Information on the collection of personal data when you use our website

Personal data is any information, that can be specifically attributed to you, e.g. name, address, email addresses, user behaviour.

The responsible person in accordance with Art. 4 para 7 of the EU General Data Protection Regulation (GDPR) is DIMDI, Waisenhausgasse 36-38a, 50676 Cologne, represented by the director, Dr. Dietrich Kaiser. You can contact our data protection officer at Data Protection or via our postal address by addressing your communication to "The Data Protection Officer".

If you contact us by email or using a contact form, we will store the information you provide (your email address, name and telephone number, if applicable) to process your request. We will delete such data after a specific period of time when storage is no longer required or will limit the processing in the event of legal storage obligations.

We will notify you if we commission service providers to carry out specific processes in our offer. Details and the specific storage period criteria are stipulated in point "Functions and offers on our website".

Your rights

You have the following rights with respect to your personal data:

  • Right to information
  • Right to rectification or deletion
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability

You also have the right to appeal to a data protection supervisory authority regarding how we process your personal information.

Visiting our website

In the case of purely informative use of our website, i.e. if you do not register or otherwise provide us with information, we will only collect the data transmitted by your browser to our server. If you wish to view our website, we collect the following data that is technically necessary for us to display our website and to ensure stability and security:

  • Browser type and version
  • Operating system used
  • Website from which you arrived on our site (Referrer URL)
  • Pages and files accessed on our site
  • Where appropriate, the website you visited after our site (by clicking an external link on our website)
  • Date and time of access
  • IP address, anonymised in truncated form

In addition to the above data, cookies are also stored on your computer when you use our website.
Cookies are small text files that are stored on your computer when you access specific pages or functions. They cannot be assigned to individuals and do not contain personal information. Cookies do not harm your computer and do not contain viruses.
You can generally use DIMDI's Internet offer without accepting cookies. However, we use session cookies for our search applications and special pages (for example in the download area or when logging into restricted areas) to facilitate your use of the site. These temporary cookies are automatically removed from your computer after the browser session has finished. You can continue to use our search applications even if you disable the storage of cookies.
You can configure your browser settings to prevent cookies from being stored on your computer. For details, please refer to the relevant instructions for your browser.

Objection or withdrawal of consent regarding the processing of your data

You can withdraw your consent to the processing of your data at any time. Such revocation will affect the legitimacy of the processing of your personal data after you have declared such revocation.

You can object to processing insofar as we base the processing of your personal data on a balance of interests. This applies in particular if processing is not required to fulfil a contract with you, as stipulated in the following description of the functions and offers on our website. In the event of an objection, please explain why we should not process your personal information as we have done. We will then review the situation and will either cease processing, modify the data processing or set out our compelling legitimate reasons for continuing to process your data.

Functions and offers on our website

We offer further services in addition to the purely informational use of our website. To do this, we typically require additional personal information that is subject to the aforementioned principles of data processing.

We use external service providers to process your data, and these third parties are bound by our instructions and are subject to regular checks.

We do not transfer your personal data to third parties for commercial purposes, and only in a few cases do we forward your personal data to such third parties. You will receive more information when entering your personal data, and below in the description of the offer.

AMIS for the federal states and AMIS for enclosed groups of users

The competent senior federal authorities BfArM, BVL and PEI transmit your personal data (name) stated as part of the registration information for drugs as Qualified Person, Graduated Plan Representative or information representative to us.

Your personal data are available to the BMG and its subordinate institutes and also the drug monitoring authorities and the examination offices of the federal states in the "AMIS for the federal states".

By providing the data, DIMDI enables monitoring of the dealings with drugs by the competent state authorities and thus fulfils its statutory commission formulated in § 67a AMG. The legal basis for this is Art. 6 para 1 page 1 letter c GDPR.

Your personal data are erased no later than 15 years after the end of the marketability of the drug in question.

ATC/DDD

Once a year, the official version of the ATC classification including DDD information is issued according to § 73 subparagraph 8 sentences 5 and 6, Vol. V of the German Social Code. It is processed by the (AG) ATC/DDD work group, which members are appointed by the Federal Ministry of Health (BMG).

Your personal data stated as a member of the work group are exclusively used by us for internal communication. In some cases, documents with personal data, e.g. names and addresses of contacts with the pharmaceutical enterprises, expert analysts etc., are enclosed with the applications by the pharmaceutical associations or pharmaceutical enterprises. All these documents are exclusively used by us within the framework of the processing of the application in question. The legal basis is Art. 6 para 1 page 1 letter c GDPR.

The work group distribution list with names, addresses, e-mail addresses and telephone numbers of the work group members is forwarded upon request to the WIdO (AOK Research Institute), which is a member of the work group and which has a contract for works with DIMDI relating to the adaptation of the international ATC classification to the peculiarities of the German medication market.

The data are erased as soon as they are no longer necessary for achievement of the purpose of their collection.

Courses and events

  • Courses and events at a charge:
    For registration, we need your address and contact data. We use the data solely for making contact and processing the booking and, if applicable, for name tags, confirmations of attendance, lists of attendees or certificates.
    We also need your data in processing commissions and payments, for which purpose we forward your payment data to the responsible federal treasury.
    The legal basis of this is Art. 6 para 1 page 1 letter b GDPR. On the basis of commercial and fiscal law directives, we are obliged to store your address and payment data for a duration of ten years.
  • Courses and events free of charge:
    For registration, we need your address and contact data. We use the data solely for making contact and processing the booking and, if applicable, for name tags, confirmations of attendance, lists of attendees or certificates.
    The legal basis of this is Art. 6 para 1 page 1 letter a or e GDPR. Your personal data are erased as soon as the data are no longer necessary for fulfilment of the purpose pursued with the storage.

Database search flat fees

If you would like to make use of our database offer at a charge, statement of your personal data is necessary for the conclusion of the contract. We process the data stated by you for handling of the contract and of payments which are due within the framework of the use of our database offer at a charge.

For this, we can forward your payment data to the responsible federal treasury for the purpose of order and payment handling. The legal basis is Art. 6 para 1 page 1 letter b GDPR. On the basis of commercial and fiscal law requirements, we are obliged to store your address, payment and order data for a period of ten years.

Insofar as you use our search and capture applications, we will store your customer number to analyse and correct any errors that may arise. The log data will be deleted after 7 days. The legal basis is Art. 6 para 1 page 1 letter b GDPR.

DRKS (German Clinical Trials Register)

  • Registration of clinical trials
    Personal contact information stored in the address fields for the registration of clinical trials in the DRKS is required for WHO-compliant registration. We publish this contact information on the website of the DRKS, the primary registry for Germany recognised by the WHO. The data is used for correspondence e.g. for medical and scientific representatives and for patients. The legal basis is Art. 6 para 1 page 1 letter f GDPR. As a WHO primary registry, we are required to share all data, including personal information, with the WHO International Clinical Trials Registry Platform.
    Personal contact data on the websites of the DRKS are deleted when they cease to be required for the purpose for which such data was stored. You can object to the processing of your contact data by email at any time via email to kontakt-drks@dimdi.de.
  • User accounts for the registration of clinical trials
    You must enter personal data, a password of your choice and username you select to register clinical trials in the DRKS. We implement the double-opt-in procedure for registration, whereby your registration is only complete once you have confirmed your registration by clicking the link in the confirmation email sent to you for this purpose.
    Your personal data serves to enable us to correspond with you. This data will not be disclosed to third parties nor will it be visible to third parties. The legal basis is Art. 6 para 1 page 1 letter a GDPR.

German Register of Online Medicine Retailers

This register contains pharmacies and other medicine retailers who are officially authorised to sell drugs for human use via the internet. The legal basis for the register is formed by §§ 43 subsection 1 and 67 subsection 8 of the German Drug Law (AMG). No personal data are recorded in the register itself.

Your personal data which you state as the responsible clerk for the recording of pharmacies and other traders for the German Register of Online Medicine Retailers are exclusively used by us for the documentation of the registration. They are not published in the public mail-order trade register. The legal basis is Art. 6 para 1 page 1 letter c GDPR.

The data are erased as soon as they are no longer necessary for achievement of the purpose of their collection.

Health Care Data (DaTraV): application procedure

We exclusively need your transmitted personal data within the framework of the application procedure in order to process your application and to make the settlement according to the Fees Ordinance.

We forward your payment data to the responsible federal treasury for the handling of the commission and payment. We store your address and payment data for settlement according to the Fees Ordinance for a duration of ten years on the basis of commercial and fiscal law requirements. Your data in the application are archived for at least 10 years after the final processing of your application.

The legal basis is Art. 6 para 1 page 1 letter e GDPR in conjunction with §§ 303 a to 303 e Vol. V, German Social Code, and the Data Transparency Ordinance.

HTA reports

Your personal data (name, email address, CV, bank account details) which you have stated in the production of an HTA report or an analysis for an HTA report are needed for the future issue of an HTA report or for order and payment handling. The legal basis for this is Art. 6 para 1 page 1 letter b GDPR.

We forward your payment data for handling the order and payment to the competent federal treasury. On the basis of commercial and fiscal law requirements, we are obliged to store your address and payment data for the duration of ten years.

Publication of the personal data (name) which you have provided in an HTA report is for an unlimited period of time.

ICF projects (International Classification of Functioning, Disability and Health)

We store the personal data you have entered as the contact person for an ICF project registered on DIMDI in the form of the ICF project list on the DIMDI website. The legal basis is Art. 6 para 1 page 1 letter a GDPR.

The list is intended for communication between ICF users and is provided as an additional service to publish the German language translation of the ICF.

Your projects, including your personal data, on the DIMDI website will be deleted as soon as the data is no longer required for the purpose for which it was stored. You can object to the processing of your data at any time.

Iris Institute: SharePoint, version administration system (Git and subversion)

To apply for access to the SharePoint or other repositories, you must forward your contact data (name, e-mail) to us. The legal basis is Art. 6 subparagraph 1 sentence 1 lit. a GDPR.

Your personal data are exclusively stored for the purpose of registration. They are not forwarded to third parties.
You can withdraw your consent at any time by contact form to Iris Institute. In this case, your data and your user account are erased. If you leave the core group, your data and your user account are erased by DIMDI.

Newsletter

When you sign up for our newsletter, we implement the double-opt-in procedure: After your registration, we will send you an email to the email address you specified, in which we ask you to confirm your registration. Only after this confirmation will we store your email address to send the newsletter to you. The legal basis is Art. 6 para 1 page 1 letter a GDPR.

You can revoke your consent to the receipt of our newsletter at any time and unsubscribe from the newsletter. You can use the link provided in each newsletter email or use the form for subscription/unsubscription.

OID application

Your personal data entered in the OID application will be stored for registration purposes and will be published in the OID register on the DIMDI website. The legal basis is Art. 6 para 1 page 1 letter a GDPR. The register serves to publish the registry code of the German healthcare sector.

The publication of the OID entries in the DIMDI OID register is for an indefinite period. You can object to the processing of your personal data at any time. In this case, the OID entries are published without personal data.

Orders

  • Fee-based materials (e.g. ICF publication):
    If you would like to order fee-based materials, we require personal data to process your order and to conclude the contract. We may pass on your payment data on to the responsible federal treasury for the purpose of order and payment processing. The legal basis is Art. 6 para 1 page 1 letter b GDPR.
    Commercial and tax regulations oblige us to save your address, payment and order data for a period of ten years.
  • Free materials (e.g. flyers):
    We will need your postal address details if you wish to order free materials via our website, and we only use such personal data to process your order. The legal basis is Art. 6 para 1 page 1 letter a GDPR. Your data will not be forwarded to third parties.
    The personal data you transmit will be stored (and can be subsequently withdrawn) when you order and automatically deleted after a period of up to 3 months.

Packaging Size Ordinance

Within various workflows, the work group (AG) processes ATC/DDD requests serving fulfilment of the statutory task according to § 5 Packaging Ordinance and § 73 subsection 8 sentence 5, Vol. V of the German Social Code, with the objective of fixing indices for standardised packaging sizes and, if necessary, amending them and thus facilitating the exchange of medications with identical packaging size identifications.

Your personal data stated as a member of the work group are exclusively used by us for internal communication. In some cases, documents with personal data, e.g. names and addresses of contacts with the pharmaceutical enterprises, expert analysts etc., are enclosed with the applications by the pharmaceutical associations or pharmaceutical enterprises. All these documents are exclusively used by us within the framework of the processing of the application in question. The legal basis is Art. 6 para 1 page 1 letter c GDPR.

The work group distribution list with names, addresses, e-mail addresses and telephone numbers of the work group members is forwarded upon request to the WIdO (AOK Research Institute), which is a member of the work group and which has a contract for works with DIMDI.

The data are erased as soon as they are no longer necessary for achievement of the purpose of their collection.

Proposal procedure for OPS and ICD-10-GM

We will store your proposals, including your personal data as referred to in the OPS and ICD-10-GM proposal procedure to process and forward such proposals to the parties involved (if applicable, self-governing partners and representatives of the professional associations and organisations or institutions established by statutory regulations for inpatient and outpatient quality assurance, members of the ICD working group and the OPS working group and other experts involved in the processing of the proposal). The legal basis is Art. 6 para 1 page 1 letter a GDPR.

We will post your suggestions, including the personal data you have submitted, on our website, insofar as you have granted your consent to do so. Otherwise, proposals will be published with no personal data. The publication serves to ensure transparency of the respective ongoing proceedings. We must also ensure that users of ICD-10-GM and OPS can access all the proposals beyond the actual procedure as a basis for future proposals and that interested parties can contact the persons who have submitted such proposals.

The publication of the proposals on the DIMDI website is for an indefinite period. Your proposals, including your personal information on our website, will be deleted once the data is no longer required for the purpose of the storage. You can object to the processing of your data at any time.

Sperm donors register

  • User accounts for EMV and EE:
    To register with DIMDI, institutions of medical provisions (EMV) and extraction institutions (EE) have to deposit personal contact data. The data are needed for the electronic reporting procedure for transmission of the personal data of recipients and donors to DIMDI. The legal basis for this is Art. 6 para 1 page 1 letter e GDPR (General Data Protection Regulation) in conjunction with §§ 2 and 5 Sperm Donors Registration Act (SaRegG).
    Personal contact data from EMV and EE are erased as soon as they are no longer necessary for fulfilment of the purpose pursued with the storage.
  • Applications for donors' children, parents of donors' children, recipients of the sperm donation and sperm donors:
    Alongside the purely informational use of our website, we offer further services such as applications for donors' children, parents of donors' children, recipients of the sperm donation and sperm donors. We exclusively use the personal data transmitted in this context in order to process your application. The legal basis for this is Art. 6 para 1 page 1 letter e GDPR in conjunction with §§ 2 und 5 SaRegG.
    Your personal data transmitted for this purpose are erased as soon as the data are no longer necessary for fulfilment of the application.  
    You can object to the processing of your contact data at any time by contact form to Sperm Donors Register.

Changes to this data privacy declaration

DIMDI reserves the right to occasionally amend this data privacy declaration to adapt to current circumstances. We therefore recommend that you consult our data privacy declaration regularly.


Source for the template for this data privacy declaration

Extracts from the: Formularhandbuch Datenschutzrecht (Form Handbook Data Protection Law), Koreng/Lachenmann/Editor, publisher C.H. Beck, 2nd edition 2018.