Data Privacy in Consultation Services

You are here:

Information on data processing as part of the consultation services offered by the Institute of Biometry and Clinical Epidemiology

If you make use of the biometric consultation service of the Institute for Biometry and Clinical Epidemiology of the Charité - Universitätsmedizin Berlin (iBikE), your personal data will be processed. We hereby inform you about the type, purpose, duration and legal basis of the processing as well as about your rights.

This page informs you about data processing at the Charité - University of Berlin that beyond our consultation services.

Note

In Print View all fields are expanded.

Type, Scope and Purposes of Data Processing

The iBikE offers a free biometric consultation service on medical research projects of all kinds to all researching physicians, doctoral students and scientific staff of the Charité - Universitätsmedizin Berlin (Charité) and the Berlin Institute of Health (BIH) (hereinafter referred to as "clients"). The registration for a consultation is usually done via the online registration form or personally during scheduled office hours ("walk-in service"). For organisational, administrative and documentary reasons, our institute maintains an electronic consultation database.

For the purpose of

  • the organization of appointment scheduling
  • the coordination of consultants as well as the preparation of the content of consulting appointments
  • the quality-assuring assessment and evaluation of counselling processes, counselling contents and counselling results (evaluation)
  • the compilation of anonymous statistics on consulted subjects, time frames and monthly number of consultation appointments for mandatory reporting to the Dean's Office of the Charité on the type and extent of utilisation of the iBikE consultation service (degree of utilisation)
  • ensuring equal and balanced access to consultation (prevention of abuse, e.g. prevention and detection of unjustified multiple consultation)

we collect, document and store the following datacollectedduring registration:

  • personal information on the supervisors/project managers (e.g. doctoral supervisor, institute director, study director): First name, surname, academic title (if applicable)
  • contact details of customers and supervisors/project managers as indicated in the registration form or on the Charité Intranet: official e-mail address (e.g. first_name.Last_name@charite.de), telephone numbers
  • institute affiliation of supervisors/project leaders according to the information from the registration form or the Charité Intranet
  • data on the consulted project
    • subject
    • Project type: Research, Dissertation, Dissertation as monograph, Master Thesis, Other
    • if applicable, name of the study or name and number of the research project
    • if applicable, information on third-party funding: BMBF, DFG, DKG, others
    • if applicable, information on cooperation with: BIH, CRU, KKS, MDC

  • calendar details: date of first registration, date of confirmation
  • if applicable, short description : additional information on the consultation given in the registration form

In addition, we collect, document and store further data for the above-mentioned purposes within the scope of an individual consultation:

  • date and duration of the consultation apointment
  • stage of the advised project (e.g. application, ethics application, implementation, publication)
  • type of consultation (e.g. personal/telephone, walk-in)
  • name of the consultant
  • institutional affiliation of the client present
  • if applicable, information on the content of the consultation (e.g. recommended statistical method)

Name and Details of the Data Controller

The party responsible within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:

CharitéUniversitätsmedizin Berlin
Charitéplatz 1
10117 Berlin
Deutschland

t: +49 30 450 50
Website: www.charite.de

Data Protection Office

If you have any questions regarding the processing of your personal data or your rights regarding data protection, please contact

Datenschutz der CharitéUniversitätsmedizin Berlin
Charitéplatz 1
10117 Berlin
Deutschland

t: +49 30 450 580 016
E-Mail: datenschutz(at)charite.de

Contact Details of the Institute

Institute of Biometry and Clinical Epidemiology
Charitéplatz 1
10117 Berlin
Deutschland

Head: Prof. Dr. Geraldine Rauch

Data Processing: Legal Basis

The consultation service offered by iBikE is provided on behalf of the Board of Directors of the Charité according to its guidelines and directions. (Article 6 Statutes of the Charité).

The legal basis for the above processing of your data is Article 6 Paragraph 1 Sentence 1 and Paragraph 5 of the Berliner Hochschulgesetz (BerlHG), which applies to the Charité, in conjunction with Article 6 Paragraph 1 Sentence 1 Letter e of the General Data Protection Regulation (GDPR)

Under these provisions, the Charité, as a member body of Freie Universitaet Berlin and Humboldt-Universitaet zu Berlin, may collect, store, and use personal data about its members as well as about applicants for degree programs, examination candidates, and third parties insofar as this is necessary to fulfill its tasks under the higher education law (e.g., for doctoral studies or for the organization and evaluation of research and studies).

Recipients of Subject Data

The data collected during the registration process and in the course of the consulting process will only be processed by iBikE employees in their capacity as consultants, system administrators or institute managers. Insofar as the dean's office of the Charité has to be provided with evaluations of the utilization of the consultation services for reporting purposes, these are exclusively anonymous statistics without personal reference. No data will be transmitted to other third parties, third countries or international organisations.

Envisaged Time Limits

The data processed by us will be deleted or restricted in their processing in accordance with the legal requirements and the Charité guideline "Archiving, blocking and deletion of data in Charité systems". The stored data will be deleted in accordance with the legal requirements as soon as they are no longer required for their purpose and there are no legal obligations to retain them. For the fulfilment of our purposes and taking into account the time and personnel framework conditions in the research sector, the data in the consulting database are generally stored for a period of 10 years in accordance with the official guidelines and recommendations for safeguarding good scientific practice (Article 7 Statutes of the Charité for safeguarding good scientific practice).

Data Subjects' Rights

You have contacted our institute in order to make use of the consultation services offered or you are a supervisor or project manager of one of our customers and are therefore affected by data processing in connection with inclusion in our consulting database. In this respect, you as the "data subject" belong to the group of persons protected by the GDPR (Article 4 No. 1 GDPR). You are then entitled to the following rights:

  • You have the right to request confirmation as to whether we process personal data relating to you. If this is the case, you have the right to request information about this data as well as a copy of the data. You may also request that your data be corrected or that the processing be restricted if at least one of the reasons for the restriction provided for by law applies.
  • You have the right to object to the processing of your data for reasons inherent to your personal situation. However, the processing of your data remains permissible despite an objection if this is justified by weighing the conflicting interests.

You can file a complaint with any supervisory authority responsible for data protection. The supervisory authority located at the Charité headquarters is:

Die Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin

Tel.: +49 30 13889-0
Fax: +49 30 2155050
E-Mail: mailbox(at)datenschutz-berlin.de
Webseite: www.datenschutz-berlin.de

Change of Processing Purpose

If the personal data collected from you is to be used by us in the future for purposes other than those mentioned above, we will inform you of this if and to the extent that we are legally obliged to do so.

Definitions of Terms

Some of the terms used in this fact sheet are defined in the EU General Data Protection Regulation (GDPR). These definitions are set out below.

Personal Data

Any information related to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier (e.g. cookies) or to one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person (Article 4(1) GDPR).

Processing

Any operation carried out with or without the aid of automated procedures or any set of operations relating to personal data. The processing concept is very broad because the legal definition of data processing covers almost any handling of personal data (namely collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, limitation, erasure or destruction) (Article 4(2) GDPR).

Controller

Natural or legal person, public authority, agency or other body which alone or jointly with others decides on the purposes and means of the processing of personal data. (Article 4(7) GDPR)

Anonymized data

Information that does not relate to an identified or identifiable natural person, or personal data that has been rendered anonymous in such a way that the data subject cannot or can no longer be identified. The Basic Data Protection Regulation therefore does not concern the processing of such anonymous data, including for statistical or research purposes (see Recital 26, fifth and sixth sentences, GDPR).

Third Party

A natural or legal person, public authority, agency or any other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.