Privacy Policy

Data protection and data security for the customers and partners of our company as well as for interested parties and users of our website are of great importance to our company. Transparency regarding the processing of your personal data as well as the protection of your data are therefore particularly important to us.

This declaration provides you with an overview of how your personal data is collected and processed when you use our website and what you can do yourself to improve the protection of your data.

Person responsible for processing

Heidelberg University Hospital
Im Neuenheimer Feld 672
69120 Heidelberg

Institution under public law represented by the Executive Board of the University Hospital

Telephone: 06221 56-0
Fax: 06221 56-5999
E-mail: klinikumsvorstand(at)

Data protection officer of the Heidelberg University Hospital

Data Protection Officer
Im Neuenheimer Feld 672
69120 Heidelberg
06221 56 7036
data protection(at)

What is personal data?

Personal data is any information that relates to an identified or identifiable natural person. The decisive factor is therefore whether the data collected can be related to a person. This includes information such as your name, address, telephone number and e-mail address. Information that is not directly related to your real identity - such as favourite websites or the number of users of a site - is not personal data.

How we collect and process personal data

When you visit our website, our web servers temporarily store the connection data of the requesting computer, the web pages you visit on our website, the date and duration of the visit, the identification data of the browser and operating system type used as well as the website from which you visit us for the purpose of system security. Additional personal information such as your name, address, telephone number or e-mail address is not collected unless you provide this information voluntarily, e.g. as part of a registration, a survey, a competition, for the performance of a contract or a request for information.

How we use your personal data, how we pass it on

If the opportunity for the input of personal or business data (email addresses, name, addresses) is given, the input of these data takes place voluntarily. E-mails are transmitted via a contact form. If you send us such a message, your personal data will only be collected to the extent necessary for a reply. The e-mail is transmitted unencrypted.

We use the personal data you provide exclusively for the purpose of the technical administration of the websites and to fulfil your wishes and requirements, i.e. generally to process the contract concluded with you or to answer your enquiry.

We also use this data for product-related surveys, marketing purposes and statistical purposes only if you have given us your prior consent or if you have not objected - insofar as this is provided for by legal regulations.

Your personal data will not be passed on, sold or otherwise transferred to third parties unless this is necessary for the purpose of processing the contract or you have given your express consent.

Consent given can be revoked at any time with effect for the future.

How long will your data be stored

In principle, we store all the information you send us until the respective, e.g. contractual, purpose has been fulfilled. E.g. in the case of enquiries until they have been dealt with, in the case of newsletters until you unsubscribe from the newsletter. If longer storage is provided for by law, the data will be stored within this framework.

If you no longer wish us to use your data, we will of course comply with this request immediately (please contact us at the address given under "Contact").

When will your data be deleted

Stored personal data will be deleted if you revoke your consent to storage, if knowledge of the data is no longer required to fulfil the purpose for which it was stored, or if storage is no longer permitted for other legal reasons. Data for billing and accounting purposes are not affected by a request for deletion.

Use of Cookies

When you visit our website, we use so-called cookies. These are small text files that are stored on your computer. Cookies help us to determine the frequency of use and the number of users of our Internet pages, as well as to make our offers as comfortable and efficient as possible for you.

Kirby Session Cookie

We use so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies enable us to recognise your browser on your next visit.

Font Awesome (local hosting)

This site uses Font Awesome for the consistent display of fonts. Font Awesome is installed locally. A connection to servers of Fonticons, Inc. does not take place. For more information on Font Awesome, please see the Font Awesome privacy policy.

It is also possible to use our offers without cookies. You can deactivate the storage of cookies in your browser, restrict them to certain websites or set your browser to notify you as soon as a cookie is sent. Please note, however, that if you deactivate cookies, you will have to reckon with a restricted display of the page and with a restricted user guidance.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services.

What we do for the security of processing

Our company takes all necessary technical and organisational security measures to protect your personal data from loss and misuse. For example, your data is stored in a secure operating environment that is not accessible to the public. In certain cases, your personal data is encrypted during transmission using so-called Secure Socket Layer technology (SSL). This means that communication between your computer and our company's servers takes place using a recognised encryption method if your browser supports SSL.
These are the legal bases

"Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1a) of the EU General Data Protection Regulation (DS-GVO) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1b) DS-GVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1c) DS-GVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1d) DS-GVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1f) DS-GVO serves as the legal basis for the processing. Legitimate interests include, in particular, ensuring the operation and security of the website, investigating the way visitors use the website and facilitating the use of the website."
These are your data protection rights

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and possible recipients and the purpose of the data processing (Art. 15 DSGVO) and, if applicable, a right to correct incorrect data Art. 16 DSGVO), delete this data (Art. 17 DSGVO) the right to restrict processing in accordance with Art. 18 DSGVO, to object (Art. 21 DSGVO) and the right to data portability of data provided by you in accordance with Art. 20 DSGVO). The restrictions according to §§ 34 and 35 BDSG apply to the right to information and the right to deletion.

In addition, you have the right to lodge a complaint with the competent supervisory authority in the event of a breach of data protection law (Art. 77 DSGVO in conjunction with §19 BDSG). The competent supervisory authority in matters of data protection law is the State Data Protection Commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link.

How to revoke your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Changes to the privacy policy

Changes may be made to this privacy notice, which will be posted on this page in a timely manner.