1.2. When processing your personal data, we strictly observe the data protection requirements of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).
1.3. Personal data refers to any information that can be related to you personally and can be used to identify you, e.g., IP address, name, address, e-mail data, user behavior.
1.5. The Data Controller pursuant to Art. 4 (7) GDPR is DKMS gemeinnützige GmbH (see legal notice). Our Data Protection Officer can be reached at email@example.com or at our postal address with “the Data Protection Officer” as the addressee.
We collect information from you when you visit our website or use our services on the website. Depending on how you use our website, this may include the following information:
2.1. For informational purposes only: You can visit our website without providing any personal data. When using the website for informational purposes only, i.e., if you do not fill out a contact form or otherwise send us information, we do not collect any personal data, with the exception of the data that your browser automatically transmits to our server to enable your use of our website.
For the technical provision of our website and to ensure our information technology systems’ security, it is necessary for us to process certain automatically transmitted information from you so that your browser can display our website and you can use it. This information is automatically collected every time our website is visited and stored in our server log files. This information refers to the computer system of the requesting computer. The following information is collected here:
This information refers to the computer system used. We use this data (with the exception of the IP number of your computer) solely for statistical purposes to measure demand for our web content and services. The data is recorded cumulatively for all website users, which means that it is not possible to assign this data to a specific person. This data is not merged with data from other data sources.
2.2. In addition to the purely informational use of our website, we offer various services (e.g., contact forms) that you can use if interested. This generally requires you to supply additional personal data that we need to provide the respective service.
2.2.2. Contacting us by e-mail or contact form: If you contact us by e-mail or one of the contact forms on our website, the data you provide will also be processed (your e-mail address, possibly your name and telephone number) and stored by us in order for us to be able to answer your questions. User data can be stored in a Customer Relationship Management (CRM) system or similar.
2.2.3. Links to third-party websites:
Our website contains links to third-party websites in various places. After clicking on the embedded link, you will be redirected to the respective third-party provider’s website. During the redirect process, user data is transferred to the respective third-party provider. If you send information to or via these third-party sites, we recommend that you read the privacy policies of these sites before providing them with any further information that may be personally identifiable. For information on how your data is processed on third-party websites, please refer to the respective privacy policies of the third-party providers. We are not responsible for how they operate or handle data.
3.1. We only process your personal data to the extent that this is necessary to provide a functional website and our content and services and where we are legally permitted to do so. The corresponding legal bases are listed individually below. Moreover, we are always entitled to process personal data if the data subject has consented (Art. 6 (1) a, Art. 7 GDPR), if we are obliged to fulfill contractual or pre-contractual obligations (Art. 6 (1) b GDPR), if we have to fulfill legal obligations (Art. 6 (1) c GDPR) or if we protect our legitimate interests (Art. 6 (1) f GDPR).
3.2. If you use our website for purely informational purposes, we only collect the data that is technically necessary for us to display our website to you and to ensure its stability and security. The legal basis for processing is our legitimate interest according to Art. 6 (1) (1) f GDPR.
3.3. When you contact us by e-mail or contact form, your personal data will only be used for the purpose of answering your request. The legal basis for processing is our legitimate interest according to Art. 6 (1) (1) f GDPR.
When you use our website, your data is transmitted to us in encrypted form to prevent access by unauthorized third parties. We store your data on specially protected servers. Access to personal data is only possible for a few specially authorized DKMS employees, all of whom are familiar with and committed to the relevant data protection regulations.
Only our employees have access to your personal data. In addition, we sometimes share personal data with order processors, in particular service providers, with whom we cooperate. We are entitled to do this if the data subject has consented to this (Art. 6 (1) a, Art. 7 GDPR), if we thereby fulfill contractual or pre-contractual obligations (Art. 6 (1) b GDPR), if we thereby fulfill a legal obligation (Art. 6 (1) c GDPR) or if we safeguard our legitimate interests (Art. 6 (1) f GDPR). The service providers have been carefully selected and commissioned by us, are bound by our instructions and are monitored on a regular basis. We conclude a so-called order processing agreement with order processors in accordance with Art. 28 GDPR, according to which they also undertake to comply with data protection.
We assure you that we do not sell or rent your information to other companies or organizations. Under no circumstances will we use your e-mail address or other data without your consent for other purposes for which you have not given your consent.
6.1. We will only store personal data that you have transmitted or provided until the purpose for doing so has been fulfilled, until you revoke your consent, until you object to the data being processed or until you request the deletion of your data.
6.2. If you use our website for informational purposes only, we store your data on our servers exclusively for the duration of your visit to our website. Once you leave our website, your data will be deleted immediately.
6.3. If you contact us by e-mail or one of the contact forms provided when using our website, we will delete the data collected in this context once it is no longer necessary to store it or restrict its processing if any statutory retention obligations exist. We check necessity on a regular basis.
7.1. You have the right to request confirmation as to whether personal data concerning you is being processed by us. If this is the case, we will gladly provide you with information about this personal data and the information listed in Art. 15 GDPR.
In addition, you have the following rights vis-à-vis us:
Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, under the conditions set out in Art. 77 GDPR if you believe that the processing of your personal data infringes data protection law.
7.2. If you have given your consent to the processing of your personal data, you can revoke this consent at any time. If you revoke your consent, this will restrict us from processing your personal data once you have notified us of your revocation. You can also limit the revocation of the processing of your personal data to specific purposes (e.g., newsletter) (restriction of processing).
7.3. To exercise your rights described above, please submit your request to: DKMS gGmbH, Kressbach 1, 72072 Tübingen or by e-mail to firstname.lastname@example.org
On this website, we use the Piwik PRO Analytics Suite (“Piwik PRO”) consent management tool from the company Piwik PRO GmbH, Lina-Bommer-Weg 6, 51149 Cologne, Germany.
Consent management (declaration of consent for tracking user data) is used to actively ask for your permission when you first visit our site to allow us to collect analytical data on your user behavior. Consent management also allows users to actively decide whether external content is displayed on our site. Consent to cookies, Analytics, Tag Manager, social embeds, YouTube can be activated and deactivated at any time in this website’s footer. Click the link "Consent Manager".
Each permission can be activated and deactivated individually. All the following points are dependent on this consent by the user.
9.3. You can configure your browser settings according to your preferences and, for example, refuse to accept so-called third-party cookies or all cookies. Moreover, you can prevent or restrict the installation of cookies through your Internet browser’s relevant settings. You can also delete previously stored cookies at any time. However, the steps and measures that are necessary to do so depend on the specific Internet browser that you use. Therefore, if you have any questions, please refer to the help function or documentation for your Internet browser or contact the corresponding manufacturer or support. If no consent is given in the Consent Banner (or revoked via the “Consent Management” link in the footer), only cookies that store this block decision are set.
9.4. This website uses the following types of cookies, the scope and function of which are explained below:
We use the “local storage” and “session storage” of the browser. The web storage stores the data securely in the user’s browser and does not transmit it unencrypted over the Internet.
Session storage: The scope includes an individual browser window/tab and is automatically cleared when the browser window is closed.
10.1 On this website, we use the Piwik PRO Analytics Suite (“Piwik PRO”) analysis program from the company Piwik PRO GmbH, Lina-Bommer-Weg 6, 51149 Cologne, Germany. This software is used to collect data that enables us to tailor our website’s design to user requirements and statistically evaluate visitors’ flow for marketing and optimization purposes. Pseudonymous usage profiles are also created in this context. Cookies are used for this purpose, which are stored on your computer and which enable a pseudonymous analysis of your use of our website. The IP address is immediately truncated after collection and prior to storage. Piwik PRO Marketing Suite Cloud is hosted on Microsoft Azure in Germany.
Piwik Pro always tracks anonymously. If the user consents to the use of Analytics, the tracking is enriched pseudonymously. This makes it possible, for example, to identify returning users and perform more precise analyses.
The legal basis for this processing is our legitimate interest according to Art. 6 (1) (1) f GDPR. The information collected by the cookies about the use of our website is stored on servers of Piwik PRO or service providers commissioned by them in Europe. The IP address is anonymized immediately after processing and prior to storage. The information generated by Piwik PRO is not used to identify visitors personally and is not merged with other personal data of the user.
You can specify in the consent banner as well as subsequently in the footer via the link “Consent Management” whether you consent to us using PIWIK PRO in the manner described. If you choose not to do so, a PIWIK PRO deactivation cookie will be deposited on your end device (“opt-out” cookie). Please note that your browser must accept cookies in order for this cookie to be deposited. If you delete the deactivation cookie, you may have to opt-out again.
10.2. Piwik Tag Manager
This website uses Piwik Pro Tag Manager. This service allows website tags to be managed via an interface. Piwik Pro Tag Manager does not set any cookies, only tags, and does not collect any personal data. The service triggers other tags, which in turn may collect data. A tag is only triggered if the user has consented to this beforehand. If the user does not grant specific permissions in Piwik Consent Management, the corresponding tags will not be triggered. Tags that do not process personal data are always loaded. However, Piwik Pro Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will apply to all tracking tags implemented with Piwik Pro Tag Manager.
10.3. AddSearch search function
The search box results on our website are provided by the web service of AddSearch Oy, Töölönkatu 4, FI-00100 Helsinki, Finland (“AddSearch”). When you actively use the search box on our website, a data transfer to AddSearch takes place. Only the search terms you enter and your IP address are transmitted.
10.4. Amazon Web Services: Hosting
For hosting the database and web content on our website, we use the Amazon Web Services (“AWS”) service provided by Amazon Web Services, Inc. Box 81226, Seattle, WA 98108-1226, USA. The data is stored exclusively in a German data center (Frankfurt/Main), which is certified according to ISO 27001, 27017 and 2018, as well as PCI DSS Level 1. We only have strictly limited access rights and the data is automatically encrypted.
The transmission of your personal data for these purposes is based on our legitimate interest in being able to provide you with the technical infrastructure of our website, in particular web servers, databases and the sending of e-mails, pursuant to Art. 6 (1) f GDPR.
For technical reasons, infrastructure maintenance may be carried out from the USA. To the extent that AWS transfers your personal data to the USA for this purpose, we will take safeguards to adequately protect your personal data. In particular, we conclude contracts with standard contractual clauses. For more information about standard contractual clauses for the transfer of personal data to processors outside the EU or EEA, please visit https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en
For more information about AWS and privacy, please visit https://aws.amazon.com/compliance/gdpr-center/?nc1=h_ls and https://aws.amazon.com/privacy/.
10.5. Amazon CloudFront
As part of the web hosting with AWS, we continue to use technologies provided by AWS or by the Amazon CloudFront content delivery network (“CDN”). A CDN makes extensive media files available via a regionally distributed server network in order to conserve own server resources. Before the website loads in your web browser, we use Amazon CloudFront to build SSL encryption to the website and to build other security features to protect against harmful influences from the worldwide web.
During this process, your IP address and other data are transmitted to Amazon CloudFront. The legal basis for this is Art. 6 (1) f GDPR.
10.6. Gatsby Cloud
Gatsby Cloud creates the DKMS gGmbH website’s front end and is hosted on the Google Cloud server. No private user data is transmitted to Gatsby Cloud. The service serves content from the Kentico Kontent content management system and delivers it to Amazon Web Services. Gatsby Cloud follows standard Google Cloud Service protocols.
11.1. We have integrated YouTube videos into our web content, which can only be played with prior consent via Consent Management. These videos are stored on the DKMS YouTube page and can be played directly from our website.
YouTube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
11.3. By integrating YouTube, we improve our offer and can make it more interesting for you as a user. The legal basis for the integration is our legitimate interest according to Art. 6 (1) (1) f GDPR.
Information about your right of objection pursuant to Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your data based on Art. 6 (1) f GDPR (data processing based on a balance of interests) or Art. 6 (1) e GDPR (data processing in the public interest). This also applies to profiling based on these provisions within the meaning of Art. 4 (4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
In individual cases, we also process your personal data for direct advertising purposes. If you do not wish to receive advertising, you have the right to object at any time; this also applies to profiling insofar as it is associated with such direct advertising. We will observe such objection with effect for the future.
We will no longer process your data for direct advertising purposes if you object to processing for this purpose.
The objection can be made in any form and should be addressed to: