The protection of your personal data is important to us. Your data will be protected within the framework of the legal regulations. In the following, this data protection declaration describes which data is collected during your visit to the homepage and how it is used.
1. Data collection and logging
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contact details, names, website accesses and other data generated via a website.
The stored data is used for technical security reasons, in particular for the purpose of identifying and tracking unauthorized access attempts and accessto the web server. In anonymised form, the data are used for the optimization of the website and statistical purposes. A comparison with other data sets or a transfer to third parties, including in excerpts, does not take place, except due to possible legal obligation or if the transfer is necessary in case of attacks on our IT infrastructure for legal or law enforcement purposes.
The use of the hoster is carried out in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 sec. 1 lit. f GDPR).
Our Hoster will only process your data to the extent necessary to fulfil its performance obligations and will follow our instructions with regard to this data.
Our Internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage on your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser. Cookies have various functions. The cookies on this website are technically necessary, as certain website functions would not work without them. Cookies that are required for the electronic communication process (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f DSGVO, unless another legal basis is given. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of his services. You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or generally, and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
2. Other data collection and consent
The use of our website is usually possible without providing personal data. Insofar as you have provided us with personal data, for example within a form or by e-mail, we will only use it for purpose, either to answer your request, to process contracts concluded with you or to send requested documents as well as for technical administration. Your personal data will only be passed on or otherwise transmitted if this is necessary for the purpose of contract processing or performance of the service requested by you or if you have given your prior consent. You have the right to revoke your consent with effect for the future in writing or by e-mail at any time. There is no need to give reasons. However, your revocation shall only apply from the date on which it is addressed to the University Hospital.
The deletion of the stored personal data takes place if you revoke your consent to storage, if their knowledge is no longer necessary for the fulfilment of the purpose pursued with the storage or if their storage is inadmissible for other legal reasons.
3. Legal bases for data processing
Insofar as we obtain the consent of the data subject for processing transactions of personal data, Art. 1a GDPR as legal basis.
In the case of the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 1b GDPR as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
Insofar as processing of personal data is necessary for the fulfilment of a legal obligation to which the University Hospital is subject, Art. 1c GDPR as legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(p) of the data is used. 1d GDPR as legal basis.
If the processing is necessary to safeguard a legitimate interest of the university hospital or a third party and the interests, fundamental rights and fundamental freedoms of the person concerned do not predominate the first interest, Article 6(0) serves as a matter of absence. 1f GDPR as the legal basis for processing.
4. SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests you send to us as a site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by changing the address line of the browser from “http://” to “https://” and by the lock icon in your browser line.
If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.
5. Your rights
You are entitled to so-called data subjects, i.e. rights that you can exercise as a data subject in individual cases. These rights may be exercised against the University Hospital. They result from the EU General Data Protection Regulation (GDPR), which also applies in Germany:
Right to information, Article 15 GDPR
You have the right to information about the personal data concerning you.
Right to rectification, Article 16 GDPR
If you find that inaccurate data about you is being processed, you may request correction. Incomplete data must be completed taking into account the purpose of the processing.
Right to erasure, Article 17 GDPR
You have the right to request the deletion of your data if there are certain reasons for deletion. This is the case, in particular, where they are no longer necessary for the purpose for which they were originally collected or processed.
Right to restriction of processing, Article 18 GDPR
You have the right to restrict the processing of your data. this means that while your data is not deleted but flagged to limit its further processing or use
Right to object, Article 21 GDPR
In principle, they have the right to object to data processing carried out for the performance of tasks in the public interest or in the exercise of official authority or on the basis of the legitimate interest of a body.
6. Complaint to the supervisory authority for data breaches
Irrespective of the fact that you are also free to seek legal assistance, you have the right to complain to a supervisory authority if you believe that the processing of your data is not permitted under data protection law. This is apparent from Article 77 of the EU General Data Protection Regulation. The supervisory authority responsible for the University Hospital is:
The Bavarian State Commissioner for Data Protection
Herr Prof. Dr. Thomas Petri
7. Data Controller
University Hospital Erlangen
Institution of public law
Phone: 09131 85-0
8. Data Protection Officer of the University Hospital
The University Hospital has appointed a data protection officer. His contact details are as follows:
University Hospital Erlangen
Data protection supervisor
Hospital Street. 12