DE EN
Login NUM Hub login

Data protection information

The operator of this website for the National Research Network of University Medicine on Covid 19 ("Network University Medicine") takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations. We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

1. note on the person responsible

The controller responsible for data processing on this website is:
Charité - Universitätsmedizin Berlin (hereinafter also referred to as "we" or "us" or "controller")
Charitéplatz 1
10117 Berlin

2. data protection officer

If you have any questions about the processing of your personal data or your rights in relation to data protection, please contact
Data Protection at Charité - Universitätsmedizin Berlin
Charitéplatz 1
10117 Berlin
E-mail: datenschutz@charite.de

3 General data and information when visiting the Network University Medicine website

The Network University Medicine website operated by Charité collects a range of general data and information each time the website is accessed by a data subject. This general data and information is stored in the server log files and automatically transmitted to Charité by your browser. The following can be recorded

  • IP address;
  • Date and time of access to this website;
  • Time zone difference to Greenwich Mean Time (GMT);
  • Content of the request (specific page);
  • Access status/HTTP status code;
  • amount of data transferred in each case;
  • Website from which the request originates;
  • Browser type;
  • Operating system and its interface;
  • Language and version of the browser software;
  • the internet service provider of the accessing system and
  • other similar data and information used for security purposes in the event of attacks on our information technology systems.

The basis for data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, more precisely the provision of a functional website. This is also the purpose of processing the personal data shown above. The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of the storage of data in log files, this is the case after ninety days at the latest. Storage beyond this period is possible in anonymised form. In this case, the IP addresses are deleted or anonymised so that it is no longer possible to identify the accessing client.

The provision of data is neither legally nor contractually required. However, the collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Failure to provide personal data may result in disadvantages for you. For example, you may not be able to receive or use our services (e.g. you may not be able to access the website). However, unless otherwise stated, you will not suffer any legal disadvantages as a result of non-provision.

4. registration for the internal area

Only if you have a user account can you enter your user name and password in the input fields on this website and log in to the internal area. If you have forgotten your password, you can click on the "Forgot password" button. In this case, an automatic e-mail will be sent to the e-mail address you have provided. Please follow the instructions in the email to reset your password The processing of the above-mentioned data for the login and password reset is based on a free-of-charge user relationship for this website with the Charité (Art. 6 para. 1 lit. b GDPR).

The provision of your personal data is not required by law. However, the collection of your personal data for registration for the internal area is mandatory if you wish to gain access to the internal area of this website. If you do not provide personal data, you will not be able to access or use our services in the area for registered users (i.e. you will not be able to access the login area). However, unless otherwise stated, you will not suffer any legal disadvantages as a result of not providing your data.

We will delete your login data as soon as you close your user account with us. Premature deletion of your data is only possible insofar as contractual or legal obligations do not prevent deletion.

5. contact option

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. It is up to you which contact details you enter; these are not mandatory fields, but you must provide at least one contact option (address, telephone or e-mail) so that we can process your enquiry. We will not pass on the data you enter without your consent. If this is planned, we will ask for your consent beforehand.

The data entered in the contact form will be processed if you send us a contact request in order to process and respond to your enquiry. The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to respond to your enquiry. If the contact enquiry relates to an existing contract, the legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

We delete your personal data once we have finally processed your enquiry. This is usually the case when the conversation with you ends, unless we are obliged to keep it for longer in order to comply with our legal obligations. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. The additional personal data collected during the sending process will be deleted after a period of thirty days at the latest. The provision of personal data is neither legally nor contractually required. If you do not provide your data, we will not be able to (continue) the conversation with you.

6. cookies

This website uses cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. We use the following types of cookies: Cookies may be necessary for our website to function properly. By setting cookies, for example, we can recognise that you have logged in to our website (log-in cookie).

Cookies can also be used to analyse website usage. In this case, for example, it is determined how many users visit the website and where the website can possibly be improved. However, this analysis does not establish any connection between you and the statistics compiled on the basis of the data collected. If we use cookies to analyse the website, we will inform you about this. Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. Cookies that are required to carry out the electronic communication process or to provide the website are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free provision of our services. We use the data collected by cookies for as long as they are required for the respective stated purpose.

We use the following cookies on our website

Server-side session (PHPSESSID)
Explanation: Absolutely necessary cookies for displaying the page.
Lifetime: Only valid until the end of the browser session.

sMatomo session (_pk_ses*, _pk_id*)
Explanation: Collects information about usage behaviour and is used to improve user-friendliness and user experience.
Lifespan: Only applies until the end of the browser session.
Opt-out: You can deactivate the cookie in the following section "Use of Matomo".

Matomo Opt-Out (piwik_ignore)
Explanation: Corresponds to the "Do not track" flag of the browser
Lifetime: Only valid until the end of the browser session.

7. recipients of personal data

We will only pass on your personal data to service providers and other third parties within the framework of the applicable data protection laws.

a. Processor
Our website, and therefore your user account, is hosted and maintained by an external service provider: AmedickSommer Neue Medien GmbH, Charlottenstraße 29/31, 70182 Stuttgart, www.amedick-sommer.de. This service provider is subject to our instructions and is subject to strict contractual restrictions with regard to the processing of personal data. Accordingly, processing is only permitted to the extent necessary for the performance of services on our behalf or to comply with legal requirements.
b. Third parties

In addition, we may disclose your personal data,
a. if we are required to do so by law or court order,
b. to law enforcement authorities or other government agencies, or
c. if we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.

8. no data transfer to third countries

No personal data is transferred to countries outside the EU.

9. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

10 Your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the right to exercise your rights as a data subject. You have the following rights with regard to the processing of your personal data by us:

  • Right to revoke the declaration of consent under data protection law (Art. 7 para. 3 GDPR)
  • Right of access (Art. 15 GDPR);
  • Right to rectification (Art. 16 GDPR);
  • Right to erasure (Art. 17 GDPR);
  • Right to restriction of processing (Art. 18 GDPR);
  • Right to data portability (Art. 20 GDPR);
  • Right to object to processing (21 GDPR); and
  • Right to lodge a complaint with a supervisory authority (Art. 13 para. 2 lit. d GDPR).

a. Right to revoke the declaration of consent under data protection law
If the processing of your personal data is based on your consent, you have the right to revoke your declaration of consent under data protection law at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The revocation of your consent is described at the relevant points in this privacy policy and in the declaration of consent itself. Alternatively, you can withdraw your consent by sending us an email to: datenschutz@charite.de.

b. Right to information regarding processing
You can request information from us at any time within the framework of the statutory provisions as to whether personal data is being processed by us. If this is the case, you have the right to request information about the scope of the data processing.

c. Right to rectification
You have the right to obtain from Charité the rectification and/or completion of your data if the personal data processed concerning you is inaccurate or incomplete.

d. Right toerasure
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay where the conditions for this are met.

e. Right to restriction of processing
If the requirements for this are met, you can request the restriction of the processing of your personal data.
The right to erasure does not exist if the processing is necessary.

f. Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

g. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where the conditions for this are met.

h. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR. The consequence of the objection is that the controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Your right to object may be restricted to the extent that it is likely to render impossible or seriously impair the realisation of research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

i. Right to revoke the declaration of consent under data protection law
If you have submitted a declaration of consent under data protection law, you can revoke this at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

j. Automated decision in individual cases
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  • is necessary for the conclusion or fulfilment of a contract between you and the controller
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • with your express consent.

k. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR. The competent supervisory authority for data protection issues is the data protection officer of the federal state in which Charité is based.

Charité is based in Berlin. The competent supervisory authority is therefore:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin
E-Mail: mailbox@datenschutz-berlin.de

11. changes to our data protection information

Our data protection information may change from time to time to reflect any changes in our data protection practices. All important changes to the privacy policy will be displayed the next time you log in after the change and will also be clearly published on this website. The date of the last change will appear at the top of the information.

Customisation of data protection settings