The responsible party within the context of the General Data Protection Regulation and other national data protection laws of the member states and other data protection regulations is:

 

IfDT - Institut für Diabetes-Technologie Forschungs- und Entwicklungsgesellschaft mbH

an der Universität Ulm

Science Park II

Management: Dr. Guido Freckmann

Lise-Meitner-Straße 8/2

89081 Ulm

 

Phone: +49 (0) 731 / 50 990-0

E-mail: diabetes@ifdt-ulm.de

 

Website: www.ifdt-ulm.de

 

Our data protection representative can be contacted at Datenschutz@idt-ulm.de

 

2.1 Processing of personal data on this website

When you visit our website, we process at least the following data:

Beim Besuch unserer Webseite verarbeiten wir mindestens folgende Daten:

• IP address
• Browser type / version
• Device used (mobile device or PC/laptop)
• Duration of the access
• Number of pages accessed
• Click path
• Access error logs

The legal basis of the processing of this personal data is the response to your request (art. 3 para. 1 sentence 1 lit. b GDPR). In addition, the data is processed for the legitimate interest of the company (art. 6 para. 1 sentence 1 lit. f GDPR), to optimize the website and ensure the security of the website. The stored data will be deleted after seven days unless there is a justified indication of illegal use based on concrete evidence that makes further examination necessary. The responsible party is not in a position to identify users as data subjects on the basis of the stored information.

For particular functions of the website, it may exceptionally be necessary to provide personal information. Further information on this can be found under “Particular functions”.

 

2.2 Cookies

Our website does not use cookies.

 

2.3 Data processing – Contractual relationship

The processing of personal master data, such as name, phone number, address, email address, etc., contract data, such as contract content, communication content, conditions, etc. and payment data, such as bank details, tax number, etc., is required to establish and/or execute contractual relationships with customers. The legal basis for the processing is art. 6 para. 1 sentence 1 lit. b GDPR.

The responsible party processes business data for evaluation and marketing purposes. The legal basis for the processing is art. 6 para. 1 sentence 1 lit. f GDPR. The processing serves the legitimate interest of the responsible party to further develop the range of services and to provide targeted information about them.

We are also subject to various legal obligations, for example under the German Commercial Code (HGB) or Fiscal Code (AO). The legal basis of data processing for this is art. 6 para. 1 sentence 1 lit. c GDPR.

Any further processing of personal data is only carried out on the basis consent within the context of art. 6 para.1 sentence 1 lit. a GDPR.

 

2.4 Data processing – Study participation

The responsible party conducts clinical trials with participants, for which the processing of personal (health) data is required. Type and scope of the processed personal (health) data vary depending on the focus of each project.

The participation in studies is voluntary and is conducted on consent within the context of art. 6 para. 1 sentence 1 lit. a GDPR. The consent to participate in studies can be withdrawn at any time without giving reasons and without any negative consequences for the study participants. If consent is withdrawn, the personal data of the study participants will no longer be processed and all personal data stored up to that point will be deleted, provided that there are no statutory retention obligations to the contrary. The legal basis for data processing for this is art. 6 para. 1 sentence 1 lit. c GDPR.

For the initial collection of personal (health) data, the responsible party uses questionnaires that are made available for download in digital form, including via the responsible party’s website. We would like to point out that communication by unencrypted e-mail carries the risk that transmitted data can be viewed by third parties. In order to avoid risks and protect personal (health) data in the best possible way, we recommend sending completed questionnaires only via post.

The personal (health) data collected in the context of studies is stored on the server of the responsible party. Furthermore, a patient file is created. All persons who have access to personal (health) data are subject to medical confidentiality and are obliged to maintain confidentiality.

 

2.5 Data processing - applicants / employment relationship

The website offers applicants the opportunity to apply to the responsible party by email or post. This involves the processing of personal data relating to the specific application, e.g. general personal data such as name, address, contact details, information on school, professional and further education as well as other information that applicants submit.

The responsible party processes personal data for the purpose of carrying out the application procedure and handling the employment relationship, if such relationship is established, on the basis of art. 88 GDPR in conjunction with section 26 (1), (8) sentence 2 BDSG. § Section 26 para. 1, para. 8 sentence 2 BDSG. Furthermore, personal data may be processed if this is necessary to fulfill legal obligations (art. 6 para. 1 sentence 1 lit. c GDPR) or to defend against legal claims asserted against the controller (art. 6 para. 1 sentence 1 lit. f GDPR). The legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Personal data will be stored for the aforementioned purposes for as long as is necessary to fulfill these purposes. For the purpose of defending against legal claims asserted against the controller in the application process, personal data will be stored for a maximum of 6 months and then deleted.

If no employment relationship is possible, you have the option of having your application included in an applicant pool. In the event of inclusion, all documents and information from the application will be transferred to the applicant pool in order to contact applicants in the event of suitable vacancies. Inclusion in the applicant pool only takes place on the basis of consent within the meaning of art. 6 para. 1 sentence 1 lit. a GDPR. Giving consent is voluntary and is not related to the current application process. The data from the applicant pool will be stored for a maximum of 2 years and then deleted. The data subject can withdraw their consent at any time. In this case, the data will be deleted from the applicant pool, provided there are no legal reasons for storage.

 

2.6 Data processing - video surveillance

Camera monitoring is activated when the doorbell rings. This is done to determine whether the person seeking entry is known or not and whether they are admitted or not. This serves to ensure the safety of employees, clinical trial participants and visitors to the office and business premises.

The data is not recorded.

The legal basis for this data processing is the legitimate interest of the controller or a third party pursuant to art. 6 para. 1 sentence 1 lit. f GDPR.

3.1 Data protection information on the use of Matomo

The website uses the open-source range analysis service Matomo for the statistical analysis of user behavior and to improve usability. No user profiles are created in the process.

Matomo is hosted on the server of the responsible party; personal data is not passed on to third parties. No cookies are used when Matomo is used; this means that individual users cannot be distinguished from one another and returning users cannot be identified. In order to ensure the protection of users' personal data, the website operator has activated "IP anonymization". This means that users' IP addresses are only processed in abbreviated form, i.e. anonymized.

If users do not wish to be tracked when visiting the website, the “do not track” function can be activated in the browser; Matomo will then not collect any data.

Further information on data protection at Matomo can be found at https://matomo.org/privacy.

 

3.2 Data protection information on the use of conference calls, online meetings, video conferences and/or webinars

For telephone conferences, online meetings and/or video conferences, the responsible party uses "Zoom", a service of Zoom Video Communications, Inc, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113+1.888.799.9666 | info@zoom.us. (referred to as "Zoom").

The processing of personal data is based on the legitimate interest of the responsible party pursuant to art. 6 para. 1 sentence 1 lit. f GDPR in the effective conduct of conference calls, online meetings and/or video conferences. Insofar as personal data of employees of the responsible party are processed, art. 88 GDPR in conjunction with Section 26 BDSG is the legal basis. § Section 26 BDSG is the legal basis for data processing.

You can take part in telephone conferences, online meetings and/or video conferences via the respective app or via the respective browser-based version. Further details on the description and scope of data processing when accessing the website https://zoom.us/ can be found in the privacy policy contained therein. Furthermore, the specific product data protection guidelines apply with regard to the applications of the Zoom services.

The following personal data may be processed:

• User details: First name, last name, telephone (optional), e-mail address, password (optional), profile picture (optional), department (optional)
• Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
• When dialing in by phone: incoming and outgoing phone number, country name, start and end time, other connection data such as the IP address of the device, if applicable
• Text, video and audio data: Users may have the opportunity to use the chat function during conference calls, online meetings, video conferences and/or webinars. In this respect, the text entries made by the user are processed in order to display them. In order to enable the display of video and the playback of audio, the data from the microphone of the end device and from any video camera of the end device are processed accordingly for the duration of the meeting. Users can switch off or mute the camera or microphone themselves at any time.

Telephone conferences, online meetings, video conferences and/or webinars are not recorded. Chat content is not logged. If users are registered as users with "Zoom", reports on telephone conferences, online meetings and/or video conferences can be stored for up to 12 months with "Zoom".

An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses. As additional protective measures, the responsible party has configured the application as strictly as possible from a data protection perspective.

Zoom's privacy policy is available at: explore.zoom.us/de/privacy.

 

3.3 Contacting us

When contacting the responsible party (e.g. by email or using the contact form), the information of the requesting user is processed since this is necessary to respond to the contact request and any measures requested. The legal basis for this is art. 6 para. 1 sentence 1 lit. b GDPR.

 

This website contains references to third-party websites in the form of so-called links. Only when you click on such a link will data be transmitted to the link destination. This is technically necessary. The data transmitted are in particular Your IP address, the time at which you clicked on the link, the page on which you clicked on the link, details of your Internet browser. If you do not want this data to be transmitted to the link destination, do not click on the link.

If you follow a link to one of these websites, we would like to point out that these websites have their own data protection information (also called data protection declarations or data protection notices) and that we assume no responsibility or liability for this data processing. Please check this data protection information before you pass on personal data to these websites.

External links turn orange when you move the cursor over the text.

The website uses the TLS (Transport Layer Security) method in conjunction with the highest level of encryption supported by the browser used. Whether an individual website of the website is transmitted in encrypted form can be recognized by the prefix and/or the closed lock symbol in the address bar of the browser.

The responsible party uses technical and organizational security measures to protect the personal data it manages against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security measures are continuously improved in line with technological developments.

The user has the right to:

• confirmation as to whether their own personal data is being processed and information about this data, art. 15 GDPR.
• Completion of your own personal data or correction of incorrect personal data, art. 16 GDPR
• Erasure of your own personal data if there is a reason for erasure stated therein, art. 17 GDPR
• Restriction of the processing of your own personal data if there is a reason stated therein, art. 18 GDPR
• Transfer of own personal data to another responsible party, art. 20 GDPR
• Complaint to a supervisory authority if they believe that the processing of their personal data violates applicable laws, art. 77 GDPR

 

Competent supervisory authority:

Der Landesbeauftragte für den Datenschutz Baden-Württemberg

P.O. Box 10 29 32

70025 Stuttgart

 

Phone: 07 11/61 55 41–0

Fax: 07 11/61 55 41–15

poststelle@lfd.bwl.de

https://www.baden-wuerttemberg.datenschutz.de

 

The user has the right to revoke consent given at any time with effect for the future, art. 7 para. 3 GDPR.

The user has the right to object at any time to the future processing of data relating to them, which is carried out on the basis of art. 6 para. 1 sentence 1 lit. e or f, in accordance with art. 21 GDPR. The objection may be made in particular against processing for direct marketing purposes.

Due to ongoing legal and technical developments, the responsible party reserves the right to update this data protection information at any time.