This website is also available in: de

Privacy Police

Data protection information applying to www.ndera-pfk.com

When you visit our website, we collect, process and store various so-called personal data, e.g. your IP address. By the EU General Data Protection Regulation (hereinafter called „GDPR“ for short) we are bound to take the appropriate measures and inform you. 

Our data protection information comprises the following information:

A. Our contact data

A.1. Name and contact data of the responsible person
A.2. Contact data of
the data protection officer

B. Details about the processing of your data
B.1. Contact form, e-mail contact, fax transmission and phone call
B.2. Processing when you visit our website
B.3. Backup
B.4. Cookies

C. Your rights as a data subject
C.1. Right to information
C.2. Right to correction
C.3. Right to deletion
C.4. Right to revocation in case of a processing based on a legitimate interest
C.5. Right to revoke consent given
C.6. Right to restrict processing
C.7. Right to notification
C.8. Right to data portability
C.9. Automated decision-making, including profiling
C.10. Voluntary nature of the data provision
C.11. Right to file a
complaint with a supervisory authority

A. Our contact data

A.1. Name and contact data of the responsible person

The responsible person pursuant to the data protection law is:

Pfalzklinikum AdöR
Weinstraße 100
D-76889 Klingenmünster
Phone: 0049 6349 900-0
Fax: 0049 6349 900-1099
info@pfalzklinikum.de
www.pfalzklinikum.de 

Pfalzklinikum is a public-law institution.
Its bodies are the administrative board and the chief executive officer.

Chairman of the administrative board: Theo Wieder, president of the Bezirkstag Pfalz, the district council of the Palatinate

Chief Executive Officer: Paul Bomke

A.2. Contact data of the data protection officer

You can contact our data protection officer, Hans-Jürgen Küster, by e-mail (hans-juergen.kuester@pfalzklinikum.de) or by phone (0049 6349 900-1200).

B. Details about the processing of your data

B.1. Establishing contact via contact form, e-mail, fax or phone

B.1.a.)  General information about the use of the contact form or e-mail contact, fax transmissions or phone calls:

If you complete the contact form, we collect the following data:
•    your name (*),
•    your e-mail address (*),
•    your message (*).

For all transmittals you must provide the data marked with an asterix (*) so that we can send you a reply and know who actually wants to establish contact with us.

Alternatively, you can contact us via the provided e-mail address, fax number or phone number. In this case, we store your personal data transmitted by e-mail, fax or phone.

By the way, please also consider the information provided in Section B.2 regarding our website in general.

B.1.b.) Purposes of data processing when you use the contact form or the e-mail contact, transmit a fax or call us:

Processing your personal data from the input mask only serves to process your contacting and treat your request. This also holds true if you send us an e-mail, transmit a fax or call us.

Possibly your request can also lead to a specific contract or an advertising offer.

B.1.c.) Legal basis for data processing when you use the contact form or the e-mail contact, transmit a fax or call us: 

In case of requests via the contact form, e-mail, fax or phone the legal basis for data processing is our legitimate interest to process data pursuant to Article 6(1)(f) GDPR to be able to reply to your request and to treat it at all.

We need your e-mail address, your fax number, your phone number or your post address to be in a position to answer at all
. 

If your request is aimed at a contract conclusion, an offer or the like, the legal basis is Article 6(1)(b) GDPR (contract fulfilment).


B.1.d.) Dissemination of data when y
ou use the contact form or the e-mail contact, transmit a fax or call us:

Data you entered in a form is sent to us by e-mail once you click on the sent button and is only stored on our e-mail server. The mails are stored by our provider, Strato AG, in Germany on German servers pursuant to the legal data protection guidelines. This also holds true for e-mails you send to us directly, i.e. without using the contact form.

Otherwise there is no dissemination of data to third parties. An exception is made only if there is a legal disclosure obligation. 

B.1.e.) Retention period when you use the contact form or e-mail contact, send us a fax or call us:

The data is deleted as soon as it is no longer required to achieve the purpose it was initially collected for.

In so far as your establishing contact with us led only to a non-contractual conversation, the purpose is achieved as soon as the conversation is terminated and it is excluded that the conversation indicates a forthcoming contract conclusion or possible contractual warranty or liability claims. Then, we delete the data upon expiry of a waiting period of max. 4 weeks after the end of the conversation.

Fax data is stored in the memory of the device separately from print data. After printing the fax, the occupied storage space is released again so that the next fax can be received and stored there.
Parts of the fax can temporarily remain in the storage of the device after the printout until they are overwritten by the next fax received. As a rule, this results in an automatic deletion of the data after 1 week. If the „transmission report with printout of the first page“ is activated by us, this transmission report incl. the printout of the first page transmitted will temporarily remain in the storage of the device until overwritten/deleted by the next transmission report, by disconnecting the device from the electric power supply for several days or by resetting it.

In case of an inbound or outbound telephone call at our company  your telephone number or your name/company name stored with your telephone provider/company as well as the date and time of your call is stored in our telephone system in a so-called ring buffer overwriting the oldest data by new data. As a rule, data in the telephone system is automatically deleted after 3 months at the latest.

B.1.f.) Possibility of objection and elimination when you use the contact form or the e-mail contact, transmit a fax or call us:

As far as we refer to the legitimate interest, you have the right to make a complaint with us regarding the processing of your personal data at any time for reasons arising from your special situation. Unless we can prove compelling, protection-worthy reasons for the further processing outweighing your interests, rights and freedoms, we will no longer process your data (see Art.  21 GDPR). For this purpose, you can contact us by post or e-mail (see Section A.). However, the objection will terminate our conversation, too.

All personal data stored in the context of establishing contact will be deleted in this case as far as it is excluded that the conversation gives us indications for possible contractual warranty or liability claims or if we have no claims against you. In all other cases, the data is blocked so that only our management has access to this data for the sole reason of a legal retention obligation or for defending or asserting real or possible claims until expiry of the limitation period (see above our information about the period of retention).

B.2. Processing when you visit our website:

Herewith, we inform you about several data processing procedures taking place when you visit our website.

 
B.2.a.) General information about a visit to our website:

When you visit our website, even without entering data in a web form,  we, for technical reasons, collect the following data:
•    date and time of access (time stamp),
•    URL (address) of the referring website (referrer),
•    accessed websites (path of the destination address),
•    file(s) viewed and report on successful viewing,
•    amount of data sent,
•    your browser, browser type and browser version, browser engine and engine version,
•    your operating system, operating system version, operating system type,
•    your anonymized IP address and the internet-service provider.

This data is processed separately from other data. Processing of this data together with other personal data provided by you is not effected. Allocation of this data to a certain person is not possible for us.


B.2.b.) Purpose of data processing when you visit our website:

The temporary processing of data by the system is required for the contents of our website to be delivered to your computer. For this purpose, your IP address has to be stored for the duration of the session. The storage in logfiles is effected to ensure the functionality of the website. Furthermore, we use the data to optimize our services and website and guarantee the security of our information technology systems. An analysis of the data for marketing purposes is not done in this context.

B.2.c.) Legal basis for data processing when you visit our website:

The temporary storage of the data and logfiles is effected on the legal basis of Article 6(1)(f) GDPR. Our overriding legitimate interest in this data processing is found in the above-mentioned purposes. With our provider we concluded an order processing contract (see Article 28 GDPR).

B.2.d.) Dissemination of data when you visit our website:

As an order processor pursuant to Art. 28 GDPR, our IT service provider has an admin access to our website. We concluded an order processing contract with him.

The data collected by us when you visit our website is collected and stored by our provider (Strato AG) in the context of an order processing (see Art. 28 GDPR).

Otherwise, no data is disseminated. An exception is made if there is a legal disclosure obligation.

B.2.e.) Retention period when you visit our website:

The data is deleted as soon as it is no longer required to achieve the purpose it was initially collected for. In case of data collection for the provision of the website this is the case when the respective session expires. In case of data storage in logfiles this is the case after 7 days at the latest. A storage exceeding this period is possible. In this case, however, your IP address is deleted or distorted so that an allocation of the viewing client is no longer possible.

B.2.f.) Possibility of objection and elimination when you visit our website:

The gathering of the data for the provision of the website and the storage of the data in logfiles is mandatory for the operation of the website. Consequently, you have no possibility to object at this point. However, you can stop using our website at any time and, thus, prevent further processing of the mentioned data.  


B.2.g.) Use of
the WPML plugin for multilingual websites

We use the WordPress multilingual (WPML) plugin by OnTheGoSystems Limited 22/F 3 Lockhart Road, Wanchai Hong Kong to enable the display of the website in several languages.

According to the manufacturer’s information, the plugin is in compliance with the data protection guidelines. No personal data is processed from or via the plugin.

You can find the manufacturer’s data protection details and other information regarding GDPR compliance here: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/

B.3. Backup

We use a backup solution for the data of our web server.

B.3.a) General information

For regular backup of all data on the webserver, including personal data, we use a plugin called Updraft Plus by Simba Hosting Ltd, UK, company number 08570611 from Great Britain.

However, the plugin itself only administrates these backups. A transmission of data to the provider does not take place.

The backup data is transmitted via the plugin directly to the server of our IT service provider.

B.3.b) Purpose of data processing

The purpose of the mentioned data processing is to protect the data on the webserver from being lost, misused or destroyed. Furthermore, the regular data backup aims at maintaining the security and integrity of our systems and the quick possibility to recover this data.

B.3.c.) Legal basis for data processing: 

The legal basis for the processing of personal data when using cookies is Art. 6(1)(f) GDPR, i.e. a legitimate interest from our part. Our legitimate interest is justified by the above-mentioned purposes. 

B.3.d.) Retention period: 

Saved data is regularly overwritten by newer backups and, thus, irretrievably deleted. Otherwise the saved data is saved for as long as the data being legally on our web server in the original. The backup data is also deleted from the backup with the next backup taking place upon data deletion on the webserver. In case of a request for deletion or the like we also delete the corresponding backup data.

B.4.e.) Possibility of objection and elimination: 

Data backup for a quick recovery is mandatory for the operation of the website. Therefore, you have no possibility to lodge an objection here. However, you can terminate the use of our website at any time and, thus, prevent further processing of the mentioned data or you can substantially reduce or perhaps completely prevent data processing on the webserver itself and, thus, also on the backup by a data-minimizing use. 

B.4. Cookies

B.4.a.) General information about cookies

If you open single pages, we will use so-called cookies, small text files stored on the user’s  terminal (PC, smartphone, tablet computer, etc.). So, if you open our website, a cookie can be stored on your operating system. This cookie comprises a characteristic sequence of characters facilitating a clear browser identification when re-opening the website. 

We only use cookies to make our website more user-friendly. For some elements of our website it is required that the requesting browser can also be identified after changing a page. In the cookies the following data is stored and transmitted:
•    language settings,
•    log-in information.

Moreover, our WordPress content management system uses technically required cookies to enable functions such as logging in the administrator area or, if applicable, writing and posting of comments for registered visitors (if activated by us). The setting of cookies is required to recognize logged-in visitors. 

We do not use cookies enabling an analysis of the users‘ surfing behaviour.

B.4.b.) Purpose of data processing through cookies: 

The purpose of using technically required cookies is to make the use of websites easier for you. Some functions of our webpage cannot be provided without the use of cookies. For these functions it is necessary that the browser is recognized after changing the page.


The user data collected by technically required cookies is not employed to create user profiles.


B.4.c.) Legal basis for data processing: 

The legal basis for processing personal data by means of cookies is Art. 6(1)(f) GDPR, i.e. a legitimate interest from our part. Our legitimate interest is justified by the above-mentioned purposes. 


B.4.d.)
Retention period: 

The cookies used by us are deleted after the expiry of the browser session, i.e. after closing your browser (so-called session cookies).

B.4.e.) Possibility of objection and elimination:

Your computer stores cookies and transmits them to our website. Consequently, you are in full control of the use of cookies. By modifying the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be automated

Note: If cookies for our website are deactivated, it may occur that not all functions of the website can be used to their full extent any longer. 

C. Your rights as a data subject

If personal data related to you is processed, you are a „data subject“ and have the following rights against us as the responsible person (for our contact details see above Section A.): 

C.1. Right to information

You have a right to receive a confirmation, free of charge, whether we process personal data related to you. If this is the case, you have the right to be informed about this personal data and other details specified in Art. 15 GDPR. For this purpose, you can contact us by post or e-mail (see above Section A.). 

C.2. Right to correction

You have the right to request us to immediately rectify incorrect personal data related to you. Furthermore, you have the right, considering the above-mentioned purposes of processing, to demand the completion of incomplete personal data, also by means of a complementary statement. For this purpose, you can contact us by post or e-mail (see above Section A.). 

C.3. Right to deletion

You have the right to demand the immediate deletion of personal data related to you if any of the pre-requisites specified in Art. 17 GDPR applies. For this purpose, you can contact us by post or e-mail (see above Section A.). The legal consequences are described in the respective processing procedures in Section B. 

C.4. Right to revocation in case of a processing based on a legitimate interest

In so far as we process your data on the basis of Art. 6(1)(f) GDPR (i.e. based on our legitimate interest), you have the right, at any time, to lodge an objection with us to the processing of your personal data for reasons arising from your special situation.  Unless we can prove compelling, protection-worthy reasons for the further processing outweighing your interests, rights and freedoms or if we process the respective data for direct advertising, we will no longer process your data (see Art. 21 GDPR). For this purpose, you can contact us by post or e-mail. A technical procedure used by you resp. an unambiguous technical information transmitted to us by your web browser  („do not track“ message) is also deemed a revocation to this end. 

C.5. Right to revoke consent given

You have the right, at any time, to revoke your consent given for the collection and use of personal data with future effect. For this purpose, you can contact us by post or e-mail (see above Section A.). The legality of the processing carried out until revocation due to the consent given is not affected. 

C.6. Right to restrict processing

You have the right to require us to restrict the processing if any of the prerequisites specified in Art. 18 GDPR applies. For this purpose, you can contact us by post or e-mail (see above Section A.). 

C.7. Right to notification

If you exercise the right to correction, deletion or restriction of processing, we will be obliged to inform all recipients to whom we revealed your personal data about the correction or deletion of the data or the restriction of processing unless this proves to be impossible or involves disproportionate effort. You have the right to be notified of these recipients by us. 

C.8. Right to data portability 

You have the right to obtain the personal data related to you and provided by you in a structured, widely used and machine-readable format and you have the right to transmit this data to another responsible person without being impeded by us if the prerequisites specified in Art. 20 GDPR apply. For this purpose, you can contact us by post or e-mail (see above Section A.). 

C.9. Automated decision-making, including profiling

An automated decision-making by us is not effected. 

C.10. Voluntary nature of data provision

In our different services we specified which data is voluntary and which data you are obliged to provide. 

C.11. Right to file a complaint with a supervisory authority

At any time, without prejudice to any right, you have the right to file a complaint with a supervisory authority for data protection, especially in the member country of your place of residence, your work place or the place of presumed breach if you think that the processing of personal data related to you violates the data protection law.

Data protection information as of February 13, 2019.