NOTES ON DATA PROTECTION AT DKMS BMST FOUNDATION INDIA
1.1. These Data Protection Regulations have been drawn up to provide you with an overview of how we record, save, process, pass on or transmit your data when you visit our website or use the services offered on our website.
1.2. When processing your personal data, we adhere the principles of the data protection specifications of the EU General Data Protection Regulation (GDPR) and the Information Technology Act, 2000, the Indian Contract Act, 1872 and as per the applicable laws of India.
1.3. Personal data comprises all data that relates to you personally, including your IP address, name, address, e-mail data and user behavior.
1.4. We reserve the right to modify the content of these Data Protection Regulations. We therefore recommend that you consult the Data Protection Regulations again at regular intervals.
1.5. The controller as per Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is DKMS BMST Foundation India (see imprint ). You can reach our data protection officer at email@example.com or by writing to our postal address with the addendum “the data protection officer”
2. What personal data do we process?
We record data relating to you when you visit our website or use our services offered on the website. Depending on how you use our website, this may comprise the following information:
2.1. Purely informational use: You can visit our website without providing any personal data. When you use the website for purely informational purposes, in other words if you do not use our homepage to donate money, complete a contact form or otherwise transmit any information to us, we do not record any personal data, with the exception of the data that your browser automatically transmits to our server in order to allow you to visit our website. If you wish to view our website, we record the following data, which is technically necessary in order for us to display our website to you as well as to ensure stability and security:
• IP address
• Time and date of the inquiry
• Time zone difference compared to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• HTTP status code
• Website from which the request comes
• Operating system and its user interface
• Language and version of the browser software
This information relates to the computer system used. We use this data (with the exception of your computer’s IP number) solely for statistical purposes, to measure demand for our web content and services. We simply record this data cumulatively for all users of the website, meaning that it is not possible to assign the data to a specific person. This data is not merged with data from other data sources.
2.2. In addition to providing a website for purely informational purposes, we provide you with various services (donating money, ordering a registration set, contact form), which you can use if interested. To do this, you usually need to specify further personal data, which we require in order to provide the respective service.
2.2.1. Contact via e-mail or contact form: If you contact us by e-mail or one of the contact forms provided when visiting our website, we will additionally process and save the data that you have provided (your e-mail address and, possibly, your name and phone number) in order to answer your questions. The data of users may be saved in a customer relationship management system (CRM system) or some comparable system.
2.2.2 . Donating money via our website: If you would like to use the option provided on our website to donate money, we will additionally process the data you share in this process that is required to perform the requested transaction. Here, the processing of your personal data depends on the selected payment method:
• Payment by credit card: When you select payment by credit card, we process your name, address and e-mail address to perform the required payment transaction and to send you confirmation of donation, if required.
• Payment by bank transfer: If you decide to pay via bank transfer, we do not process any personal data other than that which is processed when you visit our website purely for information purposes.
2.2.3. Ordering a registration set: When you visit our website, if you decide to order a set to register as a stem cell donor, we process your name, address e-mail address and information on your lineage as well as your phone number if you have given us this.
2.2.4. Links to websites of third-party providers
At various places on our website there are links to the websites of third-party providers. After clicking on the link provided, you are forwarded to the website of the third-party provider concerned. In the process of forwarding, user information is transmitted to the third-party provider. If you send information to or via these sites of third-party providers, we recommend that you read the data protection regulations for these sites before providing them with any further information that can be assigned to you personally. For information with regard to how your data is handled while using the websites of third-party providers, please refer to the respective data protection regulations of the third-party providers. We are not responsible for their operation, including how they handle data.
3. For what purpose do we process your personal data?
3.1. We only process your personal data to the extent that is necessary in order to provide a working website and to provide our content and services. Personal data is only processed on a regular basis where this is permitted by statutory provisions or where the person concerned has given consent.
3.2. If you use our website for purely informational purposes , we record only the data that is technically necessary in order for us to display our website to you as well as ensure stability and security
3.3. When you contact us by e-mail or via a contact form, your personal data will only be used for the purpose of answering your request.
3.4. If you use our website to donate money , your data shall be processed only to the extent that this is necessary to fulfill the donation contract.
3.5. If you use our website to request delivery of a registration set , we shall use the data you provide in this process to send you the registration set via post and to accelerate the important registration process. The information on your lineage shall be used solely in order to subsequently pre-complete the declaration of consent to be delivered via post with the specified data and thereby to accelerate the processed relating to the registration procedure. Here, we process your e-mail address solely for the purpose of any existing queries and information relating to the registration set order. The legal basis for processing your personal data is the consent you give here
4. How do we process your personal data?
When you use our website, your data is transmitted to us in encrypted form in order to prevent access by unauthorized third parties. We save your data on specially protected servers. Access to personal data is only possible for a few DKMS-BMST employees with special authorization, all of whom are familiar with the relevant Data Protection Regulations and compelled to comply with them.
5. Is personal data passed on to third parties?
Only our employees gain knowledge of your personal data. In addition, where this is prescribed or permitted by law, we share your personal data with recipients who provide services for us. The reason for this is that, in order to be able to perform our duties, we need to work together with service providers, who may also have to process personal data for this purpose. We restrict the forwarding of your personal data to what is really necessary. The service providers have been carefully selected and commissioned by us, are bound by our instructions and are monitored on a regular basis. They are bound by a contract with DKMS-BMST to ensure that any personal data that they receive in this context is used only for the allowed purpose. We assure you that we do not sell or rent your data to any other companies or organizations. We will under no circumstances use your e-mail address or other data without your agreement for any other purposes for which you have not given your consent.
The providers commissioned by us include, in particular:
• Service providers, financial institutions, payment providers.
6. How long do we save your personal data?
6.1. We will only save any personal data that you have transmitted or provided until the purpose for doing so has been fulfilled, until you revoke your consent, until you object to the data being processed or until you request the deletion of your data.
6.2. If you use the website for purely informational purposes, we will save your data on our servers only for the duration of your visit to our website. Once you leave our website, your data will be immediately deleted.
6.3. If you contact us by e-mail or one of the contact forms provided when using our website, we will delete any data recorded in this context once it is no longer necessary to save the data or will restrict processing if any statutory storage obligations exist. We check necessity on a regular basis.
6.4. If you have used our website to donate money and we processed data to issue you with confirmation of the donation we will save your data until you revoke your consent to the data being processed or until you request the deletion of your data in accordance with the procedure described under item 8. In this case, your data will be blocked and then deleted once any statutory archiving periods have expired.
6.5. If you have used our website to order a registration set, we will save the personal data you share with us in this process until the related procedure has been completed through return of the registration set. If the set is unexpectedly not returned within a certain period of time, we will make two attempts to contact you and request return by e-mail. If this elicits no response, your data will be blocked, i.e. you will no longer receive any messages from us. The data can then only be viewed to a limited extent by a few of employees to prevent renewed orders of registration sets for the same person in cases where a registration set has not been returned. Once this purpose is also no longer valid, your data will be deleted.
6.6. If you have returned the registration set and the signed declaration of consent contained within it to us, your personal data shall be processed further on the basis of this declaration of consent.
7. Why am I receiving information or newsletters from DKMS-BMST?
7.1. You receive medical information, messages regarding process changes, or general information regarding your specific process if you have donated money, ordered a registration set or registered as a stem cell donor with us. This information relates exclusively to processes and does not involve advertising mails.
7.2. We would like to inform you about why it is important for us to remain in contact with you, particularly if you are a registered stem cell donor. Transfer of the information specified under item 7.1. is essential for an efficient procedure for a potential stem cell donation. The purpose of this is primarily to remain in contact with our donors and thus to remind you about your registration as a potential stem cell donor, which may have been several years ago. Maintaining a minimum level of contact increases the possibility of giving someone a second chance at life. This is the only way for us to guarantee that our potential stem cell donors are available and can be reached and, in the event of a “match” with an ill patient, to ensure that our donors can actually be reached using the contact data we have stored. In the event of a stem cell donation, it is essential that the potential donor is available, as time is of the essence for the affected patient.
7.3. Provided you have given your consent, in addition to the information specified under item 7.1, you will also receive newsletters (advertising e-mails) that contain only general information regarding our activities.
7.4. If you no longer wish to receive the newsletter in the future, you can cancel this service at any time without providing a reason for this. To do so, click on the unsubscribe link in one of our newsletters or please send us an e-mail with the subject “NONEWS” to firstname.lastname@example.org or tell us this using the contact data in the imprint .
8. What rights do I have?
8.1. You have the following rights with regard to your personal data that we process:
• Right to information
• Right to correction or deletion
• Right to restriction of processing
• Right to object to processing
• Right to data portability
8.2. If you have given your consent for us to process your personal data, you can revoke this at any time. Once you have pronounced such a revocation to us, this affects the permissibility of processing your personal data. It is possible here to restrict the revocation of consent to process your personal data to specific purposes such as a newsletter (restriction of processing).
8.3. If you wish to exercise your rights described above, please submit your request to: DKMS BMST Foundation India, 723, CMH road, Indiranagar 1st stage, Bangalore- 560038 or by email to email@example.com
8.4. You also have the right to lodge a complaint with a data protection supervisory authority about the way in which we process your personal data.
9.3. You can configure your browser setting in accordance with your wishes and, for example, reject the acceptance of third-party cookies or even all cookies. Moreover, by selecting appropriate settings in your Internet browser, you can prevent or restrict the installation of cookies. At the same time, cookies that have already been saved can be deleted at any time. However, the steps and measures that are necessary to do so depend on the specific Internet browser that you use. If you have any questions, therefore, please refer to the help function or documentation for your Internet browser or contact the corresponding manufacturer or support. Likewise, you can opt out of using cookies from certain providers, for example via http://www.youronlinechoices.com/uk/your-ad-choices or http://www.networkadvertising.org/choices/ . Please note that you may not be able to use all the functions of this website if you do this.
9.4. This website uses the following types of cookies, the scope and function of which are explained below:
9.4.1. Transient cookies: Transient cookies are deleted automatically when you close the browser. These include session cookies, in particular. These save a so-called session ID that can be used to assign various requests from your browsers to the shared session. This enables your computer to be recognized if you return to our website. The session cookies are deleted when you log out or close the browser.
9.4.2. Persistent cookies: Persistent cookies are automatically deleted after a specified duration, which may differ depending on the cookie. You can delete cookies at any time in your browser’s security settings.
9.5. We also use HTML5 storage objects, which are stored on your device. These objects save the required data regardless of the browser you use and do not have an automatic expiry date. You can prevent the use of HTML5 storage devices by setting your browser to private mode. We also recommend regularly deleting your cookies and browser history manually.
10. How are Google online marketing services used?
10.1 On this website, we use Google Analytics, a web analysis service provided by Google Inc. (“Google”). This website uses Google Analytics with the extension “anonymizeIp()”. With this, IP addresses are processed in an abbreviated form, meaning assignment to a particular person can be excluded. Thus, if the collected data can be traced to your person, this is immediately excluded and the personal data is promptly deleted. On behalf of the operator of this website, Google will use this information to evaluate your use of this website for the purpose of compiling reports on user activities on the DKMS-BMST website and in order to provide further services for DKMS-BMST connected with use of the website and the Internet. We analyze this data solely for all website users as a whole and do not have the possibility to assign this data to a specific person. This data is not merged with data from other data sources. Using the statistics gained, we can improve the content and services we offer and make them more interesting for you as user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
10.1.1. You can prevent Google from recording and processing the data that is generated by the cookie and that relates to your use of the website (including your IP address) by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. User conditions: https://policies.google.com/terms?hl=en, data protection overview: https://marketingplatform.google.com/about/, and the privacy statement: https://policies.google.com/privacy?hl=en
10.2. On our website, we use the advertising components of Google AdWords as well as what is known as conversion tracking. We use conversion tracking for targeted advertising of our service. If you click on an advert placed by Google, our conversion tracking saves a cookie on your device. These cookies lose their validity after 30 days and are also not used for personal identification. If the cookie is still valid and you visit a certain page on our website, both we and Google can see that you clicked on one of our adverts on Google and that you were then forwarded to our website. Using the information gathered in this way, Google creates statistics for us regarding your visit to our website. This also provides us with information on the number of users who have clicked on our adverts as well as the pages on our website that they visited following this. Neither we nor third parties who also use Google AdWords are able to identify you in this way. Google provides additional information on this topic and in particular on the option to prevent use of the data under http://www.google.com/policies/technologies/ads/; https://policies.google.com/privacy?hl=en
10.3. We use Google Remarketing technology on our website. We use this function to place interest-related, personalized adverts on third-party websites that are also part of the Google advertising network. Our legitimate interest is in analyzing, optimizing and economically operating our website. To enable this advertising service, during your visit to our website, Google uses your Internet browser to save a cookie with a sequence of numbers on your device. This cookie records both your visit and the use of our website in anonymized form. No personal data is passed on in this process. If you then visit the website of a third party who also uses the Google advertising network, advertisements may be shown that relate to our website or the offers provided there. Google provides https://www.google.com/settings/ads/plugin a browser plugin to permanently deactivate this function on the most common Internet browsers. With cross-device tracking, Google may be able to trace your usage behavior across several devices, meaning you may still be shown interest-related, personalized adverts even after switching to another device. However, this requires you to have consented for your browser histories to be linked to your existing Google account. Google provides further information on Google Remarketing at http://www.google.com/privacy/ads/.
10.4. This website also uses the online marketing tool Google Marketing Platform. Hereby cookies are used to activate relevant adverts for users, to improve the reports for campaign performance or to prevent users from seeing the same adverts several times. Google uses a cookie ID to record which adverts are activated in which browser, and can thus prevent them from being shown several times. In addition, the marketing tool can use cookie IDs to record conversions, which are linked to ad requests. This is the case, for instance, if a user sees a Marketing Platform advert and later uses the same browser to access the advertiser’s website and make a purchase there. According to Google, these cookies do not contain any personal information. Based on the marketing tools used, your browser automatically establishes a direct connection to the Google server. Through the integration of the Marketing Platform, Google receives the information that you have clicked on the relevant part of our website or on one of our adverts. If you are registered with a Google service, Google can assign your visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may find out your IP address and save it. You can prevent participation in this tracking procedure by deactivating the cookies for conversion tracking by setting your browser to block cookies from the domain http://www.youronlinechoices.com/de/praferenzmanagement/, although this setting is deleted when you delete your cookies. You can find further information on Google Marketing Platform at https://marketingplatform.google.com/about/. Google’s data protection regulations can be found at https://policies.google.com/privacy.
11. Which other online marketing services do we use?
11.1 On our website, we use the web analysis service Google Optimize. This tool allows us to track the effect of various changes to a website (e.g. changes to input fields, the design, etc.) in the scope of “A/B testing”, “click tracking” and “heat maps”. A/B tests are used to improve the user-friendliness and performance of online offerings. Users are, for instance, shown different versions of a website or its elements, such as input forms, whereby the placement of content or labeling of navigation elements may differ. Based on the user behavior, such as staying on the website for longer or more frequent interaction with the elements, it is then possible to determine which of these websites or elements meets the user requirements better. “Click tracking” allows an overview of users’ movements within a complete online offering. As the results of these tests are more accurate if the interaction with users can be tracked over a certain period of time (e.g. the possibility to determine whether a user willing returns), cookies are usually saved on the users’ computers for these test purposes.
12. What social media plug-ins do we use?
12.1. Our website uses social media plug-ins from various social networks. If you open a page of our website that contains such a plug-in, your browser will establish a direct connection to the servers of the social networks. The social networks will transmit the content of the plug-in directly to your browser, which will incorporate it into the website.
12.2. As a result of the integration of the plug-ins, the social networks are informed that you have accessed the corresponding page on our website. If you are logged into one or more social networks, the networks concerned can assign the visit to your account. If you interact with the plug-in, for example by selecting the “Like” button or sending a Tweet, your browser will send the corresponding information directly to Facebook or Twitter, where it will be stored.
12.3. We do not bear any responsibility for services of third parties such as Twitter or Facebook that are linked to our website. Such third-party providers are not able to assign the IP addresses to any other personal data that is collected via the DKMS-BMST website. Further information regarding data collection by third-party providers can be found on the respective websites of these providers.
12.4. We currently use the following social media plug-ins: Facebook, Twitter, Instagram. We provide you with the option of communicating with the provider of the plug-in directly by clicking the button. The plug-in provider is informed that you have accessed the corresponding page of our website only if you activate the selected field by clicking it. The data specified in item 2.1. of this privacy statement is also transmitted. In the case of Facebook, according to the statement of the respective provider in Germany, the IP address is anonymized as soon as it has been recorded. When the plug-in is activated, therefore, personal data relating to you is transmitted to the respective plug-in provider and stored there (in the USA in the case of US providers). As the plug-in provider collects data in particular by means of cookies, we recommend that you use the security settings in your browser to delete all cookies before clicking on the grayed-out box.
12.4.1. We have no influence over the data collected or the data processing operations, and we are not aware of the complete scope of data collection, the purposes of processing or the retention periods. Neither do we have any information regarding the deletion of the collected data by the plug-in provider.
12.4.2. The plug-in provider stores the data collected regarding you in the form of usage profiles, which it uses for the purposes of advertising, market research and to tailor its website to meet user needs. Such evaluation takes place in particular (also for users who are not logged in) in order to display tailored advertising and inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact the plug-in provider concerned. Our aim in providing the plug-ins is to enable you to interact with the social networks and other users so that we can improve the content and services we offer and make them more interesting for you as user. The legal basis for using the plug-ins is Art. 6 para. 1 (f) of the GDPR.
12.4.3. The data is forwarded regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected on our website will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider will also store this information in your user account and share it openly with your contacts. We recommend that you regularly log out after using a social network, especially before activating the button. In this way, you can prevent any assignment to your profile with the plug-in provider.
12.4.4. Further information regarding the purpose and scope of data collection and processing by the plug-in provider can be found in the privacy statements of these providers as specified below. You will also find further information there regarding your rights in this respect and the possible settings that can be used to protect your privacy.
12.4.5. Addresses of the respective plug-in providers and URLs containing their privacy notices:
• Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
• Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://policies.google.com/technologies/partner-sites?hl=en. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
• Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
• Instagram: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, https://help.instagram.com/519522125107875?helpref=page_content.
13. How are YouTube videos integrated?
13.1. We have incorporated YouTube videos into our website that are stored at http://www.YouTube.com and can be played directly from our website.
13.2. When you visit the website, YouTube is informed that you have accessed the corresponding subpage of our website. The data specified in item 2.1. of this privacy statement is also transmitted. This takes place regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged into a Google account, your data will be directly assigned to your account. If you do not want the data to be assigned to your profile with YouTube, you must log out before activating the button. YouTube stores your data in the form of usage profiles, which it uses for the purposes of advertising, market research and to tailor its website to meet user needs. Such evaluation takes place in particular (also for users who are not logged in) in order to provide tailored advertising and inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact YouTube.
13.3. Further information regarding the purpose and scope of data collection and processing by YouTube can be found in the privacy statement. You will also find further information there regarding your rights and the possible settings that can be used to protect your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.