Privacy policy
For the internet presence of the University Hospital Tübingen under the domain https://www.medizin.uni-tuebingen.de
Privacy Policy
Privacy policy
Introduction
Thank you for visiting our website. The University Hospital Tübingen (hereinafter referred to as "UKT", "we" or "us") attaches great importance to the security of user data and compliance with data protection regulations. We would like to inform you below about the processing of your personal data on our website.
Data protection at the clinic
If you would like to find out more about data protection in the hospital itself or specific areas of processing:
Data protection at the clinicData protection team of the clinic
If you would like to go directly to the UKT data protection team page:
Data protection unitPlease note: Insofar as UKT institutions offer their own websites (within the uni-tuebingen.de domain or completely separately), supplementary or separate data protection declarations may provide information on the possible deviating processing of personal data on the pages available there when the pages are accessed. This is also the case if pages from other providers are integrated into this website (e.g. with so-called "iframes").
Overview of data processing on this website
Responsible person and data protection officer
Responsible for the processing
University Hospital Tübingen
Geissweg 3
72076 Tübingen
Data Protection Officer
Sven Sender
Geissweg 3
72076 Tübingen
Definitions
The technical terms used in this privacy policy are to be understood as legally defined in Art. 4 GDPR.
Notes on data processing
Automated data processing (log files etc.)
Our website can be visited without actively entering personal data. However, we automatically save access data (server log files) each time the website is accessed, such as the name of the Internet service provider, the operating system used, the website from which the user visits us, the date and duration of the visit or the name of the requested file, as well as the IP address of the end device used for security reasons, e.g. to detect attacks on our website. This data is evaluated exclusively to improve our offer and does not allow any conclusions to be drawn about the person of the user. This data is not merged with other data sources.
We process and use the data for the following purposes: provision of the website, improvement of our website, prevention and detection of errors/malfunctions and misuse of the website.
Legal basis: | Legitimate interest, pursuant to Art. 6 para. 1 lit. f) GDPR |
| Legitimate interests: | Ensuring the functionality and error-free and secure operation of the website and adapting this website to the requirements of users. |
Consent Management Tool
Consent management tool
We use a consent management process on our website in order to be able to store and manage the consent given by visitors to our website in a verifiable manner in accordance with the requirements of the GDPR. At the same time, visitors to our website can use the service we have integrated to manage the consent and preferences they have given or withdraw their consent.
The consent status is stored on the server and/or in a cookie (so-called opt-in cookie) or a comparable technology in order to be able to assign the consent to a user or their device. The time of the declaration of consent is also recorded.
Categories of data subjects: | Website visitors who use the Consent Management Tool |
| Data categories: | User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses) |
| Purposes of processing: | Fulfillment of accountability obligations, consent management |
| Legal bases: | Legal obligation (Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 7 GDPR). Art. 7 GDPR) |
Use of cookies (general, how they work, opt-out links, etc.)
Use of cookies (general, how they work, opt-out links, etc.)
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on our website. The use of cookies serves our legitimate interest in making your visit to our website as pleasant as possible and is based on Art. 6 para. 1 lit. f) GDPR. Cookies are a standard internet technology for storing and retrieving login and other usage information for all users of the website. Cookies are small text files that are stored on the end device. Among other things, they enable us to save user settings so that our website can be displayed in a format tailored to the user device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing the browser (so-called session cookies). Other cookies remain on the user's device and enable us or our partner companies to recognize the browser on the next visit (persistent cookies).
The browser can be set so that the user is informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Cookies can also be deleted retrospectively in order to remove data that the website has stored on the user's computer. The deactivation of cookies (so-called opt-out) can lead to some restrictions in the functionality of our website.
Categories of data subjects: | Website visitors, users of online services |
| Opt-Out: | Internet Explorer: https:// support.microsoft.com/de-de/help/17442 Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen Google Chrome: https:// support.google.com/chrome/answer/95647?hl=de Safari https:// support.apple.com/de-de/HT201265 |
| Legal basis: | Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR) The relevant legal basis is specifically named in the corresponding tool. |
| Legitimate interests: | Storage of opt-in preferences, presentation of the website, ensuring the functionality of the website, maintaining user status across the entire website, recognition for next website visitors, user-friendly online offering, ensuring chat function |
Web analysis and optimization
Web analysis and optimization
We use tools for web analysis and reach measurement so that we can evaluate visitor flows on our website. For this purpose, we collect information about the behavior, interests or demographic information of our visitors, such as age, gender or similar. This helps us to recognize at what time our online offer, its functions or content are most frequented or invite repeated visits. We can also use the information collected to determine whether our online offering needs to be optimized or adapted.
The information collected for this purpose is stored in cookies or similar procedures and is used for range measurement and optimization. The data stored in the cookies may include content viewed, online presences visited, settings and functions and systems used. As a rule, however, no clear user data is processed for the purposes described. In this case, the data is modified in such a way that neither we nor the provider of the tool used know the actual identity of the user. The data modified in this way is often stored in user profiles.
Categories of data subjects: | Website visitors, users of online services |
| Data categories: | User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), contact data (e.g. email address, telephone number), content data (e.g. text details, photographs, videos) |
| Purposes of the processing: | Website analysis, reach measurement, utilization and evaluation of website interaction, lead evaluation |
| Legal basis: | Consent (Art. 6 para. 1 lit. a) GDPR) |
| Legitimate interests: | Optimization and further development of the website, customer retention and acquisition |
Google Analytics
| Service used: | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
Privacy Policy: | https://policies.google.com/privacy?hl=de&gl=de |
| Opt-out link: | https:// tools.google.com/dlpage/gaoptout?hl=de or |
| Guarantee third country transfer: | Based on the adequacy decision of the European Commission for the country USA |
Social media presence
Social media presence
We maintain online presences on social networks and career platforms in order to exchange information with the users registered there and to be able to contact them easily.
In some cases, user data on social networks is used to conduct market research and for advertising purposes. User profiles can be created and used to tailor advertisements to the interests of target groups based on the usage behavior of users, for example by specifying their interests. Cookies are regularly stored on users' end devices for this purpose, in some cases regardless of whether they are registered users of the social network.
Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This may result in risks for users, for example because it makes it more difficult to enforce their rights.
Categories of data subjects: | Registered users and non-registered users of the social network |
| Data categories: | Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text details, photographs, videos), usage data (e.g. websites visited, interests, access times), meta and communication data (e.g. device information, IP address) |
| Purposes of the processing: | Expansion of reach, networking |
| Legal bases: | Legitimate interests (Art. 6 para. 1 lit. f) GDPR), consent (Art. 6 para. 1 lit. a) GDPR) |
| Legitimate interests: | Interaction and communication on social media presence, profit increase, insights into target groups |
Service used: | Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland |
| Privacy policy: | https:// help.instagram.com/519522125107875 and |
| Opt-out link: | https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/ |
| Guarantee third country transfer: | Based on the adequacy decision of the European Commission for the country USA |
Service used: | Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland |
| Privacy policy: | https:// www.facebook.com/privacy/explanation and https://www.facebook.com/legal/terms/page_controller_addendum |
| Opt-out link: | https://www.facebook.com/policies/cookies/ |
| Guarantee third country transfer: | Based on the adequacy decision of the European Commission for the country USA |
Service used: | LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA |
| Privacy policy: | https://www.linkedin.com/legal/privacy-policy |
| Opt-out link: | https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out |
| Guarantee third country transfer: | Based on the adequacy decision of the European Commission for the country USA |
YouTube
Service used: | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Privacy Policy: | https://policies.google.com/privacy?hl=de&gl=de |
| Opt-out link: | https:// tools.google.com/dlpage/gaoptout?hl=de or |
| Guarantee third country transfer: | Based on the adequacy decision of the European Commission for the country USA |
Service used: | New Work SE, Am Strandkai 1, 20457 Hamburg, Germany |
| Data protection: |
TikTok
Service used: | TikTok Technology Limited, The Sorting Office, Ropemaker Place, Dublin 2, Dublin, D02 HD23, Ireland. |
| Privacy Policy: |
Plug-ins and integrated third-party content
Plug-ins and integrated third-party content
We have integrated functions and content obtained from third-party providers into our online offering. For example, videos, presentations, buttons or contributions (hereinafter referred to as content ) may be integrated.
In order to display content to visitors to our website, the respective third-party provider processes, among other things, the IP address of the user so that the content can be transmitted to the browser and displayed. It is not possible to display third-party content without this processing operation.
In some cases, additional information is collected via so-called pixel tags or web beacons, whereby the third-party provider receives information about the use of the content or visitor traffic on our online offer, technical information about the user's browser or operating system, the time of the visit or referring websites. The data obtained in this way is stored in cookies on the user's end device.
Categories of data subjects: | Users of the plug-in or integrated third-party content |
| Data categories: | Usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, IP address), contact data (e.g. email address, telephone number), master data (e.g. name, address) |
| Purposes of the processing: | Designing our online offering, increasing the reach of advertisements in social media, sharing posts and content, interest- and behavior-based marketing, cross-device tracking, online appointment booking |
| Legal basis: | Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR) |
YouTube
Service used: | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Privacy Policy: | https://policies.google.com/privacy?hl=de&gl=de |
| Opt-out link: | https:// tools.google.com/dlpage/gaoptout?hl=de or |
| Guarantee third country transfer: | Based on the adequacy decision of the European Commission for the country USA |
Google Maps
Service used: | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Privacy Policy: | https://policies.google.com/privacy?hl=de&gl=de |
| Opt-out link: | https:// tools.google.com/dlpage/gaoptout?hl=de or |
| Guarantee third country transfer: | Based on the adequacy decision of the European Commission for the country USA |
Google ReCaptcha
Service used: | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Privacy Policy: | https://policies.google.com/privacy?hl=de&gl=de |
| Opt-out link: | https:// tools.google.com/dlpage/gaoptout?hl=de or |
| Guarantee third country transfer: | Based on the adequacy decision of the European Commission for the country USA |
| Legitimate interests: | Protection from spambots |
Digital Infusion
Service used: | Digital Infusion GmbH, c/o Minddistrict GmbH, Schumannstraße 9, 10117 Berlin, Germany |
| Data protection: |
samedi
Service used: | samedi GmbH, Rigaer Str. 44, 10247 Berlin, Germany |
| Data protection: | https://legal.samedi.de/for_patients/privacy_policy_in_general/ |
Data transmission
Data transfer
If your data is processed outside the EU/EEA, in so-called third countries (e.g. USA), we ensure that this is done in accordance with the requirements of Art. 44 et seq. GDPR. We take additional measures to ensure the highest possible level of protection for the personal data of data subjects. The guarantee applicable to the third country transfer is specified in our privacy policy for the respective recipients.
Storage duration
Storage period
We generally store the data of visitors to our website for as long as is necessary to provide our service or if this has been provided for by the European legislator or another legislator in laws or regulations to which we are subject. In all other cases, we delete the personal data after the purpose has been fulfilled, with the exception of data that we must continue to store in order to fulfill legal obligations (e.g. we are obliged to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).
Automated decision making
Automated decision-making
We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.
Legal basis
Legal bases
The relevant legal bases are primarily derived from the GDPR. These are supplemented by national laws of the member states and may apply together with or in addition to the GDPR.
Consent: | Art. 6 para. 1 lit. a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose. |
| Performance of a contract: | Art. 6 para. 1 lit. b) GDPR serves as the legal basis for processing operations that are necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. |
| Legal obligation: | Art. 6 para. 1 lit. c) GDPR serves as the legal basis for processing operations which are necessary for compliance with a legal obligation. |
| Vital interests: | Art. 6 para. 1 lit. d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person. |
| Public interest: | Art. 6 para. 1 lit. e) GDPR serves as the legal basis for processing operations that are necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. |
| Legitimate interest: | Art. 6 para. 1 lit. f) GDPR serves as the legal basis for processing that is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. |
Rights of data subjects
Rights of the data subject
You have the right to information about the personal data we process about you.
In the case of a request for information that is not made in writing, we ask for your understanding that we may then require you to provide proof of your identity.
Furthermore, you have a right to rectification or erasure or to restriction of processing, insofar as you are legally entitled to do so.
You also have the right to object to processing within the scope of the statutory provisions. The same applies to the right to data portability.
In all these cases, please contact the UKT data protection officer by post or by e-mail at
datenschutz@med.uni-tuebingen.de
Right to lodge a complaint
You have the right to complain about the processing of your personal data by us to the competent supervisory authority for data protection.
Contact:
State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg,
P.O. Box 10 29 32, 70025 Stuttgart
Revocation
Revocation
Some data processing operations are only possible with the express consent of the data subject. You have the option of withdrawing your consent at any time without giving reasons. All you need to do is send us an informal message or email to dsb@med.uni-tuebingen.de. Consent to data processing operations on our online offering can be adjusted or revoked directly in our [Consent Manager]. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
External links
External links
Our website contains links to the online offerings of other providers. We hereby point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.
Changes
Changes
We reserve the right to adapt this data protection information at any time in the event of changes to our online offer and in compliance with the applicable data protection regulations so that it complies with the legal requirements.
Certificates and Associations
Focus: Top National Hospital 2025
Stern: Germany's Outstanding Employers in Nursing 24/25
Quality partnership with the PKV
Family as a success factor
Pension provision for the public sector
