Status: April 2025

1. general information and introduction

This Privacy Notice provides you with detailed information about how and why we process personal data when you visit our website or use our services. We take data protection extremely seriously and adhere strictly to the requirements of the General Data Protection Regulation (GDPR) and other relevant data protection regulations.

2. responsible body

Responsible body Yvonne Dintelmann, Director of Nursing at Heidelberg University Hospital and Managing Director of the Heidelberg Academy for Health Professions, AFG.

Contact:
Phone: +49 6221 56-8988
Fax: +49 6221 56-8343
Email: pflegedirektion@med.uni-heidelberg.de
Email: pflegedirektion@pflege-ukhd.de

Heidelberg University Hospital Im Neuenheimer Feld 672 69120 Heidelberg Institution under public law represented by the Executive Board of the University Hospital https://www.klinikum.uni-heidelberg.de/organisation/unternehmen/vorstand

Chairman of the Board: PROF. DR. MED. DR. RER. NAT. JÜRGEN DEBUS HEAD DOCTOR, CHAIRMAN OF THE EXECUTIVE BOARD Responsible for the content in accordance with Section 55 (2) RStV: Yvonne Dintelmann, Director of Nursing at Heidelberg University Hospital Editorial office of the Nursing Directorate and editorial team, the PDL / Centres, FAKTENHAUS Design, consulting, hosting, technical support and assistance FAKTENHAUS GmbH Heidelberg / www.faktenhaus.de

3. data protection officer

Data Protection Officer of
Heidelberg University Hospital
Im Neuenheimer Feld 672,
69120 Heidelberg
Phone: +49 6221 56-7036
Email: datenschutz@med.uni-heidelberg.de

4 Detailed description of data processing

We process your personal data only insofar as this is necessary for the operation and use of our website. The legal basis for this can be found in Art. 6 GDPR:

• Your consent (Art. 6 para. 1 lit. a GDPR)
• For the fulfilment of the contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR)
• Fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR)
• Our legitimate interest (Art. 6 para. 1 lit. f GDPR)
  

5. Cookies and consent management

We use cookies and similar technologies (Cookiebot by Usercentrics) to optimise the user experience and to collect statistical information. You can revoke your consent to this at any time.

6 Hosting and technical security

Our website is hosted by Mittwald CM Service GmbH; data transmission is always encrypted using SSL/TLS technology.

7 Comprehensive explanation of integrated services

• Google Fonts: Local integration without server calls
• Analysis and optimisation: Matomo (no cookies), Hotjar, Semrush
• Newsletter and marketing: CleverReach (GDPR-compliant)
• Online surveys: Survio (via iFrame technology, GDPR-compliant)
• Automatic translations: DeepL API (GDPR-compliant)
• Accessibility: Userway Widget (compliant with GDPR)
• Social networks: Instagram integration via Typo3 extension; Facebook and LinkedIn via external links
• Video platforms: YouTube (extended data protection mode), Vimeo (do-not-track mode)
• Map services: Google Maps, OpenStreetMap
  

8. file transfer with TransferNow

For the secure transfer of large files, we use the TransferNow service (provider: TransferNow SAS, 9 rue Anatole de la Forge, 75017 Paris, France). Your data is encrypted and stored exclusively on servers in Frankfurt am Main, Germany. Processing is carried out in accordance with the provisions of the EU GDPR. Further information: https://www.transfernow.net/de/datenschutz
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the secure transmission of large amounts of data), Art. 6 para. 1 lit. b GDPR (fulfilment of contract).

9. data transfer to third countries

Some providers transfer data to third countries outside the EU (in particular to the USA). This data transfer takes place exclusively on the basis of the standard contractual clauses of the EU Commission.

10 Storage duration and deletion of data

Personal data is only stored for as long as is necessary for the purposes for which it was collected or for as long as statutory retention periods apply. Your data will then be deleted immediately.

11. detailed list of your data protection rights

You have comprehensive rights with regard to the processing of your personal data, including

• Right of access
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object
• Right of cancellation
• Right to lodge a complaint with a data protection supervisory authority
  

12. changes and updates to this privacy policy

We regularly review and update this privacy policy to ensure compliance with applicable laws and regulations.