Data protection

Every time the web servers of the University of Regensburg data centre are accessed, the following data, which your internet browser transmits to us or to our website provider, shall be collected, processed and stored for technical reasons, depending on the access protocol used (so-called server log files):

• the IP address of the requesting computer,
• the date and time of the request,
• the request type (GET)
• the access method/function desired by the requesting computer,
• the input values transmitted by the requesting computer (file name, etc.),
• the path of the requested file,
• the access status of the web server(file transferred, file not found, command not executed, etc.),
• the data volume transferred,
• the transfer protocol used,
• the description of the type of web browser and operating system used and their compatibility modes,
• the website from which you visited us website (referrer URL),

These anonymous data shall be stored separately from any personal data that you have provided and can therefore not be traced back to a specific person. The data shall be stored for two weeks and then deleted, unless a recognised web attack leads to a civil or criminal prosecution of the attacker.

When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from a web server to your browser and are stored on the latter’s hard drive. The legal basis for the use of cookies is Art. 6 (1) f. GPDR.
Only the IP address shall be stored here – no other personal information. This information that is stored in the cookies allows us to automatically recognise you on your next visit to our website, making it easier for you to use our website.

Of course, you can also visit our website without accepting cookies. If you do not want your computer to be recognised on your next visit, you can also reject the use of cookies by changing the settings on your browser to "Reject cookies”. You can find out how to do this in the operating instructions for your browser. If you reject the use of cookies, this may restrict your use of some areas of our website.

We use the web analysis service Matomo on our website. Matomo uses cookies for this analysis. Cookies are small text files that are stored on your computer and enable your use of the website to be analysed.

The information generated by these cookies, for example the time, place and frequency of your visits to the website, including your IP address, shall be transferred to our PIWIK server, where it is stored. Your IP address shall be anonymised immediately during this process, so that you, as the user, remain anonymous to us. The information about your use of this website generated by the cookie shall not be passed on to third parties. You can prevent the installation of cookies by making a corresponding setting in your browser software; however, we would like to point out that in this case you may not be able to make full use of all the functions of our website.

According to a ruling of the European Court of Justice (ECJ) on 5th June 2018 (Ref. No.: C-210/16), the operator of a Facebook fan page shall be jointly responsible with Facebook for the processing of the personal data of the visitors to their page. We would hereby like to give you the following information about the processing of your personal data:

Regensburg University Hospital maintains the Facebook page in order to communicate with users there and in order to be able to refer to posts, etc. We would like to advise you that Facebook shall record your IP address and other information that is available on your PC in the form of cookies when you visit our Facebook page. The data collected in this context shall be processed by Meta Platform, Ltd. and, if applicable, transferred to countries outside the European Union. This may result in risks for the users because it could make it more difficult to enforce the users’ rights. Facebook uses the standard contractual clauses that have been approved by the European Commission and relies, if applicable, on the adequacy decisions issued by the European Commission with respect to certain countries for data transfers from the EEA to the USA and other countries (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

In its data use policy, Facebook describes, in a general way, which information Facebook receives and how this is used: https://www.facebook.com/about/privacy
You can find Facebook’s full data policy here: https://de-de.facebook.com/full_data_use_policy

How Facebook uses the data from your visit to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, for how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not specified clearly and conclusively by Facebook and is not known to us.

When you access a Facebook page, the IP address assigned to your device shall be transmitted to Facebook. According to Facebook, this IP address shall be anonymised (in the case of "German" IP addresses) and deleted after 90 days. Facebook shall also store information about its user’s devices (e.g. within the framework of the “log-in notification” function). If applicable, Facebook shall thus be able to assign IP addresses to individual users. If you are currently logged into Facebook as a user, there is a cookie on your device with your Facebook identification. As a result, Facebook is able to see that you have visited this page and to track how you have used it. This also applies to all other Facebook pages. Via Facebook buttons integrated into webpages, Facebook is able to record your visits to these pages and assign them to your Facebook profile. Contents or advertising tailored to you may be offered on the basis of this data.

For a detailed description of the processing and the opt-out options, we refer you to the following links: opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and the service providers who work for us are committed to the applicable data protection laws.

Whenever we collect and process personal data, the data shall be encrypted before being transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our data privacy notice is constantly being revised. Please ensure that you have the latest version.

Please contact us at any time if you would like to find out what personal data we are storing about you, or if you want to have this data corrected or deleted. You also have the right to a restriction of processing (Art. 18 GDPR), a right to object to the processing (Art. 21 GDPR) and a right to data portability (Art. 20 GDPR). In these cases, please contact us directly.

We reserve the right to amend our data privacy notice if this should be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this data privacy notice, we shall announce these on our website.

All interested parties and visitors to our website can use the following contact details for data protection issues:

Dr Wolfgang Börner
Datenschutzbeauftragter
Universitätsklinikum Regensburg
93042 Regensburg
0941 944-38630 / 0941 944-0
dsb@ukr.de

If our Data Protection Officer is unable to address your concern to your satisfaction, you have the right to complain to the data protection authority responsible for your federal state.

• Designation of the processing activities
  Production and temporary storage of video footage of the surveillance of the public premises at Regensburg University Hospital (UKR). The video surveillance shall be carried out openly and shall be transparently indicated by warning signs.
• Name and contact details of the controller
  Regensburg University Hospital, public-law institution, Franz-Josef-Strauss-Allee 11, 93053 Regensburg, Technical Centre – Siegfried Engl, siegfried.engl@ukr.de, T: 0941 944-5803.
• Contact details of the data protection officer
  Regensburg University Hospital data protection officer, Dr Wolfgang Börner, Franz-Josef-Strauss-Allee 11, 93053 Regensburgdsb@ukr.deT: 0941 944-38630 / or -0.
• Purposes and legal bases of the data processing
  Protection from dangers, abstract risk prevention, protection from crimes / assertion of civil claims for compensation, protection of property in accordance with Art. 6 (1) f. GDPR and Art. 24 (1) Bavarian Data Protection Act (BayDSG)
• Possible recipients of your data
  The film material shall only be passed on to recipients outside Regensburg University Hospital in the event of a criminal incident, in which case it shall be passed on to the authorities entrusted with the investigation.
• Transmission of personal data to a third country
  A transmission to a third country or an international organisation is not intended
• Duration of the storage of personal data
  The video surveillance footage shall be stored for 10 days and then deleted.
• Rights of data subjects
  In accordance with the General Data Protection Regulation, you have the following rights:
  if your personal data are processed, you have the right to access the data stored about you (Art. 15 GDPR).
  If incorrect personal data are processed, you have a right to rectification (Art. 16 GDPR).
  If the legal requirements are met, you can demand the deletion of the data or the restriction of the processing and to object to the data processing (Art. 17, 18 and 21 GDPR).
  If you make use of your aforementioned rights, Regensburg University Hospital shall check whether the statutory prerequisites for this are met.
  You shall also have the right to lodge a complaint with the Bavarian State Commissioner for Data Protection, PO Box 22 12 19, 80502 Munich, tel.: 089 212672-0, fax: 089 212672-50, e-mail: poststelle@datenschutz-bayern.de.
• Requirement for video surveillance
  Video surveillance and thus the professing of your personal data is necessary for exercising domiciliary rights.
• Source of your data
  The processed data exclusively come directly from the data captured during the video surveillance.
• Existence of automated decision making
  Automated decision making on the basis of the collected data shall not take place.