Data Privacy Notice
Visiting this website will result in your personal data being processed. While generally there is no need to provide personal information when you simply visit this website, certain features of the website and, possibly, related services may entail processing. Therefore, all visitors to this website should be herewith informed of the office responsible for the data processing, the purpose and scope of the processing and, of course, their rights as data subjects. All data processing operations on this website are in compliance with the statutory data privacy legislation, in particular with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Consent to data processing is therefore obtained from the data subjects, unless there is a legal basis for a specific processing procedure.
The Controller pursuant to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) is:
MediTest Foundation, Innocentiastraße 23, 20144 Hamburg, Telefon +49 (0)40 95064591, Telefax +49 (0)40 9506459110, E-mail: firstname.lastname@example.org
We use the Google AdWords tool developed by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA (“Google”). Google AdWords is an internet advertising service that allows ads to appear in Google’s search results and elsewhere on the Google network. The ads are shown to the user of Google services, if he/she uses certain search terms and we have previously defined these as search terms for the advertisement of the respective advertising (keywords). The algorithm used by Google ensures that the ads only appear in the case of specific keywords and when visiting certain websites.
The purpose of Google AdWords is, on the one hand, to promote our website by displaying relevant advertisements on third-party websites and in Google’s search results and, on the other hand, to display third-party advertisements on our website.
Google AdWords stores a so-called conversion cookie on the devices of visitors to our website (for cookies, see above). A conversion cookie will remain valid for thirty days, but will not be used to identify the visitor. However, the conversion cookie can detect whether certain subpages of our website have been visited or whether certain actions are being taken by visitors who have come to our website via an AdWords ad (for example, by placing an order in an online store).
The data collected through conversion cookies are used by Google to create access statistics for our website. These statistics help us understand which visitors have come to us through AdWords ads, assessing their impact and, if applicable, optimize them for the future. We do not receive Google information to identify visitors. The personal data collected by the conversion cookie, e.g. the visited websites, are stored. Each time our website is visited, such information, including the IP address of the Internet connection used by the visitor, is collected, transmitted to and stored by Google in the United States of America. If applicable, Google will forward this information to third parties.
The collection of data by means of cookies as well as the permanent setting of cookies on the system of the visitor can be prevented by a corresponding browser setting or by the use of other appropriate software. A cookie already set by Google can be deleted at any time by a corresponding browser setting or by the use of other appropriate software.
Statistics, presentation, collaboration with authorities
In order to create access statistics, display content correctly and work best with law enforcement in the event of a cyber attack, the following information is collected when you visit our website:
• IP address
• URL of the retrieved page
• Referrer (the previous page from which the visited page was referenced)
• Pages that are accessed through this website
• Date and time of access
• Duration of access
• Information about the Internet service provider, the operating system used and the browser used
These data collected when visiting the website are stored separately from other data that may be entered during the use of our website and are only used internally for the purposes mentioned and not disclosed to third parties, unless there is a legal obligation. Identification of a specific person from these data is not possible.
On the website, you have the option of sending us personal data via a contact form. Generally, you determine the scope and nature of the data transmitted in this way, by entering the data in the form. Before sending the data electronically, we draw your attention to this Data Privacy Notice and also ask for your express consent to data processing. The data transmitted through the contact form will be initially used by us to provide you with further information about our services. This can be a pre-contractual measure if you decide to place a contract for our services. The data will then also be used by us to fulfil the contract. If you provide your email address on the contact form, we can use it to send you further information about our services by email in the future (newsletter). For this purpose, we store the email address until the newsletter is unsubscribed or we discontinue this service. If necessary, we pass on data you submitted in the contact form to service providers we have contracted. These are an IT service provider (for the operation of the website and related services) and a service provider for arranging appointments. If in the contact form you also wish to receive information regarding application strategy and taking legal action to gain a university place, the data will be sent to the lawyer’s office we work together with, Naumann zu Grünberg, which also uses the data to send information and possibly fulfil the contract.
In the event of a contract being awarded through the order form, which will be sent to you or the interested party following the transmission of the data through the contact form, we may possibly pass on the data to additional service providers (e.g. a translation agency) and also pass it on to the universities selected and the responsible state offices if this is necessary for an application for a university. After gaining a place at a university, we pass the data on to our local service providers so that you can be supported locally. Data are solely passed on to these third parties for the process of fulfilling the contract. There is no legal or contractual duty to transfer the data and there is no obligation otherwise to do so. However, we need to transfer this data to be able to fulfil the contract which means that we cannot offer our services if the data are not provided. In addition to the general reference to the right to revoke consent (see below), we would like to point out here that you are free at all times to revoke your consent to the collection, processing and/or use of the data transmitted to us. Such a revocation is not tied to a particular form and can therefore be transmitted in the way you prefer.
Contact by email
If you contact us by email, the information under section “Contact form” applies accordingly.
Duration of storage and erasure
The data processed on this website will be erased after the achievement of the intended purpose of the processing, but before expiration of a legal retention period. Insofar as the data are required for the conclusion of a contract, for the fulfilment of the contract and/or the termination of the contract, they will be stored for the respective time required and erased after termination of the contractual relationship, unless there are contractual and/or legal obligations to store the data.
The legal basis for the processing of data is Article 6 (1) lit. a) GDPR, if the data are processed after the consent of the data subject. However, data processing is usually required to fulfil the contract (Article 6 (1) (b) GDPR) or to safeguard legitimate interests (Article 6 (1) (f) GDPR). The legitimate interest of the processing here is the provision and maintenance of the online offer to inform the (potential) customers and (potential) business partners as well as other parties interested in the Internet presence. In exceptional cases, the legal basis is another reason listed in Art. 6 para. 1 lit. c) – e) GDPR.
According to the GDPR and the BDSG. data subjects have the following rights:
Right to information: Data subjects shall have the right to demand the controller to confirm as to whether or not their personal data are being processed, including information about the purposes of the processing, categories of personal data concerned, the recipients or categories of recipient to whom the data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored or the criteria for establishing said period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing, the existence of a right to lodge a complaint with the supervisory authority, information on the origin of the data, if the latter was not collected from the data subject, the existence of an automated decision-making, including profiling and, in these cases, the logic involved, as well as the significance and the envisaged consequences, information on the transmission of the data to third countries or to an international organization in these cases. Data subjects also have the right to be provided with a copy of the processed data. Where the right to rectify, erase or restrict processing is exercised, the data subject may request that he/she be notified of the recipients of the data concerning him/her if they have been disclosed.
Right to complain to a supervisory authority: Data subjects shall have the right to complain to a supervisory authority if they are of the opinion that the processing of their data violates the GDPR.
Right to rectification: Data subjects shall have the right to request the correction of incorrect personal data concerning them. A correction can also entail the completion of incomplete data.
Right to erasure (“right to be forgotten”): Data subjects shall have the right request the erasure of personal data without undue delay if the data are no longer necessary for the purpose of collection, if the legal basis of the processing was the consent of the person concerned, this was revoked and no other legal basis for the processing exists, if the data subject filed an objection pursuant to Art. 21 (2) GDPR to the processing, and where there are overriding justified reasons or the data subject filed an objection pursuant to Art. 21 (2) GDPR, if the personal data have been unlawfully processed, if the personal data have to be erased in compliance with a statutory obligation in Union or member state law to which the controller is subject, or if personal data have been collected in relation to the services offered by information society services referred to in Article 8 (1) GDPR.
The duty of erasure for the controller shall not exist if processing is necessary for exercising the right to freedom of expression and information, the compliance with a legal obligation which requires processing under Union or member state law to which the controller is subject or for the performance of a task, carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the field of public health, archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, where the right of cancellation is likely to render the achievement of the objectives of such processing impossible or seriously impairs said objectives of such processing or is necessary for the purposes of establishing, exercising or defending legal claims.
Right to restriction of processing: Data subjects shall have the right to ensure the controller restricts processing if the accuracy of the personal data is disputed by the data subject, for a period of time that allows the controller to verify the accuracy of the personal data that the user has provided; if processing is unlawful and the data subject refuses to erase the personal data and instead requests the restriction of the use of the personal data; if the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to assert, exercise or defend their legal claims, or the data subject has lodged an objection to the processing pursuant to Art. 21 (1) GDPR, as long as it is not clear whether the legitimate grounds of the controller override the grounds of the data subject. In the event of a request for restriction of processing, the personal data may only be processed with the consent of the data subject or for the purposes of asserting, exercising or defending legal claims or for protecting the rights of another natural or legal person or for reasons of significant public interest of the Union or of a member state. Before the restriction is lifted, the data subject will be informed of this intention.
Right to data portability: Data subjects shall have the right to receive personal data concerning them which they have provided to a controller in a structured, commonly used and machine-readable format, and shall have the right to to transmit those data to another controller without hindrance, if the processing is performed on the basis of consent or for the purpose of the fulfilment of the contract and the processing has been carried out with the help of automated means. The data subjects shall have the right to have personal data transmitted directly to another controller where technically feasible.
Right to object: Data subjects shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them, whose processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or whose processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. This also applies to profiling based on these data. Processing shall be prohibited if no compelling legitimate grounds for processing are proven, which override the interests, rights and freedoms of the data subject or if the processing serves to establish, exercise or defend legal claims.
Data subjects have the right to object at any time, if personal data is processed for the purpose of direct marketing. This also applies to profiling (see below for further information), as far as it is associated with such direct marketing. Further processing must then cease.
Notwithstanding Directive 2002/58/EC, the right to object can be exercised by means of automated procedures using technical specifications. The data subject shall have the right to object to processing for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless processing is necessary for the performance of a task carried out for reasons of public interest.
Automated individual decision-making, including profiling: Data subjects shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affect them, unless this is necessary for entering into or fulfilling a contract, is permitted by the legal provisions of the Union or of the member state to which the controller is subject, and these legal provisions contain suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or is based on the data subject’s explicit consent. In the event of being necessary for entering into or the fulfilment of a contract and In the event of the consent of the data subject, the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Right of revoke: Data subjects shall always have the right to revoke their consent to the processing of personal data in any form without giving reasons. A revocation of consent need only be declared to the responsible office or a representative of the responsible office.