Privacy policy

Introduction and Definition

1. INTRODUCTION

We process personal data for the operation of our website www.healthpolicyleaders.eu (hereinafter referred to as “Website”). We keep such data in confidence and process them in accordance with the applicable laws – in particular, the General Data Protection Regulation (GDPR) and the new version of the German Federal Data Protection Act (BDSG-new). In this Privacy Policy, we wish to inform you about which personal data we collect from you, for which purposes and on which legal basis they are used and to whom we disclose them, if appropriate. Furthermore, we will explain which rights you have to protect and enforce your rights for data protection.

2. DEFINITON OF TERMS

Our Privacy Policy contains technical terms which are defined in the GDPR and the BDSG-new. For your better understanding, we will explain these terms in a more simplified way:

2.1 Personal data
“Personal data” means any information relating to an identified or identifiable natural person (Art. 4(1) of the GDPR). Data of an identified person might be, for instance, their name or email address. Data, however, might also be personal if the identity is not directly recognisable but could be determined by combining own or external information in order to identify that person. A person is identifiable, if information is available about, e.g. their address or bank details, their date of birth or user name, their IP address and/or location data. This means that here any information is relevant which allows for any type of conclusion to be drawn on a person.

2.2 Processing
Art. 4(2) of the GDPR provides that “processing” means any operation which is performed on personal data. That means, in particular, the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

Controller and Data Protection Officer

3. CONTROLLER

The following company is responsible for data processing and thus the data controller:

4. DATA PROTECTION OFFICER

We appointed a data protection officer for our company. You may contact him at:

Framework of processing

5. FRAMEWORK OF PROCESSING: WEBSITE

We will process the personal data listed in detail under Art. 6-13 below, when you use the Website with the URL www.healthpolicyleaders.eu. In this process, we will only process data from you that you actively enter on our Website (e.g. by completing forms) or that you provide automatically when using our offer.

Your data will exclusively be processed by us and these data will, as a matter of principle, not be sold, leased or provided to any third parties. Insofar as we use external service providers for the processing of your personal data, that will be done in the context of a cooperation with a so-called data processor, where we act as principal and are authorised to give instructions to our contractors. For the operation of our Website, we use external service providers for hosting, and for the maintenance, update and further development. Insofar as other external service providers will be used for individual processing activities that are listed in Art. 6-13, they will be specified there.

We do, in general, not transfer any data to any third countries and this is not planned for the future either. Any exemptions from this principle will be explained in the types of processing activities listed below.

If you are a public decision-maker (e.g. members of the European parliament, member of national parliament, ministers, etc.), the data collected on your activity comes mainly from official sites such as the European Parliament, national parliament sites, national government sites, etc.

The processing activities in detail

6. RANKING OF INFLUENTIAL HEALTH POLICY LEADERS

7. PROVISION OF THE WEBSITE AND LOG FILES

7.1 Description of processing
Whenever anybody visits our Website, we automatically collect information that their browser transfers to our server. These data will also be stored in the so-called log files of our system. This concerns the following data:

• Your anonymized IP address: the last two digits of the visitor IP will be truncated, from IP 11.22.33.44 will be 11.22.0.0

The temporary storage of your IP address by the system is necessary to be able to deliver our Website to the device of any user. To this end, the IP address of the user must be stored for the duration of the session. Your IP address, however, will not be recorded in our log files.

7.2 Purpose
The processing is done to allow for the Website to be called and to ensure its stability and security. In addition, the processing serves for statistical analyses and the improvement of our online offer.

7.3 Legal basis
The processing is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6(1) point (f) of the GDPR). Our legitimate interest is the purpose mentioned in Art. 6.2.

7.4 Storage duration
The data will be erased once they are no longer required to achieve the purpose of their collection. If data are collected to provide the Website, they will be erased once the respective session has been terminated. The log files will be erased after 30 days.

8. COOKIES

Please refer to the Cookies Policy Page.

9. GOOGLE WEBFONTS

9.1 Description of processing
Our Website uses “Google Webfonts“, a font replacement service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google Webfonts replaces the standard fonts of your device with fonts from the catalogue of Google when our Website is displayed on your device. If your browser prohibits the integration of Google Webfonts, the texts of our Website will be displayed in the standard fonts of your device. Google fonts will be loaded directly from a Google server. In order to do this, your browser will send a request to a Google server. Your IP address might also be transferred to Google together with the address of our Website. Google Webfonts will not store any cookies on your device. Google states that data which are processed in the context of the Google Webfonts service will be transferred to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They will not be associated with data that are connected with the use of other Google services such as e.g. the search machine of the same name or Gmail. For more information on data privacy at Google Webfonts, please refer to https://developers.google.com/fonts/faq?hl=de-DE&csw=1. For general information on data privacy at Google, please visit http://www.google.com/intl/de-DE/policies/privacy/.

9.2 Purpose
The processing is done to be able to provide you with the text of our Website in a clearly legible and aesthetically pleasing manner.

9.3 Legal basis
The processing is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6(1) point f) of the GDPR). Our legitimate interest is the purpose mentioned in Art. 13.2.

9.4 Recipients and transfer to third countries
Personal data might be transferred to Google by using Google Webfonts. Google processes your personal data also in the U.S. and has agreed to comply with the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please refer to https://www.privacyshield.gov/EU-US-Framework.

10. ADOBE TYPEKIT

10.1 Description of processing
Our Website uses “Adobe Typekit”, a font replacement service provided by the company Adobe Systems Software Ireland Ltd., 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (hereinafter referred to as “Adobe“). Adobe Typekit replaces the standard fonts of your device with fonts from the catalogue of Adobe when our Website is displayed on your device. If your browser prohibits the integration of Adobe Typekit, the texts of our Website will be displayed in the standard fonts of your device. The Adobe Typekit fonts will be loaded directly from the Adobe servers. In order to do this, your browser will send a request to an Adobe server. Your IP address might be transferred to Adobe together with the address of our Website. Adobe Typekit will not store any cookies on your device. For more information on data privacy at Adobe Typekit, please visit www.adobe.com/privacy/typekit.html. For general information on the subject of data privacy at Adobe, please read the company’s Data Privacy Policy at https://www.adobe.com/de/privacy/policy.html.

10.2 Purpose
The processing is done to be able to provide you with the text of our Website in a clearly legible and aesthetically pleasing manner.

10.3 Legal basis
The processing is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6(1) point f) of the GDPR). Our legitimate interest is the purpose mentioned in Art. 14.2.

10.4 Recipients and transfer to third countries
Personal data might be transferred to Adobe when Adobe Typekit is used. Adobe will process your personal data also in the U.S., possibly through the group company Adobe Systems Incorporated, San Francisco, 345 Park Avenue, San Jose, California 95110, USA, which agreed to comply with the EU‑US Privacy Shield. For more information on the EU-US Privacy Shield, please refer to https://www.privacyshield.gov/EU-US-Framework.

11. GOOGLE MAPS

11.1 Description of processing
Our Website uses “Google Maps,“ a service for displaying maps provided by the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google“). We use Google Maps for embedding a map that displays our business address in our Website. The map will be loaded directly from a Google server. In order to do this, your browser will send a request to a Google server. Your IP address might also be transferred to Google together with the address of our Website. Google Maps will, however, not store any cookies on your device. If you are logged in to Google when you visit our Website, Google Maps will associate this information to your Google user account. Google will store your data as user profiles and will use them for marketing purposes, for market research and/or the customised configuration of the Google websites. You have a right to object against the creation of user profiles; please directly contact Google to exercise such right. For more information on data privacy at Google, please refer to http://www.google.com/intl/de-DE/policies/privacy/.

11.2 Purpose
The processing is done to be able to display an interactive map on our Website.

11.3 Legal basis
The processing is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6(1) point f) of the GDPR). Our legitimate interest is the purpose mentioned in Art. 19.2.

11.4 Recipients and transfer to third countries
Google processes your personal data also in the U.S. and has agreed to comply with the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please refer to https://www.privacyshield.gov/EU-US-Framework.

12. GOOGLE ANALYTICS

12.1 Description of processing
Our Website uses “Google Analytics”, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google Analytics uses cookies (see Art. 8), which allow for an analysis of your use of our offer. We use Google Analytics in the version offered as “Universal Analytics” which allows for this analysis across devices by allocating the data to a pseudonymised user ID. The information created by the cookie are generally transferred to a Google server in the U.S. and stored there. But, we use Google Analytics exclusively with IP anonymisation. This means that your IP address will be shortened by Google within the European Union member states or other states which are part of the European Economic Area before it is transmitted. Only in exceptional cases will the full IP address be transmitted to a Google server in the U.S. and shortened there. The IP address transferred by your browser in the context of Google Analytics will not be combined with any other data from Google. The statistics created by Google Analytics record, in particular, how may users visit our Website, from which country or place they access the Website, which sub-pages they visit and through which links or search terms visitors come to our Website. For the terms of use for Google Analytics please visit http://www.google.com/analytics/terms/de.html. An overview of the data privacy at Google Analytics can be retrieved from http://www.google.com/intl/de/analytics/learn/privacy.html. You can see Google’s data privacy policy at http://www.google.de/intl/de/policies/privacy.

12.2 Purpose
The processing is done to be able to evaluate the use of our Website. The information gained in the process serve to improve our online presentation and to design it according to demand.

12.3 Legal basis
The processing is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6(1) point f) of the GDPR). Our legitimate interest is the purpose mentioned in Art. 20.2.

12.4 Storage period and right to object
For information on the storage period and an explanation of your control and setting options for cookies, please refer to Art. 8. You may object to the data processing by Google Analytics, at any time, by downloading and installing the browser add-on offered by Google at https://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you have the option to click on the following link. This will place an opt-out cookie on your device which prevents the future collection of your data when visiting this Website.

12.5 Recipients and transfer to third countries
Google Analytics is active for us as service provider in the capacity of a processor. Google processes your personal data also in the U.S. and has agreed to comply with the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please refer to https://www.privacyshield.gov/EU-US-Framework.

13. GOOGLE RECAPTCHA

13.1 Description of processing
Our Website uses “reCAPTCHA”, a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (hereinafter referred to as “Google“). reCAPTCHA allows us to verify in forms whether the entry was made by a human or by an automated software – in particular, so-called bots. This enables us to protect our Website against spam and abuse. In this process, your IP address, the time you visited our Website, the mouse movements you made and other data required for the reCAPTCHA services might be transferred to Google. For more information on data privacy at Google, please refer to http://www.google.com/intl/de-DE/policies/privacy/.

13.2 Purpose
The processing is done to protect forms on our Website against abuse and spam.

13.3 Legal basis
The processing is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6(1) point f) of the GDPR). Our legitimate interest is the purpose mentioned in Art. 26.2.

13.4 Recipients and transfer to third countries
Google processes your personal data also in the U.S. and has agreed to comply with the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please refer to https://www.privacyshield.gov/EU-US-Framework.

Security Measures

14. SECURITY MEASURES

We integrated a SSL or TLS certificate in our Website to protect your personal data against unauthorised access. SSL means “Secure Sockets Layer” and TLS means “Transport Layer Security” and encrypts the communication of data between a website and the user’s computer. You recognise active SSL and TLS encryption by the small lock logo displayed on the left side of your browser’s address line.

Your Rights

15. RIGHTS OF DATA SUBJECTS

You, as data subject, have the following rights in view of the data processing performed by our company as described above:

15.1 Right of access (Art. 15 of the GDPR)
You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed by us. Where that is the case, you have a right of access to the personal data under the conditions set out in Art. 15 of the GDPR and the other information specified in detail in Art. 15 of the GDPR.

15.2 Right to rectification (Art. 16 of the GDPR)
You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning your person and, if necessary, the right to have incomplete personal data completed.

15.3 Right to erasure (Art. 17 of the GDPR)
You also have the right to obtain from us the erasure of personal data concerning you without undue delay, insofar as one of the grounds listed in Art. 17 of the GDPR applies, e.g. if the data is no longer required in relation to the intended purpose.

15.4 Right to restriction of processing (Art. 18 of the GDPR)
You have the right to obtain from us restriction of processing where one of the conditions listed in Art. 18 of the GDPR applies, e.g. if the accuracy of the personal data is contested by you, the data processing will be restricted for a period enabling us to verify the accuracy of the personal data.

15.5 Right to data portability (Art. 20 of the GDPR)
You have the right to receive the personal data concerning you under the preconditions set out in Art. 20 of the GDPR in a structured, commonly used and machine-readable format.

15.6 Right to withdrawal of consent (Art 7(3) of the GDPR)
You shall have the right to withdraw your consent, at any time, for processing which is based on your consent. The withdrawal of your consent will apply from the time it is made. In other words, it will apply for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

15.7 Right to lodge a complaint (Art. 77 of the GDPR)
If you consider that the processing of personal data relating to you infringes the GDPR, you have the right to lodge a complaint with a supervising authority. You may exercise this right with a supervisory authority in the EU Member State of your habitual residence, place of work or place of the alleged infringement.

15.8 Prohibition of automated decision-making / profiling (Art. 22 of the GDPR)
Decisions which produce legal effects concerning you or similarly significantly affect you must not be subject to a decision based solely on automated processing – including profiling. We hereby inform you that we use no automated decision-making, including profiling, in view of your personal data.