Data protection regulations for informedhealth.org

A. Introduction

We are committed to protecting your privacy. These data protection regulations describe how we handle your personal data when you visit our websites and make any entries, as well as how we manage the information that we receive from you through your visit and your entries which makes it possible to identify you.

As regards the collection, use and processing of your personal data, IQWiG complies with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

When you use our website, your computer transmits your IP address to our computers based on the internet protocol (IP). Our computers require this address to send you the content that you request by visiting our website. After your visit, we save these IP addresses and then delete them within 14 days. These 14 days allow us to find out what has happened in the event of any error messages. We do not save these IP addresses together with other personal data.

B. Detailed information

In the following you will find detailed information about how we manage personal data.

1. External hosting

Our websites are hosted by an external service provider. The hosting agency gains knowledge of the data collected on this website. This data is not processed or shared with any third parties. The data are not saved, with the exception of the complete, non-anonymized IP addresses, which are used for the purposes of error analysis and then deleted after 14 days.

We selected the hosting agency carefully and have required them to handle your data in such a way that conforms with data protection by contract.

2. Our individual websites

On this website, personal data are collected via etracker, via a contact details form (2.1), via the option to make a recommendation to someone else via e-mail (2.2), and when subscribing to the newsletter (2.3).

2.1 Contact form

The following data are collected: E-mail address, query text.

The data are collected on the basis of a legitimate interest in accordance with art. 6 para. 1f of the GDPR; the processing of a recommendation is only possible if the contact data of the person making the query are available. The personal data will not be shared with any third parties.

The data are collected, processed and saved in the following procedure: Entry of a query and a contact e-mail address (required field) in the contact details form; forwarding of data via e-mail to the address info@gesundheitsinformation.de / info@informedhealth.org, query answered from this address

The data are deleted within 30 days of the response to the query, and the deletion is logged.

2.2 Recommendation of website content (e.g. health information)

The following data are collected: E-mail addresses of the sender and the recipient

The data are collected on the basis of a legitimate interest in accordance with art. 6 para. 1f of the GDPR; the processing of a recommendation is only possible if the contact data of the person making the recommendation and the receiver are available. The personal data will not be shared with any third parties.

The data are collected, processed and saved in the following procedure: Sending of the message; No processing or saving is carried out, so there is no need for deletion.

2.3 Newsletter subscriptions

The following data are collected: Email address

The data are collected on the basis of consent in accordance with art. 6 para. 1a  of the GDPR. The personal data will not be shared with any third parties.

The data are collected, processed and saved as follows: Entry of a newsletter request and a contact e-mail address (required field) in the contact details form, sending of an e-mail to the provided e-mail address with a verification link (double opt-in, documentation of the date of confirmation)

Newsletter subscription data are deleted after the newsletter has been unsubscribed and the user profile is inactive within one quarter. The newsletter e-mails are automatically sent after 4 weeks. The deletion is recorded in a log. 

3. Facebook, Twitter, Google+

On our websites we use recommendation buttons for the social networks Facebook, Twitter and Google+. By using these buttons it’s possible for members of these networks to share an article or page from our websites in their profile or to follow us in the respective network. We do not transfer any data to these social networks, nor do we receive any data from them. However, when these network buttons are activated, they can analyze the movements on our pages (provided that the user is logged in to the respective social network). You can find more information about this in the data protection statements provided by Facebook, Twitter and Google+.

If you do not want your data to be collected by Facebook, Twitter and Google+, we recommend logging out of the respective network and deleting the cookies prior to visiting our website.

C. Contact details

1. Website operator

Foundation for Quality and Efficiency in Health Care (Stiftung für Qualität und Wirtschaftlichkeit im Gesundheitswesen), a private law foundation with legal capacity

Location: Wegelystraße 8, 10623 Berlin, Germany

Postal/Contact address: Im Mediapark 8, 50670 Cologne (Germany)

Tel: +49 (0)221 35685-0
Fax: +49 (0)221 35685-1
E-mail: info@iqwig.de

The Foundation is the governing body of the Institute for Quality and Efficiency in Health Care (Institut für Qualität und Wirtschaftlichkeit im Gesundheitswesen or IQWiG, Germany).

2. Responsible party

Officer responsible for the processing of the personal data of visitors to the websites referred to here:

Institute for Quality and Efficiency in Health Care (IQWiG, Germany)

Postal address: IQWiG, Data Protection Officer (Datenschutzbeauftragter), Im Mediapark 8, 50670 Cologne, Germany

Tel: +49 (0)221 35685-0
Fax: +49 (0)221 35685-1
E-mail: datenschutz@iqwig.de

3. Corporate data protection officer

Tel: +49 (0)172 251 1331
E-mail: datenschutzbeauftragter@iqwig.de

4. Regulatory agency

Country: Germany

North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen).

Postal address: Postfach 20 04 44, 40102 Düsseldorf

Tel: +49 (0)211 384 24 - 0
Fax: +49 (0)211 384 24 - 10
E-mail: poststelle@ldi.nrw.de

D. Your rights – Data protection

1. Information about your data, deletion and additional rights

You have the right to receive information about data that has been saved pertaining to your person at any time (Article 15 of the European General Data Protection Regulation). In addition, under the legal provisions of Articles 16 to 21 of the European General Data Protection Regulation, you are entitled to the correction and deletion of your data, and the limitation of the processing and the portability of the data you have provided.

2. Complaints

You have the right to contact the corporate data protection officer of the company at any time with any complaints about the processing of your data (e.g. suspicion of misuse, unauthorized access or loss of your data). His contact details are listed above in C. Contact details. In addition, you are entitled to file a complaint with any data protection regulatory agency. The regulatory agency responsible for this institute is listed above in C. Contact details.

3. Withdrawal of consent

If the processing of your data is based on your consent, you may revoke your consent at any time effective for the future. The processing of your data that has been completed up to your withdrawal of consent remains legal. If the processing of your data is based on our legitimate interest, you may object to the processing of the data for reasons that derive from your particular circumstances. We will only continue to process your data if there is proven to be compelling and legitimate grounds for doing so that prevail against your interests, rights and liberties or if the processing serves the assertion, execution or defense of legal claims.

Any issues can be directed to the contacts listed in C.

Last update: 06/25/18