OncologyInformationService
Real World Databases
Evidence based Healthcare and Market Research

Data Protection

Privacy Notice

We are pleased about your interest in our company and our services and we would like you to feel safe when visiting our Internet pages with regard to the protection of your personal data. We want you to know what data we store, when we store them and how we use them. We are subject to the provisions of the European Data Protection Regulation (GDPR) as well as the supplementary regulations of the Federal Data Protection Act (BDSG). We have taken appropriate technical and organizational measures to ensure that the data protection regulations are observed by both us and service providers commissioned by us.

This privacy notice applies to our online offerings. This includes our websites, their functions and contents as well as external online presences, such as our social media sites. This general privacy notice also serves to inform you about further processing of your personal data and our fulfilment of the information obligations toward you.

The terms used in these privacy notices, such as the person responsible or personal data, are used in accordance with the definitions of the GDPR. For reasons of legibility and thus also in the sense of a comprehensible information transfer, the reference to individual articles, paragraphs or the like is generally omitted.

Responsible

Responsible in the sense of the GDPR and other national data protection laws of the member states as well as other data protection regulations is the

OncologyInformationService e.K.

Owner: Lenka Kellermann

Kaiser-Joseph-Str. 271

79098 Freiburg i. Br.

Germany

Website: https://oncologyinformationservice.com/

Phone: +49 761 – 38 39 94 – 0

Email: info@oncologyinformationservice.com

Data Protection Officer

The person responsible has appointed a data protection officer. His contact details are

datenschutz@oncologyinformationservice.com

You can always contact our data protection officer directly if you have any questions regarding data protection or the enforcement of your rights listed below.

General Information on Data Processing

Legal Basis for the Processing of Personal Data

Within the framework of the data protection regulations, processing of personal data is not permitted in principle, unless there is a legally permissible reason. We are obliged to inform you about the legal bases of data processing.

As far as we obtain your consent for the processing of personal data, this serves as a legal basis.

The processing of personal data necessary for the performance of a contract of which you are a contracting party; the fulfilment of the contract serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.

Insofar that processing of personal data is necessary to fulfil a legal obligation to which we are subject, this serves as a legal basis.

In the event that vital interests of the data subject or any other natural person require the processing of personal data, this serves as a legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and these interests, do not override your fundamental rights and freedoms, this serves as the legal basis for the processing.

Data Transfer to Third Countries

The GDPR ensures a uniformly high level of data protection within the European Union (EU) and the European Economic Area (EEA). When selecting our service providers and cooperation partners, we therefore prefer European partners whenever possible, if your personal data is to be processed.

If we have your data processed in a third country – i.e. outside the EU/EEA – this is always done in accordance with the legal requirements.

In addition to your explicit consent or contractually or legally required transfer, we only have your data processed in third countries with a recognized level of data protection, by a contractual obligation through so-called standard contractual clauses of the EU Commission, in the event of certification or binding internal data protection regulations.

Existence of Automated Decision-Making

We do not make any automatic decision-making.

Recipients of Data / Categories of Recipients

Within our company, we ensure that only those persons receive your data who need them to fulfill contractual and legal obligations.

In some cases, we use carefully selected external service providers to process your data. Should data be passed on to service providers within the framework of so-called order processing, this is done within the framework of data protection regulations. Our order processors are carefully selected bound by our instructions and are checked at regular intervals. We only commission processors who provide sufficient guarantees that appropriate technical and organizational measures are taken in such a way that the processing is carried out in accordance with the requirements of GDPR and BDSG and ensures the protection of your rights.

Disclosure of Personal Data to Third Parties

In principle, we do not pass on any personal data to third parties without your express consent. If we nevertheless disclose your data to third parties during the processing, transfer it to them or grant them other access to the data, this also takes place exclusively on the basis of one of the aforementioned legal bases.

For example, we transmit data to payment service providers or suppliers if this is necessary for the performance of the contract. If we are required to do so by law or by court order, we must transfer your data to the relevant authorities entitled to information.

Use of Our Online Offer

In principle, you can use our online offer without disclosing your identity. In this section we will explain to you when and in which context we process data when using our online offers, which offers from service providers we have implemented, how these work and what happens with your data.

Children

As a rule, our offer is aimed at adults. Persons under the age of 16 may not transmit any personal data to us without the consent of their parents or legal guardians.

Transport Encryption

In order to protect your transmitted data in the best possible way, we use a so-called transport encryption. In order to ensure the security of your data during the transmission process, we use an SSL/TLS encryption method according to the latest state of the art technology.

Data Collection when Visiting our Websites

If you use our websites for information purposes only, i.e. you do not register for an offer, enter into a contract with us or otherwise disclose information to us, we only collect the personal data that your browser transmits to our servers.

When we visit our websites, we collect the following data, which is technically necessary for us to be able to display our websites to you and to ensure stability and security:

  • IP address of the visitor
  • Date and time of the request
  • Content of the request (specific page)
  • Access Status/HTTP Status Code
  • Quantity of data transferred
  • Web site from which the request comes
  • Operating system of the visitor
  • Language and version of the browser software.

This data is temporarily stored in the log files of our provider for a maximum of eight weeks. Storage beyond this is possible, but in this case the IP addresses are shortened or distorted so that the calling client can no longer be assigned. The log files are not stored together with other personal data relating to you in this context. The legal basis for these processing operations is our legitimate interest.

As the collection of data for the display of the websites and the storage of data in log files is absolutely necessary for the operation of our websites and the maintenance of IT security, you have no right of objection in this respect.

Inquiries to us

If you make a request to us via our website – for example by using the contact form – your personal data will be processed in order to answer your request.

Use of Cookies

General information on the use of cookies

In addition to the above mentioned data, when using our websites, cookies are stored on your end device when you visit our websites. Cookies are data records that can be sent to the browser by a website and are stored and returned by the browser. Cookies can store different information that is read by the entity that sets the cookie. They typically contain a characteristic string (ID) that uniquely identifies the browser when you return to the site or switch pages. They are primarily used to make our online offers more user-friendly and effective. The data collected by users in cookies are pseudonymised by technical measures. It is therefore no longer possible to assign the data to the calling user. If there is an identifiability, such as in the case of a login cookie, whose session ID is necessarily linked to the user’s account, we would like to point this out at the appropriate place.

The data processed by the cookies, which are required for the proper functioning of the website, are therefore necessary for the protection of our legitimate interests.

Online Social Media Offers

We provide online offers on various platforms to provide information and to get in touch with you.

We have no influence on the processing of personal data by the respective platform operator. As a rule, when visiting our offers there, the platform operator stores cookies in your browser, in which your usage behaviour and your interests are stored for market research and advertising purposes.

Platform operators use the usage profiles gained in this way – usually across devices – to display you personalized advertising. Data processing may also affect persons who are not registered as users on the respective platform. In some circumstances, your data may be processed outside the European Union, which may make it difficult to enforce your rights. However, when selecting such platforms, we make sure that the operators undertake to comply with EU data protection standards.

The processing of your personal data when visiting one of our social media offers is based on our legitimate interests in a diverse external representation of our company and the use of an effective information opportunity as well as the communication with you.

Detailed information about data processing in connection with the use of our offers on these platforms, the possibility of objection and the assertion of access rights can be obtained from the privacy notice of the respective platform operator.

Facebook

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Agreement on the joint processing of personal data in accordance with the provisions of the GDPR.

Vendor’s Privacy Notice

LinkedIn

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Agreement on the joint processing of personal data in accordance with the provisions of the GDPR.

Vendor’s Privacy Notice

Commercial and Business Services

We process data of our contractual and business partners, e.g. suppliers, customers and interested parties (hereinafter-referred to as business partners) within the scope of contractual or comparable legal relationships as well as related measures and within the scope of communication with our business partners.

We process this data for the purpose of fulfilling our contractual obligations, securing our rights and for the purposes of the related administrative tasks as well as for our business organization. We only pass on the data of our business partners to third parties within the framework of the applicable law, as required for the above purposes or for the fulfilment of legal obligations or with the consent of the data subjects (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the scope of this privacy notice.

We will inform our business partners about the data required for these purposes before or during the data collection or personally.

Data Deletion and Storage Time

As soon as the purpose for processing is omitted, we delete or block your personal data. Beyond this period, however, a storage may take place if this is necessary by legal regulations to which we are subject. This applies above all to data that must be retained for legal reasons of archiving (e.g. for commercial law reasons usually for 6 years or for tax law reasons usually for 10 years).

Processed Data:

Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices), contact data (e.g. email, telephone numbers), contract data (e.g. subject matter of contract, term).

Purposes of Processing:

Providing contractual services and customer service, contact requests and communication, internal organizational procedures, managing and responding to inquiries.

Legal Basis:

Contract Performance/Pre-contractual Inquiries, Legal Obligation, Legitimate Interests.

Applications

In the context of an application to us, the data you provide – such as your contact details and qualifications – will be used exclusively for the processing of the application process.

Your data will be passed on internally to the responsible department managers. We process your personal data for the purpose of your application for an employment relationship, to the extent that this is necessary for the decision to establish an employment relationship with us.

Furthermore, we can process personal data about you, as far as this is necessary for the defense of asserted legal claims from the application process against us.

Your data will be deleted 6 months after the application procedure has been completed, unless otherwise agreed with the applicant (see also admission to the applicant pool). If your application is followed by the conclusion of an employment contract, the data will be included in the personnel file.

How Long is Your Data Stored?

We store your personal data for as long as this is necessary for the decision about your application. If an employment relationship between you and us does not arise, we can also continue to store data, as far as this is necessary for the defense against possible legal claims. The application documents will be deleted 6 months after the announcement of the cancellation decision, unless a longer storage period is required due to legal disputes.

Inclusion in the Applicant Pool

If we currently do not have a suitable job for you – for example within the scope of an unsolicited application – we would be happy to include your application in our applicant pool. However, this requires your consent, which we will ask you for in such a case.

If your application documents are not used by us in the applicant pool within one year, your application documents will be deleted automatically.

No Automated Decision Making

There is no automated decision in individual cases. This means that the decision on your application is not based exclusively on automated processing.

Your Data Subject Rights

As a data subject, you are entitled to various rights about which we would like to inform you in the following. Depending on the reason and type of processing of your personal data, you are entitled to the rights described in the following sections.

Your Right of Access

As a data subject, you have the right to know from us whether we process personal data from you and – if this is the case – which personal data we process from you.

You also have the right to ask us for a copy of your personal data, which is the subject of the processing.

Your Right of Rectification

You have the right to ask us immediately to correct any personal data that you consider to be incorrect.

You also have the right to ask us to complete any personal information you consider incomplete.

Your Right of Erasure (‘right to be forgotten’)

If the legal requirements are met, you can request the deletion of your personal data.

This is the case, for example, if we process your data on the basis of your consent and you revoke it.

However, we may not delete data, for example, if we have to store it due to legal retention periods. We will also not be able to comply with your request for deletion if we need to process your personal data for the purpose of asserting, exercising or defending legal claims.

Your Right to Restriction of Processing

Under certain conditions, you as the data subject have the right to request us to restrict the processing of your personal data.

One of these requirements is, for example, that you contest the accuracy of your personal data. Or even if we no longer need your personal data, but you need it to establish, exercise or defend legal claims.

Your Right of Objection

If we process your personal data on the basis of a legitimate interest, you have the right to object to this processing if this arises due to your particular personal situation.  However, this right of objection does not exist, if there is a compelling public interest in the processing which outweighs your interest, which requires us to process a legal provision or the processing serves to assert, exercise or defend legal claims.

If we process your personal data for direct marketing, then you have the right to object at any time to the processing for the purpose of such advertising. If you object to the processing for this purpose, your personal data will no longer be processed for this purpose.

If we process your data on the basis of your consent, you have the right to revoke your consent at any time with effect for the future. Your revocation does not affect the lawfulness of the processing carried out until the revocation.

Your Right of Data Portability

You have this right only with respect to personal data that you have provided to us. You have the right to request that we transfer this personal data directly to another controller.

Alternatively, you have the right to request that we provide you with your data in a machine-readable format. However, this only applies if we process your personal data on the basis of your consent or on the basis of a contract and the processing is carried out using automated processes.

Complaint to Supervisory Authority

You also have the right to lodge a complaint with a regulatory authority if you believe that the processing of personal data concerning you violates data protection regulations.

Revisions

This Privacy Notice will be amended from time to time. These amendments are made, for example, if changes occur due to technical progress, legal requirements or other factors.

Status: 13/06/2022