§ 1 Information about the collection of personal data
(1) Below, we provide information on how we collect personal data when using our website. Personal data is all data that can be attributed to you personally, e.g. name, address, email addresses, user behavior.
(2) The party responsible in accordance with Art. 4 No. 7 EU General Data Protection Regulation (GDPR) is radiologie-weiterbildung.de (GbR), Ottostraße 17, 96047 Bamberg (see our imprint).
(3) When you contact us by email, WhatsApp or Signal, the data you provide (your email address, if applicable, your name and phone number) will be stored by us in order to respond to your inquiries. We will delete data collected in this context after its storage is no longer required, or otherwise restrict its use if there are legal retention obligations.
(4) If we rely on third-party service providers to provide individual parts of our offer or if we decide to use your data for promotional purposes, we will inform you in more detail beforehand. Additionally, we will state the requirements for how long data will be stored.
§ 2 Your rights
(1) The following rights apply to you with regard to your personal data:
– the right to information; right to correction or to deletion;
– the right to restrict processing;
– the right to oppose processing;
– the right to data transfer.
(2) You also have the right to lodge a complaint to a data protection supervisory authority about our processing of your personal data.
§ 3 Collection of personal data when visiting our website
(1) If you use the website purely for information purposes, that is, if you do not register or send us other information, we will only gather the personal data that your browser submits to our server. In order to display our website to you and to guarantee its stability and security, we must collect the following information from you that is technically necessary for you to view our website. (Legal basis is Art. 6 (1) sentence 1, f) GDPR):
– IP address
– the date and time of request;
– time zone difference from Greenwich Mean Time (GMT);
– content of the request (specific page) – access status/HTTP status code;
– amount of data transferred in each case;
– the website that makes the request;
– your browser;
– operating system and its interface;
– language and version of browser software.
(2) When you visit our website, cookies are added to the aforementioned data and stored on your computer. Cookies are small text files that are stored on your computer’s hard drive in connection with the browser you are using, and they allow the party setting the cookie (in this case, us), to obtain certain information. Cookies cannot run programs or infect your computer with viruses. They help to improve the usability and efficiency of our Internet offering.
a) This website uses the following types of cookies, the range and functionality of which are described below:
– Transient cookies (hereinafter referred to as b);
– Persistent cookies (see c below).
b) Transient cookies are automatically deleted when the browser is closed. In particular, these include the session cookies. These store a session ID which assigns the various requests from your browser during the joint session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser’s security settings.
d) You can customize your browser settings as desired and, for example, decide not to accept third-party cookies or any cookies. We would like to point out that you may not be able to use all the features of this website. e) Your Flash plug-in, not your browser, collects the Flash cookies that are utilized. We also use HTML5 storage objects that are stored on your mobile device. These objects store the required data independently of the browser you use and do not have an automatic expiry date. If you do not wish the Flash cookies to be processed, you must install an appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using the private setting in your browser. We also recommend that you manually delete your cookies and your browser history on a regular basis.
§ 4 Other features and services offered on our website
(1) In addition to the simply informational use of our website, we provide various services that you can use if you are interested. For this purpose, you must provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.
(2) In some cases, we will use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
(3) Furthermore, we may disclose your personal data to third parties if we offer promotions, competitions, contracts or similar services together with partners. More detailed information is available when you provide your personal data or in the description of the offer below.
(4) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you of the implications of this fact in the description of the offer.
§ 5 Objection to or revocation of your consent for the processing of your data
(1) If you have given your consent to the processing of your data, you may revoke it at any time. If you exercise this right, this will affect our ability to use the personal data you have already given us.
(2) You may object to the processing of your personal data based on the balance of interests. This is the case if processing is not required, specifically in the fulfillment of a contract with you, which is illustrated in each case in the description of the functions. When making such an objection, we ask that you justify the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the relevant facts and either discontinue or adjust data processing, or demonstrate to you our compelling and legitimate reasons for continuing the processing.
(3) You may, of course, object at any time to the processing of your personal data for advertising and data analysis purposes. You can inform us about your objection to advertising at the following contact address: radiologie-weiterbildung.de (GbR), Ottostraße 17, 96047 Bamberg, by phone: +49 157 58741925, by email: email@example.com
§ 6 Use of our online shop
(1) If you would like to order from our online shop, it is necessary for the conclusion of the contract that you give us your personal data, which we need to complete your order. Mandatory information required for the processing of contracts is marked separately, other information is voluntary. You can give your payment information to our payment service providers, or we can pass it on to our in-house bank for payment processing; these third parties are each independently responsible for the payment processing. The legal basis for this is Art. 6 para.1 subsection 1, b) GDPR.
(2) We may also process the data you provide in order to inform you of other interesting products from our portfolio or send you emails containing technical information.
(3) We are required by commercial and tax law to keep your address, payment, and order information for a period of 10 years. However, we restrict processing after three years; from that point forward, your data will only be used to comply with legal obligations.
(4) To prevent unauthorized access to your personal data by third parties, the ordering process is encrypted using TLS technology.
§ 7 Use of video conferencing systems
(1) To conduct our online courses, we rely on third-party providers of video conferencing systems, particularly the provider “Zoom.” The following explanations refer explicitly to the use of Zoom. To conduct these online courses, however, we expressly reserve the right to use other video conferencing system providers. In this case, the following statements apply as appropriate.
(2) The form of data processing depends on how the relevant service is actually used. The video conferencing systems used offer various design and usage options. As a host or moderator, the personal data you have submitted to the respective video conferencing system provider will be processed for the purpose of managing the video conferencing facilities. As a student and a participant in the video conference, you have the option of participating in the chat or sharing your microphone or camera. Depending on the use and release granted, the following personal data, among other things, may be processed:
– user information: first name, last name, telephone (optional) – video, audio and text data: video data if you have enabled the camera on your device; audio data if you have enabled the microphone on your device; text data if the chat, question or survey function is used.
– meeting metadata: start, end and duration of the meeting or participation, name and description of the meeting, planned date and time of the meeting, chat status, IP address of the devices used to participate as well as other device/hardware information (device ID, device type, operating system and version, client version, camera type, microphone or loudspeaker, etc.)
(3) We use Zoom as well as other video conferencing system providers to deliver the online courses you have booked on our website. If we want to record these courses, we will inform you in advance and – if necessary – obtain your consent. We may also store chat transcripts for the purpose of following up on the course.
(4) Insofar as personal data is processed within the scope of the use of video conferencing systems, this is done in order to fulfill the contract concluded between you and us for the implementation of the online courses in accordance with Art. 6 para. 1, b) GDPR. The legal basis for the processing of personal data that you optionally disclose is your consent pursuant to Art. 6, para. 1, a) in conjunction with Art. 7 of the GDPR.
(5) The personal data referred to in paragraph (2) above shall be processed for as long as is necessary for the implementation of the online courses and related services. This does not apply if, in an exceptional case, a longer storage or retention time period is required by law or due to other legal regulations.
(6) If an online course is to be recorded, we will inform you in advance. In this case, you can independently turn off your camera or microphone in order to prevent your personal data from the online course from being processed. With the recording, video, audio and text data can be stored and, in this case, also remain stored for the duration of the meeting.
(7) Personal information processed in connection with enrollment in online courses is, as a matter of principle, not released to third parties unless that is what is intended. (8) Further information on data processing when using Zoom can be found at https://zoom.us/de-de/privacy.html and https://zoom.us/docs/de-de/privacy-and- security.html. Please note that this is an external website that is operated by Zoom Video Communications, Inc. under its own initiative and that personal data is processed when you visit it.
§ 8 Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files that are stored on your computer to help the website analyze how users use the site. The information generated by the cookie about your use of the website is usually transmitted to a Google server in the United States and is stored there. However, if IP anonymization is activated on this website, Google will first shorten your IP address in a member state of the European Union or in other states that are parties to the agreement governing the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. Google will use this information on behalf of the operator of this website to evaluate your use of the website, compile reports on website activity and provide other services to the website operator relating to website activity and internet usage.
(2) The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data.
(4) This website uses Google Analytics exclusively with the extension “_anonymiezeIp().” This means that IP addresses are processed in a shortened form, making it impossible to relate them to a specific person. If the data collected about you is personally identifiable, it will be blocked immediately and the personal data deleted as soon as possible.
(5) We use Google Analytics to analyze and regularly improve the use of our website. The statistics collected enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases where personal data is transferred to the United States, Google has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1, clause 1, f) GDPR.
(6) Third-party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Conditions of use: http://www.google.com/analytics/terms/de.html, Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the Data Protection Declaration: http://www.google.de/intl/de/policies/privacy.
§ 9 Transfer of personal data to a third country outside the EU
(1) We use, among others, Google Analytics and Zoom services. In the context of this use, it may therefore be necessary for personal data to be transmitted to companies based in third countries outside the EU, particularly to the United States.
(2) There may be no EU Commission adequacy decision for these third countries within the terms of Art. 45(1) and (3) GDPR. This means that these countries may not be able to guarantee a level of data protection equivalent to that of the EU. Even other appropriate safeguards (e.g. encryption or anonymization) or standard contractual clauses with service providers based in third countries may not guarantee data protection comparable to that of the EU. This also applies in particular to the United States, after the so-called EU-US Privacy Shield was declared invalid by the ECJ in its judgment of July 16, 2020 (the so-called Schrems II decision).
(3) In this context, the following risks arise, which cannot currently be ruled out:
– your personal data could reach other third parties who use your data for purposes other than its original purpose;
– you may not be able to effectively assert or enforce your rights of access against the third party or the service provider based outside the EU;
– there may be a higher probability that incorrect data processing may occur because the technical and organizational measures taken by the service provider based outside the EU to protect personal data do not fully meet the requirements of the GDPR in terms of quantity and quality.
(4) If you have consented to the use of the services referred to in paragraph (1) above and thus to the transfer of personal data to third countries outside the EU, the transfer of the data is based on Art. 49 (1) (a) GDPR. You may also revoke this consent at any time. A revocation will not affect the lawfulness of the processing carried out based on the consent up to the revocation.
Status: December 2021