Data protection declaration e-Learning courses and face-to-face courses in the area of Quality Improvement and Social Protection
Data protection declaration for participants of the e-Learning courses and face-to-face courses in the area of Quality Improvement and Social Protection in cooperation between Heidelberg Institute of Global Health and evaplan at the University Hospital Heidelberg for the storage and use of personal data by the registration on the platform, entering the courses platform and participation in online trainings through the Big Blue Button (BBB) platform for videoconferences of the courses.
As the protection of personal data is very important to us, we will tell you here which of your personal data is stored and what it is used for.
evaplan GmbH am Universitätsklinikum Heidelberg
PD Dr. med. Svetla Loukanova
Heidelberg Institute of Global Health
Im Neuenheimer Feld 365
The course take place under the following URL:
What data do we store?
The personal data provided during registration (e.g. Name, Address, Organisation, Function, E-mail, Phone) required for participating in the e-Learning and/or face-to-face courses are stored at evaplan servers or on servers of Hetzner GmbH data centers (located in Germany) and are used for coordinating the courses and and providing you with access to the platform of the courses and BBB platform for online videoconferences. In addition, the list of all applications will be stored on the servers of evaplan at the University Hospital Heidelberg and Heidelberg Institute of Global Health.
Additionally, when you use the courses online platform, the following data will be stored:
- Personal identification information: your email address and a username are required to log in to the platform.
- Profile information, such as:
- Your photo
- Real name
- Address and phone number
- Your organisation and function
- Information about yourself, interests and expertise
- Your posts, comments and likes on the courses platform
- Your memberships in working groups
- Your participation in event sessions
- If you participate actively in a videoconference, you can also share your audio or video-channel, so that other participants can hear and/or see you.
- In some cases, the videoconference might also be recorded. Permission for recording is always requested from the audience at the beginning of the conference. A sign at the top of the browser indicates that the session is recorded.
- Your use of the platform, such as the pages you visit and your downloads.
How do we collect your data?
You directly provide us with the data we collect. We collect data and process data when you:
- Register online on the courses platform
- Voluntarily complete your user profile
- Voluntarily or required through the courses participate in online discussions (synchronous or asynchronous)
- Use or view our website via your browser’s cookies
How will we use your data?
The data is used exclusively for the purpose of providing you access to the e-Learning and face-to-face courses and facilitating your participation in the videoconferences, as well as for the issue of certificates. Data may be disclosed to external clients for the purposes of payment processing (PayPal).
- Process your payment of course/event fees (if applicable)
- Provide you access to the videoconferences platform
- Enable user-to-user communication and interaction
- Allow you to share your experiences and learn from your peers within the group of conference participants
- Provide access to online resources
- Mid-term and final tests during the respective e-Learning courses
- Issue of Certificates
The data will only be used for the purposes described in the declaration; any other use is always made subject to renewed consent. Your data will not be used for advertising purposes. We will not transfer your personal information to third parties unless we have your permission or are required by law to do so.
What is the legal basis for data processing?
In the following we inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. Please note that, in addition to the regulations of the GDPR, the national data protection regulations may apply in your country or in our country of residence or domicile. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.
- Consent (Article 6 (1) (a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Performance of a contract and prior requests (Article 6 (1) (b) GDPR) - Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Compliance with a legal obligation (Article 6 (1) (c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Legitimate Interests (Article 6 (1) (f) GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Recipients of personal data
Access to the personal data is restricted to participants of the e-Learning and face-to-face courses and to those employees of Heidelberg Institute of Global Health, evaplan at the University Hospital Heidelberg, who are required to process the data according to the above mentioned purposes and handle it properly and confidentially.
We transfer your data to the external service providers think modular - digital solutions GmbH, who supports us in the following activities: online payment systems, storage and management of data, IT support, implementation of videoconferences and events. In doing so, we ensure that this service provider is carefully selected in accordance with data protection.
How do we store your data?
Heidelberg Institute of Global Health and evaplan at the University Hospital Heidelberg secure the data by means of suitable technical and organizational measures against unintentional or intended falsification, destruction, loss or access by unauthorized persons.
All data for the website and courses are hosted either at evaplan servers or on servers of Hetzner GmbH data centers, located in Germany, in accordance with EU General Data Protection Regulation (GDPR).
Lists with the names and contact data for the participants are stored on the servers of evaplan at the University Hospital Heidelberg and Heidelberg Institute of Global Health.
Duration of data retention
We will only retain personal data for as long as is necessary for the purposes we are using it for. How long we retain data will vary depending on the purposes it is used for.
What are your data protection rights?
You have the right to ask for your personal data, to have it corrected if necessary, or to request that the processing be restricted or the data deleted. The data will then be deleted. The permission granted to use the personal data can also be revoked at any time. This does not affect the lawfulness of processing until the time of revocation.
If you withdraw, participation in the e-Learning and face-to-face courses is not possible.
Please give the revocation by e-mail to: email@example.com
If you have any questions or complaints about this declaration or the processing, you can contact the data protection representative at the following e-mail: firstname.lastname@example.org
You have the right to contact the data protection supervisory authority with complaints. The competent authority is the Federal Commissioner for Data Protection and Freedom of Information (BfDI). https://www.bfdi.bund.de/DE/Home/home_node.html.
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
- Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed his browser.
- Permanent cookies: Permanent cookies remain stored even after closing the browser. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. The interests of users who are used for range measurement or marketing purposes can also be stored in such a cookie.
- First-Party-Cookies: First-Party-Cookies are set by ourselves.
- Third party cookies: Third party cookies are mainly used by advertisers (so-called third parties) to process user information.
- Necessary (also: essential) cookies: Cookies can be necessary for the operation of a website (e.g. to save logins or other user inputs or for security reasons).
For further information, visit allaboutcookies.org.
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit.
- Keeping you signed in
- Understanding how you use our website
- Ensuring the functionality of the website
How to manage cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
Privacy policies of other websites
Payment Service Provider
In addition to banks and credit institutions, we use other payment service providers on the basis of our interests in efficient and secure payment procedures, whose platforms users and we can use to perform payment transactions.
- Processed data types: Inventory data (e.g. names, addresses), Payment Data (e.g. bank details, invoices, payment history), Contract data (e.g. contract object, duration, customer category), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
- Data subjects: Customers, Prospective customers.
- Purposes of Processing: Provision of contractual services and customer support.
- Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
- Services and service providers being used:
Plugins and embedded functions and content
Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may, for example, be graphics, videos or social media buttons as well as contributions (hereinafter uniformly referred to as "Content").
The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only those contents, whose respective offerers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.
Processed data types: Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses), Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos).
Data subjects: Users (e.g. website visitors, users of online services), Communication partner (Recipients of e-mails, letters, etc.).
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR), Consent (Article 6 (1) (a) GDPR), Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
Services and service providers being used:
- Privacy policies of other websites
Your consent to this declaration
With your consent, you agree that your personal data will be saved and used by Heidelberg Institute of Global Health and evaplan at the University Hospital Heidelberg in accordance with the declaration described above. This consent remains valid, even if you did not participate in the courses or videoconferences.