The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States of the European Union as well as other data protection regulations is:
1. Extent of processing of personal data
We only process the personal data of our users insofar as it is necessary to ensure the functions of the website or our content and services. We only process the personal data of our users after they have given their consent. Data may be collected in exceptional cases in which prior consent is not possible for practical reasons or the data processing is permitted by legal regulations.
2. Legal basis for the processing of personal data
Insofar as we receive a data subject’s consent for the processing of personal data, Article 6 (1) lit. a) GDPR serves as the legal basis.
For the processing of personal data that is necessary for the performance of a contract concluded with the data subject, this is done as pursuant to Article 6 (1) lit. b) GDPR. This also applies to data processing operations that are necessary prior to entering into a contract.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, this is done in accordance with Article 6 (1) lit. c) GDPR.
In the event that the processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, Article 6 (1) lit. d) GDPR serves as the legal basis.
If the processing is required for the purposes of legitimate interests on the part of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former’s interests, this is carried out according to Article 6 (1) lit. f) GDPR.
3. Erasure of data and retention duration
The personal data of the data subject will be deleted or blocked as soon as the intended purpose of the processing is no longer valid. In addition, data may be stored if the processing of said data is provided for by European or German legislation or by regulations, laws or other directives that are compatible with the rules of the European Union. A blocking or erasure of data is also carried out when a retention deadline prescribed by the aforementioned standards expires, unless the further storage of the data is required for the conclusion or the performance of a contract.
1. Description and scope of data processing
Each time our Website is accessed, our system automatically records data and information from the system of the computer that accesses the site.
The following data are collected:
(1) Information on the type and version of the browser being used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) Time and date of retrieval
(6) Websites from which the user’s system accesses our Website
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6 (1) lit. f) GDPR.
3. Purpose of data processing
The temporary storage of the IP address on the system is necessary to ensure the delivery of the site to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
The data are stored in log files to ensure the functionality of the website. In addition, the data also serve to ensure the security of our IT systems. The data are not analyzed for marketing purposes.
The purposes also include our legitimate interest in data processing as pursuant to Article 6 (1) lit. f) GDPR.
4. Duration of storage
The data will be deleted when they are no longer necessary for the intended purpose for which they have been collected. In the event that data are collected for the provision of the Website, they are deleted as soon as the session is completed.
In the event that data are stored in log files, they are deleted no later than seven days afterwards. The data may be stored for a longer time. In this case, the user’s IP addresses are deleted or modified so that the client retrieving the Website can not be identified.
5. Options for objection and removal
Data must be collected to ensure the functioning of the site and they must be stored in log files for the operation of the website. Consequently, the user is not granted a right to object in this case.
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are placed in or by the internet browser on the user’s computer system. If a user accesses a site, a cookie may be placed on the user’s operating system. This cookie contains a characteristic string that allows for the clear identification of the browser for any subsequent visits to the Website.
We place cookies to ensure our site is user-friendly. Some elements of our website call for the browser to be identified even after switching pages.
2. Legal basis for data processing
The legal basis for the processing of personal data with the use of cookies is Article 6 (1) lit. f) GDPR.
3. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for the user. Some features of our Website cannot be used without the placement of cookies. For this, it is necessary for the browser to be recognized even after switching pages.
We require cookies for the following applications:
(1) Website analysis
The user data collected by technically necessary cookies are not used to create user profiles.
Analysis cookies are used for the purpose of improving the quality of our Website and its contents. These cookies enable us to learn how the site is used and to constantly optimize our service.
The analysis cookies can recognize an internet browser. However, user profiles are not associated with data of the bearer of the pseudonym without their express consent. In particular, IP addresses are anonymized immediately after they are collected, which makes it impossible to associate user profiles with IP addresses. Visitors to this Website may object to the collection and storage of these data at any time with effect for the future under the item “Web analytics by Matomo” below.
These purposes also include our legitimate interest in the processing of personal data as pursuant to Article 6 (1) lit. f) GDPR.
4. Duration of storage, options for objection and removal
Cookies are stored on the user’s computer and transmitted from the computer to our Website. Therefore, you as a user have full control of the placement of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Previously placed cookies can be deleted at any time. This can be also done automatically. If cookies are disabled for our Website, potentially not all features of the Website may be used fully.
Matomo uses so-called cookies. These are text files that are stored on your computer and enable GHGA to analyze the use of this website. For this purpose, the information on website usage obtained by the cookie is transferred to the GHGA server and stored there so that usage behaviour can be evaluated. Your IP address is immediately anonymized; thus you remain anonymous as a user. The information generated by the cookie about your use of this website will not be passed on to third parties. The use of the pseudonymized data is based on the regulations of §15 paragraph 3 TMG. Visitors to this website can object to this data collection and storage at any time for the future here.
The analysis of user behavior is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize its website.
If you subscribe to the newsletter, the data in the respective submission form will be transmitted to the responsible controller. The registration for our newsletter takes place via a so-called double opt-in procedure. That means, you will receive an e-mail after registration in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with foreign e-mail addresses. When registering for the newsletter, the user's IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, a corresponding link can be found in each newsletter. The legal basis for the processing of the data after registration for the newsletter by the user is, if the user has given his consent, Art. 6 para. 1 lit. a) DSGVO. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.
Use of rapidmail
1. Description and scope of data processing
We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße, 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organize and analyze the dispatch of newsletters. The data you enter for the purpose of receiving the newsletter is stored on rapidmail's servers in Germany. If you do not want any analysis by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website. For the purpose of analysis, the e-mails sent with rapidmail contain a so-called tracking pixel, which connects to the servers of rapidmail when the e-mail is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of rapidmail, we can determine whether and which links in the newsletter message are clicked. All links in the e-mail are so-called tracking links, with which your clicks can be counted.
2. Legal basis for data processing
The legal basis for data processing is Art. 6 para. 1 lit. a) DSGVO.
Recipient: The recipient of the data is rapidmail GmbH.
Transmission to third countries: There is no transmission of data to third countries.
3. Purpose of data processing
The purpose is to send the newsletter to the subscriber, of which data is processed. The tracking links used help to improve the newsletter content by allowing the use of individual content to be precisely analyzed.
4. Duration of storage
The data stored by us within the scope of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
Our Website includes contact forms for you to contact us directly. If a user makes use of this option, the data entered into the input field are transmitted to us and stored. These are:
At the time the message is sent, the following data are also stored:
(1) Time and date of registration
In order to process the data collected in conjunction with submitting the contact form, you must give your consent and you will be referred to this privacy policy.
Alternatively, it is possible to contact us via the email address provided. In this case, the personal data of the user submitted with the email are stored.
These data are not transferred to third parties. The data are used solely for the processing the communication.
2. Legal basis for data processing
The legal basis for the data processing is the user’s consent as pursuant to Article 6 (1) lit. a) GDPR.
The legal basis for the processing of the data that are sent with the transmission of the email is Article 6 (1) lit. f) GDPR. If the email contact serves to enter into a contract, then the legal basis for the processing is Article 6 (1) lit. b) GDPR.
3. Purpose of data processing
The processing of personal data in the input field is done solely for processing the contact. If contact is made via email, then there is also a required legitimate interest on the processing of the data.
The other personal data processed during the transmission are used to prevent misuse of the contact form and to ensure the security of our IT systems.
4. Duration of storage
The data will be deleted when they are no longer necessary for the intended purpose for which they have been collected. For the personal data from the input field in the contact form and those that are sent via email, this is the case if each respective conversation with the user has been completed. The conversation is deemed to have been completed if based on circumstances it is apparent that the issue at hand has been resolved.
The personal data collected during transmission are deleted after a period of seven days at the latest.
5. Options for objection and removal
The user has the possibility to withdraw his consent for the processing of personal data at any time. If the user contacts us via email, then he may object to the storage of his personal data at any time. In such a case, however, the conversation cannot be continued.
You can withdraw your consent with effect for the future at any time by sending an email to kontakt@dkfz.de.
In this case, all personal data stored over the course of the contact will be deleted.
YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge.
Our website uses plugins from the YouTube site operated by Google. In the European Economic Area (EEA) and Switzerland, Google services are offered by: Google Ireland Limited registered and operated under Irish law (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. (https://policies.google.com/terms?hl=de)
When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.
The embed code for YouTube videos was generated in extended data protection mode (for more information, see support.google.com/youtube/answer/171780 ).
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
For more information on the handling of user data, please refer to YouTube's privacy policy at: www.google.de/intl/de/policies/privacy .
Social networks
The German Human Genome-Phenome Archive (GHGA) is represented on social media platforms such as YouTube and Twitter. Anyone who registers with social networks and uses their functions to interact with the presence of ghga.de there (such as comments, messages, likes or shares) leaves data behind in the process. It is possible that this data is stored, evaluated and processed by the provider, for example to analyze user behavior.
ghga.de has no influence on the data protection settings of these third-party platforms; the data protection guidelines of the respective social network apply. There you will also find more detailed explanations of which data is processed and the options to object:
The online offers of ghga.de can also be used without registering with social networks. You can go directly and without detour, for example, to ghga.de.
In order to make ghga.de more attractive and user-friendly, we integrate content from selected social media platforms (YouTube and Twitter) in places on ghga.de. Cookies are set for this purpose, so as not to transmit any data, deactivate the cookies. The corresponding content will then no longer be displayed.
We use the Podigee podcast hosting service from the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are downloaded or streamed from Podigee.
The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimisation of our podcast offer in accordance with Art. 6 (1) letter (f) GDPR.
Podigee processes the IP addresses and device information to enable podcast downloads / playbacks and statistical data such as to determine the number of downloads. This data is anonymised by Podigee before they are stored in the database, unless they are required for the provision of the podcasts.
Further information and options to object can be found in Podigee's data protection declaration: https://www.podigee.com/en/about/privacy.
Our Legacy Consent Toolkit app is hosted at shinyapps.io which is provided by RStudio, 250 Northern Ave, Boston, MA 02210, USA. The app generates a log of the R console messages that would normally be seen if running the app code within RStudio.
The log does not contain any personal information about you such as your IP address or location; it is only generated to support bug-fixing. The log is automatically deleted after 1 week.
Third-party cookies
For the customization and optimization of this Website, anonymized data are collected and stored via Matomo on the GHGA servers. For this purpose, third-party cookies of Matomo are used on our Website. For a detailed description, see above in the paragraph “Web analytics via Matomo” as well as the options for objection and removal on this page.
As soon are your personal data are processed, you assume the role of the data subject as pursuant to GDPR and are therefore granted the following rights vis-à-vis the data controller:
1. Right of access
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed by us.
If this is the case, you may request access to the following information from the controller:
You are also entitled to the right to request information on whether your personal data are transferred to a third country or to an international organization. In this context, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
2. Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller insofar as the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without undue delay.
3. Right to restriction of processing
You may request the restriction of processing of personal data concerning you under the following conditions:
Where processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
Where the restriction of processing is carried out pursuant to the aforementioned conditions, you will be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Duty to delete
You may request the controller to have personal data concerning you deleted without undue delay, and the controller is required to delete these data without undue delay, unless one of the following reasons applies:
b) Information transferred to third parties
If the controller makes the personal data concerning you available to the public and he is obliged to erase the data as pursuant to Article 17 (1) GDPR, he must take appropriate measures, taking into account the available technology and the cost of their implementation and technical nature, to inform the data processing controller who processes the personal data that you as the data subject have requested the erasure of all links to these personal data or copies or replication of such personal data.
c) Exceptions
The right to erasure does not apply insofar as the processing is required
5. Right to be informed
If you have asserted your right to rectification, erasure or restriction pertaining to the data processing vis-à-vis the controller, he is thus obliged to inform all recipients to whom the personal data have been disclosed of this rectification or erasure of the data or the limitation of the processing, unless this proves to be impossible or involves a disproportionate effort.
You are entitled to the right to be informed by the controller about these recipients.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. Moreover, you also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided insofar as
(1) the processing is based on a granted consent as pursuant to Article 6 (1) lit. a) GDPR or Article 9 (2) lit. a) GDPR or on a contract pursuant to Article 6 (1) lit. b) GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, wherever technically feasible. This may not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data if it is required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) lit. e) or f), including profiling based on those provisions.
The controller shall no longer process the personal data unless he demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the assertion, exercise or defense of legal claims.
Wherever personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you may no longer be processed for such purposes.
Within the context of the use of information society services, notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to revoke consent to data processing
You have the right to revoke your consent to data processing at any time. Upon revoking consent, the legality of the data processing carried out on the basis of the consent will not be affected by the revocation of consent.
9. Automated decision-making, including profiling
You have the right not to be subject to a decision that is based solely on an automated processing of data, including profiling, and that may have a legal effect on you or any similarly significant restrictive effect. This does not apply if the decision
(1) is necessary for the conclusion or the performance of a contract between you and the controller,
(2) is permissible on the basis of legislation of the European Union or its Member States to which the controller is subject and these laws contain adequate measures to safeguard your rights and freedoms as well as your legitimate interests, or
(3) is made with your explicit consent.
However, these decisions may not be based on special categories of personal data as pursuant to Article 9 (1) GDPR, insofar as Article 9 (2) lit. a) or g) GDPR do not apply and appropriate measures for the protection of your rights and freedoms as well as your legitimate interests have been taken.
Regarding the cases referred to in (1) and (3), the controller must take appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, which must include at least the right to obtaining the intervention of a person on the behalf of the controller, the right to present one’s own position and the right to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Notwithstanding any other administrative or judicial remedies, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside or work or where the alleged violation takes place if you believe that the processing of your personal data is in violation of GDPR.
The supervisory authority to which the complaint is submitted informs the complainant on the status and the results of the complaint including the possibility of a judicial remedy as pursuant to Article 78 GDPR.
If you wishes to exercise the rights described above, please contact the data protection officer under datenschutz@dkfz.de