Skip to main content

Data protection

I. General information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to personally identify you (e.g. name, address, email address or telephone number). Detailed information on the subject of data protection can be found in our data protection declaration listed below this text.

 

1. Definitions

According to the wishes of the European legislator for directives and regulations, a data protection declaration should be both easy to read and easy to understand for everyone. So that we can ensure this, our data protection declaration is based on the definitions set out in Article 4 of the EU General Data Protection Regulation (hereinafter “GDPR”). Accordingly, we use the following terms, among others, in this data protection declaration:

  • personal data ” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); A natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of that natural person;
  • data subject ” means any identified or identifiable natural person whose personal data are processed by the data controller;
  • Processing ” means any operation or series of operations carried out on personal data, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or modification, reading, consultation, use , disclosure by transmission, distribution or other form of making available, alignment or combination, restriction, deletion or destruction;
  • restriction of processing ” the marking of stored personal data with the aim of restricting their future processing;
  • Profiling ” any type of automated processing of personal data, which consists in using that personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal Analyze or predict that natural person's preferences, interests, reliability, behavior, location or movements;
  • Controller ” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, decides on the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • Recipient ” means a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the context of a specific investigative task under Union or Member State law shall not be deemed to be recipients; the processing of these data by the said authorities will be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;
  • third party ” means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor;
  • Consent ” of the data subject means any voluntary, specific, informed and unambiguous expression of the wishes of the data subject in the form of a statement or other unequivocal affirmative action by which the data subject indicates that he or she consents to the processing of personal data concerning him or her agrees.
  • “Processor” means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;

 

2. Name and address of the person responsible

The person responsible for processing within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Responsible person:

Klinikum Bremerhaven-Reinkenheide gGmbH
Postbrookstraße 103

27574 Bremerhaven

Management: Dr. rer. med. Witiko Nickel, Dr. med. Susanne Kleinbrahm, Frank Kühl

Telephone: (+49) 04747 299 - 0 
Fax: (+49) 04747 299 - 3573 

Email: info@klinikum-bremerhaven.de

 

3. Name and address of the data protection officer

The data protection officer is:

Oliver Stutz 
c/o Data Protection Nord GmbH

Konsul-Smidt-Str. 8828217 Bremen

Contact person: Mr. Dominik Bleckmann 
Telephone: (+49)0421 696 632 – 0

Email: datenschutz@klinikum-bremerhaven.de

The data protection supervisory authority is:

Die Landesbeauftragte für Datenschutz und Informationsfreiheit
Arndtstraße 1 
27570 Bremerhaven

 

4. Types of data we process

  • Inventory data (e.g. names and addresses)
  • Contact details (e.g. email address, telephone number)
  • Content data (e.g. entered texts)
  • Usage data (e.g., websites visited, access times).
  • Communication data (e.g. information from devices used to access our website, IP addresses).

In individual cases, additional data may also be the subject of processing by us. This is described in more detail under II. in this data protection declaration in connection with the respective type of data processing in individual cases.

 

5. Persons affected by data processing

All visitors and users of our website (hereinafter collectively referred to as “users”) are affected within the meaning of the GDPR.

 

6. Purpose of processing

We process the user's data in individual cases for the following purposes (the following list is not exhaustive; further ticks may be mentioned further down in this data protection declaration under II.):

  • So that we can provide our website including content and functions.
  • Communication with users of our website
  • Safety measures

 

7. Scope of processing of personal data

As a general rule, we only collect and use personal data from visitors to our website to the extent that this is necessary to provide a functional website and our content and services. We will neither collect nor use our users’ personal data without the user’s prior consent. The use or collection of our users' data without prior express consent only occurs in exceptional cases in which obtaining prior consent is not possible for actual reasons and a legal regulation permits the processing of the data in exceptional cases.

 

8. Legal basis for processing personal data

Article 6 Paragraph 1 Letter a of the EU General Data Protection Regulation (GDPR) forms the legal basis in cases in which we obtain the express consent of the person concerned before processing personal data.

When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Art. 6 Para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 Paragraph 1 Letter c GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 Para. 1 lit. f GDPR serves as the legal basis for the processing (e.g. when using from web hosts, etc.).

 

9. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data to conclude or fulfill a contract.

II. Collection and storage of personal data as well as type and purpose of their use

1. Visiting our website

1.1. Description and scope of data processing

Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. This usually happens because the browser used on the user's device automatically forwards information to the server on our website, whereby this information is temporarily stored in a so-called log file. This is the following information, which is collected without your active participation solely through the transmission of the browser you are using and is then stored on the server of our website until it is automatically deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which our website server is accessed (referrer URL),
  • browser used and, if applicable, the operating system of the user's computer as well as the name of the user's access provider.

The data just presented will be processed by us for the following purposes:

  • Ensuring a smooth connection to the website,
  • Ensuring comfortable use of our website,
  • Evaluation of system security and stability as well
  • for further administrative purposes.

1. 2. Legal basis for data processing

The legal basis for processing the data is Article 6 Paragraph 1 Letter f GDPR.

1. 3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. To do this, the user's IP address must remain stored for the duration of the session.

1. 4. Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended.

1. 5. Possibility of objection and removal

The collection of data to provide the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility for the user to object.

 

2. Contact us via email

2.1. Description and scope of data processing

You are welcome to contact us using the email address we provided. If you contact us via email, we store the user's personal data sent to us in the email.

The data will not be passed on to third parties in this context. The data will only be used by us to process the conversation.

2.2. Legal basis for data processing

The legal basis for data processing for the purpose of establishing contact is Article 6 Paragraph 1 Sentence 1 Letter a GDPR in connection with the user's consent.

2.3. Purpose of data processing

If contact is made via email, this also represents the necessary legitimate interest in processing the data.

2.4. Duration of storage

We delete the data as soon as it is no longer necessary to achieve the purpose for which it was collected. With regard to data sent by email, this means that deletion takes place when the respective conversation with the user in question has ended. We consider the conversation with the user to be over in this sense as soon as it can be seen from the circumstances that the matter in question has been finally clarified.

2.5. Possibility of objection and removal

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot continue.

In this case, all personal data that was stored in the course of contacting us will be deleted.

 

3. Registration for events

3.1. Description and scope of data processing

We ask that you register in advance for many of our events. For this purpose, we provide online registration forms on the website. Registration is also possible by email, fax or post. For registration we ask for the following data:

  • Name first Name
  • e-mail
  • if applicable address
  • if necessary, telephone number
  • If applicable, employer and activity (for job-related training events)

We store the data to process the event and use it to communicate with participants. For online events, we use the email address to send participants access details for the event and to request their feedback on the event.

The data will not be passed on to third parties in this context. We will only use the data to carry out the event.

3.2. Legal basis for data processing

The legal basis for data processing for the purpose of registration is Article 6 Paragraph 1 Sentence 1 Letter b GDPR.

3.3. Purpose of data processing

The legitimate interest lies in the execution of the event.

3.4. Duration of storage

We delete the data as soon as it is no longer necessary to achieve the purpose for which it was collected. With regard to the data sent in the event registration, this means that deletion takes place when the event has taken place and all subsequent processes (such as sending a certificate of participation or requesting feedback) have been completed.

For tax or other legal reasons, we may be required to retain participant data for a legally defined period of time. If this is the case, the data will be deleted after the prescribed retention period has expired.

3.5. Possibility of objection and removal

The user has the option to revoke his consent to the processing of personal data at any time. In this case, all personal data that was stored during registration will be deleted unless there is another legal obligation to retain it. Participation in this event is not possible after the registration data has been deleted.

 

4. Contact as part of praise and complaint management

4.1. Description and scope of data processing

As a user, you have the opportunity to send us praise, a complaint or a note via our website under the “Feedback” section as part of the “Praise and Complaint Management”. We provide an online form for this purpose. The use of this online form is voluntary.

As part of the online form for “praise and complaint management”, we collect and process the following personal data from the user:

  • Name first Name
  • address
  • Telephone number
  • e-mail
  • Stay
  • Suggestions, opinions, praise or criticism
  • Information about whether the user is a patient, relative, visitor or blood donor

You also have the option of informing us if you would like to contact us. Here you have the option of simply making a message (without contacting us) and choosing between written and telephone contact.

4.2. Legal basis for data processing

The legal basis for data processing in connection with online applications is Article 6 Paragraph 1 Sentence 1 Letter a GDPR in connection with the user's consent.

4.3. Purpose of data processing

The collection and processing of the user's personal data is carried out exclusively in connection with the communication of praise, complaints or tips by the user. We would like to point out that the user's personal data is generally only passed on to internal departments in our company that are responsible for the specific application process.

Personal data will not be passed on without the user’s prior express consent.

4.4. Duration of storage, possibility of objection and removal

We generally delete your personal data that you have provided to us in connection with the use of the online form in connection with “Praise and Complaint Management” automatically three months after your request. However, if legal regulations prevent deletion of the data or you have agreed to longer storage or storage is necessary for the purpose of providing evidence, storage beyond the three-month period mentioned above is also possible.

 

5. Applications

5.1. Collection and storage of personal data as well as type and purpose and their use

If you apply to us, we collect the following information:

  • Salutation, first name, last name
  • a valid email address
  • Address
  • Telephone number (landline and/or mobile phone)
  • Information necessary for the application (e.g. certificates, CV)

This data is collected to process your application, in particular to check your qualifications and to be able to communicate with you;

The data processing takes place in response to your application and is necessary in accordance with Article 6 Paragraph 1 Sentence 1 Letter b GDPR for the purposes mentioned for the appropriate processing of the application and for the mutual implementation of pre-contractual measures.

The personal data we collect for the application will be stored for 6 months and then deleted, unless we do so in accordance with Article 6 Paragraph 1 Sentence 1 Letter c GDPR due to tax and commercial law retention and documentation obligations (from HGB, StGB or AO) are obliged to store the data for a longer period of time or you have consented to further storage in accordance with Article 6 Paragraph 1 Sentence 1 Letter a of the GDPR.

Your personal data will not be transmitted to third parties.

5.2. Rights of those affected

You have the right:

  • In accordance with Art. 7 Para. 3 GDPR, you can revoke your consent to us at any time. This means that we are no longer allowed to continue the data processing based on this consent in the future;
  • in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if it was not collected by us, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information about its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or complete personal data stored by us;
  • in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is carried out to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
  • in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you refuse its deletion and we no longer need the data but you use it to assert or exercise your rights or need to defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible and
  • to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our office.

 

5.3. Right to object

If your personal data is processed on the basis of legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 of the GDPR, provided there are reasons for doing so. that arise from your particular situation.

If you would like to exercise your objection, simply send an email to bewerbung@klinikum-bremerhaven.de.

 

7. Use of cookies

7.1. Description and scope of data processing

In certain situations we use so-called cookies. A “cookie” is a small text file that is stored in the Internet browser or by the Internet browser on the user’s computer system. A cookie can only contain information that we send to your computer - private data cannot be read with it. If you have accepted cookies on our website, we will not have access to your personal information. With the help of cookies, we are able to identify your computer and to recognize your computer when you visit our website again using a characteristic string that allows the browser to be clearly identified when you visit the website again.

Cookies are used to make our offering more user-friendly, effective and secure, as well as to analyze usage patterns and structures of our website and thus provide us with information on how to optimize according to user behavior. These cookies are deleted as soon as you end the session or close your browser.

7.2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6 (1) (f) GDPR.

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) (f) GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes, if the user has given his consent, is Article 6 (1) (a) GDPR.

7.3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.

7.4. Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.

7.5. Cookie Statement

This website uses cookies. We use cookies to personalize content and ads, to provide social media features and to analyze access to our website. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may combine this information with other information that you have provided to them or that they have collected from your use of the Services. You consent to our cookies if you continue to use our website.

Cookies are small text files used by websites to make the user experience more efficient. 

By law we may store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. 

This site uses different types of cookies. Some cookies are placed by third parties that appear on our sites. 

You can change or withdraw your consent at any time from the cookie statement on our website. 

Find out more about who we are, how you can contact us and how we process personal data in our privacy policy.

Your consent applies to the following domains: klinikum-bremerhaven.de

Your current status: Reject.

Your consent ID: m++MvBcNcaf2AtwygOtIktpOU0tVNnNuE6oGZdebAAce0zivd0F73A==Consent date: Thursday, January 12, 2023 at 10:08:01 CET

Change consent

 

The cookie statement was last updated by Cookiebot on 9/13/23 :

Necessary (1)

Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Surname: CookieConsent
Provider: Cookiebot
Purpose: Stores the user's cookie consent status on the current domain.
Sequence: 1 year
Type: HTTP cookie

 

Statistics (1)

Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.

Surname: MATOMO_SESSID
Provider: piwik.netactive.de
Purpose: Used by Piwik Analytics Platform to track visitor page views during the session.
Sequence: session
Type: HTTP cookie

 

8. Use of YouTube

8.1. Description and scope of data processing

We link to our website videos from the social network “YouTube”, which is operated by YouTube LLC with its headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is operated by Google Inc., based at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. represent.

As soon as you as a user click on the link to a video available on YouTube, you will be redirected to the YouTube page. YouTube or Google may collect personal data from you. You can find out more in the privacy policy of YouTube or Google at https://policies.google.com/privacy?hl=de. It is expressly pointed out that we have neither knowledge of nor influence on the content of the transmitted data or its use by YouTube or Google.

 

8.2. Legal basis for data processing

The legal basis for processing the data is Article 6 Paragraph 1 Letter f GDPR.

8.3. Purpose of data processing

We use YouTube to make our website better known. The underlying advertising purpose is to be viewed as a legitimate interest within the meaning of Article 6 (1) (f) GDPR.

Regarding the purpose and scope of data collection and the further processing and use of personal data by YouTube itself and what rights you have in this regard and setting options to protect the privacy of users that YouTube itself provides, please refer to YouTube's data protection information, which you can find here can be found at the following link: https://policies.google.com/privacy

 

8.4. Duration of storage

It is expressly pointed out that we have no knowledge of the content of the transmitted data or its use or how long it will be stored by YouTube.

8.5. Possibility of objection and removal

If you do not agree that when you watch videos on the YouTube platform, YouTube can assign your visit to our website to you and collect data about you via our website and then, if necessary, connect it with the member data you have stored with YouTube and/or Google , you should log out of your personal YouTube user account and other user accounts of Google Inc. and YouTube LLC before visiting our website or watching YouTube videos via our website and also delete the corresponding cookies from the companies mentioned above.

 

9. Use of Google reCAPTCHA

We use the Google reCaptcha service to determine whether a human or a computer makes a specific entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the device used, the website you visit on our website and on which the captcha is integrated, the date and duration of the visit, the identification data of the device used Browser and operating system type, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images. The legal basis for the data processing described is Article 6 Paragraph 1 Letter f of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated entries (attacks).

Regarding the purpose and scope of data collection and the further processing and use of personal data by Google reCaptcha itself and what rights you have in this regard and setting options to protect the privacy of users that Google reCaptcha itself provides, please refer to Google reCaptcha's data protection information , which you can find at the following link: https://policies.google.com/privacy and https://policies.google.com/terms.

 

10. Analysis tools & advertising

Matomo (formerly Piwik)

This website uses the open source web analysis service Matomo. Matomo uses so-called “cookies”. These are text files that are stored on your computer and enable your use of the website to be analyzed. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before storage.

Matomo cookies remain on your device until you delete them.

The storage of Matomo cookies and the use of this analysis tool are based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising. If appropriate consent has been requested (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR; consent can be revoked at any time.

The information generated by the cookie about the use of this website will not be passed on to third parties. You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

If you do not agree to the storage and use of your data, you can deactivate the storage and use here. In this case, an opt-out cookie will be stored in your browser, which prevents Matomo from storing usage data. If you delete your cookies, the Matomo opt-out cookie will also be deleted. The opt-out must be reactivated when you visit this website again.

III. Transfer of data to third parties and processors

In individual cases, it may happen that we pass on your personal data (to processors or third parties), transmit it to them or otherwise grant them access to the data. Such transfer or transmission of your personal data will only take place in the cases mentioned above in this data protection declaration under I. 4.

If we commission third parties to process personal data, this will only take place within the framework of a GDPR-compliant order processing on the basis of a so-called “order processing contract”. The legal basis for data processing in the case of order processing is Art. 28 GDPR.

IV. Rights of the data subject

If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following rights towards the person responsible:

1. Right to information according to Art. 15 GDPR

You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us.

If such processing occurs, you can request information from the person responsible about the following information:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;

(4) the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or deletion of personal data concerning you, a right to restrict processing by the controller or a right to object to this processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information about the origin of the data if the personal data is not collected from the data subject;

(8) the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

 

2. Right to correction according to Art. 16 GDPR

You have the right to request correction and/or completion from the person responsible if the personal data processed concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

 

3. Right to deletion according to Art. 17 GDPR (“Right to be forgotten”)

a) Obligation to delete

You can request that the person responsible delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing was based in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a GDPR and there is no other legal basis for the processing.

(3) You object to the processing in accordance with Article 21 Paragraph 1 of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 Paragraph 2 of the GDPR.

(4) The personal data concerning you were processed unlawfully.

(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.

(6) The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.

b) Information to third parties

If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 Para. 1 GDPR, he will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to ensure that the person responsible for data processing to inform those processing the personal data that you, as the data subject, have requested them to delete all links to that personal data or copies or replications of that personal data.

c) Exceptions

There is no right to deletion if processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller became;

(3) for reasons of public interest in the area of public health in accordance with Article 9 Paragraph 2 Letters h and i and Article 9 Paragraph 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the law referred to in section a) is likely to make the achievement of the objectives of this processing impossible or seriously impair it, or

(5) to assert, exercise or defend legal claims.

 

4. Right to restriction of processing according to Art. 18 GDPR

You can request the restriction of the processing of personal data concerning you under the following conditions:

(1) if you dispute the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;

(3) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or

(4) if you have lodged an objection to the processing in accordance with Article 21 Para. 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.

 

5. Right to information (duty to notify) according to Art. 19 GDPR

If you have asserted the right to rectification, deletion or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion of the data or restriction of processing, unless: this turns out to be impossible or involves disproportionate effort.

You have the right to be informed about these recipients by the person responsible.

 

6. Right to data portability according to Art. 20 GDPR

You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that

(1) the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and

(2) the processing takes place using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, to the extent that this is technically feasible. The freedoms and rights of other people must not be impaired by this.

The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

7. Right to object according to Art. 21 GDPR

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR; This also applies to profiling based on these provisions.

The person responsible will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.

If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes.

In connection with the use of information society services - regardless of Directive 2002/58/EC - you have the opportunity to exercise your right to object using automated procedures that use technical specifications.

To exercise your right to object, it is sufficient if you send us an email to the following email address:

datenschutz@klinikum-bremerhaven.de

 

8. Right to revoke the data protection declaration of consent in accordance with Section 7 Paragraph 3 GDPR

You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation.

To exercise your right to object, it is sufficient if you send us an email to the following email address:

datenschutz@klinikum-bremerhaven.de

 

9. Automated decision-making in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or fulfillment of a contract between you and the person responsible,

(2) is permitted by Union or Member State law to which the controller is subject and such law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests or

(3) takes place with your express consent.

However, these decisions may not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 Letters a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests .

With regard to the cases mentioned in (1) and (3), the controller shall take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express one's own point of view and heard to challenge the decision.

 

10. Right to complain to a supervisory authority in accordance with Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you is contrary to violates the GDPR.

The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

V. Data security

We use appropriate technical and organizational security measures to protect your data against intentional but also accidental manipulation by third parties, partial or complete loss, destruction or against unauthorized access by third parties. We attach great importance to constantly adapting and further developing the security measures we use to the state of the art.