Welcome to the Data Protection page of Hannover Medical School

The processing of personal data is a central component for the daily fulfillment of tasks. The personal data and information to be processed are of essential importance and must be adequately protected. Data Protection is therefore a top priority for MHH. The careful handling of personal data by employees, both paper-based and in the digital systems provided for this purpose, is essential to ensure compliance with the applicable data protection regulations.

Article 5(2) of the General Data Protection Regulation (GDPR) imposes a so-called "accountability obligation" on the controller. This means that there is an obligation to comply with the principles set out in Article 5(1) GDPR and to demonstrate compliance with them. The following data protection objectives are given:

  • Purpose limitation/data minimization: personal data shall only be collected for specified, explicit and legitimate purposes and shall not be further processed in a manner incompatible with those purposes. They must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Availability: A high degree of availability is guaranteed by the performance-optimized provision of the desired IT services of a system within the time allotted. The hardware and software, including the data, are available when they are actually needed.
  • Integrity: Users can be sure that the data is correct, i.e. that its content is accurate and complete. The respective information is only processed by authorized persons and also only in the manner intended.
  • Storage limitation: personal data may only be stored for as long as the respective purpose or the statutory retention periods stipulate. If either the purpose or the statutory retention period expires, the personal data must be deleted immediately and irrevocably.
  • Transparency: The individual procedural steps during data processing are complete, up-to-date and documented in such a way that they can also be traced within a reasonable period of time. The data subject is fully informed about the handling of their data.

 

For this very purpose, the Data Protection Officer is a person appointed by the Presidium of MHH who coordinates, monitors and drives forward Data Protection tasks at MHH on its behalf. His or her tasks also include

  • Central point of contact for Data Protection issues
  • Establishment of a data protection management system (DSMS)
  • Creating documentation on Data Protection (e.g. a data protection manual)
  • Raising awareness and educating employees about Data Protection

The Data Protection Officer works closely with the Information Security Officer, the IT department (MIT) and the decentralized contact persons for Data Protection and the IT security contact persons of the departments.

If you have any concerns about Data Protection at MHH, please contact:

Hannover Medical School
OE 0007 - Joachim Barke
Data Protection Officer
Carl-Neuberg-Straße 1
30625 Hannover

General e-mail address: Data Protection@mh-hannover.de

 

If you wish to exercise your Legal right to information in accordance with Art. 15 GDPR as a patient of MHH,
please contact PatientendatenanfragenDSGVO@mh-hannover.de

Data protection regulations for IT access