LMU Klinikum
Center for International Health CIHLMU
CIHLMU is a center at LMU Klinikum

Privacy Statement

This webpage is hosted and published by the LMU Klinikum, and so, the hospital's General Data Protection Policy for the Internet Pages applies (outlined below). Furthermore, additional data privacy rules for uniquely Center for International Health LMU ( CIHLMU )-specific online communication activities are disclosed.

I. Contact Information in Connection with the Internet Presence of the LMU

I.1 Information on the Persons Responsible for Data Protection

The responsible for the LMU Klinikum internet pages within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as other data protection regulations is:

LMU Klinikum
Anstalt des öffentlichen Rechts (AöR)
Marchioninistraße 15
81377 Munich, Germany
info@klinikum.uni-muenchen.de
Tel.: 089 44000

I.2 Information of the Data Protection Officer

The contact data of the official LMU Klinikum data protection officer is found on their webpage.

The official data protection officer is available to answer questions about data protection at the LMU Klinikum.

Data Protection Officer of the LMU Klinikum
Pettenkoferstrasse 8
80336 Munich, Germany
datenschutz@med.uni-muenchen.de
Tel.: 089 4400 58454
Fax: 089 4400 55192

II. General Information about Data Processing on the LMU Klinikum Internet Pages

II.1 Applicability of the Data Protection Policy

This data protection policy applies to the processing of personal data in connection with the LMU Klinikum internet presences.

  • According to Art. 4 item 1 GDPR "personal data" means all information which relates to an identified or identifiable, natural person; the term "identifiable" is deemed to mean a natural person who can be identified directly or indirectly, in particular through assignment of an identifier such as a name, an identifying number, location data, an online identity or one or several special features which are an expression of physical, physiological, genetic, psychic, financial, cultural or social identity of this natural person.

  • According to Art. 4 item 2 GDPR, "processing" means any process executed with or without the aid of automated methods, or any such set of methods in connection with personal data, such as the collection, acquisition, organization, ordering, saving, adapting or changing, read-out, query, use, disclosure by means of transmittal, dissemination or any other form of manipulation, coordination or linking, limitation, deletion or destruction.

II.2 Purpose and Legal Basis for Processing of Personal Data

We would like to point out that we collect personal data of our users only insofar as this is necessary for the provision of a functional website as well as our content and services. The data processing of personal user data only takes place on the basis of a legal permission or if the consent of the user has been obtained for this, unless a prior obtaining of the consent is not possible for actual reasons.

As a rule, personal user data is deleted or blocked when the purpose of the processing has been achieved. If, due to regulations, laws or other provisions that apply to the responsible party, the European or national legislator has provided for storage beyond this, such storage is possible. If a storage period is stipulated by the designated legal bases and this period expires, the data will be blocked or deleted unless further storage is necessary for the conclusion or fulfillment of a contract or for another legal reason.

Protecting your privacy when you visit our websites is important to us. Two types of information are stored when you visit our websites:

  • Data that are stored automatically
  • Data that you have voluntarily provided on forms

II.3 Automatically Stored Data - Usage Profiles

Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

• Anonymized, shortened IP address of the requesting computer
• Date and time of the request
• access method/function requested by the requesting computer
• input values transmitted by the requesting computer (file name, etc.)
• Access status of the web server (file transferred, file not found, command not executed, etc.)
• Name of the requested file
• URL from which the file was requested/the desired function was initiated.
• Type and version of the browser used
• Operating system
• Internet service provider of the user
• Average time spent visiting the website
• pages viewed
• Access times
• terminals used

This data is collected, stored and evaluated in pseudonymized, identifiable form. The storage of the IP address by the system is necessary for the purpose of delivering the website to the user's computer, which is why the user's IP address must also be stored for the duration of the session. Furthermore, the collection, storage and evaluation of the aforementioned data is carried out for the purpose of making our websites more user-friendly and interesting for you. The results of this evaluation are available at the end in statistical form and are anonymous. The data is also stored in the log files of our system. However, this data is not stored together with other personal data of the user.

The storage of the data and the log files is based on the legal basis of Art.6 para.1 lit.f DS-GVO. In the aforementioned purposes also lies the legitimate interest in the data processing according to the stated legal basis.

Data is deleted when it is no longer necessary to achieve the purpose for which it was collected.

If data is only collected to provide the website, this is the case at the end of the respective session. If data is stored in log files, no deletion is required, as anonymization takes place immediately so that the calling client can no longer be assigned.

The user has no right of objection with regard to the collection, recording and storage of this data, as the data collection for the provision of the website and the data storage in log files are absolutely necessary for the operation of the website.

II.4 Personal Data Provided Voluntarily

You can contact the CIHLMU team by sending an email to cih@lrz.uni-muenchen.de

Within the scope of your registration for and participation in a training session using the dedicated registration form embedded in our website you will be asked to provide personal data. For this purpose, our website provides contact forms (registration and contact forms), which can be used for electronic contact. The data is entered in an input mask and transmitted to us and stored.

Different data (depending on the contact form) data is collected as part of this process, often thereby:

• First name and last name
• Gender
• Nationality
• University
• Field of study/degree
• Position
• Email address

In addition, the following data is stored at the time the message is sent:

• IP address of the user
• Date and time

If you do not wish to provide this information, please understand that you will not have access to the functions or information requested.

Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored.

Data transmission on the Internet (e.g. communication by e-mail) cannot guarantee complete data security due to security gaps. Therefore, a complete protection of data against access by third parties by us is not possible. In particular, it cannot be ruled out that unencrypted e-mails can be read by unauthorized persons during transmission. If you wish to communicate or transmit personal or sensitive data (e.g. health data) to us, we therefore advise against sending unencrypted e-mails. For confidential information, we therefore recommend that you send it by mail or contact us by telephone.

By voluntarily providing this data in the contact forms, you as a user declare your consent to the collection and storage of the data entered in each case. The data processing is thus carried out for the purpose of contacting you according to Art. 6 para. 1 p. 1 lit. a DSGVO on the basis of your voluntarily given consent.

The legal basis for the processing of data transmitted by sending an e-mail is Art.6 para.1 lit.f DS-GVO. If the purpose of the contact request or the e-mail is the conclusion of a contract, there is a further legal basis for the processing pursuant to Art.6 para.1 lit.b DS-GVO.

We process personal data only for the purposes of conversation and processing of the contact. The necessary legitimate interest in the processing of data in the case of contact via the contact form or by e-mail is justified.

In addition, we may involve other service providers to fulfil our contractual and legal obligations. In addition, we may transmit your personal data to other recipients outside the CIHLMU if this is required to fulfil our contractual and legal obligations.

This includes, but is not limited to:

• Financial institutions (SEPA payment media)
• Financial authorities, courts
• Administration Department of the LMU Klinikum • DAAD (German Academic Exchange Service)
• BMZ (Federal Ministry for Economic Cooperation and Development)
• Lecturer

Providing your personal data within the scope of registering for and participating in webinars relating to the CIHLMU is voluntary. However, if you do not provide your data (first name, last name, gender, nationality, university, field of study/degree, position, e-mail address) with your application, we cannot register you as participant to the webinar.

In addition, we will only disclose your data in response to requests from official bodies, in particular law enforcement and supervisory authorities, and/or if we are otherwise required to do so by law.

Here, too, the data is deleted when it is no longer required to achieve the purpose. Personal data from the input mask of the contact forms and those sent by e-mail are generally then kept on the intranet of the LMU Klinikum in the e-mail archive or clinical workplace system in accordance with the legal deletion periods there.

The data will only be stored for the long term if a treatment relationship develops from the contact request. The duration of storage then depends on the treatment relationship or legal storage obligations, which, for example, amount to 15 years after completion of the treatment for personal data collected in the course of treatment. If necessary, longer retention periods may result from other legal bases.

II.5 Right of Revocation and Objection

In principle, the user has the right to revoke consent to data processing and the right to object to the processing of personal data at any time. In these cases, a continuation of the conversation is then no longer possible.

The revocation of consent or the objection to processing must be declared either in writing, by telephone or by email to the person responsible.

The personal data stored for contact purposes will no longer be processed in the event of revocation or objection, unless the LMU Klinikum can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user, or the processing serves the purpose of asserting, exercising or defending legal claims, or the rights of the user are restricted on a legal basis.

III.2 Use of Session Cookies

Cookies are automatically created text files that are placed on the user's terminal device, such as PC, laptop, smartphone, and stored by your browser without causing any damage to it.

To facilitate the use of our websites, we use so-called session cookies, which are stored for the duration of your visit and are automatically deleted after your visit.

In addition, cookies are used on the website through Matomo (log file analysis), which allow the user's browsing behavior to be analyzed. This cookie contains a characteristic string, which makes it possible to uniquely identify the browser when the website is called up again. However, this does not provide us with any direct knowledge of the user's identity. See separately point III.3 - Use of Webpage Analysis Tool Matomo.

For the processing of personal data using technically necessary cookies, the legal basis of Art.6 para.1 lit.f DS-GVO is relevant. In the aforementioned purposes also lies our legitimate interest in the processing of personal data according to Art.6 Abs.1 lit.f DS-GVO.

For the processing of personal data using cookies for analysis purposes, the legal basis is Art.6 para.1 lit.a DSGVO if the user has given his consent in this regard.

After cookies are stored on the user's computer and transmitted from it to our website, however, the storage or transmission can be restricted or deactivated by a corresponding setting on the user's browser. If cookies are already stored, they can be deleted at any time, even automatically. Furthermore, the user can receive information about the setting of cookies through appropriate browser settings, grant permission for the use of cookies only in individual cases, set a general or only for explicitly named cases existing exclusion for the acceptance of cookies and set the automatic deletion of cookies when closing the browser.

III.3 Use of Webpage Analysis Tool Matomo (formerly PIWIK)

This website uses Matomo for web analysis. For this purpose, a so-called "cookie" is placed on your computer for identification purposes and generated usage information (including your shortened IP address) is transmitted to the server and stored for usage analysis purposes after it has been anonymized. The information generated by the cookie about your use of the site will not be disclosed to third parties.

If you do not agree to the storage and analysis of the usage information generated by the CIHLMU website, you can object to this below. In this case, a so-called deactivation cookie will be stored in your browser, which means that Matomo will not collect any session data.

Attention: If you delete your cookies, this will result in the deactivation cookie also being deleted and you will have to place it again.

III.4 Newsletter

Mailchimp is the e-mail marketing software used by the CIHLMU . You can access Mailchimp's Privacy Policy here.

III.5 Youtube

Our website integrates plugins from Youtube, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. When you call up pages of our website that are provided with such a plugin, a connection is established to the YouTube servers and the plugin is displayed on the website by informing your browser. This transmits to the YouTube server which one of our webpages you have visited. If you are logged in as a user, YouTube assigns this information to your respective personal user accounts of these platforms. When using these plugins, such as clicking/start button of a video or sending a comment, this information is assigned to your YouTube user account, which can only be prevented by logging out before using the plugin. For more information on the collection and use of data by the platform or plugins, please refer to the privacy policy of YouTube at this link. We use embedded YouTube videos in extended data protection mode. This means: YouTube does not store cookies for a user who views a website with an embedded YouTube video player, but does not click on the video to start playback.

III.6 Use of Social Media

Facebook Social Plugins

We use social plugins ("plugins") of the social network Facebook on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. f. DSGVO) social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white "f" on blue tile, the terms "Like", "Like" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook social plugins can be viewed here.

When a user calls up a function of this online offering that contains such a plugin, his or her device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offer by the latter. In the process, usage profiles of the users can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform the users according to our level of knowledge.

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will learn and store his or her IP address. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and settings options for protecting the privacy of users, can be found in Facebook's privacy policy.

If a user is a Facebook member and does not want Facebook to collect data about him or her via this online offer and link it to his or her membership data stored on Facebook, he or she must log out of Facebook and delete his or her cookies before using our online offer. Further settings and objections to the use of data for advertising purposes, are possible within Facebook's profile settings or via the US website or the EU website. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

LinkedIn Social Plugins

In addition to Facebook we also use LinkedIn as part of our CIHLMU online communication activities to provide and to exchange information with specific target groups. To this end, we have placed the respective icon on the website. However, no active plugin is used in this case, thus no automatic transmittal of your personal data occurs when using those icons.

Information on which data and for what purposes can be found in the LinkedIn privacy policy.

III.7 User's Rights

Upon request, the user will receive at any time and free of charge information about his stored personal data, including recipients, duration of storage and the purpose of data processing. Furthermore, under certain conditions, he has the rights to rectification, restriction of processing, data portability, information and deletion of his personal data, insofar as this does not conflict with statutory retention obligations.

The user has the right to object to the processing of his personal data in accordance with Art. 21 DS-GVO if we process it in accordance with Art. 6 (1) p. 1 lit. f DS-GVO for the protection of legitimate interests, provided that there are reasons for this which arise from his particular situation. The user may object to data processing carried out for direct marketing purposes on this legal basis without giving reasons. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the user, or the processing serves to assert, exercise or defend legal claims.

The right of objection can be exercised using the contact details above.

In addition, the user has a right of revocation at any time in the event that consent has been granted. The revocation of consent is effective for the future, so that the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected.

If the user believes that his or her personal data is being processed unlawfully, he or she also has the right to lodge a complaint with the competent supervisory authority for data protection. The address of the supervisory authority responsible for the controller is:

Name and address of the competent supervisory authority for the public sector in Bavaria:

The Bavarian State Commissioner for Data Protection (BayLfD)
Postfach 221219
D-8o5o2 Munich
poststelle@datenschutz-bayern.de
Tel.: 089 2126720
Fax: 089 21267250

Change of the Privacy Policy

An amendment to this data protection declaration may become necessary due to changes in legal or official regulations or due to the further development of our website and offers on it. The current privacy policy can be viewed at any time on the website at this link and can be retrieved and printed out by you.

Our websites may contain links to other external websites. This privacy policy does not extend to these linked websites.

If you have any questions about privacy, please e-mail datenschutz@med.uni-muenchen.de.