Skip to main content

Privacy Policy

Name and address

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States of the European Union as well as other data protection regulations is: 

German Cancer Research Center - Foundation under public law
Im Neuenheimer Feld 280
69120 Heidelberg
Telephone: +49 (0)6221 420

Name and address of the Data Protection Officer

Data Protection Officer
German Cancer Research Center - Foundation under public law
Im Neuenheimer Feld 280
69120 Heidelberg
Telephone: +49 (0)6221 420

General information on data processing

1. Extent of processing of personal data

We only process the personal data of our users insofar as it is necessary to ensure the functions of the website or our content and services. We only process the personal data of our users after they have given their consent. Data may be collected in exceptional cases in which prior consent is not possible for practical reasons or the data processing is permitted by legal regulations.

2. Legal basis for the processing of personal data

Insofar as we receive a data subject’s consent for the processing of personal data, Article 6 (1) lit. a) GDPR serves as the legal basis. 

For the processing of personal data that is necessary for the performance of a contract concluded with the data subject, this is done as pursuant to Article 6 (1) lit. b) GDPR. This also applies to data processing operations that are necessary prior to entering into a contract.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, this is done in accordance with Article 6 (1) lit. c) GDPR.

In the event that the processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, Article 6 (1) lit. d) GDPR serves as the legal basis.

If the processing is required for the purposes of legitimate interests on the part of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former’s interests, this is carried out according to Article 6 (1) lit. f) GDPR.

3. Erasure of data and retention duration

The personal data of the data subject will be deleted or blocked as soon as the intended purpose of the processing is no longer valid. In addition, data may be stored if the processing of said data is provided for by European or German legislation or by regulations, laws or other directives that are compatible with the rules of the European Union. A blocking or erasure of data is also carried out when a retention deadline prescribed by the aforementioned standards expires, unless the further storage of the data is required for the conclusion or the performance of a contract.

Provision of the Website and creation of log files

1. Description and scope of data processing

Each time our Website is accessed, our system automatically records data and information from the system of the computer that accesses the site.
The following data are collected: 

(1) Information on the type and version of the browser being used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) Time and date of retrieval
(6) Websites from which the user’s system accesses our Website

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 (1) lit. f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address on the system is necessary to ensure the delivery of the site to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. 

The data are stored in log files to ensure the functionality of the website. In addition, the data also serve to ensure the security of our IT systems. The data are not analyzed for marketing purposes.

The purposes also include our legitimate interest in data processing as pursuant to Article 6 (1) lit. f) GDPR.

4. Duration of storage

The data will be deleted when they are no longer necessary for the intended purpose for which they have been collected. In the event that data are collected for the provision of the Website, they are deleted as soon as the session is completed. 

In the event that data are stored in log files, they are deleted no later than seven days afterwards. The data may be stored for a longer time. In this case, the user’s IP addresses are deleted or modified so that the client retrieving the Website can not be identified.

5. Usage of storage

A technically necessary cookie is used to operate the website. It provides the basic functions of this website. It does not require approval and cannot be deactivated.
Name: be_typo_user
Provider: Owner of this website
Cookie expiration date: When the browser session ends

6. Options for objection and removal

Data must be collected to ensure the functioning of the site and they must be stored in log files for the operation of the website. Consequently, the user is not granted a right to object in this case.