Privacy Policy

1. General information

The following privacy policy applies to the use of our online services [www.initiative-qualitaetsmedizin.de] (hereinafter “website”).

Updated: 31/10/2019

 

Information about how IQM processes personal data in the course of its association-related activities can be found here.

Initiative Qualitätsmedizin e.V. (IQM) takes data privacy very seriously. The collection and processing of your personal data is carried out in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). Personal data is collected, processed and used on the pages of this website only to the extent that is necessary for technical reasons and to provide individual services. Where it is necessary to enter personal data in order to use individual services on our website (e.g. to process enquiries using the contact forms, to register for the members area), we will collect and use these data only for the purpose for which you have provided it to us.

By using this website, you consent to the collection, use and transfer of your data in accordance with the Privacy Policy.

The controller for the collection, processing and use of your personal data in accordance with Art. 4 No. 7 GDPR is:

 

IQM Initiative Qualitätsmedizin e.V.          

Alt-Moabit 104

10559 Berlin, Germany

Phone: +49 30 7262 1520

E-mail: info[at]initiative-qualitaetsmedizin.de

 

If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions, either as a whole or for individual measures, you can address your objection to the controller.

You can save and print this Privacy Policy at any time.

 

2.    Collection, processing and use of data on this website

2.1 Access data

When you visit our website, our web servers automatically store data for statistical analysis for the purpose of operating, securing and optimising our website, as well as for anonymously recording the number of visitors to our website (traffic). Our servers also store data about the extent and type of use of our website and services, the connection details of the requesting computer (user’s internet service provider and IP address as well as the requesting provider – stored only temporarily), the pages you visit on our site, the date, time and duration of the visit, identification data about the type of browser and operating system used, the amount of data transferred, notification of successful retrieval (HTTP response code), referrer URL (i.e. the previously visited page) and the website from which you visit us (server log data). Further personal data such as your name, address, telephone number and e-mail address is not recorded. There is also no link between the server log data and your personal data.

This data allows us to provide personalised and location-specific content and to analyse traffic, troubleshoot and correct errors, and improve our services. This constitutes our legitimate interest, which forms the legal basis for processing according to Art. 6(1)(1)(f) GDPR.

We reserve the right to subsequently review log data if there is a justified suspicion of illegal use based on concrete evidence. We temporarily store IP addresses in log files when necessary for security purposes or when necessary to provide a service or bill for a service, e.g. if you take advantage of one of our offers. We delete the IP address when it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion that a crime is being committed in connection with the use of our website. We also store the date of your last visit (e.g. registration, login, clicking on links, etc.) with your account data.

 

2.2 Use of the Matomo tracking tool

This website uses the web analysis service Matomo to analyse and regularly improve the use of the website. We use the statistics obtained in this way to improve our website and make it more appealing to you as a user. This constitutes our legitimate interest, which forms the legal basis for using Matomo according to Art. 6(1)(1)(f) GDPR.

This analysis is accomplished by storing cookies on your computer. The information collected from these cookies is stored exclusively on our server in Germany. You can adjust how we analyse your behaviour by deleting existing cookies and blocking the storage of cookies. Please note that if you block cookies, you may not be able to use this website to its full extent. You can block cookies by adjusting a setting in your browser.

This website uses Matomo with the “AnonymizeIP” extension. This means that IP addresses are processed in truncated form, making it impossible to assign them to a specific person. The IP address that Matomo transmits from your browser is not merged with other data collected by us.

Matomo is an open-source project. Privacy information from this third-party provider can be found at https://matomo.org/privacy-policy/

You can prevent Matomo from being used by deselecting the checkbox at the end of this page to activate the opt-out plugin.

 

2.3 Data for fulfilling our contractual obligations in the course of our association-related activities / Access to the members area

We process personal data that is needed to fulfil our contractual obligations regarding IQM membership, such as your name, address and e-mail address. Collecting this data in the course of our association-related activities is necessary for us to fulfil the association’s purpose and enable active participation in association processes.

Accounts to access the members area of our website can be created for persons who are actively involved in association-related activities on behalf of our members. We require personal data to create these accounts. Upon registration, we collect master data (e.g. name, title, person’s function with the member) and communication details (e.g. e-mail address) through direct contact with our members. The login credentials are sent to the person in question. The next time the person logs in, only the e-mail address and the password are required.

Data is deleted after a member has left the association; after a person employed by a member leaves the member organisation; after this person changes departments or areas, provided this change ends their active involvement in association-related activities; or at the express request of the person in question or the member by whom they are employed. A notification in text form (e.g. e-mail, fax, letter) to the contact details listed under Clause 1 is sufficient for such a request. There are no costs other than the communication costs at applicable standard rates. We will then delete your stored personal data, unless we need to store it for other purposes within the scope of our association-related activities or due to legal retention obligations.

Data linked to a members area account is always retained for the duration that this account is maintained. The legal basis for the processing of this data is Art. 6(1)(1)(b) GDPR because this data is required for us to fulfil our association-related obligations to our members in accordance with IQM’s articles of association.

 

2.4 Newsletter

To send you the IQM newsletter, you must provide your e-mail address and then confirm, as part of a double opt-in procedure, that you are the owner of the e-mail address and wish to receive the newsletter. After registering you will receive a message at the e-mail address you entered. We ask you to follow the link in this e-mail in order to confirm that you wish to receive our newsletter. Your registration for the newsletter is recorded. You will then receive our newsletter approximately once a quarter. It is sent by e-mail and contains information about current developments and events at IQM.

We process only your e-mail address in order to send you the newsletter. It will not be made available to any third party. To stop receiving the newsletter in the future, you can revoke your consent and thus your subscription to the newsletter at any time. To do so, please unsubscribe from the newsletter on our website using the contact form or reply to the newsletter with the subject “Unsubscribe from newsletter”. You will also find a link to unsubscribe from the newsletter at the end of each issue of the newsletter. There are no costs associated with unsubscribing other than the communication costs at applicable standard rates. Revoking your consent has no effect on the lawfulness of the processing that took place prior to the revocation based on your consent.

We store your registration data as long as it is needed for sending the newsletter. We store the record of your registration and the dispatch address as long as we maintain an interest in proving the original consent, usually for the limitation period for civil law claims, i.e. a maximum of three years.

The legal basis for sending the newsletter is your consent in accordance with Art. 6(1)(1)(a) and Art. 7 GDPR in conjunction with Section 7(2)(3) of the German Act against Unfair Competition (UWG). The legal basis for recording your registration is our legitimate interest in proving that the newsletter was sent with your consent.

 

2.5 E-mail contact

If you contact us (e.g. using the contact form or by e-mail), we will process your data for the purpose of handling the enquiry and answering any follow-up questions, should they arise.

If the data is processed for the purpose of performing pre-contractual activities at your request or, if you are a member of our association, to carry out association-related activities, the legal basis for this data processing is Art. 6(1)(1)(b) GDPR.

We process other personal data only if you give your consent (Art. 6(1)(1)(a) GDPR) or if we have a legitimate interest in processing your data (Art. 6(1)(1)(f) GDPR). Replying to your e-mail is an example of a legitimate interest.

 

2.6 Storage duration

Personal data will be deleted immediately as soon as knowledge of it is no longer necessary to fulfil the purpose for which it was stored and no legal or statutory obligation to retain or document the data prevents the deletion or destruction of the records in question.

 

3.    Your rights as data subject

Under applicable laws, you have various rights regarding your personal information. If you wish to exercise these rights, please send your request by e-mail or by post along with sufficient information to identify yourself to the address mentioned in Clause 1.

An overview of your rights is presented below.

 

3.1 Right to confirmation and notification

You have the right to obtain confirmation from us at any time as to whether we are processing your personal data. If we are, you have the right to request information from us about the personal data we have stored about you as well as a copy of this data.

Furthermore, you have a right to be notified of the type, scope, purpose, recipient and storage period of your processed personal data as well as your associated rights, as listed below:

  1. The purposes of processing

  2. The categories of personal data we are processing

  3. The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations

  4. If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration

  5. Whether you have the right to rectification or erasure of your personal data, the right to restrict the controller’s processing of your data, or the right to object to such processing

  6. Whether you have the right to appeal to a supervisory authority

  7. All available information about the origin of the data, if it was not collected from you

  8. Whether we employ an automated decision-making process including profiling in accordance with Art. 22(1) and 22(4) GDPR and, if we do, meaningful information about the logic involved and the scope and intended effects of such processing for you

If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the data protection guarantees for the transfer in accordance with Art. 46 GDPR.

 

3.2 Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 

3.3 Right to erasure (“right to be forgotten”)

Pursuant to Art. 17(1) GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay, and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed

  2. You withdraw consent on which the processing is based according to Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing

  3. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR

  4. The personal data has been unlawfully processed

  5. The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject

  6. The personal data has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR

Where we have made the personal data public and are obliged pursuant to Art. 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, this personal data.

 

3.4 Right to restriction of processing

You have the right to request that we restrict processing where one of the following applies:

  1. You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.

  2. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead.

  3. We no longer require the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims.

  4. You have objected to processing pursuant to Art. 21(1) GDPR pending the verification of whether the legitimate grounds of our company override yours.

 

3.5 Right to data portability

You have the right to receive the personal data that you provided to us in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from us, where:

  1. the processing is based on consent pursuant to Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(1)(b) GDPR and

  2. the processing is carried out by automated means.

In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

 

3.6 Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(1)(e) or Art. 6(1)(1)(f) GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where we process personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, you have the right to object to processing of personal data concerning you on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

 

3.7 Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for you or significantly affects you in a similar manner.

 

3.8 Right to revoke data protection consent

You have the right to revoke your consent to future processing of personal data at any time.

 

3.9 Right to appeal to a supervisory authority

You have the right to appeal to a supervisory authority, in particular in the Member State in which you reside, in your place of employment or in the place where the suspected infringement occurred, if you consider that the processing of personal data concerning you is unlawful.

 

4.    Data security

We take technical and organisational security measures in accordance with Art. 32 GDPR, which we constantly adapt to the state of the art, in order to protect your personal data from loss and misuse. Your data is stored in a secure operating environment that is not accessible to the public. In certain cases, your personal data will be encrypted during transmission using the Secure Socket Layer (SSL) technology. In this case, communication between your computer and our servers will be encrypted using a recognised encryption method, provided your browser supports SSL.

Please note, however, that transmission of data over the Internet (e.g. communication by e-mail) may be subject to vulnerabilities. It is not possible to completely protect data against access by third parties.

Furthermore, we provide no guarantee that our website will be available at certain times; disturbances, interruptions or failures cannot be excluded. We conduct careful and regular backups of our servers.

 

5.    Automated individual decision-making

We do not employ automated individual decision-making based on the personal data collected.

 

6.    Transfer of data to third parties, no data transfer to non-EU countries

As a matter of principle, we only use your personal data within our company.

If and insofar as we commission third parties for the fulfilment of contracts, they will receive personal data only to the extent necessary to execute the service in question.

In the event that we outsource certain aspects of data processing, we contractually oblige these processors to use personal data only in accordance with the requirements of applicable data protection laws and to ensure that the rights of the data subject are protected.

We do not and do not plan to transfer data to places or persons outside the EU, except in the case mentioned in Section 2.3 of this Privacy Policy.

 


 7. Matomo

This website uses Matomo, an open-source software for the statistical evaluation of visitor actions (see also item 2.2 above). You have the option to prevent Matomo from analysing and linking your actions. This will protect your privacy, but will also prevent the owner of the website from learning from your actions and improving usability for you and other users.

Tracking is currently disabled for you because your browser has told us that you do not wish to be tracked. This is due to a setting in your browser. To enable tracking, you must deselect the “Do Not Track” option in your browser settings.