Skip to main contentSkip to page footer

Data protection

Data protection policy

We take the protection of your personal data seriously. Your data are protected in accordance with legal provisions. This data protection policy describes which data are recorded when you access the website and how they are used.

 

1. Collection and logging of data

Each time you visit our website, your access data are saved on the web servers of Universitätsklinikum Erlangen. The web servers are operated by the Medical Center for Information and Communication Technology (MIK).

Depending on the specific access protocol, the following data are saved temporarily:

  • IP address of the requesting computer
  • Browser type and browser version
  • Address (URL) of the website from which the file was requested
  • Date and time of the request
  • Method/purpose of access requested
  • Input values transferred by requesting computer (file name etc.)
  • Access status of web server (file transferred, file not found, command not executed etc.)
  • Name of requested file

The computing center does not merge IP addresses included in the log entries with other data, meaning that it is not possible for the MIK to make any conclusions concerning individual people.

The logged data are saved for one month before being deleted.

The saved data are used to ensure technical security, in particular for identification purposes and for pursuing unauthorized access attempts or instances of access to the web server. The data are stored in an anonymous form and are used to optimize the website and for statistical purposes. No comparison is made to other datasets and no data are forwarded to third parties, other than in the context of legal obligations or if we are required to forward data for the purpose of prosecution or initiating legal proceedings in the event of attacks on our IT infrastructure.

2. Other instances of collecting data and consent

It is generally possible to use our website without entering personal data. If you have provided personal data, for example in a form or by e-mail, we will only use this for a specific purpose, either to reply to your inquiry, to process contracts concluded with you, to send you the requested documents, or for technical administration purposes. Your personal data will only be forwarded or otherwise transmitted to the extent required for executing the contract or rendering the services you have requested, or if you have previously granted your consent. You have the right to withdraw consent with effect for the future at any time in writing or by e-mail. There is no need to give reasons. However, your withdrawal of consent will only apply with effect from the time it is received by Universitätsklinikum Erlangen.

The saved personal data are deleted if you withdraw consent for the storing of your data, if knowledge of your data is no longer required for the purpose for which the data were saved or if there are other legal reasons against the data being saved.

3. Legal basis for data processing

Art. 6 (1a) of the EU General Data Protection Regulation (GDPR) forms the legal basis for us to obtain the consent of a data subject for their personal data to be processed.

When processing personal data required for the performance of a contract in which the contractual party is the data subject, Art. 6 (1b) GDPR forms the legal basis. This also applies if data have to be processed in order to carry out pre-contractual activities.

Art. 6 (1c) GDPR forms the legal basis if personal data have to be processed in order to fulfill a legal obligation on the part of Universitätsklinikum Erlangen.

Art. 6 (1d) GDPR forms the legal basis in the case that vital interests of the data subject or another natural person make the processing of personal data necessary.

If data processing is necessary in order to protect the legitimate interests of Universitätsklinikum Erlangen or of a third party and if the interests, basic rights and fundamental freedoms of the data subject do not outweigh the interests mentioned above, Art. 6 (1f) GDPR forms the legal basis for such data processing.

4. Cookies

The websites of Universitätsklinikum Erlangen use cookies. Cookies are text files that are placed and saved on a computer system by an internet browser.

Very many websites use cookies. Many cookies include what is known as a cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a series of characters which can be used by websites and servers to identify a specific  browser  This allows the visited websites to differentiate between the individual browser of the affected person and other internet browsers that obtain other cookies. The unique cookie ID allows a certain internet browser to be recognized and identified.

Using cookies allows Universitätsklinikum Erlangen to provide users of this website more user-friendly services that would not be possible without using cookies.

Cookies allow us to optimize information and services offered by our website for users. Cookies allow us, as already mentioned, to recognize the users of our website. The intention behind this is to make it easier for users to use our website. For example, users of a website that uses cookies do not have to enter their access data every time they access the website as this is available via the website and the cookie saved on the user’s computer system.

The user can permanently prevent cookies being placed by our website by setting their internet browser accordingly at any time. Furthermore, any cookies that have already been placed can be deleted at any time via an internet browser or other software programs. This is possible in all standard internet browsers. If the user deactivates the placing of cookies in their internet browser, this may mean that they cannot fully use all the functions offered by our website.

5. Analyzing hits using MATOMO

The data controller has integrated MATOMO on the website. MATOMO is an open source software tool for web analysis. Web analysis involves collecting, gathering and analyzing data regarding the behavior of visitors to the website. A web analysis tool gathers data about which website a data subject visited first before arriving at the website in question (known as referrer), which subpages of the website were viewed or how often and how long the user viewed the subpage. Web analysis is predominantly used to optimize a website and to conduct a cost-benefit analysis concerning internet advertising.

The software is operated on the server of the data controller, and log data classed as being sensitive in accordance with data protection provisions are saved on this server alone.

The purpose of the MATOMO components is to analyze user flows on our website. The data controller uses the data and information acquired in this way to analyze use of the website in order to draw up online reports showing activity on our websites.

MATOMO places a cookie on the user’s IT system. We explained above what cookies are. Placing a cookie allows us to analyze the use of our website. Each time one of the individual pages on the website is accessed,  the MATOMO components automatically request the internet browser on the user’s IT system to transfer data to our server for the purpose of online analysis. During this technical procedure, we receive information about personal data, such as the user’s IP address, which helps us, for example, to track the origin of users and clicks.

The cookie is used to save information on details such as the time the website was accessed, the place from which it was accessed and the frequency visits hits to our website. Every time our website is visited, these personal data including the IP address from which the data subject accesses the internet is transferred to our server. We save these personal data. We do not transfer the personal data to third parties.

As already explained above, the user can permanently prevent cookies being placed by our website by setting their internet browser accordingly at any time. If the settings on the internet browser are set in this way, this also prevents MATOMO from placing a cookie on the user’s IT system. In addition, a cookie already placed by MATOMO can be deleted at any time via an internet browser or other software program.

The user can also withhold consent for the recording of data created by MATOMO relating to the use of the website. In this case, the user has to place an opt-out cookie.

Web analysis software Matomo opt-out

If the user’s IT system is deleted, formatted or re-installed at a later date, the user must place an opt-out cookie once again at https://www.uk-erlangen.de/en/data-protection

Placing the opt-out cookie may mean, however, that the user cannot access all the functions of the websites run by the data controller.

Further information and the valid data protection provisions of MATOMO are available athttp://MATOMO.org/docs/privacy/.

6. Your rights

As a data subject, you are entitled to certain rights. You can assert these rights vis-à-vis Universitätsklinikum Erlangen. They are based on the EU General Data Protection Regulation (GDPR) that also applies in Germany.

Right to information, Art. 15 GDPR

You are entitled to information about the data saved about you.

Right to rectification, Art. 16 GDPR

You may request rectification if the processed personal data concerning you are inaccurate. Incomplete data must be completed, bearing the purpose of processing in mind.

Right to erasure, Art. 17 GDPR

You have the right to request the erasure of your data if certain grounds for erasure apply. This is in particular the case if they are no longer required for the purpose for which they were initially gathered or processed.

Right to restriction of processing, Art. 18 GDPR

You have the right to request that the processing of your data is restricted. This means that your data are not deleted but marked in such a way that continued processing or use is restricted.

 

Right to object, Art. 21 GDPR


In principle, you have a right to object to your data being processed for the purposes of the performance of a task carried out in the public interest or in the exercise of official authority or due to legitimate interests pursued by a certain body.

7. Lodging a complaint with a supervisory authority due to data protection breaches

Irrespective of the fact that you are entitled to take legal action, you are also entitled to lodge a complaint with a supervisory authority if you are of the opinion that processing your data violates data protection regulations. This is stipulated in Art. 77 GDPR. The supervisory authority responsible for Universitätsklinikum Erlangen is:

Bavarian Data Protection Commissioner

Herr Prof. Dr. Thomas Petri
Wagmüllerstr. 18
80538 München

8. Data controller

Universitätsklinikum Erlangen
Anstalt des öffentlichen Rechts
Maximiliansplatz 2
91054 Erlangen
Phone: +49 9131 85-0

 

9. Data Protection Officer at Universitätsklinikum Erlangen

Universitätsklinikum Erlangen has appointed a data protection officer. Their contact details are as follows:  

Universitätsklinikum Erlangen
Datenschutzbeauftragter
Krankenhausstr. 12
91054 Erlangen
E-mail: datenschutz(at)uk-erlangen.de

This data protection policy does not apply to linked websites.

Information on data protection for patients pursuant to GDPR

Download information (de)

 

Information on data protection pursuant to GDPR in the case of video surveillance

Download information (de)

 

Information on data protection pursuant to GDPR in the case of competitions or prize draws

Download information (de)

 

Information on data protection pursuant to GDPR in the case of events

Download information (de)

 

Information on data protection pursuant to GDPR in web conferences using Cisco WebEx

Download information (de)

 

Information on data processing with respect to accommodation for nursing staff provided by Universitätsklinikum

Download information (de)

 

Information on data protection pursuant to GDPR for business partners

Download information (de)

 

Information on data protection pursuant to GDPR for (online) applications

Download information (de)

 

Information on data protection pursuant to GDPR for Facebook

Download information (de)