We greatly appreciate your interest in our company. Data protection has a particularly high priority for the Charité – Universitätsmedizin Berlin.

The following data privacy statement is an overview of what happens to your personal data when you visit and use this website. Personal data are any data, which can be used to identify someone personally. In the following, we explain the manner, purposes and legal basis of processing your data and your rights to that regard.

We treat your personal data as confidential and in accordance with the statutory data protection regulations.

Responsible for the data processing on this website and in our company:

Charité – Universitätsmedizin Berlin
Körperschaft des öffentlichen Rechts
Charitéplatz 1, 10117 Berlin 
Phone: +49 30 450 50
Internet: https://www.charite.de/ 

The responsible party is the natural or legal person who determines, alone or jointly with others, the purposes and means of the processing of personal data.

Data protection officer required by law:

If you have any questions about the processing of your personal data or your rights in terms of data protection, please contact:

Data protection officers of the Charité – Universitätsmedizin Berlin 
Data protection officers
Campus Charité Mitte
Charitéplatz 1 
10117 Berlin 
datenschutzbeauftragte@charite.de 
Phone: +49 30 450 580 015

As the entity responsible for processing, the Charité – Universitätsmedizin Berlin has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed via this website. An important protection mechanism is SSL or TLS encryption. This ensures that data transmitted to us are protected against the access of third parties. This is indicated by the closed lock symbol in the status bar of your browser with the address line beginning with “https”.

We would like to point out the general safety risks of Internet-based data transmissions, which make it impossible to guarantee absolute protection against access by third parties.

The website of the Charité – Universitätsmedizin Berlin collects a series of general data and information every time a data subject calls up the website.  This general data and information are stored in the server's log files: 

• Browser type and version

• Operating system used

• Referrer URL

• Host name of the accessing computer

• Time of the server request

• IP address

 
Purpose of processing and legal basis
These data are collected on the basis of Section 6(1) lit. f GDPR. The website operator has a legitimate interest in technically error-free presentation and optimization of its website – for this purpose the server log files must be recorded.
 
When using these general data and information, the Charité – Universitätsmedizin Berlin does not draw any conclusions about the data subject.
 
Duration of storage
The data are deleted as soon as they is no longer required to achieve the purpose for which they were collected. If the data are collected for the provision of the website, this is the case when the respective session has ended.
 
If data are stored in log files, this is the case after one month at the latest. Storage beyond this is possible in anonymized form. In this case, the IP addresses will be deleted or masked making the assignment of the calling client impossible.
 
If personal data are required for the prosecution of a criminal offense, they will be deleted after expiration of the proceedings in compliance with the statutory retention periods.
 
If you assert a legitimate request for erasure or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted after expiry of the procedure in compliance with the statutory retention periods. 
 
Necessity of provision
The provision of the data is neither legally nor contractually required. However, the collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website.
 
Failure to provide personal data may result in disadvantages for you. For example, this could result in you not being able to receive or use our services (e.g. access to the website may not be possible). However, unless otherwise stated, you will not suffer any legal disadvantages from not providing it.

Cookies
The websites of the Charité – Universitätsmedizin Berlin use so-called “cookies”. Cookies are text files that are placed and stored on a computer system via Internet browser for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are deleted automatically after the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are deleted by your web browser.

Cookies have various functions – many cookies are technically necessary, without which a certain website function would not work. 

Cookies are used to optimize the information and offers on our website for the users.

However, they can also be used to analyze website usage. This then determines, for example, how many users visit the website and where the website can possibly be improved. However, this analysis does not establish a link between you and the statistics generated on the basis of the collected data. We will inform you of any cookies we use for website analysis.
The cookies that are absolutely necessary to provide the website are used on the basis of legitimate interest pursuant to Section 6(1) lit. f) GDPR.

You can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies or only allow it in individual cases. Furthermore, cookies that have already been set can be deleted at any time via Internet browser or other software. This is possible with all common Internet browsers. If cookie setting is deactivated in your Internet browser, not all our website functions may be fully usable.

The following table lists the cookies we use on our website:
 

Inquiry by e-mail, telephone
If you contact us by e-mail or phone, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request.

Purpose of processing and legal basis
These data are processed on the basis of Section 6(1) lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of the requests addressed to us (Section 6(1) f GDPR) or on your consent (Section 6(1) a GDPR), if this has been requested.

Duration of storage
If we no longer need your data to process your request, your personal data will be deleted. This is usually the case after our conversation with you has ended unless we are obliged to keep them longer to comply with our legal obligations.

On this website, we use Matomo to analyze the surfing behavior of visitors to this website. If individual pages of this website are visited, the following data in particular are stored:

• Your IP address;

• Key user data (e.g. country of origin, device type, operating system, browser used, screen resolution);

• Number of page views;

• Unique visits (recurring visitors over the course of a certain period of time);

• Time spent on the website;

• Bounce rate (visitors to a website who generate only a single page view);

• Access times;

• Most frequently visited pages;

• Homepages and jump pages;

• Outgoing references;

• Referrer (direct access, search engines, website); and

• Search terms used.

Matomo is open-source software that is operated exclusively on the servers of the data controller. The Charité – Universitätsmedizin does not use cookies in this process but analyzes your visitor behavior based on server log files and a calculated visitor ID (i.e. the device fingerprint), which is determined by the above-mentioned information. Matomo hereby compares your technical fingerprint with the previously stored fingerprints of all visitors. However, the comparison is made only for fingerprints from the past 30 minutes. In addition, fingerprint calculation changes every 24 hours. There is no transmission of these data to third parties.

Your IP address is anonymized after it has been collected. This way, the IP address can no longer be associated with you. Other personal data are aggregated for further processing by compiling them into reports.

With Matomo, we record returning visitors in the following statistics as if they were new visitors in each case:

• Visits by number of visits (engagement statistics);

• Visits by days since last visit (engagement statistics);

• Visits up to conversion (goals statistics);

• Days up to conversion (goals statistics).

The legal basis for the use of Matomo is Section 6(1) lit. f) GDPR – processing based on our legitimate interest to make our website more user-friendly and to improve it by monitoring the number of visitors to our website. Your interests are sufficiently taken into account particularly by anonymizing your IP address and not using cookies.

Your data are deleted as soon as we no longer need them to design and improve our website. This is usually the case immediately after your IP address has been anonymized. The other data are compiled after two weeks at the latest, thus losing its personal reference, or are deleted after 30 days.

The provision of personal data is neither legally nor contractually required. However, the provision of these data is necessary to visit our website. If you do not agree with the storage and analysis of these data from your visit, then you can object to the storage and use with a mouse click at any time or activate the “Do not track” request in your browser. Use of the “Do not track” preset is automatically detected by our system. You do not have to actively object.

If you actively object, a so-called opt-out cookie will be placed in your browser with the result that Matomo will not collect any session data. Please note that complete deletion of cookies means that the opt-out cookie will also be deleted and you may have to reactivate it. Insofar as data collection is made impossible by your cookie settings, you may not be able to fully use all functions of the Charité website. You will not suffer any legal disadvantages from not providing it.

When you activate the opt-out by checking the box, Matomo will set a cookie (_pk_ignore). Alternatively, you can use the Do-not-track function of your browser.

This website uses plugins of the video portal Vimeo.
The provider is Vimeo Inc, 555 West 18 th Street, New York, New York 10011, USA.

In order to play the videos, your advance explicit consent is required, since the Vimeo servers are called up for technical reasons when the videos are loaded. This tells the Vimeo server, which of our pages you have visited. In addition, Vimeo obtains your IP address. However, we have set Vimeo so that it cannot track your user activity and no cookies are set.

We use Vimeo to provide you with further information about the Charité and to visualize it in an appealing way for the purpose of Section 6(1) lit. f GDPR. If a corresponding consent has been requested, your data will be processed exclusively on the basis of Section 6(1) lit. a DSGOV. Consent can be revoked at any time.

According to Vimeo, data transfer to the USA is based on the standard contractual clauses of the EU Commission as well as on “legitimate business interest”. For details and further information on the processing of your data, please refer to Vimeo's data privacy statement at: https://vimeo.com/privacy.

Applications and application procedures for health professions:
Please refer to the detailed information regarding your application in the data privacy statement below: Data privacy statement/directive for the application management system of the Charité – Universitätsmedizin Berlin according to Sections 13, 14 GDPR

Applications and application procedures for all other areas: 
The data controller collects and processes the personal data of applicants (e.g. contact details, CV, qualifications, letter of motivation) for the purpose of handling the application procedure. Please request the detailed information for your application by e-mail or in writing by mail here: https://www.charite.de/service/datenschutz/bewerbungsverfahren/.

We have deliberately decided against the “share” function of various social networks as a plug-in to protect your data. Therefore, the “Share” functions included on this page are implemented as a link only. 

The link to the social network pages is active only in a new window. Simply calling up this page therefore does not transmit any data to providers of social media services. Profiling by third parties is thus excluded. However, we do not want to deny those visitors who would like to “share” the content of our career website with their social network. Only if you deliberately click the respective “Share” button will data be transmitted to the provider of the social network you have selected.

Purpose of processing and legal basis
The legal basis for data processing when using the “share” function is Section 6(1) f) GDPR. The legitimate interest of the Charité – Universitätsmedizin results from the interest in being able to offer this function as a voluntary option to the user of our career website.

Recipients / categories of recipients: The “sharing” of the content of our career website then has the consequence that certain data can be transferred to the provider of the social media service, for example:

• The address of the website

• The date and time when the website was called up or the share button was pressed

• Information about the browser and operating system used

• Your current IP address

• The content you shared

The shared content can then be viewed by other users of the same social network depending on your own account's privacy settings. If you are already logged in to the associated social media service when you click the share button, its provider is also able to determine your user name and, if applicable, your real name from the above-mentioned data. These data may also be processed by the provider in countries outside the European Union. We do not have any influence on the scope, nature and purpose of the data processing by the provider. Please note that social media service providers are quite capable of creating pseudonymized and even individualized usage profiles with the above data.

Duration of storage
Storage duration / criteria for determining the storage period: The duration of the display of the content you share depends on the privacy settings of your account with the respective social network, as well as their privacy policy. The Charité – Universitätsmedizin has no influence on this.
 

Social media links on the Charité website
During your visit to our website, no personal data will initially be passed on to the operators of the social media platforms. On our website you will only find passive links to Facebook, Instagram and Twitter. They are neither disabled social media buttons nor active plug-ins. Therefore, personal data are transmitted to the operators of the social media platforms only when you actively click on the links and are thus redirected to the social media website itself.

The legal basis for the processing of data via access by link on our website based on your consent is Section 6(1) lit. a GDPR, which you have given by activating the link (1. click). We would like to point out that data processing by Facebook, Twitter and Instagram may involve processing of user data outside the European Union. This could result in risks for users, because it could, for example, make it more difficult to enforce user rights. For details, please refer to the data privacy statements of Facebook, Twitter and Instagram. With regard to U.S. providers that are certified under the Privacy Shield, we point out that this obligates them to comply with EU data protection standards.

Charité social media websites
You can also find us on Facebook, Twitter and Instagram with our own presence. For this purpose, we use plug-ins that contain offers from third parties not affiliated with us. With the social media sites of the Charité – Universitätsmedizin, we are expanding our multimedia information offer and have the opportunity to exchange information with you on topics that are important to you. Beyond the respective providers of the social networks, we also collect and process personal user data on fan pages. This data privacy statement provides information on the data we collect from you in our social media presences and how we use them.

In connection with the social media channels we operate, we are responsible, together with the social media providers, for the collection of your data, their processing on our respective social media channel and their disclosure by transmission, cf. Section 26 EU-GDPR. The legal basis for the processing are our legitimate interests pursuant to Section 6 (1) lit. f GDPR to provide you with health information, to do public relations work and to directly communicate with visitors. For any further processing in connection with the offer in conjunction with the social media channels, the social media providers are solely responsible for the purpose of the EU-GDPR.

In the case of the website provided by us via the social media provider, the social media provider grants us access to the following data categories:

The social media provider grants us access to statistical analyses that provide information about the use of our social media website. The analytics available to us do not allow analysis of the usage patterns of individual persons. We can only view aggregate data (including number of hits, likes, followers, region of origin, age group, gender) that provide insight into our audience and usage of our social media site. The data of the respective user that the analyses are based on are not transmitted to us.
We can set the target group to be reached for the social media website or for individual published posts. The setting is done on the basis of general parameters (e.g. age group, language, region, interests), through which our content can be targeted to specific groups. We cannot address or identify individual persons based on the data provided by our social media provider.

Insofar as you contact us directly via the social media provider or interact with us in any other way and thereby deliberately transmit personal data (e.g. direct networking with our social media website), we store and process these personal data for the purposes for which they were transmitted.
We process these data solely for the purpose of publicizing content on our social media website in a manner appropriate to the target group and to better understand and optimize the use of our social media website.
We save user names and comments that are blocked or deleted due to violation of netiquette. These are kept on file only as possible proof in the event of legal disputes within the statute of limitations.

Please refer to the offer listed below for each social media platform for additional data processing purposes and data categories.

Facebook
Our website contains a link to the social network Facebook of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA, operated within the EU by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (collectively “Facebook”). A click on the link will redirect you to the Facebook website. In the process, Facebook obtains knowledge of the IP address assigned to you as well as the information that the user of this IP address has accessed the corresponding page you visited. If you are logged in to Facebook, Facebook can associate the visit with your Facebook account. Interaction with the plugins, for example clicking the “Like” button or posting a comment, transmits the corresponding information from your browser directly to Facebook and stores it there.

On Facebook, we present our company on the channel Charité – Universitätsmedizin Berlin. You can find us at @ChariteUniversitaetsmedizinBerlin. In this context, the Charité – Universitätsmedizin has accepted the page insights supplement regarding the data controller of Facebook.

If you visit our fan page, Facebook collects, stores and processes your personal data in accordance with the Facebook data privacy directive. The data privacy directive can be found here: www.facebook.com/policy.php/

We process data to the above-mentioned and limited extent only (see Item 12.1.2).

Not only Facebook Ireland Limited, but also Facebook Inc. in the U.S. processes your personal data. The U.S. is a third country that is not covered by an adequacy decision of the European Commission and therefore does not provide an adequate level of protection for personal data. By using standard contractual clauses, Facebook Inc. guarantees that EU data protection requirements are also complied with when processing data in the USA. You can view the standard contractual clauses here: https://www.facebook.com/policy.php/

Twitter
After clicking on the Twitter link, you will be redirected to our Twitter channel, a service of Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The link can be identified by the corresponding Twitter logo. The Twitter channel @ChariteBerlin is used for press and public relations work on all topics of the Charité – Universitätsmedizin Berlin.

If you visit our channel, Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, as the operator of Twitter, will store and process personal data to the extent described in the data privacy directive. The person responsible for processing the data of persons living outside the U.S. is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. The data privacy directive can be found here: twitter.com/de/privacy

We have no influence on the type and scope of the data processed by Twitter, the way they are processed and used, or the transfer of these data to third parties. Nor do we have any effective means of control in this respect.

When you use Twitter, your personal information will be collected, transferred, stored, disclosed and used by Twitter Inc. and, in doing so, will be transferred to and stored and used in the U.S., Ireland and any other country in which Twitter Inc. does business, regardless of your country of residence.

On the one hand, Twitter processes your voluntarily entered data like name, user name, e-mail address, telephone number or contacts of your address book when you upload or synchronize it.

On the other hand, Twitter also evaluates the content you share to determine your subjects of interest, stores and processes confidential messages you send directly to other users, and can determine your location using GPS data, wireless network information, or your IP address in order to send you advertising or other content.

Twitter Inc. may use analysis tools like Twitter Analytics or Google Analytics for evaluation purposes. The Charité has no influence on the use of such tools by Twitter Inc. and has not been informed about such potential use. If Twitter Inc. uses tools of this kind for the Charité account, the Charité has neither commissioned nor approved this nor otherwise supported it in any way. Nor are the data obtained from the analysis made available to them. The Charité can view only certain non-personal information about tweeting activity, such as the number of profile or link clicks through a particular tweet, through its account. Moreover, the Charité has no way to prevent or disable the use of such tools on its Twitter account.

After all, Twitter also receives information when you view content, for example, even if you have not created an account. These so-called “log data” may be IP address, browser type, operating system, information about the website you visited previously and the pages you viewed, your location, mobile provider, terminal device you use (including device ID and application ID), the search terms you entered and cookie information.

You have options to restrict the processing of your data in the general settings of your Twitter account and in “Privacy and security”. You can also restrict Twitter's access to contact and calendar data, photos, location data, etc. on mobile devices (smart phones, tablet computers) in the settings options there. However, this depends on the currently used operating system.

We process data to the above-mentioned and limited extent only (see Item 12.1.2).

Not only Twitter Ireland, but also Twitter, Inc. in the U.S. processes your personal data. The U.S. is a third country that is not covered by an adequacy decision of the European Commission and therefore does not provide an adequate level of protection for personal data. By using standard contractual clauses, Twitter Inc. guarantees that EU data protection requirements are also complied with when processing data in the USA.
You can view the standard contractual clauses here: https://twitter.com/de/privacy

Facelift
We use the Facelift tool of the data processing company Facelift brandbuilding technologies GmbH, Gerhofstr. 19, 20354 Hamburg, Germany, to more easily manage our social media channels. You can find the data privacy directive here: www.facelift-bbt.com/de/imprint

Facelift's primary purpose is to make it easier to manage all the social media channels we maintain. If a user asks a question defined in more detail in Facelift via the comment function on our social media site, the text will enter the tool together with the user name and be displayed to us. The transmitted text as well as the user name will be deleted as soon as the request is answered. The legal basis for the data processing is Section 6(1) lit. f GDPR. We use Facelift because of our legitimate interest in managing the content on our Twitter profile in a way that saves time and money, but is equally effective, which includes collecting and responding to comments from visitors to our profile. In this respect, it is also in the interest of visitors that their comments are noted centrally and promptly and – depending on the content – acknowledged or answered by the Charité. This gives us a better overview of user comments, which facilitates communication with visitors of our social media sites. This is also our legitimate interest in processing personal data according to Section 6 lit. f GDPR.

Instagram

Our Instagram account is operated by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (“Facebook”). The link used on our website is marked with the Instagram logo in the form of an “Instagram camera”. You can find us at @chariteberlin.

Your browser establishes a direct connection to the Facebook servers only when you click on the link. When you visit our Instagram channel, Facebook will receive the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted from your browser directly to a Facebook server in Ireland and the U.S. and stored there.

When you visit our fan page, personal data are stored and processed by Facebook as the provider in accordance with Facebook's data privacy directive. The data privacy directive can be found here. https://www.facebook.com/help/instagram/155833707900388 

We process data to the above-mentioned and limited extent only (see Item 12.1.2).

Not only Facebook Ireland Limited, but also Facebook Inc. in the U.S. processes your personal data. The U.S. is a third country that is not covered by an adequacy decision of the European Commission and therefore does not provide an adequate level of protection for personal data. By using standard contractual clauses, Facebook Inc. guarantees that EU data protection requirements are also complied with when processing data in the U.S. You can view the standard contractual clauses here: https://www.facebook.com/policy.php/.

Talkwalker
The Charité uses Talkwalker for the purpose of brand monitoring on our social media websites and to optimize our campaigns. Brand monitoring includes monitoring, recording and analyzing mentions, statements and perceptions related to the Charité on the various social media websites. The main aim is to monitor the reputation and acceptance of the Charité among the public and consumers, and to evaluate it specifically in terms of demographics. The web analytics service is provided by Talkwalker Sàrl, 12-16 Avenue Monterey, L-2163 Luxembourg. Talkwalker employs methods that allow analysis of the use of all social media platforms you use, such as cookies. The offer notably includes comprehensive data analysis and provision of all information and opinions about the Charité on the social media platforms, a search engine option for brand and trend checks and for the comparison with competitors, as well as the tracking of campaigns launched by the Charité. We process your personal data on the basis of our legitimate interest pursuant to Section 6(1) lit. f) GDPR. Our interest is to always be informed about what is being published and said about the Charité and to have the information to respond to issues such as fake news or security-related issues. The data collected in this context will be deleted after the end of the purpose and the end of our use of Talkwalker.
 

9.1 The rights of data subjects regarding personal data
If personal data of yours are processed, you are a data subject for the purpose of the GDPR and have the right to exercise data subject rights. You have the following rights with regard to our processing of your personal data:

• Right to revoke the declaration of consent under data protection law (Section 7(3) GDPR)

• Right of access (Section 15 GDPR);

• Right to rectification (Section 16 GDPR);

• Right to erasure (“Right to be forgotten”) (Section 17 GDPR);

• Right to restriction of processing (Section 18 GDPR);

• Right to data portability (Section 20 GDPR);

• Right to object to data processing (Section 21 GDPR); and

• Right to complain to a supervisory authority (Section 13(2) lit. d) GDPR).

9.2 Below you will find more information on your rights:

9.2.1 Right to revoke the declaration of consent under data protection law
If the processing of your personal data is based on your consent, you have the right to revoke your declaration of consent under data protection law with effect for the future at any time. Revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent up until the date of revocation. Withdrawal of your consent is described in the relevant places in this data privacy statement and the consent form itself. Alternatively, you can revoke your consent by sending us an e-mail: datenschutzbeauftragte(at)charite.de.

9.2.2 Right to confirmation
You have a right to request confirmation from the data controller as to whether personal data in question are being processed.

9.2.3 Right of access
You have a right to receive free information about your personal data that is stored and a copy of the personal data from the data controller at any time. Furthermore, the European legislator has granted you access to the following information:

• The processing purposes

• The categories of personal data that are processed

• The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations

• If possible, the scheduled duration of personal data storage or, if this is not possible, the criteria for determining this duration

• The existence of a right to rectification or erasure of your personal data, the restriction of processing by the data controller or a right to object to such processing

• The existence of a right of complaint to a supervisory authority

• If the personal data are not collected from the data subject: All available information about the data origin

• The existence of automated decision-making, including profiling, pursuant to Section 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

Furthermore, the data subject has a right to information as to whether personal data have been transferred to a third country or an international organization. If this is the case, the data subject also has the right to obtain information on the appropriate guarantees in connection with the transfer.

This right to information may be restricted insofar as it is likely to render impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes.

9.2.4 Right to rectification
You have a right to request that inaccurate personal data of yours are corrected without delay. You additionally have the right, taking into account the purposes of processing, to request the completion of incomplete personal data – also by means of a supplementary explanation.

9.2.5 Right to erasure (right to be forgotten)
You have the right to obtain erasure of your personal data from the data controller without delay, insofar as one of the following grounds applies and processing is not necessary:

• The personal data were collected or otherwise processed for purposes for which they are no longer necessary.

• The data subject revokes their consent on which the processing was based pursuant to Section 6(1)(a) GDPR or Section 9(2)(a) GDPR and there is no other legal basis for the processing.

• The data subject objects to the processing pursuant to Section 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Section 21(2) GDPR.

• The personal data have been processed unlawfully.

• The deletion of personal data is necessary for compliance with a legal obligation under Union or Member State law to which the data controller is subject.

• The personal data were collected in relation to information society services offered pursuant to Section 8(1) GDPR.

If one of the aforementioned reasons applies, and you would like to arrange for the deletion of personal data stored by the Charité – Universitätsmedizin Berlin, you can contact an employee of the data controller at any time. The employee of the Charité – Universitätsmedizin Berlin will ensure that the request for erasure is complied with immediately.

The right to erasure does not exist insofar as the processing is necessary

• to exercise the right to freedom of expression and information;

• for compliance with a legal obligation which requires processing under Union or Member State law to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of public authority vested in the data controller;

• for reasons of public interest in the area of public health pursuant to Section 9(2)(h) and (i) and Section 9(3) GDPR;

• for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Section 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or

• for the assertion, exercise or defense of legal claims.

9.2.6 Right to restriction of processing
You have the right to request that the data controller restrict processing if one of the following conditions is met:

• The accuracy of the personal data is contested by the data subject for a period enabling the data controller to verify the accuracy of the personal data.

• Processing is unlawful, the data subject objects to the erasure of personal data and instead requests the restriction of the use of the personal data.

• The data controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the assertion, exercise or defense of legal claims.

• The affected person has objected to the processing pursuant to Section 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the data controller override those of the data subject.

Where the processing of your personal data has been restricted, such data may, with the exception of their storage, be processed only with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, the data controller will inform you before the restriction is lifted.

Your right to restrict processing may be limited to the extent that it is likely to render impossible or seriously impede the achievement of the research or statistical purposes and that the restriction is necessary for the fulfillment of the research or statistical purposes.

9.2.7 Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the data controller, they are obligated to notify all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about these recipients by the data controller.

9.2.8 Right to data portability
You have the right to receive your personal data, which have been provided by the affected person to a data controller, in a structured, commonly used and machine-readable format. You also have the right to transfer these data to another data controller without hindrance from the data controller to whom the personal data were provided, if the processing is based on consent pursuant to Section 6(1)(a) GDPR or Section 9(2)(a) GDPR or on a contract pursuant to Section 6(1)(b) GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority vested in the data controller.

Furthermore, when exercising their right to data portability pursuant to Section 20(1) of the GDPR, the affected person shall have the right to effect a direct transfer of personal data from one data controller to another to the extent technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of public authority vested in the data controller.

9.2.9 Right to object
At any time, you have the right to object to the processing of your personal data carried out on the basis of Section 6(1)(e) or (f) GDPR on grounds relating to your particular situation. This also applies to profiling based on these provisions.

The Charité – Universitätsmedizin Berlin shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling reasons for processing worthy of protection, which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.

In addition, you have the right, on grounds relating to your particular situation, to object to the processing of your personal data, which is carried out by the Charité – Universitätsmedizin Berlin for scientific or historical research purposes, or for statistical purposes pursuant to Section 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

In order to exercise the right to object, the affected person may directly contact the data controller indicated in the site notice, the Charité – Universitätsmedizin Berlin. In connection with the use of information society services, you are also free, notwithstanding Directive 2002/58/EC, to exercise your right to object through automated procedures using technical specifications.

Your right to object may be limited to the extent that it is likely to render impossible or seriously impair the realization of the research or statistical purposes and that the limitation is necessary for the fulfillment of the research or statistical purposes.

9.2.10 Automated decisions in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – that affects you legally or has similarly significant impact, provided that the decision

is not necessary for the conclusion or performance of a contract between you and the data controller, or
is permitted by Union or Member State legislation to which the data controller is subject and that legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
is made with your express consent.

However, these decisions may not be based on special personal data categories pursuant to Section 9(1) GDPR, unless Section 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests. If the decision

is necessary for the conclusion or performance of a contract between the data subject and the data controller, or
takes place with the express consent of the data subject,

the Charité – Universitätsmedizin Berlin shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which include at least the right to obtain the intervention of a person on the part of the data controller, to express their point of view and to contest the decision.

9.2.11 Right of complaint to a data protection supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority without prejudice to any other administrative or judicial remedy. The supervisory authority, with which the complaint has been lodged, shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Section 78 GDPR.

The data protection supervisory authority responsible for the Charité – Universitätsmedizin Berlin is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
(Berlin Commissioner for Data Protection and Freedom of Information)
Friedrichstr. 219
Visitors’ entrance: Puttkamerstr. 16 – 18 (5th floor)
10969 Berlin
Phone: 030 13889-0
Fax: 030 2155050
E-mail: mailbox@datenschutz-berlin.de 

We are very pleased about your interest in the Charité – Universitätsmedizin Berlin (hereinaf-ter referred to only as the Charité), where protection of your data has a particularly high priori-ty. The following data privacy statement/directive provides an overview of the processing of personal data when you apply for an advertised position or send in an unsolicited application. In the following, we explain the manner, purposes and legal bases of processing your data and your rights to that regard.

We treat your personal data as confidential and in accordance with the statutory data protec-tion regulations. 

Responsible for the data processing within the scope of the application procedure is:

Charité – Universitätsmedizin Berlin
Charitéplatz 1, 10117 Berlin 
Phone: +49 30 450 50
Internet: https://www.charite.de/

If you have any questions about the processing of your personal data or exercising your rights, for example deletion thereof, please contact:

Data protection officers 
Charitéplatz 1, 10117 Berlin 
datenschutzbeauftragte@charite.de 
 

3.1 Personal data when visiting the website and using the application portal

When you visit the website and use the application portal, the Charité stores technically nec-essary, “absolutely essential” cookies on your end devices and accesses information. The legal basis for the use of technically required cookies is Section 25(2) No. 2 Teleservices Data Protection Act. The associated data processing, for example the assignment of user requests to server instances with stored session information, is done based on Section 6(1) lit. f GDPR. It is our legitimate interest to provide you with the website and the application portal.
HR Puls as provider of the application portal and contractual partner of the Charité does not use technically non-essential cookies, thus no manual consent is required. In keeping with that, the following tools are not used:

• Tracking and analysis tools
• Affiliate services
• Remarketing services
• Retargeting services
• Social media plugins (Facebook, Instagram, Google+, LinkedIn, Pinterest, Twitter)
• Video embedding applications with cookies (Vimeo, Youtube)
• Scalable central measuring system
• Online map services like Google Maps and OpenStreetMaps
   

Notes on legal bases: The legal basis for the use of essential cookies (necessary for website operation) is Section 6(1) p.1 lit. f GDPR. We use necessary cookies on our website to en-sure proper website operation and to provide basic functions. These purposes also include our legitimate interest in data processing for the purpose of Section 6(1) p.1 lit. f GDPR. In the case of non-essential cookies, the legal basis is your consent pursuant to Art. 6(1) lit. a GDPR.

Please refer to the cookie policy for more information.

3.2 Personal data within the context of the application process

The Charité collects personal data as part of your application. On the one hand, this concerns your personal details in the applicant questionnaire as well as the data contained in docu-ments you have uploaded, for instance cover letters, CV, certificates or other documents.

If you decide to participate in an application process at the Charité, you provide us with per-sonal data with your application. This includes information such as: 

• Salutation
• Title
• Last name, first name
• Address
• Phone number 
• Date of birth
• Place of birth
• Nationality
• Information on education and qualification 
• Data about your professional career 
• School and professional certificates and diplomas
• Information on general competencies
   

You have the option to voluntarily provide the Charité with information that belongs to special categories of personal data for the purpose of Section 9(1) GDPR, such as ethnic origin, health data or degree of disability. You are not obligated to do so. 

If you do not send your application documents to the Charité via the provided career portal, we will enter your application documents into the application management system. You will receive an e-mail through the system after the data have been entered.

If you submit an unsolicited application or have consented to be included in the application pool in the course of applying to a specific job posting, your data will be stored in the applica-tion pool and passed on to internal departments responsible for posting the jobs as soon as the application criteria match.

3.3 Purposes and legal bases of data processing

The handling of your personal data serves to process your application and to carry out the staffing procedure as well as the initiation of an employment relationship. Your personal data are thus processed within the context of employment based on Sections 2(1), (6) Sentence 3 Berlin Data Privacy Act in conjunction with Section 26(1) Sentence 1 Federal Data Protection Act; applicants are considered employees pursuant to Section 26(8) Sentence 2 Federal Data Protection Act.

As part of the application process, you may voluntarily provide special categories of personal data for the purpose of Section 9(1) GDPR. Their processing is carried out pursuant to Sec-tion 26(3) Sentence 2(2) Federal Data Protection Act. If we request special categories of per-sonal data from applicants in the course of the further application process because this infor-mation is required for the exercise of the profession, the processing is carried out on the ba-sis of Section 26 (3) Sentence 1 Federal Data Protection Act.

If you have additionally consented to inclusion in the application pool as part of an unsolicited application, your personal data will be processed on the basis of your consent pursuant to Section 26(2) of the Federal Data Protection Act. It will not affect the application process if you do not wish to be included in the application pool.

1. The Charité will delete your data from the application management system six months after the application process is completed, provided that there are no further reasons for their retention. 

2. If you submit an unsolicited application or have consented to be included in the application pool, we will delete your data 18 months after submission of the DoC or inclusion in the application pool.

3. If your application is successful and you sign an employment contract, your application documents will be added to your personnel file and stored there with the stipulated time limits within the framework of the legal provisions. After the transfer, your data will be de-leted from the application management system in due time pursuant to No. 1. 

4. If the Charité directly enters your application documents into the application management system in your place, you will receive a notification e-mail after data collection with the option to consent to further data processing. If you do not consent within 30 days, your da-ta will be deleted. This also applies to cases where we assign you to another job posting.

To handle application process and application management, the Charité uses the application management system of the company HR Puls GmbH (Falkenried 88, 20251 Hamburg). Pro-cessing of your personal data within the application management system is based on a con-tract for the commissioned processing of personal data pursuant to Section 28 GDPR. The Charité remains the responsible body for the purpose of Section 4 No. 7 GDPR.

HR Puls GmbH deploys one more contractor to enable optimal provision of the system for our needs and those of the applicants. Further processing by subcontractors is also based on contracts for commissioned processing pursuant to Section 28 GDPR.

Hetzner Online GmbH is involved for the system in use as hosting provider. Your personal data will thereby be processed within the EU. Transmission to third countries is not intended. This also applies to subcontractors.

1. The data in the application mask are stored manually.

2. In addition, enclosures like CVs are uploaded separately.

You have the following rights with regard to the processing of your personal data:

7.1 Right to withdraw your consent, Section 7 GDPR

If you have consented to the processing with a corresponding declaration, you may revoke your consent at any time with effect for the future without any disadvantages. The lawfulness of the previous processing remains unaffected thereof. 

7.2 Right of access, Section 15 GDPR

You have the right of access to obtain information about your stored personal data at any time.

7.3 Right to rectification, Section 16 GDPR 

Should you discover that incorrect personal data are being processed, you may request recti-fication. Incomplete data must be completed taking into account the purpose of the pro-cessing. 

7.4 Right to erasure, Section 17 GDPR 

You have the right to request the erasure of your personal data unless processing is neces-sary for the exercise of the right to freedom of expression and information, compliance with legal obligations, reasons of public interest, archiving purposes in the public interest, scientific or historical research purposes, statistical purposes or for the exercise or defense of legal claims.

7.5 Right to restriction of processing, Section 18 GDPR

You have the right to restrict the processing of your data. This means that your data will not be deleted but will be marked to restrict further processing or use. 

7.6 Data portability, Section 20 GDPR 

You can receive the personal data you have provided in a structured, common and machine-readable format or request their transfer to another controller.

7.7 Right to object to data processing, Section 21 GDPR

If we process your data on the legal basis of Section 6(1) lit. e) (public interest) or Section 6(1) lit. f) (legitimate interest) GDPR, you have the right to object.  

7.8 Contact person

In order to exercise the aforementioned rights, please first contact the offices to which you submitted your application using the respective contact details that are provided.
You can also direct any queries regarding data protection to the Charité's data protection of-ficer at the contact details given above. 
When contacting us, please always include the job title that identifies your application, if available.

7.9 Right of complaint to a supervisory authority Section 77 GDPR

You also have the right to complain to a supervisory authority about the processing of your personal data. 
The complaint can be made informally to a supervisory authority of your choice. The contact details of the data protection authority responsible for the Charité, for example, can be found here:

Berlin Commissioner for Data Protection and Freedom of Information

Alt-Moabit 59-61
10555 Berlin
Entrance: Alt-Moabit 60
Phone: +49 30 13889-0
Fax: +49 30 2155050
mailbox@datenschutz-berlin.de