1. Responsible Person for the processing of personal data:
The person responsible for the collection, processing and use of your personal data within the meaning of the Basic Data Protection Regulation:
Institute for Medical Sociology, Health Services Research and Rehabilitation Science (IMVR) of the Faculty of Human Sciences and the Faculty of Medicine of the University of Cologne (KöR).
Eupener Str. 129
Revocation of consent to data processing:
Consent to data processing that you have already given can be revoked at any time. You can address your objection to the person responsible. An informal communication by e-mail is sufficient for this purpose. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
2. Data collection and purposes of processing
Below, we inform you about the ways in which your data is collected on our website and for what purpose it is processed by us.
If you contact us (e.g., via contact form or e-mail), we process and store the personal data you provide for the purpose of processing the inquiry and if follow-up questions arise. We only process further personal data if you consent to this (Art. 6 (1) p. 1a) DSVGO) or we have a legitimate interest in processing your data (Art. 6 (1) p. 1f, DSVGO). An example for a legitimate interest is to respond to your e-mail. If you register for an event via one of our forms, your data will be stored for this purpose. The contact forms on our website only require you to enter such data as is needed to process the request. Your personal data will not be passed on to third parties under any circumstances.
2.2 Newsletter data
On our website there is the possibility to register for a newsletter, which informs the subscribers in regular intervals about news concerning CoRe-Net. To register for the newsletter, the data requested during the registration process is required. The registration for the newsletter is logged. We store our registration data as long as they are needed for sending the newsletter. We store the logging of the registration and the shipping address as long as there was an interest in proving the consent originally given, which is usually the limitation periods for civil claims, thus a maximum of three years. The legal basis for sending the newsletter is your consent in accordance with Art. 6 (1) p. 1a) in conjunction with Art. 7 DSVGO in conjunction with §7 (2) No. 3 UWG. The legal basis for logging the registration is our legitimate interest in proving that the dispatch was made with your consent. You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. For that, an informal written message (e.g., via e-mail) to the contact data mentioned under point 1 is sufficient. You will also find an unsubscribe link in every newsletter.
2.5 Access data
We collect information about you when you use this website. We automatically collect information about your usage behaviour, your interaction with us and register data about your computer or mobile device. We collect, store, and use data about each access to our website (so-called server log files). The access data includes:
– Name and URL of the file accessed
– Date and time of access
– Amount of data transferred
– Message about successful retrieval (HTTP response code)
– Browser type and browser version
– Operating system
– Referrer URL (i.e., previously visited page)
– Websites that are called up by the user’s system via our website
– Internet service provider of the user
– IP address and the requesting provider
We use this log data without assigning it to you personally or otherwise profiling it for statistical evaluations for the purpose of operating, securing, and optimizing our website, but also to anonymously record the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. Based on this information, we can provide personalized and location-based content and analyse traffic, search for correct errors, and improve our services. This is also our legitimate interest according to Art 6. (1) p. 1f, DSVGO. We reserve the right to review the log data retrospectively if there is a justified suspicion of unlawful use based on concrete indications. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offense in connection with the use of our website.
3. Storage period
Unless specifically stated, we store personal data only as long as necessary to fulfil the purposes pursued. In some cases, the legislator provides for the retention of personal data, such as in tax or commercial law. In these cases, we only continue to store the data for these legal purposes, but do not process it in any other way and delete it after the legal retention period has expired.
4. Your rights as a person affected by data processing
According to the applicable laws, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by e-mail or by post, clearly identifying yourself, to the address mentioned in point 1. Below you will find an overview of your rights.
4.1 Right to confirmation and information
You have the right to receive clear information about the processing of your personal data. You have the right to receive confirmation from us at any time as to whether personal data relating to you is being processed. If this is the case, you have the right to request from us free information about the personal data stored about you, together with a copy of this data. Furthermore, you have the right to the following information:
1. The purpose of processing
2. The categories of personal data processed
3. The recipients or categories of recipients to whom the personal data have been or will be disclosed, in the case of recipients in third countries or international organizations
4. If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
5. The existence of a right to rectification or erasure of the personal data concerning you or to restriction of processing by the controller or a right to object to such processing
6. The existence of a right of appeal to a supervisory authority
7. If the personal data is not collected from you, any available information about the origin of the data
8. The existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for you. If personal data are transferred to a third country or to an international organization, you have the right to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.
4.2 Right to rectification
You have the right to demand that we correct any inaccurate personal data concerning you without undue delay. Considering the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.
4.3 Right to erasure (“right to be forgotten”)
Pursuant to Article 17(1) of the GDPR, you have the right to request that we delete personal data relating to you without undue delay, and we are obliged to delete personal data without undue delay, if one of the following reasons applies:
1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
2. You revoke your consent on which the processing was based pursuant to Art. 6 (1) p. 1 a) DSGVO or Art. 9 (2) a) DSGVO and there is no other legal basis for the processing. For the revocation of your consent, an informal communication by e-mail to the responsible person listed under point 1 is sufficient.
3. You object to the processing pursuant to Art. 21(1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) DSGVO.
4. The personal data have been processed unlawfully.
5. The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
6. The personal data has been collected in relation to information society services offered pursuant to Art. 8 (1) DSGVO. If we have made the personal data public and we are obliged to erase it pursuant to Art. 17 (1) DSGVO, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers that process the personal data that you have requested that they erase all links to or copies or replications of that personal data.
4.4 Right to restriction of processing
You have the right to request us to restrict processing if one of the following conditions is met:
1. The accuracy of the personal data is disputed by you, for a period of time that allows us to verify the accuracy of the personal data
2. The processing is unlawful, and you have refused to erase the personal data and have instead requested the restriction of the use of the personal data.
3. We no longer need the personal data for the purposes of processing, but you need the data for the assertion, exercise, or defence of legal claims; or
4. You have objected to the processing pursuant to Article 21 (1) DSGVO, as long as it has not yet been determined whether the legitimate reasons of our company prevail over yours.
4.5 Right to data portability
You have the right to receive, transmit, or have us transmit personal data concerning you in machine-readable form. In detail: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that.
1. The processing is based on consent pursuant to Art. 6 (1) p. 1 a) DSGVO or Art. 9 (2) a) DSGVO or on a contract pursuant to Art. 6 (1) p. 1 b) DSGVO and
2. The processing is carried out with the help of automated procedures. When exercising your right to data portability pursuant to paragraph 1, you have the right to obtain that the personal data be transferred directly from us to another controller, where technically feasible.
4.6 Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out based on Article 6 (1) sentence 1 e) or f) DSGVO. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise, or defend legal claims. If personal data are processed by us for the purpose of direct marketing, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) DSGVO, unless the processing is necessary for the performance of a task carried out in the public interest.
4.7 Right to revoke consent under data protection law
You have the right to revoke consent to the processing of personal data at any time.
4.8 Right to complain to a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in the Member State of your residence, workplace or the place of the alleged infringement, if you believe that the processing of personal data concerning you is unlawful.
5. Data security
We make maximum efforts to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities. We use SSL encryption (Secure Socket Layer). You can recognize this by the fact that in the address line http:// changes to https:// as well as a lock symbol appears in the line. However, we would like to point out that data transmission on the Internet (e.g., when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible. Even by e-mail, complete security of your data cannot be guaranteed. For this reason, you can always send us information by mail to the address listed under 1.