{"id":3,"date":"2023-03-13T13:12:56","date_gmt":"2023-03-13T12:12:56","guid":{"rendered":"http:\/\/hyg.de\/?page_id=3"},"modified":"2026-06-29T14:08:59","modified_gmt":"2026-06-29T12:08:59","slug":"datenschutzerklaerung","status":"publish","type":"page","link":"https:\/\/hyg.de\/en\/datenschutzerklaerung\/","title":{"rendered":"Privacy Policy"},"content":{"rendered":"<p class=\"translation-block\">These Privacy Notices inform you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as \"data\") in connection with the use of our online services, including the associated websites and social media profiles (hereinafter collectively referred to as the \"Online Services\").<br>\nWith regard to the terminology used, such as \"processing\" or \"controller\", we refer to the definitions set out in Article 4 of the General Data Protection Regulation (GDPR).<br>\nOur privacy notice for applicants can be found <a href=\"\/en\/bewerberdatenschutz\/\" target=\"_self\">here<\/a>, and our privacy notice for customers and business partners can be found <a href=\"\/en\/kundendatenschutz\/\" target=\"_self\">here<\/a>.<\/p>\n<p class=\"translation-block\"><strong>Controller<\/strong><br>\nHygiene Institute of the Ruhr Area<br>\nInstitute for Environmental Hygiene and Toxicology<br>\nRotthauser Str. 21<br>\n45879 Gelsenkirchen<br>\nPhone: +49 209 9242-0<br>\nFax: +49 209 9242-105<br>\nEmail: info(at)hyg.de<\/p>\n<p><strong>Supporting Organization of the Institute<\/strong><br \/>\nVerein des Hygiene-Instituts des Ruhrgebiets e.V., Gelsenkirchen<\/p>\n<p class=\"translation-block\"><strong>Our Data Protection Officer<\/strong><br>\nWe have appointed a Data Protection Officer. You can contact them using the following details:<br>\nAssociation for the Control of Common Diseases in the Ruhr Coal District (registered association)<br>\n\u2013 Data Protection Officer \u2013<br>\nRotthauser Str. 19<br>\n45879 Gelsenkirchen<br>\ndatenschutzbeauftragter@hyg.de<\/p>\n<p class=\"translation-block\"><strong>Categories of Data Processed<\/strong><br>\nIn connection with your use of our Online Services, we process the following categories of data:<\/p>\n<ul>\n<li>Inventory data (e.g. names, addresses).<\/li>\n<li>Contact data (e.g. email addresses, telephone numbers).<\/li>\n<li>Content data (e.g. text entries, photographs, videos).<\/li>\n<li>Usage data (e.g. pages visited, interest in content, access times).<\/li>\n<li>Metadata \/ communication data (e.g. device information, IP addresses).<\/li>\n<li>Job applications<\/li>\n<\/ul>\n<p class=\"translation-block\"><strong>Categories of Data Subjects<\/strong><br>\nVisitors to and users of the Online Services (hereinafter collectively referred to as \"users\").<\/p>\n<p><strong><strong>Purpose of Processing<\/strong><\/strong><\/p>\n<ul>\n<li>Provision and optimization of the Online Services, including their functions and content.<\/li>\n<li>Responding to contact inquiries and communicating with users.<\/li>\n<li>Security measures.<\/li>\n<li>Conducting recruitment procedures.<\/li>\n<\/ul>\n<p class=\"translation-block\"><strong>Legal Basis for Processing<\/strong><br>\nUnless these Privacy Notices expressly refer to a specific legal basis, we process your data on the following legal grounds:<br>\nIf you have given your consent to the processing of your data, the legal basis is Article 6(1)(a) and Article 7 of the General Data Protection Regulation (GDPR). Where we process your data for the performance of our services, the implementation of contractual measures, or the handling of inquiries, the legal basis is Article 6(1)(b) GDPR. Where we process your data to comply with our legal obligations, the legal basis is Article 6(1)(c) GDPR. Where processing is necessary to protect the vital interests of the data subject or another natural person, the legal basis is Article 6(1)(d) GDPR. We process data on the basis of Article 6(1)(f) GDPR where this is necessary to safeguard the legitimate interests of the controller or a third party. The processing of applicant data is carried out on the basis of Section 26 of the German Federal Data Protection Act (BDSG).<\/p>\n<p class=\"translation-block\"><strong>Legal Basis for Processing<\/strong><br>\nUnless these Privacy Notices expressly refer to a specific legal basis, we process your personal data on the following legal grounds:<br>\nIf you have given your consent to the processing of your personal data, the legal basis is Article 6(1)(a) and Article 7 of the General Data Protection Regulation (GDPR). Where we process your personal data for the performance of our services, the implementation of contractual measures, or the handling of inquiries, the legal basis is Article 6(1)(b) GDPR. Where we process your personal data to comply with our legal obligations, the legal basis is Article 6(1)(c) GDPR. Where processing is necessary to protect the vital interests of the data subject or another natural person, the legal basis is Article 6(1)(d) GDPR. We process personal data on the basis of Article 6(1)(f) GDPR where this is necessary to safeguard the legitimate interests of the controller or a third party. The processing of applicants' personal data is carried out on the basis of Section 26 of the German Federal Data Protection Act (BDSG).<\/p>\n<p class=\"translation-block\"><strong>Cooperation with Processors and Third Parties<\/strong><br>\nWhere, in the course of our processing activities, we disclose personal data to other persons or companies (processors or third parties), transfer such data to them, or otherwise grant them access to the data, this is done only where permitted by law (e.g. where the transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Article 6(1)(b) GDPR), where you have given your consent, where we are subject to a legal obligation, or where processing is based on our legitimate interests (e.g. when using contractors, web hosting providers, Fathom Analytics, etc.).<br>\nWhere we engage third parties to process personal data on the basis of a so-called \"Data Processing Agreement\", this is carried out in accordance with Article 28 GDPR.<\/p>\n<p class=\"translation-block\"><strong>Transfers to Third Countries<\/strong><br>\nWhere we process personal data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or where this occurs in the course of using third-party services or through the disclosure or transfer of personal data to third parties, this is done only where necessary for the performance of our (pre-)contractual obligations, on the basis of your consent, to comply with a legal obligation, or on the basis of our legitimate interests. Subject to statutory or contractual authorizations, we process or arrange for the processing of personal data in a third country only where the specific requirements of Articles 44 et seq. GDPR are met. This means, for example, that processing is carried out on the basis of appropriate safeguards, such as an officially recognized adequacy decision by the European Commission (e.g. for the United States under the EU\u2013U.S. Data Privacy Framework) or compliance with officially recognized contractual safeguards (so-called \"Standard Contractual Clauses\").<\/p>\n<p class=\"translation-block\"><strong>Rights of Data Subjects<\/strong><br>\nYou have the right to obtain confirmation as to whether personal data concerning you is being processed and, where that is the case, to request access to such data, together with further information and a copy of the data, in accordance with Article 15 GDPR.<br>\nIn accordance with Article 16 GDPR, you have the right to request the completion of incomplete personal data concerning you or the rectification of inaccurate personal data concerning you.<br>\nPursuant to Article 17 GDPR, you have the right to request the immediate erasure of personal data concerning you. Alternatively, you may request the restriction of processing of your personal data in accordance with Article 18 GDPR.<br>\nYou have the right to receive the personal data concerning you that you have provided to us in accordance with Article 20 GDPR and to request that such data be transmitted to another controller.<br>\nFurthermore, pursuant to Article 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.<br>\nWe would appreciate it if you would first contact our Data Protection Team at <a href=\"mailto:datenschutz@hyg.de\">datenschutz@hyg.de<\/a> regarding your concerns.<\/p>\n<p class=\"translation-block\"><strong>Right to Withdraw Consent<\/strong><br>\nYou have the right to withdraw any consent you have given at any time with future effect in accordance with Article 7(3) GDPR.<\/p>\n<p class=\"translation-block\"><strong>Right to Object<\/strong><br>\nYou have the right to object at any time to the future processing of your personal data in accordance with Article 21 GDPR. In particular, you may object to the processing of your personal data for direct marketing purposes.<\/p>\n<p><strong>Cookies und Tracking<\/strong><br \/>\nDiese Webseite verwendet keine Cookies, in denen personenbezogene Daten gespeichert werden. Zum Zwecke der bedarfsgerechten Gestaltung und statistischen Auswertung unserer Website nutzen wir eine datenschutzfreundliche Reichweitenmessung (siehe Abschnitt \u201eWebanalyse\u201c), die ohne den Einsatz von Cookies auskommt.<\/p>\n<p class=\"translation-block\"><strong>Deletion of Data<\/strong><br>\nThe personal data we process will be deleted or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated otherwise in these Privacy Notices, the personal data stored by us will be deleted as soon as it is no longer required for the purpose for which it was collected and provided that no statutory retention obligations prevent its deletion. Where personal data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for any other purpose. This applies, for example, to data that must be retained for commercial or tax law reasons.<br>\nUnder German law, retention periods are, in particular, 10 years pursuant to Sections 147(1) of the German Fiscal Code (AO) and 257(1) nos. 1 and 4, (4) of the German Commercial Code (HGB) (e.g. books, records, management reports, accounting documents, commercial books, tax-relevant documents), and 6 years pursuant to Section 257(1) nos. 2 and 3, (4) HGB (commercial correspondence).<br>\nUnder Austrian law, retention periods are, in particular, 7 years pursuant to Section 132(1) of the Austrian Federal Fiscal Code (BAO) (e.g. accounting records, receipts\/invoices, accounts, vouchers, business documents, statements of income and expenditure), 22 years for documents relating to real estate, and 10 years for records relating to electronically supplied services, telecommunications, broadcasting and television services provided to non-taxable persons in EU Member States for which the Mini One Stop Shop (MOSS) scheme is used.<\/p>\n<p class=\"translation-block\"><strong>Business-Related Processing<\/strong><br>\nInformation regarding our Privacy Notice for prospective clients and customers can be found (here).<\/p>\n<p class=\"translation-block\"><strong>Contacting Us<\/strong><br>\nWhen you contact us (e.g. via contact form, email, telephone, or social media), the information you provide will be processed for the purpose of handling and responding to your inquiry in accordance with Article 6(1)(b) GDPR. Your information may be stored in a Customer Relationship Management (CRM) system or a comparable inquiry management system.<br>\nWe delete inquiries once they are no longer required. We review the necessity of retaining such data every two years. Statutory retention obligations remain unaffected.<\/p>\n<p class=\"translation-block\"><strong>Hosting<\/strong><br>\nThe hosting services we use serve to provide the following: infrastructure and platform services, computing capacity, storage space and database services, security services, as well as technical maintenance services required for the operation of our Online Services.<br>\nIn this context, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, metadata, and communication data of customers, prospective clients, and visitors to our Online Services on the basis of our legitimate interests in providing these Online Services efficiently and securely in accordance with Article 6(1)(f) GDPR. Where we engage service providers for these purposes, this is done on the basis of a Data Processing Agreement pursuant to Article 28 GDPR.<\/p>\n<p class=\"translation-block\"><strong>Collection of Access Data and Server Log Files<\/strong><br>\nWe, or our hosting provider, collect data about every access to the server on which this service is hosted (so-called server log files) on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR. The access data includes the name of the website accessed, the requested file, the date and time of access, the amount of data transferred, confirmation of successful retrieval, browser type and version, the user's operating system, the referrer URL (the previously visited page), the IP address, and the requesting internet service provider.<br>\nServer log file information is stored for security purposes (e.g. to investigate misuse or fraudulent activities) for a maximum period of seven days and is then deleted. Data that must be retained for evidential purposes is excluded from deletion until the respective incident has been fully resolved.<\/p>\n<p class=\"translation-block\"><strong>Web Analytics<\/strong><br>\nWe use a web analytics tool to count and clearly display visits to our websites. No cookies are used for this purpose. Fathom is a service provided by Conva Ventures Inc. (BOX 37058 Millstream PO, Victoria, British Columbia, V9B 0E8, Canada). As a private company, the provider of Fathom is covered by the European Commission's adequacy decision for Canada, ensuring an adequate level of data protection.<br>\nIn addition, data processing takes place exclusively in Europe and within EU data centres through Fathom's so-called \"EU Isolation\" feature. Further details are available from Fathom at: https:\/\/usefathom.com\/compliance.<br>\nFathom processes personal data (IP address and user agent) and stores a hash value (pseudonymized data) for 48 hours. Among other purposes, the hash value is used to recognize returning visitors. Neither we nor Fathom are able to directly identify individuals from this data. We have concluded a Data Processing Agreement with Fathom's provider, Conva Ventures Inc., which complies with the requirements of Article 28 GDPR.<\/p>\n<p class=\"translation-block\"><strong>Social Media (LinkedIn)<\/strong><br>\nWe maintain an online presence on LinkedIn and, in this context, process users' personal data in order to communicate with users who are active on the platform and to provide information about our organization.<br>\nIn this context, users' personal data may also be processed outside the EU\/EEA. This may result in risks for users, for example because the enforcement of their rights may become more difficult.<br>\nFurthermore, personal data processed within social networks is generally used for market research and advertising purposes. For example, user profiles may be created based on users' browsing behavior and the interests inferred from it. These user profiles may in turn be used to display advertisements within and outside the social networks that are presumed to match users' interests. For these purposes, cookies are generally stored on users' devices to record their usage behavior and interests. In addition, user profiles may contain data that is independent of the devices used by users (particularly where users are members of the respective platforms and are logged into them).<br>\nFor a detailed description of the respective processing activities and the available options to object (opt-out), please refer to the privacy notices and information provided by the respective platform operator.<\/p>\n<p class=\"translation-block\">We also note that requests for access to personal data and the exercise of data subject rights can most effectively be directed to the respective provider. Only the provider has access to users' personal data and can therefore take appropriate measures and provide the requested information directly. Should you nevertheless require assistance, you are welcome to contact us.<br>\n<strong>Categories of personal data processed:<\/strong> Contact data (e.g. email address, telephone numbers); content data (e.g. information entered into online forms); usage data (e.g. websites visited, interest in content, access times); metadata\/communication data (e.g. device information, IP addresses).<br>\n<strong>Categories of data subjects:<\/strong> Users (e.g. website visitors and users of online services).<br>\n<strong>Purposes of processing:<\/strong> Contact inquiries and communication; feedback (e.g. collection of feedback via online forms); marketing.<br>\n<strong>Legal basis:<\/strong> Legitimate interests (Article 6(1), first subparagraph, point (f) GDPR).<br>\n<strong>Service provider:<\/strong> LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https:\/\/www.linkedin.com; Privacy Policy: https:\/\/www.linkedin.com\/legal\/privacy-policy; Standard Contractual Clauses (ensuring an adequate level of data protection for transfers to third countries): https:\/\/legal.linkedin.com\/dpa; Opt-out: https:\/\/www.linkedin.com\/psettings\/guest-controls\/retargeting-opt-out; Data Processing Agreement: https:\/\/legal.linkedin.com\/dpa.<\/p>\n<p class=\"translation-block\"><strong>Automated Decision-Making, Including Profiling, Pursuant to Article 22 GDPR<\/strong><br>\nWe do not process your personal data for the purposes of automated decision-making, including profiling, within the meaning of Article 22(1) and (4) GDPR. Should such processing be introduced in the future, we will provide meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.<\/p>\n<p class=\"translation-block\"><strong>Are You Required to Provide Your Personal Data?<\/strong><br>\nThere is no legal obligation for you to provide us with your personal data.<br>\nHowever, if you choose not to provide, or technically prevent us from processing, personal data that is necessary for the use of our website, you may only be able to use certain features of our website to a limited extent.<br>\nProviding your personal data when contacting us via our contact form or one of our designated contact persons is entirely voluntary. However, without the necessary information, in particular a means of contacting you, we will not be able to process your enquiry.<\/p>\n<p>Stand: 29.06.2026<\/p>","protected":false},"excerpt":{"rendered":"<p>Diese Datenschutzhinweise kl\u00e4ren Sie \u00fcber die Art, den Umfang und Zweck der Verarbeitung von personenbezogenen Daten (nachfolgend kurz \u201eDaten\u201c) im Zusammenhang mit der Nutzung unseres Onlineangebotes und der mit ihm verbundenen Webseiten und Social Media Profilen (nachfolgend gemeinsam bezeichnet als \u201eOnlineangebot\u201c) auf. Im Hinblick auf die verwendeten Begrifflichkeiten, wie z.B. \u201eVerarbeitung\u201c oder \u201eVerantwortlicher\u201c verweisen wir &#8230; <a title=\"Privacy Policy\" class=\"read-more\" href=\"https:\/\/hyg.de\/en\/datenschutzerklaerung\/\" aria-label=\"Read more about Datenschutzerkl\u00e4rung\">Read more<\/a><\/p>","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":"","_members_access_role":[],"_members_access_error":""},"class_list":["post-3","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/hyg.de\/en\/wp-json\/wp\/v2\/pages\/3","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hyg.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/hyg.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/hyg.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hyg.de\/en\/wp-json\/wp\/v2\/comments?post=3"}],"version-history":[{"count":5,"href":"https:\/\/hyg.de\/en\/wp-json\/wp\/v2\/pages\/3\/revisions"}],"predecessor-version":[{"id":10118,"href":"https:\/\/hyg.de\/en\/wp-json\/wp\/v2\/pages\/3\/revisions\/10118"}],"wp:attachment":[{"href":"https:\/\/hyg.de\/en\/wp-json\/wp\/v2\/media?parent=3"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}