Privacy policy

 

1. Introduction

With the following information, we would like to give you, as the "data subject," an overview of how we process your personal data and inform you of your rights under data protection laws. Generally, the use of our website is possible without providing personal data. However, if you wish to make use of special services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, or email address, is always in line with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to "WIG2 GmbH - Scientific Institute for Health Economics and Health Systems Research." This privacy policy informs you about the scope and purpose of the personal data we collect, use, and process.

As the data controller, we have implemented numerous technical and organizational measures to ensure the most comprehensive protection possible for personal data processed through this website. Nonetheless, internet-based data transmissions can generally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, such as by phone or postal service.

You can also take simple and easy-to-implement steps to protect your data from unauthorized third-party access. Here are some tips for securely handling your data:

• Protect your account (login, user, or customer account) and IT system (computer, laptop, tablet, or mobile device) with secure passwords.
• Only you should have access to your passwords.
• Ensure that you use your passwords only for a single account (login, user, or customer account).
• Do not reuse passwords for different websites, applications, or online services.
• Especially when using public or shared IT systems, always log out of each website, application, or online service after you finish using it.

Passwords should consist of at least 12 characters and be chosen in a way that they are not easy to guess. Therefore, avoid using common words, your own name, or the names of relatives; instead, use a combination of uppercase and lowercase letters, numbers, and special characters.

2. Responsible party

The responsible party within the meaning of the GDPR is:

WIG2 GmbH – Scientific Institute for Health Economics and Health Systems Research

Am Markt 8
04109 Leipzig
Germany
Phone: +49 341 392940-0
Fax: +49 341 392940-99
Email: info@wig2.de

Vertreter des Verantwortlichen: Dr. Ines Weinhold (Geschäftsführerin), JProf. Dr. Dennis Häckl (Geschäftsführer), Konstantinos Mouratis (Geschäftsführer)

3. Definitions

This Privacy Policy is based on the terminology used by the European legislator in the General Data Protection Regulation (GDPR). Our Privacy Policy should be easy to read and understand for both the public and our customers and business partners. To ensure this, we would like to first explain the terminology used. In this Privacy Policy, we use, among others, the following terms:

Wir verwenden in dieser Datenschutzerklärung unter anderem die folgenden Begriffe:

1. Personal Data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2. Data Subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).

3. Processing

Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

4. Restriction of Processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

5. Profiling

Profiling is any form of automated processing of personal data that involves using this data to evaluate certain personal aspects related to a natural person, in particular, to analyze or predict aspects regarding the person's work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or changes of location.

6. Pseudonymization

Pseudonymization is the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

7. Processor

A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

8. Recipient

A recipient is a natural or legal person, public authority, agency, or other body to whom personal data is disclosed, regardless of whether it is a third party or not. Authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are, however, not regarded as recipients.

9. Third Party

A third party is a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons authorized to process personal data under the direct authority of the controller or processor.

10. Consent

Consent is any freely given, specific, informed, and unambiguous indication of the data subject's wishes, by which they signify agreement to the processing of personal data relating to them, through a statement or clear affirmative action.

 

4. Legal Basis for Processing

Art. 6(1)(a) GDPR (in conjunction with § 25(1) TTDSG) serves as our legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, such as in processing operations necessary for the supply of goods or to provide another service or consideration, then the processing is based on Art. 6(1)(b) GDPR. The same applies to processing operations required for pre-contractual measures, for example, in response to inquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as for fulfilling tax obligations, the processing is based on Art. 6(1)(c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor in our company were injured and their name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third party. In this case, processing would be based on Art. 6(1)(d) GDPR.

Finally, processing operations could be based on Art. 6(1)(f) GDPR. This legal basis applies to processing operations that do not fall under any of the above-mentioned legal bases if processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, provided that such interests are not overridden by the interests, fundamental rights, and freedoms of the data subject. Such processing operations are permitted to us, in particular, because they have been specifically mentioned by the European legislator, who considered that a legitimate interest could be assumed if you are a client of our company (Recital 47 Sentence 2 GDPR).

5. Technology

5.1 SSL/TLS Encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or inquiries that you send to us as the operator. You can recognize an encrypted connection by the "https://" in the browser's address bar and the lock symbol in your browser's address line.

Wir setzen diese Technologie ein, um Ihre übermittelten Daten zu schützen.

5.2 Data Collection When Visiting the Website

When you use our website for informational purposes only, without registering or otherwise transmitting information or giving consent for processing that requires it, we collect only the data that is technically necessary for providing the service. This data is regularly transmitted by your browser to our server ("in so-called server log files"). Each time a page is accessed by you or an automated system, our website collects a series of general data and information. This data and information are stored in the server log files. The following may be collected:

1. Browsers and versions used,
2. The operating system used by the accessing system,
3. The website from which an accessing system arrives at our website (so-called referrer),
4. The sub-pages accessed on our website by an accessing system,
5. The date and time of access to the website,
6. An Internet Protocol (IP) address, and
7. The Internet service provider of the accessing system.

We do not draw any conclusions about your person when using this general data and information. Instead, this information is needed to

1. Deliver the content of our website correctly,
2. Optimize the content of our website and advertising for it,
3. Ensure the long-term functionality of our IT systems and website technology, and
4. Provide law enforcement authorities with the necessary information for prosecution in the event of a cyberattack.

Thus, we statistically evaluate the collected data and information with the aim of enhancing data protection and data security within our company, ultimately ensuring an optimal level of protection for the personal data we process. The data in the server log files is stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interest arises from the purposes listed above for data collection.

5.3 Hosting by IONOS

We host our website with IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter referred to as "IONOS").

When you visit our website, your personal data (e.g., IP addresses in log files) is processed on IONOS servers.

The use of IONOS is based on Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in a reliable presentation, provision, and security of our website.

We have entered into a data processing agreement (DPA) with IONOS pursuant to Art. 28 GDPR. This is a contract required by data protection law to ensure that IONOS processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Further information on IONOS’s data protection policies can be found at: https: //www.ionos.de/terms-gtc/terms-privacy

6. Cookies

6.1 General Information on Cookies

Cookies are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.

Information specific to the device used is stored in the cookie. However, this does not mean that we gain direct knowledge of your identity.

The use of cookies is intended to make our services more convenient for you. For example, we use session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted when you leave our site.

Additionally, we use temporary cookies to optimize user-friendliness; these are stored on your device for a specific period. If you visit our site again to use our services, we automatically recognize that you have visited before and remember your inputs and settings to avoid re-entry.

We also use cookies to statistically record the use of our website and evaluate it for optimization purposes. These cookies allow us to automatically recognize that you have already visited our site. These cookies are automatically deleted after a defined period. The storage duration of these cookies can be found in the settings of the consent tool used.

6.2 Legal Basis for the Use of Cookies

The data processed by cookies necessary for the proper functioning of the website is required to safeguard our legitimate interests and those of third parties under Art. 6 para. 1 lit. f) GDPR.

For all other cookies, your consent via our opt-in cookie banner is required under Art. 6 para. 1 lit. a) GDPR.

6.3 Consentmanager (Consent Management Tool)

We use the consent management platform "Borlabs Cookie" provided by Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany. This service enables us to obtain and manage the consent of website users for data processing.

Borlabs Cookie does not process any personal data.

In the cookie borlabs-cookie , your consents are stored when you enter the website. If you wish to revoke these consents, simply delete the cookie from your browser. Upon re-entering/reloading the website, you will be asked for your cookie consent again.

7. Analytics Tools and Advertising

Matomo (ehemals Piwik)

This website uses the open-source web analytics service Matomo. Matomo uses cookies, which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is stored on our server. The IP address is anonymized before storage.

Matomo cookies remain on your device until you delete them.

The storage of Matomo cookies is based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior to optimize both its website and its advertising.

The information generated by the cookie about the use of this website is not disclosed to third parties. You can prevent the storage of cookies by adjusting your browser settings; however, please note that doing so may prevent you from using all the features of this website to their full extent.

Opt-out complete; your visits to this website will not be recorded by the Web Analytics tool. Note that if you clear your cookies, delete the opt-out cookie, or if you change computers or Web browsers, you will need to perform the opt-out procedure again.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

You are not opted out. Uncheck this box to opt-out. You are currently opted out. Check this box to opt-in.

The tracking opt-out feature requires cookies to be enabled.

Wenn Sie mit der Speicherung und Nutzung Ihrer Daten nicht einverstanden sind, können Sie die Speicherung und Nutzung hier deaktivieren.

In this case, an opt-out cookie is stored in your browser that prevents Matomo from storing usage data. If you delete your cookies, the Matomo opt-out cookie will also be deleted. The opt-out must be reactivated when you visit our site again.

8. Our Activities on Social Networks

To communicate with you on social networks and inform you about our services, we have our own pages on these networks. When you visit one of our social media pages, we are jointly responsible with the respective platform provider for the processing of data according to Art. 26 GDPR.

We are not the original provider of these pages; we merely use them within the scope of options provided by the respective providers.

Thus, please be advised that your data may be processed outside the European Union or European Economic Area, posing potential data protection risks (e.g., more difficult enforcement of your rights to access, deletion, objection, etc.). These networks may frequently use cookies and/or link user behavior to member profiles.

The described processing of personal data is carried out based on Art. 6 para. 1 lit. f) GDPR in our and the provider's legitimate interest to communicate with you in a contemporary manner and inform you about our services. If you must provide consent for data processing as a user, this processing is based on Art. 6 para. 1 lit. a) GDPR in conjunction with Art. 7 GDPR.

Since we do not have access to the providers' data, please assert your rights (e.g., access, correction, deletion, etc.) directly with the respective provider. Further information on data processing in social networks by the providers we use is provided below:

8.1 LinkedIn

Our social media presence on LinkedIn can be found at https://de.linkedin.com/company/evin-hub. This privacy policy also applies to our LinkedIn presence, as far as we influence the data processing when using the service. The provider and joint controller for data processing in Europe is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Further information on data protection and data processing by the co-responsible provider can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy.

9. Your Rights as a Data Subject

9.1 Right to Confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

9.2 Right to Access (Art. 15 GDPR)

You have the right to access your stored personal data free of charge and to receive a copy of it under statutory regulations.

9.3 Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data concerning you and to complete incomplete data in consideration of the purposes of the processing.

9.4 Right to Erasure (Art. 17 GDPR)

You have the right to demand the deletion of personal data concerning you without undue delay if one of the statutory grounds applies and insofar as processing/storage is not required.

9.5 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the statutory conditions applies.

9.6 Right to Data Portability (Art. 20 GDPR)

You have the right to receive personal data concerning you, which you provided to us, in a structured, commonly used, and machine-readable format and to transfer this data to another controller. You also have the right to request direct transmission of your data where technically feasible and where this does not affect the rights and freedoms of others.

Furthermore, in exercising your right to data portability pursuant to Art. 20 (1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

9.7 Right to Object (Art. 21 GDPR)

You have the right to object at any time, based on your particular situation, to the processing of your personal data under Art. 6 para. 1 lit. e) or f) GDPR, including profiling based on these provisions.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless there are compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

In individual cases, we process personal data for the purpose of direct advertising. You can object to the processing of your personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.You may also object to the processing of personal data for scientific or historical research purposes or statistical purposes under Art. 89 para. 1 GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object via automated procedures using technical specifications related to the use of information society services, notwithstanding Directive 2002/58/EC.

9.8 Right to Withdraw Consent to Data Protection

You have the right to withdraw your consent to the processing of personal data at any time, with effect for the future.

9.9 Right to Lodge a Complaint with a Supervisory Authority

Sie haben das Recht, sich bei einer für Datenschutz zuständigen Aufsichtsbehörde über unsere Verarbeitung personenbezogener Daten zu beschweren.

10. Routine Storage, Deletion, and Blocking of Personal Data

We process and store your personal data only for the period required to achieve the purpose of storage or as stipulated by applicable laws and regulations to which our company is subject.

If the storage purpose ceases to apply or if a statutory storage period expires, personal data will be routinely blocked or deleted per statutory requirements.

11. Duration of Storage of Personal Data

The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiration of this period, the corresponding data is routinely deleted, provided it is no longer required for the purposes for which it was processed.

12. Validity and Changes to This Privacy Policy

This privacy policy is currently valid and has the status: November 2024.

As our website and offerings evolve or due to changes in legal or regulatory requirements, it may become necessary to update this privacy policy. The current privacy policy can be accessed and printed at any time on our website at https://www.evin-hub.com/datenschutzerklaerung/.