Privacy Policy
Name and address
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States of the European Union as well as other data protection regulations is:
German Cancer Research Center - Foundation under public law
Im Neuenheimer Feld 280
69120 Heidelberg
Germany
Telephone: +49 (0)6221 420
Email: kontakt@dkfz.de
Website: www.dkfz.de
Name and address of the Data Protection Officer
Data Protection Officer
German Cancer Research Center - Foundation under public law
Im Neuenheimer Feld 280
69120 Heidelberg
Telephone: +49 (0)6221 420
Email: datenschutzdkfz.de
General information on data processing
1. Extent of processing of personal data
We only process the personal data of our users insofar as it is necessary to ensure the functions of the website or our content and services. We only process the personal data of our users after they have given their consent. Data may be collected in exceptional cases in which prior consent is not possible for practical reasons or the data processing is permitted by legal regulations.
2. Legal basis for the processing of personal data
Insofar as we receive a data subject’s consent for the processing of personal data, Article 6 (1) lit. a) GDPR serves as the legal basis.
For the processing of personal data that is necessary for the performance of a contract concluded with the data subject, this is done as pursuant to Article 6 (1) lit. b) GDPR. This also applies to data processing operations that are necessary prior to entering into a contract.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, this is done in accordance with Article 6 (1) lit. c) GDPR.
In the event that the processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, Article 6 (1) lit. d) GDPR serves as the legal basis.
If the processing is required for the purposes of legitimate interests on the part of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former’s interests, this is carried out according to Article 6 (1) lit. f) GDPR.
3. Erasure of data and retention duration
The personal data of the data subject will be deleted or blocked as soon as the intended purpose of the processing is no longer valid. In addition, data may be stored if the processing of said data is provided for by European or German legislation or by regulations, laws or other directives that are compatible with the rules of the European Union. A blocking or erasure of data is also carried out when a retention deadline prescribed by the aforementioned standards expires, unless the further storage of the data is required for the conclusion or the performance of a contract.
Provision of the Website and creation of log files
1. Description and scope of data processing
Each time our Website is accessed, our system automatically records data and information from the system of the computer that accesses the site.
The following data are collected:
(1) Information on the type and version of the browser being used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) Time and date of retrieval
(6) Websites from which the user’s system accesses our Website
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6 (1) lit. f) GDPR.
3. Purpose of data processing
The temporary storage of the IP address on the system is necessary to ensure the delivery of the site to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
The data are stored in log files to ensure the functionality of the website. In addition, the data also serve to ensure the security of our IT systems. The data are not analyzed for marketing purposes.
The purposes also include our legitimate interest in data processing as pursuant to Article 6 (1) lit. f) GDPR.
4. Duration of storage
The data will be deleted when they are no longer necessary for the intended purpose for which they have been collected. In the event that data are collected for the provision of the Website, they are deleted as soon as the session is completed.
In the event that data are stored in log files, they are deleted no later than seven days afterwards. The data may be stored for a longer time. In this case, the user’s IP addresses are deleted or modified so that the client retrieving the Website can not be identified.
5. Usage of storage
A technically necessary cookie is used to operate the website. It provides the basic functions of this website. It does not require approval and cannot be deactivated.
Name: be_typo_user
Provider: Owner of this website
Cookie expiration date: When the browser session ends
6. Options for objection and removal
Data must be collected to ensure the functioning of the site and they must be stored in log files for the operation of the website. Consequently, the user is not granted a right to object in this case.
7. web analysis through Matomo
On this website, data is collected and stored using the web analysis service software Matomo (www.matomo.org), a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”) on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes in accordance with Art. 6 para. 1 lit. f GDPR. This enables us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. anonymized IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, downloads and others).
Legal basis for data processing
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.
Purpose of the data processing
The processing of users' personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f GDPR. By anonymizing the IP address, the interest of users in the protection of their personal data is adequately taken into account.
Cookie-free analysis
We have configured Matomo so that no cookies are used for the analysis.
Further configuration
We have configured Matomo for anonymized, cookie-free and consent-free operation in accordance with the manufacturer's recommendations. Technical measures are:
- Anonymization of the last 2 bytes of IP addresses
- Use of the anonymized IP address for approximate geolocalization
- No use of user IDs and order numbers
- Enforced tracking without cookies on the server and client side
- Deactivation of browser feature detection
- Referrer: Only the domain of the referrer URL is retained
- DoNotTrack support active on server and client side
- Retention periods for raw data: 45 days
- Retention periods for aggregated data: 12 months with the exception of monthly and annual aggregates
Hosting - Hosting is GDPR-compliant on servers in Germany. The data is not passed on to third parties.
Anonymization of the IP address
Through IP anonymization by Matomo, the IP address is shortened and can no longer be assigned.
Objection and removal option
If you do not agree with the storage and analysis of this data from your visit, you can object to its storage and use at any time. This opt-out from the anonymized and cookie-free range analysis is possible at any time via the Do Not Track setting of the web browser.