Privacy policy (as of 24/05/2018)

see english version below

Data protection and data security for our company's customers and partners as well as for interested parties and users of our website are of great importance to our company. Transparency regarding the processing of your personal data and the protection of your data are therefore particularly important to us.

This statement provides you with an overview of how your personal data is collected and processed when you use our website and what you can do yourself to better protect your data.

Controller for the processing

Ulm University Hospital
89070 Ulm
Tel. 0731/500-0
E-mail: info.allgemein@uniklinik-ulm.de

Data protection officer

Ulm University Hospital, Data Protection Officer
Albert-Einstein-Allee 29
89081 Ulm
Tel. 0731 500-69290
Mail: dsb.ukl@uniklinik-ulm.de

What is personal data?

Personal data is any information relating to an identified or identifiable natural person. The decisive factor is therefore whether a personal reference can be established through the data collected. This includes information such as your name, address, telephone number and e-mail address. Information that is not directly associated with your real identity - such as favourite websites or the number of users of a site - is not personal data.

How we collect and process your personal data

When you visit our websites, our web servers temporarily store the connection data (e.g. referrer URL, IP address) of the requesting computer, the websites you visit, the date and duration of the visit, the time of the server request, the identification data of the browser and operating system type used and the website from which you visit us as standard for the purpose of system security. Additional personal data such as your name, address, telephone number or e-mail address are not collected unless you provide this information voluntarily, e.g. as part of an information request.

How we use your personal data, how we pass it on

If the opportunity for the input of personal or business data (e-mail addresses, names, addresses) is given, the input of these data takes place voluntarily. E-mails are sent via a contact form. If you send us such a message, your personal data will only be collected to the extent necessary for a reply. The e-mail is transmitted unencrypted.

We use the personal data provided by you exclusively for the purpose of technical administration of the websites and to fulfil your wishes and requirements, i.e. generally to process the contract concluded with you or to answer your enquiry.

We only use this data for product-related surveys, marketing purposes and statistical purposes if you have given us your prior consent or if you have not objected to this - insofar as this is provided for by law.

Your personal data will not be passed on, sold or otherwise transferred to third parties unless this is necessary for the purpose of contract fulfilment or you have expressly consented to this.

Any consent given can be revoked at any time with effect for the future.

How long will your data be stored

In principle, we store all information that you transmit to us until the respective, e.g. contractual, purpose has been fulfilled. E.g. in the case of enquiries until they have been dealt with. If longer storage is required by law, the data will be stored for this period. The log files on our web server are deleted after 14 days.

If you no longer wish us to use your data, we will of course fulfil this request immediately (please contact us at the address given under "Contact").

When will your data be deleted

Stored personal data will be deleted if you revoke your consent to storage, if knowledge of the data is no longer required to fulfil the purpose for which it was stored or if storage is inadmissible for other legal reasons. Data for billing and accounting purposes are not affected by a request for deletion.

Use of cookies

When you visit our website, we use so-called cookies. These are small text files that are stored on your computer. Cookies help us to determine the frequency of use and the number of users of our website, as well as to make our services as convenient and efficient as possible for you.

On the one hand, we use so-called "session cookies", which are only stored temporarily for the duration of your use of one of our Internet pages. On the other hand, we use "permanent cookies" to store information about visitors who repeatedly access one of our Internet pages. The content of a permanent cookie is limited to an identification number. Name, IP address etc. are not stored. An individual profile of your usage behaviour is not created.

It is also possible to use our website without cookies. You can deactivate the storage of cookies in your browser, restrict it to certain websites or set your browser so that it notifies you as soon as a cookie is sent. Please note, however, that if you deactivate cookies, you will have to reckon with a limited display of the site and limited user guidance.

What we do to ensure the security of processing

Our company takes all necessary technical and organisational security measures to protect your personal data from loss and misuse. For example, your data is stored in a secure operating environment that is not accessible to the public. Your personal data is encrypted during transmission using Transport Layer Security (TLS). This means that communication between your computer and our company's servers takes place using a recognised encryption method.

You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If TLS encryption is activated, the data you transmit to us cannot be read by third parties. However, there are also exceptions where encryption is not used.

If you wish to contact our company by e-mail, we would like to point out that the confidentiality of the information transmitted is not guaranteed. The content of e-mails can be viewed by third parties. We therefore recommend that you only send us confidential information by post.

Legal basis for data processing

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1f GDPR serves as the legal basis for the processing. Legitimate interests are, in particular, ensuring the operation and security of the website, analysing the way in which visitors use the website and simplifying the use of the website.

These are your data protection rights

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and possible recipients and the purpose of data processing (Art. 15 GDPR) and, if applicable, a right to rectification of incorrect data (Art. 16 GDPR), erasure of this data (Art. 17 GDPR), the right to restriction of processing in accordance with Art. 18 GDPR, the right to object (Art. 21 GDPR) and the right to data portability of data provided by you in accordance with Art. 20 GDPR). The restrictions under Sections 34 and 35 BDSG apply to the right of access and the right to erasure.

In addition, you have the right to lodge a complaint with the competent supervisory authority in the event of breaches of data protection law (Art. 77 GDPR in conjunction with Section 19 BDSG). The competent supervisory authority for data protection issues is the State Data Protection Officer for Data Protection and Freedom of Information in Baden-Württemberg, Postfach 10 32 99, 70025 Stuttgart, 0711 / 61 55 41 - 0, poststelle@lfdi.bwl.de.

How you can withdraw your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. All you need to do is send us an informal e-mail. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Contact for questions, complaints, assertion of your rights

If you have any questions, complaints or wish to assert your data protection rights, you can contact us using the contact form.

Changes to the privacy policy

Changes may be made to this privacy policy, which will be announced on this page in good time.

Data protection for applications and in the application process

We collect and process the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents to us electronically, for example by e-mail. If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Facebook

Our website contains links to the external social network Facebook. This website is operated exclusively by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). The links on our website are identified by the Facebook logo or the addition "Like" (no Facebook plugins are used).

When you visit our website, functions and data transfers to Facebook are not automatically activated. The Facebook plugins are only activated when you click on the links and your browser establishes a direct connection with Facebook servers. If you follow the links and are logged into your Facebook user account at the same time, the information that you have visited our website will be forwarded to Facebook. Facebook can assign the visit to the website to your account. This information is transmitted to Facebook and stored there. To prevent this, you must log out of your Facebook account before clicking on the link.

For the purpose and scope of data collection by Facebook and the further processing and use of your data there, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook's data protection information(http://de-de.facebook.com/privacy/explanation.php).

Data protection and data security for the customers and partners of our company as well as prospective customers and users of our website have a high priority in our company. Transparency regarding the processing of your personal data as well as the protection of your data are therefore particularly important to us.
With this statement, we give you an overview of how we collect and process your personal data when you use our website, and what you can do to better protect your data.

Responsible for processing
Universitätsklinikum Ulm (Ulm University Medical Center)
D-89070 Ulm
Phone +49 (0) 731/500-0
eMail: info.allgemein@uniklinik-ulm.de

Data Protection Officer
Ulm University Medical Centre, Data Protection Officer
Albert-Einstein-Allee 29
D-89081 Ulm
Phone +49 (0) 731 500-69290
eMail: dsb.ukl@uniklinik-ulm.de

What are personal data
Personal data is any information that relates to an identified or identifiable natural person. It is therefore decisive whether a personal reference can be made through the collected data. This includes information such as your name, address, phone number, e-mail address. Information that is not directly related to your real identity - such as favourite websites or number of users of a page - are not personal data.

How do we collect and process information about you?
By default, when you visit our web pages, for the purposes of system security, our web servers temporarily store the connection data (e.g. referrer URL, IP address) of the requesting computer, the web pages you visit, the date and duration of the visit, the time of the server request, the recognition data of the browser and operating system type used and the website from which you are visiting us. Additional personal information such as your name, address, telephone number or e-mail address will not be collected unless you provide such information voluntarily, e.g. as part of an information request.

How do we use personal information about you, how do we share it?
Insofar as the opportunity to enter personal or business data (e-mail addresses, names, addresses) exists within the web page, the disclosure of this data by the user is expressly voluntary. E-mails are sent via a contact form. If you send us such a message, your personal information will only be collected to the extent necessary for an answer. The e-mail is sent unencrypted.

The personal data provided by you is used exclusively for the purpose of technical administration of the web pages and to fulfil your wishes and requirements, that is usually for processing the contract concluded with you or for answering your request.

Only if you have given us your prior consent or if you have not objected to the extent required by statutory provisions, we also use this data for product-related surveys, marketing purposes and statistical purposes.

A transfer, sale or other transmission of your personal data to third parties does not take place, unless this is necessary for the purpose of contract execution or you have expressly consented.

A given consent can be revoked at any time with effect for the future.

How long will your data be stored?
In principle we store all the information you submit to us until the particular, e.g. contractual purpose is fulfilled. For example, for inquiries to completion. If a longer storage is provided for by law, storage takes place within this framework. The log files on our web server will be deleted after 14 days.

If you no longer wish us to use your data, we will of course comply with this request immediately (please contact the address given under "Contact").

When will your data be deleted
The deletion of the stored personal data takes place if you revoke your consent to its storage, if the knowledge of the data for the fulfilment of the purpose pursued with the storage is no longer necessary or if the storage for other legal reasons is inadmissible. Data for billing purposes and accounting purposes are not affected by a request for cancellation.

Use of cookies
As part of your visit to our pages we use so-called cookies. These are small text files that are stored on your computer. Cookies help us to determine the frequency of use and the number of users of our websites, as well as to make our offers as comfortable and efficient as possible for you.

On the one hand, we use so-called "session cookies", which are cached exclusively for the duration of your use of one of our internet pages. On the other hand, we use "persistent cookies" to record information about visitors who repeatedly access one of our web pages. The content of a permanent cookie is limited to an identification number. Name, IP address etc. are not saved. A single profile about your usage behaviour is not created.

A use of our offers is also possible without cookies. You can disable the storage of cookies in your browser, restrict them to certain websites or set your browser to notify you when a cookie is sent. Please note, however, that if you deactivate cookies you will have to expect a limited display of the page and limited user guidance.

What do we do for the safety of the data processing
Our company takes all necessary technical and organisational security measures to protect your personal data from loss and misuse. Your data is saved in a secure operating environment that is inaccessible to the public. Your personal data is encrypted during transmission by the so-called Transport Layer Security (TLS). This means that communication between your computer and our company's servers is done using a well-recognised encryption method.

You can recognise an encrypted connection by changing the address line of the browser from "http: //" to "https: //" and the lock symbol in your browser line.

If TLS encryption is enabled, the data you submit to us cannot be read by third parties. However, there are exceptions that do not use encryption (for example, transfer data to Google Maps that is unencrypted by Google).

If you wish to contact our company via e-mail, we point out that the confidentiality of the transmitted information is not guaranteed. The content of e-mails can be viewed by third parties. We therefore recommend that you send us confidential information only by mail.

Legal basis for data processing
Insofar as we obtain the consent to process personal data from the data subject, Art. 6 (1a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 (1b) DS-GVO serves as the legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as it is necessary to process personal data in order to fulfil a legal obligation to which our company is subject, Art. 6 para. 1c DS-GVO serves as the legal basis.

In the event that vital interests of the data subject or any other natural person require the processing of personal data, Article 6 (1d) GDPR serves as the legal basis.

If the processing is necessary to preserve the legitimate interests of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1f GDPR serves as the legal basis for the processing. Authorised interests include, in particular, ensuring the operation and security of the website, investigating the manner in which the website is used by visitors and facilitating the use of the website.

These are your privacy rights
At any time you have the right to free information about your stored personal data, their origin and possible recipients and the purpose of data processing (Art. 15 GDPR) and possibly a right to correct incorrect data within the scope of the applicable legal provisions. Art. 16 GDPR) , deletion of these data (Article 17 GDPR) the right to restriction of processing according to Art. 18 GDPR, to opposition (Article 21 GDPR) and the right to data portability of data provided by you according to Art. 20 GDPR). With regard to the right to information and the right to erase, the restrictions under §§ 34 and 35 BDSG apply.

In addition, in the case of violations of data protection law, you have a right of appeal to the competent supervisory authority (Art. 77 GDPR i.V.m. §19 BDSG). Responsible supervisory authority in data protection questions is the State Data Protection Commissioner for Data Protection and Freedom of Information in Baden-Württemberg, PO Box 10 32 99, 70025 Stuttgart, + 49 (0) 711/61 55 41 - 0, poststelle@lfdi.bwl.de.

How to revoke given consent to data processing
Many data processing operations are only possible with your expressed consent. You can revoke an existing consent at any time. An informal message by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Contact for questions, complaints, asserting your rights
If you have any questions, complaints or assertion of your privacy rights, you can contact us via the contact form.

Changes to the privacy policy
Changes may be made to these data protection notices, which are announced in good time on this page.

Data protection in applications and in the application process
We collect and process the personal data of applicants for the purpose of processing the application process. The processing can also be done electronically. Especially this is the case if an applicant submits the corresponding application documents by electronic means, for example by e-mail. When concluding a contract of employment with an applicant, the transmitted data will be stored for the purpose of executing the employment relationship in compliance with the statutory provisions. If no contract of employment is concluded with the applicant, the application documents will be automatically deleted six months after the announcement of the rejection decision, provided that deletion does not prejudice any other legitimate interests of the person who is responsible for processing the data. Other legitimate interest in this sense, for example, is a burden of proof in a procedure under the General Equal Treatment Act (AGG).

Web analysis: analysis service Matomo
We use Matomo (Piwik), an open-source software for the statistical analysis of visitor access. Matomo uses cookies that are stored on your computer and that allow an anonymous analysis of your use of the website. A conclusion to a specific person is not possible because your IP address is anonymised immediately after processing and before storage. Matomo stores this data for 60 days.

You may object at any time to the storage and analysis of this data by Matomo. In this case, a so-called opt-out cookie is permanently stored in your browser, which causes Matomo to collect no data for storage and evaluation. However, if you delete this cookie intentionally or unintentionally, the objection to the data storage and evaluation will also be revoked and can be renewed using the link below.

Alternatively, most modern browsers have a so-called "Do Not Track" option, which allows you to tell websites not to track your user activity. Matomo respects this option.
You can decide here whether a clear web analytics cookie may be stored in your browser in order to allow the operator of the website to collect and analyse various statistical data.

Facebook
Our website contains links to the external social network Facebook. This website is operated exclusively by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). The references are indicated as part of our website by the Facebook logo or the addition "Like" (no Facebook plug-ins are used).

When you visit our website, functions and data transfers to Facebook are not automatically activated. Only by clicking on the links, the Facebook plugins are activated, your browser establishes a direct connection with Facebook servers. If you follow the links and at the same time you are logged in to Facebook with your local user account, the information that you have visited our website will be forwarded to Facebook. You can assign Facebook to your account by visiting the website. This information is transmitted to Facebook and stored there. To prevent this, you must log out of your Facebook account before clicking on the link.

The purpose and scope of the data collection by Facebook as well as the further processing and use of your data as well as your rights in this regard and setting options for the protection of your privacy can be found in the privacy policy of Facebook(http://de-de.facebook.com/privacy/explanation.php).