Privacy policy

Privacy policy

When you use the website, personal data such as your IP address is generated. The operators handle this responsibly and in accordance with the applicable laws, in particular the European General Data Protection Regulation (GDPR). On this page we would like to inform you about data processing in connection with our website.

Responsible for data processing

German Society for Medical Informatics, Biometry and Epidemiology (GMDS) e.V.
Mrs. Beatrix Behrendt
Industriestrasse 154
50996 Cologne

Mrs. Helen Heinz

Explanations and definitions

Our privacy policy should be easy to read and understand for everyone. To ensure this, we would like to explain the terminology used in advance.
In principle, the definitions in Article 4 of the GDPR apply in addition to the following definitions.

Reach measurement

The aim of reach measurement is to statistically determine the intensity of use and the number of users of a website and to obtain comparable values for all connected offers. At no time are individual users identified. Your identity always remains protected.


A cookie is a small data package that is sent to your browser from a web server and can only be read by this web server. The function of this package is to create a kind of ID card for storing passwords, orders and preferences. It cannot be executed as program code or used to infect viruses.
Most browser programs accept cookies by default. You can instruct your browser to notify you when you receive a cookie so that you can decide whether or not to accept it.

Your rights

  • You have the right to obtain from us confirmation as to whether or not data concerning you is being processed by GMDS.
  • Furthermore, you have a right to information about your stored personal data.
  • You also have the right to demand the immediate correction of incorrect personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data concerning you, including by means of a supplementary declaration.
  • You also have the right to have the personal data concerning you erased without undue delay, unless there are legal grounds prohibiting erasure.
  • You also have the right to request the restriction of processing under the conditions of Art. 18 GDPR.
  • You also have the right to receive the personal data concerning you, which you have provided to GMDS, in a structured, commonly used and machine-readable format.
  • You also have the right to transfer this data to another controller under the conditions of Art. 20 GDPR.
  • You also have the right to object to the processing of personal data concerning you which is based on Art. 6 para. 1(e) or (f) of the GDPR to object.
  • And of course you have the right to withdraw your consent to the processing of personal data at any time.
  • You also have the right not to be subject to a decision based solely on automated processing, including profiling.
  • To clarify: GMDS does not make such decisions, but due to European law we must inform you of this right.
  • You also have the right to contact a supervisory authority and lodge a complaint there if necessary. A list of supervisory authorities (for the non-public sector) with addresses can be found at:

Please contact the e-mail address below if you wish to exercise your rights, or if you have any questions about the information stored.

Contact address:

Legal basis for the processing of personal data

As the data subject of a data processing operation, you have various rights.

  • In data protection, the so-called prohibition with reservation of permission applies. Accordingly, the processing of personal data is generally unlawful unless the data subject has given consent or it is legitimized by a legally regulated reason for permission. We are obliged to inform you about the legal basis of data processing.
    If we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a GDPR as the legal basis.
  • In the case of processing operations that are necessary for the performance of a contract concluded between you and us or for the implementation of pre-contractual measures (e.g. if you register for one of our events), Art. 6 para. 1 lit. b GDPR as the legal basis.
  • If the processing of personal data is necessary for compliance with a legal obligation to which we are subject, such as statutory retention and storage obligations, Art. 6 para. 1 lit. c GDPR as the legal basis.
  • If processing is necessary to protect our legitimate interests or those of a third party and your interests, fundamental rights and freedoms do not override the former interest, the processing of personal data is governed by Art. 6 (1) (f) GDPR. 1 lit. f GDPR is legitimized.

Which data is processed for which purposes?

Data collection when visiting our websites

You are cordially invited to visit this website. However, when you visit this site, certain routing and technical information about your computer is collected that is technically necessary to display our websites to you and to ensure stability and security.

Processed are for example:

  1. the Internet Protocol address,
  2. the date and time of access to the website,
  3. the website from which an accessing system reaches our website (so-called referrer),
  4. which website and which file you are accessing,
  5. Access status/HTTP status code
  6. Transfer data volume
  7. the operating system (MS Windows 10, Linux, etc.),
  8. Environment data such as the browser type (Internet Explorer, Firefox, etc.),
  9. the speed of your central computer,
  10. Name of your Internet access provider.

When using this general data and information, no conclusions are drawn about the data subject. Rather, this information is required in order to

  1. to deliver the content of our website correctly,
  2. to ensure the long-term functionality of our information technology systems and the technology of our website, and
  3. to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.
    To ensure the above-mentioned purposes, this data is temporarily stored in the log files of our system for a maximum period of fourteen days.

The legal basis for these processing operations is Art. 6 para. 1 lit. f GDPR.

Provision of our statutory and business-related services

We process the data of our members, supporters, interested parties, customers or other persons in accordance with Art. 6 para. 1 lit. b. GDPR, insofar as we offer them contractual services or act within the framework of an existing business relationship, e.g. with members, or are ourselves recipients of services and benefits. This takes place, for example, as part of our intranet use. Otherwise, we process the data of data subjects in accordance with. Art. 6 para. 1 lit. f. GDPR on the basis of our legitimate interests, e.g. in the case of administrative tasks or public relations work.
The data processed, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. This basically includes inventory and master data of the persons (e.g., name, address, etc.), as well as contact data (e.g., e-mail address, telephone, etc.), contract data (e.g., services used, content and information provided, names of contact persons) and, if we offer services or products subject to payment, payment data (e.g., bank details, payment history, etc.).
We delete data that is no longer required to fulfill our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of business processing, we retain the data for as long as it may be relevant for business processing and with regard to any warranty or liability obligations. The necessity of retaining the data is reviewed every three years; otherwise the statutory retention obligations apply.


Cookies are used by us if they are used for technical session control, e.g. to transfer your data from one page to the next as part of the registration process for events. The cookies used on this site are not permanent and are therefore reset each time you visit the site. Cookies from previous visits, which may still be present after an unexpected termination of your Internet browser, for example, are not read. No attempt is made to carry out any form of profiling with the help of cookies. The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.
Furthermore, cookies are used in the context of the use of Google Analytics so that the reach measurement (see section “Reach measurement / Google Analytics”) can take place. The legal basis for this processing of personal data is your consent (Art. 6 para. 1 lit. a GDPR).

Reach measurement / Matomo

As part of Matomo’s reach analysis, the following data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) GDPR), the following data is processed: the browser type and version you use, the operating system you use, your country of origin, the date and time of the server request, the number of visits, the time you spend on the website and the external links you click on. The user’s IP address is anonymized before it is saved.

Matomo uses cookies, which are stored on the user’s computer and which enable an analysis of the use of our online offer by the user. Pseudonymous user profiles can be created from the processed data. The cookies have a storage period of one week. The information generated by the cookie about your use of this website is only stored on our server and is not passed on to third parties.

Users can object to the anonymized data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is stored in your browser, which means that Matomo no longer collects any session data. However, if users delete their cookies, this means that the opt-out cookie is also deleted and must therefore be reactivated by the users.

Registration function, contact forms and e-mail contact

For some services or areas of this site, you will be asked to register and provide information about yourself and/or your company (such as name, job title, e-mail address and other information) to enable us to provide you with services and information (e.g. when using a feedback form or registering for events).
In each contact form, the fields marked with an “*” are those that we need to process your message, such as your name to assign the request or your e-mail address so that we can give you feedback. You can provide us with further information, such as a telephone number, which will make it easier for us to process your request.
However, you will always be informed and must consent to the transmission of your personal data before your data is transmitted.
If you transmit personal data of other persons, please ensure that these persons are informed about these guidelines for the protection of personal data, can view them and consent to the transmission of the data.
The data will be used exclusively for processing the stated purposes and – provided we are not required by law to store it – will be deleted immediately after processing. Your data will not be passed on to or processed by third parties.

  • If you have given your consent, the legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR.
  • If the registration serves the fulfillment of a contract to which you are a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR.


We host the content of our website with the following provider: All-Inkl.

The provider is ALL-INKL.COM – Neue Medien Münnich, Inh. René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter All-Inkl). Details can be found in All-Inkl’s privacy policy:
The use of All-Inkl is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the data controller processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Social Media / Twitter

GMDS uses the technical platform and services of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. for the short message service offered here. Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, is responsible for the data processing of persons living outside the United States.
We would like to point out that you use the Twitter short message service offered here and its functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, rating).
Information about which data is processed by Twitter and for what purposes it is used can be found in Twitter’s privacy policy:

GMDS has no influence on the type and scope of the data processed by Twitter, the type of processing and use or the disclosure of this data to third parties. It also has no effective control options in this respect.
By using Twitter, your personal data will be processed by Twitter Inc. will be collected, transferred, stored, disclosed and used in the United States, Ireland and any other country where Twitter Inc. business activities and stored and used there.
On the one hand, Twitter processes your voluntarily entered data such as name and user name, e-mail address, telephone number or the contacts in your address book when you upload or synchronize it.
On the other hand, Twitter also analyzes the content you share to determine which topics you are interested in, stores and processes confidential messages that you send directly to other users and can determine your location using GPS data, wireless network information or your IP address in order to send you advertising or other content.
For evaluation purposes, Twitter Inc. possibly analysis tools such as Twitter or Google Analytics. GMDS has no influence on the use of such tools by Twitter Inc. and was not informed of such a potential deployment. If tools of this kind are used by Twitter Inc. The GMDS has not commissioned, approved or otherwise supported in any way the use of the data for the GMDS account. The data obtained during the analysis is also not made available to him. Only certain non-personal information about tweet activity, such as the number of profile or link clicks through a particular tweet, can be viewed by the GMDS via its account. Furthermore, GMDS has no way of preventing or disabling the use of such tools on its Twitter account.
Finally, Twitter also receives information when you view content, for example, even if you have not created an account. This so-called “log data” can be the IP address, the browser type, the operating system, information about the previously accessed website and the pages you have accessed, your location, your mobile phone provider, the end device you are using (including device ID and application ID), the search terms you have used and cookie information.
Twitter buttons or widgets integrated into websites and the use of cookies enable Twitter to record your visits to these websites and assign them to your Twitter profile. This data can be used to tailor content or advertising to you.
You have the option of restricting the processing of your data in the general settings of your Twitter account and under “Privacy and security”. In addition, you can restrict Twitter’s access to contact and calendar data, photos, location data etc. on mobile devices (smartphones, tablet computers) in the settings options there. However, this depends on the operating system used.
You can find more information on Twitter itself:


YouTube videos are embedded on some GMDS websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. YouTube is informed which pages you visit.
If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand.
When a YouTube video is started, the provider uses cookies that collect information about user behavior. but also YouTube cookies to collect information about visitors to their website. YouTube uses these to collect video statistics, to prevent fraud and to improve user-friendliness, among other things. This also leads to a connection being established with the Google DoubleClick network. If you start the video, this could trigger further data processing operations. We have no influence on this. If you wish to prevent this, you must block the storage of cookies in your browser.
Further information on data protection at “Youtube” can be found in the provider’s privacy policy at:, an opt-out option can be found at:

Duration for which the personal data is stored

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the purpose of storage no longer applies (in particular if the data is no longer required for contract fulfillment or contract initiation) or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.


The German Society for Medical Informatics, Biometry and Epidemiology (GMDS) e.V. uses technical and organizational security measures to protect your personal data managed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

Data transmission

Telecommunications secrecy also protects your e-mail content and form entries from unauthorized access and processing. We can guarantee compliance with telecommunications secrecy for the GMDS area. However, we would like to point out that data transmission via the Internet can generally be recorded by other Internet operators and users. As far as possible, personal data is only transmitted in encrypted form, but we can only influence our part of the transmission path.

Disclosure of personal data

Information about you will be passed on to others if it is assumed in good faith that this is required by law or legal proceedings or that there are corresponding legal requirements (e.g. requirements under the Teleservices Act). In particular, personal data will only be passed on to state institutions and authorities within the framework of corresponding national legislation or if disclosure is necessary for legal or criminal prosecution in the event of attacks on our network infrastructure.

Otherwise, your data will not be made available to anyone outside GMDS, but will be used exclusively to provide the services described. In particular, neither your e-mail address nor any other information that identifies you will be passed on to third parties.
Insofar as we use service providers to carry out and handle processing operations (e.g. in the context of online registration for our annual conference or other events), the contractual relationships are governed by the provisions of the Federal Data Protection Act.

Data transfer to third countries

Processing takes place in third countries:

  1. When using the Twitter functionality (recipient of the data: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 USA).
  2. When using YouTube (recipient of the data: YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA)

No further processing takes place in third countries.

Our online offer contains links to other websites. We have no influence on whether their operators comply with data protection regulations.

Questions or concerns?

If you have any questions or concerns about this Privacy Policy or the collection of your data, you can contact us at any time at the following e-mail address:


This policy will be updated as necessary with effect for the future, e.g. in the event of changes to the legal provisions or if there are changes to the collection and/or processing of data. You are therefore requested to look at this data protection declaration repeatedly.