The protection of your personal data is very important to D4L data4life gGmbH (in the following “Data4Life”, “we”, “our” and “us”). We treat this topic with a great deal of care and therefore inform you in the following about the handling of your personal data when visiting our website data4life.care.
Personal data means any information relating to an identified or identifiable natural person, such as name, address and email address.
1. Controller and data protection officer
The responsible controller according to Art. 4 para. 7 of the General Data Protection Regulation (GDPR) is D4L data4life gGmbH, c/o Digital Health Cluster (DHC) im Hasso-Plattner-Institut (HPI), Rudolf-Breitscheid-Straße 187, 14482 Potsdam, Germany, email@example.com.
You can reach our data protection officer at firstname.lastname@example.org or our postal address by writing to the attention of "The data protection officer".
2. Purpose and legal basis for the processing of personal data
a. When visiting our website
When you visit the website data4life.care, the following data is automatically transferred to the web server of Data4Life:
- IP address of the device used for the retrieval
- Web address (URL) of the page from which the file was requested (referrer)
- Date and time of the request
- Amount of data transmitted
- Description of the type of web browser used
The processing of this data, which contains a (pseudonymized) personal reference via the IP address, is technically necessary and is carried out in order to provide you with the Data4Life offering. The legal basis for the aforementioned processing is Art. 6 para. 1 sentence 1 lit. b GDPR (processing is necessary for the fulfillment of a contract with the data subject).
To avert threats to the security of Data4Life’s infrastructure and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack, e.g. in a DDOS attack, the data mentioned above is generally stored in log files for a period of two days. In the event of an attack, log data is retained for the purpose of preserving evidence until the respective incident has been resolved. The legal basis of this processing is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to safeguard the legitimate interests of the controller). Data4Life’s legitimate interest is to provide sufficient security and stability to our web servers.
When you contact us via one of our contact options, for example, email, post, or telephone, we process the data you provide (for example your email address and the content of your enquiry) necessary for us to answer your question. If your enquiry contains optional personal data, e.g. your name, we will process that data in order to provide improved support. The legal basis for this collection of data is Art. 6 para. 1 sentence 1 lit. b GDPR (processing is necessary for the fulfillment of a contract with the data subject) when we are in the process of entering into or already have a contractual relationship. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to safeguard the legitimate interests of the controller) if we do not have or do not plan a contractual relationship, e.g., when the contact is of a general nature. Our legitimate interest in the latter case is to answer your inquiry by providing appropriate and useful information.
We anonymize the data arising in this context after the storage is no longer necessary (usually four weeks after we fully answered your request), or restrict the processing if there are legal storage obligations. The legal basis for the processing described above is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to safeguard the legitimate interests of the controller). Data4Life has a legitimate interest in collecting key performance indicators as part of a quality management system for continuous improvement of the services offered. For this purpose, we systematically evaluate the number of contacts and the reasons for them, the processing time of inquiries and other key figures.
3. Recipients or categories of recipients
For the purpose of providing the necessary server infrastructure to run our website and enabling faster loading speeds of our website we use the service IONOS Deploy Now from IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR with IONOS.
For the purpose of sending you emails, for example, for account registration your email address will be disclosed to Flowmailer BV, Van Nelleweg 1, 3044 BC, Rotterdam, The Netherlands, who support us as data processors. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR with Flowmailer.
For the purpose of facilitating email communication for customer support, contact emails (see section “2 c. Support/Contact”) and contacting you regarding your user feedback Data4Life discloses contact information and content data, e.g. email contents, to our mail service provider Heinlein Hosting GmbH, Schwedter Straße 9a, 10119 Berlin, Germany. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR with Heinlein Hosting.
For the purpose of facilitating email communication for general requests and communication through email addresses with the ".care" domain extension, Data4Life uses Google Workspace provided by our data processor Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google processes your contact information, for example, email address and the content of your email. Google stores your personal data on servers based in the European Economic Area (EEA). However, we cannot exclude that Google accesses and therefore transfers your personal data to the United States. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR and EU standard contractual clauses with Google.
For the purpose of managing contact and support requests and user feedback we disclose the feedback content, contact information and email content to our processor Zammad GmbH, Marienstraße 18, 10117 Berlin, Germany. We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR with Zammad.
In all of the above mentioned cases, D4L data4life gGmbH remains responsible for the processing of personal data.
4. Social media pages of Data4Life
In the following, we inform you about the handling of your personal data when visiting the social media pages of Data4Life on Facebook, Twitter, LinkedIn and Instagram. The processing of your personal data is carried out on the one hand by Data4Life and on the other hand by the respective social media platform.
a. Processing by Data4Life
As the operator of a social media site, we process the content you share on our sites, e.g. via posts, comments, direct messages, etc. In addition, we process the data from the stored information of your publicly viewable profile, e.g. your profile picture and name, if you leave a comment on one of our pages. We would like to point out that you should never share sensitive personal data, e.g. health data, with us via social media sites, as this simultaneously involves a transfer of the data to the respective social media platforms and the data may be transferred to unsafe third countries outside the European Union. The purposes of processing your profile and content data on our social media pages are the external presentation of Data4Life and the provision of a contact opportunity with customers, partners and interested persons who want to learn more about Data4Life. The legal basis for the described processing activity is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to protect the legitimate interests of the controller). Our legitimate interest is to improve the user experience of our social media pages.
Data4Life uses the usage statistics provided by the operators of the social networks to improve the user experience when visiting our social media sites. This includes, but is not limited to, data such as the number and duration of your visits to the social media site, your interactions with us regarding our posts, and personal information such as your age, gender, and interests. We do not have access to the usage data used to compile these statistics. The legal basis for the described processing activity is Art. 6 para. 1 sentence 1 lit. f GDPR (processing is necessary to protect the legitimate interests of the controller). Our legitimate interest is to improve the user experience of our social media pages.
b. Processing by the social media platforms.
The extent of the processing of personal data depends on the respective operator of the social network, may therefore differ and is not necessarily comprehensible to us. The details about the collection and storage as well as the type, scope and purpose of the use of your data by the operator can be found in the privacy statements of the respective operator:
- Facebook: https://de-de.facebook.com/about/privacy
- Twitter: https://twitter.com/de/privacy
- Instagram: https://help.instagram.com/519522125107875
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
The operators bear the primary responsibility for data processing on Data4Life social media pages. We therefore recommend that you assert your data subject rights directly with the respective operators. Alternatively, we will be happy to help you influence the data subject rights process of the social media platforms in exercising your rights, taking into account our options.
c. Notice regarding joint responsibility for data processing when operating the Data4Life Fanpage on Facebook.
Data4Life and Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (hereinafter: "Facebook") are jointly responsible for the processing of personal data of visitors to our Facebook Fanpage. When you visit the Data4Life Fanpage, Facebook collects information as described in Facebook’s data policy under "What kinds of information do we collect?".
The specific data processing depends on your particular use of the Facebook Fanpage, such as the types of content you view or interact with, or the actions you take (see under "Things you and others do and provide" in Facebook’s data policy), as well as information about the devices you use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under "Device Information" in Facebook’s data policy).
As explained in Facebook's data policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, called Page Insights, to Page operators to provide them with insights about how you interact with Facebook Pages and with connected content. The processing of personal data for Page Insights is subject to the Shared Responsibility Agreement (Page Insights Supplement Regarding Controller).
5. Your rights
You have the following rights with regard to personal data related to you:
- Right of access (Art. 15 GDPR),
- Right to rectification (Art. 16 GDPR),
- Right to erasure (Art. 17 GDPR, “right to be forgotten”),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object to processing (Art. 21 GDPR),
- Right to data portability (Art. 20 GDPR).
You also have the right to complain to a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement if you consider that the processing of personal data related to you is unlawful. The supervisory authority responsible for us is:
Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht
Stahnsdorfer Damm 77
Telephone: 0049 (0)33203/356-0
Telefax: 0049 (0)33203/356-49
If you have given us consent to the processing of your data, you can revoke it at any time with effect for the future. The lawfulness of processing your data until revocation remains unaffected by this. For the assertion of your rights or if you have any other data protection concerns, you can contact us at any time via the contact details listed in section 1 above and/or in our imprint.
6. Additional information on your right of objection
Please note that if your personal data is processed on the basis of a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and/or if your personal data is processed for the purposes of direct marketing, you have the right to object to the processing of your personal data at any time.
Last updated: November 2023