Data protection regulations for IQWiG websites

A. Introduction

We are committed to protecting your privacy. These data protection regulations describe how we handle your personal data when you visit our websites and make any entries, as well as how we manage the information that we receive from you through your visit and your entries which makes it possible to identify you. As regards the collection, use and processing of your personal data, IQWiG complies with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

When you use our websites, your computer transmits your IP address to our computers based on the internet protocol (IP). Our computers require this address to send you the content that you request by visiting our website. After your visit, we save these IP addresses and then delete them within 14 days. These 14 days allow us to find out what has happened in the event of any error messages. We do not match these IP addresses with other personal data.

IQWiG currently operates three websites:

B. Detailed information

In the following you will find detailed information about how we manage personal data – separately for each of the websites, insofar as it makes it easier to understand.

1. External hosting

Our websites are hosted by an external service provider. There is a legal agreement with the hosting agency concerning contracted data processing on the basis of currently applicable law.

2. etracker

We use the services of etracker GmbH (Hamburg, Germany) on the websites www.iqwig.de, www.themencheck-medizin.iqwig.de, www.gesundheitsinformation.de and www.informedhealth.org to analyze website use data. Cookies are used for the purpose of allowing a statistical analysis of visitors’ use of the website. Cookies are small text files that are saved on the user’s device by the internet browser for a limited time. etracker cookies do not contain any information that would make it possible to identify a user. The cookie that can recognize a repeat visit to a website is not used by us and has been deactivated.

The following data are collected: ID (pseudonymized), website page views, area page views by area, page views by domain, clickstreams, entry and exit pages, document page views, clicks between the websites, providers, referrers, search engine keywords, country of origin, region of origin, city of origin, internet access used (mobile, DSL, cable, ISDN, dial-up), operating system used, screen size, colors, browser used, language used, plugins used, supporting technologies.

The data generated through our contract with etracker are processed and saved exclusively in Germany and are thereby subject to German and European data protection laws and standards. etracker has been independently tested, certified and granted a data protection seal for this purpose.

The data is processed on the basis of art. 6 para. 1 point f (“legitimate interest”) of the EU General Data Protection Regulation (EU-DSGVO). Our legitimate interest is the optimization of our online information and our website. Because the privacy of our users is especially important to us, the IP address saved at etracker is abbreviated as quickly as possible, whereby it is anonymized, and then together with the registration or device codes at etracker it is transformed into a unique ID that is not assigned to a single person. Neither etracker nor we will make other use of your data, compile them with other data, or share them with any third parties.

3. Our individual websites

3.1 www.iqwig.de

Personal data are collected on our website via etracker when your register as an external expert or for an IQWiG event, via the contact details form, and when you subscribe to the IQWiG Information Service ("IQWiG-Infodienst").

The following data are collected:

  • etracker: as described above in B.2
  • Registration as external expert: form of address, last name, first name, title, postal address, telephone number, fax number, e-mail address, and a response to: Would you like to receive further information via e-mail?, year of higher education degrees, details of your current professional occupation, details of previous occupations, details of publications, confirmation of being able to perform the consultation in German, certifications as a medical specialist for those affected by the medical condition, specialist fields for which there is an interest in cooperation with those affected by the medical condition, specialist area in which you have particular professional experience
  • Registration to IQWiG events: event date, form of address, title, first name, last name, institution, position, street address, postal code, city, telephone number, e-mail address, comment
  • Via the contact details form: first name, last name, e-mail address
  • Subscription to the IQWiG Information Service: e-mail address, password and voluntary provision of form of address, last name, first name

The data are collected on the basis of a legitimate interest in accordance with art. 6 para. 1 point f DSGVO (etracker, registration to IQWiG events, contact details form) as well as consent in accordance with art. 6 para. 1 point a of the DSGVO (subscription to the IQWiG Information Service, registration as an external expert).

The data are collected, processed and saved in the following procedure:

  • etracker: as described above in B.2
  • Registration as an external expert: Entry requesting access to “My IQWiG” with the required details E-Mail address, password, first name, last name as expert; sending of an e-mail from the CMS to the provided e-mail address with a verification link (double opt-in), confirmation of registration by clicking on the link; opening of a confirmation page with a link to the log-in; After logging in confirming the data protection notification and filling out the form, sending the form, confirmation via the website, storage in the CMS, access for users via log-in at any time to process the data as well as processing performed by editors, transfer of data to an internal database and processing by a defined group of persons.
  • Registration to IQWiG events: entry and transfer of the registration data via the online form with confirmation of the conditions of participation by the participant, forwarding of the registration to the person responsible at IQWiG or an external event agency, confirmation of registration sent to the participant
  • Via the contact details form: entry of query and a contact e-mail address (required field) in a form and submission; forwarding of data from the CMS via e-mail to the address info@iqwig.de, query is responded to from this address
  • Subscription to IQWiG Information Service: Entry requested for access to “My IQWiG” with the required information of e-mail address and password, as well as (optional) last name, first name by the subscriber; sending of an e-mail from the CMS tot he provided e-mail address with a verification link (double opt-in), confirmation of the registration by clicking on the link; opening of an confirmation page with a link to log-in; after logging in, confirmation of the data protection notification and filling out the form, submission of the form, confirmation via website, storage in the CMS, access for users via log-in at any time to process the data as well as processing performed by editors

Data access and processing are each performed by a group of persons designated in advance.

No personal data will be shared with any third parties, with the exception of etracker, as described above in B.2, as well as the forwarding of the registration forms for the autumn symposium to the event agency. There is a legal agreement with each concerning contracted data processing on the basis of currently applicable law.

The data are deleted as follows and the deletion is recorded in a log:

  • etracker: as described above in B.2
  • Registration as an external expert: user profile on “My IQWiG” by the user themselves via log-in or by editors at the request of the user immediately; non-confirmed registrations – automatically after 7 days
  • Registration to IQWiG events: registration forms via e-mail after 8 months; Excel table with the registration data after 1 year
  • Via the contact details form: deletion of the e-mail address after the query has been answered
  • Subscription to IQWiG Information Service: user profile by the user themselves or by editors at the request of the user immediately; non-confirmed registrations – automatically after 7 days; e-mails used for communication automatically after 4 weeks

3.2. www.themencheck-medizin.iqwig.de

Personal data are collected on this website when a suggestion for a topic is submitted via the suggestion form.

The following data are collected:

  • Your topic
  • Your subject
  • Why is the topic important?
  • Other
  • Form of address
  • Title
  • First name
  • Last name
  • Telephone number
  • Email address
  • Rules of procedure accepted (date/time)
  • Data protection regulations accepted (date/time)

These data are collected for the purpose of fulfilling the tasks assigned to IQWiG in accordance with § 139b para. 5 SGB V and on the basis of the consent provided upon submission of the data to the suggestion form.

The data are collected, processed and saved in the following procedure:

  • Entry and confirmation of an e-mail address (this is not saved and is used solely for the purpose of sending a web link.)
  • Sending of an e-mail with a web link to the provided address
  • Entry of all of the above data into the suggestion form that can be opened via the web link
  • Encryption of data (csv file) and weekly import from server
  • Transfer of data to one Word and one Excel document for further processing

Data access and processing are performed by a group of persons designated in advance; all of the processing steps involved in the topic suggestion are documented for verification.

The personal data will not be shared with any third parties. Only the selected topic suggestions will be published on the website and made available to a group of researchers for processing.

The data in the Word and Excel documents will be deleted as follows and the deletion will be recorded in a log:

  • Csv files: 1 week after the data are imported (content: your topic, your subject, why the topic is important, other, form of address, title, first name, last name, telephone number, e-mail address)
  • Topic suggestions not accepted to the topic list: 4 weeks after sending an e-mail to the person making the suggestion informing them that it was not accepted
  • Topic suggestions not selected for HTA reports: 4 weeks after sending an e-mail to the person making the suggestion informing them that it was not selected
  • Topic suggestions selected for HTA reports: 4 weeks after the final correspondence with the person making the suggestion

The following items will be deleted: topic, subject, why the topic is important, other, form of address, title, first name, last name, telephone number, e-mail address as well as any correspondence with the person suggesting the topic (via phone or e-mail).

3.3. www.gesundheitsinformation.de / www.informedhealth.org

On these websites, personal data are collected via etracker, via a contact details form, via the option to make a recommendation to someone else via e-mail, and when subscribing to the newsletter.

The following data are collected:

  • etracker: as described above in B.2
  • Via the contact details form: e-mail address
  • Recommendation via e-mail: e-mail addresses of the sender and the recipient
  • Newsletter subscription: e-mail address

The data are collected on the basis of a legitimate interest in accordance with art. 6 para. 1 point f DSGVO (etracker, contact details form, recommendation) as well as consent in accordance with art. 6 para. 1 point a of the DSGVO (newsletter subscriber).

The data are collected, processed and saved in the following procedure:

  • etracker: as described above in B.2
  • Via the contact details form: entry of a query and a contact e-mail address (required field) in the contact details form and submission; forwarding of data via e-mail to the address info@gesundheitsinformationen.de, query answered from this address
  • Recommendation via e-mail: sending of a message, no processing or saving takes place
  • Newsletter subscription: entry of a newsletter request and a contact e-mail address (required field) in the contact details form and submission, sending of an e-mail from the CMS to the provided e-mail address with a verification link (double opt-in, date of confirmation is documented)

Data access and processing are each performed by a group of persons designated in advance.

No personal data will be shared with any third parties, with the exception of etracker, as described above in B.2.

The data are deleted as follows and the deletion is recorded in a log:

  • etracker: as described above in B.2
  • Via the contact details form: deletion of the e-mail address after the query has been answered within 30 days
  • Newsletter subscription: deactivation of the user profile after the user has unsubscribed from the newsletter, deletion of inactive profiles on a quarterly basis, shipping e-mails automatically after 4 weeks

4. Facebook, Twitter, Google+

On our websites we use recommendation buttons for the social networks Facebook, Twitter and Google+. By using these buttons it’s possible for members of these networks to share an article or page from our websites in their profile or to follow us in the respective network. We do not transfer any data to these social networks, nor do we receive any data from them. However, when these network buttons are activated, they can analyze the movements on our pages (provided that the user is logged in to the respective social network). You can find more information about this in the data protection statements provided by Facebook, Twitter and Google+.

If you do not want your data to be collected by Facebook, Twitter and Google+, we recommend logging out of the respective network and deleting the cookies prior to visiting our websites.

C. Contact details

1. Website operator:

Foundation for Quality and Efficiency in Health Care (Stiftung für Qualität und Wirtschaftlichkeit im Gesundheitswesen), a private law foundation with legal capacity

Location: Wegelystraße 8, 10623 Berlin

Postal/Contact address: Im Mediapark 8, 50670 Cologne (Germany)

Phone: +49 (0)221 35685-0 Fax: +49 (0)221 35685-1 E-mail: info@iqwig.de

Value added tax identification number (VAT ID): DE294294672

Authorized to represent: Prof. Dr. med. Jürgen Windeler (Head of Institute), Dr. med. Stefan Lange (Deputy Head of Institute), two board members selected by the board of trustees (in accordance with § 12 para. 1 of the foundation statute)

The Foundation is the governing body of the Institute for Quality and Efficiency in Health Care (IQWiG).

2. Contact details of the responsible officer

Officer responsible for the processing of the personal data of visitors to the websites referred to here:

Institute for Quality and Efficiency in Health Care (IQWiG)

Postal address: IQWiG, Data Protection Officer (Datenschutzbeauftragter), Im Mediapark 8, 50670 Cologne, Germany

Phone: +49 (0)221 35685-0 Fax: +49 (0)221 35685-1 E-mail: datenschutz@iqwig.de

3. Contact details of the corporate data protection officer

Christian Bunge Phone: +49 (0)172 251 1331 E-mail: datenschutzbeauftragter@iqwig.de

4. Contact details of the responsible regulatory agency

Country: Germany

North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen).

Postal address: Postfach 20 04 44, 40102 Düsseldorf

Phone: +49 (0)211 384 24 - 0 Fax: +49 (0)211 384 24 - 10 E-mail: poststelle@ldi.nrw.de

D. Your rights – Data protection

1. Information about your data, deletion and additional rights:

You have the right to receive information about data that has been saved pertaining to your person at any time (Article 15 of the European General Data Protection Regulation). In addition, under the legal provisions of Articles 16 to 21 of the European General Data Protection Regulation, you are entitled to the correction and deletion of your data, and the limitation of the processing and the portability of the data you have provided.

2. Complaints:

You have the right to contact the corporate data protection officer of the company at any time with any complaints about the processing of your data (e.g. suspicion of misuse, unauthorized access or loss of your data). His contact details are listed above in C. Contact details. In addition, you are entitled to file a complaint with any data protection regulatory agency. The regulatory agency responsible for this institute is listed above in C. Contact details.

3. Withdrawal of consent:

If the processing of your data is based on your consent, you may revoke your consent at any time effective for the future. The processing of your data that has been completed up to your withdrawal of consent remains legal. If the processing of your data is based on our legitimate interest, you may object to the processing of the data for reasons that derive from your particular circumstances. We will only continue to process your data if there proven to be compelling and legitimate grounds for doing so that prevail against your interests, rights and liberties or if the processing serves the assertion, execution or defense of legal claims.

Please direct your inquiry to the appropriate office as listed in C. Contact details.

Last updated: May 29, 2018