Name and Address of the Controller

The controller in the sense of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection provisions, is:

Deutsche Stiftung Eierstockkrebs
Charité, Campus Virchow Klinikum
Augustenburger Platz 1
13353 Berlin
Germany
Email: info@stiftung-eierstockkrebs.de
Website: www.stiftung-eierstockkrebs.de

General Information on Data Processing

Scope of Processing Personal Data
We generally collect and use personal data of our users only to the extent necessary to provide a functional website, as well as our content and services. The collection and use of our users’ personal data regularly occurs only with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.

Legal Basis for Processing Personal Data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations necessary for carrying out pre-contractual measures.

Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

Data Deletion and Storage Period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned norms expires, unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract.

Provision of the Website and Creation of Log Files

Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:
Information about the browser type and version used
The user’s operating system
The user’s internet service provider
The user’s IP address
Date and time of access
Websites from which the user’s system accessed our website
Websites accessed by the user’s system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data helps us optimize the website and ensure the security of our information technology systems. Data is not evaluated for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

Duration of Storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the respective session has ended.

In the case of data stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to assign them to the accessing client.

Right to Object and Removal Options
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no right to object.

Use of Cookies

Description and Scope of Data Processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables unique identification of the browser when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change:
Login information

Legal Basis for Data Processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized again after a page change.

We need cookies for the following applications:
Login information

User data collected through technically necessary cookies is not used to create user profiles.

Duration of Storage, Right to Object, and Removal Options
Cookies are stored on the user’s computer and transmitted from there to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.

Borlabs Cookie

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consents.

Borlabs Cookie does not process any personal data.

The borlabs-cookie stores your consents given when entering the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked for your cookie consent again.

Wordfence Security Plugin

This site uses the WordPress Security Plugin Wordfence to protect the website from hacker attacks, etc. The provider is DEFIANT, 800 5th Ave Ste 4100, Seattle, WA 98104.
Wordfence currently uses three cookies, and below is an explanation of what each cookie does, who set the cookie, and why the cookie helps protect the site.

Cookie: wfwaf-authcookie- (Hash)
What it does: This cookie is used by the WORDFENCE firewall to perform a capability check on the current user before WordPress loads.
Who receives this cookie: This cookie is only set for users who can log into WordPress.
How this cookie helps: With this cookie, the Wordfence firewall recognizes logged-in users and grants them increased access. Wordfence can also recognize non-logged-in users and restrict their access to secure areas. The cookie informs the firewall about the access level a visitor has to help the firewall make smart decisions about who should be allowed and who should be blocked.

Cookie: wf_loginalerted_ (Hash)
What it does: This cookie is used to notify the Wordfence administrator when an administrator logs in from a new device or location.
Who receives this cookie: This cookie is only set for administrators.
How this cookie helps: This cookie helps website operators know if an admin login has occurred from a new device or location.

Cookie: wfCBLBypass
What it does: Wordfence offers a site visitor the option to bypass country blocking by accessing a hidden URL. This cookie allows tracking of who is allowed to bypass country blocking.

Who receives this cookie: If a hidden URL defined by the site administrator is accessed, this cookie is used to check whether the user can access the site from a country that is restricted by country blocking. This is set for anyone who knows the URL that allows bypassing standard country blocking. This cookie is not set for someone who does not know the hidden URL to bypass country blocking.
How this cookie helps: This cookie gives website owners the ability to allow certain users from blocked countries, even if their country has been blocked.

More information on the handling of user data can be found in DEFIANT’s privacy policy: wordfence.com/privacy-policy

Google Maps

Description and Scope of Data Processing
This website uses the Google Maps map service via an API (interface). The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

Legal Basis for Data Processing
The use of Google Maps is in the interest of an appealing presentation of this website and serves to easily find the location we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further information on the handling of user data can be found in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.

Use of YouTube

YouTube videos are embedded on this website. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

By accessing and loading a YouTube video embedded on the subpages here, the internet browser connects to YouTube’s servers. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google gain knowledge about the visit, such as the visitor’s IP address.

If the data subject is logged into YouTube at the same time, YouTube recognizes which specific subpage of our website the data subject visits when a subpage containing a YouTube video is accessed. This information is collected by YouTube and Google and assigned to the data subject’s respective YouTube account, regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not wish for such transmission of this information to YouTube and Google, they can prevent the transmission by logging out of their YouTube account before accessing our website.

For the collection, processing, and use of personal data by YouTube and Google, please refer to the privacy policy at https://www.google.de/intl/de/policies/privacy.

Web Analysis by Matomo

Scope of Processing Personal Data
We use the open-source software tool Matomo on our website to analyze the user behavior of our visitors. Tracking is done without setting a cookie. When individual pages of our website are accessed, the following data is stored:
(1) Two bytes of the IP address of the user’s accessing system
(2) The accessed website
(3) The website from which the user reached the accessed website (referrer)
(4) The subpages accessed from the accessed website
(5) The time spent on the website
(6) The frequency of accessing the website

The software runs exclusively on our website’s servers. Personal data of users is stored only there. Data is not passed on to third parties.

The software is configured so that IP addresses are not stored in full, but 2 bytes of the IP address are masked (e.g., 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the accessing computer.

Opt-out complete; your visits to this website will not be recorded by the web analytics tool. Please note that the Matomo opt-out cookie for this website will also be deleted if you remove the cookies stored in your browser. In addition, if you use a different computer or web browser, you will need to repeat the opt-out procedure.

You have the option to prevent actions you take here from being analyzed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improving usability for you and other users.

The tracking opt-out function requires cookies to be enabled.

Legal Basis for Processing Personal Data
The legal basis for processing users’ personal data is Art. 6 para. 1 lit. f GDPR.

Purpose of Data Processing
The processing of users’ personal data allows us to analyze their browsing behavior. By evaluating the data obtained, we are able to compile information about the use of individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data according to Art. 6 para. 1 lit. f GDPR. By anonymizing the IP address, the users’ interest in protecting their personal data is sufficiently taken into account.

Duration of Storage
The data will be deleted as soon as it is no longer needed for our recording purposes. In our case, this is after 365 days.

Contact Form and Email Contact

Description and Scope of Data Processing
Our website provides a contact form that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored.

At the time the message is sent, the following data is also stored:
The user’s IP address
Date and time
Entered name
Entered email address

For data processing, your consent is obtained during the submission process, and reference is made to this privacy policy. Alternatively, you can contact us via the provided email address. In this case, the personal data of the user transmitted with the email will be stored.

In this context, no data is transferred to third parties. The data is used exclusively for processing the conversation.

Legal Basis for Data Processing
The legal basis for data processing, where the user has given consent, is Art. 6 para. 1 lit. a GDPR.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact aims at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

Purpose of Data Processing
The processing of personal data from the input form serves solely for us to process your contact request. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data.

Other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of Storage
The data will be deleted as soon as they are no longer required for the purpose for which they were collected. For personal data from the contact form and those sent via email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

Additional personal data collected during the submission process will be deleted no later than seven days.

Right to Object and Erasure
The user has the right to withdraw their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

Rights of the Data Subject

The following list includes all rights of data subjects under the GDPR. Rights that are not relevant for one’s own website do not need to be mentioned. In this respect, the list can be shortened. If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:

Right of Access
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing exists, you can request information from the controller about the following:
the purposes for which the personal data are processed;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
the envisaged period for which the personal data concerning you will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
any available information as to their source where the personal data are not collected from the data subject;
the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

Right to Rectification
You have the right to obtain from the controller the rectification and/or completion of inaccurate or incomplete personal data concerning you. The controller shall rectify the data without undue delay.

Right to Restriction of Processing
Under the following conditions, you may request the restriction of processing of personal data concerning you:
(1) if you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims, or
(4) if you have objected to processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

Where processing of personal data concerning you has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been imposed pursuant to the above conditions, you will be informed by the controller before the restriction is lifted.

Right to Erasure

Obligation to Erase
You can request from the controller that personal data concerning you be erased without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
(4) The personal data concerning you have been unlawfully processed.
(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

Information to Third Parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) GDPR to erase them, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Exceptions
The right to erasure shall not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defense of legal claims.

Right to Notification

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the controller about those recipients.

Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR; and
(2) the processing is carried out by automated means.
In exercising your right to data portability, you shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This right shall not adversely affect the rights and freedoms of others.

The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

Right to Withdraw Consent

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the controller,
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests have been put in place.

In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.