This Privacy Policy informs you about the type, extent and purpose of processing of personal data (hereinafter “data”) within the scope of our online services and their associated websites, functions and content, and external online presences such as our social media profiles (hereinafter jointly “online service”). With regard to the terminology used such as “processing” or “controller” we would draw your attention to the Definitions set out in Art. 4 of the General Data Protection Regulation (GDPR).

Name and address of the controller

The controller pursuant to the General Data Protection Regulation, other privacy laws that apply within the Member States of the European Union, and other legal provisions of a privacy-related nature is:

Einstein-Zentrum für Neurowissenschaften Berlin
Charité - Universitätsmedizin Berlin
Charitéplatz 1
10117 Berlin

Tel.: +49 (0)30 450 539 710
E-Mail: ecn@charite.de
Website: https://www.ecn-berlin.de

Contact for Privacy Queries

If you have any queries about the processing of your data, or about your privacy rights, please contact:

Datenschutz der Charité – Universitätsmedizin Berlin
Charitéplatz 1
10117 Berlin

Tel.: +40 30 450 580 016
E-mail: datenschutz(at)charite.de
Website: www.charite.de

Types of data processed:

- Inventory data (e.g. names, addresses)
- Contact data (e.g. e-mail addresses, telephone numbers)
- Content data (e.g. text input, photographs, videos)
- Usage data (e.g. websites visited, interest in content, visit times)
- Meta/communication data (e.g. device information, IP addresses)

Categories of data subjects

Visitors and users of the online service (data subjects are also referred to jointly hereinafter as “users”).

 

Purpose of processing

- Provision of the online service, its functions and its content

- To respond to contact requests, and for communication with users

- Security measures
- To measure reach / for marketing

Terms used

“Personal data” are any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is far-reaching and extends to virtually all interaction with data.

The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

A “processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Applicable legal grounds

In accordance with Art. 13 GDPR we are informing you of the legal grounds on which we undertake data processing. Insofar as the legal basis is not specified in this Privacy Policy, the following applies: Art. 6 (1) a) and Art. 7 GDPR are the legal basis for obtaining consents; Art. 6 (1) b) GDPR is the legal basis for processing in order to provide our services, effect contractual measures and answer queries; Art. 6 (1) c) GDPR is the legal basis for processing in order to fulfill our legal obligations; Art. 6 (1) f) GDPR is the legal basis for processing to pursue our legitimate interests. In the event that processing is necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis is Art. 6 (1) d) GDPR.

Security measures

Pursuant to Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the ongoing confidentiality, integrity, availability of data by monitoring physical access to the data as well digital access to same, their input, transfer, securing of availability and their separation. We have furthermore put in place procedures that ensure the safeguarding of data subjects’ rights, the erasure of data, and a response to any risk to the data. By means of technical design and privacy-friendly pre-settings, we moreover already take the protection of personal data into consideration during the development and/or selection of hardware, software, and procedures in accordance with the principles of data protection (Art. 25 GDPR).

Collaboration with processors and third parties

Insofar as we disclose or transmit data to other persons or companies (processors or third parties) or otherwise give them access to data within the scope of our processing, this is only done on the basis of legal consent (e.g. where transfer of data to third parties such as a payment services provider is necessary for contract performance pursuant to Art. 6 (1) b) GDPR), where you have given your consent, where a legal obligation exists, or on the basis of our legitimate interests (e.g. where agents, web hosters, etc., are used).

Insofar as we instruct third parties to process data on the basis of a “processing contract”, this is done on the basis of Art. 28 GDPR.

Transfer to third countries

Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or where data is processed on our behalf by third parties, or where data is disclosed and/or transmitted to third parties, this is only done where it serves to fulfill our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to statutory or contractual consents, we only process data or have it processed in a third country where the special conditions of Art. 44 ff. GDPR apply. This means that processing is carried out, for example, on the basis of special guarantees such as the official recognized verification of a standard of privacy corresponding with that of the EU (e.g. the Privacy Shield in the USA) or in observance of officially recognized, specific contractual obligations (standard contractual clauses).

Rights of the data subject

You have the right to request confirmation  as to whether your data is being processed, and you have the right to information about these data, as well as further information and a copy of the data pursuant to Art. 15 GDPR.

Under the terms of Art. 16 GDPR you have the right to request the completion of your personal data or the rectification of your personal data which is inaccurate.

Under the terms of Art. 17 GDPR you have the right to request that your personal data be erased without undue delay and/or you may request pursuant to Art. 18 GDPR that the processing of your data be restricted.

You have the right pursuant to Art. 20 GDPR to request your personal data that you have provided to us and to request that the data be transferred to another controller.

Under the terms of Art. 77 GDPR you furthermore have the right to lodge a complaint with the competent supervisory authority.

Right to withdraw consent

You have the right pursuant to Art. 7 (3) GDPR to withdraw consents with future effect.

Right to object

Under the terms of Art. 21 GDPR you have the right to object, on grounds relating to your particular situation, at any time to the processing of your data, most notably for direct marketing purposes.

Cookies and your right to object to direct marketing

Cookies are small files that are stored on users’ computers. Various information may be stored on cookies. The main purpose of a cookie is to store a user’s details (e.g. the device on which the cookie is stored) during or after his/her visit to an online service. Cookies that are deleted when a user leaves the online service and closes his/her browser are known as temporary, session or transient cookies. Information such as the content of a shopping cart in an online store, or a user’s login status may be stored on this kind of cookie. Cookies that remain on a computer even after a browser is closed are known as permanent or persistent cookies. These can, for example, allow a user’s login status to be stored if the user returns several days later. Equally, this kind of cookie may store details of a user’s interests which are used for measuring reach or for marketing purposes. Cookies that are placed by providers other than the controller offering the online service are known as third-party cookies (cookies from the provider of the online service alone are known as first-party cookies).

We may use temporary and permanent cookies and explain these in our Privacy Policy.

If you do not wish cookies to be stored on our computer, you can deactivate them by adjusting your browser settings. These settings can also be used to delete stored cookies. Refusing cookies may mean that you cannot use all the functions of our online service.

You may object to the use of cookies for the purpose of online marketing in relation to a wide number of services, and tracking in particular, via the US webpage http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The storage of cookies may furthermore be blocked by adjusting your browser settings. Please note that if you do so, you may not be able to use all the functions of our online service.

Erasure of data

The data we process are erased or their processing is restricted pursuant to Arts. 17 and 18 GDPR. Unless explicitly stated in this Privacy Policy, we erase stored data as soon as it is no longer required for its intended purpose, and where erasure is not overridden by statutory retention obligations. Where data are not erased because they are necessary for other, lawful purposes, their processing is restricted. This means that the data are blocked and are not processed for other purposes. This applies, for example, to data that must be retained under the provisions of commercial or fiscal law.

In accordance with statutory requirements in Germany, retention is most notably for 10 years pursuant to Arts. 147, paragraph 1 AO (Federal Fiscal Code), 257, paragraph 1, Nos. 1 and 4, paragraph 4 HGB (Federal Commercial Code) (accounts, records, situation reports, account books, commercial books, documents relevant to taxation, etc.) and 6 years pursuant to Art. 257, paragraph 1, Nos. 2 and 3, paragraph 4 HGB (trade and business letters).

Hosting and e-mail transmission

The hosting services that we use serve to provide the following services: infrastructure and platform services, computing capacity, storage and database services, e-mail transmission, security services and technical maintenance services which we deploy for the purpose of operating this online service.

In doing so, we and/or our hosting provider process inventory data, contact data, content data, contractual data, usage data and communication data of customers, leads and visitors to this online service on the basis of our legitimate interest in the efficient and secure provision of this online service pursuant to Art. 6 (1) f) GDPR in conjunction with Art. 28 GDPR (conclusion of a processing contract).

We have comissioned the VCAT Consulting GmbH, August-Bebelstr. 26, MedienHaus, 14482 Potsdam as data processor with the hosting of this website.

Collection of access data and log files

On the basis of our legitimate interest pursuant to Art. 6 (1) f) GDPR, we and/or our hosting provider collect data about every access to the server on which this service is hosted (server log files). These access data include the name of the website visited, file, data and time of the visit, transferred data volume, report on successful retrieval, browser type and version, the user’s operating system, the referrer URL (the page previously visited), IP address and requesting provider.

Log file data are stored for a maximum 7 days for security reasons (e.g. to investigate misuse or fraud) and are then erased. Data which must be retained for longer as proof are exempted from erasure until the given incident has been resolved.

Online presence on social media

We maintain an online presence on social networks and platforms in order to communicate with customers, leads and users there, and so that we can inform them about our services. When you visit the respective networks and platforms, the Terms and Conditions and data processing provisions of the respective operators will apply.

Unless otherwise specified in this Privacy Policy, we process users’ data if they communicate with us on social networks and platforms, for instance if they write posts there or send us messages through them.

Integration of third-party services and content

On the basis of our legitimate interests (i.e. interest in the analysis, optimization, and cost-effective operation of our online service pursuant to Art. 6 (1) f) GDPR), within the scope of our online service we use third-party content or services, in order to integrate their content and services, e.g. videos or fonts (hereinafter “content”).

This always presupposes that the third-party provider of this content will see users’ IP addresses, as without those IP addresses they would not be able to transmit the content to the users’ browsers. The IP address is therefore necessary to display this content. We endeavor to exclusively use content from providers who only use IP addresses to deliver that content. Third-party providers may furthermore use pixel tags (invisible graphics which are also known as web beacons) for statistical or marketing purposes. These pixel tags can be used to analyze information such as visitor traffic to this website’s pages. This pseudonymized information may moreover be stored on cookies on the user’s device and may contain technical information including details about the user’s browser and operating system, referral URLs, time of the user’s visit, and other information on how our online service is being used. These details may also be associated with such information from other sources.

Vimeo

We can integrate videos from the “Vimeo” platform provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy policy: https://vimeo.com/privacy. We would point out that Vimeo may use Google Analytics and we therefore draw your attention to Google’s privacy policy (https://www.google.com/policies/privacy), the opt-out options for Google Analytics
(http://tools.google.com/dlpage/gaoptout?hl=de), and the Google settings relating to data usage for marketing purposes (https://adssettings.google.com/.).

YouTube

We integrate videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/,
Opt-out: https://adssettings.google.com/authenticated.

Google Fonts

We integrate fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/,
Opt-out: https://adssettings.google.com/authenticated