Information on the collection of personal data when you use our website

Personal data is any information, that can be specifically attributed to you, e.g. name, address, email addresses, user behaviour.

The responsible person in accordance with Art. 4 para 7 of the EU General Data Protection Regulation (GDPR) is DIMDI, Waisenhausgasse 36-38a, 50676 Cologne, represented by the acting head, Prof. Dr. Karl Broich. You can contact our data protection officer at Data Protection or via our postal address by addressing your communication to "The Data Protection Officer".

Alongside informational use of our website, we also offer further services. Details about this can be found under the point "Functions and offers of our website".

If you contact us by email or contact form:

Contact by email

Contact with DIMDI by email is possible via various functional email boxes alongside the person-bound official email addresses of the employees.

If you use one of the aforementioned contact paths, the data transmitted by you (e.g. surname, first name, address), but at least the email address, as well as the information contained in the email including any personal data transmitted by you are processed for the purpose of contact and dealing with your request.

The legal basis is Art. 6 para 1 sentence 1 letter b, c, e GDPR in conjunction with § 3 Federal Data Protection Act (BDSG). Processing of the personal data transmitted by you is necessary for the purpose of dealing with your request.

The data are erased as soon as they are no longer necessary for achievement of the purpose.  

Contact by contact form

If you use a contact form for communication, the statement of your name and of your email address and telephone number is necessary. Without these data, your request transmitted by contact form cannot be processed.

The processing of the data transmitted with the contact form and the contents of the personal data possibly likewise transmitted by you is done on the basis of Art. 6 para 1 sentence 1, letter b, c, e GDPR in conjunction with § 3 BDSG for the purpose of the dealing with your request.

The data are erased as soon as they are no longer necessary for achievement of the purpose.

Visiting our website

In the case of purely informative use of our website, i.e. if you do not register or otherwise provide us with information, we will only collect the data transmitted by your browser to our server. If you wish to view our website, we collect the following data that is technically necessary for us to display our website and to ensure stability and security:

  • Browser type and version
  • Operating system used
  • Website from which you arrived on our site (Referrer URL)
  • Pages and files accessed on our site
  • Where appropriate, the website you visited after our site (by clicking an external link on our website)
  • Date and time of your access
  • IP address, anonymised in truncated form

Use of cookies

In addition to the aforementioned data, cookies are stored on your computer when you use our website. This is done on the basis of Art. 6 para 1 sentence 1 letter e GDPR in conjunction with § 3 BDSG. The precondition for storage of the cookies is that acceptance of cookies has been activated in your browser settings (e.g. Microsoft Edge, Internet Explorer, Mozilla Firefox, Opera, Apple Safari).

Cookies are small text files that are stored on your computer when you access specific pages or functions. They cannot be assigned to individuals and do not contain personal information. Cookies do not harm your computer and do not contain viruses.

You can generally use DIMDI's Internet offer without accepting cookies. However, we use session cookies for our search applications and special pages (for example in the download area or when logging into restricted areas) to facilitate your use of the site. These temporary cookies are automatically removed from your computer after the browser session has finished. You can continue to use our search applications even if you disable the storage of cookies.

In addition, a session cookie is set after the click on the "Close" button in the banner reference displayed at the end of the browser window when you first visit our website. In this way, the banner reference is hidden for the time of the browser session. After the end of the browser session, this cookie is automatically removed from your computer again.

You can prevent storage of cookies on your computer via the settings in your browser. You can also delete cookies manually or set your browser such that it automatically deletes all the cookies after the end of the session. Please remember that the Matomo deactivation cookie (see "Objection against use of the Matomo analysis tool") is also erased and you must again object to recording of statistical data when you use our website next.

Use of the Matomo analysis tool

We use the Matomo analysis service in order to analyse the use of our website and to improve it regularly. With the statistics which we obtain, we can improve our offer and make it more interesting for you as a user. The legal basis for the use of Matomo is Art. 6 para 1 sentence 1 letter e GDPR in conjunction with § 3 BDSG.

This website uses Matomo with an extension for anonymisation of the IP addresses. In this way, IP addresses are processed curtailed, a direct reference to a person can be ruled out in this way. The IP address transmitted by your browser by means of Matomo is not put together with other data which we have collected.

If individual pages of our website are accessed, the following data are stored:

  • two bytes of the IP address of your accessing system (anonymous)
  • browser type and version
  • operating system used
  • the accessed website
  • the website, from which you access us (referrer URL) - to the extent that your browser does not suppress this
  • the pages and files which you access on our website
  • if applicable, the website which you visit after ours (by clicking of an external link on our website)
  • date and time of your access
  • the duration of your stay on the website
  • the frequency of your access to the website
  • your location (country)

Within the framework of our web analysis, no tracking cookies are set on your computer. The Matomo software and the data collected by means of Matomo are exclusively operated, stored and processed on our own servers.

Objection against use of the Matomo analysis tool

If you do not agree to the completely anonymous storage and evaluation of the data from your visit, you can object to the storage and use below by a mouse click at any time.

In this case, a so-called opt-out cookie (deactivation cookie) will be placed on your browser, with the result that Matomo does not collect any more session data.

Preventing the use of Matomo is possible by removing the following tick and thus activating the opt-out plug-in:

In addition, the "Do not track" function has been activated in the Matomo installation of DIMDI. If your browser does support this function and you have activated the function in the browser settings, no data are recorded by Matomo, even if you do not use the aforementioned deactivation cookie.

Functions and offers on our website

We offer further services in addition to the purely informational use of our website. To do this, we typically require additional personal information that is subject to the aforementioned principles of data processing.

We use external service providers to process your data, and these third parties are bound by our instructions and are subject to regular checks.

We do not transfer your personal data to third parties for commercial purposes, and only in a few cases do we forward your personal data to such third parties. You will receive more information when entering your personal data, and below in the description of the offer.

AMIS for the federal states and AMIS for enclosed groups of users

The competent senior federal authorities BfArM, BVL and PEI transmit your personal data (name) stated as part of the registration information for drugs as Qualified Person, Graduated Plan Representative or information representative to us.

Your personal data are available to the BMG and its subordinate institutes and also the drug monitoring authorities and the examination offices of the federal states in the "AMIS for the federal states".

By providing the data, DIMDI enables monitoring of the dealings with drugs by the competent state authorities and thus fulfils its statutory commission formulated in § 67a AMG. The legal basis for this is Art. 6 para 1 sentence 1 letter c GDPR.

Your personal data are erased no later than 15 years after the end of the marketability of the drug in question.

ATC/DDD

Once a year, the official version of the ATC classification including DDD information is issued according to § 73 subparagraph 8 sentences 5 and 6, Vol. V of the German Social Code. It is processed by the (AG) ATC/DDD work group, which members are appointed by the Federal Ministry of Health (BMG).

Your personal data stated as a member of the work group are exclusively used by us for internal communication. In some cases, documents with personal data, e.g. names and addresses of contacts with the pharmaceutical enterprises, expert analysts etc., are enclosed with the applications by the pharmaceutical associations or pharmaceutical enterprises. All these documents are exclusively used by us within the framework of the processing of the application in question. The legal basis is Art. 6 para 1 sentence 1 letter c GDPR.

The work group distribution list with names, addresses, e-mail addresses and telephone numbers of the work group members is forwarded upon request to the WIdO (AOK Research Institute), which is a member of the work group and which has a contract for works with DIMDI relating to the adaptation of the international ATC classification to the peculiarities of the German medication market.

The data are erased as soon as they are no longer necessary for achievement of the purpose of their collection.

Courses and events

  • Courses and events at a charge:
    For registration, we need your address and contact data. We use the data solely for making contact and processing the booking and, if applicable, for name tags, confirmations of attendance, lists of attendees or certificates.
    We also need your data in processing commissions and payments, for which purpose we forward your payment data to the responsible federal treasury.
    The legal basis of this is Art. 6 para 1 sentence 1 letter b GDPR. On the basis of commercial and fiscal law directives, we are obliged to store your address and payment data for a duration of ten years.
  • Courses and events free of charge:
    For registration, we need your address and contact data. We use the data solely for making contact and processing the booking and, if applicable, for name tags, confirmations of attendance, lists of attendees or certificates.
    The legal basis of this is Art. 6 para 1 sentence 1 letter a or e GDPR. Your personal data are erased as soon as the data are no longer necessary for fulfilment of the purpose pursued with the storage.

Database search flat fees

If you would like to make use of our database offer at a charge, statement of your personal data is necessary for the conclusion of the contract. We process the data stated by you for handling of the contract and of payments which are due within the framework of the use of our database offer at a charge. For this, we can forward your payment data to the responsible federal treasury for the purpose of order and payment handling.

The legal basis is Art. 6 para 1 sentence 1 letter b GDPR. On the basis of commercial and fiscal law requirements, we are obliged to store your address, payment and order data for a period of ten years.

Insofar as you use our search and capture applications, we will store your customer number to analyse and correct any errors that may arise. The log data will be deleted after 7 days. The legal basis is Art. 6 para 1 sentence 1 letter b GDPR.

DRKS (German Clinical Trials Register)

  • Registration of clinical trials
    Personal contact information stored in the address fields for the registration of clinical trials in the DRKS is required for WHO-compliant registration. We publish this contact information on the website of the DRKS, the primary registry for Germany recognised by the WHO. The data is used for correspondence e.g. for medical and scientific representatives and for patients. The legal basis is Art. 6 para 1 sentence 1 letter f GDPR. As a WHO primary registry, we are required to share all data, including personal information, with the WHO International Clinical Trials Registry Platform.
    Personal contact data on the websites of the DRKS are deleted when they cease to be required for the purpose for which such data was stored. You can object to the processing of your contact data by email at any time via email to kontakt-drks@dimdi.de.
  • User accounts for the registration of clinical trials
    You must enter personal data, a password of your choice and username you select to register clinical trials in the DRKS. We implement the double-opt-in procedure for registration, whereby your registration is only complete once you have confirmed your registration by clicking the link in the confirmation email sent to you for this purpose.
    Your personal data serves to enable us to correspond with you. This data will not be disclosed to third parties nor will it be visible to third parties. The legal basis is Art. 6 para 1 sentence 1 letter a GDPR.

German Register of Online Medicine Retailers

This register contains pharmacies and other medicine retailers who are officially authorised to sell drugs for human use via the internet. The legal basis for the register is formed by §§ 43 subsection 1 and 67 subsection 8 of the German Drug Law (AMG). No personal data are recorded in the register itself.

Your personal data which you state as the responsible clerk for the recording of pharmacies and other traders for the German Register of Online Medicine Retailers are exclusively used by us for the documentation of the registration. They are not published in the public mail-order trade register. The legal basis is Art. 6 para 1 sentence 1 letter c GDPR.

The data are erased as soon as they are no longer necessary for achievement of the purpose of their collection.

Health Care Data (DaTraV): application procedure

We exclusively need your transmitted personal data within the framework of the application procedure in order to process your application and to make the settlement according to the Fees Ordinance.

We forward your payment data to the responsible federal treasury for the handling of the commission and payment. We store your address and payment data for settlement according to the Fees Ordinance for a duration of ten years on the basis of commercial and fiscal law requirements. Your data in the application are archived for at least 15 years after the final processing of your application.

The legal basis is Art. 6 para 1 sentence 1 letter e GDPR in conjunction with §§ 303 a to 303 e Vol. V, German Social Code, and the Data Transparency Ordinance.

Health Care Data (DaTraV): data of people with statutory health insurance

The Information system for health care data provides aggregated data of statutory health insurance to institutions entitled to use them for evaluation purposes according to § 303e (2), Vol. V, German Social Code. Provision is done in accordance with §§ 303a to 303e and the 2012 Data Transparency Ordinance. All persons with statutory insurance in Germany form the source of the data. Collection of the data is done in doctors' surgeries, hospitals, pharmacies and statutory health insurance schemes. The data are put together by the health insurance schemes via the Central Federal Association of the Health Insurance Scheme and provided to the BVA for the calculation of the MorbiRSA.

Recipients of aggregated quantities of outcomes are the institutions entitled to use named in accordance with § 303e (1). The data are provided anonymised. In exceptional cases, the data are provided pseudonymised according to § 303e (3) if this is necessary for the envisaged purpose.

Your data are processed on the legal basis of Art. 6 para 1 sentence 1 letter e GDPR in conjunction with §§ 303a to 303e Vol. V, German Social Code, and the Data Transparency Ordinance (DaTraV).

The Information system for health care data archives provisions data of all people in Germany with statutory health insurance lastingly, in order to build up a research data pool for institutions entitled to use and to make them usable for evaluations, ensuring protection of identity of the insured parties. According to § 303 d (1), the data are to be deleted when they are no longer necessary for the fulfilment of the tasks of the Information system for health care data. The statutory regulations do not state any archiving periods. The DaTraV data have to be erased when the Information system for health care data is released from the task and no other institution assumes this task of making evaluation of these data for research and control purposes possible.

HTA reports

Your personal data (name, email address, CV, bank account details) which you have stated in the production of an HTA report or an analysis for an HTA report are needed for the future issue of an HTA report or for order and payment handling. The legal basis for this is Art. 6 para 1 sentence 1 letter b GDPR.

We forward your payment data for handling the order and payment to the competent federal treasury. On the basis of commercial and fiscal law requirements, we are obliged to store your address and payment data for the duration of ten years.

Publication of the personal data (name) which you have provided in an HTA report is for an unlimited period of time.

ICF projects (International Classification of Functioning, Disability and Health)

We store the personal data you have entered as the contact person for an ICF project registered on DIMDI in the form of the ICF project list on the DIMDI website. The legal basis is Art. 6 para 1 sentence 1 letter a GDPR.

The list is intended for communication between ICF users and is provided as an additional service to publish the German language translation of the ICF.

Your projects, including your personal data, on the DIMDI website will be deleted as soon as the data is no longer required for the purpose for which it was stored. You can object to the processing of your data at any time.

Iris Institute: SharePoint, version administration system (Git and subversion)

To apply for access to the SharePoint or other repositories, you must forward your contact data (name, e-mail) to us. The legal basis is Art. 6 para 1 sentence 1 letter a GDPR.

Your personal data are exclusively stored for the purpose of registration. They are not forwarded to third parties.

You can withdraw your consent at any time by contact form to Iris Institute. In this case, your data and your user account are erased. If you leave the core group, your data and your user account are erased by DIMDI.

Newsletter

When you sign up for our newsletter, we implement the double-opt-in procedure: After your registration, we will send you an email to the email address you specified, in which we ask you to confirm your registration. Only after this confirmation will we store your email address to send the newsletter to you. The legal basis is Art. 6 para 1 sentence 1 letter a GDPR.

You can revoke your consent to the receipt of our newsletter at any time and unsubscribe from the newsletter. You can use the link provided in each newsletter email or use the form for subscription/unsubscription.

OID application

Your personal data entered in the OID application will be stored for registration purposes and will be published in the OID register on the DIMDI website. The legal basis is Art. 6 para 1 sentence 1 letter a GDPR. The register serves to publish the registry code of the German healthcare sector.

The publication of the OID entries in the DIMDI OID register is for an indefinite period. You can object to the processing of your personal data at any time. In this case, the OID entries are published without personal data.

Orders

  • Fee-based materials (e.g. ICF publication):
    If you would like to order fee-based materials, we require personal data to process your order and to conclude the contract. We may pass on your payment data on to the responsible federal treasury for the purpose of order and payment processing. The legal basis is Art. 6 para 1 sentence 1 letter b GDPR.
    Commercial and tax regulations oblige us to save your address, payment and order data for a period of ten years.
  • Free materials (e.g. flyers):
    We will need your postal address details if you wish to order free materials via our website, and we only use such personal data to process your order. The legal basis is Art. 6 para 1 sentence 1 letter a GDPR. Your data will not be forwarded to third parties.
    The personal data you transmit will be stored (and can be subsequently withdrawn) when you order and automatically deleted after a period of up to 3 months.

Packaging Size Ordinance

Within various workflows, the work group (AG) processes ATC/DDD requests serving fulfilment of the statutory task according to § 5 Packaging Ordinance and § 73 subsection 8 sentence 5, Vol. V of the German Social Code, with the objective of fixing indices for standardised packaging sizes and, if necessary, amending them and thus facilitating the exchange of medications with identical packaging size identifications.

Your personal data stated as a member of the work group are exclusively used by us for internal communication. In some cases, documents with personal data, e.g. names and addresses of contacts with the pharmaceutical enterprises, expert analysts etc., are enclosed with the applications by the pharmaceutical associations or pharmaceutical enterprises. All these documents are exclusively used by us within the framework of the processing of the application in question. The legal basis is Art. 6 para 1 sentence 1 letter c GDPR.

The work group distribution list with names, addresses, e-mail addresses and telephone numbers of the work group members is forwarded upon request to the WIdO (AOK Research Institute), which is a member of the work group and which has a contract for works with DIMDI.

The data are erased as soon as they are no longer necessary for achievement of the purpose of their collection.

Proposal procedure for OPS and ICD-10-GM

We will store your proposals, including your personal data as referred to in the OPS and ICD-10-GM proposal procedure to process and forward such proposals to the parties involved (if applicable, self-governing partners and representatives of the professional associations and organisations or institutions established by statutory regulations for inpatient and outpatient quality assurance, members of the ICD working group and the OPS working group and other experts involved in the processing of the proposal). The legal basis is Art. 6 para 1 sentence 1 letter a GDPR.

We will post your suggestions, including the personal data you have submitted, on our website, insofar as you have granted your consent to do so. Otherwise, proposals will be published with no personal data. The publication serves to ensure transparency of the respective ongoing proceedings. We must also ensure that users of ICD-10-GM and OPS can access all the proposals beyond the actual procedure as a basis for future proposals and that interested parties can contact the persons who have submitted such proposals.

The publication of the proposals on the DIMDI website is for an indefinite period. Your proposals, including your personal information on our website, will be deleted once the data is no longer required for the purpose of the storage. You can object to the processing of your data at any time.

Sperm donors register

  • User accounts for EMV and EE:
    To register with DIMDI, institutions of medical provisions (EMV) and extraction institutions (EE) have to deposit personal contact data. The data are needed for the electronic reporting procedure for transmission of the personal data of recipients and donors to DIMDI. The legal basis for this is Art. 6 para 1 sentence 1 letter e GDPR (General Data Protection Regulation) in conjunction with §§ 2 and 5 Sperm Donors Registration Act (SaRegG).
    Personal contact data from EMV and EE are erased as soon as they are no longer necessary for fulfilment of the purpose pursued with the storage.
  • Applications for donors' children, parents of donors' children, recipients of the sperm donation and sperm donors:
    Alongside the purely informational use of our website, we offer further services such as applications for donors' children, parents of donors' children, recipients of the sperm donation and sperm donors. We exclusively use the personal data transmitted in this context in order to process your application. The legal basis for this is Art. 6 para 1 sentence 1 letter e GDPR in conjunction with §§ 2 und 5 SaRegG.
    Your personal data transmitted for this purpose are erased as soon as the data are no longer necessary for fulfilment of the application.  
    You can object to the processing of your contact data at any time by contact form to Sperm Donors Register.

Your rights

You have the following rights towards us with a view to the personal data concerned with you:

Right to information according to Art. 15 GDPR

With the right to information, the data subject is given extensive insight into the data concerned with him and other important criteria, such as the purposes of processing of the duration of the storage.

Right to rectification according to Art. 16 GDPR

The right to rectification contains the possibility for the data subject to have incorrect personal data concerned with him corrected.

Right to erasure ("right to be forgotten") according to Art. 17 GDPR

The right to erasure contains the possibility for the data subject to have data erased with the controller. However, this is only possible if the personal data concerned with him are no longer necessary, are processed unlawfully or a consent in this regard has been withdrawn.

Right to restriction of the processing according to Art. 18 GDPR

The right to restriction of the processing contains the possibility for the data subject to prevent a further processing of the personal data concerned with him for the time being. A restriction comes about above all in the examination phase of other attendance to rights by the data subject.

Right to objection to the processing according to Art. 21 GDPR

The right to objection contains the possibility for the data subject to object to the further processing of his personal data in certain specific situations, to the extent that this is justified by attending to public tasks or public and private interests.

Right to withdrawal of the data protection law declaration of consent

You have the right to withdraw you data protection law declaration of consent at any time. The withdrawal of the consent does not affect the lawfulness of the processing done on the basis of your consent up to the time of withdrawal.

Right to data portability according to Art. 20 GDPR

The right to data portability contains the possibility for the data subject to receive the personal data concerned with him in a commonly used, machine-readable format from the controller in order to have them forwarded to another controller if need be.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

Changes to this data privacy declaration

DIMDI reserves the right to occasionally amend this data privacy declaration to adapt to current circumstances. We therefore recommend that you consult our data privacy declaration regularly.

This website uses session cookies to ensure certain functionalities such as downloads or login to closed areas. In order to optimize the website, we use the analysis tool Matomo. Our Matomo installation works without tracking cookies. You will find more detailed information and the possibilities to object to the use of Matomo in our data privacy declaration.