TUM School of Medicine and Health
Technical University of Munich
Privacy Policy

The responsible entity according to data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

Technical University of Munich School of Medicine

Ismaninger Straße 22

81675 Munich

Tel. +49 89 4140-0

Internet: www.med.tum.de

 

Address

Klinikum rechts der Isar der TU München

Fakultät für Medizin

81664 München

 

Data Protection Officer 

c/o Stabsstelle Datenschutz

Email: datenschutz@mri.tum.de

Purposes and legal bases for the processing of personal data

The goal of processing data is the fulfillment of the public tasks assigned to us by the legislator, in particular, providinginformation to the public.

Unless otherwise stated, the legal basis for processing your data arises from Art. 4 para. 1 of the Bavarian Data Protection Act (BayDSG) in conjunction with Article 6 para. 1 lit. e of the General Data Protection Regulation (GDPR). Accordingly, we are permitted to process the data necessary to perform a task.

We process your personal data only for the purposes stated in this privacy policy. We do not transfer your personal data to third parties for purposes other than those noted. We will only disclose your personal data to third parties if:

  • you have given your express consent,
  • processing is necessary for the performance of a contract with you,
  • processing is necessary for compliance with a legal obligation,
  • processing is required to protect legitimate interests, and there is no reason to assume you have an overriding legitimate interest in not disclosing your data.
Recipients of personal data

The technical operation of our data processing systems is carried out by the information technology department of the Klinikum rechts der Isar of the Technical University of Munich.

If necessary, your data will be transmitted to the competent supervisory and auditing authorities for the exercise of the respective control rights.

To avert threats to information technology security, data may be forwarded to the State Office for Information Security for electronic transmission and processed based on Art. 12 et seq. of the Bavarian E-Government Act.

Duration of the storage of personal data

Your data will only be stored for as long as necessary to fulfill tasks, taking into account statutory retention periods.

Your data subject rights

As far as we process personal data from you, you are entitled to the following rights as a data subject:

  • You have the right to information about the data stored about you (Art. 15 GDPR).
  • If incorrect personal data are processed, you have a right to rectification (Art. 16 GDPR).
  • If the legal requirements are met, you can request the deletion or restriction of processing (Art. 17 and 18 GDPR).
  • If you have consented to the processing or a contract for data processing exists and the data processing is carried out with the help of automated procedures, you may be entitled to a right to data portability (Art. 20 GDPR).
  • If you have consented to the processing and the processing is based on this consent, you can revoke the consent at any time in the future. The lawfulness of the data processing carried out based on the consent until the revocation is unaffected.
  • You have the right to object to processing your data at any time for reasons arising from your particular situation if the processing is carried out exclusively based on Art. 6 para. 1 lit. e or f GDPR (cf. Art. 21 para. 1 sentence 1 GDPR).

You can also address your complaint to the data protection supervisory authority responsible for Klinikum rechts der Isar. Contact the

 

Bavarian State Commissioner for Data Protection

Post address: P.O. Box 22 12 19, 80502 Munich

Address: Wagmüllerstrasse 18, 80538 Munich

Tel. 089 212672-0

Fax: 089 212672-50

E-mail: poststelle@datenschutz-bayern.de

Internet: www.datenschutz-bayern.de

Technical Implementation

Our web server is operated by Webhosting Franken. The personal data you provide when visiting our website will, therefore, be processed on our behalf by

 

Webhosting Franken

Inh.: Holger Häring

Wassermannstraße 32

96052 Bamberg

Protocols

When you access this or other Internet pages, you transmit data to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:

  • The date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.).
  • Web browser and operating system used
  • Full IP address of the requesting computer
  • Transmitted amount of data.

After the connection ends, the data is anonymized by shortening the IP address at the domain level so that it is no longer possible to establish a reference to individual users.

Active Components

We use active components such as Javascript. You can disable this function by setting up your internet browser.

Collection of general information when visiting our website

When you access our website, information of a general nature is automatically collected using a cookie. This information (server log files) includes the type of web browser, the operating system used, the domain name of your Internet service provider, and the like. This is only information that does not allow any conclusions about your person.

This information is technically necessary to correctly deliver the content of websites requested by you and is mandatory when using the Internet. In particular, they are processed for the following purposes:

  • ensuring a smooth connection setup of the website,
  • ensuring a smooth use of our website,
  • evaluation of system security and stability, as well as
  • for other administrative purposes.

The processing of your personal data is based on our legitimate interest in the purposes as mentioned above for data collection. We do not use your data to draw conclusions about your person. Recipients of the data are only the responsible body and, if necessary, order processors.

If necessary, we will statistically evaluate anonymous information of this kind to optimize our website and the technology behind it.

Cookies

Like many other websites, we also use so-called "cookies". Cookies are small text files transferred from a website server to your hard drive. Through this, we automatically receive specific data such as IP address, browser used, operating system and your connection to the Internet. The storage period is a maximum of 100 days. Cookies can, however, be deleted manually by the user.

Cookies cannot be used to launch programs or transfer viruses to a computer. Based on the information in cookies, we can facilitate your navigation and enable the correct display of our web pages.

In no case will the data we collect be passed on to third parties or linked to personal data without your consent.

Of course, you can also view our website without cookies in principle. Internet browsers are regularly set to accept cookies. You can generally deactivate cookies at any time via your browser settings. Please use the help functions of your Internet browser to find out how to change these settings. Please note that individual functions of our website may not work if you have disabled the use of cookies.

SSL Encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL) via HTTPS.

Contact Form

Suppose you contact us by email or contact form regarding questions. In that case, you give us your voluntary consent to get you. For this purpose, the specification of a valid email address is required. This serves as the assignment of the request and the subsequent response. The provision of further data is optional. The information you provide will be stored to process the request and for possible follow-up questions. After completion of your request, personal data will be automatically deleted.

Use of Matomo

This website uses Matomo (formerly Piwik), an open-source statistical visitor traffic analysis software. Matomo uses so-called cookies, text files placed on your computer, to help the website analyze how users use the site.

The information generated by the cookie about your use of the website is stored on a server in Germany.

The IP address is anonymized immediately after processing and before storage. You can prevent the installation of cookies by changing the settings of your browser software. We want to point out that with the corresponding setting, not all functions of this website may be available.

You can decide whether a unique web analysis cookie may be stored in your browser to enable the website operator to collect and analyze various statistical data.

Use of Google Maps

This website uses Google Maps API to visually display geographical information. When using Google Maps, Google also collects, processes, and uses data about the use of the map functions by visitors. You can find more information about data processing by Google in the Google privacy policy. You can also change your personal privacy settings in the Privacy Center.

For detailed instructions on managing your data with Google products, click here.

Sending Newsletters

We use CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. This service allows us to organize and analyze the newsletter dispatch. The data you enter to receive the newsletter, such as your email address, is stored on CleverReach's servers. Server locations are Germany and Ireland, respectively.

The newsletter dispatch with CleverReach allows us to analyze the behavior of the newsletter recipient. The analysis reveals, among other things, how many recipients have opened their newsletter and with what frequency links in the newsletter were clicked. CleverReach supports conversion tracking to analyze whether a previously defined action, such as a product purchase, occurs after clicking a link. Details on the data analysis by CleverReach can be found here.

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. For the revocation, an informal message by email or unsubscribe via the "unsubscribe" link in the newsletter is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

If you do not wish any analysis by CleverReach, you must unsubscribe from the newsletter. To unsubscribe, sendingus an informal message by email or unsubscribe via the "unsubscribe" link in the newsletter is sufficient.

Data entered to set up the subscription will be deleted from our servers and the servers of CleverReach in the event of unsubscription. If this data has been transmitted to us for other purposes and elsewhere, it will still remain with us.

For details on CleverReach's privacy policy, please see here.

Commissioned processing: To fully comply with the legal data protection requirements, we have concluded a contract with CleverReach for commissioned processing.

Embedded Videos

Vimeo

For video content integration and display, our website uses plugins from Vimeo. Provider of the video portal is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When a page with an integrated Vimeo plugin is called up, a connection to the servers of Vimeo is established. Vimeo learns through this which of our pages you have called. Vimeo learns your IP address, even if you are not logged into the video portal or do not have an account there. The information collected by Vimeo is transmitted to servers of the video portal in the USA.

Vimeo can assign your surfing behavior directly to your personal profile. By logging out beforehand, you have the option of preventing this.

For details on handling user data, please refer to the Privacy Policy of Vimeo.

 

YouTube

We use the provider YouTube, among others, to integrate videos. YouTube is operated by YouTube, LLC, headquartered at 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube is represented by Google LLC. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you access the website on which the YouTube plugin is embedded, a connection to the YouTube servers is established for video display. This transmits to the YouTube server which of our Internet pages you have visited.

YouTube is loaded only with your consent, which means that no data about you as a user will be transmitted to YouTube if you have not given consent. Only with your consent can the videos be played, and data is sent to the YouTube server, which of our Internet pages you have visited.

If you are logged in as a member of YouTube, YouTube assigns this information to your personal user account. When using the plugin, such as by clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube user account and other user accounts of YouTube LLC and Google LLC, before using our website and deleting the corresponding cookies of the companies.

For more information on the purpose and scope of data collection and its processing by YouTube, please refer to the privacy policy. You will also find more information about your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA.

We only use YouTube with your consent, which you can revoke anytime. The corresponding data processing is based on Art. 6 para. 1 lit. a) DSGVO. The storage period is 6 months.

Changes to our Privacy Policy

We reserve the right to adapt this data protection declaration to always comply with the current legal requirements or to implement changes to our services in the data protection declaration, e.g., when introducing new services. The new privacy policy will then apply to your next visit.

Questions for the Data Protection Officer

If you have any questions about data privacy, please email us or contact the person responsible for data privacy in our organization directly via email at datenschutz@mri.tum.de