Data Policy

Data protection declaration e-Learning courses and face-to-face courses in the area of Quality Improvement and Social Protection

Data protection declaration for participants of the e-Learning courses and face-to-face courses in the area of Quality Improvement and Social Protection in cooperation between Heidelberg Institute of Global Health and evaplan at the University Hospital Heidelberg for the storage and use of personal data by the registration on the platform, entering the courses platform and participation in online trainings through the Big Blue Button (BBB) platform for videoconferences of the courses. 

As the protection of personal data is very important to us, we will tell you here which of your personal data is stored and what it is used for. 

evaplan GmbH am Universitätsklinikum Heidelberg
PD Dr. med. Svetla Loukanova
Ringstr.19b
69115 Heidelberg
Germany
svetla.loukanova@evaplan.org

and

Heidelberg Institute of Global Health 
Anne-Kathrin Fabricius
Im Neuenheimer Feld 365
69120 Heidelberg
Germany
anne-kathrin.fabricius@uni-heidelberg.de

The course take place under the following URL:

https://evaplan-training.org

What data do we store?

The personal data provided during registration (e.g. Name, Address, Organisation, Function, E-mail, Phone) required for participating in the e-Learning and/or face-to-face courses are stored at evaplan servers or on servers of Hetzner GmbH data centers (located in Germany) and are used for coordinating the courses and and providing you with access to the platform of the courses and BBB platform for online videoconferences. In addition, the list of all applications will be stored on the servers of evaplan at the University Hospital Heidelberg and Heidelberg Institute of Global Health.  

Additionally, when you use the courses online platform, the following data will be stored:

  • Personal identification information: your email address and a username are required to log in to the platform.
  • Profile information, such as: 
    • Your photo
    • Real name
    • Address and phone number
    • Your organisation and function
    • Information about yourself, interests and expertise
  • Your posts, comments and likes on the courses platform
  • Your memberships in working groups
  • Your participation in event sessions
  • If you participate actively in a videoconference, you can also share your audio or video-channel, so that other participants can hear and/or see you.
  • In some cases, the videoconference might also be recorded. Permission for recording is always requested from the audience at the beginning of the conference. A sign at the top of the browser indicates that the session is recorded.
  • Your use of the platform, such as the pages you visit and your downloads.

How do we collect your data?

You directly provide us with the data we collect. We collect data and process data when you:

  • Register online on the courses platform
  • Voluntarily complete your user profile
  • Voluntarily or required through the courses participate in online discussions (synchronous or asynchronous)
  • Use or view our website via your browser’s cookies

How will we use your data?

The data is used exclusively for the purpose of providing you access to the e-Learning and face-to-face courses and facilitating your participation in the videoconferences, as well as for the issue of certificates. Data may be disclosed to external clients for the purposes of payment processing (PayPal).

  • Process your payment of course/event fees (if applicable)
  • Provide you access to the videoconferences platform
  • Enable user-to-user communication and interaction
  • Allow you to share your experiences and learn from your peers within the group of conference participants
  • Provide access to online resources
  • Mid-term and final tests during the respective e-Learning courses
  • Issue of Certificates

The data will only be used for the purposes described in the declaration; any other use is always made subject to renewed consent. Your data will not be used for advertising purposes. We will not transfer your personal information to third parties unless we have your permission or are required by law to do so.

What is the legal basis for data processing?

In the following we inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. Please note that, in addition to the regulations of the GDPR, the national data protection regulations may apply in your country or in our country of residence or domicile. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.

  • Consent (Article 6 (1) (a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Performance of a contract and prior requests (Article 6 (1) (b) GDPR) - Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Compliance with a legal obligation (Article 6 (1) (c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate Interests (Article 6 (1) (f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Recipients of personal data

Access to the personal data is restricted to participants of the e-Learning and face-to-face courses and to those employees of Heidelberg Institute of Global Health, evaplan at the University Hospital Heidelberg, who are required to process the data according to the above mentioned purposes and handle it properly and confidentially.

We transfer your data to the external service providers think modular - digital solutions GmbH, who supports us in the following activities: online payment systems, storage and management of data, IT support, implementation of videoconferences and events. In doing so, we ensure that this service provider is carefully selected in accordance with data protection. 

How do we store your data?

Heidelberg Institute of Global Health and evaplan at the University Hospital Heidelberg secure the data by means of suitable technical and organizational measures against unintentional or intended falsification, destruction, loss or access by unauthorized persons.

All data for the website and courses are hosted either at evaplan servers or on servers of Hetzner GmbH data centers, located in Germany, in accordance with EU General Data Protection Regulation (GDPR). 

Lists with the names and contact data for the participants are stored on the servers of evaplan at the University Hospital Heidelberg and Heidelberg Institute of Global Health.  

Duration of data retention

We will only retain personal data for as long as is necessary for the purposes we are using it for. How long we retain data will vary depending on the purposes it is used for.

What are your data protection rights?

You have the right to ask for your personal data, to have it corrected if necessary, or to request that the processing be restricted or the data deleted. The data will then be deleted. The permission granted to use the personal data can also be revoked at any time. This does not affect the lawfulness of processing until the time of revocation.

If you withdraw, participation in the e-Learning and face-to-face courses is not possible.

Please give the revocation by e-mail to: anne-kathrin.fabricius@uni-heidelberg.de

If you have any questions or complaints about this declaration or the processing, you can contact the data protection representative at the following e-mail: svetla.loukanova@evaplan.org

You have the right to contact the data protection supervisory authority with complaints. The competent authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI). https://www.bfdi.bund.de/DE/Home/home_node.html.

Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

We use cookies for a variety of reasons detailed below. Unfortunately, in most cases, there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed his browser.
  • Permanent cookies: Permanent cookies remain stored even after closing the browser. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The interests of users who are used for range measurement or marketing purposes can also be stored in such a cookie.
  • First-Party-Cookies: First-Party-Cookies are set by ourselves.
  • Third party cookies: Third party cookies are mainly used by advertisers (so-called third parties) to process user information.
  •  Necessary (also: essential) cookies: Cookies can be necessary for the operation of a website (e.g. to save logins or other user inputs or for security reasons).
  • Statistics, marketing and personalisation cookies: Cookies are also generally used to measure a website's reach and when a user's interests or behaviour (e.g. viewing certain content, using functions, etc.) are stored on individual websites in a user profile. Such profiles are used, for example, to display content to users that corresponds to their potential interests. This procedure is also referred to as "tracking", i.e. tracking the potential interests of users. If we use cookies or "tracking" technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.

For further information, visit allaboutcookies.org.

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit.

How do we use cookies?

This event platform uses cookies in a range of ways to improve your experience on our website, including:

  • Keeping you signed in
  • Understanding how you use our website
  • Ensuring the functionality of the website

How to manage cookies

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
Privacy policies of other websites

The website of the courses contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

Payment Service Provider

In addition to banks and credit institutions, we use other payment service providers on the basis of our interests in efficient and secure payment procedures, whose platforms users and we can use to perform payment transactions.

  • Processed data types: Inventory data (e.g. names, addresses), Payment Data (e.g. bank details, invoices, payment history), Contract data (e.g. contract object, duration, customer category), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Customers, Prospective customers.
  • Purposes of Processing: Provision of contractual services and customer support.
  • Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
  • Services and service providers being used:
  • PayPal: Payment service provider (e.g. PayPal, PayPal Plus, Braintree, Braintree); Service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Website: https://www.paypal.com; Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Plugins and embedded functions and content

Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may, for example, be graphics, videos or social media buttons as well as contributions (hereinafter uniformly referred to as "Content").

The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only those contents, whose respective offerers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.
Information on legal basis: If we ask users for their consent (e.g. in the context of a so-called "cookie banner consent"), the legal basis for processing is this consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online services. We refer you to the note on the use of cookies in this privacy policy.

Processed data types: Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses), Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos).
Data subjects: Users (e.g. website visitors, users of online services), Communication partner (Recipients of e-mails, letters, etc.).

Purposes of Processing: Provision of our online services and usability, Provision of contractual services and customer support, Security measures, Managing and responding to inquiries, Contact requests and communication, Direct marketing  (e.g. by e-mail or postal), Targeting (e.g. profiling based on interests and behaviour, use of cookies), Interest-based and behavioral marketing, Profiling (Creating user profiles).
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR), Consent (Article 6 (1) (a) GDPR), Performance of a contract and prior requests (Article 6 (1) (b) GDPR).

Services and service providers being used:

  • Font Awesome: Display of fonts and symbols; Service provider:  Fonticons, Inc. ,6 Porter Road Apartment 3R, Cambridge, MA 02140, USA; Website: https://fontawesome.com/; Privacy Policy: https://fontawesome.com/privacy.
  • Google Fonts: We integrate the fonts ("Google Fonts") of the provider Google, whereby the data of the users are used solely for purposes of the representation of the fonts in the browser of the users. The integration takes place on the basis of our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their uniform presentation and consideration of possible licensing restrictions for their integration. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy.
  • YouTube videos: Video contents; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, , parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Opt-Out: Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=en,  Settings for the Display of Advertisements: https://adssettings.google.com/authenticated.
  • Vimeo videos: video contents; Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy; Opt-Out: We point out that Vimeo may use Google Analytics and refer to the privacy policy (https://policies.google.com/privacy) as well as opt-out options for Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=en) or the settings of Google for data use for marketing purposes (https://adssettings.google.com/).
  • Privacy policies of other websites

Changes to our privacy policy

evaplan at the University Hospital Heidelberg and Heidelberg Institute of Global Health keep their privacy policy under regular review and place any updates on this web page. This privacy policy was last updated on 16th of October 2020.

Your consent to this declaration

With your consent, you agree that your personal data will be saved and used by Heidelberg Institute of Global Health and evaplan at the University Hospital Heidelberg in accordance with the declaration described above. This consent remains valid, even if you did not participate in the courses or videoconferences.