1. Area of validity
This data protection statement provides an explanation of the nature, scope and purpose of the processing of personal data by the controller, as defined in Art. 4 no. 7 GDPR, namely the
Public Law Foundation
Medical Center Göttingen
represented by the Executive Board
Telephone: +49 551 390
The legal bases for the data protection are the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the Lower Saxony Data Protection Act (NdsDSG) and the Telemedia Act (TMG). The UMG declares that it complies with the applicable laws, in particular when processing personal data.
The UMG Data Protection Officer can be contacted at:
Telephone: +49 551 3922762
The data protection supervisory authority responsible for data protection at the UMG is the Federal State Data Protection Officer for Lower Saxony:
Die Landesbeauftragte für den Datenschutz Niedersachsen
Telephone: +49 511 120 45 00
Fax: +49 511 120 45 99
2. Handling of personal data
Personal data is all information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 4, no. 1 GDPR)
The law relates to the processing of personal data:
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4, no. 2 GDPR)
Personal data is only processed by the UMG when this is permitted by law, or when the user has given their consent to the processing (see Art. 6 GDPR).
2.1 Processing when visiting the website
When visiting this website, information may be stored by Matomo, the web analysis tool, about the website access (date, time, page read).
We set “session” cookies, which are limited to the length of time of your visit, and which allow us, for example, to store specific information related to the device on the access device of the user (PC, smartphone, etc.). This makes it possible to recognise you when you return to our website. As “transient” cookies, session cookies are automatically deleted when you close your browser or log off.
Cookies cannot cause damage to your computer. They are not a potential source of security problems for your computer in the form of viruses or spyware.
Users can influence the way that cookies are used. Most current browsers offer the option of limiting the storage of cookies, or preventing storage entirely.
Many corporate online advertising cookies can be blocked via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/uk/your-ad-choices/.
PLEASE NOTE: if you permit the use of the web analysis cookie by the Matomo web analysis tool, the following usage data is recorded and stored in a database when the website is retrieved:
- Your IP address (in abbreviated form, 2 bytes, e.g.: 192.168.xxx.xxx)
- The date and time of retrieval
- The title of the page retrieved
- The URL (address) of the page retrieved
- The previous URL (address) of the page retrieved
- The display resolution used
- The time zone
- The file that has been clicked or downloaded
- The external link clicked
- The location of the user (country, region, town)
- The browser language
- The browser
The log file processing and use of the web analysis cookie are conducted solely for statistical purposes.
2.2 Processing when contact is made via e-mail or using the contact form
Should personal data be collected via the contact form or via an e-mail enquiry (e.g. the user’s name, address and e-mail addresses), such information is collected solely on a voluntary basis. Please note that personal data that is sent to us via e-mail when initial enquiries are made is stored for processing. However, this is done solely for the purpose of processing the enquiries.
In this context, communication via e-mail may be vulnerable to security breaches. In particular, the possibility of manipulation of electronic documents by third parties cannot be entirely excluded. Furthermore, persons with experience in this area may find ways of reading or altering e-mails en route to us. If you wish to avoid the potential risks arising from the use of e-mail, you should select another form of communication.
Additional personal data is only processed when you provide such data yourself in the e-mail, e.g. when this is required for the conclusion of confidentiality agreements or other contracts.
Your data will only be forwarded to third parties when necessary in order to achieve the purpose of your enquiry (e.g. in order to process personal data to complete a contract [see Art. 6, para. 1b GDPR] or for the fulfilment of legal obligations [see Art. 6, para. 1c GDPR] or when processing is necessary in order to protect the vital interests of the data subject [see Art. 6, para. 1d GDPR]).
3. The right to information; erasure and blockage
Following submission of an application to the person responsible for the content named in the legal notice, you have the legal right to obtain information in accordance with the GDPR and BDSG.
Specifically, you have the following rights with regard to the personal data relating to you:
- The right to information (Art. 15 GDPR)
- The right to rectification (Art. 16 GDPR)
- The right to erasure (Art. 17 GDPR)
- The right to restriction of processing (Art. 18 GDPR)
- The right to data portability (Art. 20 GDPR)
- The right to object to the processing (Art. 21 GDPR)
The stored personal data relating to you is erased and blocked in accordance with the statutory regulations.
In accordance with Art. 77 GDPR, you also have the right to lodge a complaint with a data protection supervisory authority (e.g. the data protection supervisory authority responsible for the UMG, as named above under Section 1).
Version: June 2018