal data arising from the use of our website. Personal data are any data that can identify you as an individual, such as name, address, email addresses and user behaviour.
- Under Article 4 (7) of the EU General Data Protection Regulation (GDPR), the data controller is Hannover Medical School (Medizinische Hochschule (MHH), Carl-Neuberg-Str. 1, 30625 Hannover, Germany; email: firstname.lastname@example.org (see our legal notice). Our Data Protection Officer (Datenschutzbeauftragter) can be contacted at [Datenschutz@mh-hannover.de] or at our postal address, marked ‘Die Datenschutzbeauftragte, OE0007’.
- When you contact us by email or using a contact form, we will store the data you have provided (your email address and, if applicable, your name and telephone number) in order that we can answer your questions. We will delete the data obtained in this connection when they no longer need to be stored or, if the law requires us to keep records, we will restrict the processing of this data.
- If we rely on contracted service providers for individual functions of our offering, or if we wish to use your data for advertising purposes, we will notify you (see below) in detail of the operations involved, including the specified criteria for duration of data retention.
Section 2 Your rights
(1) You have the following rights vis-à-vis MHH with regard to your personal data:
– The right to be informed;
– The right to rectification or erasure;
– The right to restriction of processing;
– The right to objection to processing;
– The right to data portability.
(2) You also have the right to lodge a complaint with a data protection regulatory body concerning our processing of your personal data.
Section 3 Collection of personal data in connection with visits to our website
(1) When you use our website purely for informational purposes, i.e. if you do not provide us with any information, then the only personal data we collect are those that your browser transmits to our server. If you wish to view our website, we will collect the following data, which are technically necessary for us to display our website and to ensure its stability and security (the legal basis being Art. 6 (1) (f) GDPR).
– IP address
– Date and time of request
– Amount by which time zone differs from Greenwich Mean Time (GMT)
– Content of request (specific page)
– Access status / HTTP status code
– Volume of data transmitted during each visit
– Website from which request originates
– Operating system and its interface
– Language and version of browser software
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files stored on your hard drive that are specific to the browser you use and that allow the party which places the cookie (in this case ourselves) to be sent certain information. Cookies cannot be used to run programs or deliver viruses to your computer. Their purpose is to make the Internet offering more user-friendly and effective overall.
Section 4 Other functions and services offered by our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if interested. To do this, you will generally need to provide additional personal data that we use to provide the relevant service and for which the aforementioned data-processing principles apply.
(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are required to follow our instructions and are monitored.
(3) Furthermore, if conclusion of contracts or similar services are offered by us in conjunction with partners, we may share your personal data with third parties. You will receive more detailed information on this when entering your personal data or in the description of the offering below.
(4) Insofar as our service provider or partner is based in a country outside of the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offering.
Section 5 Objection or revocation of consent to the processing of your data
(1) If you have given consent for your data to be processed, you may revoke this consent at any time. Any such revocation will affect the permissibility of the processing of your personal data after you have notified us of the revocation.
(2) Insofar as we base the processing of your personal data on the balancing of interests, you may lodge an objection to this processing. This is the case if, in particular, the processing is not required for performance of a contract with you, which we describe in each case in the description of the functions given below. Where you exercise a right to make such an objection, we ask that you explain the reasons why we should not process your personal data as we have done. When we receive your objection with reasons, we will examine the situation and will either a) discontinue or modify the processing of your data or b) explain to you our compelling legitimate grounds for continuing these processing activities.
(3) You may, of course, object at any time to the processing of your personal data for purposes of advertising and data analysis. You can notify us of your objection to processing for advertising purposes at the following address: email@example.com
Section 6 Use of social-media plug-ins
1. Facebook, Instagram, Google+, Twitter, Xing, T3N, LinkedIn, Flattr
(1) We currently use the following social-media plug-ins: [Facebook, Google+, Twitter, Xing, T3N, LinkedIn, Flattr]. We make use of the two-click solution: in other words, when you visit our website, no personal data is initially shared with the providers of these plug-ins. You can identify this provider by the marking on the box above its initial letter or the logo. We give you the opportunity to use the relevant button to communicate directly with the provider of the plug-in. Only if you click on the highlighted field to activate it does the plug-in provider receive the information that you have accessed the website that constitutes our online offering. The data referred to in Section 3 of this Data Privacy Notice are also transmitted. In the case of Facebook, the IP address is (according to the relevant providers in Germany) anonymized immediately after collection. Through activation of the plug-in, your personal data is thus transmitted to the relevant plug-in provider and stored there (i.e., for American companies, in the USA). Since the plug-in provider collects data, in particular via cookies, we recommend you to delete all cookies by using the security settings of your browser before clicking on the greyed-out box.
(2) We have no influence over the data collected and data-processing operations, nor are we aware of the full extent of data collection, of the purpose of the processing, or of retention periods. Neither do we have any information on the deletion of data collected by the plug-in provider.
(3) The plug-in provider stores the data that have been collected on you as usage profiles and uses these data for the purposes of advertising, market research and/or to design their website in line with market needs. Such evaluation is carried out particularly – even for users who are not logged in – to deliver targeted advertising and to inform other social-network users about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact the plug-in provider concerned. We have plug-ins to give you the opportunity to interact with social networks and other users, so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of plug-ins is Art. 6 (1) (1) (f) GDPR.
(4) Data are transferred regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data that we have collected on our website will be assigned directly to your existing account with the plug-in provider. If you press the activated button and (for example) link the page, the plug-in provider will also store this information in your user account and publicly share it with your contacts. We recommend logging out regularly after using a social network, but especially before activating the button, as this will prevent the data being assigned to your profile with the plug-in provider.
(5) For further information on the purpose and scope of data collection and processing by the plug-in provider, you are referred to the privacy policies of these providers given below. There you will also find further details about your related rights and settings options to protect your privacy.
(6) Addresses of relevant plug-in providers and URLs with their data privacy notices:
- a) [Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; Further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications such as http://www.facebook.com/about/privacy/your-info#everyoneinfo.
- b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de.
- c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.
- d) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
- e) T3N, yeebase media GmbH, Kriegerstr. 40, 30161 Hannover, Deutschland; https://t3n.de/store/page/datenschutz.
- f) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.
- g) Flattr Network Ltd. mit Sitz in 2 nd Floor, White bear yard 114A, Clerkenwell Road, London, Middlesex, England, EC1R 5DF, Großbritannien; https://flattr.com/privacy.]
- H) Instagram, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland; https://help.instagram.com/519522125107875
(1) Our web pages also contain AddThis plug-ins. These plug-ins allow you to set bookmarks or share interesting content with other users. We have plug-ins to give you the opportunity to interact with social networks and other users, enabling us to improve our offering and make it more interesting for you as a user. The legal basis for the use of plug-ins is Art. 6 (1) (1) (f) GDPR.
(2) Using these plug-ins, your Internet browser establishes a direct connection with AddThis servers and, as appropriate, the selected social network or bookmarking service. Recipients obtain the information that you have accessed the website that constitutes our online offering and the data mentioned in Section 3 of this Data Privacy Notice. This information is processed on AddThis servers in the USA. [We have arranged standard data privacy terms with AddThis.]. If you send content on our website to social networks or bookmarking services, a connection may be established between your visit to our website and your user profile on the network in question. We have no influence over the data collected and data-processing operations, nor are we aware of the full extent of data collection, of the purpose of the processing, or of retention periods. Neither do we have any information on the deletion of data collected by the plug-in provider.
(3) The plug-in provider stores these data as usage profiles and uses them for the purposes of advertising, market research and/or to design their website in line with market needs. Such evaluation is carried out particularly – even for users who are not logged in – to deliver targeted advertising and to inform other social-network users about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact the plug-in provider concerned.
(4) If you choose not to participate in this process, you may opt out of data collection and storage at any time by setting an opt-out cookie, with effect for the future: http://www.addthis.com/privacy/opt-out Alternatively, you can set your browser to prevent a cookie from being stored.
(5) Further information on the purpose and scope of data collection and processing by the plug-in provider is available from AddThis LLC, 1595 Spring Hill Road, Sweet 300, Vienna, VA 22182, USA, www.addthis.com/privacy.
3. Embedding of YouTube videos
(1) We have embedded YouTube videos in our online offering; these are stored at www.YouTube.com and can be played directly from our website. [These are all embedded in Enhanced Privacy Mode, which means that no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. We have no influence over this data transmission.
(2) When you visit the website, YouTube receives the information that you have accessed a particular page of our website. The data referred to in Section 3 of this Data Privacy Notice will also be transmitted. This takes place regardless of whether YouTube provides a user account that you are logged in to, or whether no user account exists. When you are logged in to Google, your information will be directly associated with your account. If you do not want your profile to be associated with YouTube, you must log out prior to activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or to design their website in line with market needs. This kind of evaluation is, in particular – even for users who are not logged in – carried out to deliver targeted advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact YouTube.
4. Link to Google Maps
(1) We use links to Google Maps on this website. This will redirect you to the Google Maps website and leave the MHH website.
§ 7 Data protection declaration of the Patient Service Center (PSC, telephone offer)
The separate data protection declaration exclusively for the telephone offer of the PSC can be downloaded here as a PDF (in german).