Privacy

We are pleased to see that you are interested in our website.
The German Center for Neurodegenerative Diseases /Deutsche Zentrum für Neurodegenerative Erkrankungen e. V. (hereinafter referred to as “DZNE”) takes the protection of personal data very seriously.
As a general rule, you can use our website without providing personal data.

This data privacy statement refers both to our websites and our online presence on social media (Facebook, Instagram, Twitter, LinkedIn, Xing).

Data Privacy Statement

(January 14th 2019, version 1.3)

The controller responsible for data processing pursuant to the General Data Protection Regulation (hereinafter referred to as “GDPR”) and other national data protection laws is:

Deutsches Zentrum für Neurodegenerative Erkrankungen e. V. (DZNE)
Sigmund-Freud-Straße 27
53127 Bonn
Germany
Tel.: +49 228 43302-0
E-mail: information@dzne.de 
Website:
www.dzne.de

Represented by the Executive Board:

Prof Pierluigi Nicotera MD, PhD (Chief Science Officer and Chairman of the Executive Board)
Dr Sabine Helling-Moegen, LL.M. (Chief Administrative Officer)

Contact data of the Data Protection Officer of DZNE

Deutsches Zentrum für Neurodegenerative Erkrankungen e. V. (DZNE)
Data Protection Office
Data Protection Officer
Tel.: +49 228 43302-0
E-mail:
datenschutz@dzne.de
 

General information on data processing

Scope of personal data processing

Generally, we only process the personal data of our users if it is necessary in order to provide a functional website and make available our content and services. The processing of our users’ personal data is, as a rule, only carried out with their consent. An exception applies in cases where, obtaining prior consent is factually impossible and where the processing of data is permitted by law.

Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for processing personal data, point a) of Article 6 (1) of the European General Data Protection Regulation (hereinafter referred to as “GDPR”) serves as legal basis.
When processing personal data that is required for the performance of a contract which the data subject is party to, point b) of Article 6 (1) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If the processing of personal data is required to fulfil a legal obligation that our company is subject to, point c) of Article 6 (1) of the GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of DZNE or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the interest of DZNE, point f) of Article 6 (1) of the GDPR serves as the legal basis for processing.

Data deletion and period of storage

The personal data of the data subject will be deleted or its processing restricted as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if such storage is stipulated by the European or national legislator in EU regulations, laws or other rules that we are subject to. The restriction of processing or the deletion of data shall also be carried out if the storage period prescribed by the aforementioned standards has expired unless there is a need for the further storage of data for the conclusion or performance of a contract.


Provision of the website and creation of log files

Description and scope of data processing

Every time our website is accessed, the system of our host automatically collects data and information from the system of the computer that is accessing our website. During that process the following data is collected:

  1. Information about browser type and version used
  2. The user’s operating system
  3. The user’s Internet service provider
  4. The user’s IP address
  5. Date and time of access

In addition, the data is stored in the log files of our host. This data is not stored together with other personal data of the user.

Legal basis of data processing

The legal basis for the temporary storage of data and log files is point f) of Article 6 (1) of the GDPR.

Purpose of data processing

The temporary storage of the IP address by the host is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The data is stored in log files to facilitate the functionality of the website. In addition, the data is used to ensure the security of our IT systems. During that process an evaluation of the data for marketing purposes does not take place.

These purposes constitute our legitimate interest in data processing according to point f) of Article 6 (1) of the GDPR.

Period of storage

The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days. The data may be stored for a longer period of time. In such a case, the IP addresses of the user are deleted or masked so that they can no longer be allocated to the caller unless they are needed for the detection of criminal offences.

Possibility of objection and elimination

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility of objection on the part of the user.


Use of cookies

Description and scope of data processing

We do not use cookies on our website

Registration for NeuroDiseaseMonitor

Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask as well as transmitted to and saved by us. The data will not be passed on to third parties. The following data is collected as part of the registration process:

  1. First name
  2. Surname
  3. E-mail address

At the time of registration, the following additional data is stored:

  1. Date and time of registration

As part of the registration process, the user is asked for his consent to the processing of this data via the double opt-in procedure.

Legal basis of data processing

If the user has given his consent, the legal basis for the processing of data is point a) of Article 6 (1) of the GDPR.

Purpose of data processing

A registration of the user is necessary for the provision of certain contents and services for the use of the NeuroDiseaseMonitor.

Period of storage

The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. This depends on the status after registration for a period of 90 days or, in the case of a gross violation of the GTC, for 360 days.

Possibility of objection and elimination

As a user you may cancel the registration at any time. You may have your stored data corrected at any time. In order to revoke their data, users must turn to the contact indicated in the data protection notice of the NeuroDiseaseMonitor. 

Press distribution list

Description and scope of data processing

DZNE offers free delivery of press releases by e-mail. For this purpose, the following information is collected:

  1. Surname
  2. First name
  3. E-mail address
  4. Type of media
  5. Area of responsibility
  6. Telephone number
  7. Official address

The data will not be passed on to third parties. The data will be used exclusively for the dispatch of press releases and for the editorial establishment of contact.

Legal basis of data processing

If the user has given his consent, the legal basis for the processing of data is point a) of Article 6 (1) of the GDPR. The legal basis for the processing of data without the consent of the user is point f) of Article 6 (1) of the GDPR. In this case, our legitimate interest is the press-related activities of our research institute.

Purpose of data processing

The collection of the user's e-mail address is used to provide press information. Additional personal data is collected in order to establish personal contact.

Period of storage

The data will be deleted as soon as it is no longer needed to achieve the purpose of its collection or if the delivery of press information is terminated by the user.

Possibility of objection and elimination

The delivery of press releases may be terminated by the user at any time. Users must send their revocation to:

Deutsches Zentrum für Neurodegenerative Erkrankungen e. V. (DZNE)
Data Protection Office
Keyword: press distribution list
Sigmund-Freud-Straße 27
53127 Bonn

In the event of a revocation, the data will be deleted immediately.

Applications

Description and scope of data processing

On our website, we offer users the opportunity to apply for a job by providing personal data. The data is entered into an input mask, uploaded, transferred to us and saved.

In addition to the HR department, the responsible management of the DZNE unit (e. g. working group, department, staff unit) has access to the application documents where the position on offer is organised. In addition, the competent works council and/or the representative looking after the interests of severely disabled persons may also have access to application documents. The data will not be passed on to third parties.

If the application documents contain information and details that are unnecessary for the evaluation of these criteria, the applicant expressly makes them available to the DZNE on a voluntary basis. Any application data including racial or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data or data on sex life or sexual orientation is provided on a strictly voluntary basis.

The information is treated strictly confidentially and encrypted during electronic transmission.

DZNE shall refrain from making, either directly or indirectly, any financial resources available to persons listed in several EU regulations (e. g. EU measures destined to combat terrorism or comply with embargo rules). An employment contract would meet these criteria and should therefore be avoided. For this reason, the company shall check any applicant to ensure they are not included in such lists.

The applicant selection process is based on the criteria of aptitude, skills and relevant qualifications.

The following data is collected during the registration process:

  1. Form of address
  2. First name
  3. Surname
  4. E-mail address
  5. Other applicant data and documents, e.g. curriculum vitae, certificates, photograph

At the time of registration, the following data is also stored:

  1. IP address
  2. Date and time of access
  3. Operating system
  4. Browser type and version

Legal basis of data processing

The legal basis for data processing is point b) of Article 6 (1) of the GDPR in connection with Article 26 of the German Federal Data Protection Act pursuant to the implementation of pre-contractual measures in the context of the application procedure. The legal basis for checking the candidates against lists of persons is EC Regulation 2580/2001 and EC Regulation 881/2002 as well as all embargo regulations implemented by the EU. The legal basis for the processing of the data by the responsible works council is section 80 of the German Works Constitution Act. The legal basis for the processing of data by the representative looking after the interests of severely disabled persons is section 81 and 95 of the Fourth Book of the German Social Security Code.

Purpose of data processing

The data is processed to facilitate the decision of whether or not to enter into an employment contract and is necessary to ensure that the candidate can take part in the application process.

Period of storage

The submitted application documents will be deleted completely six months after completion of the application process and the dispatch of a letter informing the candidate of his rejection.

Possibility of objection and elimination

The data stored about you may be changed or applications may be withdrawn by you at any time. Users must send their revocation to:

Deutsches Zentrum für Neurodegenerative Erkrankungen e. V. (DZNE)
Data Protection Office
Keyword: online application
Sigmund-Freud-Straße 27
53127 Bonn

In the event of revocation, the data will be deleted immediately.

Newsletter

Description and scope of data processing

You may want to subscribe to a free newsletter on our website. When registering for the newsletter, the following data from the input mask will be transmitted to us as a minimum.

  1. Surname
  2. First name
  3. E-mail address

In addition, the following data is collected upon registration:

  1. IP address of the calling computer
  2. Date and time of registration

During the registration process, your consent for processing the data is obtained and reference is made to this data protection declaration.
In connection with the processing of data for the dispatch of newsletters, no data is passed on to third parties. The data will only be used for sending the newsletter.

Legal basis of data processing

If the user has given his consent, the legal basis for the processing of data after having registered for the newsletter is point a) of Article 6 (1) of the GDPR.

Purpose of data processing

The user's e-mail address is processed in order to deliver the newsletter and prevent misuse of the services or the e-mail address used. Any additional personal data processed during the registration process is used to establish personal contact.

Period of storage

The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. The user's surname, first name and e-mail address will therefore be stored for as long as the subscription to the newsletter is active. Other personal data collected during the registration process will generally be deleted after a period of seven days.

Possibility of objection and elimination

The subscription to the newsletter may, at any time, be cancelled by the respective user. For this purpose, a corresponding link is included in every newsletter or users may, at any time, unsubscribe on events.dzne.de.

Registration for events

Description and scope of data processing

On our website, we offer users the opportunity to register for events by entering their personal data. The data is entered into an input mask and saved. The data will not be passed on to third parties. The personal information requested when registering for events varies depending on the event. The following data is regularly collected during the registration process:

  1. Title
  2. Form of address
  3. First name and surname
  4. Function
  5. Organisation
  6. Address of organisation
  7. Country
  8. Telephone number
  9. E-mail address

At the time of registration, the following additional data is stored:

  1. User’s IP address
  2. Date and time of registration

During the registration process, the user's consent to the processing of this data is obtained.

Legal basis of data processing

If the user has given his consent, the legal basis for the processing of data is point a) of Article 6 (1) of the GDPR.

Purpose of data processing

The data processed as part of event registration is, as a minimum, used for the purpose of organising, planning and carrying out the event. Further data will be processed based on additional declarations of consent.

Period of storage

The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected.
The data collected during an event will be deleted as soon it is no longer required.

Possibility of objection and elimination

As a user you may, at any time, have your data changed.
The user must send his revocation to the controller using one of the various contact options available or to the specific contact person listed for the event in question at events.dzne.de

Contact database

Description and scope of data processing

The DZNE processes the personal data of contact partners from the world of business, politics and the public sector. This personal data is generally collected by the DZNE using registers, the websites of the contact partners, business cards and communication with the said persons while working together or engaging in business relations. The data generally includes:

  1. Title
  2. Surname
  3. First name
  4. Function
  5. Organisation
  6. Address of the organisation
  7. Country
  8. Telephone number
  9. E-mail address

Under no circumstances will the personal data be passed on to third parties.

Legal basis for data processing

Where the processing is based on the consent of the person concerned, the legal basis for processing personal data is article 6(1) lit. a of the European General Data Protection Regulation (hereinafter referred to as “GDPR”). In the absence of a declaration of consent by the person concerned, article 6(1) lit. f of the GDPR is the legal basis for processing the data. In such a case, our justified interest is the communication between our research institute and the person concerned. If the processing of personal data is required to fulfil a contract or a pre-contractual measure, it is article 6(1) lit. b of the GDPR that serves as legal basis.

Purpose of data processing

The personal data is processed in order to provide information about the DZNE (for example about new events, surveys, reports), to pass on congratulations at special occasions and to generally keep in contact with people.

Duration of storage

The data is processed until you withdraw your consent and it is erased as soon as it is no longer necessary to achieve the purpose for which it was collected unless such erasure breaches retention duties or you have consented to its further use.

Withdrawal and erasure option

You may, at any time, have the data stored about you altered or object to its future processing. If you wish to withdraw your consent, please contact:

Deutsches Zentrum für Neurodegenerative Erkrankungen e.V. (DZNE)
Data Protection Unit
Reference: Contact Database
Sigmund-Freud-Strasse 27
53127 Bonn

If you withdraw your consent, the data shall be erased forthwith unless such erasure breaches retention duties.

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller.

Right of access

You have the right to obtain from us a confirmation as to whether or not personal data concerning you are processed by us.
If this is the case, you are entitled to request the following information from us:

  1. the purposes for which the personal data is processed;
  2. the categories of personal data that is processed;
  3. the recipients or categories of recipient to whom the personal data concerning you has been or will be disclosed;
  4. the envisaged period for which the data concerning you will be stored, or if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or deletion of personal data concerning you or of restriction of processing of personal data or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. all available information as to the data source where the personal data is not collected from you;
  8. the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
  9. You have the right to be informed of whether personal data concerning you is transferred to a third country or an international organisation. In this context you are entitled to request to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR.

Right to rectification

You have the right to ask us to rectify and/or complete personal data concerning you if the processed personal data is incorrect or incomplete. This rectification will be carried out without undue delay.

Right to restriction of processing

Under the following conditions you have the right to obtain (from the controller) restriction of processing of the personal data concerning you:

  1. if you contest the accuracy of the personal data concerning you for a period that enables us to verify the accuracy of the personal data;
  2. if the processing is unlawful and you oppose the deletion of the personal data and request the restriction of the personal data instead;
  3. if we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or
  4. if you have objected to processing pursuant to Article 21 (1) of the GDPR pending the verification as to whether our legitimate grounds override your grounds.

Where processing of the personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or a Member State.

If processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

Right to deletion

Obligation to delete personal data

You have the right to ask us to delete the personal data concerning you with undue delay where one of the following grounds applies:

  1. the personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  2. you withdraw the consent on which the processing is based according to point a) of Article 6 (1) or point a) of Article 9 (2) of the GDPR and there is no other legal ground for processing;
  3. you object to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing to Article 21 (2) of the GDPR;
  4. the personal data concerning you has been unlawfully processed;
  5. the deletion of personal data concerning you is necessary for compliance with a legal obligation in EU or Member State law that we are subject to;
  6. the personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.

Information to third parties

If we have made the personal data concerning you public and if we are obliged, pursuant to Article 17 (1) of the GDPR, to delete the personal data concerning you, we will, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform the controllers processing the personal data that you as data subject have requested the deletion of any links to or copies or replication of such personal data.

Exceptions

The right to deletion shall not apply to the extent that processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation that requires processing by EU or Member State law that we are subject to, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 (2) of the GDPR as well as Article 9 (3) of the GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) of the GDPR in so far as the right referred to in paragraph 1) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

Right of information

If you have exercised your right of rectification, deletion or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning you has been disclosed, of this rectification or deletion of the data or restriction of processing unless this proves impossible or involves a disproportionate effort.

You have the right vis-à-vis us to be informed of these recipients.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided us with, in a structured, commonly used and machine-readable format. You furthermore have the right to transmit that data to another controller without hindrance from us, where:

  1. the processing is based on consent pursuant to point (a) of Article 6 (1) of the GDPR or point (a) of Article 9 (2) of the GDPR or on a contract pursuant to point (b) of Article 6 (1) of the GDPR; and
  2. the processing is carried out by automated means.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly by us to another controller, where technically feasible. The freedoms and rights of other persons must not be affected hereby. The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) or (f) of Article 6 (1) of the GDPR, including profiling based on those provisions. As a result, we no longer process the personal data concerning you unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise of defence of legal claims. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or which affects you similarly significantly.
This shall not apply if the decision:

  1. is necessary for entering into or performing a contract between you and us; ,
  2. is authorised by EU or Member State law that we are subject to and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.

These decisions, however, shall not be based on special categories of personal data referred to in Article 9 (1) of the GDPR unless point (a) or (g) of Article 9 (2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. In cases referred to in paragraphs 1. and 3. we implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of us, to express your point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

The competent supervisory authority of DZNE is:

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30
53117 Bonn

Info-Hotline

Thursdays 1:30-4:30 pm

Patients +49 800-7799001

(free of charge)

Professionals +49 180-779900

(9 Cent/Min. German landline, mobile and out of Germany possibly more expensive)