Eine Klinik des Universitätsklinikum Hamburg-Eppendorf

Briefkasten an einer grauen Wand

Data Privacy Statement

This Data Privacy Statement provides information about the nature, scope and purpose of the processing of your personal data when you use the website of Martini-Klinik am UKE GmbH (the Martini-Klinik) and applies to the domain www.martini-klinik.de.

Data processed, nature, purpose and duration of processing

1.1 Processing of general information when you visit our website

When you access our website, information is automatically sent to our website server by the browser used on your end device. This information is temporarily stored in a log file. The following information is recorded without any action on your part and stored until it is automatically deleted:

The aforementioned data is processed by us for the following purposes:

Storing this data in the log files helps to ensure the functionality of the website. In addition, we use the data to optimize this website and to ensure the security of our information technology. No data is evaluated for marketing purposes in this context.

The data is deleted as soon as it is no longer required for the purpose for which it was collected. When data is collected in order to make the website available, this is the case when the session ends. If the data is stored in log files, this is the case after fourteen days at the latest. It is possible for data to be stored beyond this period. In this case, users’ IP addresses are deleted or anonymised so that they can no longer be associated with the client who accessed the website.

The legal basis for the temporary storage of the data and log files is Art. 6(1)(f) GDPR, whereby our legitimate interests are the proper availability of the functions of this website, the evaluation of access information with the aim of eliminating and preventing technical disruptions, and the prevention and tracking of security incidents.


1. 2 Registering on our website

You can register to use certain contents of the Martini-Klinik website. During the registration process, you will be shown other data protection information that may include different provisions. This may relate in particular to the purpose and nature of processing and to the duration and legal basis of processing. When registering, please also read the data protection information provided during the registration process.

Newsletter 

1.3 Subscribing to the newsletter
The newsletter software used is Newsletter2Go. When you subscribe, your data will be sent to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data and using it for purposes other than sending newsletters. Newsletter2Go is a certified German provider that was selected in accordance with the requirements of the General Data Protection Regulation and the German Federal Data Protection Act. If you sign up to a newsletter on the Martini-Klinik website, the personal data entered by you there will be processed. This is required in order to regularly send you the newsletter to which you have subscribed and information about Martini-Klinik events and offers by email to the email address provided by you. In order to check that it is indeed the email address owner who is signing up, the “double opt-in” procedure is used. For this purpose, the subscription to the newsletter, the sending of the confirmation email and the receipt of the response requested in this email are logged. No other data is collected. The data is used solely for the purpose of sending newsletters and is not passed on to third parties.
You can unsubscribe from the newsletter and withdraw your consent to your personal data being stored and used for sending the newsletter at any time. You will find a link to do so in every newsletter. Your personal data will be processed for the duration of your subscription to the newsletter. Once you have unsubscribed, the data will be deleted immediately.

Contact forms

1.4 Use of contact forms
The Martini-Klinik website also provides contact forms for different departments of the Martini-Klinik, intended to make it easier for you to contact the Martini-Klinik departments you are interested in. The data to be entered by you on the contact forms (usually name, email address and message) will be forwarded directly to the department to which your enquiry is addressed.

The data is required by the relevant department for the purpose of processing your enquiry. Please note that the Martini-Klinik does not usually respond electronically to enquiries relating to patients and study participants as an unencrypted email does not provide a sufficiently high level of security for the special need to protect health data. The data transmitted in each case is processed based on your consent to data processing when you send the contact form. This consent may be withdrawn at any time. The Martini-Klinik will process your personal data submitted via a contact form for as long as is necessary to deal with your enquiry. Depending on your enquiry, further documentation and retention periods may apply (e.g. 30 years in the case of notifications regarding patient data that become part of a patient record).

2. Use of cookies and analysis tools

To optimize our website for you in terms of user friendliness, effectiveness and security, we use cookies. These are small text files that are placed on your end device and stored in your browser. They include cookies that are technically necessary for the operation of our website and cookies for anonymous web analysis or for extended functions and services.
You decide for which categories you would like to allow the use of cookies and for which categories you do not. Please note that after making your selection, some functions of our website may no longer be available to you.
This site uses different types of cookies. Some cookies are placed by third parties. You have the option to view the cookies on this website, set your cookie preferences and reject the use of cookies.
The following cookies are used on this website:

Required cookies
1.    PHPSESSID
Duration of storage: current session
PHP standard cookie that is required for the website to function.
2.    cookies
Duration of storage: min. 7 days, max. 360 days
Saves your selection for cookie usage. 
3.    langcarousel
Duration of storage: 7 days, saves the language selection.

External media
1.    YouTube can set the following cookies:
PS, VISITOR_INFO1_LIVE, PREF, YSC, yt-remote-cast-installed [x2], yt-remote-connected-devices [x2], yt-remote-device-id [x2], yt-remote-fast-check-period, yt-remote-session-app [x2], yt-remote-session-name [x2], 1P_JAR, ANID, CONSENT, DV, NID, OTZ, UULE.

Statistics
1.    _ga
Duration of storage: 14 months
Used to distinguish users.
2.    _gat
Duration of storage: 1 minute
Throttles the request rate. If Google Analytics is provided via the Google Tag Manager, this cookie is given the name _dcgtm[property-id].
3.    _gid
Duration of storage: 24 hours
Used to distinguish users.
4.    ga-disable-UA-[property-id]
Duration of storage: until 31 December 2099 
Used to deactivate/disable Google Analytics.


2.1 Use of Google Analytics as an analysis tool

This website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies, which are text files placed on your computer to help website operators analyse and statistically evaluate how users use the site. The information generated by the cookies about your use of this website will usually be transmitted to a Google server in the USA and stored there. Storage is not user-based but is based solely on IP addresses, which are recorded in anonymised form on these web pages.
Google Analytics cookies enable the website from which you came to our internet pages and the web pages you visit on our internet site to be recognized. 
By activating “Statistiken” (Statistics) in the cookie banner, you allow us to use Google Analytics to evaluate usage. 

We offer you the option here to deactivate analysis again by removing the tick from the checkbox.

Specifically, the following information is among the data saved for each session:

We use this data for statistical purposes and to analyse internet usage, which enables us to further develop and improve our website.
You can find more information about how sites using Google Analytics handle user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

2.2 IP anonymisation

The IP anonymisation function is activated on this website. This means that your IP address is truncated by Google within Member States of the European Union and in other states that are party to the Agreement on the European Economic Area before it is transmitted to Google’s servers in the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. To truncate users’ IP addresses, the code “gat._anonymizeIp();” is added to the tracking code for Google Analytics on this website. This anonymises the IP addresses by deleting the last octet of the IP address as previously described.
Google will use this information on behalf of the operator of this website in order to evaluate your use of the website, compile reports on website activity and provide the website operator with other services relating to website use and internet usage. The IP address transmitted by your browser when Google Analytics is used will not be associated with any other data held by Google.
Objection to data collection
By using this website, you agree to the processing of data collected about you by Google in the manner described above and for the purpose set out above.
If you do not agree with the collection and evaluation of data by Google as described above, you have various options:

a) Browser settings

You can prevent cookies from being stored by changing the appropriate setting in your browser software. Disabling cookies may limit the functionality of this website.

b) Browser plug-in

You can prevent the data generated by the cookie and relating to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plug-in available via the following link. You can find more information at http://tools.google.com/dlpage/gaoptout?hl=de
In addition, you can obtain general information about Google Analytics and data privacy at this link: https://policies.google.com/privacy?hl=de


3 Use of privacy enhancing techniques

3.1 SSL encryption
In order to protect the security of your data during transmission between your computer and the Martini-Klinik website, the Martini-Klinik uses state-of-the-art encryption methods (e.g. SSL) via HTTPS.

3.2 Integrated third-party content
The Martini-Klinik is not responsible for the processing of data collected by third-party providers and integrates very little content from other providers. We specifically state that we can provide no guarantee for their content nor for their compliance with data protection regulations.

3.3 OpenStreetMap
A number of maps from the OpenStreetMap service (www.openstreetmap.org/copyright

), re integrated. These are provided by the OpenStreetMap Foundation (OSMF) on the basis of the Open Data Commons Open Database Licence (ODbL). Privacy policy: wiki.openstreetmap.org/wiki/Privacy_Policy.


As far as the Martini-Klinik is aware, user data is used by OpenStreetMap solely for purposes of displaying the map functions and temporarily storing the selected settings. This data may include, in particular, users’ IP addresses and user location data, but this data will not be collected without their consent (usually given when choosing their mobile device settings). The data may be processed in the USA.

4. Social media plug-ins and tools

To make our website more attractive, we work with platforms such as Meta and YouTube. These services collect, process and use personal data independently and at their own discretion. These social network platforms may be integrated into the Martini-Klinik’s web pages by means of social plug-ins. The form in which this is done is explained below.
You can share content and links to the Martini-Klinik website on Facebook, Instagram and WhatsApp. The provider in question has the responsibility to ensure that operation complies with data protection. We integrate these plug-ins using the two-click method in order to protect visitors to our website as best as possible. This means that some initial data is transmitted to the provider in question when you access their site in a pop-up window by clicking on their logo. If you are not already logged into their site, the provider’s login and registration pages will be shown.
Please note that we have no information about or control over which data these providers collect and store as these services are not part of our website. If you do not wish data to be transmitted to these providers, you should not use the “Share” buttons under our posts.


4.1 You Tube

We have embedded YouTube videos in our website. These videos are stored on www.YouTube.com and can be played directly from our website. They are all embedded in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data specified in section 2 be transmitted. We have no influence on this data transmission.
When you visit the website, YouTube receives the information that you accessed the relevant subpage of our website. In addition, the data specified in section 2 a) of this statement is transmitted. This takes place regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged into Google, your data is directly associated with your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube saves your data as usage profiles and uses it for purposes of advertising, market research and/or tailored design of its website. Data is evaluated in this way in particular (even for users who are not logged in) in order to provide tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact YouTube.
Further information about the purpose and scope of data collection and its processing by YouTube is available in the privacy policy, where you can also find more information about your rights and the settings available to protect your privacy:  www.google.de/intl/de/policies/privacy.

4.2 Facebook

Social media plug-ins from Facebook are used on our website in order to make your use of our website more personal. To this end, we use the “Share” button. This is a feature of Facebook:
If you visit a page on our website that contains a plug-in of this kind, your browser will establish a direct connection with Facebook’s servers. The content of the plug-in is transmitted by Facebook directly to your browser, which integrates the plug-in content into the website.
By integrating these plug-ins, Facebook receives the information that your browser accessed the relevant page of our website even if you do not have a Facebook account or are not currently logged into Facebook. This information (including your IP address) is transmitted directly by your browser to a Facebook server in the USA and stored there.
If you are logged into Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plug-ins, for example by activating the “Like” or “Share” button, the relevant information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and can be seen by your Facebook friends.
Facebook can use this information for the purposes of advertising, market research and tailored design of the Facebook pages. To this end, Facebook creates usage, interest and relationship profiles in order, for example, to evaluate your use of our website in terms of the advertisements that are shown to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.
If you do not wish Facebook to associate the data collected about our website with your Facebook account, you must log out of Facebook before visiting our website.
The purpose and scope of data collection and the further processing and use of the data by Facebook as well as the rights and settings you have available to protect your privacy can be found in Facebook’s privacy policy (https://www.facebook.com/about/privacy/).

4.3. Instagram

Our website also uses social plug-ins (“plug-ins”) from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plug-ins are identified by an Instagram logo, for example in the form of an “Instagram camera”. If you visit a page on our website that contains a plug-in of this kind, your browser will establish a direct connection with Instagram’s servers. The content of the plug-in is transmitted by Instagram directly to your browser and integrated into the page. By integrating this plug-in, Instagram receives the information that your browser accessed the relevant page of our website even if you do not have an Instagram profile or are not currently logged into Instagram.
This information (including your IP address) is transmitted directly by your browser to an Instagram server in the USA and stored there. If you are logged into Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plug-ins, for example by activating the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there. The information is also published in your Instagram account and shown to your contacts there. If you do not wish Instagram to directly associate the data collected about our website with your Instagram account, you must log out of Instagram before visiting our website. More information can be found in Instagram’s data policy (https://help.instagram.com/155833707900388).
 

4.4 Integration of a social wall

Posts from our Instagram account are automatically displayed on our careers page. This is done by a plug-in (https://github.com/in2code-de/instagram) querying and transferring the contents of our Instagram account every 30 minutes. The server establishes a connection with Instagram via a cron job and saves these changes in the website’s database. However, no external connections are established by the user, no cookies are stored and no data about you is transmitted to Instagram when the page is accessed.

4.5. Podigee Podcast Hosting

We use the Podigee podcast hosting service provided by Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are loaded from Podigee or transmitted via Podigee. The use is based on our legitimate interests, i.e. interest in a safe and efficient provision, analysis and optimization of our podcast offer in accordance with Article 6 Paragraph 1 lit. f GDPR. Podigee processes IP addresses and device information to enable podcast downloads/playbacks and to determine statistical data such as access numbers. This data is anonymized or pseudonymized before it is stored in the Podigee database, unless it is required to provide the podcasts. Further information and objection options can be found in Podigee's data protection declaration: www.podigee.com/de/about/privacy/.


5. Data protection information for participants at Martini-Klinik events

On the processing of personal data by Martini-Klinik am UKE GmbH when a participant registers for a Martini-Klinik event, for the organization of events, marketing campaigns for events, and for the sending of invitations and specialist information.

5.1 Party responsible for data protection and data protection officer
Data processing is carried out by Martini-Klinik am UKE GmbH (the Martini-Klinik), Martinistr. 52, 20246 Hamburg. The responsible in-house department is Corporate Communications, which you can contact by email at feedback@martini klinik.de.

5.2 Legal basis, purpose and nature of the processed data
Various data is processed for the organization of events, including registration and the sending of invitations and specialist information. This data includes in particular your name, contact details and data on your area of work (specialist field, clinic/practice in the case of a specialist audience, etc.). At no point will data from patients be used or any patient data be matched.

a) Sending of invitations to conferences and other specialist events as well as specialist information to a specialist audience (doctors, clinics, practices, etc.).
We send invitations to conferences and other specialist events both by post and by email. We will only include you in the email distribution list if you have voluntarily signed up to this and have consented to data processing in accordance with Art. 6(1)(a) GDPR. Your consent can be withdrawn at any time by clicking on the link at the end of any email or emailing your request to feedback@martini-klinik.de.
The processing of data to send invitations by post is based on our legitimate interest in the distribution of our offerings in accordance with Art. 6(1)(f) GDPR. In this regard too, however, you can notify us by emailing feedback@martini klinik.de if you wish to be removed from the mailing list.
 
b)Revocation list
If you have informed us that you no longer wish to receive invitations or specialist information from us, we will add your data to a revocation list in order to prevent you from being sent these in future. In this regard, processing is based on Art. 6(1)(f) GDPR.

5.3 Recipients of your personal data
Your personal data is processed in the Martini-Klinik by the competent departments and employees. Furthermore, the IT department of the University Medical Center Hamburg-Eppendorf can obtain access to your data during IT maintenance; it does not have the right to process it further.
To send you newsletters by email, we use the services of the provider Newsletter2Go, which will receive the content of the message, your name and your email address.

5.4 Duration of storage
Your personal data will be processed for as long as is required for the purpose of processing. With respect to the email distribution list, this ultimately means that we will process your personal data until your consent has been withdrawn.


6. Your rights as a data subject

You are entitled to exercise rights as a data subject in particular cases. You can assert these rights against the Martini-Klinik.
You have the right to obtain information about the personal data stored about you in accordance with Art. 15 GDPR. If you determine that incorrect data about you is being processed, you can demand rectification under certain conditions in accordance with Art. 16 GDPR. Incomplete data must be completed, taking into account the purpose of the processing. Provided that the requirements of Art. 17 GDPR are fulfilled, in particular that the data is no longer required for the original purpose and the retention periods have expired, you may request that we delete the data. Under Art. 18 GDPR, you may be able to request that UKE restricts further processing of the data. This means that, although your data is not deleted, it is flagged in order to block it from further processing. Provided that the processing of your patient data is based on a public or legitimate interest pursuant to Art. 6(1)(e),(f) GDPR, you can object to processing on the grounds of your particular personal situation under Art. 21 GDPR.

7. How to complain

The Martini-Klinik makes every effort to process your personal data in accordance with the legal requirements. If, however, you are of the opinion that the processing of your personal data is inadmissible under data protection law, please do not hesitate to contact the data protection officer at the Martini-Klinik:
Matthias Jaster Martinistraße 52 20246 Hamburg 040 7410 56890 m.jaster@uke.de

You also have the option of submitting a complaint to the competent supervisory authority. The supervisory authority responsible for you depends on the federal state in which you reside or where the alleged data protection violation took place. A list of supervisory authorities with their addresses can be found at:

www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html


Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Kurt-Schumacher-Allee 4, 20097 Hamburg
mailbox@datenschutz.hamburg.de

www.datenschutz-hamburg.de

8. Validity of and amendments to this Data Privacy Statement
This Data Privacy Statement is currently valid as of June 2022. Due to the continued development of our website and associated services, or as a result of changes to legal or regulatory requirements, it may be necessary to amend this Data Privacy Statement. You can view and print out the current Data Privacy Statement on the website at www.martini-klinik.de/datenschutz at any time.