DATA PROCESSING ON OUR WEBSITE

In the following, we inform you about the collection of personal data when using our website www.access2meds.eu (“our website”). Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.

The responsible person according to Art. 4 (7) EU General Data Protection Regulation (“GDPR”) is OptiMedis AG, Burchardstraße 17, 20095 Hamburg, Germany, ed.sidemitpo@eciffo (see our imprint). You can reach our data protection officer Dr. Volker Wodianka at ed.lagel-ycavirp@tkatnok or our postal address with the addition “the data protection officer”.

With each call-up of a page and with each retrieval of a file from our Internet offer, we automatically collect and store in our server log files information that your browser transmits to us, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. These are:

• Date and time of the enquiry
• IP address
• Browser
• Operating system and its interface
• Referrer URL (the page previously visited),
• Page accessed or name of the file accessed,
• report whether the access or retrieval was successful and the
• volume of data transferred.

We are not able to assign this data to specific persons. We do not combine this data with other data sources and the data is deleted after statistical evaluation.

YOUR RIGHTS

You have the following rights towards us with regard to your personal data:

• Right to information,
• Right to correction or deletion,
• Right to restriction of processing,
• Right to refusal of processing,
• Right to data portability.

You also have the right to lodge a complaint about our processing of your personal data with a data protection authority.

REVOCATION OR WITHDRAWAL OF CONSENT TO THE PROCESSING OF YOUR DATA

If you have agreed to the processing of your data, you can revoke this at any time. After you have pronounced it to us, the revocation influences the permissibility of processing your personal data.

If we base the processing of your personal information on consideration of interests, you can revoke your consent to processing. This is the case, in particular, if processing is not necessary for fulfilment of a contract with you, which is always outlined by us in the subsequent description of the functions. When exercising the right of revocation, we ask you to cite the reasons why we should not process your personal information as we have previously done. In the case of a justified revocation, we will examine the situation and either stop or adjust the data processing or convey to you our protection-worthy and necessary reasons for continuing the processing.

Of course, you can revoke consent to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your advertising revocation at the following contact points: ue.sdem2ssecca.www@tcatnoc

E-MAIL ADDRESSES AND POSTAL ADDRESSES

When you contact us by e-mail or via contact form, the data you provide (your e-mail address, your name and your telephone number, if applicable, as well as the content of your message) will be stored by us in order to answer your questions. Your data will be processed in the context of pre-contractual measures or based on your express consent in accordance with Art. 6 para.1 p.1 lit. a) and b) GDPR. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations.

SWEEPSTAKE

If you participate in a sweepstake or competition survey, we will need your name and email address. In case of a win, we will contact you and ask for your address to send you the prize. For our competitions, we work together with providers such as LamaPoll. Your data will not be passed on to third parties. You can cancel your participation at any time by sending us an e-mail to ed.sidemitpo@eciffo. The legal basis for this is Art. 6 para. 1 it. b GDPR.
If our service providers or partners are based in a country outside the European Union (EU) or the European Economic Area (EEA), we will inform you about the consequences of this circumstance at the appropriate place in this data protection declaration.

COOKIES

The internet pages use so-called cookies in several places. They serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. There are technically necessary and optional cookies. Among other things, the cookies enable the recognition of the internet browser. Most of the cookies we use are so-called “session cookies”.

We use the Privacy Suite for WordPress Complianz. For more information about ist, please read our Cookie Policy.

MATOMO

On this website, data is collected and stored using the web analysis service software Matomo (www.matomo.org), a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”) on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes pursuant to Art. 6 (1) lit. f GDPR. Pseudonymised user profiles can be created and evaluated from this data for the same purpose. Cookies may be used for this purpose.

NEWSLETTER

If you subscribe to our newsletter, the data in the respective input mask will be transmitted to the controller. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception to this is if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, a corresponding link can be found in each newsletter. The legal basis for the processing of the data after the user has registered for the newsletter is Art. 6 para. 1 lit. a) DSGVO if the user has given his consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

Use of rapidmail

Description and purpose: We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organise and analyse the dispatch of newsletters. The data you enter for the purpose of receiving the newsletter is stored on rapidmail’s servers in Germany. If you do not wish to have your data analysed by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the e-mails sent with rapidmail contain a so-called tracking pixel, which connects to the servers of rapidmail when the e-mail is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of rapidmail we can determine whether and which links in the newsletter message are clicked. Optionally, links in the email can be set as tracking links with which your clicks can be counted.

Legal basis: The legal basis for data processing is Art. 6 para. 1 lit. a) DSGVO.

Recipient: The recipient of the data is rapidmail GmbH.

Transmission to third countries: There is no transfer of data to third countries.

Duration: The data stored by us within the scope of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe.

You can revoke the consent given, Art. 6 para. 1 lit. a GDPR, for the storage of the data, the email address as well as their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter.

EVENTS

You can register for events such as workshops, conferences, hackathons or other activities via our website. In the context of event registration and organisation, personal data is processed for the purpose of enabling participation and managing the event.

Where events are organised jointly with project partners, personal data may be processed under joint controllership within the meaning of Art. 26 GDPR. In such cases, the joint controllers jointly determine the purposes and means of the processing of participants’ data for the organisation and management of the event. Further information on the joint controllership arrangement and the respective responsibilities of the parties will be provided in a specific privacy notice made available in connection with the registration form.

Depending on the specific event, the following personal data may be processed:

• name and surname
• email address
• dietary requirements
• company, country and company type

The processing of personal data is carried out for the following purposes:

• to enable participation in the event and to verify registration and proper participation on the day of the event
• to send communications relating to the organisation of the event
• to document the event and promote the project (including through the dissemination of photographs and video recordings)
• to send future communications and updates related to the project (subject to consent)
• to carry out statistical analysis concerning participation

The legal bases for the processing are:

Art. 6 para. 1 lit. b GDPR (performance of a contract or steps prior to entering into a contract) for the organisation and participation in the event and related communications
Art. 6 para. 1 lit. f GDPR (legitimate interest) for documenting the event, promoting the project, and carrying out statistical analysis
Art. 6 para. 1 lit. a GDPR (consent) for sending future communications and updates related to the project

In connection with events, photographs and video recordings may be taken to document the event and promote the project. This may include the publication of images and recordings on websites, social media, or other communication channels. Such processing is based on the legitimate interest of the organisers in documenting and promoting the event and the project. In doing so, we comply with the principle of data minimisation and make every effort not to render identifiable persons belonging to the general public. You may object to this processing on grounds relating to your particular situation and may inform the event staff on site if you do not wish to be photographed or recorded.

Providing personal data required for participation is mandatory; otherwise, participation in the event may not be possible. Providing data for future communications is optional.

Personal data will be retained only for as long as necessary for the respective purposes. Data relating to participation and organisation of the event will generally be deleted after a limited period following the event, unless longer retention is required by law or specified in the event-specific privacy notice. Email addresses collected for future communications will be retained until consent is withdrawn or the purpose no longer applies.

Further details on the processing of personal data for a specific event, including information on retention periods, recipients of the data, and the exercise of data subject rights, will be provided in the privacy notice made available with the respective registration form.

USE OF SOCIAL-MEDIA LINKS

This website uses so-called “social plug-ins” of the social networks Xing, LinkedIn and Twitter, which are operated by

• Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.
• Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
• LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.

The website uses the so-called two-click solution. This means that when you visit our website, no personal data is passed on to the providers of the plug-ins. You can recognise the provider of the plug-in by the logo. We offer you the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, will the plug-in provider receive the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned in the section “Data processing on our website” is transmitted.

We would like to inform you that there is currently no adequate level of protection for data transfers to the USA. Therefore, we cannot currently guarantee that the US plug-in providers can guarantee an equivalent level of data protection as we do when processing your data. If you nevertheless wish to communicate with the plug-in provider via the respective button, this therefore also includes the processing of your data in the USA in accordance with the provisions applicable there. Further information on the terms of use and data protection of the respective plug-in providers can be found below.

We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.

As far as we are aware, the plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 lit. a GDPR.

The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will help you avoid being assigned to your profile with the plug-in provider.
For further information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the data protection declarations of these providers provided below. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.

LINKS

We use links to content on websites of other website operators.
We have no influence on the data collected there or the data processing procedures, nor do we know the entire scope of the data collection, the purpose of the processing or the retention periods. We also have no information about the deletion of the collected data by the linked provider. In this respect, we are not responsible under data protection law for the data processing on the linked website.

Further information on the purpose and scope of data collection and processing by the website operator can be found in the following data protection statements. There you will also find further information on your rights in this regard and the settings options for protecting your privacy.

APPLICATION DOCUMENTS

You can send us application documents by e-mail or post.

Your data required for contacting you and for the application process will be stored for the purpose of carrying out an application procedure in compliance with the statutory provisions. The legal basis for this is Art. 6 para. 1 lit. b) GDPR and § 26 para. 1 in conjunction with. Para. 8 p. 2 BDSG (implementation of pre-contractual measures).

The following data may be processed by us in the application process:

• Master data (title, first name, surname, date of birth if applicable)
• Contact details (address, telephone or mobile number, private e-mail-address)
• Application data (e.g. profile picture as well as other documents such as CV, cover letter, overall application, certificates)

In the event of employment, the data will be transferred to the personnel file. Information on the storage period can be found in the information on the processing of personal data of our employees.

If an application for a specific vacancy is unsuccessful, your data will be stored for evidentiary purposes for up to 6 months after the end of the application process for the purpose of asserting, exercising or defending legal claims.
With your consent, we will gladly include your application in our applicant pool until revoked. We store unsolicited applications for the search for a suitable position for you until revoked.

The provision of the data is not required by law or contract. You are not obliged to provide the data. However, if you do not provide the data, it will not be possible to carry out an application procedure and, if applicable, recruitment.

QUESTIONS ON DATA PROTECTION

If you have a question about data protection and the processing of your personal data on our website, please contact our data protection officer:
Dr. Volker Wodianka LL.M.
CEO, certified data protection officer (CIPP/E, GDDcert.)
Wodianka privacy legal GmbH
Dockenhudener Str. 12a, 22587 Hamburg
Phone: +49 40 2110786-0
E-Mail: ed.lagel-ycavirp@tkatnok

The data protection measures are always subject to technical updates. For this reason, we ask you to inform yourself about our data protection measures at regular intervals by consulting our data protection declaration.

DATA PROTECTION WITHIN THE ASCERTAIN PROJECT

In addition to the data processing activities described above for this website, certain tasks within the ASCERTAIN research project relate to data management, privacy, and ethics. These are carried out by the project partner CHINO as leader of Work Package 2 “Data Management, Privacy and Ethics.” The objective of WP2 is to ensure that partners can share and analyse data in line with the latest EU ethics and data protection guidelines, as well as the specific requirements set by Data Protection and Cybersecurity Officers within the data providers’ organisations.

For these activities, the ASCERTAIN consortium has entered into a Joint Controllership Agreement (JCA) in accordance with Art. 26 GDPR, which regulates the respective roles and responsibilities of the partners. Questions regarding website data processing should be addressed to OptiMedis AG (see contact details above). Questions regarding project-related data management, privacy, and ethics within ASCERTAIN may also be directed to CHINO through the consortium (ue.sdem2ssecca@tcatnoc).