1.1. These Data Protection Regulations have been drawn up to provide you with an overview of how we record, save, process, pass on or transmit your data when you visit our Donor Navigator web application or use the services offered on our website.

1.2. When processing your personal data, we strictly adhere to the data protection specifications of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

1.3. Personal data comprises all data that relates to you personally, including your IP address, name, address, e-mail data and user behavior.

1.4. We reserve the right to modify the content of these Data Protection Regulations. We therefore recommend that you consult the Data Protection Regulations again at regular intervals.

1.5. The controller as per Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is DKMS Registry gGmbH (see imprint) . You can reach our data protection officer at dataprotection@dkmsregistry.org or by writing to our postal address with the addendum “der Datenschutzbeauftragte” (the data protection officer).

2.1. Purely informational use: If you wish to view our website purely for informational use we process the following data, which is technically necessary in order for us to display our website to you as well as to ensure stability and security:

• IP address
• Time and date of the inquiry
• Time zone difference compared to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• HTTP status code
• Website from which the request comes
• Browser
• Operating system and its user interface
• Language and version of the browser software

This information relates to the computer system used. We use this data (with the exception of your computer’s IP number) solely for statistical purposes, to measure demand for our web content and services. We simply record this data cumulatively for all users of the website, meaning that it is not possible to assign the data to a specific person. This data is not merged with data from other data sources.

The IP address is the globally valid, unique identifier of a computer or provider. As a private user, you will generally not use a consistent IP address since these are assigned on a temporary basis by your provider for one session. However, in principle it is possible to uniquely allocate user data via this attribute using static IP addresses. Our webservers save IP addresses for a maximum of 24 hours. Afterwards the access data is anonymized.

2.2 Donor Navigator Usage: If you register for the usage of the Donor Navigator web application, we will process your personal data you provided with the registration form and will create a user profile for you. The user profile contains user name, password, RSA token numbers, data of authorizations, acceptance of the general terms and conditions and personal settings in the software. In addition, we process the personal data of your patients that you enter when using the system to find a suitable match.

In order to access Donor Navigator web sites the temporary registration of your IP address is required.

When you are using Donor Navigator, selected actions of you are logged, e.g. creation of a new patient case, changing of patient data, requesting of donors, etc.

2.3. Contact via e-mail or contact form: If you contact us by e-mail or one of the contact forms provided when visiting our website, we will additionally process and save the data that you have provided (your e-mail address and, possibly, your name and phone number) in order to answer your questions. The data of users may be saved in a customer relationship management system (CRM system) or some comparable system.

3.1. We only process your personal data to the extent that is necessary in order to provide a working website and to provide our content and services. Personal data is only processed on a regular basis where this is permitted by statutory provisions or where the person concerned has given consent.

3.2. If you use our website for purely informational purposes, we record only the data that is technically necessary in order for us to display our website to you as well as ensure stability and security. The legal basis for processing is Art. 6 para. 1 (f) GDPR.

3.3. If you use the Donor Navigator application the purpose of processing your data is to match stem cell donors with patients. We use the information you enter in the system to find potential matching donors for your patient, initiate donor request, and exchange case related information. The legal basis for processing is Art. 6 para 1 (b) GDPR.

3.4. When you contact us by e-mail or via a contact form, your personal data will only be used for the purpose of answering your request. The legal basis for processing is Art. 6 para. 1 (f) GDPR.

You may only use this web site to log into the application you have registered for to find unrelated donors for your patients or to contact us. Whenever you transmit data to us, we use encrypted transmission and always save your data on specially protected servers. Access to personal data is restricted to only a few specially authorized employees of DKMS Registry, all of whom are familiar with the relevant date protection regulations and compelled to comply with them.

Only our employees gain knowledge of your personal data. In addition, where this is prescribed or permitted by law, we share your personal data with recipients who provide services for us. The reason for this is that, in order to fulfill our tasks, we need to work together with service providers, who may also have to process personal data for this purpose. We restrict the forwarding of your personal data to what is really necessary. The service providers have been carefully selected and commissioned by us, are bound by our instructions and are monitored on a regular basis. They are bound by a contract with DKMS Registry to ensure that any personal data that they receive in this context is used only for the allowed purpose. We assure you that we do not sell or rent your data to any other companies or organizations. We will under no circumstances use your e-mail address or other data without your agreement for any other purposes for which you have not given your consent.

6.1. We will only save any personal data that you have transmitted or provided until the purpose for doing so has been fulfilled, until you revoke your consent, until you object to the data being processed or until you request the deletion of your data.

6.2. If you use the website for purely informational purposes, we will save your data on our servers only for the duration of your visit to our website. Once you leave our website, your data will be immediately deleted.

6.3. If you contact us by e-mail or one of the contact forms provided when using our website, we will delete any data recorded in this context once it is no longer necessary to save the data or will restrict processing if any statutory storage obligations exist. We check necessity on a regular basis.

7.1 As a registered user you will receive patient case-related information, process-related updates.

7.2. Provided you have given your consent, in addition to the information specified under item 7.1, you will also receive newsletters that contain only general information about DKMS Registry gGmbH and its activities.

7.3. If you no longer wish to receive the newsletter in the future, you can cancel this service at any time without providing a reason for this. To do so, please send us an e-mail with the subject “NONEWS” to services@dkmsregistry.org or tell us this using the contact data in the imprint.

8.1. You have the following rights with regard to your personal data that we process:

• Right to information
• Right to correction or deletion
• Right to restriction of processing
• Right to object to processing
• Right to data portability

8.2. If you have given your consent for us to process your personal data, you can revoke this at any time. Once you have pronounced such a revocation to us, this affects the permissibility of processing your personal data. It is possible here to restrict the revocation of consent to process your personal data to specific purposes such as a newsletter (restriction of processing).

8.3. If you wish to exercise your rights described above, please submit your request to: DKMS Registry gGmbH, Kressbach 1, 72072 Tübingen or by e-mail to: dataprotection@dkmsregistry.org

8.4. You also have the right to lodge a complaint with a data protection supervisory authority about the way in which we process your personal data.

9.1. In addition to the data specified above, we use cookies to make our website available to you. Cookies are small text files that are saved on your hard disk, assigned to the browser that you use, and which supply certain information (see below for details) to the party that set the cookie (in this case to us). Cookies cannot execute any programs or transfer viruses to your computer. They have the purpose of making the website as a whole more user-friendly and more effective.

9.2. We use cookies in order to make our website available to you with their technical information (necessary cookies). In addition, we use cookies for the purpose of web analysis. The legal basis for processing here is Art. 6 para. 1 lit. (f) of the GDPR.

9.3. You can configure your browser setting in accordance with your wishes and, for example, reject the acceptance of third-party cookies or even all cookies. Moreover, by selecting appropriate settings in your Internet browser, you can prevent or restrict the installation of cookies. At the same time, cookies that have already been saved can be deleted at any time. However, the steps and measures that are necessary to do so depend on the specific Internet browser that you use. If you have any questions, therefore, please refer to the help function or documentation for your Internet browser or contact the corresponding manufacturer or support. Likewise, you can opt out of using cookies from certain providers, for example via http://www.youronlinechoices.com/uk/your-ad-choices or http://www.networkadvertising.org/choices/. Please note that you may not be able to use all the functions of this website if you do this.

9.4. This website uses the following types of cookies, the scope and function of which are explained below:

9.4.1. Transient cookies: Transient cookies are deleted automatically when you close the browser. These include session cookies, in particular. These save a so-called session ID that can be used to assign various requests from your browsers to the shared session. This enables your computer to be recognized if you return to our website. The session cookies are deleted when you log out or close the browser.

9.4.2. Persistent cookies: Persistent cookies are automatically deleted after a specified duration, which may differ depending on the cookie. You can delete cookies at any time in your browser’s security settings.

9.5. We also use HTML5 storage objects, which are stored on your device. These objects save the required data regardless of the browser you use and do not have an automatic expiry date. You can prevent the use of HTML5 storage devices by setting your browser to private mode. We also recommend regularly deleting your cookies and browser history manually.

Do you have any questions regarding our Data Protection Regulations? Please contact our data protection officer at dataprotection@dkmsregistry.org

Information regarding your right of objection as per Art. 21 of the GDPR

You have the right to file an objection at any time against the processing of your data that takes place based on Art. 6 para. 1 (f) of the GDPR (data processing on the basis of the balancing of interests) or Art. 6 para. 1 (e) of the GDPR (data processing in the public interest) if there are grounds to do so as a result of your situation. This also applies to any profiling based on these regulations within the meaning of Art. 4 No. 4 of the GDPR.

If you file an objection, we will no longer process your personal data unless we are able to provide evidence of compelling and legitimate grounds for the processing that outweigh your interests, rights and liberties or the processing serves to assert, exercise or defend legal claims.

We will also process your personal data in individual cases in order to provide direct advertising. If you do not wish to receive any advertising, you have the right to file an objection against this at any time. This also applies to any profiling that is connected to such direct advertising. We will heed this objection in the future.

We will no longer process your data for the purposes of direct advertising if you object to processing for this purpose.

The objection can be made in any form and should preferably be directed to:

DKMS Registry gGmbH
Kressbach 1
72072 Tübingen
GERMANY

e-mail: dataprotection@dkmsregistry.org