Data protection

Data protection

This data protection declaration serves to fulfill the information obligation required by Article 13 EU GDPR when collecting data from data subjects at the time of collection.


Name and address of the person responsible
Frankfurt University Hospital
Theodor-Stern-Kai 7
60590 Frankfurt am Main


Postal address:
Frankfurt University Hospital
Theodor-Stern-Kai 7
60590 Frankfurt
T 49 69 63 01 -0
F 49 69 63 01 -6301
Internet: www.kgu.de

If you have any questions or complaints about data protection, you can contact the data protection officer at Frankfurt University Hospital.


Data protection officer
University Hospital Frankfurt am Main
Theodor-Stern-Kai 7
60590 Frankfurt am Main
T 49 69 63 01-7235
elke.stueve@ukffm.de

Terminology


Personal Data

Any information relating to an identified or identifiable natural person (hereinafter “data subject”); An identifiable natural person is a natural person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of that natural person.


processing
Any operation or set of operations carried out on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, distribution or any other form of provision, comparison or association, restriction, deletion or destruction.


Restriction of processing
Marking stored personal data with the aim of restricting their future processing.


Profiling
Any type of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences, interests , analyze or predict the reliability, behavior, location or movement of that natural person.


Pseudonymization
The processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not identified or identifiable natural person.


Responsible person
The natural or legal person, public authority, agency or other body which, alone or jointly with others, decides on the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.


Processor
A natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.


Third
A natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or processor.


consent
To the data subject, any voluntary, informed and unambiguous expression of his or her wishes, in the form of a statement or other clear affirmative action, by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.


Rights of the data subject
Below we will inform you about your data subject rights in accordance with Art. 15 GDPR. You can exercise these rights at any time and contact us directly. If you demand these rights from us, we will examine them in detail, taking into account the associated legal requirements and requirements. We may request further information from you about this. We will explain the results of our examination and our approach to fulfilling your request in detail. It is possible that we will not be able to fully comply with your wishes in the way you want. This should not stop you from asserting your rights against us or from inquiring with us about them. We will be happy to answer all of your questions.

(1) Right to information


In accordance with Art. 15 GDPR, you have the right to request information from us at any time as to whether and which personal data we are processing. This also includes information on the purposes of processing, if applicable, on recipients to whom we have disclosed your data, the planned storage period and, if applicable, information on the origin of this data, if we have not collected it directly from you. In addition, you have the right to a one-time, free copy of your personal data stored by us. We reserve the right to charge a reasonable administration fee for the creation of subsequent copies.


(2) Right to rectification


In accordance with Art. 16 GDPR, you have the right to request that we correct any inaccurate data that we have stored about you. This also includes the right to have incomplete personal data completed.


(3) Right to deletion


You have the right to request that we delete data that we have stored about you. If we have published your data, this also includes our obligation, within the scope of the “right to be forgotten” in accordance with Art. 17 Para. 2 GDPR, taking into account available technology and the implementation costs, your request to delete all links to this data as well as copies or replications to forward this data to other persons responsible for processing this published personal data.


(4) Right to restriction of processing


According to Art. 18 GDPR, you have the right to request that we restrict the processing of data that we have stored about you. After that, processing of this data is only possible with your consent or for a few legally specified purposes.


(5) Right to object to processing


If we base the processing of your personal data on the balance of interests, you can object to the processing in accordance with Art. 21 GDPR. This is the case if the processing is not necessary to fulfill a contract with you, which is explained by us in the following description of the functions. If you exercise such an objection, we will ask you to explain the reasons why we should not process your personal data as we do. In the event of your justified objection, we will examine the situation and will either stop or adjust data processing or show you our compelling legitimate reasons on the basis of which we continue processing. Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising using the contact methods listed above.


(6) Right to revoke consent under data protection law


If you have given your consent to the processing of your data, you can revoke this at any time in accordance with Art. 7 Para. 3 GDPR. Such a revocation affects the lawfulness of the processing of your personal data after you have given it to us.


(7) Right to data portability


In accordance with Art. 20 GDPR, you have the right to receive data about yourself that you have provided to us from us in a structured, common and machine-readable format for the purpose of transferring it to another person responsible. At your request and taking into account the available technical possibilities, this also includes the direct transfer from us to the other person responsible.


(8) Right to lodge a complaint with a supervisory authority


In accordance with Art. 13 GDPR, you have the right to complain to the responsible supervisory authority for data protection at any time about our processing of your personal data.


(9) Automated decision making including profiling


You have the right to information about the existence of automated decision-making, including profiling, in accordance with Article 22 Paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject person to receive.


Type of data stored, purpose and legal basis, deletion periods


Handling of personal data

We only collect, use and pass on personal data if this is permitted by law or if the users have consented to the data collection.

Access data/server log files

When accessing the pages of this web server, the following data is generally stored in the server log files

  • IP address
  • Date and Time
  • Type of client browser
    •
  • URL of the page accessed
    •
  • If necessary, the error message about the error that occurred
    •
  • If applicable, the requesting provider
    •

    This data is used exclusively for the purpose of checking functionality, security and troubleshooting. This use is based on EU GDPR Article 6 Paragraph 1 f). All log files are automatically deleted or anonymized after 7 days at the latest.


    contact

    To contact members of the Frankfurt University Hospital (e.g. via contact form or email), your details will be stored to process the request and in the event that follow-up questions arise. After your request has been processed or after fulfillment of the legal obligation or the service used, the data will be deleted, unless the storage of the data is necessary to implement the legitimate interests of the University Hospital Frankfurt or based on a legal regulation (e.g. law, legal ordinance, statutes of the University Hospital Frankfurt etc.) required.


    Changes to our privacy policy

    We reserve the right to occasionally adapt this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. B. when introducing new services. The new data protection declaration will then apply to your next visit.

Share by: