TUM School of Medicine and Health
Technical University of Munich
Privacy Policy

Data protection is essential for the Technical University of Munich School of Medicine and Health. We want you to know when we store which data and how we use it. Personal data is collected on this central web server of the University Medical Center “Klinikum rechts der Isar” (www.mh.tum.de). Data processing is subject to the applicable data protection regulations, in particular, the General Data Protection Regulation of the European Union (GDPR), the Bavarian Data Protection Act (DPA), and the German Telemedia Act (GTA).

In the following, we inform you about the type, scope, and purpose of collecting and using personal data. This information can be accessed at any time from our website.

A. General Information

The responsible entity according to data protection laws, in particular the EU General Data Protection Regulation (GDPR) in principle, is:

 

Technical University of Munich

Represented by the President Professor Thomas F. Hofmann, PhD

Arcisstr. 21

80331 Munich

Phone +49 89 289-01

Web: www.tum.de

 

Data Protection Officer 

Technical University of Munich

Arccistr. 21, 80331 Munich

Email: beauftragter@datenschutz.tum.de

 

The responsible entity according to data protection laws, in particular the EU General Data Protection Regulation (GDPR) for the personal data processing on this website, is:

 

Klinikum rechts der Isar der TU München

Represented by the Chief Medical Officer Martin Siess, MD, CEO

Ismaninger Str. 22

81675 Munich

Tel. +49 89 4140-0

Internet: www.mri.tum.de

 

Data Protection Officer 

Executive Office Data Protection

Ismaninger Str. 22, 81675

Email: datenschutz@mri.tum.de

Purposes and legal bases for the processing of personal data

The goal of processing data is the fulfillment of the public tasks assigned to us by the legislator, in particular, providinginformation to the public.

Unless otherwise stated, the legal basis for processing your data arises from Article 4 para. 1 of the Bavarian Data Protection Act (DPA) in conjunction with Article 6 para. 1 lit. e of the General Data Protection Regulation (GDPR). Accordingly, we are permitted to process the data necessary to perform a task.

We process your personal data only for the purposes stated in this privacy policy. We do not transfer your personal data to third parties for purposes other than those noted. We will only disclose your personal data to third parties if:

  • you have given your express consent,
  • processing is necessary for the performance of a contract with you,
  • processing is necessary for compliance with a legal obligation,
  • processing is required to protect legitimate interests, and there is no reason to assume you have an overriding legitimate interest in not disclosing your data.
Recipients of personal data

The technical operation of our data processing systems is carried out by the information technology department of the Klinikum rechts der Isar of the Technical University of Munich. If necessary, your data will be transmitted to the competent supervisory and auditing authorities for the exercise of the respective control rights.

To avert threats to information technology security, data may be forwarded to the State Office for Information Security for electronic transmission and processed based on Article 12 et seq. of the Bavarian E-Government Act.

Duration of the storage of personal data

Your data will only be stored for as long as necessary to fulfill tasks, taking into account statutory retention periods.

Your data subject rights

As far as we process personal data from you, you are entitled to the following rights as a data subject:

  • You have the right to information about the data stored about you (Article 15 GDPR).
  • If incorrect personal data are processed, you have a right to rectification (Article 16 GDPR).
  • If the legal requirements are met, you can request the deletion or restriction of processing (Article 17 and 18 GDPR).
  • If you have consented to the processing or a contract for data processing exists and the data processing is carried out with the help of automated procedures, you may be entitled to a right to data portability (Article 20 GDPR).
  • If you have consented to the processing and the processing is based on this consent, you can revoke the consent at any time in the future. The lawfulness of the data processing carried out based on the consent until the revocation is unaffected.
  • You have the right to object to processing your data at any time for reasons arising from your particular situation if the processing is carried out exclusively based on Art. 6 para. 1 lit. e or f GDPR (cf. Article 21 para. 1 sentence 1 GDPR).

You can also address your complaint to the data protection supervisory authority responsible for Klinikum rechts der Isar. Contact the

 

Bavarian State Commissioner for Data Protection

Post address: P.O. Box 22 12 19, 80502 Munich

Address: Wagmüllerstrasse 18, 80538 Munich

Tel. 089 212672-0

Fax: 089 212672-50

E-mail: poststelle@datenschutz-bayern.de

Internet: www.datenschutz-bayern.de

Technical Implementation

Our web server is operated by Webhosting Franken. The personal data you provide when visiting our website will,therefore, be processed on our behalf by

 

Webhosting Franken

Inh.: Holger Häring

Wassermannstraße 32

96052 Bamberg

Protocols

When you access this or other Internet pages, you transmit data to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:

  • The date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.).
  • Web browser and operating system used
  • Full IP address of the requesting computer
  • Transmitted amount of data.

After the connection ends, the data is anonymized by shortening the IP address at the domain level so that it is no longer possible to establish a reference to individual users.

Active Components

We use active components such as Javascript. You can disable this function by setting up your internet browser.

Collection of general information when visiting our website

When you access our website, information of a general nature is automatically collected using a cookie. This information (server log files) includes the type of web browser, the operating system used, the domain name of your Internet service provider, and the like. This is only information that does not allow any conclusions about your person.

This information is technically necessary to correctly deliver the content of websites requested by you and is mandatory when using the Internet. In particular, they are processed for the following purposes:

  • ensuring a smooth connection setup of the website,
  • ensuring a smooth use of our website,
  • evaluation of system security and stability, as well as
  • for other administrative purposes.

The processing of your personal data is based on our legitimate interest in the purposes as mentioned above for data collection. We do not use your data to draw conclusions about your person. Recipients of the data are only the responsible body and, if necessary, order processors.

If necessary, we will statistically evaluate anonymous information of this kind to optimize our website and the technology behind it.

Cookies

Like many other websites, we also use so-called “cookies.” Cookies are small text files transferred from a website server to your hard drive. Through this, we automatically receive specific data such as IP address, browser used, operating system and your connection to the Internet. The storage period is a maximum of 100 days. Cookies can, however, be deleted manually by the user.

Cookies cannot be used to launch programs or transfer viruses to a computer. Based on the information in cookies, we can facilitate your navigation and enable the correct display of our web pages.

In no case will the data we collect be passed on to third parties or linked to personal data without your consent.

Of course, you can also view our website without cookies in principle. Internet browsers are regularly set to accept cookies. You can generally deactivate cookies at any time via your browser settings. Please use the help functions of your Internet browser to find out how to change these settings. Please note that individual functions of our website may not work if you have disabled the use of cookies.

SSL Encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL) via HTTPS.

Contact Form

Suppose you contact us by email or contact form regarding questions. In that case, you give us your voluntary consent to get you. For this purpose, the specification of a valid email address is required. This serves as the assignment of the request and the subsequent response. The provision of further data is optional. The information you provide will be stored to process the request and for possible follow-up questions. After completion of your request, personal data will be automatically deleted.

Use of Matomo

This website uses Matomo (formerly Piwik), an open-source statistical visitor traffic analysis software. Matomo uses so-called cookies, text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website is stored on a server in Germany.

The IP address is anonymized immediately after processing and before storage. You can prevent the installation of cookies by changing the settings of your browser software. We want to point out that with the corresponding setting, not all functions of this website may be available.

You can decide whether a unique web analysis cookie may be stored in your browser to enable the website operator to collect and analyze various statistical data.

Use of Google Maps

This website uses Google Maps API to visually display geographical information. When using Google Maps, Google also collects, processes, and uses data about the use of the map functions by visitors. You can find more information about data processing by Google in the Google privacy policy. You can also change your personal privacy settings in the Privacy Center.

For detailed instructions on managing your data with Google products, see here.

Sending Newsletters

We use CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. This service allows us to organize and analyze the newsletter dispatch. The data you enter to receive the newsletter, such as your email address, is stored on CleverReach's servers. Server locations are Germany and Ireland, respectively.

The newsletter dispatch with CleverReach allows us to analyze the behavior of the newsletter recipient. The analysis reveals, among other things, how many recipients have opened their newsletter and with what frequency links in the newsletter were clicked. CleverReach supports conversion tracking to analyze whether a previously defined action, such as a product purchase, occurs after clicking a link. Details on the data analysis by CleverReach can be found here.

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. For the revocation, an informal message by email or unsubscribe via the “unsubscribe” link in the newsletter is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

If you do not wish any analysis by CleverReach, you must unsubscribe from the newsletter. To unsubscribe, sendingus an informal message by email or unsubscribe via the “unsubscribe” link in the newsletter is sufficient.

Data entered to set up the subscription will be deleted from our servers and the servers of CleverReach in the event of unsubscription. If this data has been transmitted to us for other purposes and elsewhere, it will still remain with us. For details on CleverReach's privacy policy, please see here.

Commissioned processing: To fully comply with the legal data protection requirements, we have concluded a contract with CleverReach for commissioned processing.

Embedded Videos

Vimeo

We use the provider Vimeo, operated by Vimeo, Inc., 555 West 18th Street, New York, New York 10011 (“vimeo”), among others, to integrate videos into our website.

When you access videos on our website via vimeo, a connection is established to the vimeo servers in the USA. This transmits certain information to vimeo, regardless of whether you have a vimeo account or not. This can be, for example:

  • Your IP address
  • Your browser information, e.g., language settings
  • Cookie information about vimeo cookies that have already been set
  • Information about the website from which you are accessing vimeo’s site

vimeo stores cookies on your terminal device. In particular, the tracker Google Analytics. This is vimeo's own tracking, to which we have no access. You can prevent tracking by Google Analytics by using Google's deactivation tools for some Internet browsers. Users can also prevent the collection of data generated by Google Analytics and related to their use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available here.

Insofar as vimeo offers certain additional functions, such as rating or sharing videos, these functions are provided exclusively by vimeo and the respective third-party providers. You should carefully review their privacy policies before using the individual functions. We do not obtain any knowledge of the content of the data collected by vimeo or third-party providers and have no influence on its use. Through this, it is transmitted to the vimeo server, which of our Internet pages you have visited. If you are logged in as a member of vimeo, vimeo assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your vimeo user account before using our website and deleting the corresponding cookies from vimeo.

vimeo processes personal data in the US and relies, among other things, on the so-called standard contractual clauses of the European Commission. For more information, see here in section “14.2 GDPR (EEA Users)”.

vimeo may share your data with third parties. These are, for example, group-affiliated companies, business partners, and advertising partners, who, in turn, use tracking technologies on the vimeo website. For more information on data processing and privacy notices by vimeo, please visit https://vimeo.com/privacy and the Cookie Policy at https://vimeo.com/cookie_policy.

We use vimeo to be able to show you corresponding videos directly via our website. Justification is provided by Article 6 para. 1 lit. a GDPR, insofar as you have given us your consent in advance. You can revoke this at any time with effect for the future. In this case, you can no longer use the vimeo offer.

YouTube

We use the provider YouTube, among others, to integrate videos. YouTube is operated by YouTube, LLC, headquartered at 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube is represented by Google LLC. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you access the website on which the YouTube plugin is embedded, a connection to the YouTube servers is established for video display. This transmits to the YouTube server which of our Internet pages you have visited.

YouTube is loaded only with your consent, which means that no data about you as a user will be transmitted to YouTube if you have not given consent. Only with your consent can the videos be played, and data is sent to the YouTube server, which of our Internet pages you have visited.

If you are logged in as a member of YouTube, YouTube assigns this information to your personal user account. When using the plugin, such as by clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube user account and other user accounts of YouTube LLC and Google LLC, before using our website and deleting the corresponding cookies of the companies.

For more information on the purpose and scope of data collection and its processing by YouTube, please refer to the privacy policy. You will also find more information about your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA.

We only use YouTube with your consent, which you can revoke anytime. The corresponding data processing is based on Article 6 para. 1 lit. a GDPR. The storage period is 6 months.

B. Miscellaneous Information
Changes to our Privacy Policy

We reserve the right to adapt this data protection declaration to always comply with the current legal requirements or to implement changes to our services in the data protection declaration, e.g., when introducing new services. The new privacy policy will then apply to your next visit.

Questions for the Data Protection Officer

If you have any questions about data privacy, please email us or contact the person responsible for data privacy in our organization directly via email at datenschutz@mri.tum.de.