Data Privacy

I. Data privacy policy

Thank you for visiting our website. For your information, our online data privacy policy is explained below.

Protecting your privacy is of the utmost importance to us here at the German National Bone Marrow Donor Registry.

It therefore goes without saying that, for our part, compliance with the statutory data protection regulations is assured. Furthermore, it is vital to us that you always know what data we save and how we use it.

Unless you send us your details by submitting a form, you can use our website purely to find information without sharing any personal data. When our website is used merely to obtain information, we only collect the data transmitted to us by your browser for technical purposes along with the data of an analysis tool – but only if you have not objected to such transmission. The types of data are listed below under “Information on the processing of personal data.”

The data is collected by means of cookies and tracking tools based on the legitimate interest of the controller (Article 6 (1) (f) GDPR). However, before the collection of this data commences, you must be informed about your right to object. According to the German Federal Court of Justice (BGH) ruling of May 5, 2020, we are therefore obliged to ask for your consent when you first visit this website. A lack of consent must be regarded as refusal. The collection of this information does not begin when you open the page, but rather only once you have clicked to confirm your consent.

You have the right to withdraw the given consent at any time. In your browser settings, you can delete your browser data and select the cookies and website data under “Data protection” or “Data security.” If you have deleted all the cookies from your browser, the question regarding consent will automatically appear again when you next open the website, because any given consent will also have been deleted.

Any personal data (name, address, e-mail addresses or other information) you enter into a contact form on our website is always voluntary. This data will not be shared with third parties without your express consent. Refer also to the information concerning the processing of data provided for certain groups of people via the links in Chapter II below.

All your personal data collected through this website is subject to the data protection regulations. To protect your personal data, we strictly adhere to the requirements of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act.

Your personal data will only be used for the purposes described below (under “Purposes and legal basis for processing personal data”). In no case will your data be used or shared with third parties for marketing purposes (commercial advertising). This also applies, of course, to all other data we receive from you regarding a blood stem cell donation or in the case of contacting business partners.

To protect our IT systems against unauthorized access, security measures have been taken in accordance with the current state of the art, reflecting the requirements of the Federal Office for Information Security (BSI).

II. Information on the processing of personal data

as per articles 13 and 14 of the EU General Data Protection Regulation (GDPR) in the case of data that is not or not solely related to using the website.

The following links lead to the information provided for the groups of people specified.

  • Applicants 
  • Points of contact (customers and suppliers) for business partners (service providers, suppliers, customers and partners)

III. Information on the processing of personal data in accordance with articles 13 and 14 GDPR for visitors to the website 

of the German National Bone Marrow Donor Registry (ZKRD)

This section is designed to inform you about the processing of personal data related to the use of our website.

1. Who is responsible for data processing and who can I contact?

ZKRD Zentrales Knochenmarkspender-Register für die Bundesrepublik Deutschland gemeinnützige GmbH, address: Helmholtzstraße 10, 89081 Ulm, Germany.
Contact form: https://zkrd.de/contact/?lang=en
Please note the information below under “Protecting your electronic communication.”

How to contact the Data Protection Officer:

The Data Protection Officer appointed by the controller mentioned above is
Oliver Gebauer, e-mail: datenschutz@zkrd.de

If you have any questions concerning data protection, please contact our Data Protection Officer.

Please state your first and last name and full address when submitting your inquiry.

Replies from the Data Protection Officer will be sent from a different external e-mail address. Please therefore check your inbox regularly after sending your inquiry in case any emails erroneously land in your spam folder.

Inquiries about your data protection rights (see Chapter 6 below)

Inquiries with a view to exercising your right to information on the data collected and your other data protection rights will reach the responsible department directly if sent to the following address. Please note the details required for the purpose of verifying your identity (see below):

ZKRD Zentrales Knochenmarkspender-Register für die Bundesrepublik Deutschland gemeinnützige GmbH
Helmholtzstraße 10
89081 Ulm
Germany

Contact form: https://zkrd.de/contact/?lang=en

Main telephone number: +49 731 1507 – 000

Verification of your identity in all inquiries about your privacy rights

The data protection regulations stipulate that, if information is requested or any other inquiries are made concerning data privacy rights, the identity of the individual making the inquiry must be verified.

At least three unique characteristics must be specified which, in the given combination, would not be readily available to a third party. These characteristics are then compared to check your identity and ensure that they match the data we have on file.

Please therefore provide the following data:

  • Your full name
  • Your postal address
  • Your date of birth as an additional identifier, if possible, though this information is voluntary in unencrypted emails

In accordance with the GDPR, your inquiry concerning your data privacy rights may only be processed once the information we need to clearly identify you has been provided.

Protection of your electronic communication

If contacting us by e-mail, please remember that the security of your messages cannot be guaranteed when sending unencrypted e-mails. Please therefore use the contact form on our website to send confidential messages, since their transmission is secured with encryption.

You can send your inquiry to our Data Protection Officer in an encrypted file attachment in PDF or ZIP format. (Suitable software such as PDF24 or 7-zip. For your security, AES 256 as a default and password at least 14 characters).

2. For what purpose do we process your data (purpose of processing) and on what legal basis?

Contact forms

By completing an electronic contact form, you will be providing us with the personal data collected by this form, which is usually your name, address and e-mail, along with the date and time the request is sent. We only process this data internally for the purpose specified in the contact form.

The data you enter in the contact form and the text of your inquiry will be stored temporarily by the German National Bone Marrow Donor Registry in an electronic system. It will only be processed for the purpose of establishing contact and responding to your inquiry. Personal data, private addresses and e-mail addresses will of course be treated confidentially and will not be shared with third parties. We will not use this information for marketing purposes.

Security of entries in contact forms

If you access pages and files on our website and are asked to enter information about yourself, please be assured that this transmission over the internet is secured by SSL encryption.

Cookies

Cookies are used on some of the pages of our website. If you have agreed to the use of cookies, they will be stored on your device. Cookies do not harm your device, nor do they contain viruses. Cookies help to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your device and saved by your browser. We mostly use “session cookies” that are automatically deleted at the end of your visit.

The legal basis and the right to object were mentioned in Section I above.
You can manually delete cookies from your browser’s security settings at any time. Cookies allow us to recognize your browser the next time you visit our website. You can configure your browser to inform you about the setting of cookies and only allow cookies in individual cases, to block all or only specific cookies, and to automatically delete cookies when closing your browser. If cookies are disabled, the functionality of this website may be restricted.

If you only want to allow as few cookies as possible, but do not wish to restrict the functionality of the website, we recommend that you do not disable cookies in your browser settings and instead select which cookies you prefer not to accept in the cookie banner of our website. The cookies that are technically necessary to ensure that our website works seamlessly will then remain active, thus preserving the functionality of the website.

In your browser settings, you can delete your browser data and select the cookies and website data under “Data protection” or “Data security.”

Analytics

To optimize our service, we use the Matomo (https://matomo.org) web analysis tool, which is a data protection-compliant alternative to many other analysis tools.
Unlike with other providers, no data is transferred to other third parties. This web analysis tool runs on the servers of an external service provider with whom we have a data-processing agreement.

The statistics compiled by Matomo enable us to continuously improve the information we provide. We can therefore determine, for example, whether certain pages of our website generate little interest from visitors. This information is collected everywhere on the world wide web by analyzing the behavior of website users, e.g., the length of time a page remains open before moving on or canceling entries that have been started, etc. In the case of the German National Bone Marrow Donor Registry, this is undertaken without personal identification, because only the statistical behavior of the average user is relevant here.

Social media plugins – general use of plugins

Data is collected by one plugin service to create user profiles, which are then used for the purpose of market research and marketing. We use plugins to optimize our website and services and increase the appeal to users. Article 6 (1) (f) GDPR forms the legal basis for the use of plugins. You have the right to object to the creation of user profiles by the provider of the respective plugin. Until you consent to use, the right to object is deemed to have been exercised.

The default setting of the website thus ensures that no data is collected and transferred to the respective providers via the social media buttons on the website unless you have clicked on one of the buttons yourself. By clicking on the corresponding button and activating such a plugin, you are agreeing to such use and opening the channel to the provider in question. You are therefore activating data transmissions in accordance with the terms and conditions and the data protection regulations of the respective provider.

  • This relates to the YouTube button indicated accordingly.
  • Information about the workings of this button and how you can obtain further details from the respective provider can be found in Section 10 below: “Special regulations for social media.”

Additional optional tools on the website
As with the social media plugins, data is only collected by the tool named below if you make use of it.

OpenStreetMap map application

Our website uses OpenStreetMap from OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge CB4 0WS, United Kingdom. OpenStreetMap is a web service for displaying interactive (country) maps and visualizing geographic information. According to data protection regulations, the location of the registered office of the OpenStreetMap Foundation is deemed a secure third country.

By using this service, you will be shown a map and all relevant map information, and will be directed to the OpenStreetMap website for route planning.
The OpenStreetMap privacy policy can be viewed here: https://osmfoundation.org/wiki/Privacy_Policy

3. Who receives my data? (Categories of recipients of personal data)

Data from contact forms

The data you enter in order to contact us will only be used by us and will not be shared with anyone else without your prior written consent.

Cookies and analysis tool

The data transmitted via cookies and Matomo will only be analyzed statistically by our public relations department and will not be shared with anyone else. We do not use systems with which to recognize your computer or browser. Personalized information will not appear when returning to our website, as is used for marketing purposes by many large online companies.

4. Is data transferred to a third country or to an international organization?

Contact forms, cookies, analysis tool

None of the data you enter in a form, or the data collected through cookies or Matomo, will be transferred to other countries.

5. How long is your data kept?

We use an automated procedure to delete stored data once the legal or contractual retention period has expired or when the data is no longer needed.

Contact form:

Your data will be duly deleted. You have the right to inquire at any time whether and which data concerning you has been stored, and to request immediate erasure. Any correspondence that is still open will immediately cease, however. If contact is of a commercial nature, archiving obligations based on the German Commercial Code may necessitate a retention period of six years.

Cookies and analysis tool:

Unlike session cookies, cookies that are not deleted immediately upon leaving our website and those to which you have consented are stored for a maximum of 13 months.

Unless you have objected, the pseudonymized IP address saved via the Matomo analysis tool is stored for 180 days. No link to a single, specific computer or browser is ever established at any time. Legally, this is based on the following: Art. 6 (1) (f) GDPR – Legitimate interest (interest of the German National Bone Marrow Donor Registry: To enhance the website based on information about how you have used the website; to improve the ease of use of the website).

Social media plugins and OpenStreetMap:

The data transmitted to the service providers abroad when using these applications is not data that we collect, but rather technical data derived from your internet connection and your chosen browser. Hence, the storage period is not subject to our influence but rather to the respective data protection regulations, which you can read by following the links included with the brief descriptions in this text.

6. What rights do I have as a data subject?

  • You have the right to obtain information about the personal data that has been saved concerning you and details of further information on data processing listed in Art. 15 GDPR.
  • You may request a copy of the personal data concerning you that is currently the subject of such processing.
  • You have the right to demand rectification of any inaccurate personal data concerning you and, if necessary, completion of incomplete personal data (Art. 16 GDPR), e.g., if details of your name or address are incorrect. We will amend and complete the stored data as soon as we are informed of any change. If necessary, we will also notify data recipients accordingly. The individuals involved will be informed about corrections, changes and deletions.
  • You have the right to demand the immediate erasure of personal data concerning you, provided that one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued (right to erasure), and there are no legal retention or archiving regulations in place that would prevent erasure. If you have provided us with data for the purpose of contact or registration, you may request immediate erasure, unless action has been taken that gives rise to an archiving obligation. The right to erasure may be subject to restrictions according to sections 34 and 35 of the German Federal Data Protection Act.
  • You have the right to demand the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g., if you have filed an objection to the processing, for the duration of the investigation into whether the objection is acceptable.
  • The right to data portability under the EU General Data Protection Regulation refers to the master data from registering for a service. This implies, in the case of blood stem cell donors, the data under which you have registered with your donor center. We only have access to this data in pseudonymized form. Therefore, you must contact the donor center directly if you would like to switch donor centers.
  • You have the right to object at any time to the processing of personal data concerning you on grounds relating to your particular situation, unless this is prompted by a statutory provision. We will then cease processing the personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as the data subject or for the establishment, exercise or defense of legal claims (Art. 21 GDPR).
  • You have the right to complain to the competent data protection supervisory authority if we have incorrectly processed your personal data. The address of the competent supervisory authority can be found here: Data protection supervisory authorities of the German federal states.

When making your inquiry, please tell us the reason for your request so that we can assign the request accordingly. Please note that the data of blood stem cell donors are only available to us in pseudonymized form. In such cases, please contact the donor center where you are registered.

When sending your inquiry, please note the information above in Part III, Chapter 1: “Who is responsible for data processing and who can I contact”.

It is not possible to provide information on technical data such as cookies and data from the analysis tool, as searching this data to trace a specific person would be inordinately expensive.

Please consider that, due to the data protection requirements, we may only transfer or send your personal data to you directly after verifying your identity.

Restrictions may apply to the right of information according to sections 34 and 35 of the German Federal Data Protection Act.

7. Consent and right of withdrawal

You can withdraw your consent to the future collection, processing and use of your personal data at any time without stating a reason. Please note that the withdrawal will only apply to the future. Any processing that has taken place before the withdrawal remains unaffected.

Your consent forms the legal basis for the following data:

  • Entries in the contact form. By entering information voluntarily and submitting it, you are signaling your consent. Please use the contact form to notify us of any withdrawal.
  • The possibility to withdraw consent to the storage of cookies and data by Matomo was explained above in Chapter 2.

8. Obligation to provide personal data:

There is no obligation to provide personal contact data if using the website purely for informational purposes. However, inquiries can neither be managed nor answered if you do not provide us with your contact information.

If you wish to exercise your data protection rights, it is mandatory to provide certain information. Under data protection regulations, processing is only permitted if you send us the data required for the purpose of identification (refer to Part III, chapters 1 and 6, above).

9. To what extent will my data be used for profiling (scoring)?

No automated decisions take place as per Art. 22 GDPR nor other profiling activities as per Art. 4 (4) GDPR. This applies both to the data collected automatically (cookies and data from the Matomo analysis tool) and to all data entered in forms or sent by e-mail.

10. Special regulations for social media

Social media

We have chosen a data protection-friendly tool called Shariff for integrating social media. This means that the operators of these social networks will only receive data when you click on the buttons. The legal basis for processing the data is your consent pursuant to Art. 6 (1) (a) GDPR, which you grant by clicking the button.

Use of the YouTube plugin

Our website uses plugins from YouTube, which are operated by Google. The website is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages containing a YouTube plugin, a connection will be established with YouTube’s servers. The YouTube server will then be notified about which of our pages you have visited.

If you are logged in to your YouTube account, you will be enabling YouTube to link your browsing activity directly with your personal profile. You can prevent this by logging out of your YouTube account. More information on how user data is handled can be found in the YouTube Privacy Policy at: https://policies.google.com/privacy?hl=en
For more information on the EU-US Privacy Shield framework, visit https://policies.google.com/privacy?hl=en

11. Validity of the privacy policy:

This privacy policy applies to our website:
www.zkrd.de

We assume no responsibility for the content of other websites that you can access via any links provided.

12. Publisher 

The publisher is the controller as stated in Part III, Chapter 1.

Updated: 8/15/2024

Name Service Purpose Hosts Lifetime Provider Type
borlabs-cookie Borlabs Cookie Functional: This cookie stores information regarding consent for service groups and individual services. zkrd.de 60 days Cookie
ENID Youtube Functional: Used to remember your preferences and other information, such as your preferred language, how many results you prefer to have shown on a search results page (for example, 10 or 20), and whether you want to have Google’s SafeSearch filter turned on. google.com 13 months Google Cookie
YSC Youtube Functional: ‘YSC’ cookie ensures that requests within a browsing session are made by the user, and not by other sites. This cookie prevent malicious sites from acting on behalf of a user without that user’s knowledge. youtube.com Browsing Session Google Cookie
CONSENT Youtube Tracking: Stores a user’s state regarding their cookies choices. .youtube.com 2 years Google Cookie
AEC Youtube Functional: ‘AEC’ cookie ensures that requests within a browsing session are made by the user, and not by other sites. This cookie prevent malicious sites from acting on behalf of a user without that user’s knowledge. google.com 6 months Google Cookie
NID Youtube Functional: Used to remember your preferences and other information, such as your preferred language, how many results you prefer to have shown on a search results page (for example, 10 or 20), and whether you want to have Google’s SafeSearch filter turned on. google.com 6 months Google Cookie
_pk_id.*.* Matomo Tracking: Used to store a few details about the user such as the unique visitor ID. zkrd.de 13 months Cookie
_pk_ses.*.* Matomo Tracking: Short lived cookies used to temporarily store data for the visit. zkrd.de 30 minutes Cookie