International Centers for Precision Oncology Foundation

Data protection declaration ICPO Foundation Wiesbaden

The following information provides a simple overview of how we process your personal data when you visit our website. When you use this website, various personal data are collected. We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with European statutory data protection regulations and this data protection declaration. This data protection declaration explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission on the internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data from access by third parties is not possible. Changes to this privacy policy may be necessary in the course of further development of our website and the implementation of new legal requirements, new technologies or to improve our service for you. We therefore recommend that you read this data protection declaration again from time to time. You can print this document using the usual functionality of your Internet service program (= browser: there usually "File" - & gt; "Print"). Detailed information on data protection can be found in our data protection declaration listed below this text. This privacy policy applies to data, including personal data, processed about you by us on this website. Personal data is data or a combination of individual data by which you can be identified. We process your personal data in compliance with the data protection laws of the Federal Republic of Germany and the European Data Protection Regulations. Under no circumstances will we pass on your personal data to third parties for advertising or marketing purposes without your consent. At the ICPO Foundation Wiesbaden, compliance with the statutory provisions and this declaration is monitored by our data protection officer. Our employees have been trained in handling personal data and have been obliged in writing to maintain data secrecy. By using this website, you accept this data protection declaration and you expressly consent to the collection, use, disclosure, storage, and protection of your personal data as described in this data protection declaration.

I. Name and address of the person responsible

The operator of the website and responsible body in terms of data protection is:
ICPO Foundation
Banneggstrasse 57
88214 Ravensburg
Germany

II. Name and address of the data protection officer

If you have any further questions, you can contact our data protection officer using the following contact details:
Email: martin.reuter@icpo.foundation

General information on data processing

1. Scope of the processing of personal data

As a matter of principle, we only process personal data of our users insofar as this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain your consent for the processing of personal data, Art. 6 (1) a) GDPR serves as the legal basis. If we process your personal data that is required to fulfill a contract with you, Art. 6 (1) b) GDPR serves as the legal basis. This shall also apply to processing operations necessary for the implementation of pre-contractual measures. Insofar as the processing of your personal data is necessary to fulfill a legal obligation to which our company is subject, this is done on the basis of Art. 6 (1) a) GDPR. In the event that vital interests of the data subject or another natural person make it necessary to process your personal data, Art. 6 (1) d) GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh the first-mentioned interest, Art. 6 (1) f) GDPR serves as the legal basis for processing. If the processing is in the ecclesiastical or public interest, Art. 6 (1) e) GDPR serves as the legal basis for the processing.

3. Data deletion and storage duration

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. Storage can also take place if this has been provided for by the European, national legislator in Union regulations, laws or church or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data in order to conclude or fulfill a contract. Furthermore we will delete your data if you ask us to do so and there is no legal retention period contradicting this.

4. Purpose of data processing

The lawful processing of this data takes place for the purpose of enabling the use of the website (connection establishment), system security, the technical administration of the network infrastructure as well as the optimization of the Internet offer. By agreeing to this privacy policy, you give your consent that we may collect this data. You have the option to object to this data processing. If you object to the use of the data, we point out that only the limited use of our services may be possible. In addition, we only process personal data if you give it to us voluntarily. These are, for example, name, address, telephone number or e-mail address. Beyond the aforementioned cases, this personal data will not be processed unless you expressly consent to further processing.

III. Provision of the website and creation of log files

Every time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

  • Information about the browser type and the version used
  • The operating system of the user
  • The user's Internet service provider, date and time of access
  • Websites from which the user's system reached our website
  • Websites that are accessed by the user's system via our website

The data is also stored in the log files of our system. This does not affect the user's IP addresses or other data that enable the data to be assigned to a user. A storage of this data together with other personal data of the user does not take place.

Opposition and elimination option

The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility of objection on the part of the user.

IV. Adobe Web Fonts

This page uses so-called web fonts, which are provided by Adobe, for the uniform representation of fonts. When you go to a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to the Adobe servers. As a result, Adobe is informed that our website has been accessed via your IP address. The use of Adobe Web Fonts is in the interest of a uniform and appealing presentation of our online offers. If your browser does not support web fonts, a standard font will be used by your computer. This represents a legitimate interest within the meaning of Art. 6 (1) f) GDPR. You can find more information on Adobe Typekit Web Fonts at https://fonts.adobe.com/ and in Adobe Fonts' privacy policy: https://www.adobe.com/de/privacy.html

V. Contact form and email contact

On our website there is a contact form which can be used to contact us electronically. If a user takes advantage of this option, the data entered in the contact form will be transmitted to us and saved. When the message is sent, the following data is saved in addition to the completed data fields: (1) The IP address of the user
(2) Date and time of the contact request
(3) Documents that are attached to the form
For the processing of the data, your consent is obtained during the sending process and reference is made to this data privacy policy. Alternatively, you can contact us using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be saved. In this context, the data is generally not passed on to third parties. The data will only be used to process the conversation. The processing of the data entered in the contact form takes place exclusively on the basis of your consent in accordance with Art. 6 (1) a) GDPR. You can revoke this consent at any time. An informal e-mail to us is sufficient. The legality of the data processing operations carried out before the revocation remains unaffected by the revocation. The processing of the personal data from the contact form serves us only to process the contact. If you contact us by e-mail, there is also the necessary legitimate interest in processing the data. Other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. The user has the option at any time to revoke their consent to the processing of personal data. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. In this case, all personal data stored in the course of contacting us will be deleted.

VI. Web analysis by Matomo (formerly PIWIK)

We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software places a cookie on the user's computer (see above for cookies). If individual pages of our website are accessed, the following data, for example, is stored: (1) Two bytes of the IP address of the calling system of the user
(2) The accessed website
(3) The website from which the user accessed the accessed website (referrer)
(4) The subpages that are accessed from the accessed website
(5) The time spent on the website
(6) The frequency with which the website is accessed
The software runs exclusively on the servers of our website. The user's personal data is only stored there. The data will not be passed on to third parties. The software is set so that the IP addresses are not saved in full, but 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer. The processing of the personal data of the users enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. The data will be deleted as soon as it is no longer required for our recording purposes. In our case this happens after 6 years. Cookies are stored on the user's computer and transmitted to our website from there. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used in full. We offer our users the option of opting out of the analysis process on our website. To do this, you have to follow the corresponding link. In this way, other cookies are set on your system, which signals our system not to save the user's data. If the user deletes the corresponding cookie from his own system in the meantime, he must set the opt-out cookie again. You can find more information on the privacy settings of the Matomo software under the following link: matomo.org/docs/privacy/.

Objection to data collection:
You can prevent Matomo from collecting your data. An opt-out cookie will be set which prevents the collection of your data on future visits to this website: & nbsp;

VII. Online donations

You have the opportunity to use our donation form and thereby support our work. We collect data that is necessary for the proper processing of our donations:

  • IP address and date and time of entry
  • Name and possibly organization
  • Email address
  • Information about the selected payment method
  • Date of the transaction
  • Amount of money of the transaction
  • Status of the transaction
  • possibly Address and contact information
  • possibly Bank details (IBAN and BIC)
  • possibly additional information

The data for ordering a direct debit / online donation is secured and transmitted in encrypted form and transmitted to our bank within the framework of the direct debit authorization. We also collect your data in order to confirm receipt of your donation by e-mail and, if necessary, to be able to send you a donation confirmation by post if required.

By using our donation form, you give us your consent to the processing of the data mentioned. You have the right to revoke this consent at any time. You can send the revocation to donate (at) icpo.foundation. Please note that the data processing that lawfully took place before the revocation is still lawful.

The data stored by us will be deleted as soon as the purpose of the data processing has been fulfilled. In this case, this is the receipt of your donation as well as the confirmation of receipt of the donation. In addition, according to §. 147 of the German Tax Code (AO), information about your donation (e.g. the donation notification) may be required to be stored for a period of ten years.

Fundraising box

In order to organize donations, we use the fundraising box of the company Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg. Data that you enter in the donation form will be forwarded to us via the server of the fundraising box and processed. We have concluded an order processing contract with the company Wikando GmbH, whereby the data processing by the fundraising box is protected by data protection law. To learn more about data protection at Wikando GmbH, please read the information page on their website: https://www.fundraisingbox.com/datensicherheit/

Use of cookies

We also use cookies as part of online donations. Session cookies from Wikando GmbH are used. These cookies are used to ensure that the load on the provider's servers is evenly distributed in order to ensure the availability of the service. The ID of your session is saved for this purpose.

In detail, the following cookies are set as part of the donation tool:

Cookie: AWSALBCORS
Domain: secure.fundraisingbox.com
Classification: Preference, but necessary to process online donations
Validity / storage period: 6 days
Description and purpose: Registers which server cluster serves the visitor. This is used in the context of load balancing to optimize the user experience.

Cookie: box
Domain: secure.fundraisingbox.com
Classification: Preference, but necessary to process online donations
Validity / storage period: 1 days
Description and purpose: Stores the ID of the user session. Even users who are not automatically logged in (i.e. donors) have a user session that does not contain any information.

Cookie: AWSALB
Domain: secure.fundraisingbox.com
Classification: Necessary
Validity / storage period: 6 days
Description and purpose: Registers which server cluster s serves the visitor. This is used in the context of load balancing to optimize the user experience.

The storage of this data is necessary in order to be able to process the online donation. It is not possible to process the online donation without these cookies. It is therefore in our legitimate interest to set these cookies (Art. 6 (1) f), GDPR).

In addition, two cookies from the payment service provider Stripe (Stripe, Inc., San Francisco, CA 94103, USA) are used, which are used to transmit personal data as part of the donation processing via Stripe and which use your consent in the context of the cookie banner , whereby you provide your legal consent (Art. 6 (1) f) GDPR).

Cookie: m
Domain: m.stripe.com
Country: United States
Classification: Necessary

Validity / storage period: session duration
Description and purpose: Determines the device used to access the website. This allows the website to be formatted accordingly.

Cookie: q (dot) stripe (dot) com
Domain: q.stripe.com
Country: United States
Classification: Necessary
Validity / storage period: session duration
Description and purpose: This cookie is necessary to carry out credit card transactions on the website. The service is provided by Stripe.com so that online transactions are possible without storing credit card information.

PayPal

There is the possibility of handling the donation process with the online payment service PayPal. PayPal enables online payments to be made to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & amp; Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as the donation method, your data required for the process will be automatically transmitted to PayPal:

  • Name
  • Address
  • Company
  • Email address
  • Telephone and mobile number
  • IP address

PayPal may also pass on your data to third parties, insofar as this is necessary to fulfill the contractual obligations or the data is to be processed on behalf. You can view PayPal's data protection provisions at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.

The legal basis for data processing is Art. 6 (1) b) GDPR, since the processing of the data is necessary for payment with PayPal and thus for the execution of the contract.

VIII. Rights of the data subject

You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, restriction, blocking or deletion of this data. You can contact us at any time at the address given in the legal notice if you have any further questions about data protection. You also have the right to lodge a complaint with the responsible supervisory authority.

1. Right to information

You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us. If such processing has taken place, you may request the controller to provide you with the following information (1) the purposes for which the personal data are processed; (2) the categories of personal data that are processed; (3) the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed; (4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage; (5) the existence of a right to correction or deletion of your personal data, a right to restrict processing by the person responsible or a right to object to this processing; (6) the right to lodge a complaint with a supervisory authority; (7) all available information about the origin of the data if the personal data is not collected from the data subject. You have the right to request information about whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees according to Art. 45 GDPR in connection with the transmission

2. Right to restriction of processing

You can request the restriction of the processing of the personal data concerning you under the following conditions: (1) if you dispute the correctness of the personal data concerning you for a period that enables the person responsible to check if the personal data is correct; (2) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data; (3) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise, or defend legal claims, or (4) if you have objected to the processing in accordance with Art. 21 GDPR and this has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons. If the processing of your personal data has been restricted, this data - apart from its storage - may only be used with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest processed by the Union or a Member State. If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

3. Right to deletion

You can request that the person responsible delete the personal data concerning you immediatelyand the person responsible is obliged to delete this data immediately if one of the following reasons applies: (1) The personal data concerning you are for purposes for which they were collected or otherwise processed are no longer necessary. (2) You revoke your consent on which the processing was based in accordance with Art 6 (1) a) GDPR and there is no other legal basis for the processing. (3) You object to the processing in accordance with Art. 21 23 GDPR and there are no overriding legitimate reasons for the processing. (4) The personal data concerning you is processed unlawfully. (5) The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject. If the person responsible has made the personal data concerning you public and is obliged to delete it, he shall take the appropriate measures, including technical measures, taking into account the available technology, and the implementation costs, in order to take the data controllers who process the personal data into account to inform that you, as the data subject, have requested that you delete all links concerning this personal data or copies or replications of this personal data

4. Right to be informed

If you have asserted the right to correction, deletion, or restriction of processing against the person responsible, the person responsible (the controller) is obliged to inform all recipients to whom the personal data relates to whom this information was disclosed to, of this correction, deletion of the data, or restriction of processing unless this turns out to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the person responsible(controller).

5. Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible,(controller)this will only be done if it is technically feasible.

6. Right of objection

You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 (1) a) GDPR, this also applies to profiling based on these provisions. The person responsible(controller) will no longer process the personal data concerning you unless he can prove compelling legitimate reasons for the processing that outweighs your interests, rights and freedoms, or the processing serves to assert, exercise, or defend legal claims.

7. Right to revoke the data protection legal declaration of consent

You have the right to revoke your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation.

8. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work, or the place of the alleged infringement, if you are of the opinion that the processing of the data concerning your personal data violates the GDPR. The supervisory authority to which the complaint was submitted informs the complainant about the status and the results of the complaint, including the possibility of a judicial remedy according to Art. 79 GDPR. A list of data protection officers and their contact details can be found in this link .

Formular erfolgreich abgesendet.