In the following, we inform you about the processing of your personal data by the Bavarian Red Cross Blood Donor Service (Blutspendedienst des Bayerischen Roten Kreuzes gemeinnützige GmbH; "we") when you visit this website (www.bio-bank.de) and your rights under the data protection regulations. You will learn for what purposes and on what legal basis we process your personal data, how long we store it and what rights you have in relation to your data. We will also tell you who we share your information with and how you can contact us if you have any questions.
For information about the processing of your personal data in other contexts, e.g. with blood donations, when using our apps, social media sites or our digital services, please visit www.blutspendedienst.com/datenschutz.
Responsible entity:
Blutspendedienst des Bayerischen Roten Kreuzes gemeinnützige GmbH
Herzog-Heinrich-Straße 2-4, 80336 Munich, Germany
Phone: 004989 5399-0
Fax: 004989 5399-4005
Hotline: 0049800 11 949 11
info@blutspendedienst.com
You are also welcome to contact our Data Protection Officer at
any time:
Blutspendedienst des Bayerischen Roten Kreuzes gemeinnützige GmbH
Data Protection Officer
Herzog-Heinrich-Straße 2, 80336 Munich, Germany
Email: datenschutz@blutspendedienst.com
We process personal data that we receive from you when you visit our website or use corresponding input fields. Specifically, we process your personal information for the following purposes:
When you visit our website, we automatically process the log files of our web server. These log files contain technical information about your use of the website (usage data). This is the referrer URL (the website from which you came to the current website), access time, name of the accessed (sub-) website or file, amount of data transferred, status of the retrieval, browser type and version, operating system type and version and your IP address ("server data").
The legal basis for the processing of this personal data is Art. 6 para. 1 lit. f GDPR (legitimate interest).
We process this personal data to operate the Website and to ensure IT security. The purpose of the processing is to provide the Website in a functional and secure manner.
We will delete your personal information when it is no longer necessary to achieve the purpose for which it was collected. In the case of personal data collected for the provision of the website, this is the case when the relevant session has ended and the personal data is no longer required for IT security purposes. In addition, we only store your usage data to comply with any legal retention obligations.
If you contact us via the input masks on our website (in particular
the contact form), we process the data you provide and our subsequent
correspondence. Depending on your request, we process the following
personal data ("contact data"): Personal information (e.g. name, date
of birth), service-related information (e.g. donor number, customer
number), professional and private contact details (e.g. address, email
address, fax) and company information (e.g. company and department),
as well as the content and subject of your contact and our
correspondence thereon. We also process server data in connection with
your request and our communication.
Please only provide health data as part of your inquiry if you
consider this to be absolutely necessary. By doing so, you consent
to us processing your health data for the purpose of contacting you.
You can withdraw your consent at any time
with effect for the future. However, any processing carried out
prior to withdrawal will remain lawful.
If you send us your inquiry by e-mail to an e-mail address provided on
our website, we also process your e-mail address and the content of
the message. Please note that data transmission by e-mail may not be
secure. Effective protection against unauthorized access by third
parties can only be achieved through additional measures (in
particular e-mail encryption). Please do not hesitate to contact us
for this purpose.
The legal basis for the processing of this personal data is Art. 6 para. 1 lit. b GDPR (performance of a contract/ entering into a contract). If no contractual relationship is involved or sought, our legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to offer you the possibility to contact us at any time and to be able to respond to your requests. The legal basis for the processing of any health data in the context of contacting us is Art. 9 para. 2 lit. a GDPR (consent).
We need to process the contact data in order to handle the contact and your request. The server data helps us to prevent misuse of the website and to ensure the security of our information technology systems.
Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. We only process your personal data until we have finally answered your inquiry. Beyond that, we only store your personal data to comply with any legal retention obligations.
If you post a comment on a blog post on our website, we will process your name, email address and comment. Your name, the time of publication of your comment and your comment will be published on the website as described in more detail in connection with the respective comment. We also process server data in connection with your comment.
The legal basis for the processing of this personal data is Art. 6 para. 1 lit. f GDPR (legitimate interest).
We process your personal data to enable and display public comments to you and other users and - in the case of illegal comments - to disable or delete comments or to contact or block users. The server data helps us to prevent misuse of the website and to ensure the security of our information technology systems.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case when the blog is deleted. In addition, we only retain your personal data to comply with any legal retention obligations.
When you visit our website, we process your personal data through the use of cookies and similar technologies (collectively, "cookies" unless otherwise stated).
Our websites may also contain content from third-party providers that use their own cookies. Such third parties may set cookies and request information during your visit to our websites. Please visit the websites of the third party to learn how they use cookies. Information about each third party and the link to their privacy policy/cookie policy can be found in the table above. You can refuse third party cookies at any time or withdraw your consent to these cookies for the future by using the buttons above. If you opt out of third party cookies, we will only be able to provide you with features on our websites that can be used without these cookies. Areas of our websites that embed third party content and therefore require the setting of third party cookies will not be available to you in this case.
Information collected through cookies is primarily processed within the European Union (EU). In some cases, cookie information may also be processed by third parties in countries outside the EU that do not offer a comparable level of data protection from an EU perspective. In some countries, there is a particular risk that local authorities may gain access to data processed there for surveillance purposes and that no effective legal remedies are available against this. Insofar as you have given your consent to cookies requiring consent, you also consent to the transfer and further processing of information collected through cookies to countries outside the EU.
We only use locally hosted fonts on our website.
We share your personal data with service providers who assist us in the operation of the website and the above-mentioned purposes as processors (Art. 28 GDPR). These are companies in the categories of IT services, printing and shipping services, logistics, telecommunications, consultancy and advice as well as sales and marketing, in particular:
We pass on your personal data to other responsible parties (so-called transferees) who process your personal data for their own purposes, insofar as this is necessary for the execution of the contract or the provision of services. The respective providers may use the data thus transmitted exclusively for the purpose for which we transmitted it. The transfer of your personal data for these purposes takes place for the performance of the contract, Art. 6 para. 1 lit. b GDPR as well as due to our legitimate interest in making our operations efficient, Art. 6 para. 1 lit. f GDPR. These are the following cases:
You have the following legal rights in relation to your personal data with respect to the Blood Donation Service, provided that the relevant conditions are met. You can find more information about your rights and the relevant conditions on the EU Commission's website at https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_de.
You have the right to obtain information from us about which personal data we process. In particular, you may request information about the purposes of the processing, the categories of data processed, any recipients and the intended retention period.
You have the right to request the rectification of inaccurate personal data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.
You may have the right to have your personal information deleted. This may be case, for example, if your personal data is no longer necessary for the original purposes, if you have withdrawn your declaration of consent under data protection law, or if the personal data has been processed unlawfully.
You may request the restriction of the processing of your personal data if and insofar as the accuracy of the data is disputed by you, the processing is unlawful but you object to its deletion, or the data is no longer needed by us but is required for the establishment, exercise or defense of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR.
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format. The right to data portability includes the right to transfer the data to another controller; therefore, upon request, we will transfer the data directly to a designated controller where technically feasible.
As a data subject, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out pursuant to Art. 6 para 1lit. e (public interest) and Art. 6 para 2 lit. f GDPR (legitimate interest). This also applies to profiling based on this provision in the sense of Art. 4 No. 4 GDPR.
In the case of direct marketing, you as the data subject have the right to object at any time to processing of personal data concerning you for the purpose of such marketing.
An objection can be made informally and should preferably be addressed to: datenschutz@blutspendedienst.com.
You have the right to withdraw your consent under data protection law at any time with effect for the future. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
In order to achieve the respective purposes and to provide the respective services, we do not use fully automated decision-making including profiling pursuant to Art. 22 GDPR.
Where links to other, external websites are provided, we have no influence or control over the linked content and the data protection provisions there. We recommend that you check the privacy policy of linked websites to determine whether and to what extent personal data is processed or made available to third parties.
This privacy policy may change from time to time. This also includes further developments due to changes in our offers on the website as well as adjustments due to a changed legal situation and/or due to the implementation of new technologies or services on the website. We will post any such updates to the Privacy Policy on this page. In the event of significant changes, we will indicate this accordingly.
If you have any further questions that our Privacy Policy has not answered, please contact us using the contact information provided in section I.
Status: August 2023