Data Privacy for LimeSurvey Tool
Note: This text has been translated by machine. Please refer to the legally valid version in German.
Content
- Definitions
- Name and address of the responsible person
- Name and address of the data protection officer
- Survey portal
- Provision of the website and creation of log files
- Cookie usage
- Your rights
I. Definitions
The privacy policy of the Max Delbrück Center for Molecular Medicine is based on the terms used by the European legislator in the adoption of the Basic Regulation on Data Protection (DSGVO). Our data protection declaration should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
In this privacy policy we use the following terms, among others:
- personal data
- Personal data is all information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). Identifiable is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
- person affected
- person affected
- Data subject is any identified or identifiable natural person whose personal data are processed by the controller.
- Processing
- Processing means any operation or series of operations carried out with or without the aid of automated procedures relating to personal data, such as the collection, collection, organization, filing, storage, adaptation or modification, retrieval, querying, use, disclosure by transmission, dissemination or any other form of provision, reconciliation or linking, restriction, deletion or destruction.
- Restricting processing
- Restricting processing
- Restriction on processing is the marking of stored personal data with the aim of restricting their future processing.
- Pseudonymization
- Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.
- person in charge or person responsible for processing
- The controller or controller shall be the natural or legal person, authority, body, office or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his appointment may be laid down in accordance with Union law or the law of the Member States.
- Order processor
- Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.
- receiver
- The recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.
- Thirds
- Third party is a natural or legal person, authority, institution or other body other than the data subject, the data processor, the data processor and the persons authorised to process the personal data under the direct responsibility of the data processor or the data processor.
- agreement
- Acceptance is any informed and unequivocal statement of intent, in the form of a statement or other clear affirmative act, voluntarily given by the data subject for the particular case, that the data subject indicates his or her consent to the processing of personal data concerning him or her.
II. Name and address of the responsible person
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Max Delbrück Center for Molecular Medicine
Robert-Rössle-Str. 10
13125 Berlin (main address)
13092 Berlin (postal address)
Website:www.mdc-berlin.de
III. Name and address of the data protection officer
The data protection officer of the responsible party is:
Victoria Johnson
E-mail: Datenschutz@mdc-berlin.de
Website: www.mdc-berlin.de
In addition to MDC's general privacy policy, the following applies:
IV. Survey portal
1. introduction
This privacy policy describes the processing of personal data when using the survey system
LimeSurvey of the Max Delbrück Center (MDC). LimeSurvey is a free survey software.
LimeSurvey is operated in a data-saving manner. There is no activity tracking of the users of the service nor is there any analysis of the data, for example for profiling purposes.
With this privacy statement, the Max Delbrück Center fulfills its duty to inform
in accordance with Article 13 of the EU General Data Protection Regulation (DSGVO).
2. scope of data processing
The privacy policy relates to the use of LimeSurvey at the domain
https://survey.mdc-berlin.de/ .
Other web offers, which you can reach via links or clickable graphics, are outside of our
outside our area of responsibility. Their respective data protection declarations apply.
3. purpose of the processing
LimeSurvey allows you to create, publish and conduct web-based surveys. The
survey results are recorded in a database and can be evaluated or exported by the
The survey results are recorded in a database and can be evaluated or exported by the survey creators with internal functions.
To create surveys, a login to the system with a provisioned MDC login is required.
Participation in surveys is generally possible without registration. Whether personal data is collected in a survey is up to the survey creators responsible for the survey.
responsible for the survey (survey author). The survey creators must inform
on the start page of the survey and, if necessary, provide a declaration of consent.
obtain a declaration of consent if necessary.
4. legal basis of processing
Use Backend (Survey Administration): MDC employees have access to the system as part of their employment contract. The use of LimeSurvey within the scope of the employment relationship is justified by § 26 BDSG.
Use Frontend (Survey): Participation in surveys is based on informed consent according to Art 6 (1) lit a DSGVO.
In the case of anonymous surveys, it should not be possible to establish a reference to a person and therefore the
rights of the data subjects are not enforceable; the connection data (IP address, etc.) are collected
collected on the basis of a legitimate interest in accordance with Art. 6 (1) lit f DSGVO (ensuring the operation and
and troubleshooting) and automatically deleted after expiry of the retention period.
Informed consent within the framework of a privacy policy is thus required and this information should be suitably reflected therein.
5 Information about the personal data processed
LimeSurvey provides various functions/roles for survey creation and implementation.
5.1 Survey Participants (Respondents)
If personal data is collected from survey participants in a survey form, the survey creator informs on the start page of his survey according to Article 13 of the
EU Data Protection Regulation (EU-DSGVO) about the data processing associated with the survey (e.g. data, purpose, legal basis, duration of storage, transfer to third parties, if applicable).
In this context, the following data may be collected in addition to the survey form:
- Browser cookies (e.g. to exclude repeated participation).
- date stamp
- possibly time recordings for the processing of a survey page
In addition to the survey form, log data is also processed by the LimeSurvey survey system.
5.2 Survey Authorizations and Survey Managers
Survey authorities can create, view, download and delete surveys.
Survey managers have admin rights within LimeSurvey. This means that they can change basic settings in the system and create groups of authorized users.
Authentication to the survey system LimeSurvey is done with a provisioned account of the Max Delbrück Center and the corresponding password. The password entered is not stored, but is checked against the directory service operated by MDC IT each time the user logs on to the system.
Each time a user logs in, the user account data user ID, last name, first name and e-mail address are taken from the MDC directory service.
Based on the user ID, a user account is created in the system to which the listed data is assigned.
The data is used for authentication, administration and assignment of surveys and survey results. Under certain circumstances, system messages are sent to the transmitted e-mail address. Further use of the data does not take place.
The deletion of the account data takes place via the survey administration.
6. duration of processing
We generally store your data as long as it is required for the survey. Your survey data will be deleted no later than 6 months after the survey expires, unless storage is required for legal reasons.
If you accept our offer of employment as an employee or guest, we will store your data for the duration of the employment relationship with you. In this case, you will receive further information about the processing of your data in the employment relationship with the Max Delbrück Center for Molecular Medicine as soon as you begin the employment relationship with us.
7. categories of recipients of your personal data.
If you participate in a survey or plan to participate in a survey, your data will not be disclosed to third parties. Only the employees of our company who need to see your data in the context of the survey have access to your personal data. If your data is required for the work of lawyers working for us, we will pass your data on to them to the extent necessary.
V. Provision of the website and creation of log files
1. description and scope of data processing
Each time the survey website is called up, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected in this process:
1. information about the browser type and version used.
2. the operating system of the user
3. the Internet service provider of the user
4. the IP address of the user
5. date and time of access
6. websites from which the user's system accesses our website
7. websites that are accessed by the user's system via our website
This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. legal basis for the data processing
The legal basis for the temporary storage of the data and the log files is Art.6 para.1 lit.f DSGVO.
3. purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art.6 para.1 lit.f DSGVO.
4. duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, when the respective session has ended.
The controller processes and stores personal data of the data subject only for the period of time necessary to achieve the purpose of storage or insofar as this has been provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
5. objection and removal option
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
VI. Cookie usage
1. description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
2. legal basis for the data processing
The legal basis for the processing of personal data using cookies is Art.6 para.1 lit.f DSGVO.
3. purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of the website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
The user data collected through technically necessary cookies are not used to create user profiles.
In these purposes also lies our legitimate interest in the processing of personal data according to Art.6 Abs.1 lit.f DSGVO.
4. duration of storage, possibility of objection and removal.
Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for the website, it may no longer be possible to fully use all functions of the website.
VII. Your rights
You have the following rights with regard to data processing at the Max Delbrück Center for Molecular Medicine:
Right to information about which data we process about you (Art. 15 DSGVO)
You are entitled to information about which data about you is processed by us as well as other information according to Art. 15 DSGVO, which is related to the data processing. Upon request, we will be happy to provide you with the relevant data and information and provide you with a copy of this data.
Right to rectification of your data (Art. 16 DSGVO)
You have the right to have your data corrected if your data is inaccurate or incomplete taking into account the purposes of the processing.
Right to erasure (Art. 17 DSGVO)
You have a right to erasure if data is no longer needed, the processing is not lawful or other cases of Art. 17 DSGVO exist. In these cases, we will delete your data immediately.
Right to restrict the processing of your data (Art. 18 DSGVO)
You have a right to restriction of your data in the cases mentioned in Art. 18 DSGVO. This includes, among other things, the case that we process data in places or to an extent by which the data processing is no longer legally justified.
In addition, the case may be relevant that data is subject to a retention obligation and we are therefore not allowed to delete it without further ado. In this case, we restrict processing to the greatest possible extent. Restriction usually means that the data is stored, but access by employees is no longer possible.
Right to data portability (Art. 20 DSGVO)
The right to so-called data portability allows you to receive data about yourself that you have provided to us yourself from us in the format provided for by Art. 20 DSGVO and to have it transferred by us. However, data that we obtain through the processing itself (so-called processing results) is excluded from the handover.
Right to object to processing based on Art. 6 (1) p. 1 lit. e, f DSGVO (Art. 21 DSGVO).
We will stop processing based on Art. 6 (1) p. 1 lit. e, f DSGVO (performance of a task within the scope of public authority/interest or processing for the protection of legitimate interests) of your data if you object to this and the objection is justified.
The right not to be subject to a decision based solely on automated processing (Art. 22 GDPR);
If automated decision-making is involved, we will inform you in particular about the scope and the intended effects of the processing of your data. You have the right not to be subjected to such a decision which produces legal effects vis-à-vis you or similarly significantly affects you, unless one of the reasons stated in Art. 22 (2) DSGVO applies.
You also have the right to lodge a complaint with the competent supervisory authority Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstraße 219, 10696 Berlin.
Validity of this Privacy Policy
This Privacy Policy is valid in the most recent version published by the Max Delbrück Center for Molecular Medicine.
Please inform yourself about the current status at regular intervals on the associated
website.
The Max Delbrück Center for Molecular Medicine reserves the right to modify this privacy statement,
to adapt it to changes in relevant laws or regulations or to better meet your needs.
to better meet your needs.