Privacy Policy

Please note: This is a shortened version and translation of the privacy policy on the German main website of the DGFG.

Below, in accordance with article 13 and 14 DSGVO, we provide you with an informative and simple overview of what we do with your personal data when you visit our website or receive information from DGFG.

Asking for your consent is regulated by Art. 6 Abs. 1 lit. a and Art. 7 DSGVO,
legal basis for processing your data for the performance of a contract with you or in order to take steps at a request of yours is Art. 6 Abs. 1 lit. b DSGVO,
legal basis for processing your data for compliance with a legal obligation to which we are subject is Art. 6 Abs. 1 lit. c DSGVO,
legal basis for the processing of your data for the purposes of the legitimate interests pursued by us or by a third party is Art. 6 Abs. 1 lit. f DSGVO.
6 Abs. 1 lit. d DSGVO serves as legal basis to process your data in order to protect your vital interests or of another natural person.

If you have any questions concerning our privacy policy, do not hesitate to contact us via e-mail at datenschutz@gewebenetzwerk.de.

1. Privacy Policy at DGFG

As the operator of this website DGFG takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy. We collect, process and use your personal data only to the extent permitted by the law to inform about tissue donation, the DGFG network and for the purpose of contacting you.

If you use the contact form on our website, your data will be transmitted to us in an encrypted form in order to prevent access by unauthorized third parties. In general, we store your data on specially protected servers. Access to personal data is only possible through our employees who are familiar with the relevant data protection regulations. Other data is automatically collected by our IT systems as soon as you enter our website.

Our website contains links to websites of third parties (“external links”). As the content of these websites is not under our control, we cannot assume any liability for such external content. In all cases, the providers of the information of the linked websites are liable for the content and accuracy of the information provided. At the point in time when the links were created, no infringements of the law were recognizable to us. As soon as an infringement of the law becomes known to us, we will immediately remove the link in question.

Please note that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.

1.1. Responsible authority

Responsible for the data processing on this website:

Deutsche Gesellschaft für Gewebetransplantation – gemeinnützige Gesellschaft mbH
Feodor-Lynen-Straße 21
30625 Hannover

tel. +49 511 563 559 30
fax +49 511 563 559 55
e-mail: info@gewebenetzwerk.de

Representative: Martin Börgel

The responsible authority is the natural or legal person who alone, or together with others, decides upon the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

1.1.1 Contact data protection officer

Sarah Jensen

List + Lohr Datenschutz und Informationssicherheit GmbH
Garvensstraße 4
30519 Hannover
Sarah.jensen@list-lohr.de

1.2. Right of information, withdrawal and deletion of data

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to have your data corrected, blocked or deleted. Many data management processes are only possible with your explicit consent. You can revoke your consent at any time. All you need to do is to send an informal e-mail to datenschutz@gewebenetzwerk.de. The legality of data processing already carried out remains unaffected until revocation.

1.3. Right of appeal to the competent supervisory authority

In case of a privacy policy violation, the person concerned has the right to appeal to the responsible supervisory authority. The responsible supervisory authority for data protection issues is the Data Protection Officer of the Federal State in which DGFG is registered:
Federal Data Protection Officer of Lower Saxony, Prinzenstraße 5, 30159 Hannover, Tel.: +49 511 120 4500, e-mail: poststelle@lfd.niedersachen.de

1.4. Right of data portability

You have the right to have data, which we process automatically based on your consent or in fulfilment of a contract, handed over to you or to a third party in a common, machine-readable format.

1.5. SSL- or TLS-encryption

For security reasons we use SSL or TLS encryption on this website to protect the transmission of confidential content, such as orders or requests through the contact forms. If SSL or TLS encryption is activated, your transmitted data cannot be read by third parties.

2. Collection & scope of the processing of personal data

You can visit our website without providing any personal information. We only store access data without personal reference, such as the name of your Internet service provider, the page from which you visit us or the name of the requested file. This data is analyzed exclusively to improve our offer and does not allow any conclusions to be drawn about your person.

The personal data of users, i.e. interested parties and visitors to our online offering, processed in the context of this online offering includes first and last name, zip code, city, e-mail address, telephone and IP address.
We only process users’ personal data in compliance with the relevant data protection regulations. This means that user data is only processed if we have legal permission to do so. This means, in particular, if the data processing is necessary for the provision of our contractual services (e.g. processing of inquiries) and online services or is required by law, if the user has given their consent, as well as on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR, in particular when measuring reach and collecting access data and using the services of third-party providers.

2.1 Server-Log-Data

The hosting service of this website automatically collects and stores information in so-called server log files. Your browser transmits this data to this server as soon as you enter our website. This data is not combined with other data sources. After 7 days, the IP addresses of the callers in the log files will be anonymized with an ‚x‘.

2.2 Forms

On our website you can contact us in relation to various topics. For example, general enquiries about tissue donation and transplantation or specific questions about our work. The data you enter in our general contact form will be stored with us for a maximum of 10 years, so that we are able to fulfill the purpose of processing your request and contact you for follow-up questions. We will not pass on your data without your consent. You can revoke your consent to the storage of your data at any time. Please send us an e-mail to datenschutz@gewebenetzwerk.de. The legality of data processing already carried out remains unaffected until revocation.

2.3 Donation tool of the Bank für Sozialwirtschaft

On our website, we offer you the opportunity to make online donations. If you use this option, the data entered in the corresponding form will be transmitted to us and stored. The form is provided by Bank für Sozialwirtschaft AG (“BFS”). The data entered will therefore be forwarded directly to BFS and the technical service providers used by BFS to provide the form via an encrypted SSL connection in order to execute the donation order. The data will not be passed on to any other third parties. The following data is collected with the form:

Full name (surname, first name) with form of address (optional title and company name);
address (street, house number, town, zip code, country);
e-mail address; bank details (IBAN);
donation details (donation recipient, amount, donation/reference, donation receipt requested)
Additionally for credit card donations: card type, card number, CVV/CVC verification number, credit card validity period

If a donation receipt is requested, we process the data in order to issue and send a corresponding donation receipt.

The data collected is required to complete and execute the donation order. The user’s e-mail address is required to confirm receipt of the donation order. The data is not used for any other purposes. The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.

At the time the form is sent, the user’s IP address is also stored. We use the IP address to prevent misuse of the donation form. The IP address is used for the purpose of fraud prevention and to prevent unauthorized transactions to the detriment of third parties. The legal basis for processing the IP address is Art. 6 para. 1 lit. f GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of bank data, this is the case immediately after collection of the donation amount. The address data will be stored after any requested creation and sending of a donation receipt, as will all other data entered within the scope of tax retention obligations, but will be blocked for any other use. The additional IP address collected during the sending process will be deleted after a period of seven days at the latest.

You have the option to object to the processing of your data at any time. However, please note that if you object, the donation order can no longer be carried out as requested.

2.4 Cookies

Cookies are pieces of information that are transferred from our web server or third-party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage. Users are informed about the use of cookies in the context of pseudonymous reach measurement as part of this privacy policy.

Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data and IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

If you do not want cookies to be stored on your computer, you will be asked to deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer. You can object to the use of cookies that are used to measure reach via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Chrome:http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Microsoft Edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: https://help.opera.com/de/latest/web-preferences/

2.4.1 Matomo

Matomo (without Cookies): Matomo is a data protection-friendly web analysis software that is used without cookies and in which returning users are recognized with the help of a so-called “digital fingerprint”, which is stored anonymously and changed every 24 hours; With the “digital fingerprint”, user movements within our online offer are recorded with the help of pseudonymized IP addresses in combination with user-side browser settings in such a way that it is not possible to draw conclusions about the identity of individual users. The user data collected through the use of Matomo is only processed by us and is not shared with third parties; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);Website: https://matomo.org/.

Opt-out abgeschlossen; Ihre Besuche auf dieser Webseite werden nicht vom Webanalysetool erfasst. Bitte beachten Sie, dass auch der Matomo-Deaktivierungs-Cookie dieser Webseite gelöscht wird, wenn Sie die in Ihrem Browser abgelegten Cookies entfernen. Außerdem müssen Sie, wenn Sie einen anderen Computer oder einen anderen Webbrowser verwenden, die Deaktivierungsprozedur nochmals absolvieren.

Sie haben die Möglichkeit zu verhindern, dass von Ihnen hier getätigte Aktionen analysiert und verknüpft werden. Dies wird Ihre Privatsphäre schützen, aber wird auch den Besitzer daran hindern, aus Ihren Aktionen zu lernen und die Bedienbarkeit für Sie und andere Benutzer zu verbessern.


        
        
        Ihr Besuch dieser Webseite wird aktuell von der Matomo Webanalyse erfasst. Diese Checkbox abwählen für Opt-Out.
		Ihr Besuch dieser Webseite wird aktuell von der Matomo Webanalyse nicht erfasst. Diese Checkbox aktivieren für Opt-In.
        Die Tracking opt-out Funktion benötigt aktivierte Cookies.

2.4.2 Youtube

We integrate videos from the “YouTube” platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

The integration of videos from YouTube takes place in extended data protection mode. This means that the videos are not loaded from the youtube.com domain, but from youtube-nocookie.com.

2.5 Social Media

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us. To stay up to date, you can mark our company pages with a “Like”/“Follow”/“Subscribe”. If you mark your participation in one of our events on Facebook, this data is not automatically transmitted to company resources. We do not collect any personal data from you automatically or manually via the platforms. The “Donate” button will take you to our page with the BFS online donation form. This page is not linked to the Facebook donation campaigns. No data is transferred to Facebook here. When creating a fundraising campaign via Facebook, Facebook provides the DGFG with the donor’s first and last name, the donation amount and the donor’s email address (if provided) in a transaction report. This data is not stored or processed by the DGFG. If you contact us via the chat function on Facebook, we will process your information for the purpose of communicating with you. The basis for data processing is your voluntary transmission of the data in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights.

Furthermore, user data is generally processed within social networks for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are generally stored on the user’s computer, in which the user’s usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Processed data types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time data, identification numbers, consent status).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of Processing: Contact requests and communication; Feedback (e.g. collecting feedback via online form); Marketing.
Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing operations, procedures and services:

Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
Facebook pages: Profiles within the social network Facebook – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called “fan page”). This data includes information about the types of content users view or interact with, or the actions they take (see “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under “Device information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, known as “Page Insights”, for page operators to help them understand how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook (“Information on Page Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Information on Page Insights”(https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Basis for third country transfers: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum); Further information: Agreement on joint controllership: https://www.facebook.com/legal/terms/information_about_page_insights_data. The joint controllership is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.)
LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data processing agreement: https://legal.linkedin.com/dpa; Basis for third country transfers: Standard Contractual Clauses (https://legal.linkedin.com/dpa); Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Privacy Policy: https://policies.google.com/privacy; Basis for third country transfer: EU-US Data Privacy Framework (DPF); Opt-Out: https://adssettings.google.com/authenticated.

2.6 Data protection for applications and in the application process

The controller collects and processes the personal data of applicants for the purposes of the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents to the controller by electronic means. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be deleted no later than six months after notification of the rejection decision, provided that no other legitimate interests of the controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

We use the HRworks software solution from the provider HRworks GmbH, Waldkircher Str. 28, 79106 Freiburg for the application process as part of data protection order processing in accordance with Art. 28 GDPR. The HRworks privacy policy can be found at: https://www.hrworks.de/unternehmen/datenschutz/

As part of the maintenance and training of the software system, HRworks GmbH may obtain knowledge of your personal data, which is why we have concluded a data processing agreement (DPA) for the use of the service.

This is a contract which is prescribed by data protection law and which ensures that HRworks GmbH processes the personal data of our applicants only in accordance with our instructions and in compliance with the GDPR.

2.7 Monetary donations

If we receive monetary donations via our website or by other means for which a donation receipt is expressly requested and for this reason a complete address is given, we store this data in a database for the purpose of issuing a donation receipt. The address data is used to create the donation receipt. Furthermore, we inform the persons on this mailing list at regular intervals about the DGFG’s donation-financed projects and donation purposes. You can unsubscribe from this mailing list at any time by telephone, post or e-mail to Corporate Communications. The data will then be deleted immediately. This data will not be passed on to third parties and will only be processed by the relevant department.

Contact us
German Society for Tissue Transplantation gGmbH
Corporate Communications
Feodor-Lynen-Str. 21
30625 Hanover
presse@gewebenetzwerk.de

3. Hosting IONOS

We host our website with IONOS SE. The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter: IONOS). When you visit our website, IONOS collects various log files including your IP addresses. Details can be found in the IONOS privacy policy: https://www.ionos.de/terms-gtc/terms-privacy

IONOS is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Order processing:

We have concluded an order processing contract (AVV) with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

4. Validity and up-to-dateness

Due to the implementation of new technologies, the constant adaptation and further development of data protection and, in particular, changes to the legal basis, it may become necessary to amend this privacy policy. The controller therefore reserves the right to amend the privacy policy at any time with effect for the future. We recommend that you read the data protection declaration from time to time and take a printout or copy for your records.