Privacy Policy

Switchboard

Phone number: +49 7071 29-0

General inquiries

E-mail address: service@med.uni-tuebingen.de

Postal address

Address: University Hospital
Tübingen
Postfach 2669
72016 Tübingen

Privacy policy

Introduction

Thank you for visiting our website. The University Hospital Tübingen (hereinafter referred to as "UKT", "we" or "us") attaches great importance to the security of user data and compliance with data protection regulations. We would like to inform you below about the processing of your personal data on our website.

Data protection at the clinic

If you would like to find out more about data protection in the hospital itself or specific areas of processing:

Data protection at the clinic

Data protection team of the clinic

If you would like to go directly to the UKT data protection team page:

Data protection unit

Please note: Insofar as UKT institutions offer their own websites (within the uni-tuebingen.de domain or completely separately), supplementary or separate data protection declarations may provide information on the possible deviating processing of personal data on the pages available there when the pages are accessed. This is also the case if pages from other providers are integrated into this website (e.g. with so-called "iframes").

Responsible person and data protection officer

Definitions

The technical terms used in this privacy policy are to be understood as legally defined in Art. 4 GDPR.

Notes on data processing

Automated data processing (log files etc.)

Our website can be visited without actively entering personal data. However, we automatically save access data (server log files) each time the website is accessed, such as the name of the Internet service provider, the operating system used, the website from which the user visits us, the date and duration of the visit or the name of the requested file, as well as the IP address of the end device used for security reasons, e.g. to detect attacks on our website. This data is evaluated exclusively to improve our offer and does not allow any conclusions to be drawn about the person of the user. This data is not merged with other data sources.

We process and use the data for the following purposes: provision of the website, improvement of our website, prevention and detection of errors/malfunctions and misuse of the website.



Legal basis:

Legitimate interest, pursuant to Art. 6 para. 1 lit. f) GDPR
Legitimate interests:
Ensuring the functionality and error-free and secure operation of the website and adapting this website to the requirements of users.

Use of cookies (general, how they work, opt-out links, etc.)

Use of cookies (general, how they work, opt-out links, etc.)

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on our website. The use of cookies serves our legitimate interest in making your visit to our website as pleasant as possible and is based on Art. 6 para. 1 lit. f) GDPR. Cookies are a standard internet technology for storing and retrieving login and other usage information for all users of the website. Cookies are small text files that are stored on the end device. Among other things, they enable us to save user settings so that our website can be displayed in a format tailored to the user device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing the browser (so-called session cookies). Other cookies remain on the user's device and enable us or our partner companies to recognize the browser on the next visit (persistent cookies).

The browser can be set so that the user is informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Cookies can also be deleted retrospectively in order to remove data that the website has stored on the user's computer. The deactivation of cookies (so-called opt-out) can lead to some restrictions in the functionality of our website.



Categories of data subjects:

Website visitors, users of online services
Opt-Out:

Internet Explorer:

https:// support.microsoft.com/de-de/help/17442

Firefox:

https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome:

https:// support.google.com/chrome/answer/95647?hl=de

Safari

https:// support.apple.com/de-de/HT201265


Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR)
The relevant legal basis is specifically named in the corresponding tool.
Legitimate interests:
Storage of opt-in preferences, presentation of the website, ensuring the functionality of the website, maintaining user status across the entire website, recognition for next website visitors, user-friendly online offering, ensuring chat function


Web analysis and optimization

Web analysis and optimization

We use tools for web analysis and reach measurement so that we can evaluate visitor flows on our website. For this purpose, we collect information about the behavior, interests or demographic information of our visitors, such as age, gender or similar. This helps us to recognize at what time our online offer, its functions or content are most frequented or invite repeated visits. We can also use the information collected to determine whether our online offering needs to be optimized or adapted.

The information collected for this purpose is stored in cookies or similar procedures and is used for range measurement and optimization. The data stored in the cookies may include content viewed, online presences visited, settings and functions and systems used. As a rule, however, no clear user data is processed for the purposes described. In this case, the data is modified in such a way that neither we nor the provider of the tool used know the actual identity of the user. The data modified in this way is often stored in user profiles.



Categories of data subjects:

Website visitors, users of online services
Data categories:
User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), contact data (e.g. email address, telephone number), content data (e.g. text details, photographs, videos)
Purposes of the processing:
Website analysis, reach measurement, utilization and evaluation of website interaction, lead evaluation
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR)
Legitimate interests:
Optimization and further development of the website, customer retention and acquisition

Social media presence

Social media presence

We maintain online presences on social networks and career platforms in order to exchange information with the users registered there and to be able to contact them easily.

In some cases, user data on social networks is used to conduct market research and for advertising purposes. User profiles can be created and used to tailor advertisements to the interests of target groups based on the usage behavior of users, for example by specifying their interests. Cookies are regularly stored on users' end devices for this purpose, in some cases regardless of whether they are registered users of the social network.

Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This may result in risks for users, for example because it makes it more difficult to enforce their rights.



Categories of data subjects:

Registered users and non-registered users of the social network
Data categories:
Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text details, photographs, videos), usage data (e.g. websites visited, interests, access times), meta and communication data (e.g. device information, IP address)
Purposes of the processing:
Expansion of reach, networking
Legal bases:
Legitimate interests (Art. 6 para. 1 lit. f) GDPR), consent (Art. 6 para. 1 lit. a) GDPR)
Legitimate interests:
Interaction and communication on social media presence, profit increase, insights into target groups

Plug-ins and integrated third-party content

Plug-ins and integrated third-party content

We have integrated functions and content obtained from third-party providers into our online offering. For example, videos, presentations, buttons or contributions (hereinafter referred to as content ) may be integrated.

In order to display content to visitors to our website, the respective third-party provider processes, among other things, the IP address of the user so that the content can be transmitted to the browser and displayed. It is not possible to display third-party content without this processing operation.

In some cases, additional information is collected via so-called pixel tags or web beacons, whereby the third-party provider receives information about the use of the content or visitor traffic on our online offer, technical information about the user's browser or operating system, the time of the visit or referring websites. The data obtained in this way is stored in cookies on the user's end device.



Categories of data subjects:

Users of the plug-in or integrated third-party content
Data categories:
Usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, IP address), contact data (e.g. email address, telephone number), master data (e.g. name, address)
Purposes of the processing:
Designing our online offering, increasing the reach of advertisements in social media, sharing posts and content, interest- and behavior-based marketing, cross-device tracking, online appointment booking
Legal basis:
Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Data transmission

Data transfer

If your data is processed outside the EU/EEA, in so-called third countries (e.g. USA), we ensure that this is done in accordance with the requirements of Art. 44 et seq. GDPR. We take additional measures to ensure the highest possible level of protection for the personal data of data subjects. The guarantee applicable to the third country transfer is specified in our privacy policy for the respective recipients.

Storage duration

Storage period

We generally store the data of visitors to our website for as long as is necessary to provide our service or if this has been provided for by the European legislator or another legislator in laws or regulations to which we are subject. In all other cases, we delete the personal data after the purpose has been fulfilled, with the exception of data that we must continue to store in order to fulfill legal obligations (e.g. we are obliged to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).

Automated decision making

Automated decision-making

We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.

Legal basis

Legal bases

The relevant legal bases are primarily derived from the GDPR. These are supplemented by national laws of the member states and may apply together with or in addition to the GDPR.



Consent:

Art. 6 para. 1 lit. a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.
Performance of a contract:
Art. 6 para. 1 lit. b) GDPR serves as the legal basis for processing operations that are necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation:
Art. 6 para. 1 lit. c) GDPR serves as the legal basis for processing operations which are necessary for compliance with a legal obligation.
Vital interests:
Art. 6 para. 1 lit. d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
Public interest:
Art. 6 para. 1 lit. e) GDPR serves as the legal basis for processing operations that are necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Legitimate interest:
Art. 6 para. 1 lit. f) GDPR serves as the legal basis for processing that is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Rights of data subjects

Rights of the data subject

You have the right to information about the personal data we process about you.

In the case of a request for information that is not made in writing, we ask for your understanding that we may then require you to provide proof of your identity.

Furthermore, you have a right to rectification or erasure or to restriction of processing, insofar as you are legally entitled to do so.

You also have the right to object to processing within the scope of the statutory provisions. The same applies to the right to data portability.

In all these cases, please contact the UKT data protection officer by post or by e-mail at

datenschutz@med.uni-tuebingen.de

Right to lodge a complaint

You have the right to complain about the processing of your personal data by us to the competent supervisory authority for data protection.

Contact:

State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg,

P.O. Box 10 29 32, 70025 Stuttgart

0711 615541-0

Poststelle@lfdi.bwl.de

Revocation

Revocation

Some data processing operations are only possible with the express consent of the data subject. You have the option of withdrawing your consent at any time without giving reasons. All you need to do is send us an informal message or email to dsb@med.uni-tuebingen.de. Consent to data processing operations on our online offering can be adjusted or revoked directly in our [Consent Manager]. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Changes

Changes

We reserve the right to adapt this data protection information at any time in the event of changes to our online offer and in compliance with the applicable data protection regulations so that it complies with the legal requirements.

Certificates and Associations