1. Privacy notice
General information
The following information provides a basic overview of what happens to your personal data when visiting this website. Personal data comprise any information relating to an identified or identifiable natural person. This includes, for example, information such as name, address, occupation, email address, state of health, income, marital status, genetic characteristics, telephone number and, where applicable, user data such as the IP address. You will find detailed information about data protection in the privacy notice below.
Controller (Art. 4 No. 7 GDPR)
The controller responsible for the processing of your personal data regarding the use of the website www.ina.gematik.de (hereinafter website) is the gematik GmbH, Friedrichstr. 136, 10117 Berlin, Germany (hereinafter “we“ or “controller“), represented by the management. Contact information of the controller:
Telephone: +49 30 400 41-0
Fax: +49 30 400 41-111
Email: info[at]gematik(dot)de
Data protection officer
We have appointed a data protection officer. You can reach them at datenschutz[at]gematik(dot)de.
Objections
Should you wish to object to our processing of your data as a whole or concerning individual measures in accordance with this privacy policy, you can do so by using the contact details provided in the legal notice. Please note that in the event of such an objection, the use of the website and the retrieval of the services offered here may only be possible to a limited extent or not at all.
2. Purpose of data processing, legal basis, provision and storage period
Accessing and using the website
Every time the website and its subpages are accessed, user data are transmitted by the respective internet browser and stored in log files (server log files). The stored data records contain the following data:
- date and time of access
- name of the subpage accessed
- IP address
- referrer URL (original URL from which you accessed the website)
- amount of data transferred
- product and version information of the browser used
The log files are analysed by us in anonymised form to further improve the website and make it more user-friendly, to find and correct errors more quickly and to manage server capacity. For instance, it is possible for the operator to determine at which time the website is particularly popular in order to provide the according data volume.
This processing is lawful under Art. 6 para. 1 f) GDPR (legitimate interest). Our legitimate interest lies in providing a website with information and offering services to our customers as well as in optimising the operation of the website. Providing the data is neither a legal nor a contractual obligation. If the data is not provided, we are unable to use it to optimise the operation of the website.
Your IP address will be deleted or anonymised after you have stopped using the website. Anonymisation means that IP addresses are changed in such a way that they can no longer – or only with a disproportionate amount of time, cost and effort – be assigned to a specific or specifiable / identified or identifiable natural person.
Contact form and click-to-email
If you would like to get in touch with us, there is a contact form available. To use it, you must provide the following information:
- First name
- Surname
- Email address
- Subject
- Message
In some instances on the website, you also have the possibility to open an email addressed to us with just one click. The email address linked to your email programme is automatically used as sender. If you do not wish for your email address to be retrieved in this manner, you can adjust the settings of your email application.
This processing is lawful under Art. 6 para. 1 b) GDPR (contract or pre-contractual measure). Providing your data is necessary, otherwise you are unable to send us a message and your request cannot be processed.
Personal data processed are deleted after the statutory retention period has ended, unless we have a legitimate interest in continuing to store them. In any case, only data which are absolutely necessary to fulfil the relevant purpose will continue to be stored.
Use of cookies
We use so-called cookies. These are small data packets that generally consist of letters and numbers and are stored on a browser when you visit certain websites. Cookies allow the website to recognise your browser, to follow you through various sections of the website as you browse and to identify you when you return to the website. Cookies do not contain any data identifying you personally, but the information stored by the operator about you can be linked to the data obtained from and stored in the cookies.
Information we receive from you through the use of cookies can be processed for the following purposes:
- Recognising the user's computer when visiting the website
- Tracking the user's browsing activity on the website
- Improving the user-friendliness of the website
- Analysing the use of the website
- Operating the website
- Preventing fraud and improving the security of the website
- Customising the website according to the needs of users
Cookies do not cause any damage to a browser. They do not contain viruses and do not allow the operator to spy on you. Two types of cookies are used:
- Temporary cookies are automatically deleted by closing your browser (session cookies).
- Persistent cookies, on the other hand, have a longer lifespan. This type of cookie makes it possible for you to be recognised when you return to the website after leaving it.
With the help of cookies, we are able to track your usage behaviour for the above-mentioned purposes and to the corresponding extent. They also serve to optimise your browsing experience on our website. These data are also only collected in anonymised form. Placing cookies is lawful when processing is necessary to transmit messages or to provide a digital service (§ 25 para. 2 TDDDG). Furthermore, placing cookies is only permitted with your consent (§ 25 para. 1 TDDDG). Processing either takes place automatically or providing your personal data is voluntary.
You may change your cookie settings at any time via the following link:
https://www.ina.gematik.de/en/legal/privacy-policy. To do so, simply click the button “change privacy settings”.
Application for the IOP expert circle
You may also apply for the IOP expert circle via the contact form on our website.
Where there is an option to attach documents they will be directly transferred to the competence centre. Alternatively, the competence centre will contact you through the email address you provided in order to obtain the necessary documents.
Within three weeks at most, the competence centre examines the application for fulfilment of the necessary criteria (see GVO annex 5.1) and submits qualified applications to the expert panel for inspection. Within no more than six weeks of reviewing the qualified applications, the expert panel will make a decision concerning the admission to the IOP expert circle. The competence centre will inform you of your acceptance within no more than one week of the expert panel's decision. In case of rejection, the expert will also be informed of the decision of the expert panel by the competence centre within one week at most, stating the reasons for the rejection. In case of rejection, your data will be deleted within 14 days.
Once an expert has been confirmed, admittance into the IOP expert circle on the knowledge platform takes place within two weeks. The new expert ensures that their profile is published on the knowledge platform within three weeks and is obligated to keep it up to date. The competence centre checks the publication of the profile and the information it contains. Should any changes be necessary, the competence centre will inform the expert and ask them to implement these changes.
Should you have any questions concerning the application process or individual steps within the process, do not hesitate to contact us via the mailbox KIG[at]gematik(dot)de.
We process your data for the purpose of implementing the application process and in order to respond to your message. As such, this processing is lawful under § 26 BDSG in conjunction with Art. 6 para. 1 b) GDPR as well as Art. 6 para. 1 f) (legitimate interest). The focus of this processing lies on assessing your capabilities and qualifications, digitalising documents as well as optimising current operational procedures. If you do not provide the requested information and documents, we are unable to consider your application.
Usercentrics
We use the consent management platform Usercentrics provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany, in order to obtain your consent to the storage of cookies on your end device aa well as to document these in conformity with data protection regulations.
When you visit the website, the following personal data, among others, are transferred to Usercentrics:
- Your consent or your withdrawal of consent
- Your IP address
- Information on your browser
- Information on your end device
- Referrer-URL (original URL from which you accessed the website)
- Date and time of your visit on our website
Usercentrics also stores a cookie on your browser in order to be able to assign to you any consent you have given or withdrawn.
Processing is lawful under Art. 6 para. 1 f) GDPR (legitimate interest). Our legitimate interest lies in the lawful documentation and verifiability of consent, the implementation of marketing measures based on the consent given and the optimisation of consent rates.
Your personal data will be stored until you ask us to delete the Usercentrics cookie, until you delete it yourself or the purpose of the data storage becomes obsolete. Mandatory statutory retention periods remain unaffected by this.
Usercentrics stores the transmitted data on a Google Cloud server based in the EU (Brussels, Frankfurt am Main). However, it cannot be ruled out that the data may be transmitted to the US and could be accessed by security authorities there.
You can find further information on data processing at Usercentrics at: https://usercentrics.com/privacy-policy/.
Use of Google Analytics / Google Tag Manager
We use the web analytics service Google Analytics provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This service uses the cookies described above, for example to record information on your operating system, your IP address, the previously opened website as well as date and time of your visit on our website. The information produced by the cookies concerning the use of the website are transferred to a Google server in Ireland and stored there. The data may also be transmitted to the US. Data transfers to a third country such as the US are lawful under the conditions of Article 46 GDPR and based on the standard contractual clauses effectively included in the contractual relationship with Google. These have been approved by the European Commission and guarantee an adequate protection of your personal data. In addition, Google is certified for the EU-US Privacy Framework. You can obtain further information on this directly from Google: https://policies.google.com/privacy/frameworks?hl=en-US.
Google will use this information to analyse the use of the website, to compile reports about the website activities for us and to provide further services connected with the website and internet use.
If required by law or if third parties process the data on behalf of Google, Google will also share this information with these third parties. This use is anonymised and pseudonymised. You can obtain further information on this directly from Google https://policies.google.com/privacy?hl=en.
When using Google Analytics, no direct personal data are stored, only the internet protocol address. This information is used to automatically recognise you during your next visit to our website and to simplify navigation for you.
For optimal implementation of Google Analytics, we use the Google Tag Manager, also provided by Google Ireland Limited. With the help of this service, the so-called tracking code (“tag”) can be integrated into the source code of the website so that every time a page is accessed, the integrated tag is “triggered” and the data described above can be sent to Google Analytics. In this context, Google may also process personal data (such as the IP address). This processing may also take place in the US (see above). If you have deactivated Google Analytics, the deactivation remains in place for all tracking tags concerned that are integrated into the Google Tag Manager.
Regarding access to the end device, this processing is lawful under § 25 para. 1 TDDDG (consent). Analysing your data (further processing) is lawful based on Art. 6 para. 1 a) GDPR (consent). You may withdraw your consent at any time with effect for the future via the following link https://www.ina.gematik.de/en/legal/privacy-policy below our privacy notice by clicking on the button “change privacy settings”.
Providing the data is neither a legal obligation nor is it necessary to conclude a contract. If the data is not provided it prevents the use of the tool.
The personal data collected through the use of the tracking tool are deleted unless the controller has a legitimate interest in further storage. In any case, only data absolutely necessary to fulfil the relevant purpose will continue to be stored. Where possible, personal data are anonymised.
YouTube
We use videos from Youtube on the website. YouTube is a service provided by YouTube LLC (“YouTube”), 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When watching a Youtube video, personal data are transmitted to the Youtube servers as a service of Google with headquarters in the US. By visiting the website, Youtube receives the information that you have accessed the corresponding subpage of our website. Further information concerning the use of the website (e.g. date and time of access, IP address etc.) may also be transferred to and stored on Google servers (possibly in a third country such as the US). This occurs regardless of whether Youtube provides a user account on which you are logged in or if there is no user account. Data transfers to a third country such as the US are lawful under the conditions of Art. 46 GDPR and based on the standard contractual clauses effectively included in the contractual relationship with Google. These have been approved by the European Commission and guarantee an adequate protection of your personal data. In addition, Google is certified for the EU-US Privacy Framework. You can obtain further information on this directly from Google: https://policies.google.com/privacy/frameworks?hl=en-US.
The data are used by Google for purposes of advertising, market research and/or customised design of its website. It is possible that a link is made to your user account if you are logged in. If you do not wish for this to happen, you need to log out before using the website. Google's terms of use and privacy policy apply (see above).
We use Youtube videos to provide you with videos on various topics. Regarding access to the end device, this processing is lawful under § 25 para. 1 TDDDG (consent). Further processing as well as the analysis of your data is lawful under Art. 6 para. 1 a) GDPR (consent). You may give your consent to the use of Youtube by clicking on “accept” in the overlay window. As such, the use of Youtube is not obligatory.
You may revoke your consent at any time with effect for the future via the following link https://www.ina.gematik.de/en/legal/privacy-policy below our privacy notice by clicking “change privacy settings”.
Providing the data is neither a legal obligation nor is it necessary to conclude a contract. If you do not provide the data, you may only be able to use our website to a limited extent or not at all.
Your rights
You have the following rights: You have the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR).
You also have the right to contact a supervisory authority at any time (Art. 77 GDPR).
If your personal data is processed based on Art. 6 para. 1 f) GDPR, you have the right to object if there are reasons for this arising from your particular situation or if the objection concerns direct advertising (Art. 21 GDPR). If you object to direct advertising, we will no longer send you any advertisement.
You can revoke consent given to us at any time with effect for the future. However, this has no influence on the data processing carried out up to that point based on this consent.
Recipients
The data collected when you access and use the website as well as the information you provide when contacting us are transmitted to us and stored by us. Your data may also be passed on to the following categories of recipients:
- Organisational structures as well as employees of the controller who are involved in processing (e.g. customer service)
- Processors (e.g. IT service providers, website host)
- Contract partners
Links to third party sites
When you visit the website, content which is linked to third-party websites may be displayed. Neither do we have access to the cookies or other functions used by third-party sites, nor can we control them. Such third-party sites are not subject to our data protection regulations.