Information on the collection of personal data when you use our website

Personal data is any information, that can be specifically attributed to you, e.g. name, address, email addresses, user behaviour.

The responsible person in accordance with Art. 4 para 7 of the EU General Data Processing Regulation (GDPR) is DIMDI, Waisenhausgasse 36-38a, 50676 Cologne, represented by the director, Dr. Dietrich Kaiser. You can contact our data protection officer at Data Protection or via our postal address by addressing your communication to "The Data Protection Officer".

If you contact us by email or using a contact form, we will store the information you provide (your email address, name and telephone number, if applicable) to process your request. We will delete such data after a specific period of time when storage is no longer required or will limit the processing in the event of legal storage obligations.

We will notify you if we commission service providers to carry out specific processes in our offer. Details and the specific storage period criteria are stipulated in point "Functions and offers on our website".

Your rights

You have the following rights with respect to your personal data:

  • Right to information
  • Right to rectification or deletion
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability

You also have the right to appeal to a data protection supervisory authority regarding how we process your personal information.

Visiting our website

In the case of purely informative use of our website, i.e. if you do not register or otherwise provide us with information, we will only collect the data transmitted by your browser to our server. If you wish to view our website, we collect the following data that is technically necessary for us to display our website and to ensure stability and security:

  • Browser type and version
  • Operating system used
  • Website from which you arrived on our site (Referrer URL)
  • Pages and files accessed on our site
  • Where appropriate, the website you visited after our site (by clicking an external link on our website)
  • Date and time of access
  • IP address, anonymised in truncated form

In addition to the above data, cookies are also stored on your computer when you use our website.
Cookies are small text files that are stored on your computer when you access specific pages or functions. They cannot be assigned to individuals and do not contain personal information. Cookies do not harm your computer and do not contain viruses.
You can generally use DIMDI's Internet offer without accepting cookies. However, we use session cookies for our search applications and special pages (for example in the download area or when logging into restricted areas) to facilitate your use of the site. These temporary cookies are automatically removed from your computer after the browser session has finished. You can continue to use our search applications even if you disable the storage of cookies.
You can configure your browser settings to prevent cookies from being stored on your computer. For details, please refer to the relevant instructions for your browser.

Objection or withdrawal of consent regarding the processing of your data

You can withdraw your consent to the processing of your data at any time. Such revocation will affect the legitimacy of the processing of your personal data after you have declared such revocation.

You can object to processing insofar as we base the processing of your personal data on a balance of interests. This applies in particular if processing is not required to fulfil a contract with you, as stipulated in the following description of the functions and offers on our website. In the event of an objection, please explain why we should not process your personal information as we have done. We will then review the situation and will either cease processing, modify the data processing or set out our compelling legitimate reasons for continuing to process your data.

Functions and offers on our website

We offer further services in addition to the purely informational use of our website. To do this, we typically require additional personal information that is subject to the aforementioned principles of data processing.

We use external service providers to process your data, and these third parties are bound by our instructions and are subject to regular checks.

We do not transfer your personal data to third parties for commercial purposes, and only in a few cases do we forward your personal data to such third parties. You will receive more information when entering your personal data, and below in the description of the offer.

Newsletter

When you sign up for our newsletter, we implement the double-opt-in procedure: After your registration, we will send you an email to the email address you specified, in which we ask you to confirm your registration. Only after this confirmation will we store your email address to send the newsletter to you. The legal basis is Art. 6 para 1 page 1 letter a GDPR.

You can revoke your consent to the receipt of our newsletter at any time and unsubscribe from the newsletter. You can use the link provided in each newsletter email or use the form to sign up.

Orders

  • Free materials (e.g. flyers):
    We will need your postal address details if you wish to order free materials via our website, and we only use such personal data to process your order. The legal basis is Art. 6 para 1 page 1 letter a GDPR. Your data will not be forwarded to third parties.
    The personal data you transmit will be stored (and can be subsequently withdrawn) when you order and automatically deleted after a period of up to 3 months.
  • Fee-based materials (e.g. ICF (International Classification of Functioning, Disability and Health) publication):
    If you would like to order fee-based materials, we require personal data to process your order and to conclude the contract. We may pass on your payment data on to the responsible federal treasury for the purpose of order and payment processing. The legal basis is Art. 6 para 1 page 1 letter b GDPR.
    Commercial and tax regulations oblige us to save your address, payment and order data for a period of ten years.

ICF projects (International Classification of Functioning, Disability and Health)

We store the personal data you have entered as the contact person for an ICF project registered on DIMDI in the form of the ICF project list on the DIMDI website. The legal basis is Art. 6 para 1 page 1 letter a GDPR.

The list is intended for communication between ICF users and is provided as an additional service to publish the German language translation of the ICF.

Your projects, including your personal data, on the DIMDI website will be deleted as soon as the data is no longer required for the purpose for which it was stored. You can object to the processing of your data at any time.

Iris Institute: SharePoint, version administration system (Git and subversion)

To apply for access to the SharePoint or other repositories, you must forward your contact data (name, e-mail) to us. The legal basis is Art. 6 subparagraph 1 sentence 1 lit. a GDPR.

Your personal data are exclusively stored for the purpose of registration. They are not forwarded to third parties.
You can withdraw your consent at any time by e-mail to Iris Institute. In this case, your data and your user account are erased.
If you leave the core group, your data and your user account are erased by DIMDI.

OID initial application/amendment

Your personal data entered in the OID application will be stored for registration purposes and will be published in the OID register on the DIMDI website. The legal basis is Art. 6 para 1 page 1 letter a GDPR. The register serves to publish the registry code of the German healthcare sector.

The publication of the OID entries in the DIMDI OID register is for an indefinite period. You can object to the processing of your personal data at any time. In this case, the OID entries are published without personal data.

German Register of Online Medicine Retailers

The register contains pharmacies and other medicine retailers, which are officially authorised for the mail order trade . The basis for the register is formed by § 43 subsection 1, 67 subsection 8, German Drug Law (AMG). No personal data are recorded in the register itself.

Your personal data which you have stated as the responsible clerk for the recording of pharmacies and other medicine retailers for the German Register of Online Medicine Retailers are exclusively used by us for communication within authorities. There is no storage and publication in the public Register of Online Medicine Retailers. The legal basis is Art. 6 para 1 page 1 letter a GDPR.

Your specified personal data are erased 10 years after (the report of the) expiry / (of the) invalidity of the pharmacies mail-order permission or deregistration of the other medicine retailers . You can object to processing of your personal data at any time by e-mail at versandhandel@dimdi.de.

Proposal procedure for the maintenance of OPS and ICD-10-GM

We will store your proposals, including your personal data as referred to in the OPS and ICD-10-GM proposal procedure to process and forward such proposals to the parties involved (if applicable, self-governing partners and representatives of the professional associations and organisations or institutions established by statutory regulations for inpatient and outpatient quality assurance, members of the ICD working group and the OPS working group and other experts involved in the processing of the proposal). The legal basis is Art. 6 para 1 page 1 letter a GDPR.

We will post your suggestions, including the personal data you have submitted, on our website, insofar as you have granted your consent to do so. Otherwise, proposals will be published with no personal data. The publication serves to ensure transparency of the respective ongoing proceedings. We must also ensure that users of ICD-10-GM and OPS can access all the proposals beyond the actual procedure as a basis for future proposals and that interested parties can contact the persons who have submitted such proposals.

The publication of the proposals on the DIMDI website is for an indefinite period. Your proposals, including your personal information on our website, will be deleted once the data is no longer required for the purpose of the storage. You can object to the processing of your data at any time.

Search and capture applications

Insofar as you use our search and capture applications, we will store your customer number for premium access to analyse and correct any errors that may arise. The log data will be deleted after 7 days. The legal basis is Art. 6 para 1 page 1 letter b GDPR.

Flat fees for database search

If you would like to make use of our database offer at a charge, statement of your personal data is necessary for the conclusion of the contract. We process the data stated by you for handling of the contract and of payments which are due within the framework of the use of our database offer at a charge.

For this, we can forward your payment data to the responsible federal treasury for the purpose of order and payment handling. The legal basis is Art. 6 para 1 page 1 letter b GDPR.
On the basis of commercial and fiscal law requirements, we are obliged to store your address, payment and order data for a period of ten years.

Insofar as you use our search and capture applications, we will store your customer number to analyse and correct any errors that may arise. The log data will be deleted after 7 days. The legal basis is Art. 6 para 1 page 1 letter b GDPR.

Changes to this data privacy declaration

DIMDI reserves the right to occasionally amend this data privacy declaration to adapt to current circumstances. We therefore recommend that you consult our data privacy declaration regularly.


Source for the template for this data privacy declaration

Extracts from the: Formularhandbuch Datenschutzrecht (Form Handbook Data Protection Law), Koreng/Lachenmann/Editor, publisher C.H. Beck, 2nd edition 2018.