Information on the collection of personal data when you use our website

Personal data is any information, that can be specifically attributed to you, e.g. name, address, email addresses, user behaviour.

The responsible person in accordance with Art. 4 para 7 of the EU General Data Protection Regulation (GDPR) is DIMDI, Waisenhausgasse 36-38a, 50676 Cologne, represented by the director, Dr. Dietrich Kaiser. You can contact our data protection officer at Data Protection or via our postal address by addressing your communication to "The Data Protection Officer".

If you contact us by email or using a contact form, we will store the information you provide (your email address, name and telephone number, if applicable) to process your request. We will delete such data after a specific period of time when storage is no longer required or will limit the processing in the event of legal storage obligations.

We will notify you if we commission service providers to carry out specific processes in our offer. Details and the specific storage period criteria are stipulated in point "Functions and offers on our website".

Your rights

You have the following rights with respect to your personal data:

  • Right to information
  • Right to rectification or deletion
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability

You also have the right to appeal to a data protection supervisory authority regarding how we process your personal information.

Visiting our website

In the case of purely informative use of our website, i.e. if you do not register or otherwise provide us with information, we will only collect the data transmitted by your browser to our server. If you wish to view our website, we collect the following data that is technically necessary for us to display our website and to ensure stability and security:

  • Browser type and version
  • Operating system used
  • Website from which you arrived on our site (Referrer URL)
  • Pages and files accessed on our site
  • Where appropriate, the website you visited after our site (by clicking an external link on our website)
  • Date and time of access
  • IP address, anonymised in truncated form

In addition to the above data, cookies are also stored on your computer when you use our website.
Cookies are small text files that are stored on your computer when you access specific pages or functions. They cannot be assigned to individuals and do not contain personal information. Cookies do not harm your computer and do not contain viruses.
You can generally use DIMDI's Internet offer without accepting cookies. However, we use session cookies for our search applications and special pages (for example in the download area or when logging into restricted areas) to facilitate your use of the site. These temporary cookies are automatically removed from your computer after the browser session has finished. You can continue to use our search applications even if you disable the storage of cookies.
You can configure your browser settings to prevent cookies from being stored on your computer. For details, please refer to the relevant instructions for your browser.

Objection or withdrawal of consent regarding the processing of your data

You can withdraw your consent to the processing of your data at any time. Such revocation will affect the legitimacy of the processing of your personal data after you have declared such revocation.

You can object to processing insofar as we base the processing of your personal data on a balance of interests. This applies in particular if processing is not required to fulfil a contract with you, as stipulated in the following description of the functions and offers on our website. In the event of an objection, please explain why we should not process your personal information as we have done. We will then review the situation and will either cease processing, modify the data processing or set out our compelling legitimate reasons for continuing to process your data.

Functions and offers on our website

We offer further services in addition to the purely informational use of our website. To do this, we typically require additional personal information that is subject to the aforementioned principles of data processing.

We use external service providers to process your data, and these third parties are bound by our instructions and are subject to regular checks.

We do not transfer your personal data to third parties for commercial purposes, and only in a few cases do we forward your personal data to such third parties. You will receive more information when entering your personal data, and below in the description of the offer.

Courses and events

  • Courses and events at a charge:
    For registration, we need your address and contact data. We use the data solely for making contact and processing the booking and, if applicable, for name tags, confirmations of attendance, lists of attendees or certificates.
    We also need your data in processing commissions and payments, for which purpose we forward your payment data to the responsible federal treasury.
    The legal basis of this is Art. 6 para 1 page 1 letter b GDPR. On the basis of commercial and fiscal law directives, we are obliged to store your address and payment data for a duration of ten years.
  • Courses and events free of charge:
    For registration, we need your address and contact data. We use the data solely for making contact and processing the booking and, if applicable, for name tags, confirmations of attendance, lists of attendees or certificates.
    The legal basis of this is Art. 6 para 1 page 1 letter a or e GDPR. Your personal data are erased as soon as the data are no longer necessary for fulfilment of the purpose pursued with the storage.

Database search flat fees

If you would like to make use of our database offer at a charge, statement of your personal data is necessary for the conclusion of the contract. We process the data stated by you for handling of the contract and of payments which are due within the framework of the use of our database offer at a charge.

For this, we can forward your payment data to the responsible federal treasury for the purpose of order and payment handling. The legal basis is Art. 6 para 1 page 1 letter b GDPR. On the basis of commercial and fiscal law requirements, we are obliged to store your address, payment and order data for a period of ten years.

Insofar as you use our search and capture applications, we will store your customer number to analyse and correct any errors that may arise. The log data will be deleted after 7 days. The legal basis is Art. 6 para 1 page 1 letter b GDPR.

German Register of Online Medicine Retailers

The register contains pharmacies and other medicine retailers, which are officially authorised for the mail order trade . The basis for the register is formed by § 43 subsection 1, 67 subsection 8, German Drug Law (AMG). No personal data are recorded in the register itself.

Your personal data which you have stated as the responsible clerk for the recording of pharmacies and other medicine retailers for the German Register of Online Medicine Retailers are exclusively used by us for communication within authorities. There is no storage and publication in the public Register of Online Medicine Retailers. The legal basis is Art. 6 para 1 page 1 letter a GDPR.

Your specified personal data are erased 10 years after (the report of the) expiry / (of the) invalidity of the pharmacies mail-order permission or deregistration of the other medicine retailers . You can object to processing of your personal data at any time by contact form at Online Retailers Register.

Health Care Data (DaTraV): application procedure

We exclusively need your transmitted personal data within the framework of the application procedure in order to process your application and to make the settlement according to the Fees Ordinance.

We forward your payment data to the responsible federal treasury for the handling of the commission and payment. We store your address and payment data for settlement according to the Fees Ordinance for a duration of ten years on the basis of commercial and fiscal law requirements. Your data in the application are archived for at least 10 years after the final processing of your application.

The legal basis is Art. 6 para 1 page 1 letter e GDPR in conjunction with §§ 303 a to 303 e Vol. V, German Social Code, and the Data Transparency Ordinance.

ICF projects (International Classification of Functioning, Disability and Health)

We store the personal data you have entered as the contact person for an ICF project registered on DIMDI in the form of the ICF project list on the DIMDI website. The legal basis is Art. 6 para 1 page 1 letter a GDPR.

The list is intended for communication between ICF users and is provided as an additional service to publish the German language translation of the ICF.

Your projects, including your personal data, on the DIMDI website will be deleted as soon as the data is no longer required for the purpose for which it was stored. You can object to the processing of your data at any time.

Iris Institute: SharePoint, version administration system (Git and subversion)

To apply for access to the SharePoint or other repositories, you must forward your contact data (name, e-mail) to us. The legal basis is Art. 6 subparagraph 1 sentence 1 lit. a GDPR.

Your personal data are exclusively stored for the purpose of registration. They are not forwarded to third parties.
You can withdraw your consent at any time by contact form to Iris Institute. In this case, your data and your user account are erased. If you leave the core group, your data and your user account are erased by DIMDI.

Newsletter

When you sign up for our newsletter, we implement the double-opt-in procedure: After your registration, we will send you an email to the email address you specified, in which we ask you to confirm your registration. Only after this confirmation will we store your email address to send the newsletter to you. The legal basis is Art. 6 para 1 page 1 letter a GDPR.

You can revoke your consent to the receipt of our newsletter at any time and unsubscribe from the newsletter. You can use the link provided in each newsletter email or use the form for subscription/unsubscription.

OID application

Your personal data entered in the OID application will be stored for registration purposes and will be published in the OID register on the DIMDI website. The legal basis is Art. 6 para 1 page 1 letter a GDPR. The register serves to publish the registry code of the German healthcare sector.

The publication of the OID entries in the DIMDI OID register is for an indefinite period. You can object to the processing of your personal data at any time. In this case, the OID entries are published without personal data.

Orders

  • Fee-based materials (e.g. ICF publication):
    If you would like to order fee-based materials, we require personal data to process your order and to conclude the contract. We may pass on your payment data on to the responsible federal treasury for the purpose of order and payment processing. The legal basis is Art. 6 para 1 page 1 letter b GDPR.
    Commercial and tax regulations oblige us to save your address, payment and order data for a period of ten years.
  • Free materials (e.g. flyers):
    We will need your postal address details if you wish to order free materials via our website, and we only use such personal data to process your order. The legal basis is Art. 6 para 1 page 1 letter a GDPR. Your data will not be forwarded to third parties.
    The personal data you transmit will be stored (and can be subsequently withdrawn) when you order and automatically deleted after a period of up to 3 months.

Proposal procedure for OPS and ICD-10-GM

We will store your proposals, including your personal data as referred to in the OPS and ICD-10-GM proposal procedure to process and forward such proposals to the parties involved (if applicable, self-governing partners and representatives of the professional associations and organisations or institutions established by statutory regulations for inpatient and outpatient quality assurance, members of the ICD working group and the OPS working group and other experts involved in the processing of the proposal). The legal basis is Art. 6 para 1 page 1 letter a GDPR.

We will post your suggestions, including the personal data you have submitted, on our website, insofar as you have granted your consent to do so. Otherwise, proposals will be published with no personal data. The publication serves to ensure transparency of the respective ongoing proceedings. We must also ensure that users of ICD-10-GM and OPS can access all the proposals beyond the actual procedure as a basis for future proposals and that interested parties can contact the persons who have submitted such proposals.

The publication of the proposals on the DIMDI website is for an indefinite period. Your proposals, including your personal information on our website, will be deleted once the data is no longer required for the purpose of the storage. You can object to the processing of your data at any time.

Sperm donors register

  • User accounts for EMV and EE:
    To register with DIMDI, institutions of medical provisions (EMV) and extraction institutions (EE) have to deposit personal contact data. The data are needed for the electronic reporting procedure for transmission of the personal data of recipients and donors to DIMDI. The legal basis for this is Art. 6 para 1 page 1 letter e GDPR (General Data Protection Regulation) in conjunction with §§ 2 and 5 Sperm Donors Registration Act (SaRegG).
    Personal contact data from EMV and EE are erased as soon as they are no longer necessary for fulfilment of the purpose pursued with the storage.
  • Applications for donors' children, parents of donors' children, recipients of the sperm donation and sperm donors:
    Alongside the purely informational use of our website, we offer further services such as applications for donors' children, parents of donors' children, recipients of the sperm donation and sperm donors. We exclusively use the personal data transmitted in this context in order to process your application. The legal basis for this is Art. 6 para 1 page 1 letter e GDPR in conjunction with §§ 2 und 5 SaRegG.
    Your personal data transmitted for this purpose are erased as soon as the data are no longer necessary for fulfilment of the application.  
    You can object to the processing of your contact data at any time by contact form to Sperm Donors Register.

Changes to this data privacy declaration

DIMDI reserves the right to occasionally amend this data privacy declaration to adapt to current circumstances. We therefore recommend that you consult our data privacy declaration regularly.


Source for the template for this data privacy declaration

Extracts from the: Formularhandbuch Datenschutzrecht (Form Handbook Data Protection Law), Koreng/Lachenmann/Editor, publisher C.H. Beck, 2nd edition 2018.